ESP32

ESP32 and ESP8266 share almost the same architecture.

Tools

espressif/esptool - Espressif SoC serial bootloader utility
jmswrnr/esp32knife - Tools for ESP32 firmware dissection
scientifichackers/ampy - Utility to interact with a MicroPython board over a serial connection
ESPWebTool - Flash your ESP32 or ESP8266 through your browser.
tenable/esp32_image_parser - A toolkit for helping you reverse engineer ESP32 firmware.

Firmwares

risinek/esp32-wifi-penetration-tool - Exploring possibilities of ESP32 platform to attack on nearby Wi-Fi networks.
justcallmekoko/ESP32Marauder - A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32

Flashing

The ESP32 microprocessor uses the Xtensa instruction set, use Tensilica Xtensa 32-bit little-endian in Ghidra.

Flash a new firmware with espressif/esptool

esptool.py -p /dev/ttyUSB0 -b 460800 --before default_reset --after hard_reset --chip esp32  write_flash --flash_mode dio --flash_size 2MB --flash_freq 40m 0x1000 build/bootloader/bootloader.bin 0x8000 build/partition_table/partition-table.bin 0x10000 build/ble_ctf.bin
esptool.py -p /dev/ttyS5 -b 115200 --after hard_reset write_flash --flash_mode dio --flash_freq 40m --flash_size detect 0x8000 build/partition_table/partition-table.bin 0x1000 build/bootloader/bootloader.bin 0x10000 build/esp32-wifi-penetration-tool.bin

Flash a new firmware with scientifichackers/ampy (MicroPython)
```
ampy --port /dev/ttyUSB0 put bla.py
```

Dump the flash

esptool -p COM7 -b 115200 read_flash 0 0x400000 flash.bin

Dissect the flash

python esp32knife.py --chip=esp32 load_from_file ./flash.bin

Flash the new firmware

# repair the checksum
python esp32fix.py --chip=esp32 app_image ./patched.part.3.factory 
esptool -p COM7 -b 115200 write_flash 0x10000 ./patched.part.3.factory.fixed

ESP32

Tools

Firmwares

Flashing

References