Full Code of chrivers/samsung-firmware-magic for AI

master df6463b95b9e cached
2 files
5.7 KB
2.8k tokens
2 symbols
1 requests
Download .txt 
Repository: chrivers/samsung-firmware-magic
Branch: master
Commit: df6463b95b9e
Files: 2
Total size: 5.7 KB

Directory structure:
gitextract_psm9xlw7/

├── README.md
└── samsung-magic.py

================================================
FILE CONTENTS
================================================

================================================
FILE: README.md
================================================
Samsung Firmware Magic
======================

Samsung distributes firmware updates for their SSDs for either "Windows" or
"Mac". Ironically, both of these are bootable Linux `.iso` files, containing the
actual firmware and update program.

The `.iso` files can be unpacked, but ultimately we end up with an obfuscated
binary blob, even for the meta information.

For the upstream file downloads, see

    https://www.samsung.com/semiconductor/minisite/ssd/download/tools/

Out of curiosity, I decided to create a decryption tool for this obfuscated
format, which is found in this repository.

Unpacking iso image to firmware blob
------------------------------------

First, we download a firmware iso:

    `wget http://downloadcenter.samsung.com/content/FM/201711/20171102105105735/Samsung_SSD_850_PRO_EXM04B6Q_Win.iso`

Next, we unpack the relevant file from the iso, the `initrd`:

    `7z x Samsung_SSD_850_PRO_EXM04B6Q_Win.iso initrd`

This file is a gzip-compressed cpio archive, so use 7z to strip gzip:

    `7z x initrd`

This produces `initrd~`, containing the uncompressed contents. From here we
extract the directory of interest, `root/fumagician`:

    `7z -ofw x 'initrd~' root/fumagician`

This creates `fw/root/fumagician` in the current directory:

```
$ cd fw/root/fumagician
$ ls -l
total 5408
-rw-rw-r-- 1 user user    2124 1971-03-22 19:52 DSRD.enc
-rw-rw-r-- 1 user user 4752867 1971-03-22 19:52 EXM04B6Q.enc
-rw-rw-r-- 1 user user  772516 2016-10-14 10:42 fumagician
-rw-rw-r-- 1 user user     290 2016-10-14 10:42 fumagician.sh
```

The files `DSRD.enc` (xml list of firmwares) and `EXM04B6Q.enc` (firmwares)
are the obfuscated files, that we can now decrypt.

Decrypting firmware blob
------------------------

The included `decode.py` script will unpack these `.enc` files, like so:

```shell
## show xml on stdout:
$ ./samsung-magic.py < fw/root/fumagician/DSRD.enc

## decrypt firmware to file:
$ ./samsung-magic.py < fw/root/fumagician/EXM04B6Q.enc > EXM04B6Q.bin
```

Seemingly, the folks at Samsung are huge fans of nesting things, because the
decrypted `EXM04B6Q.bin` file is actually a zip file, containing encrypted
firmware files:

```shell
$ unzip -l EXM04B6Q.bin
Archive:  EXM04B6Q.bin
  Length      Date    Time    Name
---------  ---------- -----   ----
  1048576  2017-02-19 10:41   EXM04B6Q_10170217.enc
  1048576  2017-02-19 10:41   EXM04B6Q_20170203.enc
  1048576  2017-02-19 10:41   EXM04B6Q_30170203.enc
  1048576  2017-02-19 10:41   EXM04B6Q_40170902.enc
  1048576  2017-02-19 10:41   EXM04B6Q_50170208.enc
  1048576  2017-02-19 10:41   EXM04B6Q_60170208.enc
---------                     -------
  6291456                     6 files
```

Luckily, the encryption is exactly the same, so `samsung-magic.py` can decrypt
these as well:

```
$ unzip EXM04B6Q.bin
$ ./samsung-magic.py < EXM04B6Q_10170217.enc > EXM04B6Q_10170217.bin
```

Now, at last, we have the raw firmware.

Enjoy!


