Killom
commented
2 weeks ago The keyword used to decrypt the image can be found in the corresponding model config. In my decrypted image it was located in \upgrade\img.rom\bin\conf\sysconf.%MODEL%.txt. It is noted there in plaintext. You can possibly access these files in an live ThecusOS via SSH too. But cant verify on the latter, since my Thecus is running TrueNAS ;)
With few exceptions the key is always "N16000", just in few cases "N7700PRO" or "N3200Plus" (just had 2 occurences each). Not sure if this also applies to current Firmware releases, since the data on which this statement is based off, is from some 2018 dated OS5 image.
Just took this as reason to look into a newer OS7 image. Found the plaintext key in \upgrade\img.rom\bin\fwconfig after I were able to decrypt with good old "N16000"
VeNoMouS
StarkeBlog - Thecus NAS Firmware Decryption
https://starkeblog.com/cryptography/firmware/2024/06/11/thecus-nas-firmware-decrypt.html