100USD for my problem solver!

Find out how to setup your programmer's software and how to solve many common problems.

Moderator: phalanx

Post Reply
xborre
Posts: 2
Joined: Sat Apr 26, 2014 8:28 am

100USD for my problem solver!

Post by xborre » Sat Apr 26, 2014 8:43 am

Hello Everybody,

I am currently doing some reverse engineering on a serial signal which I will try to manipulate.
The first byte is always 0x55, so this must be the “startbyte”. (or maybe both 0x55 0xBB)
Byte 5 and 6 appear to be a counter byte 5 is the low-byte and byte 6 is the high-byte.
So byte 5 increases with every new datastring and byte 6 increases by one when byte 5 overflows.
The last byte functions as a sort of “checksum”.
What I have found out so far is that it seems not to be a simple sum of all, or part of these bytes.
What I did found out (and what actually works) is when I modify byte 9 (0x80) to "0x90" and modify and add 0x10 from the checksum then I get the device responding in the right way. (motor turns in other direction.) And doing the opposite: 0x90->0x80 and substracting 0x10 also works that is a part of trial-and-error which succeeded.


55 BB 0E 0B 98 04 24 96 80 00 00 00 80 C5
55 BB 0E 0B 99 04 24 96 80 00 00 00 80 C4
55 BB 0E 0B 9A 04 24 96 80 00 00 00 80 C7
55 BB 0E 0B 9B 04 24 96 80 00 00 00 80 C6
55 BB 0E 0B 9C 04 24 96 80 00 00 00 80 C1
55 BB 0E 0B 9D 04 24 96 80 00 00 00 80 C0
55 BB 0E 0B 9F 04 24 96 80 00 00 00 80 C2
55 BB 0E 0B A0 04 24 96 80 00 00 00 80 FD
55 BB 0E 0B A1 04 24 96 80 00 00 00 80 FC
55 BB 0E 0B A2 04 24 96 80 00 00 00 80 FF
55 BB 0E 0B A3 04 24 96 80 00 00 00 80 FE
55 BB 0E 0B A4 04 24 96 80 00 00 00 80 F9
55 BB 0E 0B A5 04 24 96 80 00 00 00 80 F8
55 BB 0E 0B A6 04 24 00 80 00 00 00 80 6D

Here is another part of data. Here you see that when you substract 0x96 (byte 8) from the expected checksum of the last datastring (I would expect it to be 0xF7, you too?) that you indeed get 0x61

55 BB 0E 0B AE 03 24 96 90 00 00 00 80 E4
55 BB 0E 0B AF 03 24 96 90 00 00 00 80 E5
55 BB 0E 0B B0 03 24 96 90 00 00 00 80 FA
55 BB 0E 0B B1 03 24 96 90 00 00 00 80 FB
55 BB 0E 0B B2 03 24 96 90 00 00 00 80 F8
55 BB 0E 0B B3 03 24 96 90 00 00 00 80 F9
55 BB 0E 0B B4 03 24 96 90 00 00 00 80 FE
55 BB 0E 0B B5 03 24 96 90 00 00 00 80 FF
55 BB 0E 0B B6 03 24 96 90 00 00 00 80 FC
55 BB 0E 0B B7 03 24 96 90 00 00 00 80 FD
55 BB 0E 0B B8 03 24 96 90 00 00 00 80 F2
55 BB 09 0A B9 03 53 00 04 <<< don't pay too much attention to this one.
55 BB 0E 0B BA 03 24 96 90 00 00 00 80 F0
55 BB 0E 0B BB 03 24 96 90 00 00 00 80 F1
55 BB 0E 0B BC 03 24 96 90 00 00 00 80 F6
55 BB 0E 0B BD 03 24 00 90 00 00 00 80 61

I need to be able to calculate the checksum by myself, so modifying a feeded checksum by adding or substracting 0x10 is not enough.

Because I am not so experienced in decoding these checksum-problems and it is urgent for me to solve it soon (and okay.. I am a bit lazy ;-) ) I will pay 100USD to the one who solves this checksum problem!! That’s a gentlemen’s agreement.

thanks in advance!

Xander.

User avatar
phalanx
Non-SFE Guru
Posts: 1992
Joined: Sun Nov 30, 2003 8:57 am
Location: Candia, NH

Re: 100USD for my problem solver!

Post by phalanx » Sat Apr 26, 2014 11:54 am

This one is easy so I'll give you the answer for no cost! The checksum is simply all the bytes XOR'd together.

For instance (I added the hex notation for clarity):
Your original line: 55 BB 0E 0B 9A 04 24 96 80 00 00 00 80 C7

0x55 XOR 0xBB XOR 0x0E XOR 0x0B XOR 0x9A XOR 0x04 XOR 0x24 XOR 0x96 XOR 0x80 XOR 0x00 XOR 0x00 XOR 0x00 XOR 0x80 = 0xC7

This is a very common checksum calculation in the computer world.

-Bill

User avatar
phalanx
Non-SFE Guru
Posts: 1992
Joined: Sun Nov 30, 2003 8:57 am
Location: Candia, NH

Re: 100USD for my problem solver!

Post by phalanx » Sat Apr 26, 2014 12:01 pm

xborre wrote:55 BB 09 0A B9 03 53 00 04 <<< don't pay too much attention to this one.
It also works for this line:

0x55 XOR 0xBB XOR 0x09 XOR 0x0A XOR 0xB9 XOR 0x03 XOR 0x53 XOR 0x00 = 0x04

-Bill

xborre
Posts: 2
Joined: Sat Apr 26, 2014 8:28 am

Re: 100USD for my problem solver!

Post by xborre » Sun Apr 27, 2014 3:17 am

Hi Bill,

Thank you very very VERY much for your solution. It works indeed!
I am a hardware engineer and not that experienced with these things.
I did'nt know it was that easy.

I send wil you a PM!

Xander

stevech
Support Volunteer
Posts: 2907
Joined: Sat Jun 05, 2004 8:51 pm
Location: USA, California

Re: 100USD for my problem solver!

Post by stevech » Mon Apr 28, 2014 12:49 pm

you can omit all the 0x00's from the calcualtion! No affect.

User avatar
phalanx
Non-SFE Guru
Posts: 1992
Joined: Sun Nov 30, 2003 8:57 am
Location: Candia, NH

Re: 100USD for my problem solver!

Post by phalanx » Mon Apr 28, 2014 1:40 pm

stevech wrote:you can omit all the 0x00's from the calcualtion! No affect.
That's true only if you can guarantee those bytes will always be zero. If they are ever non-zero, your overhead of determining if it's zero and skipping the XOR will be greater than just XORing everything regardless of value.

-Bill

stevech
Support Volunteer
Posts: 2907
Joined: Sat Jun 05, 2004 8:51 pm
Location: USA, California

Re: 100USD for my problem solver!

Post by stevech » Tue Apr 29, 2014 1:15 pm

indeed.

A common checksum is the XOR or simple summation to 8 bits of all bytes, then take 256-sum as the transmitted checksum.
simplifies the reader somewhat.

Of course, most apps use CRC8 or CRC16 in a lookup table or short for loop.
Does not have the bad shortcomings of XOR and half-sums.

Post Reply