Flare on 2014 Challenge1

starting challenge by putting binary into pe studio we find it to be .NET binary in executable form

running binary in vm to check his functionality

we can clearly see somesort of decode function in play

after opening it in dnspy we go into main

after opening main function we find form1() function to be of intresting

from dynamic analysis we can deduce this function to be important lets dig into it (after going through other function this function was go to )

seeing decode funtion we see that it is taking bytes from “resources.dat_secret” and then decoding it and storing it into text3

extracting “resources.dat_secret” and decoding it manually first convert raw format into hex values

writing script to manually decode it

and heres your flag