Reverse engineering unity game
writeup xmas-ctf 2019 lapland mission
in this challenge we are given an archive that contains a game , the game it self looks like an fps game , it’s using unity (looks like) , to solve this challenge i use dnspy to patch some code. , let’s play the game first
the bot is very fast , and there’s alot of bot outside , our mission is to kill all the bot , to kill the bot we have to shot on the head , hmm it’s sounds impossible right ? since they will kill us when we go outside.
let’s open Assembly-CSharp.dll file inside ‘X-MAS_Data/managed/’ and take a look at shoot() from bot class
this is looks like , if the bot see us , we will die. so we can change
this.weapon.Shoot()
to this
so the bot will never see us , at least we are not dead lol. this changes will affect like this
we are immortal now lol. so now we have to kill them , but i was lazy to do that. so i try to find another way to get the flag without kill all the bot , and i found checkbots function
well , it’s looks like this function can help us to get our flag. actually this function will check all the bot and if there is no bot the flag will not set to false and the flag will appear. so i change the code
if we can trigger this function , the flag will appear, in order to do that we have to kill 1 bot so this function will trigger and give us our shinny Flag