The Espressif ESP32 is a system on a chip (SoC) “engineered for mobile devices, wearable electronics, and IoT applications.” It provides Wi-Fi and Bluetooth LE which makes it great for products needing wireless capabilities. While researching a consumer product, we discovered an ESP32 being used to provide Wi-Fi connectivity to the device. We found that there was limited tooling available to facilitate the reverse engineering process of an ESP32 firmware image. So, we decided to create tooling of our own.
We will talk about how we went about creating our tooling to extract an ELF file from an ESP32 flash dump. With excruciating amounts of detail, we will discuss the binary format of ESP32 firmware images as well as the process of converting it to an ELF file. By the end of the talk, you will know how to go from flash dump all the way to control flow graph in IDA.