So, after starting Flare-On X, I quickly found out that I was in for a lot of pain if I was to try to take it on with my current skill-set, so I’m starting fresh from the first edition of the project:

Print screen of the application, which consists of an introductory quote and a bob ross picture

This challenge is pretty trivial, looking through the code we can find a function that seems to do some encoding operations to a hardcoded secret.

    private void btnDecode_Click(object sender, EventArgs e)
    {
        this.pbRoge.Image = Resources.bob_roge;
        byte[] dat_secret = Resources.dat_secret;
        string text = "";
        foreach (byte b in dat_secret)
        {
            text += (char)((b >> 4 | ((int)b << 4 & 240)) ^ 41);
        }
        text += "\0";
        string text2 = "";
        for (int j = 0; j < text.Length; j += 2)
        {
            text2 += text[j + 1];
            text2 += text[j];
        }
        string text3 = "";
        for (int k = 0; k < text2.Length; k++)
        {
            char c = text2[k];
            text3 += (char)((byte)text2[k] ^ 102);
        }
        this.lbl_title.Text = text3;
    }

Looking at this, we can just add some breakpoints and find the flag between these operations… Or, we can just create a quick script and output the flag ourselves, by just copying the Resources.dat_secret value, and then implementing the first for loop.

data = [0xA1, 0xB5, 0x44, 0x84, 0x14, 0xE4, 0xA1, 0xB5, 0xD4, 0x70, 0xB4, 0x91, 0xB4, 0x70, 0xD4, 0x91, 0xE4, 0xC4, 0x96, 0xF4, 0x54, 0x84, 0xB5, 0xC4, 0x40, 0x64, 0x74, 0x70, 0xA4, 0x64, 0x44]
decoded_text = ""
for c in data:
    decoded_text += chr((c >> 4 | c << 4 & 240) ^ 41)
print(decoded_text)

Running this, it should spit out 3rmahg3rd.b0b.d0ge@flare-on.com, which would be the address you’d contact back in 2014 to get the second challenge :)