This work addresses the critical yet underexplored role of large language models (LLMs) in cryptographic binary reverse engineering—a task essential for vulnerability discovery and malware analysis but traditionally reliant on expert knowledge. To systematically evaluate LLM capabilities in this domain, the authors introduce CREBench, the first benchmark specifically designed for this purpose, comprising 432 CTF-style challenges that span 48 cryptographic algorithms, three categories of insecure key usage scenarios, and three difficulty levels. They further propose a four-stage evaluation framework to comprehensively assess LLM performance from algorithm identification to correct input recovery. Among eight state-of-the-art LLMs tested, GPT-5.4 achieves the highest score (64.03/100, solving 59% of challenges), yet still falls significantly short of human experts, who attain a baseline score of 92.19.

Reverse engineering (RE) is central to software security, particularly for cryptographic programs that handle sensitive data and are highly prone to vulnerabilities. It supports critical tasks such as vulnerability discovery and malware analysis. Despite its importance, RE remains labor-intensive and requires substantial expertise, making large language models (LLMs) a potential solution for automating the process. However, their capabilities for RE remain systematically underexplored. To address this gap, we study the cryptographic binary RE capabilities of LLMs and introduce \textbf{CREBench}, a benchmark comprising 432 challenges built from 48 standard cryptographic algorithms, 3 insecure crypto key usage scenarios, and 3 difficulty levels. Each challenge follows a Capture-the-Flag (CTF) RE challenge, requiring the model to analyze the underlying cryptographic logic and recover the correct input. We design an evaluation framework comprising four sub-tasks, from algorithm identification to correct flag recovery. We evaluate eight frontier LLMs on CREBench. GPT-5.4, the best-performing model, achieves 64.03 out of 100 and recovers the flag in 59\% of challenges. We also establish a strong human expert baseline of 92.19 points, showing that humans maintain an advantage in cryptographic RE tasks. Our code and dataset are available at https://github.com/wangyu-ovo/CREBench.