diff --git a/token-validator/challenge.go b/token-validator/challenge.go
index 0dc0775..563a7f9 100644
--- a/token-validator/challenge.go
+++ b/token-validator/challenge.go
@@ -242,6 +242,7 @@ func init() {
 	router.GET("/challenge", apiHandler(getChallengeList))
 	router.GET("/challenge/:chid", rawHandler(accessibleChallenge))
 	router.POST("/challenge", rawHandler(challengeHandler(receiveToken)))
+	router.POST("/challenge/:chid", rawHandler(receiveChallenge))
 	router.POST("/echorequest", rawHandler(definedChallengeHandler(receiveToken, 6)))
 	router.POST("/testdisk", rawHandler(definedChallengeHandler(receiveToken, 7)))
 }
@@ -277,6 +278,43 @@ func accessibleChallenge(r *http.Request, ps httprouter.Params, _ []byte) (inter
 	}
 }
 
+func receiveChallenge(r *http.Request, ps httprouter.Params, body []byte) (interface{}, error) {
+	if chid, err := strconv.Atoi(string(ps.ByName("chid"))); err != nil {
+		return nil, err
+	} else if chid == 0 {
+		return nil, errors.New("This challenge doesn't exist")
+	} else if chid <= len(challenges) {
+		return nil, errors.New("This is not the good way to hit this challenge")
+	} else {
+		var gt givenToken
+		if err := json.Unmarshal(body, &gt); err != nil {
+			return nil, err
+		}
+
+		if gt.Token != PongSecret {
+			return nil, errors.New("This is not the expected token.")
+		}
+
+		var std Student
+
+		if stdid, err := strconv.Atoi(gt.Login); err == nil {
+			if std, err = getStudent(stdid); err != nil {
+				return nil, err
+			}
+		} else if std, err = getStudentByLogin(gt.Login); err != nil {
+			return nil, err
+		}
+
+		if _, err := std.UnlockNewChallenge(chid, strings.Join(gt.Data, " ")); err != nil {
+			if _, err := std.UpdateUnlockedChallenge(chid, strings.Join(gt.Data, " ")); err != nil {
+				return nil, err
+			}
+		}
+
+		return true, nil
+	}
+}
+
 func receiveToken(r *http.Request, body []byte, chid int) (interface{}, error) {
 	var gt givenToken
 	if err := json.Unmarshal(body, &gt); err != nil {