eaxi wrote:
I dig in Seagates only, so I can get you easy answer on one of your question:
"How companies Get The Names of Seagate ROM Modules, that its RAP, CAP SAP?"
I present small portion of factory log extracted from Seagate HDD SA, you can find similar logs on many Seagates. You can see the well-known names of ROM components used both by commercial and free soft - they are not invented by third-party DR software makers, they are original Seagates' ones:
Jan 13 2013-07:19:51 Sending Block: 800 of 1025: Size=512
Jan 13 2013-07:20:03 Sending Block: 1000 of 1025: Size=512
Jan 13 2013-07:20:12 Return Data:
PROGRAMMING COMPLETE! ---------------------------------------------------------- VERIFYING FLASH IMAGE... Header: 530B00004800000000000000E2B50400 Header plus boot code checksum verified! Offset Length Type ------ ------ ---- 0x00040 0x598E0 DL_CFW 0x598E0 0x00410 IAP 0x59CF0 0x16000 DL_SFW 0x6FCF0 0x01100 DL_SHELL 0x70DF0 0x00210 DL_CAPM 0x71000 0x0A000 DL_RAPM 0x7B000 0x05000 DL_SAPM Flash Byte size : 0x00080000 Entire flash image checksum: 0x44F0 PASS Done
Jan 13 2013-07:20:12 Flash Load time: 175.861538
..
So to get Seagates' original names and location of ROM components is real simple, but most people are to lazy to do it themselves. You just have to dump WHOLE SA, not only files selected by PC3K, find factory log and compare it with ROM of this disk...
..
As for general discussion:
1) I agree with fzabkar, that many valuable sources come from leaks/"illegal sales" by (ex-)Seagate/WD/... employees. The best example can be full WinFOF leak a few years ago - this was a VERY valuable source, at least for me
I realized, how they prepare their disks for sale.
2) I agree with pepe, that there are still MANY valuable sources for reversing. If someone is concerned with Seagate - I can recommend STECON cracking - this is VERY educational. The first and usually the last
barrier for average user is extracting SeaScripts from these distributions. They are encrypted by proprietary algorithm.
3) Reversing at all, not only concerning HDD firmware, had dramatically collapsed in free world in last 10 years. I will not attach any valuable stuff here, I will not send anything to people who I dont' know in real life. "Pirate-hunters" enjoy their success, because people stopped sharing their knowledge and soft. You can find valuable info mainly on chinese, russian etc sites... Big shame
Of course there is a second reason of reversing fall: knowledge is money
Hi Sir
The Main Question is still remain,
Without Factory software, no one is able to get the Names of Firmware.
without Names and info, its a difficult Job to open each in Hex and find what is happening.
I am a developer, i know how to get commands and how to split the Hex Data in to valuable form.
But without info from the factory software , its not possible.
How WD software are made ? do you think that those 100 of ATA commands can automatically found by just hex editing ? Off course no, it was found from the factory software, used sniffer and get the command. check this original software , what is giving to buffer.
How people know that its SPT, and its Sector, off course its from checking the info from the factory and comparing.
Like if you want to find the WD, how people know that this offset is a password offset.
In module 02, at the start there are the location address and its size of every section of a 02 module
But how people get to know the sections ?
You can make a Simple ATA Program by using T13, only
For Vendor command you need info from the Factory. or reverse Factory software