The NSA Codebreaker Challenge provides students with a hands-on opportunity to develop their reverse-engineering / low-level code analysis skills while working on a realistic problem set centered around the NSA's mission.
While the challenge is intended for students, professors are encouraged to participate as well. Furthermore, the site was designed to make it easy for those professors interested in incorporating the challenge into their courses to do so (see the additional FAQ entries below.)
Anyone with an email address from a recognized U.S. school or university may participate in the challenge. All players register and login individually. If your school's domain is not recognized during registration, please complete this form to Request Access. The form only needs to be completed once per institution. If there are further questions, you can email the Codebreaker support team at email@example.com. We are also permitting those with .mil/.gov addresses to participate for training purposes, but results from .mil/gov participants (with the exception of military academies and other educational institutions) will not be displayed on the public leaderboard since this is meant to be an academic competition.
Reverse engineering is a crucial skill for those involved in the fight against malware, advanced persistent threats, and similar malicious cyber activities. As the organization tasked with protecting U.S. government national security information systems, NSA is looking to develop these skills in university students and prospective future employees. NSA isn’t the only organization interested in these skills - many Fortune 500 companies are also looking for individuals with reverse engineering abilities, as they work to protect their corporate computer systems and networks. In addition, the same techniques used to reverse engineer an unknown binary can often be applied to diagnose and fix bugs in your own applications, especially if they are low-level / hard to find. It is important to note that reverse engineering might violate the End User License Agreement of some software packages and/or be considered illegal in certain cases. Always check with the appropriate copyright holder / legal counsel if unsure.
We wrote the code for these challenge binaries (with the exception of several other libraries that are statically linked) and our testing hasn’t indicated any negative side effects, but ultimately you must use these at your own risk. As a general rule, we encourage you to take precautions before running any questionable executables on your machine. For instance - running these in a virtual machine environment is a good first step to take. Directions on setting up a virtual machine for testing can be found in the 'Technical Resources' section of this page.
We have heard that the 2014 challenge binary may get flagged as being malicious by some anti-virus software. Again, that one should be safe as well, but taking precautions just in case is advised.
You can use the "Get Help" tab at the bottom of the page for help or any type of feedback. If that isn't working (or not available because you cannot login) then email us at: firstname.lastname@example.org
The site includes a "sharing" feature that everyone can use to share their progress with other players. Register for the challenge, then ask each student to share their progress with you by entering your email address into their "followers" list. You can then view each students' completion time on each individual task of the challenge. See the sharing page accessible under the rightmost menu.
Each student receives a slightly different set of challenge binaries and associated files, making it unlikely for one person's solution to work for someone else. However, the files are similar enough to where people can work together and develop the solution to their respective challenge instances as a team.