Develop Reference

Unable to get the correct CRC16 with a given Polynomial

I'm struggling with an old radiation sensor and his communication protocol.
The sensor is event driven, the master starts the communication with a data transmission or a data request.
Each data telegram uses a CRC16 to check only the variable data block and a CRC8 to check all the telegram.
My main problem is the crc16, According to the datasheet the poly used to check the data block is: CRC16 = X^14 + X^12 + X^5 + 1 --> 0x5021 ??
I captured some data with a valid CRC16 and tried to replicate the expected value in order to send my own data transmission, but I can't get the same value.
I'm using the sunshine CRC calculator trying any possible combination with that poly.
I also try CRC Reveng but no results.
Here are a few data with the correct CRC16:.
Data | CRC16 (MSB LSB)
14 00 00 0A | 1B 84
15 00 00 0C | 15 88
16 00 00 18 | 08 1D
00 00 00 00 | 00 00
00 00 00 01 | 19 D8
00 00 00 02 | 33 B0
01 00 00 00 | 5A DC
08 00 00 00 | c6 c2
10 00 00 00 | 85 95
80 00 00 00 | 0C EC
ff ff ff ff | f3 99
If I send an invalid CRC16 in the telegram, the sensor send a negative acknowledge with the expected value, so I can try any data in order to test or get more examples if needed.
if useful, the sensor uses a 8bit 8051 microprocessor, and this is an example of a valid CRC8 checked with sunshine CRC:
CRC8 = X^8 + X^6 + X^3 + 1 --> 0x49
Input reflected Result reflected
control byte | Data |CRC16 | CRC8
01 0E 01 00 24 2A 06 ff ff ff ff f3 99 |-> 0F
Any help is appreciated !

Looks like a typo on the polynomial. An n-bit CRC polynomial always starts with xn. Like your correct 8-bit polynomial. The 16-bit polynomial should read X16 + X12 + X5 + 1, which in fact is a very common 16-bit CRC polynomial.
To preserve the note in the comment, the four data bytes in the examples are swapped in each pair of bytes, which needs to be undone to get the correct CRC. (The control bytes in the CRC8 example are not swapped.)
So 14 00 00 0a becomes 00 14 0a 00, for which the above-described CRC gives the expected 0x1b84.
I would guess that the CRC is stored in the stream also swapped, so the message as bytes would be 00 14 0a 00 84 1b. That results in a sequence whose total CRC is 0.

Use wireshark to analyze raw stream without frame seperator

My wifi sniff device can output data to a raw file. But it may begin with the middle of a frame, and each frame starts right after another. A pcap file must contain packet headers, which I don't have. So I tried to discard the half complete frame at the beginning of the file, and put the rest into a pcap file with one packet. Then wireshark can analyze the first frame, even with wrong packet size.
My question is how to make wireshark analyze the remaining frames ?
Edit: This is a sample pcap with 2 frame, but without the second packet header
00000000 D4 C3 B2 A1 02 00 04 00 00 00 00 00 00 00 00 00 Ôò¡............
00000010 FF FF 00 00 69 00 00 00 05 00 00 00 00 00 00 00 ÿÿ..i...........
00000020 80 00 00 00 80 00 00 00 08 02 00 00 01 00 5E 00 €...€.........^.
00000030 00 FC E8 94 F6 3C 5F 40 20 68 9D 9A 4B D7 70 73 .üèâ€Ã¶<_# h.Å¡K×ps
00000040 AA AA 03 00 00 00 08 00 46 00 00 20 38 F8 00 00 ªª......F.. 8ø..
00000050 01 02 48 D5 C0 A8 01 66 E0 00 00 FC 94 04 00 00 ..HÕÀ¨.fà..üâ€...
00000060 16 00 09 03 E0 00 00 FC 08 02 00 00 01 00 5E 7F ....à..ü......^.
00000070 FF FA E8 94 F6 3C 5F 40 20 68 9D 9A 4B D7 F0 75 ÿúèâ€Ã¶<_# h.Å¡K×ðu
00000080 AA AA 03 00 00 00 08 00 46 00 00 20 38 F9 00 00 ªª......F.. 8ù..
00000090 01 02 39 D6 C0 A8 01 66 EF FF FF FA 94 04 00 00 ..9ÖÀ¨.fïÿÿúâ€...
000000A0 16 00 FA 04 EF FF FF FA ..ú.ïÿÿú

My question is how to make wireshark analyze the remaining frames ?
Detect the beginnings and ends of frames in your bit sequence, and put each frame into a separate record in the pcap file.
If there's nothing in the bit sequence to allow your software to determine where one frame ends and another frame begins, there's nothing in the bit sequence to allow Wireshark to do so, so if you want to have Wireshark analyzer frames past the first frame, you are FORCED to ensure that there's something in the bit stream to determine frame boundaries, and you might as well have your software break the bit stream into frames.

