Reverse Engineering on a Download file
I am trying to do some reverse engineering on a hardware(Bristol Babcock 3310). I some how managed to find out the dump of the software that is used to download a (compiled) file into the hardware. I am trying to find out the way it is downloading that file into the hardware. The MAXIMUM MESSAGE SIZE IS 224 Bytes of data (224 bytes in the file) Here is the sequence of download from the dump:
1) Send the download initiate message to the hardware, get the acknowledge back from the hardware.
2)Send the Base segment Address message to the hardware (0x2000)(in all the downloads, no matter what version of the file being downloaded, the segment base address (2 bytes) don't change.
3)Send the first part of the compiled file
4)Send another Segment Base Address message to the hardware (0x3000), same comments apply as in point 2.
5) Send the remaining bytes of the file.
Here is an example:
Let's say file size is 44339 Bytes
following the above sequence:
1)Send a download initiate message (to tell the hardware new download file is comming, get the ack from the hardware)
2)Send the FIRST SEGMENT BASE ADDRESS Message (with the segment address 0x2000)
3) Get the Ack back, then start sending the file to the harware, remeber maximum bytes per message is 224 (next message = previous_message + 224)
4)At 15904 Bytes, sends another packet of 224 bytes. The total number of bytes sent to the harware after this message will be 16128 bytes, remaining bytes in the file would be (44439 - 16,128 = .28311)
5)At 16,128 Bytes, it sends another message but not with 224 bytes, but this time with 176 bytes, so the total number of bytes being sent after this message will be (16,304). Remaining bytes in the file will be (44339 - 16304 = .28135)
6)After this meesage, it Sends the SECOND SEGMENT BASE ADDRESS Message (with the segment base address of 0x3000)
7)After getting the Ack back, it starts sending the remaining bytes in the file starting from where it left off, before sending the second base address message.
8)Every packet of message goes with 224 bytes: New message = Previous_message+224)
9)Then at 28000 bytes, it will send the last message containing the remaining bytes (135).
My questions are as follows:
1)Why is it spliting the file into different segments (first 16,128, second 28,000), is there a specific reason for this kind of a split? file could be split into any two segment, of equal size, 1/3, 1/4, etc? why a specific scheme is chosen?
2)If this split has a specific reason, then what's that reason is?
3)How can i generalize this and write a code (algorithm for this)?
4)If i try to send the file with some different settings like the one explained above, the hardware does not accept it?
if we look at the numbers of segments, then it is split into two such segments which are dividable to 224, or whose remainder is 0 (16128, 28000 the total is 44128 having offset1(176), offset2(135), then the last two messages with the offset1 and offset2. But this can be done in different approach as well like below:
Total file Size: 44339
Closed dividable number to 224: 44352
Offset is : 87 (which can be divided into 50(offset1) & 27(offset2))
But this configuration is not accepted by the harware.
So please help me out in this, i am realy getting confused and frustrated by playing with all these number...any help will be highly appreciated. Thanks in advance