Reverse Engineering challenges

Contrived by Dennis Yurichev (yurichev.com).

The website has been inspired by Project Euler and "the matasano crypto challenges".

Reverse Engineering for Beginners. Discord server. How to start learning reverse engineering in 2023. Subscribe to my news feed.


All challenges/exercises/problems/tasks

1; 2; 3; 4; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; 17; 18; 19; 20; 21; 22; 23; 24; 25 (black boxes); 26; 27; 28; 29 (obfuscation); 30; 31; 32; 33; 34; 35; 36; 37; 38; 39; 40; 41; 42 (unknown cryptoalgorithm); 43; 44; 45 (simple copyprotection); 46 (toy-level web server); 47 (broken data compression algorithm); 48; 49; 50 (4-byte XOR mask); 51 (stack); 52 (stack); 53; 54 (LOOP instruction); 55 (simple patching exercise); 56; 57; 58; 59; 60; 61; 62 (array); 63 (array); 64 (array); 65 (array); 66 (array); 67 (bit field); 68 (bit field); 69 (bit field); 70 (bit field); 71 (structure); 72 (structure); 73; 74; 75; 76; 77; 78; 79; 80; 81; 82; 83; 84; 85; 86; 87.


By level

Distinction between levels is very blurred and not very strict, so don't rely on them fully. But feel free to send me recommendations about them. I would love to hear comments like "it was so easy/hard" or "I've spent 2 hours for this", so I can gather some statistics about exercises and promote/demote them.


By type


By architecture


By OS


Other


About the website

Well, "challenges" is a loud word, these are rather just exercises.

Some exercises were in my book for beginners, some were in my blog, and I eventually decided to keep them all in one single place like this website, so be it.

Exercise numbers

There is no correlation between exercise number and hardness. Sorry: I add new exercises occasionally and I can't use some fixed numbering system, so numbers are chaotic and has no meaning at all.

On the other hand, I can assure, exercise numbers will never change, so my readers can refer to them, and they are also referred from my book for beginners.

Duplicates

There are some pieces of code which are really does the same thing, but in different ways. Or maybe it is implemented for different architectures (x86 and Java VM/.NET). That's OK.

FAQ

Can I use Google?

It's up to you. I would first try to solve exercise without googling. If I would stuck, I would try to google some constants, text messages, etc.

Should I give low-level answer (what each instruction does) or high-level (what the function does)?

As highest as possible. In fact, reverse engineer's job is to reduce amount of information he/she has. Malware analyst should describe a specific piece of malware using couple of sentences, no one really interesting what each of its several thousand instructions does.

How can I measure my performance?

How can I learn Reverse Engineering?

Here is my book for beginners: http://beginners.re/.

Can I use these exercises for my teaching?

Yes, that is why they are (and this website as a whole) licensed under Creative Commons terms (CC BY-SA 4.0), like my book about RE for beginners.

Solutions

Since I use these challenges for teaching, there are no solutions.

BTW, some computer science/programming books has solutions for exercises (like TAOCP), some has not (K&R, SICP, Niklaus Wirth - "Algorithms and Data Structures", Brian Kernighan/Rob Pike - The Practice of Programming" to name a few).

This website has been inspired by Project Euler and "the matasano crypto challenges" - and there are no solutions as well.

In my own opinion and experience, published solutions are killers to incentive (or motivation). When you see solution to the exercise, you lost an intellectual curiosity to solve it. It's like when magician reveals his tricks - he will loose all attention after the moment.

So please do not publish solutions on googleable forums/blogs/social networks, etc. On the other hand, you can freely discuss exercises with your friends and other people on the closed non-googleable private forums. Of course, I can't force anyone to do so, I just ask. Here is also explanation by one of "the matasano crypto challenges" website authors: https://www.reddit.com/r/haskell/comments/1fa8br/matasano_crypto_challenges_in_haskell/ca8em35.

If you are unsure if you solved some exercise correctly, just ask me by email (please also put exercise number in subject line like "exercise #123"). If you don't want to reveal your name/email, you may use a temporary throw-away email account.

Updates/news

I'll add more exercises in future, if you interesting, you may subscribe to my blog.

Thanks

Thanks to Diego Boy, Wolfgang Reiter, Nikita Mahilewets and Niklas for bugfixes.