Close

Decryption Success

A project log for Chitu 3D Printer Mainboard Hacking

Studying the encryption on Chitu's 3D Print controllers

jc-nelsonJ.C. Nelson 09/22/2019 at 04:110 Comments

After quite a bit of creating and re-creating python functions to XOR the data together, I finally switched disassemblers and got a mildly different output - different enough that it showed me r12 being used in a way that I hadn't grasped before.  With some work, I was able to decrypt Chitu/Tronxy firmware of several flavors, at least enough that Binary Ninja shows me complete functions, literal pools line up, and so on.

I'll add the script to the files section of this project. Next up will be to encrypt the same way and do a few end-to-end conversions and diff the resulting files. When those come back identical, it's time to try some custom firmware, probably starting with the classic "Make an LED blink."

Tonight, I'm just happy to be able to decrypt the firmware and confirm I understand how the bootloader works with it.

Discussions