On Thu, 9 May 2002 00:14:15 +0100, "Phillip Eaton" <inbox@phillipeaton.com> wrote:
Just for the fun of it I wrote a quick program that tried all possible feedback combinations for 16 bit CRCs (65536 combinations), none of them generated the proper signatures, so it's more than just a variation of the standard CRC calculations.
Ah-ha! BUT!! Did you try for all possible combinations of /starting/ CRC? Try that 'just for fun' - it should only take 65536 times as long :-)
I didn't, but that seemed unlikely since a single byte is always(?), it's own signature -- that's really only going to happen if you start with 0, and your feedback points are high enough to keep from effecting the first byte. (I'd like for someone to try a get a signature of an FF, there's a chance it might come back as an FE, which would tell me a bit about the CRC they're using. IE - are they starting with the HP-sig?) If all values are possible, then starting with 65k values, and then using 65k different feedback loops, I should get 65k hits, which won't do me much good. Hold on.... Yep, a zillion hits, I didn't let it finish...
In my old serial comms days, we always started our CRC's at some bizarre number (3403 IIRC), for two reasons 1) it offered better data security of our protocols and 2) because it was safer to start there as some random numbers are better generators than others.
The ANSI standard CRC-32 (used by winzip) requires you to preload with FFFFFFFF. This is because if you start your CRC with 0's, then all leading zeros of the bitstream you want to CRC will be ignored.
If you run a mathematical random number generators over a long period then you get less random bits that others (i.e. the numbers stay about the same for a while).
And who's to say that is not random? ;^)
This is the same for CRC's and thus the safety of the calculation in spotting single or double bit errors is dimished in certain areas.
With a proper feedback selection single errors are always found, it's based on parity by selecting the proper feedback points. If the resulting parity is off, then at least a single error has occurred. This was explained in the HP5004 article on spies that John R pointed me to.
Anybody know of two different ROMs, or byte streams that result in the same signature?
There's loads in ROMIdent - just run with a bunch of EPROMS from your MAME directory, and you're bound to find a couple.
I didn't mean standard CRC-32, I meant, 9010a signatures. I'm assuming it's hard to run the 9010a signatures on files or this topic would have never come up! ;^) One way to find a two signatures that match would be to run the signature on any rom larger than 64k, and save a snapshot of the sig after each byte. After collection 64k signatures, the next one will have to match one of the previous ones. -Zonn
Cheers, Phillip Eaton