Paper 2023/090

Unlimited Results: Breaking Firmware Encryption of ESP32-V3

Karim M. Abdellatif, Ledger
Olivier Hériveaux, Ledger
Adrian Thillard, Ledger
Abstract

Because of the rapid growth of Internet of Things (IoT), embedded systems have become an interesting target for experienced attackers. ESP32~\cite{tech-ref-man} is a low-cost and low-power system on chip (SoC) series created by Espressif Systems. The firmware extraction of such embedded systems is a real threat to the manufacturer as it breaks its intellectual property and raises the risk of creating equivalent systems with less effort and resources. In 2019, LimitedResults~\cite{LimitedResultsPown} published power glitch attacks which resulted in dumping secure boot and flash encryption keys stored in the eFuses of ESP32. Therefore, Espressif patched this vulnerability and then advised its customers to use ESP32-V3, which is an updated SoC revision. This new version is hardened against fault injection attacks in hardware and software as announced by Espressif~\cite{ESPpatch}. In this paper, we present for the first time a deep hardware security evaluation for ESP32-V3. The main goal of this evaluation is to extract the firmware encryption key stored in the eFuses. This evaluation includes Fault Injection (FI) and Side-Channel (SC) attacks. First, we use Electromagnetic FI (EMFI) in order to show that ESP32-V3 doesn't resist EMFI. However, by experimental results, we show that this version contains a revised bootloader compared to ESP32-V1, which hardens dumping the eFuse keys by FI. Second, we perform a full SC analysis on the AES accelerator of ESP32-V3. We show that an attacker with a physical access to the device can extract all the keys of the hardware AES-256 after collecting 60K power measurements during the execution of the AES block. Third, we present another SC analysis for the firmware decryption mechanism, by targeting the decryption operation during the power up. Using this knowledge, we demonstrate that the full 256-bit AES firmware encryption key, which is stored in the eFuses, can be recovered by SC analysis using 300K power measurements. Finally, we apply practically the firmware encryption attack on Jade hardware wallet \cite{jade}.

Metadata
Available format(s)
PDF
Category
Attacks and cryptanalysis
Publication info
Preprint.
Keywords
SP32-V3EMFISide-Channel Attacks (SCAs)eFuses
Contact author(s)
karim abdellatif @ ledger fr
olivier heriveaux @ ledger fr
adrian thillard @ ledger fr
History
2023-01-26: approved
2023-01-24: received
See all versions
Short URL
https://ia.cr/2023/090
License
No rights reserved
CC0

BibTeX

@misc{cryptoeprint:2023/090,
      author = {Karim M. Abdellatif and Olivier Hériveaux and Adrian Thillard},
      title = {Unlimited Results: Breaking Firmware Encryption of {ESP32}-V3},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/090},
      year = {2023},
      url = {https://eprint.iacr.org/2023/090}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.