Open utterances-bot opened 2 weeks ago
The keyword used to decrypt the image can be found in the corresponding model config. In my decrypted image it was located in \upgrade\img.rom\bin\conf\sysconf.%MODEL%.txt. It is noted there in plaintext. You can possibly access these files in an live ThecusOS via SSH too. But cant verify on the latter, since my Thecus is running TrueNAS ;)
With few exceptions the key is always "N16000", just in few cases "N7700PRO" or "N3200Plus" (just had 2 occurences each). Not sure if this also applies to current Firmware releases, since the data on which this statement is based off, is from some 2018 dated OS5 image.
Just took this as reason to look into a newer OS7 image. Found the plaintext key in \upgrade\img.rom\bin\fwconfig after I were able to decrypt with good old "N16000"
I hated how you called pydes (its slow asf) and then you call your c code for string to key by a subprocess...
So I rewrote your code to access OpenSSL directly using ctypes which does
I'll send a PR to your github over the weekend,
StarkeBlog - Thecus NAS Firmware Decryption
https://starkeblog.com/cryptography/firmware/2024/06/11/thecus-nas-firmware-decrypt.html