Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction

I wanted to close my investigation by targeting the two major security features: Secure Boot Flash Encryption My final goal is to achieve a PERSISTENT exploit, bypassing the Secure Boot and the Flash Encryption. In this report, I disclose a full readout of protected E-Fuses storing two secret keys, one used for Flash Encryption (BLK1)…

BSides Ljubljana::0x7E3

March 16th 2019, Ljubljana Website https://0x7e3.bsidesljubljana.si The schedule https://0x7e3.bsidesljubljana.si/schedule/ The slides Thank you! Big thank you to the BSides Ljubljana Organisation!

Pwn the LIFX Mini white

The Device Bought on Amazon (30 euros). The lightbulb is plugged. LIFX app is installed on an Android smartphone. Wi-Fi connection is set. The lightbulb works fine. Wunderbar, easy setup. The Teardown Butcher mode activated: Work in progress: The most difficult is to clean the board and remove this paste. The Setup The major component…

Pwn the Xiaomi Yeelight

The Yeelight Bought on Amazon (20 euros). The Yeelight (Xiaomi) bulb is fitted. Yeelight app is installed and launched on a android smartphone to set the Wi-Fi connection. The password is entered into the app and the bulb is finally registered. Everything is fine. Light goes on. Time to focus on the hardware. The teardown…