Search code examples
reverse-engineeringchecksumcrccrc16

Find used CRC-16 algorithm


I'm struggling to reverse engineer a section of data associated with a CRC-16 checksum. I know the polynom used to calculate the original checksums is 0x8408 but nothing else, I don't know initial value (if any), final XOR value (if any), if the input or the result is reflected...

It seems like there is a known CRC-16 generator using thing polynom, CRC-16-CCITT but despite everything I've tried I just can't understand how the original checksum is being calculated.

Here is the data I've got with their respective checksums. I also included a byte that is between the data and the checksum, it's incremental and I'm not whether it's calculated or not. (see the last two lines, data is almost the same, increment is not the same and yet the checksum are identical)

|                           DATA                           |Inc|CRC|
|----------------------------------------------------------|---|---|
00 00 00 00 00 00 01 ef f7 fe ef ff fd ef fb fa fd a2 aa 21 01 f4 e0
00 00 00 00 00 00 01 ef f7 fd ef ff fd fe fb fa fd a2 aa 21 02 f4 d1
00 00 00 00 00 00 01 f7 fe fd fd ff fd df ff fb fd a2 aa 21 03 f4 cd
00 00 00 00 00 00 01 f7 fe fe fd ff f7 ef ff fa fd a2 aa 21 04 f4 c2
00 00 00 00 00 00 01 ef f7 fe ef ff fe ef fb fa fd a2 aa 21 05 f4 db
00 00 00 00 00 00 01 ef f7 fe ef ff fd ef fb fa fd a2 aa 21 06 f4 db

Solution

  • The last byte of each line appears to be 0xF3 + the negative sum of all but the last byte (including the 0xF4). This code works for the 5 examples:

    typedef unsigned char uint8_t;
    
    static uint8_t data0[] = 
       {0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xef,0xf7,0xfe,0xef,
        0xff,0xfd,0xef,0xfb,0xfa,0xfd,0xa2,0xaa,0x21,0x01,0xf4,0xe0};
    static uint8_t data1[] = 
       {0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xef,0xf7,0xfd,0xef,
        0xff,0xfd,0xfe,0xfb,0xfa,0xfd,0xa2,0xaa,0x21,0x02,0xf4,0xd1};
    static uint8_t data2[] = 
       {0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xf7,0xfe,0xfd,0xfd,
        0xff,0xfd,0xdf,0xff,0xfb,0xfd,0xa2,0xaa,0x21,0x03,0xf4,0xcd};
    static uint8_t data3[] = 
       {0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xf7,0xfe,0xfe,0xfd,
        0xff,0xf7,0xef,0xff,0xfa,0xfd,0xa2,0xaa,0x21,0x04,0xf4,0xc2};
    static uint8_t data4[] = 
       {0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xef,0xf7,0xfe,0xef,0xff,
        0xfe,0xef,0xfb,0xfa,0xfd,0xa2,0xaa,0x21,0x05,0xf4,0xdb};
    static uint8_t data5[] = 
       {0x00,0x00,0x00,0x00,0x00,0x00,0x01,0xef,0xf7,0xfe,0xef,0xff,
        0xfd,0xef,0xfb,0xfa,0xfd,0xa2,0xaa,0x21,0x06,0xf4,0xdb};
    
    int main()
    {
    size_t i;
    uint8_t c = 0xf3;
    uint8_t s;
        s = c;
        for(i = 0; i < sizeof(data0)-1; i++)
            s -= data0[i];
        if (data0[i] != s)
            printf("mismatch\n");
        s = c;
        for (i = 0; i < sizeof(data1) - 1; i++)
            s -= data1[i];
        if (data1[i] != s)
            printf("mismatch\n");
        s = c;
        for (i = 0; i < sizeof(data2) - 1; i++)
            s -= data2[i];
        if (data2[i] != s)
            printf("mismatch\n");
        s = c;
        for (i = 0; i < sizeof(data3) - 1; i++)
            s -= data3[i];
        if (data3[i] != s)
            printf("mismatch\n");
        s = c;
        for (i = 0; i < sizeof(data2) - 1; i++)
            s -= data4[i];
        if (data4[i] != s)
            printf("mismatch\n");
        return 0;
    }