Prev: Call for papers: SETP-10, USA, July 2010
Next: [ANNC] pynguin-0.2 (python turtle graphics application)
From: Dave Angel on 8 Mar 2010 08:07
Gregory Ewing wrote:
> Steven D'Aprano wrote:
>
>> Can you just ask the application developer what CRC is being used? Or
>> look at the source code? Disassemble the binary?
>
> There's no source, and the binary is enormous. I could ask,
> but I wouldn't hold out much hope of them being willing to
> tell me.
>
>>> it appears that the crc size may be at least
>>> 24 bits, so just trying all possible polynomials probably isn't doable.
>>
>> "At least"? Can't you tell by looking at them?
>
> It's not entirely clear exactly which bytes are part of the
> CRC. There are 3 adjacent bytes in the header of the file
> that change when I modify the contents, which led me to
> think it was a 24-bit CRC. But I now believe that one of
> them is not part of the CRC, and it's actually 16 bits.
>
> Using pycrc, I've now tried all possible 16-bit polynomials,
> with various combinations of bit and byte reversal, but I
> haven't found one that works consistently, so I'm wondering
> whether it's using some non-standard algorithm.
>
Or even some other standard algorithm. If you know so little about the
value, how do you even know it's a CRC ? Could it be a ones-complement
sum, such as used in Ethernet?

Is the problem really worth it? The possibilities are practically
unbounded. And if the developer is really determined to make it
difficult, they could be doing multiple passes over the data, in which
case probably disassembly (or subtle debug tracing) may be your best bet.

DaveA

Dave

From: Gregory Ewing on 8 Mar 2010 17:16
Dave Angel wrote:
> If you know so little about the
> value, how do you even know it's a CRC ? Could it be a ones-complement
> sum, such as used in Ethernet?

I'm going by the fact that the application reports a
"CRC mismatch" when it's wrong. I can't be sure that what
it calls a "CRC" is really a true CRC, but it's more than
a simple sum, because changing one bit in the file results
in a completely different value.

> Is the problem really worth it?

Probably not -- it looks like fixing the problem I'm trying
to fix by hand will be faster in the long run. I just thought
it might turn out to be a solved problem and someone could
point me to an algorithm for it, but it seems not.

--
Greg
From: Dave Angel on 8 Mar 2010 18:24
Gregory Ewing wrote:
> <div class="moz-text-flowed" style="font-family: -moz-fixed">Dave
> Angel wrote:
>> If you know so little about the value, how do you even know it's a
>> CRC ? Could it be a ones-complement sum, such as used in Ethernet?
>
> I'm going by the fact that the application reports a
> "CRC mismatch" when it's wrong. I can't be sure that what
> it calls a "CRC" is really a true CRC, but it's more than
> a simple sum, because changing one bit in the file results
> in a completely different value.
>
>> Is the problem really worth it?
>
> Probably not -- it looks like fixing the problem I'm trying
> to fix by hand will be faster in the long run. I just thought
> it might turn out to be a solved problem and someone could
> point me to an algorithm for it, but it seems not.
>
If you assume it's done in a single pass, and you know which byte is the
end of the buffer, I'd think you could learn a lot by just tweaking that
last byte. But I still think you'd want to automate your testing,
presumably by some keystroke-stuffer.

DaveA

From: Gregory Ewing on 9 Mar 2010 19:17
Dave Angel wrote:

> If you assume it's done in a single pass, and you know which byte is the
> end of the buffer, I'd think you could learn a lot by just tweaking that
> last byte.

I'm sure I would, but unfortunately I can't control the
last byte. The bytes that I can influence are some distance
back from the end of the data.

--
Greg
From: Steve Howell on 10 Mar 2010 00:23
On Mar 7, 7:09 pm, Gregory Ewing <greg.ew...(a)canterbury.ac.nz> wrote:
> Given some known data/crc pairs, how feasible is it to
> figure out the polynomial being used to generate the crc?
>
> In the case I'm looking at, it appears that the crc
> size may be at least 24 bits, so just trying all possible
> polynomials probably isn't doable.
>
> An article I found hints at the possibility of using
> GCDs to make the search more efficient, but doesn't go
> into any details. Anyone know of any literature about
> this?
>
> If it helps, I have the ability to generate test cases
> with known message contents to some extent, although
> I don't have complete control over the contents. Also
> it's a manual process, so generating large numbers of
> them automatically isn't an option.
>


Hi Greg. I would at least flip one bit at a time on the first byte of
your data to see if the transformation is bitwise.
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: Call for papers: SETP-10, USA, July 2010
Next: [ANNC] pynguin-0.2 (python turtle graphics application)