In a previous article, the vulnerabilities of the ESP32-C3 and ESP32-C6 against side-channel attacks have been demonstrated. Recovering enough key information to decrypt the external flash data is possible. However, a new attack needs to be performed for each new 128-byte block. Since attacking a single block takes hours, this makes decrypting the entire flash content using such a method very impractical. This frustrating limitation led me to the following question: is it possible, given cont...| Courk's Blog
I recently read the Unlimited Results: Breaking Firmware Encryption of ESP32-V3 paper. This paper is about breaking the firmware encryption feature of the ESP32 SoC using a Side-Channel attack. This was an interesting read, and soon, I wanted to try to reproduce these results with the following constraints: To understand everything about this attack, I wanted to start from scratch, even if it meant sometimes reinventing the wheel. I wanted to keep things low-cost. This means no five-figure di...| Courk's Blog