X-Git-Url: http://git.zerfleddert.de/cgi-bin/gitweb.cgi/rsbs2/blobdiff_plain/972ac24b5466e95d78f4af724c2f4e197f340eb5..fc8a46ddca5ac9c42b5ef3dba801321efe15e18f:/rsb-crc.c diff --git a/rsb-crc.c b/rsb-crc.c index 84b7fa2..00b341f 100644 --- a/rsb-crc.c +++ b/rsb-crc.c @@ -1,7 +1,10 @@ +#include + #define POLY 0x04c11db7 /* Theory of operation: * (arm-elf-objdump -b binary -m arm -M reg-names-raw -D RSB_S2_SINGLE.bin) + * Addresses: 0x4c4, 0x55ae0, 0x59734 * * 440: push {r4, r5, r6, r7, r8, r9, r10, r11, r14} * 444: mov r11, r0 @@ -34,31 +37,139 @@ * 4c4: DATA: 0x04c11db7 */ -unsigned int rsb_crc(unsigned int r11, unsigned char *r10, unsigned int r14) { - unsigned int r6 = 0; - unsigned int r3; - int r5; +unsigned int rsb_crc(unsigned int r11_crc, unsigned char *r10_buf, unsigned int r14_len) { + unsigned int r6_pos = 0; + unsigned int r3_data; + int r5_bit; - while (r6 < r14) { - r3 = (*(r6+r10)) << 24; - r11 = r11 ^ r3; + while (r6_pos < r14_len) { + r3_data = (*(r6_pos+r10_buf)) << 24; + r11_crc = r11_crc ^ r3_data; - r5 = 8; + r5_bit = 8; do { - r3 = r11 & 0x80000000; + r3_data = r11_crc & 0x80000000; - if (r3 != 0) { - r3 = r11 << 1; - r11 = r3 ^ POLY; + if (r3_data != 0) { + r3_data = r11_crc << 1; + r11_crc = r3_data ^ POLY; } else { - r11 = r11 << 1; + r11_crc = r11_crc << 1; } - r5--; - } while (r5); + r5_bit--; + } while (r5_bit); + + r6_pos++; + } + + return r11_crc; +} + +/* Second broken algorithm: + * + * 55a30: push {r3, r4, r5, r6, r7, r8, r9, r14} + * 55a34: bl 0x55a3c + * 55a38: pop {r3, r4, r5, r6, r7, r8, r9, r15} + * 55a3c: mov r8, #1 ; 0x1 + * 55a40: mov r3, #-1073741824 ; 0xc0000000 + * 55a44: cmp r0, r3 + * 55a48: ble 0x55ad8 + * 55a4c: mov r3, #32 ; 0x20 + * 55a50: ldr r4, [r3, r0]! + * 55a54: mov r8, #2 ; 0x2 + * 55a58: ldr r5, [r3, #4] + * 55a5c: cmp r5, r2 + * 55a60: bne 0x55ad8 + * 55a64: mov r8, #3 ; 0x3 + * 55a68: cmp r1, r4 + * 55a6c: movscs r5, #0 ; 0x0 + * 55a70: movscc r5, #1 ; 0x1 + * 55a74: bne 0x55ad8 + * 55a78: mov r8, #4 ; 0x4 + * 55a7c: mov r3, r0 + * 55a80: add r4, r0, r4 + * 55a84: mvn r5, #0 ; 0x0 + * 55a88: ldr r7, [pc, #80] ; 0x55ae0 + * 55a8c: cmp r3, r4 + * 55a90: bcs 0x55ac8 + * 55a94: bic r9, r3, #3 ; 0x3 + * 55a98: ldr r6, [r9] + * 55a9c: and r9, r3, #3 ; 0x3 + * 55aa0: lsl r9, r9, #3 + * 55aa4: lsr r6, r6, r9 + * 55aa8: eor r5, r5, r6, lsl #24 + * 55aac: mov r6, #8 ; 0x8 + * 55ab0: lsls r5, r5, #1 + * 55ab4: eorcs r5, r5, r7 + * 55ab8: subs r6, r6, #1 ; 0x1 + * 55abc: bne 0x55ab0 + * 55ac0: add r3, r3, #1 ; 0x1 + * 55ac4: b 0x55a8c + * 55ac8: mvn r5, r5 + * 55acc: ldr r3, [r4] + * 55ad0: subs r3, r3, r5 + * 55ad4: moveq r8, #0 ; 0x0 + * 55ad8: mov r0, r8 + * 55adc: mov r15, r14 + * 55ae0: DATA: 0x04c11db7 + */ + +unsigned int rsb_crc2(unsigned char *r0_buf, unsigned int r1_buflen, unsigned int r2_magic, unsigned int *crc_out) { + int r8_ret = 1; + unsigned int r3_pos = 0xc0000000; + unsigned int r4_len; + unsigned int r5_crc; + unsigned int r6; + unsigned int r9; + unsigned int carry; - r6++; +#if 0 + if (r0_buf <= r3_pos) + return 1; /* Not in RAM */ +#endif + + r4_len = *(unsigned int*)(r0_buf + 0x20); + + if (*((unsigned int*)(r0_buf + 0x24)) != r2_magic) + return 2; /* MAGIC does not match */ + + if (r1_buflen < r4_len) + return 3; /* image to small */ + + r8_ret = 4; + + r3_pos = (unsigned int)r0_buf; + r4_len += r3_pos; + + r5_crc = ~0x0; + + while (r3_pos < r4_len) { + r9 = r3_pos & (~0x3); + r6 = *((unsigned int*)r9); + r9 = r3_pos & 0x3; + r9 = r9 << 0x3; + r6 = r6 >> r9; + r5_crc = r5_crc ^ (r6 << 24); + r6 = 0x8; + + do { + carry = r5_crc & 0x80000000; + r5_crc = r5_crc << 1; + if (carry) + r5_crc = r5_crc ^ POLY; + r6--; + } while(r6); + r3_pos++; } - return r11; + r5_crc = ~r5_crc; + *crc_out = r5_crc; + + r3_pos = *((unsigned int*)r4_len); + + if (r3_pos == r5_crc) + r8_ret = 0; + + return r8_ret; }