AES256-CTR Attack for CTF Challenge

Hello, I have a CTF challenge at my university and unfortunately I don’t know what to do next.

Here are all the clues:

I can enter my student ID and get a cipher text back.
Flags have the format {f=XXX}, where XXX consists of 12 pseudo-random characters from the alphabet “0123456789abcdef”.
Here is the code that calculates the cipher text:

import os 
from Crypto.Cipher import AES

def encrypt(msg):

  nonce = os.urandom(8) 
  key = os.urandom(32)
  c = b''
  for i in range((len(msg)//16)+1):
    aes =,AES.MODE_CTR, nonce = nonce)
    c +=aes.encrypt(msg[16*i:16*(i+1)])
  return c

plaintext = '''GET / HTTP/1.1\r\nHost:\r\nUser-Agent: Mozilla\5.9 (X11; Ubuntu: Linux x86_64; rv:62.0) Gecko/20100101 Firefox/ 62.0\r\nAccept: text/html,application/xhtml+xml,application/xml;qU0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nConnection: keep-alive\r\nCookie: {{f={}}}'''.format(flag)

ciphertext = encrypt(plaintext.encode()).hex()

The encryption code was implemented in Python3 and the PyCryptoDome library. There is another note that you should pay particular attention to how the counter mode was implemented.

Example for student ID 1950243 is the cipher text:

I tried reversing the calculation but without the key I couldn’t find myself in much progress. I also tried analyzing the cipher texts and while I was able to find similarities, I can’t seem to find anything else.
I am not particularly looking for the complete solution, rather some clues as to what I might be missing.
I would be happy if anyone could point the way :slight_smile: