Checksum inside Altera FPGA .jic file

Question

I'm modifying a firmware file (.jic) JTAG Indirect Configuration File with a small algorithm, but changing data inside the file makes it unusable because there is a checksum somewhere in the file that has to be updated.

I need to find where is a checksum inside .jic file and decipher which algorithm is used (crc32, etc).

The bits on each byte are reversed and I inspected the normal and the reversed bit file with no success.

Does someone know or is there a way to find out where are is the checksum data inside the .jic file?

Answer 1

It’s likely CRC-16-IBM-SLDC, which is the last two bytes of the .jic file. Remove those, rerun CRC on altered firmware, add the new one back.

See e.g. here for an example https://github.com/Tsarpf/intellij-shapeshifter-serum-wavetables/blob/master/wavewriter.py#L71

In my case I compared two different .jic files to find that in addition the header version information, mainly the last two bytes differed. Then to find the CRC algorithm parameters I used CRC RevEng.

Answer 2

You need to generate a .rpd file. This data will be loaded into the FPGA at power-up. This is what you will see if you read flash memory byte-by-byte after loading .jic.

Answer 3

Not by starting from a .jic file. But if the data you're trying to update is initialized from a .hex or .mif file, you can use quartus_cdb --update_mif to perform a partial recompilation of your project. (This is also available in the IDE as "Update Memory Initialization File".)

Answer 4

If you have access to the software that creates .jic files (e.g. Quartus) you can create two .jic files with one bit of difference and compare the two outputs (the two .jic) files. It should give you a hint about where the check is located (if there is one)