VolgaCTF 2020 DotNetMe

Introduction DotNetMe is obviously a Windows reverse task. Two binaries are provided: A PE32+ executable file (console) Another PE32+ DLL Both binary are .NET binaries are expected and are heavily obfuscated. Technical details At first, we could see that both of the binaries are obfuscated and hard to read: In fact, the symbol names are displayed in some kind of Unicode and all the logic is behind a “state machine”.
Read full post