R3CTF 2026 writeup — five challenges solved covering Microsoft SEAL CKKS delta recovery, MIPS64r6 pointer-authentication defeat via Spectre speculative PAC-gated load, .NET xoshiro256** state recovery via meet-in-the-middle, Lagrange-basis get_num oracle abuse via base-K polynomial decoding, and a multi-stage forensics chain from PyInstaller game to RDP bitmap cache MetaMask recovery

R3CTF 2026 Writeup: 5 Challenges Solved (SEAL CKKS Delta Recovery, MIPS64 PAC Spectre, .NET xoshiro256** MITM, Lagrange Oracle, RDP Bitmap Cache)

R3CTF 2026 is run by r3kapig, and the challenges reflect it: the crypto is a Microsoft SEAL CKKS server whose 240-bit modulus and 188-bit noise leak collapse under 95 approximate modular equations plus a baseline-noise filter; the misc is a full MIPS64r6 SoC in Verilog with a pointer-authentication gate that only fails to one committed mistake but bleeds tag bits through a Spectre-style speculative PAC-gated data-load timed against a cache probe; the two web challenges reduce to (a) recovering a shared .NET 8 xoshiro256** state from 160 leaked outputs via a GF(2) meet-in-the-middle over 34-bit slice choices, and (b) turning a Lagrange-interpolating get_num(nums, index) helper into a base-K polynomial decode that yields 128 linear equations in 128 unknown 16-bit secrets in a single oracle call; and the forensics is a five-stage chain from an encrypted beatmap containing marshalled Python bytecode through an hh.exe-dictionary-encoded C2 transcript to an RDP bitmap cache whose reconstructed tiles show a MetaMask recovery phrase on screen. ...

July 15, 2026 · 30 min · 6294 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap