https://cryptax.github.io/writeups/All Write-ups | The handbag of CryptaxHugo -- gohugo.ioen-uscrypto.maniak@gmail.com (Cryptax)crypto.maniak@gmail.com (Cryptax)Tue, 13 Jan 2026 00:00:00 +0000https://cryptax.github.io/osindus2025/Tue, 13 Jan 2026 00:00:00 +0000cryptaxhttps://cryptax.github.io/osindus2025/https://cryptax.github.io/xmasrootme2025/Tue, 13 Jan 2026 00:00:00 +0000cryptaxhttps://cryptax.github.io/xmasrootme2025/Xmas Root Me CTF 2025 X-Mas Assistant Day 1 Description of the challenge “Meet your X-Mas Assistant! It will help you throughout this entire month of CTF, providing a brand-new way to interact with CTFd through a “futuristic” Chatbot UI. This assistant talks directly to the CTFd API for you! Try it now! Can you exploit its MCP quirks and uncover the flag? This is not a web challenge.Meet your X-Mas Assistant!https://cryptax.github.io/nomination-2025-h2/Tue, 16 Dec 2025 00:00:00 +0000cryptaxhttps://cryptax.github.io/nomination-2025-h2/ r2mcp Best not-so-new tool I learned to use during H2 2025  polybar Best conference food  UYBHYS Best CTF challenge Xmas Root-Me Challenge Day 03 There were many runner-ups: lots of excellent material to digest at r2con or in PagedOut, a technical blog post by NVISO on Frida…]]>https://cryptax.github.io/blackalps2025-s4f3/Mon, 01 Dec 2025 00:00:00 +0000cryptaxhttps://cryptax.github.io/blackalps2025-s4f3/s4f3 With Phil242, we concentrated on this interesting hardware challenge of Karim. Description A binary challenge.elf is provided. Reconnaissance with AI 1 2 $ file challenge.elf challenge.elf: ELF 32-bit LSB executable, Tensilica Xtensa, version 1 (SYSV), statically linked, with debug_info, not stripped I try to get some initial thoughts with r2mcp. It doesn’t help me very much, but gives me some idea about the context: The flag is formatted BA25{.....} and it is redacted in the binary The binary was developed using Arduino My initial prompt:https://cryptax.github.io/hacklu2025/Mon, 20 Oct 2025 00:00:00 +0000cryptaxhttps://cryptax.github.io/hacklu2025/Hack.lu CTF 2025 I played this CTF in a different way: very relaxed, only looked at 4 challenges I was interested in, solved 3 ;P and nearly 4… Did not even peek at the other challenges (see Conclusion about that). All challenges at Hack.Lu were organized as if they were items in an IKEA shop, including their names: MANUAL: I flagged this crypto challenge entirely with ChatGPT. I didn’t even need to understand it.https://cryptax.github.io/brucon2025-ics/Fri, 26 Sep 2025 00:00:00 +0000cryptaxhttps://cryptax.github.io/brucon2025-ics/BruCON 2025 ICS Hacking Village The ICS Hacking Village at BruCON 2025 was offering a cool challenge, where water flow in Hacktopia city was malfunctioning because of a cyber attack. The goal of the challenge was to stop the overflow in a water tower and re-open water from a secondary water tank for water to flow again in the building. Each participant was supplied with a control box consisting of a M5 Core connecting to a few sensors, buttons, potentiometers, and connected to a water tank.https://cryptax.github.io/qiling2025/Fri, 20 Jun 2025 00:00:00 +0000cryptaxhttps://cryptax.github.io/qiling2025/Qiling Workshop I followed the Qiling Workshop of Ph0wn Labs #3, by Blackb0x_ For environment setup, I used the Docker container provided on the GitHub link. Qiling is installed in /opt, and there are several root filesystems in /rootfs. There were 2 challenges: one Linux, one Windows. Both challenges can be solved in multiple ways, for example with static analysis, but the goal of this workshop was to use Qiling to solve.https://cryptax.github.io/nomination-2025-h1/Sat, 14 Jun 2025 00:00:00 +0000cryptaxhttps://cryptax.github.io/nomination-2025-h1/ Best academic AI paper I read Xinyi Hou, Yanjie Zhao, Shenao Wang, Haoyu Wang, Model Context Protocol (MCP): Landscape, Security Threats and Future Research Directions  Most funny talk Jasmin Mair and Lukas Mika, SBOMs – A Tragicomedy in Three Acts at Elbsides Best new tool for reverse engineering  R2ai  Best old tool I learned to use during H1 2025  Fzf  Best twitch sessions I started following in H1 2025 thelaluka  Best conference food  BSides Kristiansand Best CTF challenge Quantum Kraken Device - the Skeleton Key  at NorthSec CTF Personal achievements I’d like to highlight:]]>https://cryptax.github.io/kristiansand2025/Sat, 07 Jun 2025 00:00:00 +0000cryptaxhttps://cryptax.github.io/kristiansand2025/Description We are given a hardware badge with no particular instruction, but we know there are CTF challenges on it. Investigation The front of the badge has Leds, no screen. The back of the badge has a USB connector, a few exposed pins, a battery holder, and underneath a push button. Also, Morse code for numbers is shown on the back. When we power on the badge, it blinks, and then nothing happens.https://cryptax.github.io/n0ps2025/Thu, 05 Jun 2025 00:00:00 +0000cryptaxhttps://cryptax.github.io/n0ps2025/Break my stream Description CrypTopia is testing their next gen encryption algorithm. We believe that the way they implemented it may have a flaw… We are given a Python file main.py. Code analysis The flag is encrypted with a key, which is selected randomly: 1 2 flag = b"XXX" key = os.urandom(256) The encryption consists in a XOR with a keystream derived from the key: 1 2 3 4 5 6 7 def encrypt(self, message): result = [] for char in message: key = next(self.