ESP32
ESP32 and ESP8266 share almost the same architecture.
Tools
- espressif/esptool - Espressif SoC serial bootloader utility
- jmswrnr/esp32knife - Tools for ESP32 firmware dissection
- scientifichackers/ampy - Utility to interact with a MicroPython board over a serial connection
- ESPWebTool - Flash your ESP32 or ESP8266 through your browser.
- tenable/esp32_image_parser - A toolkit for helping you reverse engineer ESP32 firmware.
Firmwares
- risinek/esp32-wifi-penetration-tool - Exploring possibilities of ESP32 platform to attack on nearby Wi-Fi networks.
- justcallmekoko/ESP32Marauder - A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32
Flashing
The ESP32 microprocessor uses the Xtensa instruction set, use Tensilica Xtensa 32-bit little-endian
in Ghidra.
-
Flash a new firmware with
espressif/esptool
esptool.py -p /dev/ttyUSB0 -b 460800 --before default_reset --after hard_reset --chip esp32 write_flash --flash_mode dio --flash_size 2MB --flash_freq 40m 0x1000 build/bootloader/bootloader.bin 0x8000 build/partition_table/partition-table.bin 0x10000 build/ble_ctf.bin esptool.py -p /dev/ttyS5 -b 115200 --after hard_reset write_flash --flash_mode dio --flash_freq 40m --flash_size detect 0x8000 build/partition_table/partition-table.bin 0x1000 build/bootloader/bootloader.bin 0x10000 build/esp32-wifi-penetration-tool.bin
-
Flash a new firmware with
scientifichackers/ampy
(MicroPython) -
Dump the flash
-
Dissect the flash
-
Flash the new firmware
References
- ESP32-reversing - BlackVS
- ESP32 Wi-Fi Penetration Tool - GitHub - Exploring possibilities of ESP32 platform to attack on nearby Wi-Fi networks
- ESP32 Wi-Fi Penetration Tool - Documentation - Exploring possibilities of ESP32 platform to attack on nearby Wi-Fi networks
- Hacking a Smart Home Device - @jmswrnr - 03 Feb 2024
- Reversing ESP8266 Firmware (Part 1) - Bored Pentester - 26th October 2018
- Reversing ESP8266 Firmware (Part 2) - Bored Pentester - 25th October 2018
- Reversing ESP8266 Firmware (Part 3) - Bored Pentester - 25th October 2018
- Reversing ESP8266 Firmware (Part 4) - Bored Pentester - 25th October 2018
- Reversing ESP8266 Firmware (Part 5) - Bored Pentester - 25th October 2018
- Reversing ESP8266 Firmware (Part 6) - Bored Pentester - 25th October 2018