04-05 December 2019, London The website Link here The program Link here My talk Thanks to BHEU, see you!
Black Hat Europe 2019
Posted on
Tag: ESP32
ZeroNights 2019
Posted on
12-13 November 2019, St Petersburg The Website Link Here The program Two days of pure premium offensive research presentations. Program Here My talk The last word ZeroNights was great, I hope I will come back again. Thanks to ZN team!
Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction
Posted on
I wanted to close my investigation by targeting the two major security features: Secure Boot Flash Encryption My final goal is to achieve a PERSISTENT exploit, bypassing the Secure Boot and the Flash Encryption. In this report, I disclose a full readout of protected E-Fuses storing two secret keys, one used for Flash Encryption (BLK1)…
Pwn the ESP32 Secure Boot
Posted on
In this post, I focus on the ESP32 Secure Boot and I disclose a full exploit to bypass it during the boot-up, using low-cost fault injection technique. Espressif and I decided to go to Responsible Disclosure for this vulnerability (CVE-2019-15894). The Secure Boot Secure boot is the guardian of the firmware authenticity stored into the external…
Pwn the ESP32 crypto-core
Posted on
A crypto-core (also called crypto-accelerator) is a dedicated piece of hardware inside the System-on-Chip. Its main role is to ‘accelerate’ cryptographic primitives and to perform keys management. This post presents several vulnerabilities and fault injection exploits targeting the crypto-core implementation, allowing an attacker to: Bypass the HW-AES encryption Control the AES key value The vulnerabilities…
Pwn MBedTLS on ESP32: DFA Warm-up
Posted on
Introduction ESP32 is a System-on Chip (SoC) from Espressif Systems, launched in 2016. This SoC will be supported until 2028 (12 years longevity commitment) and has already been shipped more than 100 Millions times around the world. ARM MbedTLS is a the open source crypto-library from ARM, used in IoT devices. In my opinion, both…