Recovering a hidden shared prime with continued-fraction filtering, forcing AES key bits to zero, then factoring structured RSA.

Unpacking a PyInstaller challenge, chaining hidden stage credentials, and solving a final checker based on sliding 3-byte sum constraints to recover the flag.

Reversing a tiny custom DSL interpreter, extracting the 32-byte target table, and inverting two deterministic permutations to recover the flag input.

Reversing a custom VM verifier by recovering opcode behavior, unpacking byte-index shuffles, and inverting rotate-based checks to reconstruct the 32-byte password.

A consolidated writeup for solved EH4X CTF 2026 challenges across blockchain, pwn, rev, and misc.

Reproducing time-seeded password generation and brute-forcing a narrow historical window to recover the AES key and decrypt the flag.

Recovering flag bytes by querying phase-encoded qubits and reconstructing rotation angles from measurement probabilities.

Reconstructing a tiny VM instruction format and crafting the exact 5-opcode sequence that satisfies final register and flag checks.