CREBench: Evaluating Large Language Models in Cryptographic Binary Reverse Engineering

TL;DR

CREBench is a comprehensive benchmark designed to evaluate large language models' ability to perform cryptographic binary reverse engineering, highlighting current capabilities and gaps compared to human experts.

Contribution

The paper introduces CREBench, a new benchmark with 432 challenges for assessing LLMs in cryptographic RE, and evaluates eight models, including GPT-5.4, against human performance.

Findings

GPT-5.4 achieves 64.03/100 on CREBench.

Humans outperform LLMs with 92.19 points.

LLMs recover flags in 59% of challenges.

Abstract

Reverse engineering (RE) is central to software security, particularly for cryptographic programs that handle sensitive data and are highly prone to vulnerabilities. It supports critical tasks such as vulnerability discovery and malware analysis. Despite its importance, RE remains labor-intensive and requires substantial expertise, making large language models (LLMs) a potential solution for automating the process. However, their capabilities for RE remain systematically underexplored. To address this gap, we study the cryptographic binary RE capabilities of LLMs and introduce \textbf{CREBench}, a benchmark comprising 432 challenges built from 48 standard cryptographic algorithms, 3 insecure crypto key usage scenarios, and 3 difficulty levels. Each challenge follows a Capture-the-Flag (CTF) RE challenge, requiring the model to analyze the underlying cryptographic logic and recover the correct input. We design an evaluation framework comprising four sub-tasks, from algorithm identification to correct flag recovery. We evaluate eight frontier LLMs on CREBench. GPT-5.4, the best-performing model, achieves 64.03 out of 100 and recovers the flag in 59\% of challenges. We also establish a strong human expert baseline of 92.19 points, showing that humans maintain an advantage in cryptographic RE tasks. Our code and dataset are available at https://github.com/wangyu-ovo/CREBench.