> For the complete documentation index, see [llms.txt](https://sarpers-organization.gitbook.io/ctftricks/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://sarpers-organization.gitbook.io/ctftricks/_chapter-intro-16/.net/code-analysis/trick-0434.md).

# Analyze .NET Executable for Secrets

***

Load the .NET executable file into a decompiler/debugger like [dnSpy](https://github.com/dnSpy/dnSpy) or ILSpy. Visual Studio also includes built-in decompilation capabilities. Once the assembly is loaded, you can navigate through its structure (namespaces, classes, methods, etc.) using the Assembly Explorer pane, typically located on the left. The decompiled code will be displayed in the Code Viewer pane.

Navigate through the decompiled source code (namespaces, classes, methods) to examine variables, functions, and look for hardcoded data such as encryption keys, passwords, or critical logic parameters. During reverse engineering, identifying hardcoded values like API keys, passwords, or configuration strings is a common task. These values are often visible directly in the decompiled code. For example, you might encounter something like:

```csharp
string password = "HardcodedPassword123";
```

To assist in finding specific data or code, dnSpy provides a powerful search functionality (often accessible via Ctrl+Shift+F). You can search for strings, types, methods, and more. This is particularly useful for finding specific pieces of code or data, such as hardcoded passwords or API keys.

Since .NET bytecode (IL) retains significant structure, it can be decompiled back into highly readable C# or VB.NET code, making analysis straightforward. .NET code is compiled to Common Intermediate Language (CIL) which is a high-level bytecode that retains much of the original source code's structure and semantics. This makes it relatively easy for decompilers to reconstruct readable source code (like C# or VB.NET) from the CIL.
