Post

Cracking 0ya3um1's dotqw .NET CrackMe | Step-by-Step Tutorial

Posted
By fr0stb1rd
views 3 min read
Cracking 0ya3um1's dotqw .NET CrackMe | Step-by-Step Tutorial

Video Tutorial

Introduction

In this tutorial, we’ll analyze and crack a .NET crackme created by 0ya3um1. This is a great exercise for learning .NET reverse engineering basics.

CrackMe Details

  • Author: 0ya3um1
  • Language: .NET
  • Platform: Windows
  • Architecture: x86-64
  • Difficulty: 1.0/5.0
  • Quality: 2.8/5.0
  • Upload Date: August 16, 2024
  • Source: crackmes.one page

Prerequisites

Before we begin, ensure you have the following tools installed:

Step 1: Initial Analysis

First, let’s examine the file to confirm it’s a .NET assembly:

1
2

$ file "dotqw's first crackme.exe"
dotqw's first crackme.exe: PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows, 3 sections

When we run the application, we see a simple GUI window asking for a key.

Step 2: Decompiling with AvaloniaILSpy

Let’s use AvaloniaILSpy to decompile and analyze the code. We’ll start with the main entry point:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18

using System;
using System.Windows.Forms;

namespace dotqw_s_first_crackme
{
    // Token: 0x02000003 RID: 3
    internal static class Program
    {
        // Token: 0x06000006 RID: 6 RVA: 0x00002335 File Offset: 0x00000535
        [STAThread]
        private static void Main()
        {
            Application.EnableVisualStyles();
            Application.SetCompatibleTextRenderingDefault(false);
            Application.Run(new Form1());
        }
    }
}

The main function initializes the Windows Forms application and launches Form1.

Step 3: Analyzing the Form

The form initialization code sets up the UI components:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39

private void InitializeComponent()
{
    this.label1 = new Label();
    this.keyfield = new TextBox();
    this.checkbutton = new Button();
    base.SuspendLayout();
    this.label1.AutoSize = true;
    this.label1.Font = new Font("Microsoft Sans Serif", 14.25f, FontStyle.Regular, GraphicsUnit.Point, 204);
    this.label1.Location = new Point(12, 0);
    this.label1.Name = "label1";
    this.label1.Size = new Size(267, 24);
    this.label1.TabIndex = 0;
    this.label1.Text = "type your key in the field below";
    this.keyfield.Location = new Point(16, 27);
    this.keyfield.Name = "keyfield";
    this.keyfield.Size = new Size(262, 20);
    this.keyfield.TabIndex = 1;
    this.checkbutton.Location = new Point(16, 51);
    this.checkbutton.Name = "checkbutton";
    this.checkbutton.Size = new Size(262, 23);
    this.checkbutton.TabIndex = 2;
    this.checkbutton.Text = "check";
    this.checkbutton.UseVisualStyleBackColor = true;
    this.checkbutton.Click += this.button1_Click;
    base.AutoScaleDimensions = new SizeF(6f, 13f);
    base.AutoScaleMode = AutoScaleMode.Font;
    base.ClientSize = new Size(290, 86);
    base.Controls.Add(this.checkbutton);
    base.Controls.Add(this.keyfield);
    base.Controls.Add(this.label1);
    base.FormBorderStyle = FormBorderStyle.FixedDialog;
    base.Name = "Form1";
    base.ShowIcon = false;
    base.StartPosition = FormStartPosition.CenterScreen;
    this.Text = "dotqw's first crackme ";
    base.Load += this.Form1_Load;
    base.ResumeLayout(false);
    base.PerformLayout();
}

Step 4: Finding the Key Check Logic

The key verification happens in the button click handler:

1
2
3
4
5
6
7
8
9
10
11
12
13
14

private void button1_Click(object sender, EventArgs e)
{
    string text = this.keyfield.Text;
    bool flag = text == "XOQIBwcLudyp6NG";
    if (flag)
    {
        MessageBox.Show("nice, you did it");
        Application.Exit();
    }
    else
    {
        MessageBox.Show("nope, thats not it");
    }
}

Step 5: Solution

The key is stored in plain text in the application: XOQIBwcLudyp6NG

When we enter this key, we get the success message “nice, you did it”.

Conclusion

This crackme demonstrates basic .NET reverse engineering concepts:

  1. Using AvaloniaILSpy for decompilation
  2. Analyzing Windows Forms applications
  3. Finding hardcoded strings
  4. Understanding basic program flow

While this crackme was intentionally made easy, it serves as a good introduction to .NET reverse engineering. In real-world applications, keys and sensitive data should never be stored in plain text.

Disclaimer

This tutorial is for educational purposes only. Always ensure you have permission to reverse engineer any software.

Reverse Engineering, .NET
reverse-engineering dotnet crackme tutorial avaloniailspy
This post is licensed under CC BY 4.0 by the author.