Neurocracked CTF Part Two: Whispers in the Shell

Neurocracked: Diary Extract - Encrypted Transmission

Sleep’s been difficult lately. I keep hearing a distorted, synthetic voice repeating numbers in my dreams.

I woke up today with dried blood behind my left ear. I hadn’t noticed the incision before. Someone accessed my port while I was unconscious. Neurocracked.

I ran a local diagnostic. Everything came back clean - but too clean. There were no logs, no anomalies, and it seemed like someone had rewritten the past.

So I took a risk. Booted a deprecated version of MemShell, the underground implant debugger banned five years ago. It’s dirty. Unstable. But it let me trace the runtime activity of my core processes - line by line.

That’s when I saw it: A function that shouldn't exist - inject_payload(), hiding inside a core learning module. Masked behind a career update labeled “Medical Ethics – Level 3”.

What the hell does ethics need a syscall for?

The Pattern Emerges

It’s not just me. I scraped logs from three other civilians in my subnet. All show the same strange function calls when they launch implant-based educational programs.

It’s like watching a parasite whisper through code - pulling secrets from memory, redirecting outputs, even binding to unknown ports.

We have to go deeper. Someone needs to trace the infection to its source.

That's where you come in.

CTF Challenge 002: Whispers in the Shell

Objective: You’ve been given a suspicious binary named neurolearn. It’s supposedly a simple offline math tutoring tool for BrainOS™ implants.

But it’s lying.

Your Task

1. Use strings again to find the malicious call.

2. One of the functions (strstr, strcmp, system, etc.) is being abused to execute a covert system call.

3. Submit your flag in the following format: CTF{FUNCTION_NAME::COMMAND}

Included Files:

• neurolearn (ELF binary)

• README.txt with instructions

👉 Download the binary

Example Tools

ltrace ./neurolearn

Flag Format

CTF{...}