For encrypted firmware, the decryption script can be obtained from the unencrypted version, or the hard-coded key can be obtained. Today, for these two methods, the corresponding firmware was found for practical analysis.
Download the firmware from the official website first, one is encrypted, one is unencrypted.
For unencrypted ones, the binwalk -Me parameter is used directly to extract based on the file information.
Find decryption related
Here you can get an imgdecrypt
First analyze the other firmware, and now there is no information.
Determine the imgdecrypt file information first, and then run it using qemu simulation
Continue to check with the binwalk and find that the decryption has been completed
This is to decrypt the script using one of the unencrypted versions of the firmware.
Next up is a sample of hard-coded key firmware.
Again, download first
gpg is a tool for generating signatures for files, managing keys, and verifying signatures.
First, use binwalk to see the difference between the two
Extract the unencrypted ones
At this time, I saw keydata in the ect directory
Utilize gpg import
Decrypt with gpg
Use binwalk to view, it is different from the original, you can see the information, decryption success