This challenge comes in the form of Microsoft Intermediate Language which is extremely readable compared to previous assembly code used in these challenges. If you are interested in more about the specifics of reversing .NET read Chapter 12, of Reversing. Secrets of Reverse Engineering there’s a quite detailed explanation there. Also for a quick search of the available opcodes for each instruction recommend you to use Official doc. This challenge will be quite short, I included comments on each line of the code, so the analysis won’t be a big deal.
Analysis
Here is the code to understand
.method public hidebysig static uint8 f(uint8 a) cil managed
{
// Code size 36 (0x24)
.maxstack 2
.locals init (uint8 V_0)
IL_0000: nop
IL_0001: ldarg.0 ;; first argument
IL_0002: conv.u8 ;; converts value on top of stack and extends it to int64
IL_0003: ldc.i8 0x202020202 ;; push this value on the stack as an int64
;; multiply two first values on stack, and push result on the stack. In this case
;; this is int64(arg_0) * int64(0x202020202)
IL_000c: mul
IL_000d: ldc.i8 0x10884422010 ;; again push this value into the stack
IL_0016: and ;; perform AND between the result of multiplication and this recent value pushed on the stack
IL_0017: ldc.i4 0x3ff ;; push value into stack
IL_001c: conv.i8 ;; convert it to int64
IL_001d: rem ;; push into the stack val1 % 0x3ff, where val1 is the result of our previous operation
IL_001e: conv.u1 ;; convert value to int8 but push int32, so it extends the converted value
IL_001f: stloc.0 ;; pop value on top of stack and store it in local variable 0
IL_0020: br.s IL_0022 ;; this jumps to IL_0022
IL_0022: ldloc.0 ;; loads variable on top of stack
IL_0023: ret ;; return
} // end of method e25::f
There’s not too much to add here, take a look that even the signature it’s given. Following these comments the equivalent code in C, I don’t know C# guys, would be like this
uint8_t f(uint8_t a)
{
return uint8_t(((int64_t(a) * 0x202020202) & 0x10884422010) % 0x3ff);
}
This would be the code, now what this does? Well for that task I have Google. Making a search for this constant I found a book called Hacker’s Delight which has this exact formula. You can find it in Chapter 7, about Rearranging bits and bytes.
According to the description given in the book this
Reverse an 8-bit integer
I don’t find too much utility for this kind of hacks, are obscure as fuck. At least you are writing malware, that for some reason needs to perform this operation, and you want to write obscure code, yes is useful otherwise…not so much.
Conclusion
Google is your friend, use it!