Limited contribution to this world
In this post, I focus on the ESP32 Secure Boot and I disclose a full exploit to bypass it during the boot-up, using low-cost fault injection technique. Espressif and I decided to go to Responsible Disclosure for this vulnerability (CVE-2019-15894). The Secure Boot Secure boot is the guardian of the firmware authenticity stored into the external…
A crypto-core (also called crypto-accelerator) is a dedicated piece of hardware inside the System-on-Chip. Its main role is to ‘accelerate’ cryptographic primitives and to perform keys management. This post presents several vulnerabilities and fault injection exploits targeting the crypto-core implementation, allowing an attacker to: Bypass the HW-AES encryption Control the AES key value The vulnerabilities…
May 25-26th 2019, Stuttgart Website https://www.bsidesstuttgart.org The Program My Slides Thank you Bsides Stuttgart Team! Really enjoy, I hope you will continue the good job!
Introduction ESP32 is a System-on Chip (SoC) from Espressif Systems, launched in 2016. This SoC will be supported until 2028 (12 years longevity commitment) and has already been shipped more than 100 Millions times around the world. ARM MbedTLS is a the open source crypto-library from ARM, used in IoT devices. In my opinion, both…
March 16th 2019, Ljubljana Website https://0x7e3.bsidesljubljana.si The schedule https://0x7e3.bsidesljubljana.si/schedule/ The slides Thank you! Big thank you to the BSides Ljubljana Organisation!
Once again, let’s spend some money on Amazon. The WIZ lightbulb (TAOlight) Once delivered, I put the light in its socket and I download the WIZ application. I set the connection between my Wi-Fi and the device using an android smartphone. Everything is fine. Work as expected. The light is operational. The teardown Pretty simple….
The Device Bought on Amazon (30 euros). The lightbulb is plugged. LIFX app is installed on an Android smartphone. Wi-Fi connection is set. The lightbulb works fine. Wunderbar, easy setup. The Teardown Butcher mode activated: Work in progress: The most difficult is to clean the board and remove this paste. The Setup The major component…
These lightbulbs use the Tuya Cloud. So, once connected, they become a part of the Tuya ecosystem. WARNING: The FCMILIA lightbulb at the end of this article is not CE compliant, potentially very dangerous. I will not install this s**tty device in my room (just my opinion). The LYASI device Bought on Amazon 15 Euros….
The Yeelight Bought on Amazon (20 euros). The Yeelight (Xiaomi) bulb is fitted. Yeelight app is installed and launched on a android smartphone to set the Wi-Fi connection. The password is entered into the app and the bulb is finally registered. Everything is fine. Light goes on. Time to focus on the hardware. The teardown…