[rsbs2] / rsb-crc.c

#include <stdio.h>

#define POLY 0x04c11db7

/* Theory of operation:
 * (arm-elf-objdump -b binary -m arm -M reg-names-raw -D RSB_S2_SINGLE.bin)
 * Addresses: 0x4c4, 0x55ae0, 0x59734
 *
 * 440: push  {r4, r5, r6, r7, r8, r9, r10, r11, r14}
 * 444: mov   r11, r0
 * 448: mov   r10, r1
 * 44c: mov   r14, r2
 * 450: mov   r6, #0	; 0x0
 * 454: b     0x4a0
 * 458: add   r3, r6, r10
 * 45c: ldrb  r3, [r3]
 * 460: lsl   r3, r3, #24
 * 464: eor   r11, r11, r3
 * 468: mov   r5, #8	; 0x8
 * 46c: and   r3, r11, #-2147483648	; 0x80000000
 * 470: cmp   r3, #0	; 0x0
 * 474: beq   0x48c
 * 478: lsl   r3, r11, #1
 * 47c: ldr   r12, [pc, #64]	; 0x4c4
 * 480: eor   r0, r3, r12
 * 484: mov   r11, r0
 * 488: b     0x490
 * 48c: lsl   r11, r11, #1
 * 490: sub   r5, r5, #1	; 0x1
 * 494: cmp   r5, #0		; 0x0
 * 498: bne   0x46c
 * 49c: add   r6, r6, #1	; 0x1
 * 4a0: cmp   r6, r14
 * 4a4: blt   0x458
 * 4a8: mov   r0, r11
 * 4ac: pop   {r4, r5, r6, r7, r8, r9, r10, r11, r15}
 * 4c4: DATA: 0x04c11db7
 */

unsigned int rsb_crc(unsigned int r11_crc, unsigned char *r10_buf, unsigned int r14_len) {
	unsigned int r6_pos = 0;
	unsigned int r3_data;
	int r5_bit;

	while (r6_pos < r14_len) {
		r3_data = (*(r6_pos+r10_buf)) << 24;
		r11_crc = r11_crc ^ r3_data;

		r5_bit = 8;
		
		do {
			r3_data = r11_crc & 0x80000000;

			if (r3_data != 0) {
				r3_data = r11_crc << 1;
				r11_crc = r3_data ^ POLY;
			} else {
				r11_crc = r11_crc << 1;
			}
			r5_bit--;
		} while (r5_bit);

		r6_pos++;
	}

	return r11_crc;
}

/* Second broken algorithm:
 *
 * 55a30: push    {r3, r4, r5, r6, r7, r8, r9, r14}
 * 55a34: bl      0x55a3c
 * 55a38: pop     {r3, r4, r5, r6, r7, r8, r9, r15}
 * 55a3c: mov     r8, #1  ; 0x1
 * 55a40: mov     r3, #-1073741824        ; 0xc0000000
 * 55a44: cmp     r0, r3
 * 55a48: ble     0x55ad8
 * 55a4c: mov     r3, #32 ; 0x20
 * 55a50: ldr     r4, [r3, r0]!
 * 55a54: mov     r8, #2  ; 0x2
 * 55a58: ldr     r5, [r3, #4]
 * 55a5c: cmp     r5, r2
 * 55a60: bne     0x55ad8
 * 55a64: mov     r8, #3  ; 0x3
 * 55a68: cmp     r1, r4
 * 55a6c: movscs  r5, #0  ; 0x0
 * 55a70: movscc  r5, #1  ; 0x1
 * 55a74: bne     0x55ad8
 * 55a78: mov     r8, #4  ; 0x4
 * 55a7c: mov     r3, r0
 * 55a80: add     r4, r0, r4
 * 55a84: mvn     r5, #0  ; 0x0
 * 55a88: ldr     r7, [pc, #80]   ; 0x55ae0
 * 55a8c: cmp     r3, r4
 * 55a90: bcs     0x55ac8
 * 55a94: bic     r9, r3, #3      ; 0x3
 * 55a98: ldr     r6, [r9]
 * 55a9c: and     r9, r3, #3      ; 0x3
 * 55aa0: lsl     r9, r9, #3
 * 55aa4: lsr     r6, r6, r9
 * 55aa8: eor     r5, r5, r6, lsl #24
 * 55aac: mov     r6, #8  ; 0x8
 * 55ab0: lsls    r5, r5, #1
 * 55ab4: eorcs   r5, r5, r7
 * 55ab8: subs    r6, r6, #1      ; 0x1
 * 55abc: bne     0x55ab0
 * 55ac0: add     r3, r3, #1      ; 0x1
 * 55ac4: b       0x55a8c
 * 55ac8: mvn     r5, r5
 * 55acc: ldr     r3, [r4]
 * 55ad0: subs    r3, r3, r5
 * 55ad4: moveq   r8, #0  ; 0x0
 * 55ad8: mov     r0, r8
 * 55adc: mov     r15, r14
 * 55ae0: DATA:   0x04c11db7
 */

unsigned int rsb_crc2(unsigned char *r0_buf, unsigned int r1_buflen, unsigned int r2_magic, unsigned int *crc) {
	int r8_ret = 1;
	unsigned int r3 = 0xc0000000;
	unsigned int r4_len;
	unsigned int r5;
	unsigned int r6;
	unsigned int r7_poly;
	unsigned int r9;
	unsigned int carry;

