All times are UTC - 5 hours [ DST ]


Forum rules


Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...



Post new topic Reply to topic  [ 24 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Looking for someone to collaborate disassembling Seagate
PostPosted: April 8th, 2021, 16:13 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 13117
Location: Australia
sin wrote:
if Binwalk returns a very high entropy so either the FW/blob is compressed or encrypted.

How would one approach such scenarios where there are no magic numbers localized?

ISTM that the boot code would need to be disassembled first. This should contain the algorithm for decompressing/decrypting the rest of the firmware.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Looking for someone to collaborate disassembling Seagate
PostPosted: April 9th, 2021, 3:58 
Offline

Joined: August 13th, 2016, 17:10
Posts: 120
Location: Vienna, Austria
If there is high entropy and no visible magic numbers, then you have several approaches:
* Try other analytical tools like binwalk, radare2, file, ... on it
* Analyzing the firmware updater, sometimes it contains an unpacking/decryption routine and the key that can be used
* Analyzing different versions of the firmware, or firmware for different models from the same vendor, or firmware of different products that are using the same CPU
* Dumpster Diving in the Firmware update package, e.g. ISO images often contain deleted files that can be recovered, which contain interesting information
* Try various unpackers on it
* More intensive Cryptanalysis (Index of Coincidence, Dieharder, fine-grained entropy analysis, searching for repeated patterns, search for XOR patterns and similar things, ...)
* Do power sidechannel attacks on the decryption/decoding and identify the algorithm that way
* Depackage the chip, photograph it, search for Mask-ROMs
* Try active power-glitching attacks on the chip and see how it behaves
* Search for flaws in the keymanagement (zeroized initialisation vectors, ... things that developers who are no crypto experts usually get wrong)


Top
 Profile  
 
 Post subject: Re: Looking for someone to collaborate disassembling Seagate
PostPosted: April 10th, 2021, 18:17 
Offline

Joined: September 17th, 2016, 16:06
Posts: 286
Location: India
Thanks for putting so much of light on this subject.

love you Sourcerer...uve been such an amazing friend and a mentor..

Thanks bud

--


Top
 Profile  
 
 Post subject: Re: Looking for someone to collaborate disassembling Seagate
PostPosted: April 17th, 2021, 0:21 
Offline

Joined: April 6th, 2021, 14:50
Posts: 3
Location: Brasil
Suggest using https://binvis.io/ to help looking inside the firmware to identify special areas of the firmware.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 24 posts ]  Go to page Previous  1, 2

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 7 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group