How I fixed Sequoia's screencapture on an OCLP patched MacBookPro8,1

Problem

On an early 2011 MacBook Pro (Model MacBookPro8,1), I upgraded from Catalina 10.15.8 to Sequoia 15.7.1 using OCLP 2.4.1. Following the upgrade, the screen capture features stopped working. While I could still trigger the shortcuts (Cmd+Shift+3 for the whole screen or Cmd+Shift+4 for a selected area), the screenshot images no longer appeared on the desktop as expected.

Investigation

Previously, I successfully upgraded several MacBookPro9,2 models (the Mid-2012 version with user-replaceable RAM and SSD) from Catalina to Sequoia 15.7.4 using OCLP 2.4.1 without any issues. This suggested a specific compatibility problem with the older 8,1 model.

Upon further investigation, I discovered that the screencapture binary crashes immediately on the MacBookPro8,1. Running it via the command line yielded:

% /usr/sbin/screencapture
zsh: killed     /usr/sbin/screencapture  

In contrast, the MacBookPro9,2 handles the command normally:

% /usr/sbin/screencapture
screencapture: no file specified  

Beyond just a difference in file size, using the file command revealed a discrepancy in architectures. On the older model, the binary only contains code for x86_64, whereas the binary on the later model is a Universal binary containing both x86_64 and arm64e. It appears the binary on the 8,1 model may have been stripped or corrupted during the patching process.

The Workaround

Regardless of the root cause, I found that copying the functional binary from the newer model to the older one restores functionality.

However, this isn't as simple as a standard file copy. The /usr/sbin directory is protected by System Integrity Protection (SIP) and the partition is mounted as read-only. Furthermore, reapplying OCLP root patches in the future would likely overwrite the fix.

To solve this, I wrote a shell script to automate the process, making it easy to re-apply the fix whenever necessary without manual re-mounting or complex commands. 

The script is now available here: https://github.com/jonelo/screencapture-fix

Precondition: SIP must be disabled. The script expects an unmodified screencapture binary in the same directory where the script is stored. To restore your screen capture functionality, simply run:

% sudo ./screencapture-fix.sh

Fixing the 15W charging limit on a ThinkPad X280 by flashing the Winbond 25Q80DV with TB firmware

The problem

On startup a X280 was showing the following error message:

The connected AC adapter has a lower wattage than the recommended AC adapter
which was shipped with the system. To use AC power, please connect the AC
adapter which was shipped with the system.
Press the ESC key to continue.

The error message on the screen: 

 

And altough there was a power supply unit attached with 45 W or 65 W, Lenovo Vantage shows that the laptop loads with 15 W only:

It was constantly discharging the battery while working on the laptop, because 15 Watts were not enough to satisfy the actual power demand. Slow charging was possible, but only when the laptop was switched off actually.

 

The solution

After hours of reading articles on the web and several unsuccessful tests including the official way by Lenovo I came along the instructions at https://www.reddit.com/r/thinkpad/comments/1gyv56s/guide_how_to_flash_a_t480s_thunderbolt_firmware/ which worked like a charm also for the X280. 

The only thing worth to add here are images to show you how to find the required chip on the X280 logic board. Go to the BIOS and disable the battery. Remove the bottom case from the laptop. Now you need to remove the black plastic foil in the upper right corner and underneeth you find the Winbond 25Q80DV chip that we are going to flash with the Thunderbolt Firmware for the X280.

The chip under a magnifying glass:

The chip gripped by the pliers:

 

The whole little setup with a connection between the chip and a Linux box by using the CH341A programmer:

 

 

Install flashrom packages on Linux

$ sudo apt install flashrom

we need to check whether the connection can be established ...  

$ sudo flashrom -p ch341a_spi
flashrom unknown on Linux 6.14.0-24-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Found Winbond flash chip "W25Q80.V" (1024 kB, SPI) on ch341a_spi.
===
This flash part has status UNTESTED for operations: WP
The test status of this chip may have been updated in the latest development
version of flashrom. If you are running the latest development version,
please email a report to flashrom@flashrom.org if any of the above operations
work correctly for you with this flash chip. Please include the flashrom log
file for all operations you tested (see the man page for details), and mention
which mainboard or programmer you tested in the subject line.
Thanks for your help!
No operations were specified.


The chip has been found. Let's backup the content of the chip, just in case something goes wrong ...