#if 0
	if (r0_buf <= r3)
		return r8_ret;
#endif

	r3 = ((unsigned int)r0_buf) + 0x20;
	r4_len = *((unsigned int*)r3);
	printf("CRC: length: %d\n", r4_len);

	r8_ret = 2;

	r3 += 4;
	r5 = *((unsigned int*)r3);

	if (r5 != r2_magic)
		return r8_ret;
	
	r8_ret = 3;

	if (r1_buflen >= r4_len) {
		r5 = 0;
	} else {
		r5 = 1;
	}

	if (r5 != 0)
		return r8_ret;
	
	r8_ret = 4;

	r3 = (unsigned int)r0_buf;
	r4_len += r3;
	
	r5 = ~0x0;

	r7_poly = POLY;

	while (r3 < r4_len) {
		r9 = r3 & (~0x3);
		r6 = *((unsigned int*)r9);
		r9 = r3 & 0x3;
		r9 = r9 << 0x3;
		r6 = r6 >> r9;
		r5 = r5 ^ (r6 << 24);
		r6 = 0x8;

		do {
			carry = r5 & 0x80000000;
			r5 = r5 << 1;
			if (carry)
				r5 = r5 ^ r7_poly;
			r6--;
		} while(r6);
		r3++;
	}

	r5 = ~r5;
	*crc = r5;

	r3 = *((unsigned int*)r4_len);

	if (r3 == r5)
		r8_ret = 0;

