Suninatas Game 10

Posted on Edited on In Views: Disqus:

challenges

Game 10

Challenge: Reverse engineering a .NET Windows executable

Step 1: Extract and Identify

1
2
7z x reversing.zip
file reversing.exe

Output: PE32 executable for MS Windows 4.00 (GUI), Intel i386 Mono/.Net assembly, 3 sections

Step 2: Hex Analysis

From hex view, strings are readable in Unicode format:

1
2theT@P, Authkey: Did U use the Peid?, SuNiNaTaS, Try again!, explorer, http://suninatas.com, textBox1, button1, OK, label2, Made by 2theT0P, button2, QUIT, Form1, WindowsFormsApplication1, Properties, Resources

The program is based on WinForms.

Step 3: Decompile with dnSpyEx

Use dnSpyEx (run in Windows) and drag the file to decompile.

Decompiled Code

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
// WindowsFormsApplication1.Form1
// Token: 0x06000003 RID: 3 RVA: 0x00002068 File Offset: 0x00000268
private void button1_Click(object sender, EventArgs e)
{
    string text = "2theT@P";
    string text2 = "Authkey : Did U use the Peid?";
    if (this.textBox1.Text == text)
    {
        MessageBox.Show(text2, "SuNiNaTaS");
        this.textBox1.Text = "";
        return;
    }
    MessageBox.Show("Try again!", "SuNiNaTaS");
    this.textBox1.Text = "";
}