ESP32 is one of the most widely used microcontrollers, and is present in hundreds of million devices such as IoT applications, mobile devices, hardware wallets, etc. In 2019, Limited Results published a fault injection attack at Black Hat Europe which resulted in breaking the security of ESP32-V1 chip family. Therefore, Espressif patched this vulnerability and then advised its customers to use ESP32-V3, which is a hardened silicon revision.
In this talk, we present an in-depth hardware security evaluation for ESP32-V3. The main goal of this evaluation is to extract the firmware encryption key in order to decrypt the encrypted flash content that may possibly contain secret data.
First, we use Fault Injection (FI), using our homemade electromagnetic fault injector, in an attempt to access the flash encryption keys stored in the read-protected eFuses. We show by experimental results that this new silicon revision contains a bootloader protected against these attacks.
Therefore, we then explore a different attack path using Side-Channel Attacks (SCAs) on the firmware decryption mechanism, by measuring the information leakage of the firmware decryption operation during the power up. Using this knowledge, we demonstrate that the full 256-bit AES firmware encryption key can be recovered using Side-Channel (SC) analysis in a few hours with a 100% success rate. Finally, as a practical example, we apply our attack to decrypt the contents of a hardware wallet.