Looking for someone to collaborate disassembling Seagate ROM

[fzabkar]

if Binwalk returns a very high entropy so either the FW/blob is compressed or encrypted.

How would one approach such scenarios where there are no magic numbers localized?

ISTM that the boot code would need to be disassembled first. This should contain the algorithm for decompressing/decrypting the rest of the firmware.

[sourcerer]

If there is high entropy and no visible magic numbers, then you have several approaches:
* Try other analytical tools like binwalk, radare2, file, ... on it
* Analyzing the firmware updater, sometimes it contains an unpacking/decryption routine and the key that can be used
* Analyzing different versions of the firmware, or firmware for different models from the same vendor, or firmware of different products that are using the same CPU
* Dumpster Diving in the Firmware update package, e.g. ISO images often contain deleted files that can be recovered, which contain interesting information
* Try various unpackers on it
* More intensive Cryptanalysis (Index of Coincidence, Dieharder, fine-grained entropy analysis, searching for repeated patterns, search for XOR patterns and similar things, ...)
* Do power sidechannel attacks on the decryption/decoding and identify the algorithm that way
* Depackage the chip, photograph it, search for Mask-ROMs
* Try active power-glitching attacks on the chip and see how it behaves
* Search for flaws in the keymanagement (zeroized initialisation vectors, ... things that developers who are no crypto experts usually get wrong)

[sin]

Thanks for putting so much of light on this subject.

love you Sourcerer...uve been such an amazing friend and a mentor..

Thanks bud

--

[franciscok]

Suggest using https://binvis.io/ to help looking inside the firmware to identify special areas of the firmware.