That’s because the hardware evolved on the run… I’ve said my 2 cents here about it.
In my opinion this is not an obstacle. It’s the easiest to get pass by…
The components used on all hardwares are general purpose components, obtainable on bulk on Alibaba.
Because of some of the things we are involved in, we have contacts on some far eastern companies, that, for a fee, are extracting for you the firmware from almost any microcontroller.
I’ve personally witnessed the process where they were exposing the microcontroller’s die and removed the flash array protection at physical level. Then, it’s only a matter of reading back the flash array through JTAG.
This is possible because all western companies are making the commercial chips on their country and therefore they have access and knowledge to the layout of the physical die and where different functional blocks are located.
In commercial, general purpose products (like Victron’s) nobody is using the latest chips with cutting edge flash protection. Most microcontrollers used have only some simple bits that are set/reset for flash and/or eeprom protections, easier to invalidate if you have access to the physical die.
Once you have the unencrypted firmware, it’s easier to use tools like IDA Pro to find out the encryption algorithm and then all subsequent firmware updates to be decrypted.