As part of a team reverse-engineering the binary blob driver for the ESP32’s WiFi feature at Ghent University, [Jasper Devreker] saw himself faced with the need to better isolate the network packets coming from the ESP32-under-test. This is a tough call in today’s WiFi and 2.4 GHz flooded airwaves. To eliminate all this noise, [Jasper] had to build a Faraday cage, but ideally without racking up a massive invoice and/or relying on second-hand parts scavenged from eBay.
We previously reported on this reverse-engineering project, which has since seen an update. Although progress has been made, filtering out just the packets they were interested in was a big challenge. The solution was a Faraday cage, but on a tight budget.
Rather than relying on exotic power filters, [Jasper] put a battery inside a Faraday cage he constructed out of wood and conductive fabric. To get Ethernet data in and out, a fiber link was used inside a copper tube. Initial testing was done using a Raspberry Pi running usbip and a WiFi dongle. The Faraday cage provided enough attenuation that the dongle couldn’t pick up any external WiFi signals in listening mode.
The total cost of this build came down to a hair over €291, which makes it feasible for a lot of RF experiments by hobbyists and others. We wish [Jasper] and the rest of the team a lot of luck in figuring out the remaining secrets of Espressif’s binary WiFi blob using this new tool.
A grounded disabled microwave oven would not be enough?
Nope, as mentioned in the article (https://esp32-open-mac.be/posts/0003-faraday-cage/)
Yep, microwave provides quite good isolation, but probably not good enough for what they are trying to achieve… having poor/not really useable signal is not the same as no signal at all…
The author says they tried that in their article and the device was still able to connect to the AP
Why do you think it should be grounded?
RF shielding needs to be grounded to work just as much as your bathroom mirror needs to be grounded to work.
Because it’s a mains-powered device with a metal case? Of course it’s grounded!
The problem is actually that while it happily attenuates enough microwave energy to make it completely safe for a user, it’s nothing compared to how sensitive a wifi receiver is.
The rough numbers I found are that a typical microwave oven has about 27dB of shielding, which means 1/500th of the microwave energy gets through. The faraday cage in the article is stated to need *at least* 69dB of attenuation to prevent packets being received… which is 1/10000000th!
The safety measurements for a microwave oven are measured ~1.97 inches from the external surface of the device to minimise nearfield* effects (direct coupling) between the source and the measurement device. And the allowed leakage from an empty microwave oven (no load) is five times higher than for one containing a standard test item that will absorb microwaves (loaded).
(Leakage radiation at 5 cm from the surface of the microwave oven: 1.0 mW/cm2 with test load. 5.0 mW/cm2 without test load.)
* https://en.wikipedia.org/wiki/Near_and_far_field
So my question would be where was the DUT (Device Under Test) inside the microwave oven ? Was it suspended (on Styrofoam,glass, paper or most plastics) as far away from all external surfaces as possible to minimise any direct capacitive coupling effects from the circuit to the case.
I don’t understand the mirror stuff. I’ve never grounded a mirror, only teens.
Wouldn’t an old microwave oven work as a 2.4GHz Faraday cage?
Wouldn’t an old microwave oven, with a broken door, work as a 2.4Ghz jammer?
https://www.reddit.com/r/askscience/comments/cfzi35/can_a_microwave_oven_be_repurposed_as_a_wifi_and/
As I mentioned in another comment, a microwave oven is a good enough faraday cage to block 99.8% of the energy used to cook your food… but it needs to block >99.99999% of the energy to stop a modern wifi receiver from understanding what it’s hearing, which is 20000x lower!
Modern RF technology is amazing.
Could have bypassed all that work and just plugged into its ext ant port.
Maybe not. There were many times at my old office where we would forget to hook up the U.FL connector on a wifi card and because we were close enough to the AP the device still connected. Probably as a result of the onboard trace to the external antenna connector, and it was never a stong signal, but it could connect. These guys are trying to ensure that there was NO chance they could connect to intercept those seek packets.
