For encrypted firmware, the decryption script can be obtained from the unencrypted version, or the hard-coded key can be obtained. Today, for these two methods, the corresponding firmware was found for practical analysis.

Download the firmware from the official website first, one is encrypted, one is unencrypted.

For unencrypted ones, the binwalk -Me parameter is used directly to extract based on the file information.

Find decryption related

Here you can get an imgdecrypt

First analyze the other firmware, and now there is no information.

Determine the imgdecrypt file information first, and then run it using qemu simulation

Continue to check with the binwalk and find that the decryption has been completed

This is to decrypt the script using one of the unencrypted versions of the firmware.

Next up is a sample of hard-coded key firmware.

Again, download first

gpg is a tool for generating signatures for files, managing keys, and verifying signatures.

First, use binwalk to see the difference between the two

Extract the unencrypted ones

At this time, I saw keydata in the ect directory

Utilize gpg import

Decrypt with gpg

Use binwalk to view, it is different from the original, you can see the information, decryption success