One of the simple cryptographic methods is the XOR operation. This is the case if logically if we had a binary value or a binary value with 0 or 1 XOR, we would have the following table.

Well in general, if I were to say a simple, clear example of XOR, it's that if you XOR a string and XOR the answer again with the same key, you get the main string:

 

Example:

 

1100 XOR 1111 = 0011 <—- result

 

Here's our 1111 key and the 1100 encryption key and 0011 answer.

 

Now we just have the resulting string which is 1100 with the key to XOR 1111 again to get to the main string:

 

0011 XOR 1111 = 1100 <- result

 

Well let's go back to our problem. We are now seeing a string inside TextBox that has been XOR with the character A, so here A is actually our key. And the result of this operation is compared to that thread of the program. So we can get the code that we need to enter by Xor that string with A.

 

Answer string:

And here's the thing to say that sometimes dnspy makes a mistake in identifying strings. Here we see that the following string shows us some of its characters in Unicode but in fact these are HEX values, which of course is not a problem, but we have to be careful to convert them to Hex Ascii code after XOR operation. To do. Well I'm introducing a site that converts coding for you.

 

{'\ u0003', '', '&', '$', '', '\ u001e', '\ u0002', '', '/', '/', '.', '/'}

 

https://gchq.github.io/CyberChef

 

I wrote here the Hex values for those Ascii characters here, but I recommend that you find them on the Ascii table yourself.

I wrote here the Hex values for those Ascii characters here, but I recommend that you find them on the Ascii table yourself.

As you can see, the decoded string is seen, and by inserting this string into the second TextBox, we defeat the black cat and show us the flag or the flag of the next step in the program. Now that the race is over, this code won't really work for us, but in the CTFs you have to enter this code on the race site to find out that you've solved the problem and let you go to the next level.

Well this might be a bit of a funny challenge, but the purpose of the challenge is to showcase how to analyze and reverse .net programs in general, which I think was a very interesting idea.