$ cat writeup.md…
$ cat writeup.md…
umdctf
Task: a stripped PIE ELF asks for three positive integers with a > b > c and validates them through MPFR/Arb-style interval arithmetic. Solution: reverse the interval wrappers, simplify the final comparison to a rational cubic, find a rational point in the valid region via an elliptic-curve transform, and submit the resulting exact integer triple.
$ cat /etc/rate-limit
Rate limit reached (20 reads/hour per IP). Showing preview only — full content returns at the next hour roll-over.
No separate organizer description was present in the provided workspace files.
English summary: the challenge provides a stripped ELF service reachable at nc challs.umdctf.io 30301. It asks for three positive integers a, b, and c with a > b > c, performs a large amount of high-precision interval-style arithmetic, and prints the flag only if the final comparison result is negative.
This solve ended up being a reverse-engineering problem that turned into a math problem.
The binary did not hide the success path: main eventually opens flag.txt. The hard part was understanding what the huge wall of helper calls was actually computing. After dynamic reversing, the repeated wrapper at 0xfd60 and the final compare helper at 0xfe70 were enough to model the computation, collapse the first decisive scalar component into a rational function, and turn the acceptance condition into finding a rational point on a cubic. A birational map to an elliptic curve produced a point in the valid region x > 1, 0 < y < 1, which converted back into the exact winning integer triple.
Basic triage showed the expected hardened Linux target:
Runtime behavior was simple on the surface:
enter positive integers a,b,c; one per line:a > b > cflag.txtFrom the disassembly, the important control points were:
0xfd600xfe70main near 0x491b...
$ grep --similar