Analysis ClickMe .NET

2 minute read


This challenge is called ClickMe. it is written in .NET

How it works

  • First, if you run the exe file (ClickMe) there is a message box will appear as the following:
  • After clicking on “OK” there are three monsters you must beat them depending on their “hp” you must click “number of clicking” as the following:

  • But the third monster requires to click 100.000.000 times to beat him as the following:

    Detailed Analysis

  • So the first step is to know which language is that app is written to deal with so I used Detect it easy “DIE” to know as the following:
  • After knowing that we are gonna use “dnSpy” to analysis this .NET Code
  • After loading that app on dnSpy we are gonna go to the entry point so by clicking right-click on the app and go the entry point as the following:
  • It runs the form as the following:
  • We have three monsters and their names store in “monster_a[]”as the following:

Beating the First Monster

  • There is a variable called “cur_hp_num” it decreases by one each time you click on the “Hit” to beat him. I put a break point there to watch its value as the following
  • I added the variable on the watch section to watch its value
  • for beating him, I put the value for “cur_hp_num” by zero “0” and starting debugging as the following :
  • The final message is :

Beating the Second Monster

  • As I did in the first monster as I did in the second one as the following:-

Beating the Third Monster

  • I did as I did in the previous two monsters but it appears a message says “It’s not fair! Cheating is wrong”
  • I searched for this message and I found it inside a condition that checks another variable’s value that must not equal one “1”
  • Then I searched for that variable called “check_point”, and I found it increases by one inside a condition check “the monster must be the third one and the cur_hp_num must be 689”

  • So I change this variable “check_point” and make it “1” “true” to not enter in the condition of the message “It’s not fair! Cheating is wrong”
  • Then I changed the value for the cur_hp_num by zero “0”
  • As the following

Thansk ☻♥