CRC16 and data communications

StackOverflow https://stackoverflow.com/questions/16453859

  •  14-04-2022
  •  | 
  •  

質問

Hi I have been trying to calculate a CRC for a device I want to write a software interface for. For simplicity I will say X is the device and Y is the hardware controller. I am looking for a nudge in the right direction I am sure I am on the correct track just a little confused on a few points.

When the device is idle it sends the following strings of data every 2 seconds or so that looks like it is counting up in hex: The 2 bytes between the | | is the CRC I assume. (XX) is the varying byte.

X: 96 10 01 E1 (E4) 01 FF 10 17 | F7 EC | 10 06 E1 96 FE 
X: 96 10 01 E1 (E6) 01 FF 10 17 | 7F FA | 10 06 E1 96 FE 
X: 96 10 01 E1 (E8) 01 FF 10 17 | C7 9B | 10 06 E1 96 FE 
X: 96 10 01 E1 (EA) 01 FF 10 17 | 4F 8D | FE 10 06 E1 96 FE 
X: 96 10 01 E1 (EC) 01 FF 10 17 | D7 B6 | FE 10 06 E1 96 FE 
X: 96 10 01 E1 (EE) 01 FF 10 17 | 5F A0 | FE 10 06 E1 96 FE

Using reveng with reveng -w 16 -s and the above sets of data I get:

width=16  poly=0x1021  init=0x1e69  refin=true  refout=true  xorout=0x0000  check=0x3da6  name=(none)

When I intercept the a command from the controller I get:

X: 96 10 01 E1 (EE) 01 FF 10 17 | 5F A0 | FE 10 06 E1 96 FE -- Last line before command
Y: E1 10 01 96 (22) 05 01 C0 A8 35 00 10 17 |0B B8| FE 10 06 96 E1 FE

Where (22) is the the modifier |0B B8| is the CRC. How is the 22 derived from the E4? is it another CRC?

When I sent the same command several times I intercepted the following:

Y: E1100196220501C0A8350010170BB8FE100696E1FE 
Y: E11001962A0501C0A835001017C1C7FE100696E1FE 
Y: E11001962E0501C0909400101753C8FE100696E1FE  
Y: E1100196300501809094001017C3EEFE100696E1FE  
Y: E1100196360501C090940010170D48FE100696E1FE  
Y: E11001962A0501C09094001017B6F7FE100696E1FE 
Y: E11001962A0501C09094001017B6F7FE100696E1FE

Using reveng with reveng -w 16 -s and the above sets of data I get:

width=16  poly=0x1021  init=0xd313  refin=true  refout=true  xorout=0x0000  check=0x295f  name=(none)

The polynomial is the same but init and check vary, sorry for the long post but here is the summary of my questions:

1) Is it common for say the device to use the same polynomial but different init and check to the controller?

2) Is the constant counting strings from the device used to offset the variable byte used to calculate the checksum? If so what is this mechanism called and what methods could be used to derive the relationship between the count and the byte?

3) Am I on the right track or have I got lost along the way?

Thanks for taking the time to read this and would really appreciate a kick in the right direction.

役に立ちましたか?

解決

Drop the first byte off of your X and Y sequences, and then you'll get for both:

width=16  poly=0x1021  init=0xffff  refin=true  refout=true  xorout=0xffff  check=0x906e  name="X-25"

To wit:

% reveng -w 16 -s 100196220501C0A8350010170BB8 1001962A0501C0A835001017C1C7 1001962E0501C0909400101753C8 100196300501809094001017C3EE 100196360501C090940010170D48 1001962A0501C09094001017B6F7 
width=16  poly=0x1021  init=0xffff  refin=true  refout=true  xorout=0xffff  check=0x906e  name="X-25"

% reveng -w 16 -s 1001E1E401FF1017F7EC 1001E1E601FF10177FFA 1001E1E801FF1017C79B 1001E1EA01FF10174F8D 1001E1EC01FF1017D7B6 1001E1EE01FF10175FA0
width=16  poly=0x1021  init=0xffff  refin=true  refout=true  xorout=0xffff  check=0x906e  name="X-25"
ライセンス: CC-BY-SA帰属
所属していません StackOverflow
scroll top