Pwn Adventure Z (PwnZ) continues the long tradition in the Pwn Adventure series of being a fully hackable game.
PwnZ is an NES game (yes, the original NES) based on Mapper 1 hardware--similar to the hardware that powered The Legend of Zelda.
The game was originally released at the CSAW CTF 2015 competition, an in-person CTF where each team was given a physical cartridge to solve the built-in challenges for.
The ROM released at the CSAW CTF exactly as the students played it is available in the PwnAdventureZ-csaw-student.zip file. If you just want to play the game, download the zip and the only file you need to extract is the PwnAdventureZ.NES
If you would like to play with the version of the ROM that contained the actual flags, you can either use the PwnAdventureZ-csaw-withkeys.bin by programming it on real hardware, or download the PwnAdventureZ-csaw-withkeys.nes rom file.
PwnZ is not just for people looking to solve CTF challenges. It's also a fun game completely playable in its own right! The default easy mode is not meant as a challenge at all, but was intentionally easy to play so that it didn't impede the competition, but HARD and APOCALYPSE difficulty modes are much more challenge. To play in HARD, first enter your name as QUEST 2.0 when starting a new game, and to play as APOCALYPSE, enter UNBEARABLE as your name.
If you are working on the reverse engineering / vulnerability research challenges in the game, you'll be interested in the symbols included in the above zip file that allow debuggers like FCEUX and Binary Ninja (note that the open source verison does not support NES roms) to include names while analyzing the program. Simply unzip the original zip in the same place, and the symbols should automatically load.
You won't be able to solve most of the challenges and sound isn't working but you can at least check out the game online.
If you'd like to try the game on real hardware, we used components from infiniteneslives.com. Specifically, you'll need to purchase an INL Retro programmer, as well as a Mapper 1 256kb with Save Battery rom.
Alternatively, fully assembled and programmed boards with art will be available from infiniteneslives.com shortly. Keep an eye out
See LICENSE.md for licensing information.