Flare on 2014 Challenge1
starting challenge by putting binary into pe studio we find it to be .NET binary in executable form
running binary in vm to check his functionality
we can clearly see somesort of decode function in play
after opening it in dnspy we go into main
after opening main function we find form1() function to be of intresting
from dynamic analysis we can deduce this function to be important lets dig into it (after going through other function this function was go to )
seeing decode funtion we see that it is taking bytes from “resources.dat_secret” and then decoding it and storing it into text3
extracting “resources.dat_secret” and decoding it manually first convert raw format into hex values
writing script to manually decode it
and heres your flag