The ESP32 was introduced a few years ago as an inexpensive way to outfit various microcontrollers with WiFi or Bluetooth. Since then it has been experimented with and developed on, thanks to its similarities to the ESP8266 and the ability to easily program it. Watching the development of this small chip has truly been fascinating as it continues to grow. Or, in this case, shrink.
The latest development in the ESP32 world comes from [femtoduino] who, as the name suggests, makes very small things. This one is a complete ESP32 which fits inside a USB-A connector. The brains of the projects is the ESP32-D2WD which is a dual core chip with 2 Mb of memory, making it more than capable. In fact, a big part of this project was [femtoduino]’s modifications to MicroPython in order to allow it to run on this chipset. For that alone, it’s cool.
This project is impressive for both reasons, both the size and the addition to the MicroPython libraries. If you need something really really tiny, for whatever reason, you might want to look into picking up one of these. Be careful though, and be sure to get the latest version of the SDK.
24 thoughts on “Tiny ESP32 Fits Inside USB-A Connector”
I like the emerging naming convention for these USB form factor projects. First the Tomu (EFM32), then the Fomu (iCE40 FPGA), the Somu (STM32), and now the Femu (ESP32). Cutesy little names for cutesy little boards
I just finished having a very similar board built! Back in 2016 I saw that [cnlohr] had made a “WiFi-controlled USB Mouse and Keyboard” = Esp8285 with USB HID.
The EspUSB Tiny was too small for me to solder by myself, so I waited for someone to put it on Tindie. After waiting for 2 years, I started asking hackerspaces about manufacturing the boards, and finally got in touch with PCBWay in 2018.
I had several difficulties guessing parameters, but finally I have some working boards in my possession now! I’ll write a blog post about the manufacturing process soon.
Meanwhile, I’m taking pre-orders. If you want an EspUSB Tiny, please contact me! I need to know how many to order in the next batch.
It’s good to see a bit of nsa style tech filtering down but the repercussions for it’s abuse could be a terrifying prospect.
Could someone make a device that emulates an ordinary flash drive but also examines the file system of a computer it’s plugged into, copying sensitive files or modifying the host’s files?
Yes, actually many USB flash drives already have sufficient hardware to do lots of evil things (like emulating a keyboard, opening an editor, typing in an arbitrary program stored in hidden flash, and then executing it) and support firmware updates over USB. My only read-only (the flash is degraded so the controller no longer accepts writes) USB flash drive actually has a Phison controller which is known to be modifiable in this manner (see https://opensource.srlabs.de/projects/badusb/wiki/USB_storage).
It’s been done about 6 years ago for public release though could have been in use when first USB memory sticks came out or even before with typical HDDs – lots of spare space especially easy to get to if you find the code to reflash the HDD micro or its “secure” mapping section on the board or on any number of hidden tracks ;-)
Ie. You buy an 8G USB and ‘shows’ it’s 8G but, it’s really 16G or even more, of course it either comes with “USB efficiency data protection antivirus feature” or some such (eg oldie ‘secure’ dynamic encryption built in) which you can so easily accept if a name brand product or great copy of name brand etc
Then over time under various surreptitious methods finds anything on your other storage devices too as sensitive eg passwords, Bitcoin & others etc perhaps even with a script to capture keystrokes, mouse clicks – putting all those encrypted on the extra flash. Then of course you get an email or look up some seemingly safe software that looks for that particular type of USB and voila they gotcha up through the net !
Of course it’s probabilistic, devious and cunning and can lurk in the background for Decades, all you need is tech skill, appreciation of some psychology re the software or OS ‘updates’ etc and moderately deep pockets for long enough to wait for a return, the Bitcoin and other cryptocurrency ‘scanners’ high on the priority list of course – seen any biggie security breaches in that area in last 20 years or so ;-)
Direct access over USB is not possible, it’ll have to be facilitated by viruses on host. It is possible on PC Card, FireWire, ExpressCard or Thunderbolt and people say IOMMU can be leveraged to mitigate that.
