Awesome
ESP32 reversing
A curated list of ESP32 related reversing resources
Hardware
ESP32 general
- ESP32 datasheet
- Xtensa®Instruction Set Architecture (ISA)
- ABI Interface/Argument passing
- An short guide to Xtensa assembly language
- Nullcon Goa 2018: Expanding Exploitation Beyond X86 And ARM : slides, video
NNCBadge2019
- Official info
- Write-ups by VVS
- Some basic hacking techniques via example: NoNameCon badge by Oleksii Sobolevskyi video, slides
- NoNameBadge 2019 - Public Version
- NoNameBadge 2019 - Public Version, other link
NNCBadge2020
- Official info
- NoNameBadge 2020 - Public Version
- NoNameBadge 2020 - Public Version, other link
- CTF NNC2020, walkthrough by Anvol, video, slides
- Write-ups by VVS
BLE CTF
- BLE Capture the Flag
- Learning Bluetooth Hackery with BLE CTF
- BLUETOOTH LOW ENERGY CTF - WRITE UP by ElyCar
Firmware
- API Reference
- App Image Format
- Reversing ESP8266 Firmware (Part 1..6)
- Reverse Engineering ESP8266, rus
- Tools for ESP32 firmware dissection,
Bootloader
- ESP8266 BOOT PROCESS
- DECOMPILING THE ESP8266 BOOT LOADER V1.3(B3)
- Understanding ESP32’s Security Features
BIN2ELF
-
Tiny project allows converting ESP32 ROM blob to ELF file with symbols
-
Converts a flash dump from an esp8266 device into an ELF executable
-
Extracting_an_ELF_from_an_ESP32,Chris Lyne and Nick Miles (Shmoocon 2020) video, slides, tool
ELF
- The 101 of ELF files on Linux: Understanding and Analysis
- ELF reader-writer library for Python3
- LIEF - Library to Instrument Executable Formats
Debuggers
IDA
Plug-ins
- Flare IDA
- Processor plugin for IDA 7.x, to support the Xtensa
- A loader for the esp-idf application images for IDA Pro
- A list of IDA Plugins
- IDA export symbols plugin by BlackVS
Signatures, IDA
- Using and Making IDA Pro Signatures (Flirt)
- IDA SigMaker Plugin updated for the IDA Pro 7.0 SDK by dude719
radare2
CTF with Radare2
Ghidra
gdb
Plug-ins
JTAG
QEMU
Git
ROP
- xrop, supports Xtensa
- xrop-esp32, xrop fork
- [Exploitation on Xtensa/ESP,DC2017],https://def.camp/wp-content/uploads/dc2017/Day%201_Carel%20&%20Philip_xtensa_exploitation_DRAFT.PDF
- Exploitation: ARM & Xtensa compared, Stacks, overflows, gadgets, asm, and things, Nullcon Goa 2018
- Nullcon Goa 2018:- Expanding Exploitation Beyond X86 And ARM
- Exploiting vulnerabilities on Xtensa, 2020 + Exploit example on Xtensa
- Challenges of Return-Oriented-Programming on the Xtensa Hardware Architecture, 2020 23rd Euromicro Conference on Digital System Design (DSD)
Links
- Tom Trebisky's ESP32 notes
- A curated list of awesome reversing resources
- Awesome Reverse Engineering
- lucadentella.it , ESP32 tutorials
- ESP32: Анализ использования оперативной памяти
Fun
- Pwn the ESP32 Forever: Flash Encryption and Sec. Boot Keys Extraction
- BrakTooth: Arbitrary Code Execution
z3 and reverse
- SAT/SMT by Example Dennis Yurichev
- Intro to Binary Analysis with Z3 and angr
- Code & screenshots for various Z3 based CTF challenge writeups
- Writeup: Sharky CTF 2020 - Z3 Robot
- PicoCTF 2018 - Reverse Engineering writeups
- PicoCTF 2018 Writeup: Reversing