Reverse engineering CRC?
Dave Angel
davea at ieee.org
Mon Mar 8 08:07:27 EST 2010
Gregory Ewing wrote:
> Steven D'Aprano wrote:
>
>> Can you just ask the application developer what CRC is being used? Or
>> look at the source code? Disassemble the binary?
>
> There's no source, and the binary is enormous. I could ask,
> but I wouldn't hold out much hope of them being willing to
> tell me.
>
>>> it appears that the crc size may be at least
>>> 24 bits, so just trying all possible polynomials probably isn't doable.
>>
>> "At least"? Can't you tell by looking at them?
>
> It's not entirely clear exactly which bytes are part of the
> CRC. There are 3 adjacent bytes in the header of the file
> that change when I modify the contents, which led me to
> think it was a 24-bit CRC. But I now believe that one of
> them is not part of the CRC, and it's actually 16 bits.
>
> Using pycrc, I've now tried all possible 16-bit polynomials,
> with various combinations of bit and byte reversal, but I
> haven't found one that works consistently, so I'm wondering
> whether it's using some non-standard algorithm.
>
Or even some other standard algorithm. If you know so little about the
value, how do you even know it's a CRC ? Could it be a ones-complement
sum, such as used in Ethernet?
Is the problem really worth it? The possibilities are practically
unbounded. And if the developer is really determined to make it
difficult, they could be doing multiple passes over the data, in which
case probably disassembly (or subtle debug tracing) may be your best bet.
DaveA
Dave
More information about the Python-list
mailing list