SOLUTIONS
> Side Channel Analysis
Ready-to-use side channel tools to assess cryptography algorithms.
> Fault Injection: Laser, EM & Glitching
Make sure your chip withstands different techniques of physical fault injections.
> Firmware Security Analysis
Qualify embedded code binaries without physical devices and benches.
> Security Failure Analysis
Photoemission analysis to explore internal information in a chip.
> Vulnerability Research
Dynamic analyses at a system level for investigating potential vulnerabilities.
> esDynamic for EDU SCA and FI
A learning center for academics to teach and perform side-channel analysis and fault injection
TECHNOLOGIES
> Data Science Platform
esDynamic is a complete data focused platform to leverage the know-how of your team for complex analyses.
> esFirmware Engine
Assess the security of the firmware of IoT devices against logical and physical attacks.
> esReven Engine
Record and replay vulnerability researches within reverse engineering processes and tools.
PROFESSIONAL SERVICES
> Cybersecurity Training
Grow your expertise with training modules driven by a coach.
> Hardware Evaluation Lab
High-end laboratory capabilities specialized in hardware security evaluations.
EXPERTISE
> Mobile App Security
Know the threats and risks of your Mobile App.
> DevSecOps
Integrate the security protections verification in your CI/CD pipeline.
> PCI MPoC
Prepare your product to meet this new mobile payment standard.
SOLUTIONS
> Mobile App Security Testing (MAST)
esChecker SaaS: automating the security testing of your mobile app binary.
PROFESSIONAL SERVICES
> Mobile App Penetration Testing
Testing the resiliency of your Mobile App, SDK or RASP tool.
> Backend Penetration Testing
Testing the resiliency of your Web App, API or Backend Systems.
> Coaching for Mobile App Developers
Providing insights into the mobile app threats and how attackers work by a learning-by-doing approach.
Go to our German website
OUR COMPANY
> Events
CAREERS
> Meet our experts
> Open positions
Join our team!
FOLLOW US
Twitter
Linkedin
Youtube
Github
Gitlab
What is Firmware Security Analysis?
What is esFirmware, the firmware analysis tool?
esFirmware’s framework offers the opportunity to analyze in depth firmware against physical attacks. Designed for developers or security evaluators, esFirmware leverages an emulation engine and interferes into the runtime execution for simulating observations or disruptions close to the physical reality.
The framework already supports many types of binary compiled for multiple architectures such as ARM (arm32, arm64), Intel (x86) or Risc-V. It is possible to emulate complex SoC devices, at least partially, to extend the analysis capabilities.
esFirmware leverages esDynamic platform
Firmware analysis may be complex and requires different expertises. This explains why esFirmware leverages esDynamic, a data science platform designed for collaboration and expertise work. The emulation engine is fully integrated into the framework. It is then possible to set the computing capabilities in line with the needs, since emulation quickly requires the handling of big dataset. With the unique collaboration feature, multiple experts can effectively work together on the same framework.
esFirmware provides know-how material for physical observation or fault injection
Physical observation, or code lifting, gives an overview of the internal execution variable over the execution. A special care was taken to filter the information and avoid any overwhelming data to process. The material elaborates use cases targeting whitebox cryptography.
Physical fault injection provides the ability to fault a firmware code during its execution. This simulates faults using glitch, laser or near field electromagnetic attacks. Automation leads to set up intensive test campaigns covering large ranges of fault parameters. The expertise material helps to identify the weak points and to point out where security protections should be implemented.
