fake crc32 (add 4 bytes in the end of the file)

0

I'm trying to fake the needed CRC32, I have found the app called PEid, so it has a plugin called crc32 that can do this

enter image description here

as you can see the CRC of the file is 0x97B9850E, I need 0x73CBFFB5 when I click to fix it, the app will append 0xA6D43474 to the file, and crc32 will become 0x73CBFFB5 I found the source code for this plugin:

#include "stdafx.h"


int main()
{
    unsigned long c, c2, p2, pol = 0xEDB88320;

    long n, k;

    

    {

        printf("CRC32 Adjuster (c) 2001 by RElf @ HHT/2\n");

        printf("Length of data: "); scanf_s("%ld", &n);

        printf("Offset to patch: "); scanf_s("%ld", &k);

        n = (n - k) << 3;

        printf("Current CRC32: 0x"); scanf_s("%x", &c);

        printf("Desired CRC32: 0x"); scanf_s("%x", &c2);

        c ^= c2;

        p2 = (pol << 1) | 1;

        while (n--) if (c & 0x80000000) c = (c << 1) ^ p2; else c <<= 1;

printf("XOR masks:%02X%02X%02X%02X\n", c & 0xff, (c >> 8) & 0xff, (c >> 16) & 0xff, c >> 24);

    }
    return 0;
}

Compiled it in C++ .net visual studio, and what the console gave me ( i put all data as length of the file 3436 and offset to patch and crc32 columns by myself):

CRC32 Adjuster (c) 2001 by RElf @ HHT/2
Length of data: 3436
Offset to patch: 0
Current CRC32: 0x97B9850E
Desired CRC32: 0x73CBFFB5
XOR masks:1606010E

why it gives me the XOR masks "0x1606010E" when it should be "0xA6D43474", what am I doing wrong?

c++
binary
crc32
asked on Stack Overflow Feb 12, 2021 by John Wick

1 Answer

0

In the first case it is appending four bytes to the file to get the desired CRC. The result is a file of length 3440. In the second case it is telling you that you can exclusive-or the first four bytes of the file (you gave it offset 0) with the provided constant to get the desired CRC, keeping the file length of 3436.

You can get the bytes to append by first appending four zero bytes to the file, getting the CRC of that (0x7d096252), and giving it that CRC, the CRC you want, and the length 3440 and offset to patch 3436 (i.e. write over those last four zeros):

CRC32 Adjuster (c) 2001 by RElf @ HHT/2
Length of data: 3440
Offset to patch: 3436
Current CRC32: 0x7d096252
Desired CRC32: 0x73CBFFB5
XOR masks:a6d43474

An alternative is spoof, which allows you to provide the locations of a scattered set of bits anywhere in the input that spoof can flip in order to get the desired CRC. It also permits any CRC definition, not just the usual CRC-32.

answered on Stack Overflow Feb 12, 2021 by Mark Adler • edited Feb 12, 2021 by Mark Adler

User contributions licensed under CC BY-SA 3.0