ESP32
ESP32 Glitching¶
ESP32 Efuse Info:
$ ./efuse_table_gen.py esp32/esp_efuse_table.csv --info
eFuse coding scheme: NONE
# field_name efuse_block bit_start bit_count
1 WR_DIS_FLASH_CRYPT_CNT EFUSE_BLK0 2 1
2 WR_DIS_BLK1 EFUSE_BLK0 7 1
3 WR_DIS_BLK2 EFUSE_BLK0 8 1
4 WR_DIS_BLK3 EFUSE_BLK0 9 1
5 RD_DIS_BLK1 EFUSE_BLK0 16 1
6 RD_DIS_BLK2 EFUSE_BLK0 17 1
7 RD_DIS_BLK3 EFUSE_BLK0 18 1
8 FLASH_CRYPT_CNT EFUSE_BLK0 20 7
9 MAC_FACTORY EFUSE_BLK0 32 8
10 MAC_FACTORY EFUSE_BLK0 40 8
11 MAC_FACTORY EFUSE_BLK0 48 8
12 MAC_FACTORY EFUSE_BLK0 56 8
13 MAC_FACTORY EFUSE_BLK0 64 8
14 MAC_FACTORY EFUSE_BLK0 72 8
15 MAC_FACTORY_CRC EFUSE_BLK0 80 8
16 CHIP_VER_DIS_APP_CPU EFUSE_BLK0 96 1
17 CHIP_VER_DIS_BT EFUSE_BLK0 97 1
18 CHIP_VER_PKG EFUSE_BLK0 105 3
19 CHIP_CPU_FREQ_LOW EFUSE_BLK0 108 1
20 CHIP_CPU_FREQ_RATED EFUSE_BLK0 109 1
21 CHIP_VER_REV1 EFUSE_BLK0 111 1
22 ADC_VREF_AND_SDIO_DREF EFUSE_BLK0 136 6
23 XPD_SDIO_REG EFUSE_BLK0 142 1
24 SDIO_TIEH EFUSE_BLK0 143 1
25 SDIO_FORCE EFUSE_BLK0 144 1
26 ENCRYPT_CONFIG EFUSE_BLK0 188 4
27 CONSOLE_DEBUG_DISABLE EFUSE_BLK0 194 1
28 ABS_DONE_0 EFUSE_BLK0 196 1
29 DISABLE_JTAG EFUSE_BLK0 198 1
30 DISABLE_DL_ENCRYPT EFUSE_BLK0 199 1
31 DISABLE_DL_DECRYPT EFUSE_BLK0 200 1
32 DISABLE_DL_CACHE EFUSE_BLK0 201 1
33 ENCRYPT_FLASH_KEY EFUSE_BLK1 0 256
34 SECURE_BOOT_KEY EFUSE_BLK2 0 256
35 MAC_CUSTOM_CRC EFUSE_BLK3 0 8
36 MAC_CUSTOM EFUSE_BLK3 8 48
37 ADC1_TP_LOW EFUSE_BLK3 96 7
38 ADC1_TP_HIGH EFUSE_BLK3 103 9
39 ADC2_TP_LOW EFUSE_BLK3 112 7
40 ADC2_TP_HIGH EFUSE_BLK3 119 9
41 SECURE_VERSION EFUSE_BLK3 128 32
42 MAC_CUSTOM_VER EFUSE_BLK3 184 8
WR_DIS_BLK1: Write Protection on Block 1
WR_DIS_BLK2: Write Protection on Block 2
RD_DIS_BLK1: Read Protection on Block 1
RD_DIS_BLK2: Read Protection on Block 2
ABS_DONE_0: Secureboot enabled for bootloader
Setup Keys¶
Generate the Signing Key:
espsecure.py generate_signing_key
Flash the AES Boot Key:
#Set the Boot Key and disable read and write
espefuse.py burn_key secure_boot ./hello_world_k1/secure-bootloader-key-256.bin
espefuse.py burn_efuse ABS_DONE_0
Flash the AES Flash Encryption Key:
#Generate Key
espsecure.py generate_flash_encryption_key my_flash_encryption_key.bin
#Key Data
hexdump my_flash_encryption_key.bin
0000000 c838 e375 7633 1541 5ff9 4365 f2dd 2ce9
0000010 1f78 42a0 bf53 8f14 68ce 009f 5586 9b52
#Flash Key and disable write and read
espefuse.py --port /dev/ttyUSB0 burn_key flash_encryption my_flash_encryption_key.bin
espefuse.py v2.7-dev
Connecting......
