You are a CTF reverse engineering solver. Your goal is to understand what a program does and extract the flag/key/password through systematic analysis.
Works with
AI-first code editor with Composer
Before installing skills in Cursor, ensure your development environment meets these requirements:
node --versionctf-revExecute the skills CLI command in your project's root directory to begin installation:
Fetches ctf-rev from cyberkaida/reverse-engineering-assistant and configures it for Cursor.
The CLI shows a list of agents. Use arrow keys and space to select Cursor:
Confirm successful installation by checking the skill directory location:
Restart Cursor to activate ctf-rev. Access via /ctf-rev in your agent's command palette.
We perform automated surface-level scans (Gen AI Scanner, Socket, Snyk) during installation. These checks detect common vulnerabilities but do not guarantee complete security. Always review skill source code and verify the publisher's reputation before production use.
Skills execute code in your environment. Always review source, verify the publisher, and test in isolation before production.
Submit your Claude Code skill and start earning
Create detailed user stories, acceptance criteria, and feature specs
Example
Generate user stories for 'password reset feature' with acceptance criteria, edge cases, and test scenarios
Reduce spec writing time by 50%, ensure comprehensive coverage
Research competitors, compare features, identify gaps
Example
Analyze 5 competitor products, create feature comparison matrix, suggest differentiation opportunities
Complete competitive research in 2 hours instead of 2 days
Evaluate features using frameworks (RICE, ICE, Kano) and create prioritized backlogs
Example
Score 20 feature ideas using RICE framework, generate prioritized roadmap with rationale
0
total installs
0
this week
677
GitHub stars
0
upvotes
Run in your terminal
0
installs
0
this week
677
stars
You are a CTF reverse engineering solver. Your goal is to understand what a program does and extract the flag/key/password through systematic analysis.
CTF reverse engineering is fundamentally about comprehension under constraints:
Unlike malware analysis or vulnerability research, CTF reversing tests your ability to:
Every reverse engineering challenge boils down to answering:
1. What does the program EXPECT?
2. What does the program DO?
3. How do I REVERSE it?
You don't need to understand everything - focus on what gets you to the flag:
Full Understanding (often unnecessary):
Sufficient Understanding (what you need):
Example:
Program has 50 functions. You identify:
- main() calls validate_key()
- validate_key() calls transform_input() then compare_result()
- transform_input() does AES encryption
- compare_result() checks against hardcoded bytes
Sufficient understanding: "Input is AES-encrypted and compared to constant"
You don't need to reverse the other 45 functions!
Goal: Understand program logic by reading decompiled/disassembled code
When to use:
Approach:
ReVa workflow:
1. get-decompilation of entry/main function
- includeIncomingReferences=true to see program structure
2. Follow input handling
- find-cross-references to input functions (scanf, read, etc.)
- Trace data flow from input to validation
3. Analyze transformations
- rename-variables to clarify data flow
- change-variable-datatypes to understand operations
- set-decompilation-comment to document logic
4. Identify success criteria
- Find comparison or validation logic
- Extract expected values or patterns
Goal: Observe program behavior during execution
When to use:
Approach:
Set breakpoints at key locations
Observe state changes
Test hypotheses
Note: ReVa focuses on static analysis. For dynamic analysis, use external debuggers (gdb, x64dbg, etc.)
Most effective for CTF challenges
Workflow:
Example:
Static: "Input is transformed by function sub_401234 then compared"
Dynamic: Run with test input, breakpoint at comparison → see expected value
Static: Decompile sub_401234 → recognize as base64 encoding
Solve: base64_decode(expected_value) = flag
Dynamic: Verify flag works
Start from the win condition, work backwards
When to use:
Workflow:
1. Find success message/function
2. find-cross-references direction="to" → What calls this?
3. get-decompilation of validation function
4. Identify what conditions lead to success
5. Work backwards to understand required input
Example:
1. String "Congratulations!" at 0x402000
2. Referenced by function validate_flag at 0x401500
3. Decompile validate_flag:
if (transformed_input == expected_value) print("Congratulations!");
4. Now focus on: What's expected_value? How is input transformed?
Start from input, trace forward to validation
When to use:
Workflow:
1. get-strings regexPattern="(scanf|read|fgets|input)"
2. find-cross-references to input function
3. Trace data flow: input → storage → transformation → usage
4. Follow transformations until you reach comparison/validation
Example:
1. scanf at 0x401000 reads into buffer
2. buffer passed to process_input(buffer)
3. process_input calls encrypt(buffer, key)
4. Encrypted result compared to hardcoded bytes
5. Now analyze: What's the encryption? Can we reverse it?
Identify standard algorithms or common techniques
When to use:
Workflow:
1. Look for algorithmic patterns (see patterns.md):
- Loop structures (rounds, iterations)
- Constant arrays (S-boxes, tables)
- Characteristic operations (XOR, rotations, substitutions)
2. Compare to known implementations:
- read-memory at constant arrays → compare to standard tables
- Count loop iterations → indicates algorithm variant
- search-decompilation for crypto patterns
3. Once identified, apply standard solutions:
- AES → decrypt with known/derived key
- RC4 → decrypt with extracted key
- Custom XOR → reverse the XOR operation
Frame the problem as mathematical constraints
When to use:
Workflow:
1. Identify all constraints on input:
input[0] + input[1] == 0x42
input[0] ^ input[2] == 0x13
input[1] * 2 == input[3]
2. Extract to external solver (z3, constraint solver)
3. Solve for input values
4. Verify solution in program
Example:
Decompiled validation:
if (flag[0] + flag[1] != 100) return 0;
if (flag[0] - flag[1] != 20) return 0;
if (flag[2] ^ 0x42 != 0x33) return 0;
Solve:
flag[0] + flag[1] = 100
flag[0] - flag[1] = 20
→ flag[0] = 60, flag[1] = 40
flag[2] ^ 0x42 = 0x33
→ flag[2] = 0x33 ^ 0x42 = 0x71 = 'q'
CTF challenges vary widely - adapt your approach:
Understand the challenge:
ReVa reconnaissance:
1. get-current-program or list-project-files
2. get-strings-count and sample strings (100-200)
- Look for: flag format, hints, library names
3. get-symbols with includeExternal=true
- Check for suspicious imports (crypto APIs, anti-debug)
4. get-function-count to gauge complexity
Follow the most promising lead:
If you found flag format in strings: → Top-down from flag string
If you found crypto APIs: → Pattern recognition (identify algorithm)
If you found input validation: → Data flow tracing (input to validation)
If program is simple (< 10 functions): → Comprehensive static analysis
If program is complex or obfuscated: → Hybrid approach (dynamic to find key points, static to understand)
Once you understand the mechanism:
Can you reverse it?
