Nada Labs

I’m working on embedded devices again and I’ve had to discover a variety of CRC algorithm in play for checksumming different parts of firmware images. I whipped up a quick python script to search for a predefined algorithm in python’s crcmod that computes a known checksum against a set of data.

#!/usr/bin/python2

# Finds a CRC algorithm based on data and known CRC
# Requires crcmod

import crcmod

def find_crc(data, expected_crc):
    for predef in crcmod.predefined._crc_definitions:
        crc = crcmod.predefined.mkCrcFun(predef['name'])
        if(crc(data) == expected_crc):
            return(predef['name'])
    return None

if __name__ == '__main__':
    import argparse
    parser = argparse.ArgumentParser(description='Find CRC algorithm')
    parser.add_argument('infile', help='File containing the data (in binary) to CRC. - for stdin')
    parser.add_argument('crc', help='Expected CRC')

    args = parser.parse_args()
    data = None
    if args.infile == '-':
        import sys
        data = sys.stdin.read()
    else:
        with open(args.infile, 'rb') as f:
            data = f.read()

    excrc = int(args.crc, 0)

    crc = find_crc(data, excrc)

    if crc:
        print('crcmod predefined algorithm \'%s\' produced %X from the provided data' % (crc, excrc))
    else:
        print('crcmod predefined algorithm not found')

To use, extract the set of data and known crc from the binary under analysis and then run the script:

nada@unit-01:~$ ./crcfind.py data.bin 0x87accff7
crcmod predefined algorithm 'crc-32-bzip2' produced 87ACCFF7 from the provided data nada@unit-01:~$

Happy Reversing!