我必须找出如何重现专有数据库文件上使用的CRC32算法,该文件由许多128字节的“块”组成,每个块都是一个记录。我知道对于每个记录,字节1-4是CRC32校验和,接下来的35个字节似乎并不重要,因为我可以轻松地更改它们而不会让应用程序告诉我CRC校验失败。因此,我希望找出用于计算后者的多项式和其他参数。以下是一个例子。
文字版:
00 27 AE 3B 9F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 08 41 41 41 41 41 41 41 41
19 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42
42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00
如果我们只采用我们无法改变的字节,打破记录,我们得到:
41 08 41 41 41 41 41 41 41 41 19 42 42 42 42 42 42 42 42 42 42 42 42 42 42
42 42 42 42 42 42 42 42 42 42 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00
以上的CRC32是27 AE 3B 9F
实际记录示例1.1,与上面仅相差一个字节(CRC是BC D4 84 FB):
41 08 41 41 41 41 41 41 41 41 19 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42
42 42 42 42 42 42 42 42 42 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
实记录示例2(输出CRC为3B 6A D1 AF):
41 07 41 41 41 41 41 41 41 00 19 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42
42 42 42 42 42 42 42 42 42 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
实记录示例3(输出CRC为0B 54 CC 09):
41 01 31 00 00 00 00 00 00 00 03 41 73 61 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
实际记录示例4(输出CRC为12 91 EA 8E):
41 B4 A8 D0 02 46 00 B4 A8 00 03 52 4D 31 03 53 54 50 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25 00 00 00 00 00 00 00
00 00 A3 05 00 00 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64
00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
实记录例5(输出CRC为8A 68 00 3B):
41 B4 A8 D0 02 46 00 B4 A8 01 03 52 4D 31 03 53 54 50 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25 00 00 00 00 00 00 00
00 00 A3 05 00 00 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64
00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
最后两个记录仅在一个字节上有所不同。通过使用指定的方法@rcgldr,我能够获得最终的Xor值0x9902539d,并且我可以在没有应用程序抱怨的情况下成功更改数据。我运行了一些代码来为应用程序上的每个授权/文件找到这些最终的xor值,并且在所有这些值上都是成功的,但是能够找到单个crc参数集将是一个很好的补充。
编辑:添加了两个示例记录
编辑2:添加了另一个例子,与第一个字节相比,只有一个字节不同
编辑3:添加了两个不同大小的示例,作为应用程序中其他类型记录的示例。也删除了部分问题,因为它变得无关紧要
xor'ing 1.0和1.1导致:
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00
xor'ing这两个crcs导致
9b 7a bf 64
假设存储的crc为“小端”,计算的crc为
0x64bf7a9b
通过xor'ing两个记录,初始值和最终xor值由于xor而被抵消,这允许基于单独的数据确定crc多项式,假设初始值= 0并且最终xor值= 0。利用这一点,我尝试了一些常见的crc多项式并确定了crc多项式
0x104C11DB7 or ignoring the msb: 0x04C11DB7
使用您在评论中链接到的网站:
http://www.sunshine2k.de/coding/javascript/crc/crc_js.html
参数是:
crc32
custom
input: not reflected
result: not reflected
polynomial: 0x04C11DB7
initial value: 0x0
final xor value: 0x0
如果数据总是大小相同,则可以使用初始值或最终xor值或两者的组合来调整crc,使其与示例中显示的实际crc相匹配,但最简单的方法是使用final xor以匹配示例,因为它只需要使用其中一个示例计算crc,假设初始值= 0且最终xor值= 0,然后将计算出的crc与示例crc中的实际crc进行xor计算得出特定长度数据的最终xor值。
因此,对于第一个示例中的数据大小,最终xor值0x189B52BC将生成与示例匹配的crc。这些是crc计算器的参数。
crc32
custom
input: not reflected
result: not reflected
polynomial: 0x04C11DB7
initial value: 0x0
final xor value: 0x189B52BC
这些参数与您发布的所有第一个示例相匹配。再次注意,crc存储为“little endian”,最重要的是字节。
如果数据大小是可变的,则需要初始值(并且可能使用初始值和最终xor值)。一旦知道多项式,就可以进行“反向”CRC以找到初始值,或者可以使用强力搜索。我使用快速crc计算器进行了蛮力搜索初始值(因为我还没有“反向”CRC程序),并且它似乎适用于任何数据大小,至少基于新的示例你补充说。这些参数适用于上面的所有示例,包括您添加的新示例:
crc32
custom
input: not reflected
result: not reflected
polynomial: 0x04C11DB7
initial value: 0xc704dd7b
final xor value: 0x0
0xc704dd7b的初始值是使用{ff ff ff ff}的数据模式生成的crc,初始值= 0且最终xor值= 0.这与使用{ff ff ff ff}为数据添加前缀相同。