reverseProhard

locked-in

DiceCTF 2026 Quals

A custom stack-based VM interpreter (`locked_in`, ELF 64-bit, stripped, statically linked) executes bytecode (`flag_verifier.bin`, 43360 bytes) that verifies a 30-character flag in `dice{...}` format. The binary runs in Docker (ubuntu:22.04) and prints "Flag accepted" or "Flag rejected". The VM supp

$ ls tags/ techniques/

docker maze bfs xor lfsr bytecode threading custom_vm static_binary stripped_binary stack_vm futex

vm_opcode_reverse_engineeringstack_emulationmaze_bfs_pathfindingtransformation_pipeline_inversionreverse_processing_order_discoveryfutex_channel_communication_tracingconstant_extraction_via_emulation

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[pwn][Pro]login— volgactf
[reverse][Pro]SuiGeneris— caplag
[pwn][Pro]Bottoms Up— miptctf
[reverse][Pro]flag_checker— kalmarctf
[reverse][Pro]Challenge7— tamuctf