# Byte de comprobación del PLC desconocido

I'm trying to understand how a old machine (PLC) generates a check byte in its data exchange, but i can't figure what and how is done or what kind of algorithm is using.

I have a very sparse documentation about the machine and i already try some algorithms like normal crc, ccitt crc, xmodem crc type... and no one is given the right result.

The message is formed like this: M*NNNNNNwwSSdd

dónde:

M* - is fixed

NNNNNN - N is a number or a space

ww - w is a number too or a space

SS - S is a char or a space

dd - d a number or a space

Some of the examples generate the following byte check (where de byte '×' is realy the space char ' ', i use this char only to be easier to identify the number of spaces):

a:

• M*614976××××12 -> a
• M*615138×××××× -> a

b:

• M*615028××××12 -> b
• M*615108×××××× -> b

c:

• M*614933×××××× -> c
• M*614956××××12 -> c

d:

• M*614934×××××× -> d
• M*614951××××12 -> d

e:

• M*614942×××××× -> e
• M*615079×××××× -> e

f:

• M*614719××××12 -> f
• M*614936×××××× -> f

g:

• M*614718××××12 -> g
• M*614937×××××× -> g

h:

• M*614727×××××× -> h
• M*614980××××12 -> h

i:

• M*614734××××12 -> i
• M*614939×××××× -> i
• M*×××××××××××× -> i

z:

• M*××××××××SC12 -> z

j:

• M*××××××××××12 -> j

y:

• M*××××××××SC×× -> y

There are more combinations but these ones are enough.

Another particularity is that the check byte result exists only in a defined range - from char 0x60 to 0x7F and no more (the current solution is working because i loop in this range until the machine gives me an ok)

So my question is, do you know how this check byte is calculated? can you point me some simpler algorithms to calculate the integrity of data in PLC machines, it must be simpler that the result byte check is only one char.

Muchas Gracias

preguntado el 08 de noviembre de 11 a las 12:11

## 1 Respuestas

It seems to me that if I xor together all the characters in the message, treating them as ascii and replacing your odd quasi-x with space, and then xor in 0xe, I get the character in the checksum. At the very least I suggest that you construct a table showing the xor of all the characters in the message, and the checksum character, written out as hex. Something like this is quite plausible considering the block check described in www.bttautomatyka.com.pl/pdf/HA466357.pdf

(I had actually written a mod-2 equation solver and was going to look for a 5-bit CRC, when this popped out!)

respondido 11 nov., 11:01

It seems to me that is the right answer, but i will check it first ok :) - Nuno

Yap you are correct, but i only have one more question for you, how do you find the last xor byte (0x0E) was by trial error or do you read something somewhere (the link that you point says to xor with the ETX byte that is 0x03 and not 0x0E if i'm not wrong!? right? - Nuno

The link I gave does not suggest 0x0E - as you say it suggests ETX = 3, or possibly ETX ^ STX = 1. I wrote a program to take the XOR sum of all the bytes in a message, and print this out together with the checksum. I could see that when the XOR sum was the same between two messages then their checksum was the same, so it was probably a function of the XOR sum. Guessing that it might be a constant XOR the XOR sum, I XOR-ed the checksum in one case into the XOR sum and got 0x0E. Then I tried this out everywhere else, and it worked. - Mcdowella

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.