Question

我必须找出如何重现专有数据库文件上使用的CRC32算法的方法，该文件包含128个字节的许多“块”，每个块都是一条记录。我知道，对于每条记录，字节1-4是CRC32校验和，接下来的35个字节似乎无关紧要，因为我可以很容易地更改它们，而无需应用程序告诉我CRC校验失败。因此，我正在寻找使用哪些多项式和其他参数来计算后者。下面是一个示例。

Real Example of a record 文字版本：

00 27 AE 3B 9F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 08 41 41 41 41 41 41 41 41 
19 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 
42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00

如果我们只保留不能更改的字节，打破记录，我们会得到：

41 08 41 41 41 41 41 41 41 41 19 42 42 42 42 42 42 42 42 42 42 42 42 42 42 
42 42 42 42 42 42 42 42 42 42 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00

上述内容的CRC32为 27 AE 3B 9F

真实记录示例1.1，与上面仅相差一个字节（CRC为 BC D4 84 FB ）：

41 08 41 41 41 41 41 41 41 41 19 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 
42 42 42 42 42 42 42 42 42 43 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00

真实记录示例2 （输出CRC为 3B 6A D1 AF ）：

41 07 41 41 41 41 41 41 41 00 19 42 42 42 42 42 42 42 42 42 42 42 42 42 42 42 
42 42 42 42 42 42 42 42 42 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00

真实记录示例3 （输出CRC为 0B 54 CC 09 ）：

41 01 31 00 00 00 00 00 00 00 03 41 73 61 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00

真实记录示例4 （输出CRC为 12 91 EA 8E ）：

41 B4 A8 D0 02 46 00 B4 A8 00 03 52 4D 31 03 53 54 50 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25 00 00 00 00 00 00 00 
00 00 A3 05 00 00 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 
00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

真实记录示例5 （输出CRC为 8A 68 00 3B ）：

41 B4 A8 D0 02 46 00 B4 A8 01 03 52 4D 31 03 53 54 50 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25 00 00 00 00 00 00 00 
00 00 A3 05 00 00 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 
00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 64 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

最后两个记录只有一个字节不同。通过使用指定的@rcgldr方法，我能够获得最终的Xor值 0x9902539d ，并且我可以成功更改数据而不会抱怨应用程序。我运行了一些代码，为应用程序上的每个实体/文件找到了最终的xor值，并在所有这些值上都取得了成功，但能够找到单个crc参数集将是一个很好的补充。

编辑：添加了另外两个示例记录

编辑2：添加了另一个示例，该示例与第一个字节相比仅一个字节不同

编辑3：从应用程序中的另一种类型的记录中添加了另外两个大小不同的示例。还删除了部分问题，因为它变得不相关

Answer 1

异或1.0和1.1会导致：

00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00

将两个crcs异或会导致

9b 7a bf 64

假设存储的crc为“ little endian”，则计算出的crc为

0x64bf7a9b

通过对两个记录进行异或，由于异或而抵消了初始值和最终异或值，这使得可以仅基于数据来确定crc多项式，假设初始值= 0并且最终异或值=0。利用这一点，我尝试了一些常见的crc多项式，并确定crc多项式为

0x104C11DB7 or ignoring the msb: 0x04C11DB7

使用您在评论中链接到的网站：

http://www.sunshine2k.de/coding/javascript/crc/crc_js.html

参数为：

crc32
custom
input:  not reflected
result: not reflected
polynomial: 0x04C11DB7
initial value: 0x0
final xor value: 0x0

如果数据总是相同大小，则可以使用初始值或最终异或值或两者的组合来调整crc，以使其与示例中显示的实际crc相匹配，但这是最简单的使用最终异或来匹配示例，因为它只需要使用示例之一来计算crc，假设初始值= 0并且最终异或值= 0，然后将计算出的crc与示例crc中的实际crc进行异或计算特定长度数据的最终异或值。

因此，对于第一个示例中的数据大小，最终的xor值0x189B52BC将产生与示例匹配的crc。这些是crc计算器的参数。

crc32
custom
input:  not reflected
result: not reflected
polynomial: 0x04C11DB7
initial value: 0x0
final xor value: 0x189B52BC

这些参数与您发布的所有第一个示例匹配。同样，请注意，CRC的存储是“ little endian”，最高有效字节在前。

如果数据大小可变，则需要一个初始值（并且可能同时使用初始值和最终异或值）。一旦知道多项式，就可以执行“反向” CRC查找初始值，或者可以使用蛮力搜索。我使用快速crc计算器进行了蛮力搜索初始值的操作（因为我还没有“反向” CRC程序），因此看来它适用于任何数据大小，至少基于新示例您添加了。这些参数适用于以上所有示例，包括您添加的新示例：

crc32
custom
input:  not reflected
result: not reflected
polynomial: 0x04C11DB7
initial value: 0xc704dd7b
final xor value: 0x0

初始值0xc704dd7b是使用{ff ff ff ff}数据模式生成的crc，初始值= 0，最终异或值=0。这与在数据前加上{ff ff ff前缀ff}。

可以访问多个示例的CRC32参数反向工程

1 个答案: