Very interesting. I played with Bitmap visualisation for a few other reverse engineering tasks. I did load a firmware into one but I cant remember how useful it was, I was concentrating on finding 8051 code to disassemble. I will definitely have to revisit the visualisation tools I was looking at a while ago, Thanks Sasha!
The purpose of the XOR is for what do you think Harder to reverse engineer their wear Levelling algo's? Makes the WL Algos more effective? I tend to doubt it is for security, being only XOR.
The other area I am hoping to start putting more time into is extracting from controllers themselves. It is a good model to supply customers of controllers vendors with a simple UI to configure them and not have to give out a whole set of data sheets such as you would get with an AVR or ARM based SoC. makes it hard to get leaked Docs when there aren't any

It is a good idea to look at things like STMP3770 where you can get docs, as the general principles can be applied, even if not totally the same.
It is how the SD Card hacking, or the NAND bad block research(I forget specifics - I read too much) was moved along. They noticed a cell phone(IIRC) contained a NAND firmware update to fix some block bug, reversed that and was able to understand a lot about the controller.
At this point I have no idea if I am on topic but it is great to see some new and exciting work, the level at how far along it is very surprising and impressive!
The more you learn, the more you discover how little you know!
I dug out an old MC6800 Emulator code I was trying to write while at Uni, thinking to write a 8051 emulator. Purpose to try and run parts of the controller firmware - well that showed me I had around 1% resources/knowledge to do that and just needed to know pretty much everything else to even start.
It is Saturday, and family wants to "get out and do something" but all I want to do is play around with my Beaglebone Black & USBProxy and try to intercept some firmware configs using MP Tools
