Mid-course CrackMe ladder checkpoint. Document four or more solved challenges with technique narrative. Due Week 13.
Overview
The CrackMe ladder has been running since Week 4. Lab 6 is the formal checkpoint: a structured submission documenting at least four completed challenges with enough detail that the instructor can verify you analyzed them rather than just guessing inputs or looking up answers online.
This lab has no fixed due date within the weekly schedule until Week 13. It accumulates over Weeks 4-12. Do not start it in Week 13.
What counts as a solved CrackMe
A CrackMe is "solved" for Lab 6 purposes if:
- You identified the correct key, password, serial, or flag.
- You can explain the mechanism: how the binary checks the input.
- You documented the technique you used to find the answer.
Running the binary and trying common passwords until one works does not count. Reading someone else's writeup and reproducing it without independent analysis does not count.
Approved sources
Pull CrackMe challenges from any of the following:
- crackmes.one: the primary community platform. Filter to Linux, ELF, x86-64. Start at difficulty 1-2 and move up.
- pwn.college RE track: structured challenges with increasing difficulty. Requires a free account.
- picoCTF Reverse Engineering category: structured challenges; some are appropriate RE-011 level.
Avoid Windows PE challenges unless you have a Windows analysis environment. RE-011 is tooled for Linux/ELF; the skills transfer but the toolchain differs.
Submission format
For each CrackMe, write a Tool Journal entry (plain text or Markdown) with the following structure:
Challenge: [Name and source, e.g., "crackme-01 from crackmes.one by author xyz"]
Difficulty rating: [As listed on the platform, e.g., 1.0, 2.5]
What the binary does: [One paragraph -- what is the binary's stated challenge, what input does it accept, what output does it produce?]
Analysis approach: [Which tools did you use, in which order? Did you start with strings? objdump? Ghidra? strace? At what point did the key insight appear?]
The check mechanism: [Describe the check function at the level of assembly or decompiler output. Where is the comparison? What is being compared? What C-level construct does it correspond to (if/else, loop, hash comparison, etc.)?]
The technique that revealed the solution: [Be specific: "strings revealed the key as a plaintext literal in .rodata" OR "disassembled check_serial, found strcmp at 0x401180, broke on strcmp in gdb, rsi held the expected serial" OR "xor-decoded the key using CyberChef after identifying the loop decodes the check string byte by byte"]
Ghidra usage: [What did you look at in Ghidra? Which view was most useful? Did the decompiler give you the key insight, or did you need the listing?]
Time spent: [Approximate, in minutes. Honest -- ranges are fine.]
What you would do differently: [One sentence: if you solved a similar challenge again, what would you try first?]
Provide exactly this structure for each of your four (or more) challenges. Summaries without technique narrative do not earn credit.
Minimum requirements
| Requirement | Minimum |
|---|---|
| Challenges documented | 4 |
| Challenges with difficulty >= 2.0 | At least 1 |
| Challenges solved using static analysis primarily | At least 2 |
| Challenges where you needed dynamic analysis | At least 1 (can be the same as the difficulty >= 2 challenge) |
| Challenges from crackmes.one specifically | At least 2 |
Stretch goal (not required, but noted in grading): 8+ challenges documented with at least two at difficulty 3.0 or higher.
Lab Report
Submit your Tool Journal entries for all documented challenges. You may submit them as:
- A single Markdown file containing all four (or more) entries
- Your live Tool Journal file (if it has a dedicated CrackMe section)
Include a brief cover note (2-3 sentences) summarizing: how your analysis approach evolved over the weeks, and what the most significant technique you learned from the ladder was.
Grading
| Criterion | Points |
|---|---|
| Four challenges documented with full structure | 40 (10 per challenge) |
| Technique narrative is specific and credible (not vague) | 30 |
| Difficulty distribution meets minimums | 15 |
| Cover note demonstrates genuine reflection on technique evolution | 15 |
| Total | 100 |
Penalty for insufficient specificity: If a "check mechanism" section says only "it checks the password with strcmp" without identifying the function address, the comparison value, or how you found the comparison, it earns 0 points for that challenge's narrative section. Specificity is what the narrative sections are for.
A note on writeups
CrackMe writeups are publicly available for many challenges on crackmes.one. Reading a writeup after you have solved a challenge -- to compare your approach -- is fine and educational. Reading a writeup before you have attempted the challenge, then summarizing it as your own analysis, is academic dishonesty and will earn a zero for that entry.
The Tool Journal format is designed to make independent analysis visible: if you describe tools, addresses, and observations that are specific to your session (your Ghidra project, your gdb session, your specific binary version), the instructor can verify authenticity. Generic descriptions that could apply to any binary are a red flag.
Lab 6 of 9. Due: Week 13. Start building your entries in Week 4 and add one every one or two weeks. Do not try to complete four challenges in Week 12.