$ sudo flashrom -p ch341a_spi -r winbond-backup.bin
flashrom unknown on Linux 6.14.0-24-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Found Winbond flash chip "W25Q80.V" (1024 kB, SPI) on ch341a_spi.
===
This flash part has status UNTESTED for operations: WP
The test status of this chip may have been updated in the latest development
version of flashrom. If you are running the latest development version,
please email a report to flashrom@flashrom.org if any of the above operations
work correctly for you with this flash chip. Please include the flashrom log
file for all operations you tested (see the man page for details), and mention
which mainboard or programmer you tested in the subject line.
Thanks for your help!
Reading flash... done.


A backup file has been created, now let's create a 1 MiB file full of nulls ...

$ dd if=/dev/zero of=null.bin bs=1M count=1
1+0 records in
1+0 records out
1048576 bytes (1.0 MB, 1.0 MiB) copied, 0.00205349 s, 511 MB/s


Let's erase the chip ...

$ sudo flashrom -p ch341a_spi -E
flashrom unknown on Linux 6.14.0-24-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Found Winbond flash chip "W25Q80.V" (1024 kB, SPI) on ch341a_spi.
===
This flash part has status UNTESTED for operations: WP
The test status of this chip may have been updated in the latest development
version of flashrom. If you are running the latest development version,
please email a report to flashrom@flashrom.org if any of the above operations
work correctly for you with this flash chip. Please include the flashrom log
file for all operations you tested (see the man page for details), and mention
which mainboard or programmer you tested in the subject line.
Thanks for your help!
Erasing and writing flash chip... Erase/write done.


Write all the nulls to the chip ...

$ sudo flashrom -p ch341a_spi -w null.bin
flashrom unknown on Linux 6.14.0-24-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Found Winbond flash chip "W25Q80.V" (1024 kB, SPI) on ch341a_spi.
===
This flash part has status UNTESTED for operations: WP
The test status of this chip may have been updated in the latest development
version of flashrom. If you are running the latest development version,
please email a report to flashrom@flashrom.org if any of the above operations
work correctly for you with this flash chip. Please include the flashrom log
file for all operations you tested (see the man page for details), and mention
which mainboard or programmer you tested in the subject line.
Thanks for your help!
Reading old flash chip contents... done.
Erasing and writing flash chip... Erase/write done.
Verifying flash... VERIFIED.

Disconnect the pliers, boot the laptop, disable battery again in BIOS, shutdown the laptop and reconnect the pliers again. The original Thunderbolt firmware (from Lenovo, extracted from the .exe) is called TBT.bin ...

$ ls -la TBT.bin
-rwxr-xr-x 1 johann johann 262144 Jul 8 2022 TBT.bin
johann@x250:~$ cp TBT.bin TBT-backup.bin

We need to pad the TBT.bin with nulls to have a 1 MiB file ...

$ dd if=/dev/null of=TBT.bin bs=1 seek=1048576
0+0 records in
0+0 records out
0 bytes copied, 6.4913e-05 s, 0.0 kB/s
johann@x250:~$ ls -la TBT.bin
-rwxr-xr-x 1 johann johann 1048576 Jul 18 20:11 TBT.bin

We flash the content of the updated TBT.bin to the chip ...

$ sudo flashrom -p ch341a_spi -w TBT.bin
flashrom unknown on Linux 6.14.0-24-generic (x86_64)
flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Found Winbond flash chip "W25Q80.V" (1024 kB, SPI) on ch341a_spi.
===
This flash part has status UNTESTED for operations: WP
The test status of this chip may have been updated in the latest development
version of flashrom. If you are running the latest development version,
please email a report to flashrom@flashrom.org if any of the above operations
work correctly for you with this flash chip. Please include the flashrom log
file for all operations you tested (see the man page for details), and mention
which mainboard or programmer you tested in the subject line.
Thanks for your help!
Reading old flash chip contents... done.
Erasing and writing flash chip... Erase/write done.
Verifying flash... VERIFIED.
$

Disconnect the pliers, reboot the laptop. And now the boot error message is gone. And also Vantage recognizes the correct value of 45 Watts of the attached power supply ...

Don't forget to tighten up the screws that hold the bottom case.

 

Mission completed.

 

Jacksum: How to skip files during hash calculation or the verification process

You could skip files during the hash calcualation process so that you do not create hash values at all for particular files and/or you could skip files during the verification process.

