Security Disclaimer

SimpleGo writes firmware directly to your device. Please read and accept the following before proceeding.

Firmware Flashing Disclaimer

By using the SimpleGo Web Installer, you acknowledge and accept:

1. Hardware Modification. Flashing firmware modifies the software on your device. In Vault Mode, eFuse fuses are permanently burned on first boot - this is an irreversible physical change to the silicon.

2. Risk of Bricking. Interrupting the flash process (disconnecting USB, closing the browser, power loss) may leave the device in an unbootable state. Recovery requires reflashing via USB.

3. Data Loss. Flashing erases all existing data on the device: firmware, configuration, cryptographic keys, and message history. This cannot be undone.

4. No Warranty. SimpleGo firmware is provided as-is under AGPL-3.0. IT and More Systems is not liable for any damage to your device resulting from the flashing process.

5. Alpha/Beta Software. This firmware is under active development. Bugs, crashes, and security vulnerabilities may exist. Do not rely on this software for life-critical or safety-critical communication.

6. Compatible Hardware Only. This installer is designed exclusively for the LilyGo T-Deck Plus (ESP32-S3). Flashing incompatible hardware may cause permanent damage.

Full Security Disclaimer · Terms of Service · Privacy Policy

I have read and accept the security disclaimer and terms of service.

SimpleGo v0.2.0-beta · IT and More Systems · Recklinghausen, Germany

WebSerial Firmware Installer

Flash Tool

Install SimpleGo firmware directly from your browser. Choose between Open Mode for development or Vault Mode for hardware-secured production use. Connect your LilyGo T-Deck Plus via USB-C and flash in under two minutes.

Choose Your Security Level

✓

Open Mode

Development & Testing

Full access for development, debugging, and experimentation. Flash as often as you want. Can be upgraded to Vault at any time.

✓ Unlimited reflashing, freely overwritable

✓ Full JTAG and SPI debug access

✓ Upgradable to Vault later (one-time, irreversible)

⚠ NVS encryption OFF - private keys in plaintext on flash

Physical Attack Cost

~$15

✓

Vault Mode

Production - Hardware Secured

Hardware-secured production mode. Burns an HMAC key into eFuse on first boot. Private keys unreadable via SPI or JTAG. Permanent.

◆ NVS encryption ON (HMAC-based, eFuse BLOCK_KEY1)

◆ Private keys hardware-protected, not extractable

◆ eFuse BLOCK_KEY1 burned on first boot

⚠ Physically irreversible - cannot return to Open

Physical Attack Cost

~$30,000+

‹ Change v0.2.0-beta SimpleGo T-Deck Plus

Vault Mode - Irreversible Hardware Modification

Vault Mode burns a permanent HMAC key into the ESP32-S3 eFuse on first boot. This is a one-time physical change that cannot be reversed.

I understand this permanently modifies the hardware. Proceed.

Firmware Installation

Disconnected

Connect Device

Connect your T-Deck Plus via USB-C. Use a data cable, not charging-only. First time? Install CH343 drivers. The flasher auto-detects your ESP32-S3 chip and reads its MAC address.

... · ...

Download Firmware

Fetches the merged binary (~2-3 MB) from the server. Includes the ESP-IDF second-stage bootloader, custom partition table with NVS and OTA partitions, and the complete SimpleGo application compiled from source.

Write to Flash

Do not disconnect during this process. Written at 921,600 baud with compression enabled. A 3 MB binary typically completes in 60-90 seconds.

0%Waiting...

Complete

Click Reboot above to start SimpleGo. The device initializes cryptographic subsystems and generates fresh Ed25519 identity keys.

Serial Output

Flash Partition Layout - 16 MB

BOOT
64K

OTA_0 - firmware - 3 MB

OTA_1 - update slot - 3 MB

NVS
128K

KEYS
256K

CORE

OTA

Bootloader OTA A/B Slots NVS (config & keys) NVS keys (eFuse in Vault Mode)

Step-by-Step Guide CLI Method

What Gets Installed

Bootloader

ESP-IDF v5.5.2 second-stage bootloader with Secure Boot v2 capability

Partition Table

Custom layout: NVS (128 KB), OTA data, application (3.5 MB), key partition

Application

SimpleGo firmware: FreeRTOS dual-core, mbedTLS, complete SMP protocol stack

Crypto Engine

Double Ratchet, X3DH (Curve448), XSalsa20-Poly1305, Ed25519, AES-256-GCM

Protocol

Full SimpleX Messaging Protocol (SMP v6) with TLS 1.3 transport layer

UI Framework

LVGL v9 graphics library with cyberpunk theme, chat bubbles, QR code generation

Storage Layer

NVS ratchet state persistence, AES-256-GCM encrypted MicroSD chat history

Codebase

~50,000 lines of auditable C, compiled with -Os optimization from source

Requirements & Technical Details

Browser

Chrome 89+ or Edge 89+ (Web Serial API)

