I wanted to close my investigation by targeting the two major security features: Secure Boot Flash Encryption My final goal is to achieve a PERSISTENT exploit, bypassing the Secure Boot and the Flash Encryption. In this report, I disclose a full readout of protected E-Fuses storing two secret keys, one used for Flash Encryption (BLK1)…
Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction
Posted on