Detecting Cars With An ESP8266 Magnetometer

Having a motorized gate on your driveway is great, but only if there’s an easy way to trigger it. [Andrew] says the gate at his parent’s place could only be controlled by manually pushing a button on the panel or with a dinky remote that didn’t have nearly the range they wanted. So he decided to build his own magnetometer allowing the gate to automatically open when a car was trying to leave.

Naturally, there are commercial offerings that would solve this problem. But with a sticker price of more than $150 USD, [Andrew] was more than happy to spend a bit of time tinkering to get the job done for less than 1/10th the cost with an ESP8266 and a QMC5883X series magneto-resistive sensor. Of course, this is one of those projects that seems simple enough in your head, but ends up taking a bit of finesse to pull off in the real-world.

For one, [Andrew] had to figure out how to prevent false positives. Pretty much any object brought close enough to the sensor, including his hand, would cause it to react. He ended up coming up with a way to use a rolling average to prevent the gate from firing off just because a squirrel ran past. The built-in safeties are designed to ensure that the gate only opens when an actual car is sitting in the appropriate spot for long enough.

Speaking of, we love how [Andrew] deployed the QMC5883X sensor for this project. The small sensor board and a few moisture-absorbing packets were placed in a Sonoff IP66 waterproof enclosure, and buried under the rocks of the driveway. A standard CAT5 cable is used to tether it to the ESP8266, relay, and assorted other goodies that now live in the gate’s control box. In the future he says the cable will likely have to go into a conduit, but for now the system is working more or less how he expected.

If your estate isn’t quite palatial enough to have a motorized gate out front, we’ve seen plenty of projects that add some much-needed intelligence to the humble garage door opener which might be more your speed.

Reading The Water Meter In A Literal Sense With An ESP8266

In our info-obsessed culture, hackers are increasingly interested in ways to quantify the world around them. One popular project is to collect data about their home energy or water consumption to try and identify any trends or potential inefficiencies. For safety and potentially legal reasons, this usually has to be done in a minimally invasive way that doesn’t compromise the metering done by the utility provider. As you might expect, that often leads to some creative methods of data collection.

The latest solution comes courtesy of [Keilin Bickar], who’s using the ESP8266 and a serial TTL camera module to read the characters from the LCD of his water meter. With a 3D printed enclosure that doubles as a light source for the camera, the finished device perches on top of the water meter and sends the current reading to HomeAssistant via MQTT without any permanent wiring or mounting.

Of course, the ESP8266 is not a platform we generally see performing optical character recognition. Some clever programming was required to get the Wemos D1 Mini Lite to reliably read the numbers from the meter without having to push the task to a more computationally powerful device such as a Raspberry Pi. The process starts with a 160×120 JPEG image provided by a VC0706 camera module, which is then processed with the JPEGDecoder library. The top and bottom of the image are discarded, and the center band is isolated into blocks that correspond with the position of each digit on the display.

Within each block, the code checks an array of predetermined points to see if the corresponding pixel is black or not. In theory this allows detecting all the digits between 0 and 9, though [Keilin] says there were still the occasional false readings due to inherent instabilities in the camera and mounting. But with a few iterations to the code and the aid of a Python testing program that allowed him to validate the impact of changes to the algorithm, he was able to greatly improve the detection accuracy. He says it also helps that the nature of the data allows for some basic sanity checks;  for example the number only ever goes up, and only by a relatively small amount each time.

This method might not allow the per-second sampling required to pull off the impressive (if slightly creepy) water usage data mining we saw recently, but as long as you’re not after very high resolution data this is an elegant and creative way to pull useful data from your existing utility meter.

Hackaday Podcast 034: 15 Years Of Hackaday, ESP8266 Hacked, Hydrogen Seeps Into Cars, Giant Scara Drawbot, Really Remote RC Car Racing

Elliot Williams and Mike Szczys wish Hackaday a happy fifteenth birthday! We also jump into a few vulns found (and fixed… ish) in the WiFi stack of ESP32/ESP8266 chips, try to get to the bottom of improved search for 3D printable CAD models, and drool over some really cool RC cars that add realism to head-to-head online racing. We look at the machining masterpiece that is a really huge SCARA arm drawbot, ask why Hydrogen cars haven’t been seeing the kind of sunlight that fully electric vehicles do, and give a big nod of approval to a guide on building your own custom USB cables.

Take a look at the links below if you want to follow along, and as always tell us what you think about this episode in the comments!

Direct download (54 MB)

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 034: 15 Years Of Hackaday, ESP8266 Hacked, Hydrogen Seeps Into Cars, Giant Scara Drawbot, Really Remote RC Car Racing”

ESP8266 And ESP32 WiFi Hacked!

[Matheus Garbelini] just came out with three (3!) different WiFi attacks on the popular ESP32/8266 family of chips. He notified Espressif first (thanks!) and they’ve patched around most of the vulnerabilities already, but if you’re running software on any of these chips that’s in a critical environment, you’d better push up new firmware pretty quick.

The first flaw is the simplest, and only effects ESP8266s. While connecting to an access point, the access point sends the ESP8266 an “AKM suite count” field that contains the number of authentication methods that are available for the connection. Because the ESP doesn’t do bounds-checking on this value, a malicious fake access point can send a large number here, probably overflowing a buffer, but definitely crashing the ESP. If you can send an ESP8266 a bogus beacon frame or probe response, you can crash it.

What’s most fun about the beacon frame crasher is that it can be implemented on an ESP8266 as well. Crash-ception! This takes advantage of the ESP’s packet injection mode, which we’ve covered before.

