A researcher reverse engineered and patched firmware on Samsung, WD, and Hitachi HDDs/SSDs while building an Xbox 360 softmod exploit.
Key Takeaways
Entry point was an Xbox 360 race condition exploit requiring a firmware-injected read delay of a few hundred milliseconds on specific sectors.
WD firmware uses a modified LZHUF compression (N=4096 instead of 2048) in a loader stub; standard detection tools miss it.
Samsung PM871a firmware is obfuscated with a nibble-swapping algorithm recoverable by reversing the Lenovo OEM update utility, which also reveals flash commands.
OEM firmware update utilities are a reliable attack surface: they decrypt firmware and expose flashing command sequences for dozens of drive models at once.
No strong public-key signature (RSA/ECDSA) found on PM871a firmware, making modification viable without signature bypass.
