C51反篡改源码下载(菜农独创双向CRC初值碰撞反篡改)
本帖最后由 hotpower 于 2023-10-26 13:15 编辑#include <stdio.h>
#include <REG52.H>
#ifdef MONITOR51
char code reserve _at_ 0x23;
#endif
typedef unsigned char uint8_t;
typedef unsigned int uint16_t;
typedef unsigned long uint32_t;
code uint32_t CRC32Array = {//菜农HotPower@163.com
//全局数组,在Flash里
0x55555555,//头数据,为注册机提供搜索位置,改写即篡改非零
0xAAAAAAAA,//头数据,为注册机提供搜索位置,改写即篡改非零
0x22345678,//头数据,为注册机提供搜索位置,改写即篡改非零
0x20231025,//多项式可以是随机数,例如今天是2023.10.25
0,//Flash基地址
0x0FE3,//HEX长度
0x2430A72A,//CRC32初值1,正向验证
0x4EBAAEC5 //CRC32初值2,反向验证
};
uint32_t CRC32Val(uint32_t input, uint32_t poly, uint32_t init, uint32_t xorout)
{//菜农HotPower@163.com
uint32_t ch;
int i;
input ^= init;
if ((poly & 1) > 0)
{
for (i = 0; i < 32; i++)
{
ch = input & 0x80000000;
input <<= 1;
if (ch > 0)
{
input ^= poly;
}
}
}
else
{
for (i = 0; i < 32; i++)
{
ch = input & 1;
input >>= 1;
if (ch > 0)
{
input ^= poly | 0x80000000;
}
}
}
if ((poly & 0x80000001) == 0)
{
input ^= poly ^ 0x80000001;
}
input ^= xorout;
return input;
}
uint32_t CRC32Valx(uint32_t output, uint32_t poly, uint32_t init, uint32_t xorout)
{//菜农HotPower@163.com
int i;
output ^= xorout;
if ((poly & 0x80000001) == 0)
{
output ^= poly ^ 0x80000001;
}
if ((poly & 1) > 0)
{
for (i = 0; i < 32; i++)
{
if ((output & 1) > 0)
{
output ^= poly;
output >>= 1;
output |= 0x80000000;
}
else
{
output >>= 1;
}
}
}
else
{
for (i = 0; i < 32; i++)
{
if ((output & 0x80000000) > 0)
{
output ^= poly;
output <<= 1;
output |= 1;
}
else
{
output <<= 1;
}
}
}
output ^= init;
return output;
}
void SetCRC32Init(uint32_t* init1, uint32_t* init2)
{//菜农HotPower@163.com
uint16_t len = (CRC32Array - ((int)(&CRC32Array) & 3)) / 4;
uint32_t CRC32Init;
uint32_t crc32;
uint32_t crcpoly = CRC32Array;
int pos1 = (int)(&CRC32Array - (uint16_t)CRC32Array) / 4;
int pos2 = (int)(&CRC32Array - (uint16_t)CRC32Array) / 4;
int i;
unsigned long volatile code *Flash = (unsigned long volatile code *)((int)(&CRC32Array) & 3);
CRC32Init = 0;
for(i = len - 1;i >= 0;i--)
{
crc32 = Flash[(uint16_t)CRC32Array + i];
if(!(i == pos1 || i == pos2))
{
CRC32Init = CRC32Valx(CRC32Init, crcpoly, crc32, 0);
}
else
{
*init1 = CRC32Init;
}
}
*init1 = CRC32Init;
CRC32Init = 0;
for(i = 0;i < len;i++)
{
crc32 = Flash[(uint16_t)CRC32Array + i];
if(!(i == pos2))
{
CRC32Init = CRC32Valx(CRC32Init, crcpoly, crc32, 0);
}
else
{
*init2 = CRC32Init;
}
}
*init2 = CRC32Init;
}
uint32_t GetCRC32Init12()
{//菜农HotPower@163.com
uint16_t len = (CRC32Array - ((int)(&CRC32Array) & 3)) / 4;
