Unlimited Results: Breaking Firmware Encryption of ESP32-V3

Presented at Black Hat USA 2022, Aug. 10, 2022, 4:20 p.m. (40 minutes)

ESP32 is one of the most widely used microcontrollers, and is present in hundreds of million devices such as IoT applications, mobile devices, hardware wallets, etc. In 2019, Limited Results published a fault injection attack at Black Hat Europe which resulted in breaking the security of ESP32-V1 chip family. Therefore, Espressif patched this vulnerability and then advised its customers to use ESP32-V3, which is a hardened silicon revision.

In this talk, we present an in-depth hardware security evaluation for ESP32-V3. The main goal of this evaluation is to extract the firmware encryption key in order to decrypt the encrypted flash content that may possibly contain secret data.

First, we use Fault Injection (FI), using our homemade electromagnetic fault injector, in an attempt to access the flash encryption keys stored in the read-protected eFuses. We show by experimental results that this new silicon revision contains a bootloader protected against these attacks.

Therefore, we then explore a different attack path using Side-Channel Attacks (SCAs) on the firmware decryption mechanism, by measuring the information leakage of the firmware decryption operation during the power up. Using this knowledge, we demonstrate that the full 256-bit AES firmware encryption key can be recovered using Side-Channel (SC) analysis in a few hours with a 100% success rate. Finally, as a practical example, we apply our attack to decrypt the contents of a hardware wallet.


Presenters:

  • Olivier Hériveaux - Hardware Security Researcher , Ledger, Donjon
    <span style="font-size: 10pt;">Olivier Heriveaux has 13 years of experience in hardware security research. He worked previously in the defense industry and is now a hardware security researcher at Ledger.</span>
  • Adrian Thillard - Hardware Security Engineer , Ledger, Donjon
    <span style="font-size: 10pt;">Adrian Thillard defended his PhD in cryptography in 2016. Previously, he worked in the French National Agency for the Security of Information Systems. Now, he is a hardware security engineer at Ledger.</span>
  • Karim Abdellatif - Hardware Security Expert, Ledger, Donjon
    Dr. Karim Abdellatif is a hardware security expert at Ledger. There, he aims at evaluating hardware wallets against hardware attacks such as fault injection and side-channel attacks. He holds a PhD in embedded security. Previously, he was a hardware security engineer at Morpho, France.

Links:

Similar Presentations: