All times are UTC - 5 hours [ DST ]


Forum rules


Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...



Post new topic Reply to topic  [ 36 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 19th, 2016, 16:10 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
Sorry, I don't have the Linux SFX file, and I don't have a serial and model number for Seagate's download finder (previously I used an SN belonging to a Seagate user).

I don't know anything about DES, but some quick reading would suggest that it encrypts the data in 8-byte blocks. This seems consistent with the CFS file sizes for the GrenadaBP and Kahuna updates.

Code:
GPCC2949.CFS (432 bytes = 8 x 54)

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  74 A3 B2 C7 91 E6 09 73 B3 FA E9 81 CE F4 67 19  t£²Ç‘æ.s³úé.Îôg.
00000010  BE EE F4 51 C4 FB F9 4B 62 01 82 56 1B BA A4 6E  ¾îôQÄûùKb.‚V.º¤n

Code:
KH-SM15.CFS (248 bytes = 8 x 32)

Offset(h) 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F

00000000  74 A3 B2 C7 91 E6 09 73 B3 FA F1 83 32 71 27 19  t£²Ç‘æ.s³úñƒ2q'.
00000010  D8 F8 A4 3C E6 9D D0 44 1C 58 78 4C 8C 08 C0 7F  Øø¤<æ.ÐD.XxLŒ.À.

However, I see that the first 10 bytes are identical rather than 8. Does that make sense?

Could these bytes be "029881 <CR> <LF> ST" ?

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 19th, 2016, 16:19 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
The following CAB has various sections that look interesting.

Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.cab

    builder/decryptcfsfile.xml
    builder/encryptcfgfile.xml
    scripts/ata/decryptcfsfile.ss
    scripts/ata/encryptcfgfile.ss

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 19th, 2016, 17:06 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
I notice that that the OEM shell script (isolinux\tinycore_Seagate.gz\tinycore_Seagate\usr\bin\oemshell.sh) has the following code:

Quote:
safeexecute "/usr/bin/STECon -delayOnExit -colorizePassFail -USBSTELogs $dataDirectory -scriptcab /root/Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.cab Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.xml"

AISI, the command selects a particular module in the CAB and executes it.

Would it be OK to replace ...

    Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.xml

... with ...

    builder/decryptcfsfile.xml

... or ...

    scripts/ata/decryptcfsfile.ss

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 19th, 2016, 17:10 
Offline

Joined: October 24th, 2005, 17:04
Posts: 242
fzabkar wrote:
The following CAB has various sections that look interesting.

Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.cab

    builder/decryptcfsfile.xml
    builder/encryptcfgfile.xml
    scripts/ata/decryptcfsfile.ss
    scripts/ata/encryptcfgfile.ss


and more than 100 scripts (.ss) for STECon


Quote:
Sorry, I don't have the Linux SFX file

this tar - file where packed loaders,CFS and dl_sea_fw(ELF)


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 19th, 2016, 17:12 
Offline

Joined: October 24th, 2005, 17:04
Posts: 242
Moltke wrote:
fzabkar wrote:
The following CAB has various sections that look interesting.

Firmware_Download_-_Barracuda-GrenadaBP-CC29_or_CC49_-ANAT.cab

    builder/decryptcfsfile.xml
    builder/encryptcfgfile.xml
    scripts/ata/decryptcfsfile.ss
    scripts/ata/encryptcfgfile.ss


and more than 100 scripts (.ss) for STECon


Quote:
Sorry, I don't have the Linux SFX file

this tar - file where packed loaders,CFS and dl_sea_fw(ELF)


Quote:
... with ...

builder/decryptcfsfile.xml


... or ...

scripts/ata/decryptcfsfile.ss

which are also encrypted


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 19th, 2016, 20:18 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
Moltke wrote:
Quote:
Sorry, I don't have the Linux SFX file

this tar - file where packed loaders,CFS and dl_sea_fw(ELF)

OK, I see "_shadow_DES_check_key" in the ISO image. I can't understand why the first 10 bytes of the GrenadaBP and Kahuna CFS files are identical, though. ISTM that if DES encryption were being used, then it would be highly unlikely for bytes 9 and 10 to be identical.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 20th, 2016, 7:45 
Offline

Joined: October 24th, 2005, 17:04
Posts: 242
fzabkar wrote:
I can't understand why the first 10 bytes of the GrenadaBP and Kahuna CFS files are identical, though.

interesting observation. maybe this key is encrypted with the same algorithm ?
i.e newCFS=enc(key) || enc(body). and the key is the same ?

I have no update for Kahuna.


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 20th, 2016, 15:50 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
The Kahuna update is here:

http://files.hddguru.com/download/Firmw ... V-SM15.zip (36MB)

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 20th, 2016, 18:23 
Offline

Joined: October 24th, 2005, 17:04
Posts: 242
thank you. it is also SFX file I was talking about. ( linux cli tools)


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 20th, 2016, 18:29 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
I see. I don't have the SFX for the GrenadaBP. I suspect that I extracted the ISO, and then deleted the ZIP.

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 20th, 2016, 18:42 
Offline

Joined: October 24th, 2005, 17:04
Posts: 242
fzabkar wrote:
I see. I don't have the SFX for the GrenadaBP. I suspect that I extracted the ISO, and then deleted the ZIP.

https://mega.nz/#!1AMWCBBJ


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 21st, 2016, 8:03 
Offline

Joined: October 24th, 2005, 17:04
Posts: 242
fixed the link
http://rghost.ru/8mCw5n9W6


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: January 30th, 2016, 1:07 
Offline
User avatar

Joined: April 22nd, 2015, 20:32
Posts: 413
Location: Portugal
This research is amazing... I wonder how many years more I'll need until I get so much knowledge :shock:

_________________
BTC Wallet - 3AoQPTBsz9PbfoanCx44Lw76Y2TwtKa1x5
Instagram https://www.instagram.com/datarecovery_morde.pt/


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: August 29th, 2016, 13:13 
Offline

Joined: December 14th, 2013, 17:10
Posts: 210
Location: istanbul
Can i use sd1a.exe for sd1a.cfs

Quote:
FDL464.EXE -m Moose -f SD1A2D.LOD -i ST3500320AS -s -x -b -v -a 20

FDL464.EXE -h ms-sd1a.cfs -s -x -b -v -a 20


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: November 12th, 2016, 18:57 
Offline
User avatar

Joined: September 8th, 2009, 18:21
Posts: 15461
Location: Australia
fzabkar wrote:
cbcb wrote:
Since you've already essentially shown one of the algorithms (byte +/- 0x9, with some modulo) is there any reason not to post the src, so that people don't have to run under DOS?

Embarrassment.

I'm not a programmer, so the code is ugly. Secondly, it was written in the DOS 6.22 version of QBasic which does not have support for byte variables among other things, so I had to do some horrible kludging.

In any case I can't find it on my current drive, so I would have to dig through my backup DVDs. I had been meaning to rewrite it in FreeBasic but never got around to it.

Here is my FreeBasic version:
http://www.hddoracle.com/download/file.php?id=3698

_________________
A backup a day keeps DR away.


Top
 Profile  
 
 Post subject: Re: Analysis of Seagate F3 Firmware Update
PostPosted: November 13th, 2016, 13:15 
Offline

Joined: November 5th, 2016, 11:52
Posts: 1
Location: Ukraine
Moltke,
hello! I need a help in writing of script for the utility of ZOC.Help please!


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 36 posts ]  Go to page Previous  1, 2

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group