]>
git.zerfleddert.de Git - rsbs2/blob - rsb-crc.c
d2949caee2305be6a26d91b4af06911fe48a9ec0
3 #define POLY 0x04c11db7
5 /* Theory of operation:
6 * (arm-elf-objdump -b binary -m arm -M reg-names-raw -D RSB_S2_SINGLE.bin)
7 * Addresses: 0x4c4, 0x55ae0, 0x59734
9 * 440: push {r4, r5, r6, r7, r8, r9, r10, r11, r14}
13 * 450: mov r6, #0 ; 0x0
15 * 458: add r3, r6, r10
17 * 460: lsl r3, r3, #24
18 * 464: eor r11, r11, r3
19 * 468: mov r5, #8 ; 0x8
20 * 46c: and r3, r11, #-2147483648 ; 0x80000000
21 * 470: cmp r3, #0 ; 0x0
23 * 478: lsl r3, r11, #1
24 * 47c: ldr r12, [pc, #64] ; 0x4c4
25 * 480: eor r0, r3, r12
28 * 48c: lsl r11, r11, #1
29 * 490: sub r5, r5, #1 ; 0x1
30 * 494: cmp r5, #0 ; 0x0
32 * 49c: add r6, r6, #1 ; 0x1
36 * 4ac: pop {r4, r5, r6, r7, r8, r9, r10, r11, r15}
37 * 4c4: DATA: 0x04c11db7
40 unsigned int rsb_crc(unsigned int r11_crc
, unsigned char *r10_buf
, unsigned int r14_len
) {
41 unsigned int r6_pos
= 0;
45 while (r6_pos
< r14_len
) {
46 r3_data
= (*(r6_pos
+r10_buf
)) << 24;
47 r11_crc
= r11_crc
^ r3_data
;
52 r3_data
= r11_crc
& 0x80000000;
55 r3_data
= r11_crc
<< 1;
56 r11_crc
= r3_data
^ POLY
;
58 r11_crc
= r11_crc
<< 1;
69 /* Second broken algorithm:
71 * 55a30: push {r3, r4, r5, r6, r7, r8, r9, r14}
73 * 55a38: pop {r3, r4, r5, r6, r7, r8, r9, r15}
74 * 55a3c: mov r8, #1 ; 0x1
75 * 55a40: mov r3, #-1073741824 ; 0xc0000000
78 * 55a4c: mov r3, #32 ; 0x20
79 * 55a50: ldr r4, [r3, r0]!
80 * 55a54: mov r8, #2 ; 0x2
81 * 55a58: ldr r5, [r3, #4]
84 * 55a64: mov r8, #3 ; 0x3
86 * 55a6c: movscs r5, #0 ; 0x0
87 * 55a70: movscc r5, #1 ; 0x1
89 * 55a78: mov r8, #4 ; 0x4
91 * 55a80: add r4, r0, r4
92 * 55a84: mvn r5, #0 ; 0x0
93 * 55a88: ldr r7, [pc, #80] ; 0x55ae0
96 * 55a94: bic r9, r3, #3 ; 0x3
98 * 55a9c: and r9, r3, #3 ; 0x3
99 * 55aa0: lsl r9, r9, #3
100 * 55aa4: lsr r6, r6, r9
101 * 55aa8: eor r5, r5, r6, lsl #24
102 * 55aac: mov r6, #8 ; 0x8
103 * 55ab0: lsls r5, r5, #1
104 * 55ab4: eorcs r5, r5, r7
105 * 55ab8: subs r6, r6, #1 ; 0x1
107 * 55ac0: add r3, r3, #1 ; 0x1
110 * 55acc: ldr r3, [r4]
111 * 55ad0: subs r3, r3, r5
112 * 55ad4: moveq r8, #0 ; 0x0
114 * 55adc: mov r15, r14
115 * 55ae0: DATA: 0x04c11db7
118 unsigned int rsb_crc2(unsigned char *r0_buf
, unsigned int r1_buflen
, unsigned int r2_magic
, unsigned int *crc_out
) {
120 unsigned int r3_pos
= 0xc0000000;
128 if (r0_buf
<= r3_pos
)
129 return 1; /* Not in RAM */
132 r4_len
= *(unsigned int*)(r0_buf
+ 0x20);
133 printf("CRC: length: %d\n", r4_len
);
135 if (*((unsigned int*)(r0_buf
+ 0x24)) != r2_magic
)
136 return 2; /* MAGIC does not match */
138 if (r1_buflen
< r4_len
)
139 return 3; /* image to small */
143 r3_pos
= (unsigned int)r0_buf
;
148 while (r3_pos
< r4_len
) {
149 r9
= r3_pos
& (~0x3);
150 r6
= *((unsigned int*)r9
);
154 r5_crc
= r5_crc
^ (r6
<< 24);
158 carry
= r5_crc
& 0x80000000;
159 r5_crc
= r5_crc
<< 1;
161 r5_crc
= r5_crc
^ POLY
;
170 r3_pos
= *((unsigned int*)r4_len
);
172 if (r3_pos
== r5_crc
)