[stefan_]

The result of this diligent process, of course, is how a broken CRC16 routine got shipped in this medical product.

It's the most trivial thing. Copy a public domain CRC16 routine, add a unit test with a test vector.

[joezydeco]

Can you be sure it wasn’t a badly implemented form of obsfucatiom?

It certainly slowed down the reverse engineers. If they didn’t get to the object code what would the next step have been? Cryptographic analysis?

[stefan_]

5 of the bits were never set in their "obfuscated" variant? If you want to obfuscate CRC16 you would just choose a randomized starting value.

[joezydeco]

I didn't say it was implemented well. Perhaps they should changing shift operators would quietly change the values without any disturbance to checksum integrity.