USB Cable

USB-C data cable (not charging-only)

USB Driver

CH343 Driver (WCH) ↗

Target Device

LilyGo T-Deck Plus (ESP32-S3)

Flash Size

16 MB OPI Flash, 8 MB PSRAM

Baud Rate

921,600 baud (compressed transfer)

Flash Mode

DIO @ 80 MHz, compressed writes

Flash Time

~60–90 seconds for complete firmware

What the Installer Does and Does Not Do

DOES

✓Flash authenticated firmware to your device

✓Verify SHA-256 checksum before and after writing

✓Auto-detect chip model and verify firmware compatibility

✓Show real-time progress in the serial log

✓Run entirely locally - esptool-js executes in your browser

DOES NOT

✗Read, upload, or transmit your device's eFuse chip ID

✗Require an account, login, or registration

✗Phone home or collect analytics after flashing

✗Write DRM or license enforcement to eFuse OTP

✗Burn Secure Boot or Flash Encryption keys (manual step)

Troubleshooting - Quick Reference

Device not detected

Install the CH343 USB driver. Try a different USB-C cable - many cables are charge-only and lack data pins.

Connection timeout

Hold BOOT on the T-Deck Plus while connecting, then release after the port appears. This forces download mode.

Flash fails mid-write

Use a cable under 1 m and connect directly to your computer, not through a hub. Hubs cause signal integrity issues.

Wrong chip detected

The firmware is built specifically for ESP32-S3. If a different chip variant is detected, the binary will not be compatible.

No splash screen

Press the RST button. If the screen stays blank, the display may need reinitialization - try flashing again with full erase.

WiFi not connecting

After first boot, press ALT+W to enter WiFi credentials in the settings menu.

Previous firmware conflict

If upgrading from a different firmware, erase the NVS partition first. Old cryptographic state in NVS can cause ratchet desync.

Build from source

Clone the repository, install ESP-IDF v5.5.2, and run idf.py build flash monitor

Guide

Step by Step - First Flash

From unboxing to first message in under five minutes. Follow these steps exactly on a fresh device.

Put Your Device Into Download Mode

Before the browser can write firmware, the ESP32-S3 must enter its ROM bootloader ("download mode"). This is a hardware state that bypasses the running firmware and gives direct flash access via the USB-UART bridge. On the LilyGo T-Deck Plus: hold the BOOT button (labeled "0" on the PCB), then press and release RESET, then release BOOT. The screen goes dark. The device is now in download mode and ready to receive firmware.

The BOOT button is on the left side of the PCB, accessible without opening the case.

BOOT (GPIO 0) held LOW → RESET pulse → release BOOT → ROM bootloader active

Connect via USB-C

Connect your T-Deck Plus to your computer with a USB-C cable using a direct USB port -- not a hub. Hubs can cause voltage drops that interrupt flashing mid-write. The T-Deck Plus uses a CH343 USB-to-UART bridge. On Windows, install the CH343 driver from WCH if the port is not automatically recognized. macOS and Linux detect it automatically.

Cable matters: Charge-only USB-C cables have no data lines and will not work. Use any cable explicitly labelled "USB 2.0 data" or "sync cable." If in doubt, try a different cable first before troubleshooting anything else.

Click Connect and Select the Serial Port

Click Connect in the flash tool above. Your browser shows a system dialog listing available serial ports. Select the one corresponding to your T-Deck Plus. On Windows: COM3 or COM6. On macOS: /dev/cu.usbserial-.... On Linux: /dev/ttyUSB0. The serial output window shows the detected chip model and MAC address.

Linux users: sudo usermod -a -G dialout $USER then log out and back in if no ports appear.

Click Install Firmware

Once connected, Install Firmware appears. Click it. The installer downloads the merged binary, verifies its SHA-256 checksum, erases the OTA application partitions, writes the firmware at 921,600 baud with compression, and verifies written data. Total time: approximately 60–90 seconds. A complete successful flash ends with ✓ SimpleGo firmware installed successfully. in the serial log.

Do not disconnect the USB cable during flashing. If interrupted mid-write, simply repeat the process -- the ROM bootloader is never overwritten and the device can always be recovered by entering download mode again.

