bkth/Insomnihack pwn arena

## Insomnihack pwn arena
As was the case last year, this year's Insomni'hack featured a multi-player game and 3 challenges requiring us to
hack the game in order to get the flags

It was a Unity based game and was written in C#, the core of the game logic was in the Assembly-CSharp.dll and I used dnSpy
(https://github.com/0xd4d/dnSpy) to decompile the DLL and understand the logic and modify the game.

Nightcrawler:

This challenge required us to activate 4 buttons within a 6 second window, the game used a master client architecture
where activating a button would trigger an RPC call to the master client which would keep track of the challenges based
on player ids. Therefore it was not possible to increase the timer or else. I think the intended solution was to use a TP hack
to teleport to the 4 buttons and activate them manually but I went with another method.

The class representing these buttons had a method which was called when we interacted with them, this would trigger an RPC Call
to the master client telling it that we activated that button and passing it a button ID. I simply modify this method to send
an RPC call for each button ID which meant that I only had to activate one button to validate all the other ones and got the flag

Xray visions:

We were supposed to read a flag which was part of the environment and which was under a roof of a building we could not
normally access. I am pretty sure I solved this one unintentionally based on the name of the challenge.

What I did is modify the `OnGUI` method of the SimpleCrosshair class which would display the HUD to always set my player's
position to arbitrary coordinates by setting the `transform` property,
I then bruteforced the positions across reboot until I was a bit under the roof
and could see red polygons (those were the flag leters) but I was looking at them from the side (they were facing upwards).
What I ended doing is write a simple loop in the OnGUI method that would start on the left of the flag and increase my position on the Z axis by 1
every 1000 iteration (2-3s) and by crouching I was able to read the flag letters from below.

Aimbox:

I tried for 15 mn to do this one without too much hacking (just adding a tp hack to the interact button to instantly tp to the egg)
but apparently I have not played enough cs recently and could not kill the crates. I ended up modifying my tp hack to land
on top of the egg which meant I only had to aim upwards and shoot mindlessly and I would hit every crate
	As was the case last year, this year's Insomni'hack featured a multi-player game and 3 challenges requiring us to
	hack the game in order to get the flags

	It was a Unity based game and was written in C#, the core of the game logic was in the Assembly-CSharp.dll and I used dnSpy
	(https://github.com/0xd4d/dnSpy) to decompile the DLL and understand the logic and modify the game.

	Nightcrawler:

	This challenge required us to activate 4 buttons within a 6 second window, the game used a master client architecture
	where activating a button would trigger an RPC call to the master client which would keep track of the challenges based
	on player ids. Therefore it was not possible to increase the timer or else. I think the intended solution was to use a TP hack
	to teleport to the 4 buttons and activate them manually but I went with another method.

	The class representing these buttons had a method which was called when we interacted with them, this would trigger an RPC Call
	to the master client telling it that we activated that button and passing it a button ID. I simply modify this method to send
	an RPC call for each button ID which meant that I only had to activate one button to validate all the other ones and got the flag

	Xray visions:

	We were supposed to read a flag which was part of the environment and which was under a roof of a building we could not
	normally access. I am pretty sure I solved this one unintentionally based on the name of the challenge.

	What I did is modify the `OnGUI` method of the SimpleCrosshair class which would display the HUD to always set my player's
	position to arbitrary coordinates by setting the `transform` property,
	I then bruteforced the positions across reboot until I was a bit under the roof
	and could see red polygons (those were the flag leters) but I was looking at them from the side (they were facing upwards).
	What I ended doing is write a simple loop in the OnGUI method that would start on the left of the flag and increase my position on the Z axis by 1
	every 1000 iteration (2-3s) and by crouching I was able to read the flag letters from below.

	Aimbox:

	I tried for 15 mn to do this one without too much hacking (just adding a tp hack to the interact button to instantly tp to the egg)
	but apparently I have not played enough cs recently and could not kill the crates. I ended up modifying my tp hack to land
	on top of the egg which meant I only had to aim upwards and shoot mindlessly and I would hit every crate