Pentax Firmware Encryption

All firmware files for K20D and further camera models are encrypted

Below you'll find sparse information about used encryption.
We managed to decrypt firmware and also discovered how to dump any firmware.

Some known information about encryption

Used encryption is not very advanced, not DES or AES.
Based on statistical analysis I found that it uses dynamic 256 byte key and XOR operations.

Encrypted part starts at 0x100 offset.

All firmware files also have second part, also encrypted (for GX20 firmware it is located at 0x800000).

Decryption of this part is similar to first part, and is already successfully performed by decryptor.

Encrypted file (GX20 firmware v1.01):

w33_pasted_4.jpg

Decrypted firmware file:

w33_pasted_3.jpg

Go to Pentax Tool page to download command-line decryption program.

Other methods to obtain unencrypted firmware

1. In End User page look at [OPEN_DEBUG_MENU] menu. 2. Use Camera_Control_V2.dll as it have necessary commands in export section and works with K20D, GX20.

Tools you can use to research this topic

Free programming languages compiler.
Any freeware hex viewer.