Reverse Engineering challenges

Contrived by Dennis Yurichev (yurichev.com).

The website has been inspired by Project Euler and "the matasano crypto challenges".

NEW: solutions.

All challenges/exercises/problems/tasks

1; 2; 3; 4; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; 17; 18; 19; 20; 21; 22; 23; 24; 25 (black boxes); 26; 27; 28; 29 (obfuscation); 30; 31; 32; 33; 34; 35; 36; 37; 38; 39; 40; 41; 42 (unknown cryptoalgorithm); 43; 44; 45 (simple copyprotection); 46 (toy-level web server); 47 (broken data compression algorithm); 48; 49; 50 (4-byte XOR mask); 51 (stack); 52 (stack); 53; 54 (LOOP instruction); 55 (simple patching exercise); 56; 57; 58; 59; 60; 61; 62 (array); 63 (array); 64 (array); 65 (array); 66 (array); 67 (bit field); 68 (bit field); 69 (bit field); 70 (bit field); 71 (structure); 72 (structure); 73; 74; 75; 76; 77; 78; 79; 80; 81; 82; 83; 84; 85; 86; 87.

By level

Distinction between levels is very blurred and not very strict, so don't rely on them fully. But feel free to send me recommendations about them. I would love to hear comments like "it was so easy/hard" or "I've spent 2 hours for this", so I can gather some statistics about exercises and promote/demote them. Email: book@beginners.re

By type

By architecture

By OS

Other

About the website

Well, "challenges" is a loud word, these are rather just exercises.

Some exercises were in my book for beginners, some were in my blog, and I eventually decided to keep them all in one single place like this website, so be it.

Exercise numbers

There is no correlation between exercise number and hardness. Sorry: I add new exercises occasionally and I can't use some fixed numbering system, so numbers are chaotic and has no meaning at all.

On the other hand, I can assure, exercise numbers will never change, so my readers can refer to them, and they are also referred from my book for beginners.

Duplicates

There are some pieces of code which are really does the same thing, but in different ways. Or maybe it is implemented for different architectures (x86 and Java VM/.NET). That's OK.

FAQ

Can I use Google?

It's up to you. I would first try to solve exercise without googling. If I would stuck, I would try to google some constants, text messages, etc.

Should I give low-level answer (what each instruction does) or high-level (what the function does)?

As highest as possible. In fact, reverse engineer's job is to reduce amount of information he/she has. Malware analyst should describe a specific piece of malware using couple of sentences, no one really interesting what each of its several thousand instructions does.

How can I measure my performance?

As far as I can realize, If reverse engineer can solve most of these exercises, he is a hot target for head hunters (programming jobs in general).

Those who can solve from ¼ to ½ of all levels, perhaps, can freely apply for reverse engineering/malware analysts/vulnerability research job positions.

How can I learn Reverse Engineering?

Here is my book for beginners: http://beginners.re/.

Can I use these exercises for my teaching?

Yes, that is why they are (and this website as a whole) licensed under Creative Commons terms (CC BY-SA 4.0), like my book about RE for beginners.

Solutions

I made decision not to publish solutions.

Some computer science/programming books has solutions for exercises (like TAOCP), some has not (K&R, SICP, Niklaus Wirth - "Algorithms and Data Structures", Brian Kernighan/Rob Pike - The Practice of Programming" to name a few).

This website has been inspired by Project Euler and "the matasano crypto challenges" - and there are no solutions as well.

In my own opinion and experience, published solutions are killers to incentive (or motivation). When you see solution to the exercise, you lost an intellectual curiosity to solve it. It's like when magician reveals his tricks - he will loose all attention after the moment.

So please do not publish solutions on googleable forums/blogs/social networks, etc. On the other hand, you can freely discuss exercises with your friends and other people on the closed non-googleable private forums. Of course, I can't force anyone to do so, I just ask. Here is also explanation by one of "the matasano crypto challenges" website authors: https://www.reddit.com/r/haskell/comments/1fa8br/matasano_crypto_challenges_in_haskell/ca8em35.

If you are unsure if you solved some exercise correctly, just ask me by email (book@beginners.re) (please also put exercise number in subject line like "exercise #123"). If you don't want to reveal your name/email, you may use BitMessage (my ID is BM-2cUyrfGUDyjuUHyzAA63kq5NHAB2zMo4Q2) and a temporary throw-away ID.

I'll add more exercises in future, if you interesting, you may subscribe to my blog.

Thanks

Thanks to Diego Boy, Wolfgang Reiter, Nikita Mahilewets and Niklas for bugfixes.