Skip files during hash calculation

To keep the example short, let's say we don't want to hash program libraries. Those files usually end with .dll on Windows, and with .so on GNU/Linux.

1. Create a list of files

Let's say we want to list all files in the current working directory (.) and below.

On GNU/Linux and macOS:

> find . -type f > files.list

On Windows:

> dir /A-D /B /S . > files.list

Using Jacksum:

> jacksum --style files-only . > files.list

2. Modify the file list as required

The -v option for grep and findstr lists files only that do not match the criteria given. You can use regular expressions. The $ at the end marks the end of a string.

On GNU/Linux or macOS:

> grep -v ".so$" files.list > files-filtered.list

On Windows:

> findstr /V ".dll$" files.list > files-filtered.list

3. Hash the file list

We can hash that list using the Jacksum option -L (or --file-list):

> jacksum -a sha256 -L files-filtered.list > hashes.sha256

Skip files during the verification process

If you want to ignore particular paths from a hash file you can do it in a similar way.

1. Modify the hash file as required

On GNU/Linux or macOS:

> grep -v ".so$" hashes.sha256 > hashes-filtered.sha256

On Windows:

> findstr /V ".dll$" hashes.sha256 > hashes-filtered.sha256

2. Start the integrity verification process

> jacksum -a sha256 -c hashes-filtered.sha256 .

Note: the dot at the end of the command says: verify not only the integrity of the paths stored in the hashes.sha256, but also read the current working directory (.) and all files below (-r max is set implicitly). With that you will also find new files that have been added after the file called hashes.sha256 was produced. Without the dot you will verify the files only that have a trace in hashes-filtered.sha256.

How to create unique and secure passwords for websites with a master password and Jacksum

Jacksum 3.7.0 introduced a new feature: read text from the console without echoing, hash that string using your preferred hash-function and encode the hash-value using your preferred encoding. In other words, you can treat Jacksum as a password generator that generates uniq and strong passwords.

You only have to remember ONE secure password. Yet, you can still use different, strong passwords for all your accounts.

No password manager is required, because nothing is stored on disk, the master password will be in your brain only. Even the generated passwords are not stored somewhere, they will be regenerated on demand.

In the following examples I use "do-not-use-this-password" as the master password for demonstration purposes only. Note that this password is not secure (since it is public here and easy to remember) and shouldn't be used. Actually you should select a secure password. To learn how to create secure passwords go to the recommendation of the BSI.

Let's see how we can generate uniq strong passwords using Jacksum ...

Simple approach with sha256 and base64-nopadding encoding (a-z, A-Z, 0-9, two special chars: +/ ):

> jacksum -a sha256 -8 -q password -E base64-nopadding
Password: facebook.com do-not-use-this-password

IMY5mnvgt44sWLNZZxOusnwepHP0mAJjMH4Q0rE2AF8

 

Better approach with HMAC:sha256 and base64-nopadding-encoding (a-z, A-Z, 0-9, two special chars: +/ ):

Hashing using a a crytpographic hash algorithm is a one-way action, and in theory it is impossible to calculate the master password if someone knows the hashed password. However, there is still the risk of precalculated rainbow tables that increses the speed of an attack in contrast to a brute-force attack. Therefore you can make it even more secure if you use an HMAC. The advantage with the HMAC is that you can individualize the actual hashing with another secret which makes precalculated rainbow tables useless for attack purposes which increases the security again. Since we need to keep the HMAC key and the master password as secret, we can simply use that token for both. Otherwise we would have to remember two passwords.

After entering the command, you will be asked twice. The 1st password prompt is the key for the HMAC, the 2nd password prompt is your actual message that you want to hash. You can use the same master password at both prompts.

> jacksum -a hmac:sha256 -8 -k password -q password -E base64-nopadding
Password: do-not-use-this-password
Password: facebook.com do-not-use-this-password

5kAL95XIPnB/yDFZcMgWDOo72kFnvDeMvnzgju+8xuM

 

Strong approach with HMAC:sha3-512:240 and base64-encoding (a-z, A-Z, 0-9, two special chars: +/ ):

In order to avoid padding for the base64 encoding and not to use base64-nopadding, the number of encoded bytes (the hash) must be a multiple of 3. So we can truncate the HMAC by specifying HMAC:sha256:240 which will result in a 30 byte hash. Since it increases the security further if we don't store the entire hash to the website, but only a fraction of it - with the knowledge of only a fraction of the hash it is impossible to precalculate a 1:1 relationship between the hash and the password, because more than 50% of the hash is not being transferred, we could also use the more modern SHA3-512 and truncate it after 240 bits. This will result in a 40 character password with at least 3 different character categories (upper- and lowercase characters, numbers, and sometimes even a special character).

