Skip to content

Point system & auto-validation for crackmes #127

New issue
New issue
Open
Open
Point system & auto-validation for crackmes#127
Assignees
3rditxusheng6
Labels
enhancementNew feature or requestquestionFurther information is requested
@3rdit

Description

@3rdit
3rdit
opened on Jan 13, 2026

Implement a point-based scoring system with automatic flag validation to gamify the crackme solving experience and increase engagement.

Auto-Validation System

Firstly, to automate this system, we'll need to create an auto-validation system. During the submission of a new crackme, the author can opt-in to the auto-validation (point) system, and this will require:

  • The correct flag for the challenge
  • A private zip with the source code, build scripts, etc. (which is only visible to the reviewers and not to the public, hence the "opt-in" part).

The reviewer will review the submission and assign a official difficulty level.

Point Scoring

This is still in discussion and must be cemented, but the following ways have been discussed:

  • Solving a challenge -- When a user solves one of these opted-in challenges, they submit the found flag for validation. If correct, they earn difficulty x 100 points (so level 3 means 300 points is awarded)
  • First blood on old challenges -- If someone is the first person to solve an older challenge that has no existing solutions, they earn difficulty x 100 for this.
  • Writeup submitting -- Users can submit writeups for retired/old challenges. Since these have solutions available, they would earn fewer points: difficulty x 20.
  • Point bounty -- If an authors crackme is still unsolved, they can submit a bounty on their crackme. First to solve it gets the bounty - this is deducted from their earned points (StackOverflow style)

TBA...

Challenges will retire after six months. Once retired, flag validation doesn't award points anymore, but first bloods and writeups still will.

Point Decaying?

We could keep things competitive by causing points to decay based on a solve count. For eaxmple, after 10 people successfuly solve a challenge, it could drop to difficulty x 90 points. The exact curve can be tuned later.

Considerations

  • We need to consider the flag format, it should be standardised (CM1{xxxxx} for example?).
  • The reviewer-assigned difficulty should stay fixed now.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or requestquestionFurther information is requested

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions