[lgunsch]

I've seen a number of ESP32 IoT devices here on HN, and I haven't heard many of them use firmware encryption with an eFuse.

In this case, it would have been pretty hard to create a certificate if you couldn't read the firmware.

But, also pretty impressed at the same time. I think this is the first Hacker News article I've read about an ESP32 IoT device which has any encryption at all.

[gh02t]

Even if they use firmware encryption, the footprint for most of the ESP32 packages is really easy to desolder and replace with a fresh one under your control with basic tools. This option is harder if the ESP32 is speaking some digital protocols to various devices, but having re-brained another air purifier myself they often are just flipping some GPIO lines to signal different components to turn on. Easy in that case to just stare at it for a bit then re-flash or replace and re-flash the ESP32 with your own firmware.