Software Security
Hardware Security
Resources
Contact us
Hardware Security

Pre-Silicon Firmware Security Testing 

esFirmware is a tool to run side-channel analysis and fault injection on software binaries entirely in emulation, without a physical test bench. Security teams can validate countermeasures, catch vulnerabilities, and generate attack datasets early in the development lifecycle. 

Request a demo
Powered by esDynamic
Blue close icon with two intersecting diagonal lines forming an X.
Software Security
PLATFORM
esReverse
TIME TRAVEL ANALYSIS
Time Travel Debugging tool
EMULATORS
IOS Virtual Device
NEW
Android Virtual Device
KNOWLEDGE
Intel Advanced Techniques
IoT Use Cases
SERVICES
Security Assessment
Training & Coaching
Hardware Security
PLATFORM
esDynamic
TURNKEY LABS
Side Channel Analysis
EM Fault Injection
Laser Fault Injection
Glitching Fault Injection
Photonic Emission
KNOWLEDGE
Post-Quantum Cryptography
SCA Specialized Modules
FI Specialized Modules
Practical Use Cases
TOOLS
Pre-silicon Testing
LAB EQUIPMENTS
Pattern Detector
Cold Reset
SERVICES
Security Assessment
Training & Coaching
Resources
INDUSTRIES
Automotive
IoT & Smart Device
Gov. & Defense
Expertise Lab
LEARN
Webinars
Events
Blog
Support
COMPANY
About us
Careers
HIRING
Partners
Contact us

Full-System Time Travel Debugging Tool

Time Travel Debugging (TTD) is a dynamic analysis tool that records execution traces for forward and backward replay. eShard brings full-system scale to TTD, providing a debugger that captures the entire OS, from kernel to userland, to pinpoint vulnerabilities without ever re-running code.

Try it yourself
Powered by esReverse
Exclusive tool

Integrated into the esDynamic Platform

esFirmware runs as a ready-to-use JupyterLab instance on the esDynamic platform, featuring a notebook library that addresses standard use cases and attack methods.

See how teams use esDynamic
On-premises by design
Blue circular icon with four small white buttons on the right side showing symbols for code brackets, video clapperboard, filmstrip, and magic wand.
Software interface of esReverse showing code analysis, strings search results, CPU register values, and an Android phone emulator displaying the home screen with time 11:12 and date Wed, Jul 20.

Tracer engine

Record runtime execution data to produce clean, noise-free traces. Validate cryptographic implementations (AES, RSA, ECC and more) and trace side-channel leakage down to the exact instruction, with no physical measurement noise in the way.

Fault injection engine

Introduce faults at precise points during code execution to simulate physical attacks. Automate test campaigns to validate countermeasures early, before costly hardware iterations. 

Ready for CI/CD

Python-based test campaigns can be compiled into standalone executables for seamless CI/CD integration, keeping security testing active as the codebase evolves.

Expert Knowledge Built In

Ready-to-use Jupyter notebooks cover campaign setup, attack tutorials, and leakage analysis, authored by hardware security specialists. Trace datasets are exportable in standard formats for use with your existing analysis workflows. 

Workflow

How TTD works
in practice

See how teams use esReverse
Agentic reverse engineering
On-premises by design
A debugging software interface showing assembly code and a live Windows 10 desktop with File Explorer open; below are icons indicating availability for Windows, Linux, Android, and iOS.

Amplify your analysis

In esReverse, every trace captured is instantly a shared collaborative asset. Analyze the same execution data together and feed findings into other reverse engineering tools within the same workspace.

Full-system visibility

Capture the entire OS (registers, memory, kernel) to see exactly how an exploit behaves across the whole system, not just inside a single application.

Navigate the persistent dataset

Your execution becomes a permanent dataset. Step backward and forward through kernel and userland flows for exact root cause analysis without re-running the target.

Automate with agentic AI

Connect an AI agent via the dedicated MCP server to navigate millions of instructions and extract the exact insights you need in natural language.

Supported Architectures

Built for the Most Common Embedded Architectures

Test software binaries across the most widely used embedded architectures. Additionally, the technology is extensible to include support for specific proprietary IP.

Blue line icon of a computer monitor displaying a checklist with a navigation cursor.
Intel x86
Intel x64

Intel

Trace and fault x86 and x64 binaries to uncover side-channel leakage and fault injection vulnerabilities in software running on Intel-based embedded systems.

Blue glowing microchip icon with circuit patterns on a black background.
Arm32
Arm64

ARM

Run side-channel and fault injection campaigns on Arm binaries, the most common target in embedded and IoT security testing.

Blue glowing microchip icon with circuit patterns on a black background.
Risc-V

Risc-V

Execute and attack RISC-V binaries in emulation, bringing the same tracer and fault injection capabilities to one of the fastest-growing architectures in secure embedded development.

Get started

Start testing your binaries without hardware

Request a demo or reach out to discuss how esFirmware fits into your security workflow.

Your data is processed under GDPR. We’ll never sell or share it.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
FAQ

Frequently Asked Questions

We are always here to help you and answer your questions.

We are always here to help you and answer your questions.

Ask us directly
How does the tool manage proprietary IP?

We call it stubbing. This requires to hook the QEMU engine with your own code, in C language, in order to extend the emulation with the specifics of the proprietary IP. Once it is done once, the tool capability is augmented.

Can I refine the tool with my own fault model?

Absolutely. As a Python-based framework, we offer comprehensive documentation to assist you in implementing custom updates. Furthermore, our team has already successfully integrated and refined a diverse range of fault models.

Is it possible to create a script for an integration in my CI/CD?

Certainly. Python scripts can be transformed into standalone executables for seamless CI/CD integration. To ensure these tests remain effective as the codebase evolves, a structured management of the test campaign is necessary to maintain adaptability to changes.

How does it help for a root cause analysis?

Emulation provides significant advantages for root cause analysis. By pinpointing specific instructions vulnerable to fault injection or data leakage, you can map these weaknesses directly back to the source code to streamline security enhancements.

Our blog

Learn from
Technical Articles

Hardware Security

Evaluating the Side-Channel Security of Post-Quantum Hardware IP

November 26, 2025
Hardware Security

"Shifting left" secures PQC implementations from physical attacks

June 20, 2025
View all
Hardware Security

Evaluating the Side-Channel Security of Post-Quantum Hardware IP

November 26, 2025
Hardware Security

"Shifting left" secures PQC implementations from physical attacks

June 20, 2025
Hardware Security

Everything you need for a successful Laser Fault Injection campaign

October 4, 2024
View all