
BtSCTF 2026 FCP: Recover In-Memory RSA Key, Decrypt Resumed TLS
Platform BreakTheSyntax CTF 2026 Difficulty Hard OS Linux Tags TLS, RSA, Go memory forensics, EMS PRF, session resumption FCP was a multi-step reverse-engineering and network-forensics challenge. You get a Go MCP (“Model Context Protocol”) server binary plus a PCAP of someone using it earlier. Buried in the capture is a get_flag call — but the live server’s get_flag endpoint has been rewritten to just return "no", so re-running it is useless. The challenge is to decrypt the historical traffic. Two specific design choices make this both possible and nontrivial. ...