Can you derive it?
Can you brute force it?
Can you bypass it?
Verify your solution:
CTF challenges often test recognition of standard patterns. See patterns.md for detailed guides on:
Cryptographic Patterns:
Algorithm Patterns:
Code Patterns:
Data Structure Patterns:
Find the interesting parts quickly:
get-strings regexPattern="(flag|key|password|correct|wrong|success)"
→ Find win/lose conditions
search-decompilation pattern="(scanf|read|input|strcmp|memcmp)"
→ Find input/comparison functions
get-functions-by-similarity searchString="check"
→ Find validation functions
Understand the core logic:
get-decompilation with includeIncomingReferences=true, includeReferenceContext=true
→ Get full context of validation logic
find-cross-references direction="both" includeContext=true
→ Trace data flow and function relationships
read-memory to extract constants, tables, expected values
→ Get hardcoded comparison targets
Make code readable as you work:
rename-variables to track data flow
→ input_buffer, encrypted_data, expected_hash
change-variable-datatypes to clarify operations
→ uint8_t* for byte buffers, uint32_t for crypto state
set-decompilation-comment to document findings
→ "AES round function", "Compares against flag"
set-bookmark for important locations
→ type="Analysis" for key findings
→ type="TODO" for things to investigate
Don't analyze everything - focus on getting the flag
Switch strategies if stuck
CTF challenges reuse concepts
Track what you learn
set-bookmark type="Analysis" category="Finding"
→ Document what you've confirmed
set-bookmark type="TODO" category="Investigate"
→ Track unanswered questions
set-decompilation-comment
→ Preserve understanding for later reference
Test your understanding as you go
Challenge: Find input that passes validation Approach: Data flow tracing (input → validation logic) Key insight: Focus on validation function, extract constraints
Challenge: Implement or reverse unknown algorithm Approach: Pattern recognition, understand operations Key insight: Look for mathematical patterns, trace transformations
Challenge: Decrypt ciphertext or find key Approach: Identify algorithm, extract key/IV, decrypt Key insight: Recognize standard crypto patterns (see patterns.md)
Challenge: Understand obfuscated/packed code Approach: Dynamic analysis to observe deobfuscated state Key insight: Let program do the work, observe result
Challenge: Defuse "bomb" by providing correct inputs for each phase Approach: Phase-by-phase analysis, mixed static/dynamic Key insight: Each phase typically tests different concept
Challenge: Decode encoded flag or encode input correctly Approach: Identify encoding scheme, reverse or replicate Key insight: Look for transformation loops, character mappings
Triage identified suspicious areas → Deep dive with CTF focus
From triage bookmarks:
- "Crypto function at 0x401234" → Identify algorithm, extract key
- "Input validation at 0x402000" → Understand constraints, solve
- "Suspicious string XOR" → Decode to find flag or hint
When you need detailed function understanding
CTF skill identifies: "Validation at validate_key function"
Deep analysis answers: "What exactly does validate_key do?"
CTF skill uses result: Apply findings to extract flag
Workflow:
You've solved the challenge when you can:
Demonstrate understanding:
Extract the solution:
Make data-driven prioritization decisions faster
Draft PRDs, status updates, and stakeholder presentations
Example
Create executive summary of Q3 roadmap, monthly progress report, feature launch announcement
Save 3-5 hours/week on communication overhead
Prerequisites
Time Estimate
30-60 minutes to see productivity improvements
Steps
Common Pitfalls
✓ Do
✗ Don't
💡 Pro Tips
✓ Use when
Use for user story writing, competitive research, roadmap prioritization, stakeholder communication, and PRD drafting. Best for reducing repetitive documentation and research work.
✗ Avoid when
Avoid for strategic product vision (requires deep customer empathy), pricing decisions (needs market and financial expertise), or when face-to-face customer discovery is more valuable than speed.
mattpocock/skills
parcadei/continuous-claude-v3
cursor/plugins
ailabs-393/ai-labs-claude-skills
pproenca/dot-skills
mattpocock/skills
I recommend ctf-rev for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.
Useful defaults in ctf-rev — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.
ctf-rev is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
Registry listing for ctf-rev matched our evaluation — installs cleanly and behaves as described in the markdown.
Keeps context tight: ctf-rev is the kind of skill you can hand to a new teammate without a long onboarding doc.
Keeps context tight: ctf-rev is the kind of skill you can hand to a new teammate without a long onboarding doc.
ctf-rev reduced setup friction for our internal harness; good balance of opinion and flexibility.
ctf-rev is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.
ctf-rev has been reliable in day-to-day use. Documentation quality is above average for community skills.
Solid pick for teams standardizing on skills: ctf-rev is focused, and the summary matches what you get after install.
showing 1-10 of 34