Anti-Slop CTF 2026 Reverse Writeup: Audit Spiral + Parallax Cartridge
This is the second post in my coverage of Anti-Slop CTF 2026. The web writeup covered the two challenges that lived in HTTP parsers. This one walks the two reverse-engineering challenges in the same step-by-step format. Audit Spiral is a 500-point VM puzzle that turns into an ECDSA private-key recovery once you spot the nonce pattern. Parallax Cartridge is a 355-point cartridge runner whose audit and execution paths read the same byte sequence differently, made worse by a resume token authenticated with SHA256(secret || body). ...