> jacksum -a hmac:sha3-512:240 -8 -k password -q password -E base64
Password: do-not-use-this-password
Password: facebook.com do-not-use-this-password

ms2WOeYyYShCs9txS6jc5UtagHTviGJtIrZYRT+e

The examples above show how to read a password or passphrase from the console, not including any line-termination characters. You can use that mode to generate both unique and strong passwords for websites. The returned hash values will be stronger than anything a normal human brain could remember, and nothing needs to be stored on disk. If the password is compromised, the master password will still remain secret. Oh, please do not use the password from the example above, because now it is known to all people who read this article.

Some notes and recommendations:

• Combine a master password with website-specific information, such as the domain name, to get unique passwords. In the example above I have used facebook.com
  
• For the master password you should use a strong password that is at least 8 characters long; the longer, the better, and you should be able to remember it easily. Again, please do not use the password from the example above.
  
• You should use a non-broken, strong cryptographic hash algorithm for the task. For the examples above I have used sha256, and sha3-512.
• Set the character set explicitly if you use multiple different operating systems or environments that do not use UTF-8 for the console by default, and make sure to remember the character set as well. In the example above I have used option -8 which sets UTF-8 for both stdout and stderr. See also `jacksum -h -8`.
  
• You can use all of the available characters for the password.
• You can copy and paste the password to the prompt, but it is better if you remember it and type it, as this trains your brain to remember the password, and your brain will be the only place where the master password resides.
• Dependent on the allowed characters of the website login you can select one of the encodings that Jacksum supports. See also `jacksum -h -E`. In the example above I have used base64 resp. base64-nopadding which perfectly works for the password complexity requirements of most websites. Alternatively I can also recommend base32hex-nopadding or z85.
  
• To increase the security further you can use a HMAC. Note that not all hash algorithms work as a HMAC. Or, use a truncated HMAC which is even more secure, because we do not reveal the entire hash value to the website's password store.
  

Due to security reasons the following limits apply:

• You won't see the password that you enter; in other words, echoing is disabled to prevent shoulder-surfing attacks.
• Only the hash is printed by default; it is not possible to print the password in clear text, even if particular format options such as -F or --style are set. Use option "-q readline" if you prefer echoing.
• Operating system piping is not possible, because we want to make sure that the password is coming from a keyboard and not transfer passwords in clear text between processes via piping.
• Operating system redirection is not possible, because a console is required to enter the password. Use the options -o/-O to save the hash to a file if you do no wish to see the hash value in the console.
• To minimize the lifetime of sensitive data in memory, the password is cleared from memory after processing. Java's String interning is not used for the password.

Stay safe!

Regards,
Johann

 

Fixed the 10µF/25V Tantalkondensator on C15 on the mainboard of the Commodore C64 floppy drive VC 1541, restored an old prg of mine and refreshed my memory

Vor kurzem habe ich mir diesen tollen Adapter gekauft, der es mir erlauben sollte ein C64-Diskettenlaufwerk über USB an meinen PC anzubinden und so alte C64-Disketten auslesen zu können.

Mein Commodore Diskettenlaufwerk VC 1541 lag über 30 Jahre lang gut verstaut vor Staub und Wasser in einer Aufbewahrungsbox und ich ging davon aus, dass ich es genauso wieder schnell in Betrieb nehmen könnte, wie ich es damals hineintat. Pustekuchen. Leider qualmte das Diskettenlaufwerk unmittelbar nach dem Einschalten aus den Lüftungsschlitzen wie eine antike Dampflok und auch olfaktorisch merkte ich schnell dass was nicht stimmte. Mit anderen Worten: es stank - und zwar gewaltig - nach verbranntem Elektronikbauteil! Schnell abgeschaltet, abgesteckt, abkühlen lassen, dann das Laufwerk auf den Bauch gedreht. Vier Schräubchen sind schnell gelöst und ich habe den Gehäusedeckel abgemacht. Sofort fällt mein Blick auf einen kleinen, verkohlten Stumpf, vor kurzem noch ein Kondensator - möglicherweise, denn die Werte kann ich nicht mehr erkennen. Auf C15 steckt er jedenfalls. Schnell gegoogelt. Aha, ein Tantal-Kondensator, 10µF/25V. Gibts für 0,35 €, Versandkosten 5,95 €. Na toll. Egal. Bestellt. Gleich mehrere - man weiss ja nie.

