Practical IoT Cryptography on the Espressif ESP8266

The Espressif ESP8266 chipset makes three-dollar ‘Internet of Things’ development boards an economic reality. According to the popular automatic firmware-building site nodeMCU-builds, in the last 60 days there have been 13,341 custom firmware builds for that platform. Of those, only 19% have SSL support, and 10% include the cryptography module.

We’re often critical of the lack of security in the IoT sector, and frequently cover botnets and other attacks, but will we hold our projects to the same standards we demand? Will we stop at identifying the problem, or can we be part of the solution?

This article will focus on applying AES encryption and hash authorization functions to the MQTT protocol using the popular ESP8266 chip running NodeMCU firmware. Our purpose is not to provide a copy/paste panacea, but to go through the process step by step, identifying challenges and solutions along the way. The result is a system that’s end-to-end encrypted and authenticated, preventing eavesdropping along the way, and spoofing of valid data, without relying on SSL.

We’re aware that there are also more powerful platforms that can easily support SSL (e.g. Raspberry Pi, Orange Pi, FriendlyARM), but let’s start with the cheapest hardware most of us have lying around, and a protocol suitable for many of our projects. AES is something you could implement on an AVR if you needed to.

Continue reading “Practical IoT Cryptography on the Espressif ESP8266”

BBSing with the ESP8266

Modems have been around for longer than the web, and before we had Facebook we had the BBS scene. Somewhat surprisingly, people are still hosting BBSes, but have fun finding a landline these days. [Blake Patterson] is one of the leading aficionados of retocomputers, and recently he took it upon himself to review an interesting new device. It’s the WiFi232 Internet Modem, a device that turns a WiFi connection into something a computer with a 25-pin RS-232 connector can understand.

The WiFi232 is made by [Paul Rickards], and given the last few years of WiFi-enabled retrocomputing projects, it’s exactly what you would expect. Onboard the WiFi232 is an ESP8266 module emulating the Hayes AT command set. Baud rates from 300 to 115200 are supported, with power provided through a USB mini jack or solder terminals.

[Blake]’s computer den is the stuff of legend, and as such he has more than enough toys to test out this universal WiFi to Serial converter. Devices used in the test include the Apple //c, IIe, Amiga 1000, and TI-99/4A. In short, everything works just like it should. [Blake] was able to pull up the extant bulletin boards on his collection of ancient computers. You can check out [Blake]’s review of the WiFi232 below

Continue reading “BBSing with the ESP8266”

ESP8266 MQTT Remote Gate Entry

Do you live in an area where you (or your car) are locked in by a gate? If so, you may know how [Alexander Else] feels about letting his guests in and out constantly with a remote control — it’s just not convenient. [Alexander] could have just purchased some extra remote controls and passed them out, but they aren’t exactly as cheap as party favors. Not to mention it wouldn’t make sense to hand one out to every single visitor anyway. Because the gate is a community gate, hacking the actual gate system was not an option. There was only one thing he could do — hack the remote control!

Like just about every other hacker, [Alexander] had a spare ESP8266-based board lying around. [Alexander] also had a couple of spare relays which he used to control the two buttons on his designated ‘sacrifice’ remote — one relay per button. After throwing these parts together with a couple of supporting bits of electronics, the hardware was done.  Now [Alexander] can just set up HTTP Request Shortcuts on each trusted visitor’s smartphone. From there on out they can open/close the gates themselves!

Originally, he was using IFTTT to trigger the string of events that make it all happen, but there was a delay of about 8 seconds (from trigger to relay action). [Alexander] was not having this so he turned to the HTTP Request Shortcuts app. When he made this change, the delay disappeared. Continue reading “ESP8266 MQTT Remote Gate Entry”

Google Home Meets ESP8266

[Luc Volders] is building his own smart house with the help of Google Home and an ESP-8266. Inspired by the house computers from the TV show, Eureka [Luc] created an IoT ecosystem using a mix of off the shelf devices and open source software.

