Master the fundamental concepts of reverse engineering through this focused micro-challenge.
Finding a hidden password inside a binary is one of the most common reverse engineering challenges. It applies to malware analysis, crackmes, vulnerability research, and understanding proprietary protections.
Strings analysis is always the first step:
cLoading…
If the password is stored in plaintext, this reveals it immediately. Developers sometimes hide passwords as XOR-encrypted byte arrays to evade simple strings analysis.
Tracing comparisons in disassembly: look for strcmp, strncmp, or byte-by-byte comparison loops. Every password check has a success branch and a failure branch:
cLoading…
You will document how to find password-checking logic through strings analysis and comparison tracing. Tracing backward from a "wrong password" message to the comparison instruction reveals what input would satisfy the check.
When static analysis fails, run the binary under GDB with a breakpoint on strcmp using break strcmp and commands to print both arguments. The comparison reveals the expected password at runtime even if it was XOR-encrypted in the binary. Some crackmes compute passwords algorithmically, requiring you to reverse the generation logic rather than extract a static string.
Write a C program that checks a hardcoded password and documents how a reverse engineer would find it.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
All starter code and reference implementations are available for your local setup.
View on Github