cleaned up, documented some

This commit is contained in:
2024-08-24 18:55:09 -06:00
parent dddcf5d092
commit 890dee360d
30 changed files with 15 additions and 83 deletions
+10
View File
@@ -2,5 +2,15 @@
Working on an exploit to break the security on the ESP32-S3
Highly a work in progress
[entropy](entropy/) - entropy images of the bootroms
[esp-rom-elfs-20230320](esp-rom-elfs-20230320/) - all of the ESP32-X bootloader elfs from [here](https://github.com/espressif/esp-rom-elfs/releases/tag/20230320)
[ESP32-S3_Exploit_FPGA](ESP32-S3_Exploit_FPGA/) - runs the exploit, based on a cheap [Tang Nano 9K FPGA](https://www.aliexpress.us/item/3256807026232976.html?channel=twinner) using [Lushay Code](https://learn.lushaylabs.com/vscode-extension/) for VS Code
[existing_files](existing_files/) - assorted existing roms I found
[Ghidra](Ghidra/) - Ghidra project for reverse engineering and exploit dev
[libs](libs/) - extra libraries that Espressif disclosed was used in the roms, excepting those found natively in esp-idf (useful for reverse engineering and debugging)
[sillyfillyespdumper](sillyfillyespdumper/) - tool I made to dump arbitrary data from ESP32-Xs
[silltfillyespdumper/live-roms](sillyfillyespdumper/live-roms/) - full, redundant rom dumps from two production ESP32-S3s
Based much on [Coruk's attack on the ESP32-C3](https://courk.cc/esp32-c3-c6-fault-injection)