2024-08-24 18:56:59 -06:00
2024-08-24 18:55:09 -06:00
2024-08-18 02:50:11 -06:00
2024-08-18 02:50:11 -06:00
2024-08-24 18:55:09 -06:00
2024-08-18 02:50:11 -06:00
2024-08-24 18:34:06 -06:00
2024-08-24 18:56:59 -06:00

esp-bootrom-exploit

Working on an exploit to break the security on the ESP32-S3 Highly a work in progress

entropy - entropy images of the bootroms
esp-rom-elfs-20230320 - all of the ESP32-X bootloader elfs from here
ESP32-S3_Exploit_FPGA - runs the exploit, based on a cheap Tang Nano 9K FPGA using Lushay Code for VS Code
existing_files - assorted existing roms I found
Ghidra - Ghidra project for reverse engineering and exploit dev
libs - extra libraries that Espressif disclosed was used in the roms, excepting those found natively in esp-idf (useful for reverse engineering and debugging)
sillyfillyespdumper - tool I made to dump arbitrary data from ESP32-Xs
silltfillyespdumper/live-roms - full, redundant rom dumps from two production ESP32-S3s

Based much on Coruk's attack on the ESP32-C3

S
Description
No description provided
Readme 11 MiB
Languages
C 87.1%
C++ 9.9%
Verilog 1.4%
CMake 1.2%
Python 0.4%