Vorher:

 

Ein paar Tage später: Lötkolben heiss gemacht und weg mit dem alten, neuen rein.

Nachher:

Test mit dem Adapter verlief auch ohne Probleme. Perfekt. Dann lesen wir doch mal das 5 1/4 Zoll-Diskettchen hier aus und schauen, was ich damals Nutzloses Nützliches programmiert habe ab dem Jahre 1984 und den folgenden meiner Kindheit. Aha, "potenzen.prg", "gleichungen.prg", "weihnachten.prg" usw. - klingt alles vielversprechend, auch wenn ich mich zugegeben nur noch sehr vage erinnere. VICE runtergeladen, installiert, erstes Programm geladen ...

 Und RUN it baby ...

Ach ich sage euch, es ist wunderbar, wenn man sehr alte Erinnerungen durch selbst reaktivierte alte Hardware auffrischen kann :-) Ach ja. Seufz. Nun gut. Deckel drauf, Schrauben rein und wieder ab damit in den Keller. Sehr gute Bewertung für den ebay-Händler für den tollen Adapter!

Mission completed.

CVE-2021-44832: Find vulnerable .jar files using Jacksum 3.4.0 or later

In December 2021, a zero-day remote code execution vulnerability (CVE-2021-442281, Base Score 10.0) was found in Apache Log4j, a widely used Java logging library. The vulnerability was publicly disclosed via GitHub on Dec 9, 2021. The vulnerability allows attackers to take full control of systems without authentication. The vulnerability is also known as "log4shell".

Many recommendations out there suggest the user to find the filenames by typing the GNU/Linux command

find / -iname "*log4j*"

or to find live processes with log4j in their names

ps aux | grep –i 'log4j'
lsof | grep –i "log4j"

The problem with those approaches is that you won't find the vulnerable jar files if the file names have been renamed. You know, sometimes some vendors simply rename libs to whatever reason original jar files. Also in Java's classpath the name of the .jar file is irrelavant, from a security perspective it is the vulnerable classes in the jar file that really matter.

So a better approach is not to search only for their names, search also for their hashes!

This receipt can be used at any time a new critical vulnerability is found - even if it is not in log4j. Nonetheless I will use the log4j example to demonstrate how it works.

1. Identify the files/libs that are vulnerable

CVE-2021-44832 tells us that the issue has been fixed in Log4j 2.17.1 (for Java 8), 2.12.4 (for Java 7) and 2.3.2 (for Java 6). See also https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832

In other words all other older releases are vulnerable.

2. Download all vulnerable libs

If you don't find older libs on the apache page, you can go to mavencentral to download all vulnerable libs. Go to https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core
You should download all vulnerable libs and not just those that are affected by CVE-2021-44832.

3. Create hashes from the libs

Since we want to minimize false positives and minimize hash collisions, we use a non-broken, crytographic well known modern hash algorithm: SHA-3-256
which is the default in Jacksum 3.4.0. Go to the directory where all the libs have been stored and run

jacksum -a sha3-256 --header --no-path -O log4j.hashes .

Note: you don't need to specify -a, because the default is already sha3-256, but it is not guaranteed that future Jacksum releases have the same default algorithm, so it is recommended to specify the algorithm even you don't need to. You can set --header to print invocation args so you will know by which Jacksum version, which algorithm, and when the hashes were generated. Set the option called --no-path, because we don't need the path, we are just interested in the file name. The file will be written to log4j.hashes, and it will be overwritten if it exists.

4. Optional: test with the current working directory

jacksum -w log4j.hashes .

5. Optional: edit log4j.hashes and add CVS info to it

For example you could change the line from

d5a4aa7b06fd43b142caae4381e94ddbff840886470135b0f4314181e2b9bb27 log4j-core-2.17.0.jar

to

d5a4aa7b06fd43b142caae4381e94ddbff840886470135b0f4314181e2b9bb27 original: log4j-core-2.17.0.jar, vulnerability: CVE-2021-44832

and repeat that with additional comments.

