Chip & System Security Testing 
Reconciling how and how in a single and collaborative platform empowering experts.
SOLUTIONS

  • > Side Channel Analysis

    Ready-to-use side channel tools to assess cryptography algorithms.

  • > Fault Injection: Laser, EM & Glitching

    Make sure your chip withstands different techniques of physical fault injections.

  • > Firmware Security Analysis

    Qualify embedded code binaries without physical devices and benches.

  • > Security Failure Analysis

    Photoemission analysis to explore internal information in a chip.

  • > Vulnerability Research

    Dynamic analyses at a system level for investigating potential vulnerabilities.

TECHNOLOGIES

  • > Data Science Platform

    esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.

  • > esFirmware Engine

    Assess the security of the firmware of IoT devices against logical and physical attacks.

  • > esReven Engine

    Record and replay vulnerability researches within reverse engineering processes and tools.

PROFESSIONAL SERVICES

  • > Cybersecurity Training

    Grow your expertise with training modules driven by a coach.

  • > Hardware Evaluation Lab

    High-end laboratory capabilities specialized in hardware security evaluations.

Mobile & Backend Security Testing 
Onboard your Mobile Engineering Team into your security challenges with hands-on training, security verifications, and more.
EXPERTISE

  • > Mobile App Security

    Know the threats and risks of your Mobile App.

  • > DevSecOps

    Integrate the security protections verification in your CI/CD pipeline.

SOLUTIONS

  • > Mobile App Security Testing (MAST)

    esChecker SaaS: automating the security testing of your mobile app binary.

PROFESSIONAL SERVICES

  • > Mobile App Penetration Testing

    Testing the resiliency of your Mobile App, SDK or RASP tool.

  • > Backend Penetration Testing

    Testing the resiliency of your Web App, API or Backend Systems.

  • > Coaching for Mobile App Developers

    Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.

Our Company 
Passionate about security and wanting to work in an exciting and innovative environment? Full time and internship opportunities starting 2023.
OUR COMPANY

  • > Events

CAREERS

  • > Meet our experts

  • > Open positions

    Join our team!

FOLLOW US
Blog
Contact us
eShard
/
esfirmware

What is Firmware Security Analysis?

Firmware is a piece of software binary embedded in devices, such as IoT. They are potentially subject to physical attacks, targeting the cryptography algorithms or security sensitive operations. It is therefore necessary to analyze the risks and assess whether the security protections are strong enough. It is a complex task since physical attacks implies hardware equipment testing.
Contact our experts
Download the Datasheet

What is esFirmware, the firmware analysis tool?

esFirmware’s framework offers the opportunity to analyze in depth firmware against physical attacks. Designed for developers or security evaluators, esFirmware leverages an emulation engine and interferes into the runtime execution for simulating observations or disruptions close to the physical reality.

The framework already supports many types of binary compiled for multiple architectures such as ARM (arm32, arm64), Intel (x86) or Risc-V. It is possible to emulate complex SoC devices, at least partially, to extend the analysis capabilities.

esFirmware leverages esDynamic platform

Firmware analysis may be complex and requires different expertises. This explains why esFirmware leverages esDynamic, a data science platform designed for collaboration and expertise work. The emulation engine is fully integrated into the framework. It is then possible to set the computing capabilities in line with the needs, since emulation quickly requires the handling of big dataset. With the unique collaboration feature, multiple experts can effectively work together on the same framework.

esFirmware provides know-how material for physical observation or fault injection

Physical observation, or code lifting, gives an overview of the internal execution variable over the execution. A special care was taken to filter the information and avoid any overwhelming data to process. The material elaborates use cases targeting whitebox cryptography.

Physical fault injection provides the ability to fault a firmware code during its execution. This simulates faults using glitch, laser or near field electromagnetic attacks. Automation leads to set up intensive test campaigns covering large ranges of fault parameters. The expertise material helps to identify the weak points and to point out where security protections should be implemented.

Take ownership of your security test process

Efficient validation

De-risk your business by automating testing in intensive validation campaign

No hardware equipment

No need for expensive and hard to use hardware (laser or EM fault injection set-up) to run attacks on the firmware

Systematic

Manage non regression in your development cycle. Security protections are considered like software features

Blog Articles

Chip Security

Benchmarking Side-Channel solutions... Why? How?

6 min read
Edit by Guillaume Bethouart • Apr 8, 2022
CopyRights eShard 2023.
All rights reserved
Privacy policy | Legal Notice
SECURITY TESTING SOLUTIONS
Side Channel AnalysisLaser & EM Fault InjectionFirmware Security AnalysisSecurity Failure AnalysisVulnerability ResearchMAST: Mobile Application Security Testing
TECHNOLOGIES
Data Science PlatformesFirmware EngineesReven Engine
PROFESSIONAL SERVICES
Cybersecurity TrainingHardware Evaluation LabPenetration Testing for Backend and WebAppPenetration Testing for Mobile Applications
COMPANY
About usJoin our team!EventsBlog