David Robert

ESP32, Firmware Dump

Dumping firmware of in-module ESP32 flash In my previous article, I wrote about secure boot. In this article, I want to demonstrate one way to dump the ESP32 in-module flash memory, which works, even if different security features are set by burning e-fuses on the chip (JTAG, UART, DFU disabled). This article aims to illustrate the need for secure boot and flash encryption. Dumping, and modifying the firmware is important for testing the mitigations for the threats identified in your device’s threat model.

Continue reading

ESP32, Secure Boot (Part 1)

Understanding Secure Boot ESP32 series (Part 1) This article is part of a series on the Security Features of the Espressif ESP32 microcontroller series. This includes MCUs based on the Xtensa Instruction Set (e.g. ESP32, ESP32-S3), as well as MCUs based on the RISC-V Instruction Set (e.g. ESP32-C3). This is the first article of the series, which will cover: Secure Boot V1 (AES Based Secure Boot) (this article) Secure Boot V2 (RSA Based Secure Boot) Flash encryption (AES-XTS and legacy) AES, SHA, RSA, DS and HMAC accelerators World Controller to allow isolated execution environments Introduction ESP32 SoCs are very popular System On a Chip (SoC) microcontrollers made by the company Espressif.

Continue reading

Audio IoT

Audio-net: an IoT audio device based on ESP32 SoC This is a prototype of an internet and Bluetooth connected music device. The hardware used supports, and has been tested to do the following: Audio inputs can be looped over, recorded to SD card, uploaded to the cloud. Audio input can be a codec input or a Bluetooth A2DP source. Mixing of multiple sound inputs. Wi-Fi connection to stream audio (to the cloud, or from the cloud).

Continue reading