←back to thread

Hacking a Smart Home Device (2024)

(jmswrnr.com)

314 points walterbell | 2 comments | 15 Apr 25 03:12 UTC | HN request time: 0.514s | source

1. lgunsch ◴[15 Apr 25 13:26 UTC] No.43692381[source]▶

>>43688658 (OP) #

I've seen a number of ESP32 IoT devices here on HN, and I haven't heard many of them use firmware encryption with an eFuse.

In this case, it would have been pretty hard to create a certificate if you couldn't read the firmware.

But, also pretty impressed at the same time. I think this is the first Hacker News article I've read about an ESP32 IoT device which has any encryption at all.

replies(1): >>43694200 #

2. gh02t ◴[15 Apr 25 15:28 UTC] No.43694200[source]▶

>>43692381 (TP) #

Even if they use firmware encryption, the footprint for most of the ESP32 packages is really easy to desolder and replace with a fresh one under your control with basic tools. This option is harder if the ESP32 is speaking some digital protocols to various devices, but having re-brained another air purifier myself they often are just flipping some GPIO lines to signal different components to turn on. Easy in that case to just stare at it for a bit then re-flash or replace and re-flash the ESP32 with your own firmware.