Himayatic rev_400 Writeup (.NET Crackme)
Hello, today I'll crack a .NET crackme, it was featured on Himayatic CTF, November 2nd 2017. Download link : https://drive.google.com/open?id=0B7U3AsTA9UVfRHdTY2hfQzZrQm8 Let's start :) First, we notice that it's a .NET crackme, it asks for a serial, and displays " Wrong Serial ... !!! " when we enter a random one. We open it in a .NET decompiler (I used dnSpy, which is a fork of ILSpy), and we immediately locate this function : The code looks obfuscated, we follow the N and M functions in the namespace A, and we find this: Looks like they used CryptoObfuscator to obfuscate the code, we'll use a .NET deobfuscator (de4dot : https://github.com/0xd4d/de4dot ) to clean the executable. We open the cleaned executable in dnSpy, the obfuscation is gone! But it's a wrong flag, if it were the real flag, the else part would display "Wrong Serial ... !!!" and not "Illusion ... !!" (of course, we still try it, who know