PDA

View Full Version : Siemens FullFlash CRC Check method

rizapn
11-05-2002, 05:00
Hi,
there are two source could be found in the net (DarkBear's) : siemcrc.cpp and siemcrc4x.cpp, which can be used to check CRC value for CMS35 and SME45.
Is there any news about C45, M50, and other model. I did try to check good flash for C45v14, SL45v52, M50 (unknown version) using those algorithm, but all said CRC in the flash is different with the calculated CRC. Do they use different algorithm, or just the location of CRC word in the full flash is different ?

Thank's,
rizapn
TheSig
11-05-2002, 07:27
Can i get these sources?
Thanks
Wind
11-05-2002, 08:15
Originally posted by TheSig
Can i get these sources?
Thanks


Look your mail

regards

Wind
Skylord
11-05-2002, 10:16
Originally posted by rizapn
Hi,
there are two source could be found in the net (DarkBear's) : siemcrc.cpp and siemcrc4x.cpp, which can be used to check CRC value for CMS35 and SME45.
Is there any news about C45, M50, and other model. I did try to check good flash for C45v14, SL45v52, M50 (unknown version) using those algorithm, but all said CRC in the flash is different with the calculated CRC. Do they use different algorithm, or just the location of CRC word in the full flash is different ?

Thank's,
rizapn

Here you are some offsets for C45v35...

Disable the first CRC check (exactly dying after it).
D74F4: 3D CC
D74F5: 0A 00
D7502: 3D CC
D7503: 03 00

Disable the second CRC check.
DBBFE: 2D 0D

Enable NetMonitor.
9FDF6: 2D 0D
kaczor
11-06-2002, 00:30
Originally posted by Wind
Look your mail

regards

Wind

Can You send me too :eek: because I dont understand why after change any bytes in EEPROM soft calculate another CRC ?
Wind
11-06-2002, 00:53
OK......send it!

Wind

Originally posted by kaczor
Can You send me too :eek: because I dont understand why after change any bytes in EEPROM soft calculate another CRC ?
ken
11-06-2002, 15:50
Here you are some offsets for C45v35...

Please tell us what is the principle to disable CRC check for any version of C45...
holg
11-06-2002, 19:09
Hi,
ACID[mrp] wrote a new program which includes darkbear's crc calculator and the secand crc check

so here it is
http://www.minet.uni-jena.de/~holg/crc_gui_setup.exe
kaczor
11-07-2002, 17:50
Originally posted by Wind
OK......send it!

Wind

Hi.

Probably I have any trouble with my mailbox because I don't recive this source (siemenscrc.cpp ....).

Can You send me again to kaczor@hot.pl ?

Thx
Wind
11-07-2002, 20:43
Ok.....look your mail again....

Wind
rizapn
11-08-2002, 08:26
Hi,
my reason to ask this CRC question is to build a software for full-flash modification (such as ringtone and icons) for any firmware (not only x35 like my previous x35fft).

After some trial, I came to this conclution :
*) the main CRC calculation is : CRC1 = W1 xor W2, and CRC2 = W1 + W2
*) *IF* all Siemens firmware CRC algo is based on that, I think another idea to correct CRC after doing some firmware modification (without knowing the *exact* CRC calculation) is to add some more data (in my trial, 3 word are enough), so : CRC1new xor A xor B xor C = CRC1old, and CRC2new + A + B + C = CRC2old ... (first I try with only A and B, but always impossible to get the right value).

I did try with both siemCRC and siemCRC4x, and this idea is OK. The CRC after modifying some data, plus that ABC data is exactly same with the previous/good ones.

Any suggestion ?

Regards,
rizapn

SEO by vBSEO