Challenges

Clear
All 138 Web 14 Pwn 11 Crypto 11 Forensics 11 Rev 10 Misc 11 OSINT 10 network 11 Mobile 14 Cloud 14 web3 12 Linux 9
Rev Easy

Simple Serial Key Checker

This program checks if you enter the correct serial key. Reverse engineer the validation logic to find the correct key. The flag is the serial format. Compile: gcc -o crackme crackme.c -O0

150 pts
7 solves 🩸
Rev Easy

String Search

A simple crackme with the password stored as hex-escaped bytes. Extract using strings or a disassembler.

100 pts
4 solves 🩸
Rev Medium

.NET Deobfuscation — ConfuserEx

A .NET executable protected with ConfuserEx has its strings encrypted and control flow obfuscated with switch statement dispatchin. Use de4dot to deobfuscate, then analyze the cleaned assembly in dnSpy to find the password comparison logic and extract the flag.

300 pts
Rev Medium

Anti-Debug Bypass

Binary uses ptrace() to detect debuggers. Bypass the anti-debug or patch the binary to always take the non-debug path.

300 pts
4 solves 🩸
Rev Medium

WASM Reversing

A WebAssembly module (challenge.wasm) implements a password checker accessible via a tiny HTML page. The WASM has no debug info. Use wasm2wat to disassemble, trace the check function, and recover the correct password. The flag is aSEC{password}.

350 pts
Rev Hard

Go Binary — goroutine Maze

A Go binary spawns 16 goroutines, each checking one character of a 16-char password via a shared channel-based protocol. The check logic is obfuscated with per-character XOR keys and bit rotations derived from goroutine index. Reverse the per-goroutine transform to recover each character.

400 pts
1 solve 🩸
Rev Hard

Obfuscated Python

Obfuscated Python with base64 encoding. Trace the decode logic to recover the password and flag.

400 pts
5 solves 🩸
Rev Hard

Rust Binary Reversing

A stripped Rust binary implements a custom license key validator. The key is split into 5 groups of 5 chars, each group validated by a different arithmetic check on its ASCII values. Reverse all 5 constraints using Ghidra/Binary Ninja and reconstruct a valid key — the key itself is the flag.

450 pts
1 solve 🩸
Rev Hard

VM Reversing

A custom virtual machine with 7 opcodes. Reverse the bytecode to find the password, then run the VM to get the flag.

400 pts
5 solves 🩸
Rev Insane

Packed Binary

Binary with XOR-encoded payload using key 'UNPACK'. Deobfuscate to reveal the secret passphrase which IS the flag.

500 pts
5 solves 🩸