GPN CTF 2026 — Stupidcontract: Patched eBPF Verifier + Signed-Cmp OOB
Platform GPN CTF 2026 (kitctf) Difficulty Hard OS Reverse — Linux kernel forensics, eBPF, Rust aya Tags unpacking bzImage to vmlinux ELF, string-diffing two kernels with shifted section layout to find removed verifier messages, reading eBPF disassembly to spot signed-compare bypass, exploiting unchecked map-value pointer arithmetic with a negative index, beating a 20%-RNG bit-flip gate by detecting the win and switching to a neutral index Stupidcontract is the GPN CTF 2026 reverse challenge that lives at the intersection of kernel forensics and eBPF. The handout ships two kernel images — patched.bzImage and unpatched.bzImage — plus a Rust/aya userspace runner that loads an eBPF program against a 101-byte .bss map. The challenge is to figure out what was patched and exploit it. ...