July 4, 2026
Finding a Hardcoded Password in a .NET CrackMe Using dnSpy โ
๐ Opening the Challenge

By Abhishek Solanki
1 min read
๐ Opening the Challenge
For this challenge, I analyzed FindThePasswordEZByTOMUT. Since it was a .NET application, I opened it directly in dnSpy.
Unlike native executables that require tools like Ghidra, dnSpy decompiles .NET assemblies into readable C# code, making it much easier to understand the program's logic.
๐ Finding the Entry Point
Inside the Assembly Explorer, I expanded the Program class and opened the Main() method.
For beginner .NET CrackMe challenges, the Main() function is usually the best place to start because it often contains the application's primary logic.
๐ Analyzing the Code
Reading through the Main() method, I noticed that the application compared the user's input with a hardcoded password.
There was no encryption, hashing, or complicated validation process. The password was stored directly in the source code.
password = "TihiyOmut_Secret_2026";password = "TihiyOmut_Secret_2026";Once I found this value, the challenge was essentially solved.
โ Recovering the Password
The recovered password was:
TihiyOmut_Secret_2026TihiyOmut_Secret_2026Entering this value into the application successfully passed the password verification.
๐ What I Learned
- Choose the correct tool before starting your analysis.
- dnSpy makes analyzing .NET applications much easier by showing readable C# code.