If this kind of question is not allowed or suitable here I apologies and in such case please delete my question.
I’m trying to reverse engineer a protocol between two embedded devices. They send multicast UDP packets.
The payload part in a UDP-packet look like this:
00000000: 00 00 00 01 5d 28 52 c5 26 30 30 3a 30 32 3a 39 |....](R.&00:02:9|
00000010: 42 3a 39 33 3a 34 41 3a 38 34 26 31 32 39 26 31 |B:93:4A:84&129&1|
I have found that the payload part consists of
- The first 4 binary bytes always being: 00 00 00 01
- The next 4 binary bytes being some type of hash/crc32 (I guess) [above: 5d 28 52 c5]
- The next 1+17 bytes in plain text being a MAC-address [above: &00:02:9B:93:4A:84]
- The next 1+3 bytes in plain text being a command with value 128-136 [above: &129]
- The next 1+(1-3) bytes in plain text being a sequence number between 0-254 [above: &1]
The MAC-address could be either an always constant address like above (being the MAC-address of the receiving device of the multicast UDP-packets) or &FF:FF:FF:FF:FF:FF used like a broadcast when the receiving device is unknown.
Another example with the broadcast MAC-address (and another command value) looks like this:
00000000: 00 00 00 01 95 46 84 1e 26 46 46 3a 46 46 3a 46 |.....F..&FF:FF:F|
00000010: 46 3a 46 46 3a 46 46 3a 46 46 26 31 32 38 26 31 |F:FF:FF:FF&128&1|
Here the hash/crc is: 95 46 84 1e
The combination of the same MAC-address, the same command value and the same sequence number repeats in different UDP-packets with some time interval and will always result in the same hash/crc. So my guess is that the hash/crc in some way only depends on the value of the MAC-address, command value and sequence number.
I have tried a free windows hash/crc calculator called HashCalc from Slavesoft, but I can’t get the same hash/crc, even removing any combinations of ampersand and colon.
I also tried a hash algorithm called djb2 found here and here.
But I cannot figure out the hash/crc algorithm, and therefore I need some help from someone with more knowledge. I need help to first find the algorithm for how to calculate the 4 byte hash/crc based on the mac-address, command and sequence number.
Secondly when the algorithm is found I also need an implementation, preferably in Python.
Any help would be very much appreciated, also if you could just point me in the right direction for where to look and learn more.
I also have a small file (19 kB) with much more examples, but I don’t know how to attach that and if it’s necessary.
I would be very grateful for all the help I can get.