Write key in efuse block 1. The key block will be read and write protected (no further changes or readback). This is an irreversible operation.
Type 'BURN' (all capitals) to continue.
BURN
Burned key data. New value: 9b 52 55 86 00 9f 68 ce 8f 14 bf 53 42 a0 1f 78 2c e9 f2 dd 43 65 5f f9 15 41 76 33 e3 75 c8 38
Disabling read/write to key efuse block...
#Activate the Key
espefuse.py burn_efuse FLASH_CRYPT_CONFIG 0xf
espefuse.py burn_efuse FLASH_CRYPT_CNT
Compile and Flash an Application¶
Test Application:
void app_main()
{
while(1)
{
printf("Hello from SEC boot K1 & FE !\n");
vTaskDelay(1000 / portTICK_PERIOD_MS);
}
}
Compile with the proper flags:
# Enable the secure boot and the flash encryption
make menuconfig
#Generate the Hash digest to validate the Application from being replaced
espsecure.py encrypt_flash_data -k ../../my_flash_encryption_key.bin -o bootloader-reflash-digest-encrypted.bin -a 0x0 bootloader-reflash-digest.bin
# Flash the Digest Information
python /home/limited/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x0 /home/ limited/esp/hello_world_k1_FE/build/bootloader/bootloader-reflash-digest-encrypted.bin
# Flash the Encrypted Application to the memory address of 0x10000
# This is the Entry point for the Device and starts the decrypting (Stage 1)
espsecure.py encrypt_flash_data -k ../my_flash_encryption_key.bin -o hello-world-encrypted.bin -a 0x10000 hello-world.bin
# Encrypt the App Partition that starts at the offset of 0x08000
# This is the main app that is the stage 2
espsecure.py encrypt_flash_data -k ../my_flash_encryption_key.bin -o partitions_singleapp-encrypted.bin -a 0x08000 partitions_singleapp.bin
# Now flash them with the appropriate offset
python /home/limited/esp/esp-idf/components/esptool_py/esptool/esptool.py --chip esp32 --port /dev/ttyUSB0 --baud 115200 --before default_reset --after hard_reset write_flash -z --flash_mode dio --flash_freq 40m --flash_size detect 0x10000 /home/limited/esp/hello_world_k1_FE/build/hello-world-encrypted.bin 0x8000 /home/limited/esp/hello_world_k1_FE/build/partitions_singleapp-encrypted.bin
Starting the Glitch¶
Read Flash Memory:
#Read Contents to file
esptool.py -p /dev/ttyUSB0 -b 460800 read_flash 0 0x400000 flash_contents.bin
#This is to make sure that it is encrypted
Without Glitching:
espefuse.py --port /dev/ttyUSB0 dump
espefuse.py v2.7-dev
Connecting....
EFUSE block 0:
00130180 bf4dbb34 00e43c71 0000a000 00000430 f0000000 00000054
EFUSE block 1:
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
EFUSE block 2:
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
EFUSE block 3:
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
With using the following setup
CH1= UART TX
CH2= 3.3V VDD (trigger)
CH3= Power consumption
CH4= pulse command.
Glitching the ENCRYPT_FLASH_KEY Read Check:
----- Efuses reading 40 ----- Pulse delay = 0.001191230
espefuse.py v2.7-dev
Connecting....
EFUSE block 0:
00120300 bf4dbb34 00e43c71 0000a000 00000430 f0000000 00000054
EFUSE block 1:
8655529b ce689f00 56bf288f 781fa042 ddf2e958 f25f6543 33764115 38c875e3
EFUSE block 2:
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
EFUSE block 3:
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000001
Glitching the SECURE_BOOT_KEY Read Check:
----- Efuses reading 19 ----- Pulse delay = 0.001190600
espefuse.py v2.7-dev
Connecting....
EFUSE block 0:
001100c0 bf4dbb34 00e43c71 00000000 00000430 f0000000 00000054
EFUSE block 1:
00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000
EFUSE block 2:
e94f5bc2 00370f91 7c897429 2eadd23b c7664f05 5ae3365f d3781029 82e25c4c
EFUSE block 3:
00000000 00000000 00800000 00000000 00000000 01000000 00000000 00000080
In practice do many dumps to get the most common bytes
Bypassing Bypassing Encrypted Secure Boot¶
https://raelize.com/posts/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/