Nice description, but this is unfortunately a very simple case. Sometimes the firmware may be a 2-stage affair, with a bootloader that has a decryption key for the main firmware, which is encrypted. Something like that might take a logic analyzer connected to the data pins of the CPU to crack. If the CPU is a MCU that has embedded flash, then there may not be an easy way to snoop on the data bus. Also, while serial ports are common, it may be necessary to use JTAG, I2C, 1-wire, etc.

One other thing that struck me though, was that companies would be using consultants to reverse a competitor's product. I thought that was a landmine. Isn't it better to be able to claim `clean room' engineering to avoid lawsuits?