here you will find some exploit & tool code that was part of my presentation about the Sonos One @ Hack in the Box amsterdam 2023.
the EL3 exploit can be used to dump your OTP/eFUSE data.
sonostool can be used to get decryption keys for Sonos LUKS volumes as well as fetch and decrypt OTA updates without using a sonos device as an oracle.
the EL3 exploit/bug is still 0day at the time of writing. (never reported to vendor)
enjoy!
-- blasty [email protected]