Is posible to get Beacon advert in IOS without using the 0x004c Apple Company Identifier

I have developed an Android app in order to get data from a iBeacon, as I could get the raw data I had no problems doing it, but in IOS it is not posible and it seems as if it was no posible to receive packets which don't have Apple Company Identifier 0x004c into the advert. Is posible to receive adverts from devices which advert using other Company Identifiers?
If it is posible, would be posible to receive the Company Identifier code?
I wasn't able to find anything in the documentation provided by Apple or searching in several forums.
Any idea will be really welcome.
The sniffer capture the following:
Nordic Semiconductors' Company Identifier:
+----------------------------------------------------+----------------- - - -
| Packet sniffer frame header |
+----+-------------+-------------------------+-------+
|info| Packet nbr. | Time stamp | Length| Packet data
+----+-------------+-------------------------+-------+----------------- - - -
| 01 | 0C 00 00 00 | 49 12 27 44 00 00 00 00 | 30 00 | 2F D6 BE 89 8E 40 24 4E A0 C3 8B 04 FF 02 01 04 1A FF 59 00 02 15 01 12 23 34 45 56 67 78 89 9A AB BC CD DE EF F0 00 01 00 01 BB BA 88 BA 37 A5
+----+-------------+-------------------------+-------+----------------- - - -
Apple's Company Identifier:
+----------------------------------------------------+----------------- - - -
| Packet sniffer frame header |
+----+-------------+-------------------------+-------+
|info| Packet nbr. | Time stamp | Length| Packet data
+----+-------------+-------------------------+-------+----------------- - - -
| 01 | 01 00 00 00 | ED 07 68 00 00 00 00 00 | 30 00 | 2F D6 BE 89 8E 40 24 E4 98 E6 3C 1B 5D 02 01 1A 1A FF 4C 00 02 15 01 12 23 34 45 56 67 78 89 9A AB BC CD DE EF F0 00 00 00 00 C5 E8 19 24 3A A5
+----+-------------+-------------------------+-------+----------------- - - -
Regards
Iván

No, it is not possible to read the raw bytes of a beacon advertisement in iOS using CoreBluetooth or otherwise access the company code or other fields. You can only get the fields provided by CoreLocation, basically the three part beacon identifier. See here: http://developer.radiusnetworks.com/2013/10/21/corebluetooth-doesnt-let-you-see-ibeacons.html
Experimentation shows that CoreLocation APIs will only detect beacon advertisements with a company code of 0x00ff or less -- the most significant byte must be zero.

Instead CoreLocation try to use the CoreBluetooth Framework.
You should have all the BLE information here:
- (void)centralManager:(CBCentralManager *)central didDiscoverPeripheral:(CBPeripheral *)peripheral advertisementData:(NSDictionary *)advertisementData RSSI:(NSNumber *)RSSI.

