•  24-02-2021
  •  | 
  •  

Question

I'm trying to understand how a old machine (PLC) generates a check byte in its data exchange, but i can't figure what and how is done or what kind of algorithm is using.

I have a very sparse documentation about the machine and i already try some algorithms like normal crc, ccitt crc, xmodem crc type... and no one is given the right result.

The message is formed like this: M*NNNNNNwwSSdd

where:

M* - is fixed

NNNNNN - N is a number or a space

ww - w is a number too or a space

SS - S is a char or a space

dd - d a number or a space

Some of the examples generate the following byte check (where de byte '×' is realy the space char ' ', i use this char only to be easier to identify the number of spaces):

a:

  • M*614976××××12 -> a
  • M*615138×××××× -> a

b:

  • M*615028××××12 -> b
  • M*615108×××××× -> b

c:

  • M*614933×××××× -> c
  • M*614956××××12 -> c

d:

  • M*614934×××××× -> d
  • M*614951××××12 -> d

e:

  • M*614942×××××× -> e
  • M*615079×××××× -> e

f:

  • M*614719××××12 -> f
  • M*614936×××××× -> f

g:

  • M*614718××××12 -> g
  • M*614937×××××× -> g

h:

  • M*614727×××××× -> h
  • M*614980××××12 -> h

i:

  • M*614734××××12 -> i
  • M*614939×××××× -> i
  • M*×××××××××××× -> i

z:

  • M*××××××××SC12 -> z

j:

  • M*××××××××××12 -> j

y:

  • M*××××××××SC×× -> y

There are more combinations but these ones are enough.

Another particularity is that the check byte result exists only in a defined range - from char 0x60 to 0x7F and no more (the current solution is working because i loop in this range until the machine gives me an ok)

So my question is, do you know how this check byte is calculated? can you point me some simpler algorithms to calculate the integrity of data in PLC machines, it must be simpler that the result byte check is only one char.

Thanks

Was it helpful?

Solution

It seems to me that if I xor together all the characters in the message, treating them as ascii and replacing your odd quasi-x with space, and then xor in 0xe, I get the character in the checksum. At the very least I suggest that you construct a table showing the xor of all the characters in the message, and the checksum character, written out as hex. Something like this is quite plausible considering the block check described in www.bttautomatyka.com.pl/pdf/HA466357.pdf

(I had actually written a mod-2 equation solver and was going to look for a 5-bit CRC, when this popped out!)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top