================================================
FILE: samsung-magic.py
================================================
#!/usr/bin/env python3

from sys import stdin, stdout
from struct import pack
from Crypto.Cipher import AES

## this is the shuffle map that samsung uses
shuffle = bytes([
           0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
           0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x30, 0x31, 0x32, 0x33,
           0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D,
           0x3E, 0x3F, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
           0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F, 0x70, 0x71,
           0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A, 0x7B,
           0x7C, 0x7D, 0x7E, 0x7F, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95,
           0x96, 0x97, 0x98, 0x99, 0x9A, 0x9B, 0x9C, 0x9D, 0x9E, 0x9F,
           0xB0, 0xB1, 0xB2, 0xB3, 0xB4, 0xB5, 0xB6, 0xB7, 0xB8, 0xB9,
           0xBA, 0xBB, 0xBC, 0xBD, 0xBE, 0xBF, 0xD0, 0xD1, 0xD2, 0xD3,
           0xD4, 0xD5, 0xD6, 0xD7, 0xD8, 0xD9, 0xDA, 0xDB, 0xDC, 0xDD,
           0xDE, 0xDF, 0xF0, 0xF1, 0xF2, 0xF3, 0xF4, 0xF5, 0xF6, 0xF7,
           0xF8, 0xF9, 0xFA, 0xFB, 0xFC, 0xFD, 0xFE, 0xFF, 0xE0, 0xE1,
           0xE2, 0xE3, 0xE4, 0xE5, 0xE6, 0xE7, 0xE8, 0xE9, 0xEA, 0xEB,
           0xEC, 0xED, 0xEE, 0xEF, 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5,
           0xC6, 0xC7, 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF,
           0xA0, 0xA1, 0xA2, 0xA3, 0xA4, 0xA5, 0xA6, 0xA7, 0xA8, 0xA9,
           0xAA, 0xAB, 0xAC, 0xAD, 0xAE, 0xAF, 0x80, 0x81, 0x82, 0x83,
           0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8A, 0x8B, 0x8C, 0x8D,
           0x8E, 0x8F, 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67,
           0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D, 0x6E, 0x6F, 0x40, 0x41,
           0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B,
           0x4C, 0x4D, 0x4E, 0x4F, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25,
           0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D, 0x2E, 0x2F,
           0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09,
           0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
])

## generate reverse map
lookup = bytes(shuffle.find(i) for i in range(256))

## utility functions
def xor(s1, s2):
    return bytes(a ^ b for a,b in zip(s1, s2))

def unshuffle(s):
    return bytes(lookup[c] for c in s)

## crypto constants
iv0 = bytes.fromhex("8ce82eefbea0da3c44699ed7")
key = bytes.fromhex("56e47a38c5598974bc46903dba290349")
ctr = 0
aes = AES.new(key, AES.MODE_ECB)

while True:
    ## read next aes block
    blk = stdin.buffer.read(16)
    if len(blk) == 0:
        break

    ## samsung arbitrarily resets the counter every 32 blocks
    ctr = (ctr % 32) + 1

    iv = iv0 + pack(">I", ctr)

    ## we are using ECB mode to simulate the 32-block CTR mode
    ## use .encrypt() instead of .decrypt() for this reason
    xblk = aes.encrypt(iv)

    ## decrypt and unshufflee to get our result
    res = unshuffle(xor(xblk, blk))

    stdout.buffer.write(res)
Download .txt 
gitextract_psm9xlw7/

├── README.md
└── samsung-magic.py
Download .txt 
SYMBOL INDEX (2 symbols across 1 files)

FILE: samsung-magic.py
  function xor (line 41) | def xor(s1, s2):
  function unshuffle (line 44) | def unshuffle(s):
Download .json
Condensed preview — 2 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (6K chars). 
[
  {
    "path": "README.md",
    "chars": 2930,
    "preview": "Samsung Firmware Magic\n======================\n\nSamsung distributes firmware updates for their SSDs for either \"Windows\" "
  },
  {
    "path": "samsung-magic.py",
    "chars": 2877,
    "preview": "#!/usr/bin/env python3\n\nfrom sys import stdin, stdout\nfrom struct import pack\nfrom Crypto.Cipher import AES\n\n## this is "
  }
]

About this extraction

This page contains the full source code of the chrivers/samsung-firmware-magic GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 2 files (5.7 KB), approximately 2.8k tokens, and a symbol index with 2 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.

Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.

Extract another repo
Copied to clipboard!