Hello to every one,

I'm trying to find the security request 0x27 seed/key algorithm by looking by disassembling the ROM in IDA of a Nissan Micra/March Renesas SH7058, found a repo on GitHub which contains a device variant file, this was very helpful since works specifically for the processor I'm working with, it automatically defines the intro vectors and labels such as Poweron_reset and also defined an interrupt request (INT_IRQ7).

It's a good start but it's my first time disassembling and I'm also on my way to learning about it, any suggestion or recommendation about the process will be greatly appreciated (I know that this process is way different for every manufacturer and processor but there might be some common knowledge needed to start working with general disassembly)

The main questions I have

Does the poweron_reset link directly to the bootloader? Where can I find it?

Is there a common structure that seed/key algorithms follow?

Do I need an a2l file to start looking for it? If so, where can I look online for a2l files?

Is there a methodology to start analyzing ECU ROM disassembly?

Also the one I'm more interested
Any educational resource such as links or books recommendation that might help me for getting started for specifically ECU ROM disassembly will be greatly appreciated.

There is a lot of work done on that processor in the Mitsubishi EVO community which seems to be disappearing. I down loaded a lot off of Evoscan website, and I believe that they were using the tactrix cable hardware etc.

Here's the site: https://www.tactrix.com/index.php?option=com_content&view=category&layout=blog&id=36&Itemid=58

I think this site is another you might find answers: https://www.romraider.com/