First Boot and Configuration

After flashing, the device reboots automatically. On first boot, SimpleGo generates fresh cryptographic identities and initializes NVS storage. This takes approximately 3–5 seconds. You will see the SimpleGo splash screen, then the main chat interface. The device ships without WiFi credentials. Press ALT+W to open network configuration and enter your WiFi SSID and password. These are stored in the eFuse-encrypted NVS partition and never transmitted.

After configuring WiFi, the device connects to the default SMP relay servers. Press ALT+N to generate your first invitation link and share it with your contact.

Setup

After Flashing - First Boot

Four steps from flash to first message.

Splash Screen

ESP32-S3 initializes PSRAM, NVS, SD card. Hardware TRNG seeds the cryptographic RNG. Takes ~2 seconds on first boot.

Identity Generation

Device generates a fresh Ed25519 signing keypair and X25519 DH keypair stored in eFuse-encrypted NVS. No phone number. No account.

Network Config

Press ALT+W to configure WiFi. SSID and password stored encrypted in NVS. Green dot in status bar confirms active SMP relay subscription.

Share Your Link

Press ALT+N to generate an invitation link. Share via any channel. Your contact scans it in the SimpleX Chat app to start E2E encrypted messaging.

Keyboard Shortcuts

ALT+W WiFi configuration

ALT+N New invitation link

ALT+C Contacts list

ALT+S Settings menu

ALT+P Panic wipe

ALT+U OTA update URL

Status Bar

● Connected to relay

● WiFi OK, relay offline

● WiFi not connected

🔒 Messages encrypted

⟳ Subscription active

Compatible Clients

SimpleX Chat for iOS, Android, macOS, Linux, and Windows. No special version required -- SimpleGo speaks standard SMP v6.

simplex.chat/downloads ↗

Releases

Firmware Release History

All releases are published on GitHub with SHA-256 checksums. The web installer always downloads from the official release manifest. You can independently verify any binary before flashing.

Version	Date	Size	Key Changes	SHA-256 (truncated)
v0.2.0-betaCURRENT	2026-03-22	~3.1 MB	Open/Vault dual-mode installer - eFuse HMAC provisioning - Queue Rotation Phase 1 - Multi-server infrastructure (21 presets)	pending
v0.1.17-alpha	2026-02-28	~3 MB	AGPL-3.0 header audit · smp_app_run refactor · NVS extern cleanup · LVGL mutex fix for SPI sharing	a8f3c2d4...d7e1b9f2
v0.1.16-alpha	2026-02-14	~2.9 MB	Sliding window architecture · PSRAM 30-message cache · SD write performance · Backlight 16-level pulse	7c4f9e1a...3b8d0c66
v0.1.15-alpha	2026-01-30	~2.8 MB	Double Ratchet PFS · XSalsa20-Poly1305 per-queue layer · Full SMP handshake · 128-contact PSRAM array	f2a8b3c1...9e0d7f44
v0.1.10-alpha	2025-12-20	~2.4 MB	Initial TLS 1.3 via mbedTLS · SMP queue registration · NVS flash encryption · LVGL 9 display init	1d4a9c3b...8f2e7a01

Verify Integrity Manually

The web installer verifies SHA-256 automatically. To verify manually:

sha256sum simplego-tdeck-plus-latest.bin
a8f3c2d4...d7e1b9f2  simplego.bin

Reproducible Builds

All release binaries are reproducibly built. Given the same source, ESP-IDF version, and toolchain, you get a bit-for-bit identical binary. Instructions in BUILDING.md.

github.com/saschadaemgen/SimpleGo ↗

Advanced

Manual Flashing - CLI Methods

Prefer the command line? Full control over flash addresses, baud rates, and partition targets.

Method A - esptool.py (standalone, any OS)

Terminal - esptool.py

# Install esptool
pip install esptool

# Full flash: bootloader + partition table + app
esptool.py --chip esp32s3 --port COM6 --baud 921600 \
write_flash -z \
0x0000 bootloader.bin \
0x8000 partition_table.bin \
0x10000 simplego-tdeck-plus-latest.bin

esptool.py v4.8.1 Serial port COM6
Chip is ESP32-S3 (QFN56) (revision v0.2)
Flash size: 16MB Stub flasher running.
Writing at 0x00040000... (94 %)
Hash of data verified. Hard resetting via RTS pin...

