All Writeups

Comprehensive collection of CTF challenges, solutions, and insights.

2026-03-01 Reverse Engineering Medium

DEADROP Rev 2 - Clearance Check

A multi-layer obfuscated Python script hiding its payload behind base64, marshal bytecode, and a runtime exec chain. Peel back each layer to recover the deobfuscated comparison and the flag.

rev python obfuscation marshal

2026-02-28 Reverse Engineering Hard

WHAMazon! Rev 2 - Armor

Identifying a PyArmor v9.x protected Python script, generating the correct runtime to execute it, and extracting a base64-encoded flag from the crash dump it writes to disk.

pyarmor python obfuscation deobfuscation

2026-02-28 JWT Medium

WHAMazon! JWT 3 - RSA Revenge

Using provided RSA private key components to manually implement PKCS#1 v1.5 signing and forge a valid RS256 JWT admin token.

jwt rs256 rsa pkcs1-v15

2026-02-24 Crypto Hard

WHAMazon! Crypto 6 - Manifest Collision

Exploiting XOR keystream reuse across two ciphertexts, cancelling the key, identifying newline-heavy P2 via single-byte XOR brute force, then recovering the full key via known-plaintext crib drag to extract the flag.

xor two-time-pad crib-drag known-plaintext

2026-02-24 Crypto Hard

WHAMazon! Crypto 5 - Signature Residue

Exploiting a weak (low) DSA nonce k to brute-force the signing secret, recover the private key x, and derive the flag via SHA-256.

dsa low-nonce private-key-recovery signature

2026-02-23 Crypto Medium

WHAMazon! Crypto 3 - Quarantine Key Dump

Reconstructing n from p and q, diagnosing OAEP padding from garbled raw-RSA output, and decrypting with PyCryptodome's PKCS1_OAEP cipher.

rsa oaep padding pkcs1

2026-02-23 Crypto Easy

WHAMazon! Crypto 2 - You got the key to this room?

Reconstructing a truncated RSA private exponent via brute force over the missing 4 hex digits, then using it to decrypt a raw RSA ciphertext.

rsa partial-key brute-force known-plaintext