I’m working on embedded devices again and I’ve had to discover a variety of CRC algorithm in play for checksumming different parts of firmware images. I whipped up a quick python script to search for a predefined algorithm in python’s crcmod that computes a known checksum against a set of data.
#!/usr/bin/python2 # Finds a CRC algorithm based on data and known CRC # Requires crcmod import crcmod def find_crc(data, expected_crc): for predef in crcmod.predefined._crc_definitions: crc = crcmod.predefined.mkCrcFun(predef['name']) if(crc(data) == expected_crc): return(predef['name']) return None if __name__ == '__main__': import argparse parser = argparse.ArgumentParser(description='Find CRC algorithm') parser.add_argument('infile', help='File containing the data (in binary) to CRC. - for stdin') parser.add_argument('crc', help='Expected CRC') args = parser.parse_args() data = None if args.infile == '-': import sys data = sys.stdin.read() else: with open(args.infile, 'rb') as f: data = f.read() excrc = int(args.crc, 0) crc = find_crc(data, excrc) if crc: print('crcmod predefined algorithm \'%s\' produced %X from the provided data' % (crc, excrc)) else: print('crcmod predefined algorithm not found')
To use, extract the set of data and known crc from the binary under analysis and then run the script:
nada@unit-01:~$ ./crcfind.py data.bin 0x87accff7 crcmod predefined algorithm 'crc-32-bzip2' produced 87ACCFF7 from the provided data nada@unit-01:~$
Happy Reversing!