GPN CTF 2026 — Justfollowtherecipe: AVX2 Miscompile + SIS Lattice
Platform GPN CTF 2026 (kitctf) Difficulty Hard OS Crypto — SIS hash, Kannan embedding, BKZ lattice reduction Tags reading AVX2 disassembly to identify vpermd lane interchange, repairing the per-batch lane swap in oracle output, building a q-ary kernel lattice with Kannan embedding, fpylll BKZ-58 with default.json preprocessing+pruning strategies, fpylll heartbeat to keep the SSL proxy alive Justfollowtherecipe is the GPN CTF 2026 challenge that asks a textbook SIS (Short Integer Solution) hash recovery question — except the Linux binary’s mat_mul is miscompiled. gcc -O3 -funroll-loops -mavx2 swaps AVX2 lanes 1 and 2 in every 4-wide block of the inner-product loop, so every column of the public matrix the oracle hands back is permuted. Repair the swap, run a Kannan embedding against the q-ary kernel lattice, finish with BKZ-58 under fplll’s default.json strategies in 45 seconds. The flag — GPNCTF{coMP1L3rS_aRe_Y0UR_fr1End_7HEY_w0ULd_never} — names the lesson. ...