6. Go and let find all files that match any of the hashes in log4j.hashes

You can use Jacksum 3.4.0 or later to do that job:

jacksum -w log4j.hashes /

Hint: with this approach you can not only find vulnerable libraries, you can also find copyright protected material, pornography, software in particular versions - anything that you know the digital hashes of.

Bonus: search your system for any Jacksum libraries:

jacksum -w jacksum.hashes /

Downloads

You find Jacksum at https://jacksum.net, and https://github.com/jonelo/jacksum. If you don't like the CLI, you can also use the File Browser Integration which comes with a GUI called HashGarten which is available for Microsoft Windows, macOS, and GNU/Linux.

Announcement: HashGarten - a GUI for Jacksum

Announcement

I am pleased to announce HashGarten - a GUI for Jacksum. 

What the heck ...

Well, for those who don't know what I am talking about ...

• A GUI is a graphical user interface
• A hash is the result of a hash function. A hash function maps a bit string of arbitrary length to a bit string of fixed length. In other words, a hash is like a fingerprint for data, and you can use hashes to verify integrity of files for instance.
  
• Jacksum is the free, friendly, and open source hash tool from the neighborhood, Jacksum supports more than 470 hash functions and many features, see also https://jacksum.net
• "Garten" is the German word for "garden" as you guys from the US probably know - it is the same word as in Kindergarten.
  
• HashGarten is the GUI for Jacksum. It allows you to access algorithms and features from Jacksum in a comfortable, graphical way.

Screenshot

HashGarten can run standalone and it can be accessed by the SendTo feature of your file brower, it looks like this (light and dark themes are supported) ...

 

Download

You can download Jacksum and HashGarten as part of the Jacksum File Browser Integration at https://jacksum.net

Credits

The announcement image above was made by using the great graphics from icons8.com and it's Mega Creator.

Both the light and dark look and feel of HashGarten's GUI is powered by the fantastic looking FlatLaF for Java Swing desktop apps, see also https://www.formdev.com/flatlaf/

Eclipse Temurin Download Buttons are now available!

Eclipse Temurin Download Buttons are now available at https://adoptium.net/de/temurin/buttons/ to promote Eclipse Temurin.

Eclipse Temurin is the name of the OpenJDK distribution from Adoptium. Those free prebuild OpenJDK binaries are great for both developing and running (not only) FOSS that is written in Java.

The button request was initiated by issue https://github.com/adoptium/website-v2/issues/395 ;-)

Oh, and just in case you have set Security Headers at your Web Server, don't forget to adjust your Content Security Policy so that the images from adoptium.net can be loaded properly. See also https://scotthelme.co.uk/content-security-policy-an-introduction/

Find algorithms to a hash value using Jacksum

 If you need to find the algorithm to a CRC, checksum or hash value you can use Jacksum.

For those who don't know: Jacksum is a free and cross platform data integrity software tool. For more information go to https://jacksum.net

Let's keep things simple and let's pretend that you know your algorithm returns a message digest of 16 bits, and the the message digest is d893 in hex, lowercase. Input was 050000 in hex, lowercase. You can call jacksum with the following options:

• Option -a unknown:16 means you don't know the algorithm, but at least you know it returns 16 bits
• Option -E hex means you want a hexadecimal encoding for the message digest
• Option -q hex:050000 means you want to calcualate the message digest from the hex input 050000 quickly
• Option -e d893 means an expected hash value of d893, expressed as hex
  

jacksum -a unknown:16 -q hex:050000 -E hex -e d893 

produces the following output:

Trying 13 algorithms with a width of 16 bits that are supported by Jacksum 3.0.0 ...

Trying 30 CRC algorithms with a width of 16 bits by testing against well known CRCs ...
crc:16,1021,FFFF,false,false,FFFF
    --> CRC-16/GENIBUS

