On Thu, 9 May 2002 00:14:15 +0100, "Phillip Eaton" <inbox@phillipeaton.com>
wrote:
>
>>
>> Just for the fun of it I wrote a quick program that tried all
>> possible feedback
>> combinations for 16 bit CRCs (65536 combinations), none of them
>> generated the
>> proper signatures, so it's more than just a variation of the standard CRC
>> calculations.
>
>Ah-ha! BUT!! Did you try for all possible combinations of /starting/ CRC?
>Try that 'just for fun' - it should only take 65536 times as long :-)
I didn't, but that seemed unlikely since a single byte is always(?), it's own
signature -- that's really only going to happen if you start with 0, and your
feedback points are high enough to keep from effecting the first byte.
(I'd like for someone to try a get a signature of an FF, there's a chance it
might come back as an FE, which would tell me a bit about the CRC they're using.
IE - are they starting with the HP-sig?)
If all values are possible, then starting with 65k values, and then using 65k
different feedback loops, I should get 65k hits, which won't do me much good.
Hold on....
Yep, a zillion hits, I didn't let it finish...
>In my old serial comms days, we always started our CRC's at some bizarre
>number (3403 IIRC), for two reasons 1) it offered better data security of
>our protocols and 2) because it was safer to start there as some random
>numbers are better generators than others.
The ANSI standard CRC-32 (used by winzip) requires you to preload with FFFFFFFF.
This is because if you start your CRC with 0's, then all leading zeros of the
bitstream you want to CRC will be ignored.
>If you run a mathematical random number generators over a long period then
>you get less random bits that others (i.e. the numbers stay about the same
>for a while).
And who's to say that is not random? ;^)
>This is the same for CRC's and thus the safety of the
>calculation in spotting single or double bit errors is dimished in certain
>areas.
With a proper feedback selection single errors are always found, it's based on
parity by selecting the proper feedback points. If the resulting parity is off,
then at least a single error has occurred. This was explained in the HP5004
article on spies that John R pointed me to.
>> Anybody know of two different ROMs, or byte streams that result
>> in the same
>> signature?
>
>There's loads in ROMIdent - just run with a bunch of EPROMS from your MAME
>directory, and you're bound to find a couple.
I didn't mean standard CRC-32, I meant, 9010a signatures. I'm assuming it's hard
to run the 9010a signatures on files or this topic would have never come up! ;^)
One way to find a two signatures that match would be to run the signature on any
rom larger than 64k, and save a snapshot of the sig after each byte. After
collection 64k signatures, the next one will have to match one of the previous
ones.
-Zonn
>
>Cheers,
>Phillip Eaton
>
Received on Wed May 08 17:54:23 2002
This archive was generated by hypermail 2.1.8 : Tue Dec 02 2003 - 18:40:44 EST