ESP8266 And ESP32 WiFi Hacked!

[Matheus Garbelini] just came out with three (3!) different WiFi attacks on the popular ESP32/8266 family of chips. He notified Espressif first (thanks!) and they’ve patched around most of the vulnerabilities already, but if you’re running software on any of these chips that’s in a critical environment, you’d better push up new firmware pretty quick.

The first flaw is the simplest, and only effects ESP8266s. While connecting to an access point, the access point sends the ESP8266 an “AKM suite count” field that contains the number of authentication methods that are available for the connection. Because the ESP doesn’t do bounds-checking on this value, a malicious fake access point can send a large number here, probably overflowing a buffer, but definitely crashing the ESP. If you can send an ESP8266 a bogus beacon frame or probe response, you can crash it.

What’s most fun about the beacon frame crasher is that it can be implemented on an ESP8266 as well. Crash-ception! This takes advantage of the ESP’s packet injection mode, which we’ve covered before.

The second and third vulnerabilities exploit bugs in the way the ESP libraries handle the extensible authentication protocol (EAP) which is mostly used in enterprise and higher-security environments. One hack makes the ESP32 or ESP8266 on the EAP-enabled network crash, but the other hack allows for a complete hijacking of the encrypted session.

These EAP hacks are more troubling, and not just because session hijacking is more dangerous than a crash-DOS scenario. The ESP32 codebase has already been patched against them, but the older ESP8266 SDK has not yet. So as of now, if you’re running an ESP8266 on EAP, you’re vulnerable. We have no idea how many ESP8266 devices are out there in EAP networks,  but we’d really like to see Espressif patch up this hole anyway.

[Matheus] points out the irony that if you’re using WPA2, you’re actually safer than if you’re unpatched and using the nominally more secure EAP. He also wrote us that if you’re stuck with a bunch of ESP8266s in an EAP environment, you should at least encrypt and sign your data to prevent eavesdropping and/or replay attacks.

Again, because [Matheus] informed Espressif first, most of the bugs are already fixed. It’s even percolated downstream into the Arduino-for-ESP, where it’s just been worked into the latest release a few hours ago. Time for an update. But those crusty old NodeMCU builds that we’ve got running everything in our house?  Time for a full recompile.

We’ve always wondered when we’d see the first ESP8266 attacks in the wild, and that day has finally come. Thanks, [Matheus]!

Measuring Particulate Pollution With The ESP32

Air pollution isn’t just about the unsightly haze in major cities. It can also pose a major health risk, particularly to those with vulnerable respiratory systems. A major part of hazardous pollution is particulate matter, tiny solid particles suspended in the air. Particulate pollution levels are of great interest to health authorities worldwide, and [niriho] decided to build a monitoring rig of their own.

Particulate matter is measured by an SDS011 particulate matter sensor. This device contains a laser, and detects light scattered by airborne particles in order to determine the level of particulate pollution in PM2.5 and PM10 ranges. The build makes use of an ESP32 as the brains of the operation, chosen for its onboard networking hardware. This makes remotely monitoring the system easy. Data is then uploaded to a Cacti instance, which handles logging and graphing of the data.

For those concerned about air quality, or those who are distrustful of official government numbers, this build is a great way to get a clear read on pollution in the local area. You might even consider becoming a part of a wider monitoring network!

New Life For Old Nintendo Handhelds With ESP32

The Game Boy Pocket was Nintendo’s 1996 redesign of the classic 1989 handheld, giving it a smaller form factor, better screen and less power consumption. While it didn’t become as iconic as its predecessor, it still had enough popularity for modders such as [Eugene] to create new hardware for it. His Retro ESP32 board is a drop-in replacement for the console’s motherboard and screen, giving it a whole new life.

[Eugene] is no stranger to making this kind of mod, his previous Gaboze Pocaio project did the exact same thing with this form factor, only with a Raspberry Pi instead of the ESP32-WROVER used here. His choice of integrated SoC was based on the ODROID-GO, which is a similar portable console but with its own custom shell instead.

This project doesn’t stop at the hardware though, the Retro ESP32 (previously dubbed Gaboze Express) also offers a user-friendly interface to launch emulators. This GUI code can be used with the ODROID as well since they share the same hardware platform, so if you have one of those you can try it out right now from the software branch of their repository.

If the idea of replacing retro tech innards with more modern hardware is something that interests you, look at what they did to this unassuming Osborne 1, or this unwitting TRS-80 Model 100. Poor thing didn’t even see it coming.

