ESP32 Firmware extracting

Inquisition
Posts: 5
Joined: Sat Apr 01, 2023 10:53 am

ESP32 Firmware extracting

Postby Inquisition » Sat Apr 01, 2023 11:07 am

Hello to all,
i just wount to ask how difficult is to extract firmware from esp32, even if it copy protected (i suppose so) ?
Thanks

bidrohini
Posts: 202
Joined: Thu Oct 27, 2022 12:55 pm

Re: ESP32 Firmware extracting

Postby bidrohini » Sun Apr 02, 2023 2:38 pm


Inquisition
Posts: 5
Joined: Sat Apr 01, 2023 10:53 am

Re: ESP32 Firmware extracting

Postby Inquisition » Sun Apr 02, 2023 2:46 pm

Hi thanks, i know the video but not sure if will work with realy protected Firmware

a2800276
Posts: 74
Joined: Sat Jan 23, 2016 1:59 pm

Re: ESP32 Firmware extracting

Postby a2800276 » Mon Apr 03, 2023 7:15 am

Espressif chips are not "hardened" to the extent that you could use them, e.g. in a bank, medical or defense environment (to my knowledge anyway). As a consequence, a dedicated adversary would likely always be able to extract your firmware, possibly by means of an electron microscope, laser attacks and tungsten probes sniffing the processor in operation, etc. etc.

But a number of differentiated tools are provided that allow for solid protection for a number of different use cases. For most practical scenarios, the tools provided in the IDF are able to prevent firmware extraction. These tools necessarily make support and diagnostics more difficult, so there is a tradeoff to using them you need to understand.

I guess the short answer could be: the built in mechanisms should prevent a knowledgeable adversary like an ee graduate student with access to typical electronic lab equipment like an oscilloscope from extracting a usable copy of the firmware. Of course they could still come up with a clever side channel. I couldn't estimate how difficult it would be for a specialized lab, e.g. a hardware security research group, the FBI or if the folks at Intel or NXP etc. were really interested in your firmware, but I assume probably not very given the funds.

For a more nuanced answer, I'd start by exploring the different firmware protection mechanisms available. A good place to start would be reading about fuses e.g. here: https://docs.espressif.com/projects/esp ... efuse.html another topic could be flash encryption, e.g. describe here: https://docs.espressif.com/projects/esp ... ption.html

Firmware protection consists of more than just setting it to "really protected". You'll be able to get a more qualified answer once you understand the different aspects and can ask more specific questions.

Inquisition
Posts: 5
Joined: Sat Apr 01, 2023 10:53 am

Re: ESP32 Firmware extracting

Postby Inquisition » Mon Apr 03, 2023 10:05 am

Hi ,
Thank you for So many details in your answer, i know some companys like russian semi research, mcu crack and many others, but i didn't find in they list or is not specified something about esp32 i'm familiar with the procedur by using TEM microscope by bridging some ports but the Methode is very exspensive (i know is lot of Work behind procedur) I want to get to the point , i am using here some kind of internet Controller for heat pump (is more like Web interface for setting and reading of heat pump) communication protocol between pic mcu and esp32 works via I2C Bus so i want to make copy of esp32 firmware in order to reproduce them, maybe is here someone interesed on project ? Ofcourse i will pay for the order .

a2800276
Posts: 74
Joined: Sat Jan 23, 2016 1:59 pm

Re: ESP32 Firmware extracting

Postby a2800276 » Tue Apr 04, 2023 10:27 am

In case you can't just trivially extract the firmware using the `esp_tools.py` command, it may be easier to just sniff the i2c traffic between the two devices? That should be a whole lot easier to understand than a machine language copy of the firmware...

MicroController
Posts: 1137
Joined: Mon Oct 17, 2022 7:38 pm
Location: Europe, Germany

Re: ESP32 Firmware extracting

Postby MicroController » Tue Apr 04, 2023 9:58 pm

so i want to make copy of esp32 firmware in order to reproduce them ... i will pay
Maybe it's the language barrier, but this reads like you're publicly trying to hire someone to do software/product piracy for you...

Inquisition
Posts: 5
Joined: Sat Apr 01, 2023 10:53 am

Re: ESP32 Firmware extracting

Postby Inquisition » Wed Apr 05, 2023 8:24 am

Software piracy means if the Software are protected by law or is made by some company but is not ,the project is made by some enthusiasts anyway it is protected ,sniffin of I2C is not a bad idea in the fact i belive the Software is made by using i2c sniffing tool and buypassing communication between pic mcu and controll unit Display

ESP_Sprite
Posts: 8921
Joined: Thu Nov 26, 2015 4:08 am

Re: ESP32 Firmware extracting

Postby ESP_Sprite » Fri Apr 07, 2023 12:31 am

Inquisition wrote:
Wed Apr 05, 2023 8:24 am
Software piracy means if the Software are protected by law or is made by some company but is not ,the project is made by some enthusiasts anyway it is protected ,sniffin of I2C is not a bad idea in the fact i belive the Software is made by using i2c sniffing tool and buypassing communication between pic mcu and controll unit Display
It doesn't quite matter; by default you don't have the right to copy software, regardless of where it comes from. The people who own the copyright can grant you a license (=say it's OK for you) to copy it. If you think it's acceptable to copy it here, why not ask those enthousiasts if they want to share the source or binaries?

Inquisition
Posts: 5
Joined: Sat Apr 01, 2023 10:53 am

Re: ESP32 Firmware extracting

Postby Inquisition » Sat Apr 08, 2023 5:44 am

I already ask for binarys ,but they didn't response me .

Who is online

Users browsing this forum: No registered users and 108 guests