Rating:

In the config file `Panels.xml` is the field `ENGINEER_ENCPASS` (encrypted engineer password), so we probably want to decrypt this.

After installing the binary, you can find that it is written in .NET. After looking through the DLLs, you can find one called `SpcUtilsAndDefns.dll` that has an interesting function called `SpcUtils.DecryptString`. This function will decrypt the input in AES-CBC mode with the key at `SpcUtils.EncryptDataEncKeyBin` and the IV at `SpcUtils.EncryptDataEncIVBin`. After further analysis, it is called with the password loaded from the config as an argument so it is probably the correct decryption function.

After extracting this key and IV and converting to hex, you are left with:

- EncryptDataEncKeyBin: `cdde8338f9ce5657ecd94b931088c3ffa74aa7ae49be9d200da8276743517408`
- EncryptDataEncIVBin: `89a5825aef16f5e50e730e60210c378f`

You can now use these to decrypt the password:
```python
import base64
from Cryptodome.Cipher import AES

ENC_KEY = bytes.fromhex("cdde8338f9ce5657ecd94b931088c3ffa74aa7ae49be9d200da8276743517408")
ENC_IV = bytes.fromhex("89a5825aef16f5e50e730e60210c378f")

enc = base64.b64decode("a+otqmLSU92rzNnOXGwaCehJjoX8FIlazg+TCelmsEryWnRfLLyXEsqs9mu4dQqJ")
cipher = AES.new(ENC_KEY, AES.MODE_CBC, ENC_IV)
dec = cipher.decrypt(enc).rstrip(b"\x00").decode()

print("flag:", dec)
```