Hackaday Podcast 029: Your Face In Silver Sand, Tires Of The Future, ESP32 All The CNC Things, And Sub In A Jug

Hackaday Editors Elliot Williams and Mike Szczys geek out over the latest hacks. This week we saw a couple of clever CNC builds that leverage a great ESP32 port of GRBL. The lemonade-pitcher-based submarine project is everything you thought couldn’t work in an underwater ROV. Amazon’s newest Dot has its warranty voided to show off what 22 pounds gets you these days. And there’s a great tutorial on debugging circuits that grew out of a Fail of the Week. Plus, we get the wind knocked out of us with an ambitious launch schedule for airless automotive tires, and commiserate over the confusing world of USB-C.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Direct download (58 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 029: Your Face In Silver Sand, Tires Of The Future, ESP32 All The CNC Things, And Sub In A Jug”

Building A Safe ESP32 Home Energy Monitor

The first step to reducing the energy consumption of your home is figuring out how much you actually use in the first place. After all, you need a baseline to compare against when you start making changes. But fiddling around with high voltage is something a lot of hackers will go out of their way to avoid. Luckily, as [Xavier Decuyper] explains, you can build a very robust DIY energy monitoring system without having to modify your AC wiring.

In the video after the break, [Xavier] goes over the theory of how it all works, but the short version is that you just need to use a Current Transformer (CT) sensor. These little devices clamp over an AC wire and detect how much current is passing through it via induction. In his case, he used a YHDC SCT-013-030 sensor that can measure up to 30 amps and costs about $12 USD. It outputs a voltage between 0 and 1 volts, which makes it extremely easy to read using the ADC of your favorite microcontroller.

Once you’ve got the CT sensor connected to your microcontroller, the rest really just depends on how far you want to take the software side of things. You could just log the current consumption to a plain text file if that’s your style, but [Xavier] wanted to challenge himself to develop a energy monitoring system that rivaled commercial offerings so he took the data and ran with it.

A good chunk of his write-up explains how the used Amazon Web Services (AWS) to process and ultimately display all the data he collects with his ESP32 energy monitor. Every 30 seconds, the hardware reports the current consumption to AWS through MQTT. The readings are stored in a database, and [Xavier] uses GraphQL and Dygraphs to generate visualizations. He even used Ionic to develop a cross-platform mobile application so he can fawn over his professional looking charts and graphs on the go.

We’ve already seen how carefully monitoring energy consumption can uncover some surprising trends, so if you want to go green and don’t have an optically coupled electricity meter, the CT sensor method might be just what you need.

Continue reading “Building A Safe ESP32 Home Energy Monitor”

High-Tech Alms Collection With The ESP32

In an ideal world, shop space, tools, and components would be free. But until we get to that Star Trek utopia, hackerspaces will have to rely on donations from the community to help stay afloat. While asking for money, at least you can have some fun with it if you design and build an Internet-connected donation box.

Or at least that’s how [Goran Mahovlic] handled it for the Radiona hackerspace in Zagreb, Croatia. Not content with just cutting a slit in the top of a shoe box, he came up with a physical donation system that’s not only more informative for those donating, but more organized for those collecting the funds.

The key is a arcade-style programmable coin acceptor from SparkFun. When connected to a microcontroller, this allows the box to keep a running tally on how much money has been inserted. With the use of a RFM96 LoRa module, it can even report on the current haul while remaining mobile; perfect for when the hackerspace has events outside of their home base.

But counting quarters is hardly a task befitting a powerful microcontroller like the ESP32. So [Goran] gave the chip something to do in its spare time by adding a couple of buttons and an LCD. This allows the user to scroll through a list of various projects that are looking for donations, and decide which one they want to financially support. When the donation box counts how much money has been inserted, it records which project its been earmarked for.

Of course, if you’d rather the free market do its thing, we’ve seen this same coin acceptor used to build a locker-sized vending machine. Or if you’re feeling crafty, you could always try your hand at building one with cardboard.

Continue reading “High-Tech Alms Collection With The ESP32”

New Part Day: The $15 ESP32 With Cellular

Cruise around AliExpress for long enough and you’ll find some interesting new hardware. The latest is the TTGO T-Call, an ESP32 breakout board that also has a cellular modem. Yes, it’s only a 2G modem, but that still works in a lot of places, and the whole thing is $15.

On board the TTGO T-Cal is the ESP-WROVER-B, the same module you all know and love that features a dual-core ESP running at 240 MHz with 4 MB of Flash and 8 MB of SRAM. Add to this WiFi and Bluetooth, and you have a capable microcontroller platform. Of note is that this board includes a USB-C port, ostensibly wired so that it behaves like a normal USB micro port. That’s neat, 2019 is the year USB C connectors became cheaper than USB micro connectors.

In addition to the ESP32 module, there’s also cellular in the form of a SIM800 module. This module has been around for a while and used in many, many cellular-connected projects and products like the ZeroPhone. This module is only a 2G module, and that’ll be going away shortly (if not already) in built-up areas, but this can serve as a building block for modules that have more Gees than a 2G module. That said, if you’re looking for a WiFi and cellular bridge for fifteen bucks, you could do a lot worse for a lot more money.