Files
esp-bootrom-exploit/README.md
T
2026-05-26 21:22:49 -06:00

17 lines
1.2 KiB
Markdown

# esp-bootrom-exploit
Working on an exploit to break the security on the ESP32-S3
Highly a work in progress
[entropy](entropy/) - entropy images of the bootroms
[esp-rom-elfs-20230320](esp-rom-elfs-20230320/) - all of the ESP32-X bootloader elfs from [here](https://github.com/espressif/esp-rom-elfs/releases/tag/20230320)
[ESP32-S3_Exploit_FPGA](ESP32-S3_Exploit_FPGA/) - runs the exploit, based on a cheap [Tang Nano 9K FPGA](https://www.aliexpress.us/item/3256807026232976.html?channel=twinner) using [Lushay Code](https://learn.lushaylabs.com/vscode-extension/) for VS Code
[existing_files](existing_files/) - assorted existing roms I found
[Ghidra](Ghidra/) - Ghidra project for reverse engineering and exploit dev
[libs](libs/) - extra libraries that Espressif disclosed was used in the roms, excepting those found natively in esp-idf (useful for reverse engineering and debugging)
[sillyfillyespdumper](sillyfillyespdumper/) - tool I made to dump arbitrary data from ESP32-Xs
[silltfillyespdumper/live-roms](sillyfillyespdumper/live-roms/) - full, redundant rom dumps from two production ESP32-S3s
Based much on [Coruk's attack on the ESP32-C3](https://courk.cc/esp32-c3-c6-fault-injection)