[joeyaiello]

I also took a class designed around this class at UCLA. The bomb lab was absolutely the standout, both in terms of what I learned and how much I enjoyed it.

Didn't see it mentioned, but the really cool thing is that the bomb required internet access and would phone home to a server to dock points if you let it go off. As you said, all it required was that one breakpoint, but it still made everything feel more critical.

[mafuyu]

I remember opening up the binary in IDA and patching out all the phoning home, allowing me to tinker with it as I pleased. I then patched out all the key checking and hooked it back online, only to realize in horror that all the inputs were validated server side. :(

[carlosdp]

Yea, I didn't mention the "phone home" part, that's important =P

Even though it is "easy" to avoid it, there were still a bunch of people who accidentally triggered it every semester.

[carlosgaldino]

Maybe the online part is only available for students enrolled at CMU which is not my case. Self-study students download a different binary. Although it would be fun if it also had some online stuff.