Category – Binary Exploitation / Reverse Engineering
Points – 350 (Hard)
Platform – Midpoint Village (MIDV) CTF – 2024 edition
“The flag is hidden behind a little‑old‑binary that thinks it’s a simple calculator.”
In scientific research, product development, and many other fields, accurate and detailed information is crucial. Identifiers like "MIDV-075" help ensure that information is accurately recorded, referenced, and retrieved. The precision they offer aids in clarity, efficiency, and the avoidance of confusion.
Using gdb:
(gdb) b *calculate
(gdb) run 0 0 +
At the breakpoint we inspect the saved return address:
(gdb) x/gx $rbp+8
0x7fffffffe098: 0x00007ffff7a0c73f
Now we compute a such that a + b == saved_rip. Choosing b = 0 for simplicity, we set a = saved_rip.
$ ./midv075 0x7ffff7a0c73f 0 +
140735048025279
The output is the signed decimal representation of the address, which we can parse in the script. MIDV-075
Note – The program checks that the operator is a single character; the decimal representation of the address works because the binary uses strtol with base 0, which accepts hex when prefixed with 0x.
Thus the leak primitive is confirmed.
| Segment | Projected 2026 Revenue* | MIDV‑075 Share | Growth Drivers | |---------|------------------------|---------------|----------------| | Agriculture | $4.2 B | 12 % | Rising demand for data‑driven farming. | | Public‑Safety (SAR/Fire) | $2.8 B | 9 % | Government funding for disaster response tech. | | Infrastructure | $3.5 B | 10 % | Aging assets and digital twin initiatives. | | Defense | $5.9 B | 15 % | Emphasis on AI‑enabled ISR platforms. | “The flag is hidden behind a little‑old‑binary that
*Based on MarketsandMarkets 2025 report, adjusted for 2026 inflation.
The modular nature of MIDV‑075 positions it as a “platform‑as‑a‑service” (PaaS) offering, where OEMs can develop vertical‑specific payloads without redesigning the airframe or flight stack.
In infected Vero cells, quantitative RT‑PCR revealed upregulation of IFN‑β, CXCL10, and IL‑6, indicative of an innate antiviral response. However, the viral NS1 protein was shown to bind complement component C4, impairing the classical pathway—a strategy reminiscent of dengue NS1. The Importance of Accurate and Detailed Information In
calculate implementation (pseudocode)int64_t calculate(int64_t a, int64_t b, char op)
switch (op)
case '+': return a + b;
case '-': return a - b;
case '*': return a * b;
case '/':
if (b == 0)
puts("division by zero!");
exit(1);
return a / b;
default:
puts("invalid operator");
exit(1);
No obvious buffer overflows – the only arithmetic is performed on signed 64‑bit values, which means overflow is well‑defined modulo 2^64.