I wonder if you find what you are looking for if you download the .bin update file for your target from the Panasonic support site and try to analyze it.

Is the algorithm common to all update files? Key re-use? For instance, there are multiple firmware updates for my model. Comparing the two, it is clear where encrypted blocks begin and end. Even if I do not dump the firmware physically, with enough background knowledge (your previous reverse engineering), could one still decrypt the contents?

Hi, Vitaliy,

Can you explain why this is? Have you documented the algorithm used in other models? I saw hints about XOR keys and checksum bytes in previous posts but could never find the fully reversed algorithm. What is it that we'd be missing in order to decrypt a new firmware?

Best regards!

"because it is properly encrypted. Simple."

It is not simple for self-contained systems which are under hacker control.

Encrypted files that undergo decryption under hacker control (I am talking here about the camera's user, who owns and control the camera which does the decryption when updated firmware is expanded inside the camera) can theoretically be hacked, since the decryption key (in case of symmetrical encryption), or private key or X.509 certificate (in case of asymmetrical encryption) must reside inside the camera.

Those decryption keys or files may be obfuscated, hooked to some hardware ID or whatever, but they are inside the camera and if retrieved can unlock the code. Not a trivial task - one may need to probe the camera circuitry and trace the code in order to discover the key, but it just might be possible. However, if the encryption keys reside in a protected area inside the MCU, then, although theoretically possible to trace the bits flow inside the MCU with sophisticated and very expensive probing system, it is not practical for the average Joe Hacker.

I just don't know how Panasonic protects its decryption keys inside the camera. If you are an expert in reverse engineering and want to proceed and try, and the keys are stored outside of the MCU, you just might get lucky :-)

I'm glad you guys know what you're talking about, because I surely do not. Good to know someone is doing this stuff though, so that it may continue to unlock future possibilities with our consumer grade electronics.

Vitaliy does not hack anymore, to busy running PV I am sure

Not only, but hacking Panasonic bodies now is huge waste of time.

@konjow

I did not say this, I am thinking about G7 now.

Hack stuff is mind boggling to me. I applaud Vitality efforts' wholeheartedly! I've been a lurker here since the start but I've had the itch for a new hack to tinker with ;)

@Vitaliy_Kiselev

Why is it a waste of time?

I'm still hoping for GH3 basic firmware hack to lift 30 minute time restriction.