There are about a thousand ways to create a DIY smart home these days. All of them involve setting up a command receiver (like Amazon’s Echo or Google Home), some sort of cloud connection, and an end device controller. This can get complex for the beginner. [Luc’s] article is great because he walks is through each step tutorial style. He even keeps things simple by programming the ESP8266 using BASIC with ESP-BASIC.

[Luc] uses If This Then That (IFTT) as his cloud service. IFTT is the glue between Google’s cloud service and the ESP8266 connected to his home WiFi network. Speaking of which, [Luc] shows how to set up port forwarding on the router so all accesses to port 8085 go to the ESP8266. Not exactly strong security – but it’s better than opening the entire home network.

You don’t need a real Google home device for this hack. You can build your own with a Raspberry Pi. Once that is set up you can do everything from turning on lights to watering your lawn.

Continue reading “Google Home Meets ESP8266”

Multipurpose ESP8266 keychain

One of the best feature of the ESP8266 is its ability to self-host a web server, allowing for fairly complicated user interactions. The dEEbugger by [S-March] is a nifty little ESP8266 based device with a plethora of features in a small package.

The USB-powered device has a web user interface that enables it to be used as a low-bandwidth oscilloscope, I2C terminal, or UART terminal. As a scope, you may connect to it via your tablet and then use it as a remote voltage monitor. There is a peak detection feature which is a nice touch and gives the entire project a premium feel.

The serial terminal on an ESP8266 is not something new yet it is helpful in disconnecting the console window from the bench. The I2C terminal is where the device really shines as it can scan for connected devices on the connected bus. This Bus-Pirate like feature is useful for beginners as the software can scan the registers addresses of the devices as well.

[S-March] has made the schematic in PDF format as well as the entire code for the project available on GitHub so go right ahead and make it your own. We have had an ESP8266 based VT Terminal device in the past and merging the two would make for an excellent maker tool.

Thanks for the tip [René Arts]

Attack on the Clones: A Review of Two Common ESP8266 Mini D1 Boards

ESP8266-based development boards have proliferated rapidly. One favorite, the WEMOS Mini-D1 is frequently imitated and sold without any branding. As these boards continue to ship to hobbyists and retailers around the world, we thought it might be interesting to conduct a little experiment.

There are a few ESP8266 development boards available, and the most popular seem to be the NodeMCU ‘Amica’ board. Of course, there are dozens of other alternatives including the WiFiMCU, Sparkfun’s ESP8266 Thing, and Adafruit’s HUZZAH ESP8266. Given that, why is this review limited to the Mini D1 boards? Because the Mini D1 is the cheapest. Or was, until it was cloned.

We took a look at some of these ‘clone’ boards to figure out the differences, find out if they work as intended, and perhaps most importantly, are these clone boards shipped out reliably. What are the results? Check that out below.

Continue reading “Attack on the Clones: A Review of Two Common ESP8266 Mini D1 Boards”

Wireless Terminal Over ESP8266

From debug messages to the fundamental ‘hello world’, serial communication does it all over three little wires. Now imagine being able to cut the cord to your next microcontroller project and use your phone as a VT100 terminal. This was the premise of [Ondřej Hruška]’s Wireless Terminal Project where he took an ESP8266  and added an in-browser terminal emulator which can be accessed over WiFi. The final hardware uses an ESP-01 module mounted atop a breadboard adapter with a 3.3V LDO, protection circuitry for the pins and under-voltage disable.

The firmware is based on [SpriteTM]’s libesphttpd code which was modified to include the VT100 escape sequence parser. The parser, in turn, was coded as a state machine and compiled using Ragel which simplifies such projects greatly. When you access the tiny web server, the loaded webpage starts to communicate over web sockets to the ESP-01. Key-presses from the terminal are sent to the buffer and onto the parser and control logic. The characters are then passed to the hardware UART lines at 115200bps and if an escape sequence is detected, the corresponding action is executed instead.

[Ondřej Hruška] shares the code as well as a user manual in PDF for anyone who would like to try it out and help improve the project. With a little inspiration on learning about state machines, you could extend the project to your own use case as well.

Thanks for the tip [Marco Saarloos]