uint32_t CRC32Init;
uint32_t crc32;
uint32_t crcpoly = CRC32Array;
int pos1 = (int)(&CRC32Array - (uint16_t)CRC32Array) / 4;
int pos2 = (int)(&CRC32Array - (uint16_t)CRC32Array) / 4;
int i;
unsigned long volatile code *Flash = (unsigned long volatile code *)((int)(&CRC32Array) & 3);
CRC32Init = CRC32Array;
for(i = 0;i < len;i++)
{
crc32 = Flash[(uint16_t)CRC32Array + i];
if(!(i == pos1 || i == pos2))
{
CRC32Init = CRC32Val(crc32, crcpoly, CRC32Init, 0);
}
}
CRC32Init ^= CRC32Array;
for(i = len - 1;i >= 0;i--)
{
crc32 = Flash[(uint16_t)CRC32Array + i];
if(!(i == pos2))
{
CRC32Init = CRC32Val(crc32, crcpoly, CRC32Init, 0);
}
}
return CRC32Init;
}
uint32_t GetCRC32Init1()
{//菜农HotPower@163.com
uint16_t len = (CRC32Array - ((int)(&CRC32Array) & 3)) / 4;
uint32_t CRC32Init;
uint32_t crc32;
uint32_t crcpoly = CRC32Array;
int pos1 = (int)(&CRC32Array - (uint16_t)CRC32Array) / 4;
int pos2 = (int)(&CRC32Array - (uint16_t)CRC32Array) / 4;
int i;
unsigned long volatile code *Flash = (unsigned long volatile code *)((int)(&CRC32Array) & 3);
CRC32Init = CRC32Array;
for(i = 0;i < len;i++)
{
crc32 = Flash[(uint16_t)CRC32Array + i];
if(!(i == pos1 || i == pos2))
{
CRC32Init = CRC32Val(crc32, crcpoly, CRC32Init, 0);
}
}
return CRC32Init;
}
uint32_t GetCRC32Init2()
{//菜农HotPower@163.com
uint16_t len = (CRC32Array - ((int)(&CRC32Array) & 3)) / 4;
uint32_t CRC32Init;
uint32_t crc32;
uint32_t crcpoly = CRC32Array;
int pos2 = (int)(&CRC32Array - (uint16_t)CRC32Array) / 4;
int i;
unsigned long volatile code *Flash = (unsigned long volatile code *)((int)(&CRC32Array) & 3);
CRC32Init = CRC32Array;
for(i = len - 1;i >= 0;i--)
{
crc32 = Flash[(uint16_t)CRC32Array + i];
if(!(i == pos2))
{
CRC32Init = CRC32Val(crc32, crcpoly, CRC32Init, 0);
}
}
return CRC32Init;
}
void main(void)
{//菜农HotPower@163.com
uint32_t init1 = 0;//填入CRC32Array的CRC32初值1
uint32_t init2;//填入CRC32Array的CRC32初值2
volatile uint32_t init12;
#ifndef MONITOR51
SCON= 0x50;
TMOD |= 0x20;
TH1 = 221;
TR1 = 1;
TI = 1;
#endif
SetCRC32Init(&init1, &init2);//结果填入CRC32初值1(第1次),CRC32初值2(第2次),需要编译运行两次!!!
init12 = GetCRC32Init12();//被篡改非零!!!可以篡改CRC32Array,CRC32Array,CRC32Array
init1 = GetCRC32Init1();//被篡改非零!!!可以篡改CRC32Array,CRC32Array,CRC32Array
init2 = GetCRC32Init2();//被篡改非零!!!可以篡改CRC32Array,CRC32Array,CRC32Array
printf("init12 = 0x%08LX\n", init12);
printf("init1 = 0x%08LX\n", init1);
printf("init2 = 0x%08LX\n", init2);
while (1) {
printf ("Hello World\n"); /* Print "Hello World" */
}
}
页:
[1]