]> git.zerfleddert.de Git - rsbs2/blob - rsb-crc.c
00b341f85c48de4add23b2c3b7b7ef0348d9cd88
[rsbs2] / rsb-crc.c
1 #include <stdio.h>
2
3 #define POLY 0x04c11db7
4
5 /* Theory of operation:
6 * (arm-elf-objdump -b binary -m arm -M reg-names-raw -D RSB_S2_SINGLE.bin)
7 * Addresses: 0x4c4, 0x55ae0, 0x59734
8 *
9 * 440: push {r4, r5, r6, r7, r8, r9, r10, r11, r14}
10 * 444: mov r11, r0
11 * 448: mov r10, r1
12 * 44c: mov r14, r2
13 * 450: mov r6, #0 ; 0x0
14 * 454: b 0x4a0
15 * 458: add r3, r6, r10
16 * 45c: ldrb r3, [r3]
17 * 460: lsl r3, r3, #24
18 * 464: eor r11, r11, r3
19 * 468: mov r5, #8 ; 0x8
20 * 46c: and r3, r11, #-2147483648 ; 0x80000000
21 * 470: cmp r3, #0 ; 0x0
22 * 474: beq 0x48c
23 * 478: lsl r3, r11, #1
24 * 47c: ldr r12, [pc, #64] ; 0x4c4
25 * 480: eor r0, r3, r12
26 * 484: mov r11, r0
27 * 488: b 0x490
28 * 48c: lsl r11, r11, #1
29 * 490: sub r5, r5, #1 ; 0x1
30 * 494: cmp r5, #0 ; 0x0
31 * 498: bne 0x46c
32 * 49c: add r6, r6, #1 ; 0x1
33 * 4a0: cmp r6, r14
34 * 4a4: blt 0x458
35 * 4a8: mov r0, r11
36 * 4ac: pop {r4, r5, r6, r7, r8, r9, r10, r11, r15}
37 * 4c4: DATA: 0x04c11db7
38 */
39
40 unsigned int rsb_crc(unsigned int r11_crc, unsigned char *r10_buf, unsigned int r14_len) {
41 unsigned int r6_pos = 0;
42 unsigned int r3_data;
43 int r5_bit;
44
45 while (r6_pos < r14_len) {
46 r3_data = (*(r6_pos+r10_buf)) << 24;
47 r11_crc = r11_crc ^ r3_data;
48
49 r5_bit = 8;
50
51 do {
52 r3_data = r11_crc & 0x80000000;
53
54 if (r3_data != 0) {
55 r3_data = r11_crc << 1;
56 r11_crc = r3_data ^ POLY;
57 } else {
58 r11_crc = r11_crc << 1;
59 }
60 r5_bit--;
61 } while (r5_bit);
62
63 r6_pos++;
64 }
65
66 return r11_crc;
67 }
68
69 /* Second broken algorithm:
70 *
71 * 55a30: push {r3, r4, r5, r6, r7, r8, r9, r14}
72 * 55a34: bl 0x55a3c
73 * 55a38: pop {r3, r4, r5, r6, r7, r8, r9, r15}
74 * 55a3c: mov r8, #1 ; 0x1
75 * 55a40: mov r3, #-1073741824 ; 0xc0000000
76 * 55a44: cmp r0, r3
77 * 55a48: ble 0x55ad8
78 * 55a4c: mov r3, #32 ; 0x20
79 * 55a50: ldr r4, [r3, r0]!
80 * 55a54: mov r8, #2 ; 0x2
81 * 55a58: ldr r5, [r3, #4]
82 * 55a5c: cmp r5, r2
83 * 55a60: bne 0x55ad8
84 * 55a64: mov r8, #3 ; 0x3
85 * 55a68: cmp r1, r4
86 * 55a6c: movscs r5, #0 ; 0x0
87 * 55a70: movscc r5, #1 ; 0x1
88 * 55a74: bne 0x55ad8
89 * 55a78: mov r8, #4 ; 0x4
90 * 55a7c: mov r3, r0
91 * 55a80: add r4, r0, r4
92 * 55a84: mvn r5, #0 ; 0x0
93 * 55a88: ldr r7, [pc, #80] ; 0x55ae0
94 * 55a8c: cmp r3, r4
95 * 55a90: bcs 0x55ac8
96 * 55a94: bic r9, r3, #3 ; 0x3
97 * 55a98: ldr r6, [r9]
98 * 55a9c: and r9, r3, #3 ; 0x3
99 * 55aa0: lsl r9, r9, #3
100 * 55aa4: lsr r6, r6, r9
101 * 55aa8: eor r5, r5, r6, lsl #24
102 * 55aac: mov r6, #8 ; 0x8
103 * 55ab0: lsls r5, r5, #1
104 * 55ab4: eorcs r5, r5, r7
105 * 55ab8: subs r6, r6, #1 ; 0x1
106 * 55abc: bne 0x55ab0
107 * 55ac0: add r3, r3, #1 ; 0x1
108 * 55ac4: b 0x55a8c
109 * 55ac8: mvn r5, r5
110 * 55acc: ldr r3, [r4]
111 * 55ad0: subs r3, r3, r5
112 * 55ad4: moveq r8, #0 ; 0x0
113 * 55ad8: mov r0, r8
114 * 55adc: mov r15, r14
115 * 55ae0: DATA: 0x04c11db7
116 */
117
118 unsigned int rsb_crc2(unsigned char *r0_buf, unsigned int r1_buflen, unsigned int r2_magic, unsigned int *crc_out) {
119 int r8_ret = 1;
120 unsigned int r3_pos = 0xc0000000;
121 unsigned int r4_len;
122 unsigned int r5_crc;
123 unsigned int r6;
124 unsigned int r9;
125 unsigned int carry;
126
127 #if 0
128 if (r0_buf <= r3_pos)
129 return 1; /* Not in RAM */
130 #endif
131
132 r4_len = *(unsigned int*)(r0_buf + 0x20);
133
134 if (*((unsigned int*)(r0_buf + 0x24)) != r2_magic)
135 return 2; /* MAGIC does not match */
136
137 if (r1_buflen < r4_len)
138 return 3; /* image to small */
139
140 r8_ret = 4;
141
142 r3_pos = (unsigned int)r0_buf;
143 r4_len += r3_pos;
144
145 r5_crc = ~0x0;
146
147 while (r3_pos < r4_len) {
148 r9 = r3_pos & (~0x3);
149 r6 = *((unsigned int*)r9);
150 r9 = r3_pos & 0x3;
151 r9 = r9 << 0x3;
152 r6 = r6 >> r9;
153 r5_crc = r5_crc ^ (r6 << 24);
154 r6 = 0x8;
155
156 do {
157 carry = r5_crc & 0x80000000;
158 r5_crc = r5_crc << 1;
159 if (carry)
160 r5_crc = r5_crc ^ POLY;
161 r6--;
162 } while(r6);
163 r3_pos++;
164 }
165
166 r5_crc = ~r5_crc;
167 *crc_out = r5_crc;
168
169 r3_pos = *((unsigned int*)r4_len);
170
171 if (r3_pos == r5_crc)
172 r8_ret = 0;
173
174 return r8_ret;
175 }
Impressum, Datenschutz