[linux-dvb] @Sky Pilot, Neotion Pilot, Checksum hacking

Andreas Oberritter obi at linuxtv.org
Mon Jun 22 07:13:49 CEST 2009


Juergen Urban wrote:
> Now I've a problem with the 1-byte-checksum calculation. Each message 
> which I send to the device has a checksum (last byte). I don't know how to 
> calculate the checksum.
> Did someone know how to reverse engineer a 1-byte-checksum?
> Did someone see these type of messages before?
> Did someone detect any algorithm in the checksum values?
> 
> Here are examples:
> 
> static unsigned char ep03_msg109[] = {
> 	0x81, 0x05, 0x01, 0x00, 0x02, 0x01, 0x06, 0x00,
> 	0x01, 0xd0, 0x1e, 0x01, 0x00,
> 	0xca /* Checksum */
> };
> 
> static unsigned char ep03_msg110[] = {
> 	0x81, 0x05, 0x01, 0x00, 0x02, 0x01, 0x06, 0x00,
> 	0x01, 0xd0, 0x1f, 0x01, 0x00,
> 	0xcb /* Checksum */
> };
> 
> In the above example the checksum is incremented by one and there is also one 
> byte incremented by one in the payload (0x1e -> 0x1f and 0xca -> 0xcb). this 
> seems to be a simple addition.
> 
> static unsigned char ep03_msg111[] = {
> 	0x81, 0x05, 0x01, 0x00, 0x02, 0x01, 0x06, 0x00,
> 	0x01, 0xd0, 0x20, 0x01, 0x00,
> 	0xf4 /* Checksum */
> };

It's a simple XOR of all bytes with an initial value of 0x84.

unsigned int calc_cs(const unsigned char *buf, unsigned int n)
{
        unsigned int i, cs = 0x84;

        for (i = 0; i < n; i++)
                cs ^= buf[i];

        return cs;
}

Regards,
Andreas



More information about the linux-dvb mailing list