Neurocracked CTF Part Two: Whispers in the Shell
- May 6, 2025
- 2 min read
Updated: May 13, 2025
Neurocracked: Diary Extract - Encrypted Transmission
Sleep’s been difficult lately. I keep hearing a distorted, synthetic voice repeating numbers in my dreams.
“Function 88. Redirect to Concordia.”
“Syscall bind. Protocol whisper.”
I woke up today with dried blood behind my left ear. I hadn’t noticed the incision before. Someone accessed my port while I was unconscious. Neurocracked.
I ran a local diagnostic. Everything came back clean - but too clean. There were no logs, no anomalies, and it seemed like someone had rewritten the past.
So I took a risk. Booted a deprecated version of MemShell, the underground implant debugger banned five years ago. It’s dirty. Unstable. But it let me trace the runtime activity of my core processes - line by line.
That’s when I saw it: A function that shouldn't exist - inject_payload(), hiding inside a core learning module. Masked behind a career update labeled “Medical Ethics – Level 3”.
What the hell does ethics need a syscall for?
The Pattern Emerges
It’s not just me. I scraped logs from three other civilians in my subnet. All show the same strange function calls when they launch implant-based educational programs.
It’s like watching a parasite whisper through code - pulling secrets from memory, redirecting outputs, even binding to unknown ports.
We have to go deeper. Someone needs to trace the infection to its source.
That's where you come in.
CTF Challenge 002: Whispers in the Shell
Objective: You’ve been given a suspicious binary named neurolearn. It’s supposedly a simple offline math tutoring tool for BrainOS™ implants.
But it’s lying.
Your Task
Use strings again to find the malicious call.
One of the functions (strstr, strcmp, system, etc.) is being abused to execute a covert system call.
Submit your flag in the following format: CTF{FUNCTION_NAME::COMMAND}
Included Files:
neurolearn (ELF binary)
README.txt with instructions
👉 Download the binary
Example Tools
ltrace ./neurolearnFlag Format
CTF{...}“They’re hiding in our updates. In our thoughts. Trace their steps, and maybe we can still think for ourselves.”
Product Title
16 px collapsible text is perfect for longer content like paragraphs and descriptions. It’s a great way to give people more information while keeping your layout clean. Link your text to anything, including an external website or a different page. You can set your text box to expand and collapse when people click, so they can read more or less info.
$320
Product Title
16 px collapsible text is perfect for longer content like paragraphs and descriptions. It’s a great way to give people more information while keeping your layout clean. Link your text to anything, including an external website or a different page. You can set your text box to expand and collapse when people click, so they can read more or less info.
$900
Product Title
16 px collapsible text is perfect for longer content like paragraphs and descriptions. It’s a great way to give people more information while keeping your layout clean. Link your text to anything, including an external website or a different page. You can set your text box to expand and collapse when people click, so they can read more or less info.
$560
Product Title
16 px collapsible text is perfect for longer content like paragraphs and descriptions. It’s a great way to give people more information while keeping your layout clean. Link your text to anything, including an external website or a different page. You can set your text box to expand and collapse when people click, so they can read more or less info.
$280
These are fun! Here is my walk through for this part. That was a good one @Tyler Wall! https://technofiles.hashnode.dev/neurocracked-ctf-part-two-whispers-in-the-shell
Brilliant story, great CTF concept. Thank you