PAN LabyREnth CTF – Windows #5

Sample: f919ed81cd4b78fdff54f8f34ac10e07079814e2eaee08bb3fb4fc19c3301f26 (PW: infected)

file RGB.exe
RGB.exe: PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

Compared to the challenge before, this one was pretty easy. You need to adjust the controllers to the right value in order to get the key.

rgb_start

It’s again C# written code to you can decompile it easily. I used ILSpy to do so. Find the responsible function for the button click and voila, there you have a pretty suspicious if statement.

ilspy_decompile

Since we just have to try 256*256*256 values, we can easily bruteforce for the correct values.

 

rgb_solution_key

This entry was posted in Reverse Engineering, Uncategorized and tagged , . Bookmark the permalink.