Encoding binary barcode in Passbook

I have to integrate Passbook with a website that provides PDF417 barcodes with data encoded in binary (as opposed to text), such as this:
Is there any way I can encode this binary chunk in pass.json so that Passbook displays it on the iPhone identically to the original picture?
Again, I cannot switch to text-based barcodes because I do not own the data. Just for clarification, the attached picture contains a PDF417 barcode that, when decoded, contains non-printable characters, such as the NULL character, which is why I refer to it as binary.
UPDATE
This is how the image decodes into a byte array:
01 00 01 00 02 00 E7 C4 B5 96 B8 42 94 B3 B4 75
1A D1 F2 38 92 EA B5 0E 17 5D 0B 2A AA 64 18 CC
28 62 86 E5 74 5D A3 89 09 12 6E D5 7A 1A C9 EE
BF 23 9C E1 60 AD 9E DE 92 6D E5 79 99 C7 91 F1
6A D5 82 2E B6 E3 81 24 F8 0A F8 E6 44 5D 56 D2
00 00 00 00 00 00 40 0D 00 09 20 23 00 96 13 5C
10 EC 0C EA A3 E8 A3 20 30 4B 2A 20 7D 0F BB DF
F7 5E FA 1E 76 F7 40 20 10 08 04 02 81 40 20 30
A3 D5 6C 1A 04 76 14 10
This is how I try to transform it into a utf-8 string:
{"message": "\u0001\u0000\u0001\u0000\u0002\u0000\u00E7\u00C4\u00B5\u0096\u00B8\u0042\u0094\u00B3\u00B4\u0075\u001A\u00D1\u00F2\u0038\u0092\u00EA\u00B5\u000E\u0017\u005D\u000B\u002A\u00AA\u0064\u0018\u00CC\u0028\u0062\u0086\u00E5\u0074\u005D\u00A3\u0089\u0009\u0012\u006E\u00D5\u007A\u001A\u00C9\u00EE\u00BF\u0023\u009C\u00E1\u0060\u00AD\u009E\u00DE\u0092\u006D\u00E5\u0079\u0099\u00C7\u0091\u00F1\u006A\u00D5\u0082\u002E\u00B6\u00E3\u0081\u0024\u00F8\u000A\u00F8\u00E6\u0044\u005D\u0056\u00D2\u0000\u0000\u0000\u0000\u0000\u0000\u0040\u000D\u0000\u0009\u0020\u0023\u0000\u0096\u0013\u005C\u0010\u00EC\u000C\u00EA\u00A3\u00E8\u00A3\u0020\u0030\u004B\u002A\u0020\u007D\u000F\u00BB\u00DF\u00F7\u005E\u00FA\u001E\u0076\u00F7\u0040\u0020\u0010\u0008\u0004\u0002\u0081\u0040\u0020\u0030\u00A3\u00D5\u006C\u001A\u0004\u0076\u0014\u0010";}
However, Passbook does not display an equivalent barcode. In fact, it displays just a few first bytes.

I don't think you want to decode the binary data of the image, but instead want to read the data from the barcode as if it were scanned.
You could use a service like http://zxing.org/w/decode.jspx which gives you the value of the barcode as if it were being scanned.
Send the 'Raw Text' value to pass.json.
I haven't used this service, but after a quick read I'm assuming it goes in 'message' below:
"barcode" : {
"message" : "ABCD 123 EFGH 456 IJKL 789 MNOP",
"format" : "PKBarcodeFormatPDF417",
"messageEncoding" : "iso-8859-1"
}
ref: https://developer.apple.com/library/ios/documentation/UserExperience/Conceptual/PassKit_PG/Chapters/Creating.html#//apple_ref/doc/uid/TP40012195-CH4-SW1

Why execution of a portion of code loaded from an external file is not halted by DEP?

I've harnessed a project released on internet a long time ago. Here comes the details, all irrelevant things being stripped off for sake of concision and clarity.
A binary file whose content is descibed below
HEX DUMP:
55 89 E5 83 EC 08 C7 45 FC 00 00 00 00 8B 45 FC
3B 45 10 72 02 EB 19 8B 45 FC 8B 55 0C 01 C2 8B
45 FC 03 45 08 8A 00 88 02 8D 45 FC FF 00 EB DD
C6 45 FA 00 83 7D 10 01 76 6C 80 7D FA 00 74 02
EB 64 C6 45 FA 01 C7 45 FC 00 00 00 00 8B 45 10
48 39 45 FC 72 02 EB E2 8B 45 FC 8B 4D 0C 01 C1
8B 45 FC 03 45 0C 8D 50 01 8A 01 3A 02 73 30 8B
45 FC 03 45 0C 8A 00 88 45 FB 8B 45 FC 8B 55 0C
01 C2 8B 45 FC 03 45 0C 40 8A 00 88 02 8B 45 FC
03 45 0C 8D 50 01 8A 45 FB 88 02 C6 45 FA 00 8D
45 FC FF 00 EB A7 C9 C2 0C 00 90 90 90 90 90 90
is loaded into memory and executed using the following method snippet
var
MySrcArray,
MyDestArray: array [1 .. 15] of Byte;
// ...
MyBuffer: Pointer;
TheProc: procedure;
SortIt: procedure(ASrc, ADest: Pointer; ASize: LongWord); stdcall;
begin
// Initialization of MySrcArray with random Bytes and display here ...
// Instructions of loading of the binary file into MyBuffer using merely **GetMem** here ...
#SortIt := MyBuffer;
try
SortIt(#MySrcArray, #MyDestArray, 15);
// Display of MyDestArray (The outcome of the processing !)
except
// Invalid code error handling
end;
// Cleaning code here ...
end;
works like a charm on my box.
My Question:
How comes it works without using VirtualAlloc and/or VirtualProtect?

I'm assuming you are asking why this works without being stopped by Data Execute Prevention? For 32-bit programs DEP is opt-in by default meaning that the application must explicitly enable it.
If you change the DEP setting to "Turn on DEP for all programs and services except those I select" then your application will trigger a DEP warning and crash.