Reverse Engineering Yaesu FT-70D Firmware Encryption
10 days ago
- #firmware
- #reverse-engineering
- #ham-radio
- The article details a reverse engineering methodology for hacking the Yaesu FT-70D ham radio firmware.
- Background: Yaesu radios, like the FT-70D, run on Renesas H8SX microcontrollers, and firmware can be modified via USB.
- Initial research found a Reddit post about custom firmware for Yaesu FT1DR, hinting at firmware modification possibilities.
- Yaesu provides a Windows application for firmware updates, which includes encrypted firmware in the .exe file.
- Reverse engineering the binary reveals encrypted firmware in the RES_UPDATE_INFO resource, requiring decryption.
- The decryption process involves inflating bytes to bit representations, using static tables, and XOR operations.
- Key setup involves using a timestamp from the firmware to generate a dynamic decryption key.
- The decrypted firmware can be loaded into IDA Pro for further analysis, though initial disassembly requires manual adjustments.
- A Rust-based decryption utility, porkchop, was developed to automate the decryption process.