	return r8_ret;
}
Commit	Line	Data
6fc57dcd MG	1	#include <stdio.h>
6fc57dcd MG	2
972ac24b MG	3	#define POLY 0x04c11db7
	4
	5	/* Theory of operation:
	6	* (arm-elf-objdump -b binary -m arm -M reg-names-raw -D RSB_S2_SINGLE.bin)
6fc57dcd	7	* Addresses: 0x4c4, 0x55ae0, 0x59734
972ac24b MG	8	*
	9	* 440: push {r4, r5, r6, r7, r8, r9, r10, r11, r14}
	10	* 444: mov r11, r0
	11	* 448: mov r10, r1
	12	* 44c: mov r14, r2
	13	* 450: mov r6, #0 ; 0x0
	14	* 454: b 0x4a0
	15	* 458: add r3, r6, r10
	16	* 45c: ldrb r3, [r3]
	17	* 460: lsl r3, r3, #24
	18	* 464: eor r11, r11, r3
	19	* 468: mov r5, #8 ; 0x8
	20	* 46c: and r3, r11, #-2147483648 ; 0x80000000
	21	* 470: cmp r3, #0 ; 0x0
	22	* 474: beq 0x48c
	23	* 478: lsl r3, r11, #1
	24	* 47c: ldr r12, [pc, #64] ; 0x4c4
	25	* 480: eor r0, r3, r12
	26	* 484: mov r11, r0
	27	* 488: b 0x490
	28	* 48c: lsl r11, r11, #1
	29	* 490: sub r5, r5, #1 ; 0x1
	30	* 494: cmp r5, #0 ; 0x0
	31	* 498: bne 0x46c
	32	* 49c: add r6, r6, #1 ; 0x1
	33	* 4a0: cmp r6, r14
	34	* 4a4: blt 0x458
	35	* 4a8: mov r0, r11
	36	* 4ac: pop {r4, r5, r6, r7, r8, r9, r10, r11, r15}
	37	* 4c4: DATA: 0x04c11db7
	38	*/
	39
c8b1eccb MG	40	unsigned int rsb_crc(unsigned int r11_crc, unsigned char *r10_buf, unsigned int r14_len) {
	41	unsigned int r6_pos = 0;
	42	unsigned int r3_data;
	43	int r5_bit;
972ac24b	44
c8b1eccb MG	45	while (r6_pos < r14_len) {
	46	r3_data = (*(r6_pos+r10_buf)) << 24;
	47	r11_crc = r11_crc ^ r3_data;
972ac24b	48
c8b1eccb	49	r5_bit = 8;
972ac24b MG	50
972ac24b MG	51	do {
c8b1eccb	52	r3_data = r11_crc & 0x80000000;
972ac24b	53
c8b1eccb MG	54	if (r3_data != 0) {
	55	r3_data = r11_crc << 1;
	56	r11_crc = r3_data ^ POLY;
972ac24b	57	} else {
c8b1eccb	58	r11_crc = r11_crc << 1;
972ac24b	59	}
c8b1eccb MG	60	r5_bit--;
c8b1eccb MG	61	} while (r5_bit);
972ac24b	62
c8b1eccb	63	r6_pos++;
972ac24b MG	64	}
972ac24b MG	65
c8b1eccb	66	return r11_crc;
972ac24b	67	}
6fc57dcd MG	68
	69	/* Second broken algorithm:
	70	*
	71	* 55a30: push {r3, r4, r5, r6, r7, r8, r9, r14}
	72	* 55a34: bl 0x55a3c
	73	* 55a38: pop {r3, r4, r5, r6, r7, r8, r9, r15}
	74	* 55a3c: mov r8, #1 ; 0x1
	75	* 55a40: mov r3, #-1073741824 ; 0xc0000000
	76	* 55a44: cmp r0, r3
	77	* 55a48: ble 0x55ad8
	78	* 55a4c: mov r3, #32 ; 0x20
	79	* 55a50: ldr r4, [r3, r0]!
	80	* 55a54: mov r8, #2 ; 0x2
	81	* 55a58: ldr r5, [r3, #4]
	82	* 55a5c: cmp r5, r2
	83	* 55a60: bne 0x55ad8
	84	* 55a64: mov r8, #3 ; 0x3
	85	* 55a68: cmp r1, r4
	86	* 55a6c: movscs r5, #0 ; 0x0
	87	* 55a70: movscc r5, #1 ; 0x1
	88	* 55a74: bne 0x55ad8
	89	* 55a78: mov r8, #4 ; 0x4
	90	* 55a7c: mov r3, r0
	91	* 55a80: add r4, r0, r4
	92	* 55a84: mvn r5, #0 ; 0x0
	93	* 55a88: ldr r7, [pc, #80] ; 0x55ae0
	94	* 55a8c: cmp r3, r4
	95	* 55a90: bcs 0x55ac8
	96	* 55a94: bic r9, r3, #3 ; 0x3
	97	* 55a98: ldr r6, [r9]
	98	* 55a9c: and r9, r3, #3 ; 0x3
	99	* 55aa0: lsl r9, r9, #3
	100	* 55aa4: lsr r6, r6, r9
	101	* 55aa8: eor r5, r5, r6, lsl #24
	102	* 55aac: mov r6, #8 ; 0x8
	103	* 55ab0: lsls r5, r5, #1
	104	* 55ab4: eorcs r5, r5, r7
	105	* 55ab8: subs r6, r6, #1 ; 0x1
	106	* 55abc: bne 0x55ab0
	107	* 55ac0: add r3, r3, #1 ; 0x1
	108	* 55ac4: b 0x55a8c
	109	* 55ac8: mvn r5, r5
	110	* 55acc: ldr r3, [r4]
	111	* 55ad0: subs r3, r3, r5
	112	* 55ad4: moveq r8, #0 ; 0x0
	113	* 55ad8: mov r0, r8
	114	* 55adc: mov r15, r14
	115	* 55ae0: DATA: 0x04c11db7
	116	*/
	117
	118	unsigned int rsb_crc2(unsigned char r0_buf, unsigned int r1_buflen, unsigned int r2_magic, unsigned int crc) {
	119	int r8_ret = 1;
	120	unsigned int r3 = 0xc0000000;
	121	unsigned int r4_len;
	122	unsigned int r5;
	123	unsigned int r6;
	124	unsigned int r7_poly;
	125	unsigned int r9;
	126	unsigned int carry;
	127
	128	#if 0
	129	if (r0_buf <= r3)
	130	return r8_ret;
	131	#endif
132
133	r3 = ((unsigned int)r0_buf) + 0x20;
134	r4_len = ((unsigned int)r3);
135	printf("CRC: length: %d\n", r4_len);
136
137	r8_ret = 2;
138
139	r3 += 4;
140	r5 = ((unsigned int)r3);
141
142	if (r5 != r2_magic)
143	return r8_ret;
144
145	r8_ret = 3;
146
147	if (r1_buflen >= r4_len) {
148	r5 = 0;
149	} else {
150	r5 = 1;
151	}
152
153	if (r5 != 0)
154	return r8_ret;
155
156	r8_ret = 4;
157
158	r3 = (unsigned int)r0_buf;
159	r4_len += r3;
160
161	r5 = ~0x0;
162
163	r7_poly = POLY;
164
165	while (r3 < r4_len) {
166	r9 = r3 & (~0x3);
167	r6 = ((unsigned int)r9);
168	r9 = r3 & 0x3;
169	r9 = r9 << 0x3;
170	r6 = r6 >> r9;
171	r5 = r5 ^ (r6 << 24);
172	r6 = 0x8;
173
174	do {
175	carry = r5 & 0x80000000;
176	r5 = r5 << 1;
177	if (carry)
178	r5 = r5 ^ r7_poly;
179	r6--;
180	} while(r6);
181	r3++;
182	}
183
184	r5 = ~r5;
185	*crc = r5;
186
187	r3 = ((unsigned int)r4_len);
188
189	if (r3 == r5)
190	r8_ret = 0;
191
192	return r8_ret;
193	}