Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-12-2020, 17:21
debugasm debugasm is offline
Friend
 
Join Date: Oct 2017
Posts: 14
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 11
Thanks Rcvd at 35 Times in 8 Posts
debugasm Reputation: 1
Exclamation Reverse CRC ...

Hi,

I need help to reverse calc of CRC. This is a few sequence :

Code:
01 00 00 46 71 - CRC E5 9F 

00 00 02 00 00 02 00 00 13 24 00 00 46 71 - CRC 0B AF 

00 00 01 00 00 01 00 00 15 7C 00 00 46 71 - CRC B9 8A 

00 00 02 00 00 02 00 00 19 64 00 00 46 71 - CRC 9C C5
I have tried several well-known CRCs without success.

Does anyone at a glance understand which CRC is used ?

debugasm
Reply With Quote
  #2  
Old 01-13-2020, 03:01
Abaddon Abaddon is offline
Friend
 
Join Date: May 2016
Posts: 43
Rept. Given: 0
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 185
Thanks Rcvd at 45 Times in 25 Posts
Abaddon Reputation: 3
Some context would help. Is there a reason to treat the algorithm as a blackbox?
Reply With Quote
  #3  
Old 01-14-2020, 03:11
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 802
Rept. Given: 42
Rept. Rcvd 50 Times in 31 Posts
Thanks Given: 711
Thanks Rcvd at 1,113 Times in 514 Posts
chants Reputation: 51
I think identification of CRC algorithm is a better description. Reversing a compression function in the mathematical sense is simply not possible unless there are trapdoors or biases and the like. But in the reverse engineering context I think we can imply as such.

Have you tried all CRC16 possibilities on this page in Javascript?

http://www.sunshine2k.de/coding/javascript/crc/crc_js.html

Considering it could be a truncated CRC32 or CRC64 or concatenated CRC8 of subpieces or a custom CRC, it is somewhat hard to say. If its based off a polynomial may e there is a way to find it but I've not seen a technique for this but it sounds promising. Otherwise you may need to see if you can white box reverse this.

I doubt glancing at what seem to be CRC16 type values will be trivially obvious to anyone though
Reply With Quote
  #4  
Old 01-17-2020, 20:11
Git's Avatar
Git Git is offline
Old Git
 
Join Date: Mar 2002
Location: Torino
Posts: 1,116
Rept. Given: 220
Rept. Rcvd 265 Times in 157 Posts
Thanks Given: 109
Thanks Rcvd at 216 Times in 124 Posts
Git Reputation: 200-299 Git Reputation: 200-299 Git Reputation: 200-299
Didn't we have a thread about this subject last year?. Have you searched here for the problem Debugasm?

Git
Reply With Quote
  #5  
Old 01-22-2020, 09:02
CZC CZC is offline
Friend
 
Join Date: Jul 2018
Posts: 33
Rept. Given: 0
Rept. Rcvd 30 Times in 4 Posts
Thanks Given: 5
Thanks Rcvd at 142 Times in 20 Posts
CZC Reputation: 30
Quote:
Originally Posted by debugasm View Post
Hi,

I need help to reverse calc of CRC. This is a few sequence :

I have tried several well-known CRCs without success.

Does anyone at a glance understand which CRC is used ?

debugasm
What I can tell you is that those are not CRC codes.
I have a program which computes all the known CRC codes but it
can also bruteforce the polynomial if you provide the CRC.
I've tried with reflected data, non-direct init value, reversed CRC,
swapped CRC and none matches a 16bit CRC.

Those values are computed in a different way.
Reply With Quote
The Following 2 Users Say Thank You to CZC For This Useful Post:
chants (01-22-2020), Zipdecode (01-25-2020)
  #6  
Old 01-24-2020, 11:39
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 802
Rept. Given: 42
Rept. Rcvd 50 Times in 31 Posts
Thanks Given: 711
Thanks Rcvd at 1,113 Times in 514 Posts
chants Reputation: 51
Hi CZC, is there a name for the polynomial finding tool? Also can you tell us for CRC-N bits how many CRC of N bits are needed to recover the polynomial and what if there are more or less bits input into CRC function does it change this requirement? For N to N bit mapping I suppose only 1 CRC value determines it, or less than N bits due to 1 to 1 mapping. But if CRC of large data, due to collisions or seems each extra bit adds a power of 2 more values needed to determine it. Anyway, this is interesting enough that it sounds you have a tool to make it easily done.

Also for questioners asking for mapping functions, remember to provide huge amounts of values or white box info if not absolutely sure. Because even CRC with an XOR which flips some bits of the result would likely throw off any ordinary detection. E.g. CRC16 ^ 0x1f1f. But as part of protocol reversing it would be nice to have powerful numeric identification tools where computation is all done server side. Of course no guarantee server is not using random numbers and tracking them with a database but it's more expensive to do such overkill solutions.

Last edited by chants; 01-24-2020 at 11:45.
Reply With Quote
  #7  
Old 01-25-2020, 13:06
CZC CZC is offline
Friend
 
Join Date: Jul 2018
Posts: 33
Rept. Given: 0
Rept. Rcvd 30 Times in 4 Posts
Thanks Given: 5
Thanks Rcvd at 142 Times in 20 Posts
CZC Reputation: 30
Quote:
Originally Posted by chants View Post
Hi CZC, is there a name for the polynomial finding tool? Also can you tell us for CRC-N bits how many CRC of N bits are needed to recover the polynomial and what if there are more or less bits input into CRC function does it change this requirement?
When bruteforcing, the program finds all possible polynomials. You then narrow them down if you have several examples.

At some point in the past I was using CRCs a lot in microcontrollers and I decided to write my own tool for that.

The source code is attached, it compiles in linux and windows as a command line program.

You can use shortcuts like using hex or strings directly on the command line.
Code:
CRC generator V1.4 $

./getcrc [options] file(s)
        -z #    polynom size
        -p #    CRC polynom
        -r      reverse polynom
        -m      mirror (reflect) data
        -n      non-direct init value
        -i #    initial value
        -e #    exit value
        -c      reverse CRC
        -a      all known CRCs
        -b #    bruteforce to target CRC
        -v      verbose bruteforce
        -s      interpret filename as a string
        -f      interpret filename as a hex string
        -C      check CRC values for the "123456789" input
        -t      trace CRC generation
        -T      dump CRC table and exit
Attached Files
File Type: zip getcrc.zip (22.1 KB, 10 views)
Reply With Quote
The Following 3 Users Say Thank You to CZC For This Useful Post:
Abaddon (01-25-2020), besoeso (01-28-2020), chants (01-26-2020)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to reverse set top box of TV suddenLy General Discussion 4 12-11-2014 22:37
Audio API Reverse obfuscator General Discussion 3 11-26-2014 18:53


All times are GMT +8. The time now is 16:09.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )