WarWalking With The ESP8266

[Steve] needed a tool to diagnose and fix his friend’s and family’s WiFi. A laptop would do, but WiFi modules and tiny OLED displays are cheap now. His solution was to build a War Walker, a tiny handheld device that would listen in WiFi access points, return the signal strength, and monitor the 2.4GHz environment around him.

The War Walker didn’t appear out of a vacuum. It’s based on the WarCollar Dope Scope, a tiny, portable device consisting of an off-the-shelf Chinese OLED display, an ESP8266 module, and a PCB that can charge batteries, provide a serial port, and ties the whole thing together with jellybean glue. The Dope Scope is a capable device, but it’s marketed towards the 1337 utilikilt-wearing, The Prodigy-blasting pentesters of the world. It is, therefore, a ripoff. [Steve] can build his version for $6 in materials.

The core of the build is an ESP-based carrier board built for NodeMCU. This board is available for $3.77 in quantity one, with free shipping. A $2 SPI OLED display is the user interface, and the rest of the circuit is just some perfboard and a few wires.

The software is based on platformio, and dumps all the WiFi info you could want over the serial port or displays it right on the OLED. It’s a brilliantly simple device for War Walking, and the addition of a small LiPo makes this a much better value than the same circuit with a larger pricetag.

A Lot Of WiFi Power, A Yagi, And A Sniper’s ‘Scope

Do you remember the early days of consumer wireless networking, a time of open access points with default SSIDs, manufacturer default passwords, Pringle can antennas, and wardriving? Fortunately out-of-the-box device security has moved on in the last couple of decades, but there was a time when most WiFi networks were an open book to any passer-by with a WiFi-equipped laptop or PDA.

The more sophisticated wardrivers used directional antennas, the simplest of which was the abovementioned Pringle can, in which the snack container was repurposed as a resonant horn antenna with a single radiator mounted on an N socket poking through its side. If you were more sophisticated you might have used a Yagi array (a higher-frequency version of the antenna you would use to receive TV signals). But these were high-precision items that were expensive, or rather tricky to build if you made one yourself.

In recent years the price of commercial WiFi Yagi arrays has dropped, and they have become a common sight used for stretching WiFi range. [TacticalNinja] has other ideas, and has used a particularly long one paired with a high-power WiFi card and amplifier as a wardriver’s kit par excellence, complete with a sniper’s ‘scope for aiming.

The antenna was a cheap Chinese item, which arrived with very poor performance indeed. It turned out that its driven element was misaligned and shorted by a too-long screw, and its cable was rather long with a suspect balun. Modifying it for element alignment and a balun-less short feeder improved its performance no end. He quotes the figures for his set-up as 4000mW of RF output power into a 25dBi Yagi, or 61dBm effective radiated power. This equates to the definitely-illegal equivalent of an over 1250W point source, which sounds very impressive but somehow we doubt that the quoted figures will be achieved in reality. Claimed manufacturer antenna gain figures are rarely trustworthy.

This is something of an exercise in how much you can push into a WiFi antenna, and his comparison with a rifle is very apt. Imagine it as the equivalent of an AR-15 modified with every bell and whistle the gun store can sell its owner, it may look impressively tricked-out but does it shoot any better than the stock rifle in the hands of an expert? As any radio amateur will tell you: a contact can only be made if communication can be heard in both directions, and we’re left wondering whether some of that extra power is wasted as even with the Yagi the WiFi receiver will be unlikely to hear the reply from a network responding at great distance using the stock legal antenna and power. Still, it does have an air of wardriver chic about it, and we’re certain it has the potential for a lot of long-distance WiFi fun within its receiving range.

This isn’t the first wardriving rifle we’ve featured, but unlike this one you could probably carry it past a policeman without attracting attention.

An ESP8266 in Every Light Switch and Outlet

[Hristo Borisov] shows us his clever home automation project, a nicely packaged WiFi switchable wall socket. The ESP8266 has continuously proven itself to be a home automation panacea. Since the ESP8266 is practically a given at this point, the bragging rights have switched over to the skill with which the solution is implemented. By that metric, [Hristo]’s solution is pretty dang nice.

esp8266-smart-lightswitchIt’s all based around a simple board. An encapsulated power supply converts the 220V offered by the Bulgarian power authorities into two rails of 3.3V and 5V respectively. The 3.3V is used for an ESP8266 whose primary concern is the control of a triac and an RGB LED. The 5V is optional if the user decides to add a shield that needs it. That’s right, your light switches will now have their own shields that decide the complexity of the device.

The core module seen to the right contains the actual board. All it needs is AC on one side and something to switch or control on the other The enclosure is not shown (only the lid with the shield connectors is seen) but can be printed in a form factor that includes a cord to plug into an outlet, or with a metal flange to attach to an electrical box in the wall. The modules that mate with the core are also nicely packaged in a 3D printed shield. For example, to convert a lamp to wireless control, you use a shield with a power socket on it. To convert a light switch, use the control module that has a box flange and then any number of custom switch and display shields can be hot swapped on it.

It’s all controllable from command line, webpage, and even an iOS app; all of it is available on his GitHub. We’d love to hear your take on safety, modularity, and overall system design. We think [Hristo] has built a better light switch!

ESP32 Hands-On: Awesome Promise

The ESP32 is looking like an amazing chip, not the least for its price point. It combines WiFi and Bluetooth wireless capabilities with two CPU cores and a decent hardware peripheral set. There were modules in the wild for just under seven US dollars before they sold out, and they’re not going to get more expensive over time. Given the crazy success that Espressif had with the ESP8266, expectations are high.

And although they were just formally released ten days ago, we’ve had a couple in our hands for just about that long. It’s good to know hackers in high places — Hackaday Superfriend [Sprite_tm] works at Espressif and managed to get us a few modules, and has been great about answering our questions.

We’ve read all of the public documentation that’s out there, and spent a week writing our own “hello world” examples to confirm that things are working as they should, and root out the bugs wherever things aren’t. There’s a lot to love about these chips, but there are also many unknowns on the firmware front which is changing day-to-day. Read on for the full review.

Continue reading “ESP32 Hands-On: Awesome Promise”

Simple Clock from Tiny Chip

If you haven’t jumped on the ESP8266 bandwagon yet, it might be a good time to get started. If you can program an Arduino you have pretty much all of the skills you’ll need to get an ESP8266 up and running. And, if you need a good idea for a project to build with one of these WiFi miracle chips, look no further than [Ben Buxton]’s dated, but awesome, NTP clock.

Continue reading “Simple Clock from Tiny Chip”

Nexmon Turns Nexus 5 (and RPi3!) Into WiFi Toolkit

Back in the day, when wardriving was still useful (read: before WPA2 was widespread), we used to wander around with a Zaurus in our pocket running Kismet. Today, every cellphone has WiFi and a significantly more powerful processor inside. But alas, the firmware is locked down.

mrmcd16-7748-deu-nexmon_-_make_wi-fi_hacking_on_smartphones_great_again_sdmp4-shot0005_thumbnailEnter the NexMon project. If you’ve got a Nexus 5 phone with the Broadcom BCM4339 WiFi chipset, you’ve now got a monitor-mode, packet-injecting workhorse in your pocket, and it looks a lot less creepy than that old Zaurus. But more to the point, NexMon is open. If you’d like to get inside what it took to reverse-engineer a hole into the phone’s WiFi, or make your own patches, here’s a great starting place.

But wait, there’s more! The recently released Raspberry Pi 3 has a similar Broadcom WiFi chipset, and has been given the same treatment, turning your RPi 3 into a wireless-sniffing powerhouse. How many Raspberry Pi “hacks” actually hack the Raspberry Pi? Well, here’s one.

We first learned of this project from a talk given at the MetaRhein-Main Chaos Days conference which took place last weekend. The NexMon talk (in German, but with slides in English) is just one of the many talks, all of which are available online.

The NexMon project is a standout, however. Not only do they reverse the WiFi firmware in the Nexus 5, but they show you how, and then apply the same methods to the RPi3. Kudos times three to [Matthias Schulz], [Daniel Wegemer], and [Matthias Hollick]!

Bathroom Status Reporting Hack Eliminates Lines, Frustration

In a lot of ways, portable toilets are superior to standard indoor-plumbing-style toilets. This is mostly due to the fact that they have a status indicator on the door. It’s a shame that no indoor bathrooms have figured this out yet, especially in office buildings where your awkward coworkers bang on every door rather than just check for feet in the huge gap that for some reason exists between the floor and the stall door. Anyway, [Chris] and [Daniel] came up with a solution for this issue, which also eliminates wait time for bathrooms in their office.

Their system is an automated bathroom status indicator that reports information about the bathroom’s use over WiFi. Since the bathrooms at their facility are spread out, it was helpful to be able to look up which bathroom would be free at any given moment. Several Raspberry Pis form the nerves of the project. Custom sensors were attached to a variety of different door locks to detect status. Each Pi reports back over WiFi. This accomplishes their goal of being subtle and simple. They also point out that they had to write very little code for this project since there are so many Unix and embedded hardware tools available to them. Checking the status of the bathroom can be as simple as running netcat.

If you’re looking to roll out your own bathroom status monitor solution, [Chris] and [Daniel] have made their code available on GitHub. There are a number of other ways to automate your bathroom, too, like switching the exhaust fan on when it gets too smelly or humid, or even creating a device that dispenses your toilet paper for you.