These lectures are from the NSA Capstone Course Google Hangout Page.
Tech talks walking through the 2015 challenge solution are scheduled as follows:
Sign in to see the tech talk schedule
The 2015 tech talk slides walk through solving the 2014 challenge.
The 2014 tech talk slides walk through solving the 2013 challenge.
The following document walks you through setting up a VM to make it easier to get started on the challenge.
The NSA Codebreaker Challenge provides students with a hands-on opportunity to develop their reverse-engineering / low-level code analysis skills while working on a realistic problem set centered around the NSA's mission.
The fictional backstory for the challenge is as follows: Terrorists have recently developed a new type of remotely controlled Improvised Explosive Device (IED), making it harder for the U.S. Armed Forces to detect and ultimately prevent roadside bomb attacks against troops deployed overseas. The National Security Agency (NSA), in accordance with its support to military operations mission, has been asked to develop capabilities for use against this new threat. This will consist of six tasks of increasing difficulty, with the ultimate goals of being able to disarm the IEDs remotely and permanently render them inoperable without the risk of civilian casualties.
There are six different levels or "tasks" to the challenge, with each one being progressively more difficult and building off of the previous tasks. The basic goal of each task is as follows:
While the challenge is intended for students, professors are encouraged to participate as well. Furthermore, the site was designed to make it easy for those professor interested in incorporating the challenge into their courses to do so (see the additional FAQ entries below.)
To begin, visit the challenge page and download the materials provided for Task 1. The resource section of the site links to information on how to start reverse engineering the challenge binary, but to begin, try running the challenge binary (See 'Are the binaries on this site safe to run on my computer?' before doing this) and using a program like IDA Pro Demo or 'strings' to look at the character strings stored in the binary.
Reverse engineering is a crucial skill for those involved in the fight against malware, advanced persistent threats, and similar malicious cyber activities, and as the organization tasked with protecting U.S. government national security information systems, NSA is looking to develop these skills in university students (and prospective future employees!). NSA isn’t the only organization interested in these skills - many Fortune 500 companies are also looking for individuals with reverse engineering abilities, as they work to protect their corporate and organizational computer systems and networks. In addition, the same techniques used to reverse engineer an unknown binary can often be applied to diagnose and fix bugs in your own applications, especially if they are low-level ones like those introduced by a compiler. It is important to note that reverse engineering does, in many cases, violate the End User License Agreement of provided software, which may make the activity illegal. However, when used appropriately, reverse engineering techniques can be a powerful tool to leverage.
The first 50 individuals to complete all six tasks will be awarded a small token to recognize them for this great achievement. Also, some universities and departments may offer their own prizes for students within the department that complete the challenge, and some courses may offer extra credit for task completion. Definitely check with your faculty to see if possibilities like these exist!
NOTE: We are currently unable to mail these tokens of recognitions to students located outside of the U.S.
We wrote the code for these challenge binaries (with the exception of several other libraries that are statically linked in,) and our testing hasn’t indicated any negative side effects, but ultimately you must use these at your own risk. As a rule-of-thumb, we encourage you to take precautions before running any questionable executables on your machine. For instance - running these in a virtual machine environment is a good first step to take. Directions on setting up a virtual machine for testing can be found in the 'Technical Resources' section of this page.
We have heard that the 2014 challenge binary may get flagged as being malicious by some anti-virus software. Again, that one should be safe as well, but taking precautions just in case is advised.
Email us at:
Sign in to see the support email address
After completing the first challenge, each student is provided a unique link to a page which verifies their progress on the six tasks in the challenge. The student can send this link to the professor, post it on a class message board, etc., so that progress can be verified.
Each student receives a slightly different set of challenge binaries and associated message files, making it so that one student's solution won't work for someone else. The binaries are similar enough to where students can work together, though, and develop the solutions to their respective binaries together.
NSA is about protecting our country and its citizens. It's about facing off against unseen adversaries. Understanding their languages. Protecting information systems. Keeping leaders informed and the nation safe. NSA is about doing something that matters. And using really advanced technology to make it happen.
These are the unique challenges that the people of NSA are faced with every day. And you could be too. Come explore the exciting career opportunities at NSA. You won't find them anywhere else.
Sign in to get a Codebreaker Challenge event code to use when applying.
All 2017 summer internship, co-op, and scholarship applications open on September 1, 2016! The applications don't typically stay up for very long, though, so if any programs sound interesting apply as soon as possible.
New full-time opportunities are being posted all the time, so check back periodically to see if any sound interesting to you.
Some unique opportunities worth exploring are the various Development Programs, in which a full-time employee typically gets extensive training and then performs multiple six to nine month tours in various offices across the Agency. These provide a way to better experience the breadth of work done across NSA while also making meaningful contributions to the mission of each office. Development Program positions are typically named as such in the position title.