2025-09-05 –, Track 2
When investigating the security of a smart device, we often encounter a very limited attack surface with no open ports, encrypted network traffic, and no logging. In this session, Wilco will show how to break through these barriers on an ESP32, a microcontroller widely used in IoT devices, such as smart switches, EV charging stations, and many other smart home devices.
Wilco will present techniques for obtaining, reverse engineering, and patching the firmware of an ESP32, and show these techniques in practice during demo sections by disabling certificate pinning and enabling debug logging on an ESP32 device.
After this session, you will have the knowledge and skills to start reverse engineering your own ESP32-based IoT devices, opening up new paths for vulnerability research.
During this session, we will explore together how we can extract, analyze, and modify ESP32 firmware. After introducing the ESP32 chip, Wilco will explain his approach for hacking an ESP32-based device in five steps:
- Inspection: We first inspect the default behavior of the ESP32 device by capturing network traffic, Bluetooth communication, and UART logging.
- Firmware dumping: We will discover multiple ways to dump the firmware of an ESP32.
- Reverse engineering: We explore how we can analyze the firmware in Ghidra and use various scripts to improve the auto-analysis and readability of the decompilation.
- Patching: We create a binary patch and load the modified firmware onto the ESP32.
- Validation: We validate that our patch was successful by comparing it to the default behavior.
In the end, you will have a deeper understanding of the device's inner workings, making it easier to uncover vulnerabilities in both the device itself and its connected cloud services.
Wilco van Beijnum is a researcher at the Dutch Institute of Vulnerability Disclosure (DIVD), focusing on devices in the energy domain. He also works at ElaadNL via Scyon, where he tests EV charging infrastructure for vulnerabilities. With extensive experience in both software and hardware hacking, he uncovers and reports vulnerabilities in charging stations to strengthen their defenses, resulting in over 20 CVEs. His expertise in embedded system security, firmware analysis, and reverse engineering helps strengthen the security and resilience of the next generation of energy-related devices.