If your smartphone gets connected to a VPN, you feel like you won a lucky draw.

Lucky_Drawer.exe

Let’s start with analyzing it with a PE analyzer like PEiD, RDG Packer Detector, etc.

It is a .NET executable. Thus, we can decompile it using our favourite .NET decompiler.

After decompiling it I found this function in Form1.

It xors the bytes of variable text with the parameter key which is an integer generated randomly every time you click on the Generate button. Then, it calls checkFlag with the generated key. After the xor operation, it creates md5 string of the result and compares it to text2 which is probably the flag’s md5 string.

Now, all we need to do is brute force the key. I created a python3 script this time since text is unicode.

Let’s execute the script.

Here is our flag xiomara{wow_great_you_did_it_:)}.