Master the fundamental concepts of reverse engineering through this focused micro-challenge.
Finding a hidden password inside a binary is one of the most common reverse engineering challenges. It applies to malware analysis, crackmes, vulnerability research, and understanding proprietary protections.
Strings analysis is always the first step:
cLoading…
If the password is stored in plaintext, this reveals it immediately. Developers sometimes hide passwords as XOR-encrypted byte arrays to evade simple strings analysis.
Tracing comparisons in disassembly: look for strcmp, strncmp, or byte-by-byte comparison loops. Every password check has a success branch and a failure branch:
cLoading…
You will document how to find password-checking logic through strings analysis and comparison tracing. Tracing backward from a "wrong password" message to the comparison instruction reveals what input would satisfy the check.
When static analysis fails, run the binary under GDB with a breakpoint on strcmp using break strcmp and commands to print both arguments. The comparison reveals the expected password at runtime even if it was XOR-encrypted in the binary. Some crackmes compute passwords algorithmically, requiring you to reverse the generation logic rather than extract a static string.
Write a C program that checks a hardcoded password and documents how a reverse engineer would find it.
Requirements:
Success Criteria:
Three hints are available for this task, revealed one at a time inside the code workspace so you can struggle productively before seeing them.
Every task includes starter code, theory, and hidden tests so you can implement and verify locally in the browser.
How it works