[rsbs2] / rsb-crc.c

#include <stdio.h>

#define POLY 0x04c11db7

/* Theory of operation:
 * (arm-elf-objdump -b binary -m arm -M reg-names-raw -D RSB_S2_SINGLE.bin)
 * Addresses: 0x4c4, 0x55ae0, 0x59734
 *
 * 440: push  {r4, r5, r6, r7, r8, r9, r10, r11, r14}
 * 444: mov   r11, r0
 * 448: mov   r10, r1
 * 44c: mov   r14, r2
 * 450: mov   r6, #0    ; 0x0
 * 454: b     0x4a0
 * 458: add   r3, r6, r10
 * 45c: ldrb  r3, [r3]
 * 460: lsl   r3, r3, #24
 * 464: eor   r11, r11, r3
 * 468: mov   r5, #8    ; 0x8
 * 46c: and   r3, r11, #-2147483648     ; 0x80000000
 * 470: cmp   r3, #0    ; 0x0
 * 474: beq   0x48c
 * 478: lsl   r3, r11, #1
 * 47c: ldr   r12, [pc, #64]    ; 0x4c4
 * 480: eor   r0, r3, r12
 * 484: mov   r11, r0
 * 488: b     0x490
 * 48c: lsl   r11, r11, #1
 * 490: sub   r5, r5, #1        ; 0x1
 * 494: cmp   r5, #0            ; 0x0
 * 498: bne   0x46c
 * 49c: add   r6, r6, #1        ; 0x1
 * 4a0: cmp   r6, r14
 * 4a4: blt   0x458
 * 4a8: mov   r0, r11
 * 4ac: pop   {r4, r5, r6, r7, r8, r9, r10, r11, r15}
 * 4c4: DATA: 0x04c11db7
 */

unsigned int rsb_crc(unsigned int r11_crc, unsigned char *r10_buf, unsigned int r14_len) {
        unsigned int r6_pos = 0;
        unsigned int r3_data;
        int r5_bit;

        while (r6_pos < r14_len) {
                r3_data = (*(r6_pos+r10_buf)) << 24;
                r11_crc = r11_crc ^ r3_data;

                r5_bit = 8;
                
                do {
                        r3_data = r11_crc & 0x80000000;

                        if (r3_data != 0) {
                                r3_data = r11_crc << 1;
                                r11_crc = r3_data ^ POLY;
                        } else {
                                r11_crc = r11_crc << 1;
                        }
                        r5_bit--;
                } while (r5_bit);

                r6_pos++;
        }

        return r11_crc;
}

/* Second broken algorithm:
 *
 * 55a30: push    {r3, r4, r5, r6, r7, r8, r9, r14}
 * 55a34: bl      0x55a3c
 * 55a38: pop     {r3, r4, r5, r6, r7, r8, r9, r15}
 * 55a3c: mov     r8, #1  ; 0x1
 * 55a40: mov     r3, #-1073741824        ; 0xc0000000
 * 55a44: cmp     r0, r3
 * 55a48: ble     0x55ad8
 * 55a4c: mov     r3, #32 ; 0x20
 * 55a50: ldr     r4, [r3, r0]!
 * 55a54: mov     r8, #2  ; 0x2
 * 55a58: ldr     r5, [r3, #4]
 * 55a5c: cmp     r5, r2
 * 55a60: bne     0x55ad8
 * 55a64: mov     r8, #3  ; 0x3
 * 55a68: cmp     r1, r4
 * 55a6c: movscs  r5, #0  ; 0x0
 * 55a70: movscc  r5, #1  ; 0x1
 * 55a74: bne     0x55ad8
 * 55a78: mov     r8, #4  ; 0x4
 * 55a7c: mov     r3, r0
 * 55a80: add     r4, r0, r4
 * 55a84: mvn     r5, #0  ; 0x0
 * 55a88: ldr     r7, [pc, #80]   ; 0x55ae0
 * 55a8c: cmp     r3, r4
 * 55a90: bcs     0x55ac8
 * 55a94: bic     r9, r3, #3      ; 0x3
 * 55a98: ldr     r6, [r9]
 * 55a9c: and     r9, r3, #3      ; 0x3
 * 55aa0: lsl     r9, r9, #3
 * 55aa4: lsr     r6, r6, r9
 * 55aa8: eor     r5, r5, r6, lsl #24
 * 55aac: mov     r6, #8  ; 0x8
 * 55ab0: lsls    r5, r5, #1
 * 55ab4: eorcs   r5, r5, r7
 * 55ab8: subs    r6, r6, #1      ; 0x1
 * 55abc: bne     0x55ab0
 * 55ac0: add     r3, r3, #1      ; 0x1
 * 55ac4: b       0x55a8c
 * 55ac8: mvn     r5, r5
 * 55acc: ldr     r3, [r4]
 * 55ad0: subs    r3, r3, r5
 * 55ad4: moveq   r8, #0  ; 0x0
 * 55ad8: mov     r0, r8
 * 55adc: mov     r15, r14
 * 55ae0: DATA:   0x04c11db7
 */

unsigned int rsb_crc2(unsigned char *r0_buf, unsigned int r1_buflen, unsigned int r2_magic, unsigned int *crc_out) {
        unsigned int r4_len;
        unsigned int file_crc;

        r4_len = *(unsigned int*)(r0_buf + 0x20);

        if (*((unsigned int*)(r0_buf + 0x24)) != r2_magic)
                return 2; /* MAGIC does not match */
        
        if (r1_buflen < r4_len)
                return 3; /* image to small */
        
        *crc_out = ~rsb_crc(~0x0, r0_buf, r4_len);

        file_crc = *((unsigned int*)(r0_buf + r4_len));

        if (file_crc != *crc_out)
                return 4;

        return 0;
}