Found the commenter that didn’t read the article! It was literally the first thing they tried.
In a past job I tried putting a pigtail shorted with a 50ohm resistor onto the antenna port of an RF module I was testing and needed to make sure it couldn’t receive… and it was leaky enough that it still *easily* picked up the local cell tower. I had to solder the resistor directly onto the board before it was able to overcome the module’s receiver sensitivity.
Maybe one can use an old microwave casing as cage?
I’m guessing the “build a Faraday cage” link is pointing at the wrong place.
I had the same thought.
Everyone is talking about microwave ovens. The shielding does attenuate 2.4GHz significantly, but not completely.
I just did a simple test – I’ve placed my smartphone in the microwave and closed the door. It stopped responding to pings (the nearest router is on the opposite side of the house), but the wi-fi scan screen still showed a few networks, indicating that at least some beacon frames pass through. I guess that would not be acceptable for [Jasper].
Brute force then. Just put the oven in a bigger oven:)
Nah!
Just run the microwave oven for 33 seconds or so.
B^)
Yep, I had the same thought ….. they forgot to turn the microwave on.
I have found that the phones sensitivity goes down quite a bit if you turn the oven on for a few seconds before you perform the test.
Thank you! Yes indeed. The battery will also become fully charged…
I have several zigbee sensors placed in my freezer, fridge and full-metal mailbox. All of them work fine even though they are contained in what is normally considered a Faraday cage. The mailbox is even quite far away. Zigbee also runs at 2.4 GH.
Couldn’t one replace the antenna with a resistor to make its effective gain very low? That combined with a microwave oven as a shield chamber might be enough, while still allowing communication with the wireless adapter placed next to it.
The correct link is https://esp32-open-mac.be/posts/0003-faraday-cage/; a microwave does not work (mentioned in the article); connecting the antenna connectors together with an attenuator in between doesn’t either (too much RF still leaking in)
I once built an wifi sniffer based on ESP8266 and wanted to check whether it can hear any signals when under water.
So I out it into a transparent dry box, put it into a bath tub and started filling it with water. As I remember just around 20 cm of water was enough to make it not recieve any beacons.
It had a screen, so it was easy to see the reception in real time.
So, if you put it in a microwave oven instead and then put it under 20 cm of water…
What was the tub made of? That far down in a metal trough shield would kill the neighbors WiFi.
What irks me is how much of a kW gets out nearby.
I propose experiments with new and used ovens with good phone’s receivers on the WiFi around you.
The penetration depth is inversely related to the frequency. It is one of the reasons why ELF was used to communicate with military submarines at the bottom of the ocean.
ELF – https://en.m.wikipedia.org/wiki/Extremely_low_frequency
My ESP8266 systems frequently causes my router to generate error messages denying WLAN access for security, unknown reason. This is only making a simple HTML webpage on my LAN…
Espressiff Systems, Shanghai is bound by the Chinese constitution so their products will have a back door.
I hope they find it just to know a fox is in the hen house.
The 69 dB (don’t chortle. it’s unseemly) he got is pretty good for a scratch-built Faraday cage. Even commercial screen ones normally achieve only 70 dB. You need to pay close attention to construction to get much better, but 110 dB is pretty routine for a high quality one.
An old safe should do the trick i suppose?
Speaking of Faraday’s cage, can someone explain to me why my zigbee sensors buried deeply inside the metal cages of my mailbox, fridge and freezer all report happily to Home Assistant? The receiver is not even nearby.
This is in contrast to all I have learned!
This is a great example of someone not understanding how something works, then dismissing expert advice because they couldn’t get it to work.
A grounded metal trash can, or any other completely enclosed metal box would have done the job.
Heck, hey could have used their original antenna-to-antenna method, and stuffed it into a pouch of grounded tinfoil.
For $400 I could have isolated a closet large enough to bring a chair and laptop into.