Switch to full style
In-depth technology research: finding new ways to recover data, accessing firmware, writing programs, reading bits off the platter, recovering data from dust.

Forum rules

Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...
Post a reply

Re: Analysis of Seagate F3 Firmware Update

January 19th, 2016, 16:10

Sorry, I don't have the Linux SFX file, and I don't have a serial and model number for Seagate's download finder (previously I used an SN belonging to a Seagate user).

I don't know anything about DES, but some quick reading would suggest that it encrypts the data in 8-byte blocks. This seems consistent with the CFS file sizes for the GrenadaBP and Kahuna updates.

Code:
GPCC2949.CFS (432 bytes = 8 x 54)

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  74 A3 B2 C7 91 E6 09 73 B3 FA E9 81 CE F4 67 19  t£²Ç‘æ.s³úé.Îôg.
00000010  BE EE F4 51 C4 FB F9 4B 62 01 82 56 1B BA A4 6E  ¾îôQÄûùKb.‚V.º¤n

Code:
KH-SM15.CFS (248 bytes = 8 x 32)

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  74 A3 B2 C7 91 E6 09 73 B3 FA F1 83 32 71 27 19  t£²Ç‘æ.s³úñƒ2q'.
00000010  D8 F8 A4 3C E6 9D D0 44 1C 58 78 4C 8C 08 C0 7F  Øø¤<æ.ÐD.XxLŒ.À.

However, I see that the first 10 bytes are identical rather than 8. Does that make sense?

Could these bytes be "029881 <CR> <LF> ST" ?

Re: Analysis of Seagate F3 Firmware Update

January 19th, 2016, 16:19

The following CAB has various sections that look interesting.

Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.cab

    builder/decryptcfsfile.xml
    builder/encryptcfgfile.xml
    scripts/ata/decryptcfsfile.ss
    scripts/ata/encryptcfgfile.ss

Re: Analysis of Seagate F3 Firmware Update

January 19th, 2016, 17:06

I notice that that the OEM shell script (isolinux\tinycore_Seagate.gz\tinycore_Seagate\usr\bin\oemshell.sh) has the following code:

safeexecute "/usr/bin/STECon -delayOnExit -colorizePassFail -USBSTELogs $dataDirectory -scriptcab /root/Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.cab Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.xml"

AISI, the command selects a particular module in the CAB and executes it.

Would it be OK to replace ...

    Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.xml

... with ...

    builder/decryptcfsfile.xml

... or ...

    scripts/ata/decryptcfsfile.ss

Re: Analysis of Seagate F3 Firmware Update

January 19th, 2016, 17:10

fzabkar wrote:The following CAB has various sections that look interesting.

Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.cab

    builder/decryptcfsfile.xml
    builder/encryptcfgfile.xml
    scripts/ata/decryptcfsfile.ss
    scripts/ata/encryptcfgfile.ss


and more than 100 scripts (.ss) for STECon


Sorry, I don't have the Linux SFX file

this tar - file where packed loaders,CFS and dl_sea_fw(ELF)

Re: Analysis of Seagate F3 Firmware Update

January 19th, 2016, 17:12

Moltke wrote:
fzabkar wrote:The following CAB has various sections that look interesting.

Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.cab

    builder/decryptcfsfile.xml
    builder/encryptcfgfile.xml
    scripts/ata/decryptcfsfile.ss
    scripts/ata/encryptcfgfile.ss


and more than 100 scripts (.ss) for STECon


Sorry, I don't have the Linux SFX file

this tar - file where packed loaders,CFS and dl_sea_fw(ELF)


... with ...

builder/decryptcfsfile.xml


... or ...

scripts/ata/decryptcfsfile.ss

which are also encrypted

Re: Analysis of Seagate F3 Firmware Update

January 19th, 2016, 20:18

Moltke wrote:
Sorry, I don't have the Linux SFX file

this tar - file where packed loaders,CFS and dl_sea_fw(ELF)

OK, I see "_shadow_DES_check_key" in the ISO image. I can't understand why the first 10 bytes of the GrenadaBP and Kahuna CFS files are identical, though. ISTM that if DES encryption were being used, then it would be highly unlikely for bytes 9 and 10 to be identical.

Re: Analysis of Seagate F3 Firmware Update

January 20th, 2016, 7:45

fzabkar wrote: I can't understand why the first 10 bytes of the GrenadaBP and Kahuna CFS files are identical, though.

interesting observation. maybe this key is encrypted with the same algorithm ?
i.e newCFS=enc(key) || enc(body). and the key is the same ?

I have no update for Kahuna.

Re: Analysis of Seagate F3 Firmware Update

January 20th, 2016, 15:50

The Kahuna update is here:

http://files.hddguru.com/download/Firmw ... V-SM15.zip (36MB)

Re: Analysis of Seagate F3 Firmware Update

January 20th, 2016, 18:23

thank you. it is also SFX file I was talking about. ( linux cli tools)

Re: Analysis of Seagate F3 Firmware Update

January 20th, 2016, 18:29

I see. I don't have the SFX for the GrenadaBP. I suspect that I extracted the ISO, and then deleted the ZIP.

Re: Analysis of Seagate F3 Firmware Update

January 20th, 2016, 18:42

fzabkar wrote:I see. I don't have the SFX for the GrenadaBP. I suspect that I extracted the ISO, and then deleted the ZIP.

https://mega.nz/#!1AMWCBBJ

Re: Analysis of Seagate F3 Firmware Update

January 21st, 2016, 8:03

fixed the link
http://rghost.ru/8mCw5n9W6

Re: Analysis of Seagate F3 Firmware Update

January 30th, 2016, 1:07

This research is amazing... I wonder how many years more I'll need until I get so much knowledge :shock:

Re: Analysis of Seagate F3 Firmware Update

August 29th, 2016, 13:13

Can i use sd1a.exe for sd1a.cfs

FDL464.EXE -m Moose -f SD1A2D.LOD -i ST3500320AS -s -x -b -v -a 20

FDL464.EXE -h ms-sd1a.cfs -s -x -b -v -a 20

Re: Analysis of Seagate F3 Firmware Update

November 12th, 2016, 18:57

fzabkar wrote:
cbcb wrote:Since you've already essentially shown one of the algorithms (byte +/- 0x9, with some modulo) is there any reason not to post the src, so that people don't have to run under DOS?

Embarrassment.

I'm not a programmer, so the code is ugly. Secondly, it was written in the DOS 6.22 version of QBasic which does not have support for byte variables among other things, so I had to do some horrible kludging.

In any case I can't find it on my current drive, so I would have to dig through my backup DVDs. I had been meaning to rewrite it in FreeBasic but never got around to it.

Here is my FreeBasic version:
http://www.hddoracle.com/download/file.php?id=3698

Re: Analysis of Seagate F3 Firmware Update

November 13th, 2016, 13:15

Moltke,
hello! I need a help in writing of script for the utility of ZOC.Help please!
Post a reply