[RevEng] Find CRC utility

I was once asked about a binary file, that, if modified, doesn't accepted anymore by a software. (Like license file or so...) Clearly, it has something like checksum inside. But the file wasn't compressed/encrypted. So to find a checksum, I wrote the following utility.

It tries all possible blocks withing a file and tries all possible CRC variants: CRC16, CRC32, all possible polynomials and CRC reflection parameters. It also tries simple checksum and 32-bit Adler algorithm.

All the checksum we're getting from the file are then compared against all possible 16-bit and 32-bit words collected from the same file. Both big and little endian encodings are tried. (Checksum must not be within checksummed buffer.)

This is a sample output from test files:

crc16=0x8519, poly=0xa02b, reflect_in=0, reflect_out=0, begin=0x3, len=0xd
00000000: 73 65 20 48 65 6C 6C 6F  20 77 6F 72 6C           se Hello worl

crc16=0x6973, poly=0x9eb2, reflect_in=1, reflect_out=1, begin=0x4, len=0xe
00000000: 65 20 48 65 6C 6C 6F 20  77 6F 72 6C 64 21        e Hello world!

crc32=0x1b851995, poly=0xedb88320, reflect_in=1, reflect_out=1, begin=0x6, len=0xc
00000000: 48 65 6C 6C 6F 20 77 6F  72 6C 64 21              Hello world!

crc16=0x1985, poly=0xd015, reflect_in=0, reflect_out=0, begin=0x9, len=0xe
00000000: 6C 6F 20 77 6F 72 6C 64  21 6E 6F 69 73 65        lo world!noise

crc16=0x8519, poly=0xa02b, reflect_in=0, reflect_out=0, begin=0x3, len=0xd
00000000: 73 65 20 48 65 6C 6C 6F  20 77 6F 72 6C           se Hello worl

The utility requires Pytohn 3.

Drawbacks -- it's very slow, because so many cases are tried during execution. Only files up to 1KiB are feasible to work with. But nevertheless, it proved to be useful.

Problems like these are popular in CTF contests as well.

All the files.


As seen at reddit.


List of my other blog posts.