Reverse CRC ...
 

Hi,

I need help to reverse calc of CRC. This is a few sequence :

I have tried several well-known CRCs without success.

Does anyone at a glance understand which CRC is used ?

debugasm

Some context would help. Is there a reason to treat the algorithm as a blackbox?

I think identification of CRC algorithm is a better description. Reversing a compression function in the mathematical sense is simply not possible unless there are trapdoors or biases and the like. But in the reverse engineering context I think we can imply as such.

Have you tried all CRC16 possibilities on this page in Javascript?

http://www.sunshine2k.de/coding/javascript/crc/crc_js.html

Considering it could be a truncated CRC32 or CRC64 or concatenated CRC8 of subpieces or a custom CRC, it is somewhat hard to say. If its based off a polynomial may e there is a way to find it but I've not seen a technique for this but it sounds promising. Otherwise you may need to see if you can white box reverse this.

I doubt glancing at what seem to be CRC16 type values will be trivially obvious to anyone though :)

Didn't we have a thread about this subject last year?. Have you searched here for the problem Debugasm?

Git

What I can tell you is that those are not CRC codes.
I have a program which computes all the known CRC codes but it
can also bruteforce the polynomial if you provide the CRC.
I've tried with reflected data, non-direct init value, reversed CRC,
swapped CRC and none matches a 16bit CRC.

Those values are computed in a different way.

Hi CZC, is there a name for the polynomial finding tool? Also can you tell us for CRC-N bits how many CRC of N bits are needed to recover the polynomial and what if there are more or less bits input into CRC function does it change this requirement? For N to N bit mapping I suppose only 1 CRC value determines it, or less than N bits due to 1 to 1 mapping. But if CRC of large data, due to collisions or seems each extra bit adds a power of 2 more values needed to determine it. Anyway, this is interesting enough that it sounds you have a tool to make it easily done.

Also for questioners asking for mapping functions, remember to provide huge amounts of values or white box info if not absolutely sure. Because even CRC with an XOR which flips some bits of the result would likely throw off any ordinary detection. E.g. CRC16 ^ 0x1f1f. But as part of protocol reversing it would be nice to have powerful numeric identification tools where computation is all done server side. Of course no guarantee server is not using random numbers and tracking them with a database but it's more expensive to do such overkill solutions.

When bruteforcing, the program finds all possible polynomials. You then narrow them down if you have several examples.

At some point in the past I was using CRCs a lot in microcontrollers and I decided to write my own tool for that.

The source code is attached, it compiles in linux and windows as a command line program.

You can use shortcuts like using hex or strings directly on the command line.