Format Support: QNAP encrypted firmwares.

[qkaiser]

Summary

EMBA maintainers explained in a tweet that if unblob had a handler for QNAP encrypted firmwares they could completely drop binwalk.

Basic example

The firmware decryption primitives were reversed by R00tBSD a long time ago and the reversed C code implementation is available at https://gist.github.com/galaxy4public/0420c7c9a8e3ff860c8d5dce430b2669#file-pc1-c.

The firmware images have a footer with a known signature, which is documented in binwalk magic:

# QNAP encrypted firmware
0       string       icpnas                  QNAP encrypted firmware footer
>10     string       x                       , model: %s
>26     string       x                       , version: %s
>42     uleshort     !0
>>42    string       x                       , date: %s

The complete footer format should be reversed, as it probably holds more information that just model, version, and date.

According to max-boehm/qnap-utils#1 the key is QNAPNASVERSION4 but we should validate it against every QNAP firmware.

Samples

You can obtain samples from https://www.qnap.com/en/download

Motivation

Give back to EMBA since they're the first active integrators and advertisers of unblob.