The second and third vulnerabilities exploit bugs in the way the ESP libraries handle the extensible authentication protocol (EAP) which is mostly used in enterprise and higher-security environments. One hack makes the ESP32 or ESP8266 on the EAP-enabled network crash, but the other hack allows for a complete hijacking of the encrypted session.

These EAP hacks are more troubling, and not just because session hijacking is more dangerous than a crash-DOS scenario. The ESP32 codebase has already been patched against them, but the older ESP8266 SDK has not yet. So as of now, if you’re running an ESP8266 on EAP, you’re vulnerable. We have no idea how many ESP8266 devices are out there in EAP networks,  but we’d really like to see Espressif patch up this hole anyway.

[Matheus] points out the irony that if you’re using WPA2, you’re actually safer than if you’re unpatched and using the nominally more secure EAP. He also wrote us that if you’re stuck with a bunch of ESP8266s in an EAP environment, you should at least encrypt and sign your data to prevent eavesdropping and/or replay attacks.

Again, because [Matheus] informed Espressif first, most of the bugs are already fixed. It’s even percolated downstream into the Arduino-for-ESP, where it’s just been worked into the latest release a few hours ago. Time for an update. But those crusty old NodeMCU builds that we’ve got running everything in our house?  Time for a full recompile.

We’ve always wondered when we’d see the first ESP8266 attacks in the wild, and that day has finally come. Thanks, [Matheus]!

ESP8266 Controls TiVo Over The Network

Remember the TiVo? The set-top DVR that was once so popular of a hacking target that Hackaday had a dedicated subdomain for it has today largely faded into obscurity as time-shifted viewing has given way to Internet streaming services like Netflix and Hulu. But make no mistake, while the TiVo may no longer be the centerpiece of the average home entertainment center, there’s a diehard group of antennaed aficionados that are still rocking (and hacking) them.

One such TiVotee is [Thomas McQueen], who recently discovered his TiVo-powered Virgin Media V6 DVR was listening for commands on the network. After finding some official documentation for the protocol and firing off a couple of test commands from his computer’s telnet client, he realized he had an opportunity to flex his microcontroller muscle and create a library that would allow controlling the set-top box with the ESP8266 or other network-capable MCU.

[Thomas] built his project on-top of the basic Arduino WiFi library, making every effort to make it as generalized as possible so it could work on a multitude of platforms and with various targets. He even made sure to give all his functions friendly names that won’t leave users scratching their head when they read through example code down the road. We’ve seen far too many software projects that were poorly documented or obtusely programmed, so it’s always good to see somebody putting some forethought into their code.

The library makes it easy to add TiVo control to your project, but [Thomas] went one step further and came up with an example application that provides a web interface on the ESP8266 or ESP32. Any device with a web browser, such as a smartphone, can connect to the UI and fire off commands to the TiVo. His next step is to combine his library with some code to talk to Amazon’s Alexa so he’ll be able to control playback with his voice.

We’ll hand it to these TiVo users, they’re a tenacious lot. Earlier in the year, we covered how one dedicated TiVo fan managed to brute-force the child lock on his DVR using the Arduino and an IR LED.

Four Years Of Learning ESP8266 Development Went Into This Guide

The ESP8266 is a great processor for a lot of projects needing a small microcontroller and Wi-Fi, all for a reasonable price and in some pretty small form factors. [Simon] used one to build a garage door opener. This project isn’t really about his garage door opener based on a cheap WiFi-enabled chip, though. It’s about the four year process he went through to learn how to develop on these chips, and luckily he wrote a guide that anyone can use so that we don’t make the same mistakes he did.

The guide starts by suggesting which specific products are the easiest to use, and then moves on to some “best practices” for using these devices (with which we can’t argue much), before going through some example code. The most valuable parts of this guide especially for anyone starting out with these chips are the section which details how to get the web server up and running, and the best practices for developing HTML code for the tiny device (hint: develop somewhere else).

[Simon] also makes extensive use of the Chrome developers tools when building the HTML for the ESP. This is a handy trick even outside of ESP8266 development which might be useful for other tasks as well. Even though most of the guide won’t be new to anyone with experience with these boards, there are a few gems within it like this one that might help in other unrelated projects. It’s a good read and goes into a lot of detail about more than just the ESP chips. If you just want to open your garage door, though, you have lots of options.

ESP8266 Sound Machine Soothes Baby Remotely

[Zack] had trouble getting his six-month-old to sleep through the night. That was before he found out about ‘shh’ videos on YouTube. These are exactly what they sound like: eight hours of someone whooshing white noise into a microphone. He set a phone up on a charger in the nursery and let one of these play overnight. But the phone was unreliable. It would lock up, or just crash completely, making the baby’s distress worse.

To restore peace in the house, he built a sound machine that both simplifies and fortifies the white noise shh-loution. It uses an ESP8266 and a DFPlayer Mini to loop a lone MP3 file of shh-video audio and play it from a small speaker. By integrating the machine with Home Assistant, he’s able to trigger the sound remotely at baby’s bedtime. ESP Home has no module for the DFPlayer, but [Zack] built one that he’s happy to share.

If you are mired in early parenthood, this is a nice, simple solution. The DFPlayer does all the work of reading from the SD card and converting the signal to analog for speaker output, so there’s no need to get your hands dirty wasting valuable sleeping or kid-playing time.

Once the kid starts toddling out of babyhood, [Zack] could turn to ESP8266-based ambient lighting to help establish the difference between sleep and wake time.