Extracting Secrets from Silicon: A Practical Guide to eFuse Analysis

TLDR: Researchers at DEF CON 2024 demonstrated a low-cost, physical methodology to extract sensitive data, including flash encryption keys, from ESP32 eFuse memory. By combining manual delayering with scanning electron microscopy (SEM) and a custom machine learning model, they bypassed hardware-level security protections. This research proves that physical security through obscurity is no longer a viable defense for embedded devices.

Hardware security is often treated as a black box by software-focused researchers. We assume that once a chip is fused and the JTAG interface is locked, the secrets inside are effectively unreachable without a multi-million dollar lab. That assumption is dead. The recent research presented at DEF CON 2024 on eFuse memory extraction proves that with a wet stone, a microscope, and some basic machine learning, you can pull encryption keys directly from the silicon.

The Reality of Physical Security

The core of this research focuses on the ESP32 series, specifically the ESP32-S2, S3, and C6. These chips use eFuses to store critical configuration data, including secure boot public keys and flash memory encryption keys. The manufacturer assumes that because these bits are physically "burned" into the chip, they are immutable and protected from reading.

The researchers challenged this by performing physical delayering. While high-end labs use expensive plasma etching, this team proved that you can achieve similar results using a simple 8000-grit wet stone. By carefully grinding away the epoxy housing and the top layers of the chip, they exposed the die. Once the die is exposed, the eFuse array becomes visible under a microscope.

From Silicon to Bits

Once the die is exposed, the challenge shifts from physical access to data extraction. The eFuse array is essentially a grid of conductive structures. A "burned" fuse looks physically different from an "unburned" one. Using a Keyence VXH-7000 digital microscope, the team could locate the eFuse bank, but the resolution was insufficient for reliable bit-by-bit reading.

To bridge the gap, they moved to a scanning electron microscope (SEM). The SEM provides the nanometer-scale resolution required to distinguish between the logical states of the fuses. However, the sheer volume of data is the next hurdle. A single eFuse bank requires hundreds of high-resolution images to capture the entire array.

To automate the extraction, the team implemented a machine learning pipeline:

1. Stitching/Tiling: They used a custom script to stitch the SEM images into a single, high-resolution map of the eFuse bank.
2. Object Detection: They trained a MobileNet-SSD model to identify and classify individual eFuse structures as either "on" or "off."
3. Clustering: They used a clustering algorithm to map these detections back into a logical 64x64 grid.

The result is a binary dump of the eFuse memory. Once you have this dump, you can identify the flash encryption key and use tools like esptool or the vendor-provided espscure to decrypt the firmware.

Why This Matters for Pentesters

If you are performing a security assessment on an IoT device, you can no longer rely on the manufacturer's claims of "secure hardware storage." If the device uses eFuses to store keys, it is vulnerable to physical extraction.

During an engagement, if you have physical access to the target hardware, you should treat the flash encryption as a temporary barrier rather than a permanent one. The cost of the equipment used in this research is a fraction of what a standard red team budget covers. If you can extract the firmware, you can perform static analysis, find hardcoded credentials, or identify OWASP A02:2021 – Cryptographic Failures in the bootloader or application code.

Defending Against Physical Extraction

Defending against this level of physical analysis is difficult. If an attacker has the time and the hardware to perform delayering, they will eventually win. However, you can increase the cost of the attack:

• Unique Keys: Never use a global key for flash encryption. Ensure each device has a unique key derived from a hardware-based root of trust.
• Tamper Resistance: Use active tamper-detection circuits that zeroize sensitive memory if the chip housing is breached.
• Hardware Obfuscation: While not a silver bullet, using chips with advanced packaging or active shielding makes the delayering process significantly more prone to destroying the die.

The era of trusting hardware security by default is over. This research is a wake-up call for anyone building or testing embedded systems. If your security model relies on the assumption that an attacker cannot read the physical state of your silicon, you need to rethink your architecture. Start by assuming the hardware will be compromised and build your defenses accordingly.