Comment by lgunsch
5 days ago
I've seen a number of ESP32 IoT devices here on HN, and I haven't heard many of them use firmware encryption with an eFuse.
In this case, it would have been pretty hard to create a certificate if you couldn't read the firmware.
But, also pretty impressed at the same time. I think this is the first Hacker News article I've read about an ESP32 IoT device which has any encryption at all.
Even if they use firmware encryption, the footprint for most of the ESP32 packages is really easy to desolder and replace with a fresh one under your control with basic tools. This option is harder if the ESP32 is speaking some digital protocols to various devices, but having re-brained another air purifier myself they often are just flipping some GPIO lines to signal different components to turn on. Easy in that case to just stare at it for a bit then re-flash or replace and re-flash the ESP32 with your own firmware.