
Junior.Crypt 2026 Web + Crypto Writeup: 7 Challenges Solved (Newline Command Injection, JWT Wordlist Crack, SplitMix64 Timestamp Search, Vaudenay Timing Trace, Franklin-Reiter, LCG Seed Truncation, Many-Time Pad)
Junior.Crypt 2026 (grodno flag prefix) shipped a web track with two well-designed misuse challenges and a crypto track built almost entirely around a single Portal / Aperture Science theme where every flag payload spells out its own vulnerability class in leetspeak: “still alive but GLaDOS keeps rewriting messages” is Franklin-Reiter over e = 3; “this was a triumph but the seed was too small” is a 20-bit truncated LCG; “companion cube this is strictly a many-time pad” is a template-driven multiset-match recovery; “neurotoxin diagnostics leak through timing alone” is an offline Vaudenay CBC padding-oracle attack replayed from a recorded 98,304-record timing trace. The web track’s Pulse challenge lets you inject a shell command through a validator that only checks the first line of a batch input, while Wrodle ships an HS256 game-state JWT whose secret is butterfly from any modern wordlist. ...