Trying all CRC algorithms with a width of 16 bits by brute force (be patient!) ...
crc:16,1021,FFFF,false,false,FFFF
crc:16,37D2,FFFF,true,false,FFFF
crc:16,3E2D,0000,true,false,FFFF
crc:16,4175,FFFF,true,false,FFFF
crc:16,4A5B,FFFF,true,true,0000
crc:16,5A41,FFFF,true,false,FFFF
crc:16,5C63,FFFF,true,true,0000
crc:16,6287,FFFF,true,true,0000
crc:16,649C,0000,false,true,FFFF
crc:16,6D55,FFFF,true,true,0000
crc:16,75AC,FFFF,true,false,FFFF
crc:16,7D64,FFFF,false,false,FFFF
crc:16,81A6,FFFF,true,false,FFFF
crc:16,B9F9,FFFF,true,true,0000
crc:16,C3D6,FFFF,false,false,FFFF
crc:16,D436,0000,true,false,FFFF
crc:16,D6D2,0000,false,true,FFFF
crc:16,DA9C,FFFF,true,false,FFFF
crc:16,E03E,FFFF,false,false,FFFF
crc:16,F701,FFFF,true,false,FFFF


Jacksum: algorithms tested: 1048620
Jacksum: algorithms found: 21

Jacksum: elapsed time: 6 s, 460 ms

Means Jacksum has tested more than one million algorithms in about 7 seconds and it found 21 matching algorithms. Each of those returns the same CRC value. Test with more input/output sequences and/or longer input sequences in order to find the right algorithm. The most likely algorithm is printed with a name if it is a well known CRC. In this example it has been identified as the CRC-16/GENIBUS.

Once you have identified the correct algorithm, you can calculate your own input data using the CRC definitions that have been found:

jacksum -a crc:16,1021,FFFF,false,false,FFFF -E hex -q hex:050000
d893 3

The output "d893 3" means that 3 bytes have been read (050000) in order to produce the 16 bit (2 byte) hexadecimal value d893 using the algorithm as defined by -a.

Mission completed.

Cheers,
Johann

Be very careful with echo on Windows

Recently one of my users of Jacksum reported a strange behavior if echo is used on Microsoft Windows.

For those who don't know: Jacksum is a data integrity tool which can (not only) calculate and verify hash values. For more information go to https://jacksum.net

So the report (which was sent privately to me) was this:

jacksum -q "txt:Hello World!"
d0e47486bbf4c16acac26f8b653592973c1362909f90262877089f9c8a4536af

that is correct, but if Jacksum reads from stdin and echo on Windows is used, it returns a completely different hash:

echo "Hello World!" | jacksum -
61ab266cecda9b9885aedbbb5b3d9914738cec74930301ec7b68312b6b436b8b <stdin>

Is Jacksum right?

Yes, Jacksum is right. The problem is with the echo command on Windows!

I started Jacksum with "--verbose summary" which gives us additional information:

echo "Hello World!" | jacksum --verbose summary -
61ab266cecda9b9885aedbbb5b3d9914738cec74930301ec7b68312b6b436b8b <stdin>

Jacksum: files read successfully: 1
Jacksum: files read with errors: 0
Jacksum: total bytes read: 17
Jacksum: total bytes read (human readable): 17 bytes

Jacksum: elapsed time: 139 ms

As you can see, Jacksum have read 17 bytes from stdin (the 3rd line of the summary). "Hello World!" (without quotes) are just 12 characters, what are the other 5 characters?

I pasted the output of echo to a file ...

echo "Hello World!" > hello.txt

and loaded the file in a hex editor (https://hexed.it will work perfectly well for that task)

As you can see, the Windows echo

- does not only transfers the Hello World! to the pipe (Hello World! => 12 bytes), but also ...
- it appends the Windows carriage return, line feed chars (0x0D, 0x0A => 2 bytes) which is expected on Windows
- it doesn't strip the quotes (2x" => 2 bytes) - which is probably not known to everybody, and
- ATTENTION!: it doesn't strip the blank that is between the 2nd quote (") and the redirection sign (>) => 1 byte

That means a 

echo "Hello World!"        > hello2.txt

would even add more blanks to the output.

And even if we would do this:

echo Hello World!> hello3.txt

the CR LF will always be there, because there is no -n option (which GNU/Linux and macOS have for example).

So the workaround on Microsoft Windows 10 we found is this:

echo | set /p="Hello World!" | jacksum -
d0e47486bbf4c16acac26f8b653592973c1362909f90262877089f9c8a4536af <stdin>

which produces the expected hash.

Mission completed.

BTW, on GNU/Linux and macOS you can still use echo as expected, but you need to use single quotes rather than double quotes, because the ! has a special meaning on many *nix-shells:

$ echo -n 'Hello World!' | jacksum -
d0e47486bbf4c16acac26f8b653592973c1362909f90262877089f9c8a4536af <stdin>

Cheers,
Johann