ESP32 Forum

Hello to all,
i just wount to ask how difficult is to extract firmware from esp32, even if it copy protected (i suppose so) ?
Thanks

You can check this out: https://www.youtube.com/watch?v=2GwzbBn7uRw

Hi thanks, i know the video but not sure if will work with realy protected Firmware

Espressif chips are not "hardened" to the extent that you could use them, e.g. in a bank, medical or defense environment (to my knowledge anyway). As a consequence, a dedicated adversary would likely always be able to extract your firmware, possibly by means of an electron microscope, laser attacks and tungsten probes sniffing the processor in operation, etc. etc.

But a number of differentiated tools are provided that allow for solid protection for a number of different use cases. For most practical scenarios, the tools provided in the IDF are able to prevent firmware extraction. These tools necessarily make support and diagnostics more difficult, so there is a tradeoff to using them you need to understand.

I guess the short answer could be: the built in mechanisms should prevent a knowledgeable adversary like an ee graduate student with access to typical electronic lab equipment like an oscilloscope from extracting a usable copy of the firmware. Of course they could still come up with a clever side channel. I couldn't estimate how difficult it would be for a specialized lab, e.g. a hardware security research group, the FBI or if the folks at Intel or NXP etc. were really interested in your firmware, but I assume probably not very given the funds.

For a more nuanced answer, I'd start by exploring the different firmware protection mechanisms available. A good place to start would be reading about fuses e.g. here: https://docs.espressif.com/projects/esp ... efuse.html another topic could be flash encryption, e.g. describe here: https://docs.espressif.com/projects/esp ... ption.html

Firmware protection consists of more than just setting it to "really protected". You'll be able to get a more qualified answer once you understand the different aspects and can ask more specific questions.

Hi ,
Thank you for So many details in your answer, i know some companys like russian semi research, mcu crack and many others, but i didn't find in they list or is not specified something about esp32 i'm familiar with the procedur by using TEM microscope by bridging some ports but the Methode is very exspensive (i know is lot of Work behind procedur) I want to get to the point , i am using here some kind of internet Controller for heat pump (is more like Web interface for setting and reading of heat pump) communication protocol between pic mcu and esp32 works via I2C Bus so i want to make copy of esp32 firmware in order to reproduce them, maybe is here someone interesed on project ? Ofcourse i will pay for the order .

In case you can't just trivially extract the firmware using the `esp_tools.py` command, it may be easier to just sniff the i2c traffic between the two devices? That should be a whole lot easier to understand than a machine language copy of the firmware...

so i want to make copy of esp32 firmware in order to reproduce them ... i will pay

Maybe it's the language barrier, but this reads like you're publicly trying to hire someone to do software/product piracy for you...

Software piracy means if the Software are protected by law or is made by some company but is not ,the project is made by some enthusiasts anyway it is protected ,sniffin of I2C is not a bad idea in the fact i belive the Software is made by using i2c sniffing tool and buypassing communication between pic mcu and controll unit Display

Inquisition wrote: ↑

Wed Apr 05, 2023 8:24 am

Software piracy means if the Software are protected by law or is made by some company but is not ,the project is made by some enthusiasts anyway it is protected ,sniffin of I2C is not a bad idea in the fact i belive the Software is made by using i2c sniffing tool and buypassing communication between pic mcu and controll unit Display

It doesn't quite matter; by default you don't have the right to copy software, regardless of where it comes from. The people who own the copyright can grant you a license (=say it's OK for you) to copy it. If you think it's acceptable to copy it here, why not ask those enthousiasts if they want to share the source or binaries?

I already ask for binarys ,but they didn't response me .