They will get a small unity game (simple clicker game) or C# executable compiled with IL2CPP. This will result in DNSPY showing them all function names, relative addresses etc, but not the actual code. There will be a function named HookMeForFlag or something similar which takes in a string as a parameter, that string is the flag.
Solution
They can either try to reverse the binary, which will be tough, or they can start by googling reversing unity games. If you google that you will have 10-15 results all of which explain the steps for how to use ill2cppdumper to use the metadata to extract a dll you can plug into dnspy to see all the function names and conventions and offsets. This can then be used to create a simply function hook for that function where you can then see the flag.
Alternatively this could be implemented on linux with a stupidly obfuscated setup for creating the flag and they can use ld-preload to perform the hook to get the flag or actually reverse the binary.
Story line
They will get a small unity game (simple clicker game) or C# executable compiled with IL2CPP. This will result in DNSPY showing them all function names, relative addresses etc, but not the actual code. There will be a function named HookMeForFlag or something similar which takes in a string as a parameter, that string is the flag.
Solution
They can either try to reverse the binary, which will be tough, or they can start by googling reversing unity games. If you google that you will have 10-15 results all of which explain the steps for how to use ill2cppdumper to use the metadata to extract a dll you can plug into dnspy to see all the function names and conventions and offsets. This can then be used to create a simply function hook for that function where you can then see the flag.
Alternatively this could be implemented on linux with a stupidly obfuscated setup for creating the flag and they can use ld-preload to perform the hook to get the flag or actually reverse the binary.