Method B - idf.py (ESP-IDF 5.5.2 installed)

PowerShell - ESP-IDF 5.5.2

# Clone the repository
git clone https://github.com/saschadaemgen/SimpleGo
cd SimpleGo

# Set target and build
idf.py set-target esp32s3
idf.py build flash monitor -p COM6

# Full erase first (required when NVS structure changes)
idf.py erase-flash -p COM6
idf.py build flash monitor -p COM6

Method C - OTA Update (device already running SimpleGo)

Terminal - OTA via local HTTP

# Host firmware locally - device fetches over WiFi
python3 -m http.server 8080 --bind 0.0.0.0

# On device: ALT+U - enter URL of the hosted .bin
http://192.168.1.100:8080/simplego-tdeck-plus-latest.bin

OTA: Download 2918400 bytes OK
OTA: SHA-256 verify OK
OTA: Writing OTA_1 slot OK
OTA: Rebooting to new slot...

OTA update preserves all NVS data -- contacts, ratchet states, and WiFi credentials survive the update. The device uses an A/B OTA partition scheme: runs from OTA_0, writes to OTA_1, verifies, then reboots. If the new firmware fails to boot it automatically falls back to OTA_0.

Troubleshooting

Every Error - Solved

Most flashing problems have simple causes. Here is every error seen in the field with exact solutions.

⚠️

No serial ports appear in the browser dialog

Device not in download mode, wrong cable, or driver missing

Most likely cause: charge-only cable or the device is not in download mode. Check in this order: 1. Hold BOOT, press+release RESET, release BOOT 2. Try a different USB-C cable (must be data cable) 3. Connect directly to a USB port, not a hub On Windows, install the CH343 driver from wch-ic.com/downloads if the device shows as "Unknown Device" in Device Manager. On Linux: sudo usermod -a -G dialout $USER # then log out and back in

⚠️

Flash fails with "Could not connect to the chip"

Not in download mode, or baud rate too high for the cable length

Repeat the boot sequence: hold BOOT, press RESET, release BOOT. The device stays in download mode until it receives valid commands. Try a lower baud rate if using a long cable: esptool.py --chip esp32s3 --port COM6 --baud 115200 flash_id The web installer automatically falls back to 115200 if 460800 fails.

⚠️

Flash succeeds but device shows white screen or doesn't boot

Incomplete flash, wrong partition table, or corrupt OTA slot

Re-flash all three components together: esptool.py write_flash 0x0000 bootloader.bin 0x8000 partition_table.bin 0x10000 simplego.bin If the device still doesn't boot, perform a full erase first (this clears all NVS data): esptool.py --chip esp32s3 erase_flash

⚠️

Device boots but can't connect to WiFi (error 0x600)

WPA3 SAE authentication mismatch

Error 0x600 is an auth_mode failure. SimpleGo uses WIFI_AUTH_WPA2_PSK (not WPA3) to ensure broad router compatibility. If your router is configured for WPA3-only, set it to WPA2/WPA3 mixed mode in the admin panel. This is a one-line router change and does not weaken security for other devices.

⚠️

Messages arrive but replies don't reach contacts

Ratchet state desync from crash during cryptographic operation

First try pressing ALT+R (reconnect) to re-subscribe to all queues. If that doesn't resolve it, go to the affected contact's menu and select "Re-initialize conversation" to generate new queues and re-exchange keys. This only affects the specific contact -- other conversations use independent cryptographic state and are unaffected.

⚠️

"WebSerial API not available" in browser

Using Firefox, Safari, or an older Chrome version

WebSerial is only available in Chromium-based browsers (Chrome, Edge, Opera) version 89 or later. Firefox and Safari do not implement this API. Download Google Chrome or Microsoft Edge. Alternatively, use the CLI method (esptool.py) which works from any terminal on any OS.

Security

The Installer's Own Security Model

A tool for flashing a secure communications device should itself be trustworthy. Here is exactly how it is built, what it accesses, and what it cannot do.

🔒

No Server-Side Processing

The esptool-js engine runs entirely in your browser. The JavaScript is served as a static asset. Your device never initiates any network connections during flashing. Only the firmware binary is downloaded -- from a versioned, immutable GitHub Release URL that you can inspect before running.

🧾

Auditable Open Source

The entire web installer source is published under AGPL-3.0 at github.com/saschadaemgen/SimpleGo. The esptool-js library used is Espressif's official JavaScript implementation (ESP Web Tools). Both are fully open source and publicly auditable. No minified or obfuscated code anywhere.

📋

WebSerial Permission Model

WebSerial follows the browser's explicit permission model -- you must manually select the port in a system dialog. The website cannot silently enumerate, select, or communicate with any serial device. The permission is session-scoped and is not persisted across browser sessions.

🚫

No eFuse Writes

The web installer never writes to eFuse -- the one-time programmable silicon fuses that control Secure Boot and Flash Encryption. Enabling these features requires a deliberate, manual procedure. You cannot accidentally activate hardware security features through the web installer. eFuse provisioning is a separate, one-way, irreversible operation.

Resources