Currently the user is expected to trust the firmware on those devices you plug in, and some OS may force disconnect on those buses so that the plugged in devices only operate with user’s consent.
Now someone needs to make some sort of open source flouroscopy machine so we can check our usb cables before use.
A cable is a passive device, so if you are scared somebody hided(??) some circuitry inside just unplug the cable on both ends and put some higher voltage across the various pins. Of course this won’t work for cable with active components (iirc Apple has something like this?).
There’s also those USB Type C to legacy Type A cables with a resistor across CC1/2 to enable fast charging. And once this method becomes widespread an attacker world include overvoltage circuitry (a resistor and zener); the counter-countermeasure would be detecting the current draw like playaspec suggests.
No protection circuitry is infallible. A zener can only shunt so much current until it blows… Any active device embedded into a cable would have some measurable effects. Its when the device is passive that it becomes an issue, I think I recall a passive NSA bug embedded in a VGA cable that allow an attacker to get a view of the user’s screen. I think a carrier signal was transmitted at the bug which reflected the signal back modulated with display data from one of the VGA lines. You’d have to be actively observing the radio spectrum until a listening event occurs, and I’m no radio guru but I’d guess that the carrier signal would be pretty directional so you’d have to be listening in the right spot. Evening noticing that you’ve been bugged would be a hell of a task.
Just check to see if the cable is drawing current. You can get an inline USB power meter for a few bucks.
Yes, but… that’s exactly like concluding your website isn’t compromised because the content looks unmodified. The controller deep sleep by default when plugged in, wake after 42 minutes, scan for a known WIFI SSID, and deep sleep another 42 mins if not found. Scuff up the cables so they don’t look suspiciously new then drop the cables at places your target frequents (gym, side of the road where they take walks, near their mailbox…)
It will still draw a lot more current than two insulated wires running parallel, so you’re basically testing for leakage currents at low voltage.
On Aliexpress in 3…2…1
I wrote a longer comment before about the EspUSB Tiny, a similar design that I just had manufactured. Please message me if you want to pre-order, I’ll get a new batch made soon.
Im interested, do you have a page or github that a fella can look at?
I’ll write the blog post about manufacturing soon, but the design is already on cnlohr’s Github:
In the blog post, I’ll explain how to read the schematic and make a BOM file (just an Excel spreadsheet), how to choose PCB manufacturing parameters (board thickness, type of solder, etc), all the emails I exchanged with PCBWay, lots of things that I guessed, the help I got from a kind guy called Aaron (youtube 12002230, https://atcnetz.de) who told me how to program it using a USB-serial adaptor, reading the Gerber file to find the serial Tx, Rx, GPIO0, 3.3V power and GND solder points, and my amazement that at the end, it actually works.
To make it easier for everybody, I’m planning to order a larger batch (say 20-50 units instead of 3 like this time), and program them all myself. So far 2 people have expressed an interest, so I need another 18 or so before I’ll send off the order. If you’re in a hurry and want to do it yourself, then sure! I’ll try to help you as much as I can. I just think it’ll be easier if I do all the hard work for you and just give you a Tindie/eBay link to buy the finished product.
I’d be interested
Please email me – it’s easy to find my name online, but you share a name with a famous MMA person, so I don’t know how to contact you!
I know I’m being a pedant with this complaint, but it actually is kind of important when assessing whether or not this is a suitable candidate for consideration for new projects. You write, “2Mb”. Is that 2 meta-BITS, or 2 mega-BYTES? The case of the letter ‘b’ (bits) vs. ‘B’ (bytes) is important. Similarly with ‘m’ (milli-) versus ‘M’ (mega-), but at least you used the correct scaling unit indicator. ;)
I was also curious, as it’s not uncommon to see flash capacity in megabits, but in this case it’s an editing mistake, as the IC actually has 16Mb or 2MB of memory.
meta-BITS? Do they have powers like a meta human
Yes, but they are just itty-bitty powers.
Please be kind and respectful to help make the comments section excellent. (Comment Policy)