What is the NSA Codebreaker Challenge?

The NSA Codebreaker Challenge provides students with a hands-on opportunity to develop their reverse-engineering / low-level code analysis skills while working on a realistic problem set centered around the NSA's mission.

While the challenge is intended for students, professors are encouraged to participate as well. Furthermore, the site was designed to make it easy for those professors interested in incorporating the challenge into their courses to do so (see the additional FAQ entries below.)

Who can participate?

Anyone with an email address from a recognized U.S. school or university may participate in the challenge. If your school's domain is not recognized, please email the Codebreaker support team at codebreaker@nsa.gov. We are also permitting those with .mil/.gov addresses to participate for training purposes, but results from .mil/gov participants (with the exception of military academies and other educational institutions) will not be displayed on the public leaderboard since this is meant to be an academic competition.

Why should I learn software reverse engineering?

Reverse engineering is a crucial skill for those involved in the fight against malware, advanced persistent threats, and similar malicious cyber activities. As the organization tasked with protecting U.S. government national security information systems, NSA is looking to develop these skills in university students and prospective future employees. NSA isn’t the only organization interested in these skills - many Fortune 500 companies are also looking for individuals with reverse engineering abilities, as they work to protect their corporate computer systems and networks. In addition, the same techniques used to reverse engineer an unknown binary can often be applied to diagnose and fix bugs in your own applications, especially if they are low-level / hard to find. It is important to note that reverse engineering might violate the End User License Agreement of some software packages and/or be considered illegal in certain cases. Always check with the appropriate copyright holder / legal counsel if unsure.

Are the binaries on this site safe to run on my computer?

We wrote the code for these challenge binaries (with the exception of several other libraries that are statically linked) and our testing hasn’t indicated any negative side effects, but ultimately you must use these at your own risk. As a general rule, we encourage you to take precautions before running any questionable executables on your machine. For instance - running these in a virtual machine environment is a good first step to take. Directions on setting up a virtual machine for testing can be found in the 'Technical Resources' section of this page.

We have heard that the 2014 challenge binary may get flagged as being malicious by some anti-virus software. Again, that one should be safe as well, but taking precautions just in case is advised.

What do I do if I'm having problems with the site?

Email us at: codebreaker@nsa.gov

For professors - What is the process for verifying that a student has completed the challenge?

We are in the process of adding a capability that will provide students with a unique link to a page that verifies their progress on each task in the challenge. In the meantime, we are happy to provide direct verification through our support alias (see above)

For professors - What steps are in place to prevent cheating?

Each student receives a slightly different set of challenge binaries and associated files, making it unlikely for one person's solution to work for someone else. However, the files are similar enough to where people can work together and develop the solution to their respective challenge instances as a team.