Master the fundamental concepts of reverse engineering through this focused micro-challenge.
When you encounter an undocumented binary file, you must deduce its structure without specifications. This skill applies to malware analysis (custom protocols), game modding (proprietary assets), and data recovery (legacy formats).
Magic bytes at offset 0 identify the type. Even custom formats often have a version identifier there.
Structure fields reveal themselves through patterns:
For example, if bytes at offset 8 show 34 12 and the expected value is 0x1234, the file is little-endian.
Hex editing workflow: dump the first 256 bytes, identify magic, guess field sizes, validate by checking that offsets point to plausible data.
You will document techniques for identifying magic bytes, structure fields, and endianness in unknown formats. This is the same process Wireshark dissectors and game mod tools use when no specification exists.
After guessing field layout, check that offsets point to plausible data: strings should be printable, lengths should not exceed file size, and checksums should validate if present. Change one field at a time in a hex editor and observe whether the target program still parses the file. This iterative hypothesis-testing approach is how modding communities reverse game asset formats without official documentation.
Write a C program that reads a binary file with a simple custom header and documents the reverse engineering process.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github