bluetooth

585 Articles

39C3: Liberating ESP32 Bluetooth

December 30, 2025 by 3 Comments

Bluetooth is everywhere, but it’s hard to inspect. Most of the magic is done inside a Bluetooth controller chip, accessed only through a controller-specific Host-Controller Interface (HCI) protocol, and almost everything your code does with Bluetooth passes through a binary library that speaks the right HCI dialect. Reverse engineering these libraries can get us a lot more control of and information about what’s going on over the radio link.

That’s [Anton]’s motivation and goal in this reversing and documentation project, which he describes for us in this great talk at this year’s Chaos Communication Congress. In the end, [Anton] gets enough transparency about the internal workings of the Bluetooth binaries to transmit and receive data. He stops short of writing his own BT stack, but suggests that it would be possible, but maybe more work than one person should undertake.

So what does this get us? Low-level control of the BT controller in a popular platform like the ESP32 that can do both classic and low-energy Bluetooth should help a lot with security research into Bluetooth in general. He figured out how to send arbitrary packets, for instance, which should allow someone to write a BT fuzzing tool. Unfortunately, there is a sequence ID that prevents his work from turning the controller into a fully promiscuous BT monitor, but still there’s a lot of new ground exposed here.

If any of this sounds interesting to you, you’ll find his write-up, register descriptions, and more in the GitHub repository. This isn’t a plug-and-play Bluetooth tool yet, but this is the kind of groundwork on a popular chip that we expect will enable future hacking, and we salute [Anton] for shining some light into one of the most ubiquitous and yet intransparent corners of everyday tech.

Old FM Radio Upcycled Into Classy Bluetooth Speaker

December 23, 2025 by 26 Comments

[Distracted by Design] loves gear from the 1980s, though some of it isn’t as useful as it used to be. He happened across a cheap old FM radio with a great look, but wanted to repurpose it into something more modern. Thus, he set about turning this cheap piece of old electronics into a stylish Bluetooth speaker.

All of the original electronics were stripped out, while the original speaker was kept since it neatly fit the case. Electronically, the build relies on a Bluetooth module harvested from an existing speaker. 3D-printed bracketry was used to fasten it neatly into place inside the radio housing, with the buttons neatly presented where the original radio had its tone and volume controls. Power is via an internal lithium-ion battery, charged over USB-C thanks to an off-the-shelf charging module.

Where the build really shines, though, is the detailing. The original cheap plastic handle was replaced with a CNC-machined wooden piece, bolted on with machined aluminium side plates. Similarly, the original clear plastic tuning window was replaced with another tasteful piece of wood that dropped perfectly into place. At the back, the charge port is nicely integrated. Where the radio formerly had a removable door for the power cable storage, it now has a machined aluminium plate hosting the USB-C charge port. Little 3D-printed button actuators were also used to integrate the Bluetooth module’s controls into the case.

It’s a very stylish build, overall. Perhaps the one area it’s a let down is in the sound quality. The ancient speaker simply doesn’t sound great compared to modern Bluetooth speakers and their finely-tuned, bassy audio. However, this isn’t necessarily a bad thing—sometimes it’s nice to have an audio source with a limited frequency response. It can be nice for use in an area where you may want to be able to easily speak over the music.

If you want to build a Bluetooth speaker of your own, you might like to whip up an open-source design from scratch. Video after the break.

Continue reading “Old FM Radio Upcycled Into Classy Bluetooth Speaker”

Liberating AirPods With Bluetooth Spoofing

December 12, 2025 by 18 Comments

Apple’s AirPods can pair with their competitors’ devices and work as basic Bluetooth earbuds, but to no one’s surprise most of their really interesting features are reserved for Apple devices. What is surprising, though, is that simple Bluetooth device ID spoofing unlocks these features, a fact which [Kavish Devar] took advantage of to write LibrePods, an AirPods controller app for Android and Linux.

In particular, LibrePods lets you control noise reduction modes, use ear detection to pause and unpause audio, detect head gestures, reduce volume when the AirPods detect you’re speaking, work as configurable hearing aids, connect to two devices simultaneously, and configure a few other settings. The app needs an audiogram to let them work as hearing aids, and you’ll need an existing audiogram – creating an audiogram requires too much precision. Of particular interest to hackers, the app has a debug mode to send raw Bluetooth packets to the AirPods. Unfortunately, a bug in the Android Bluetooth stack means that LibrePods requires root on most devices.

This isn’t the first time we’ve seen a hack enable hearing aid functionality without official Apple approval. However, while we have some people alter the hardware, AirPorts can’t really be called hacker- or repair-friendly.

Thanks to [spiralbrain] for the tip!

Another Thermal Printer, Conquered

November 11, 2025 by 13 Comments

The arrival of cheap thermal printer mechanisms over the last few years has led to a burst of printer hacking in our community, and we’re sure many of you will like us have one knocking around somewhere. There are a variety of different models on the market, and since they often appear in discount stores we frequently see new ones requiring their own reverse engineering effort. [Mel] has done some work on just such a model, the Core Innovation CTP-500, which can be found at Walmart.

The write-up is a tale of Bluetooth reverse engineering as much as it is one about the device itself, as he sniffs the protocol it uses, and finds inspiration from the work of others on similar peripherals. The resulting Python app can be found in his GitHub repository, and includes a TK GUI for ease of use. We like this work and since there’s an analogous printer from a European store sitting on the Hackaday bench as we write this, it’s likely we’ll be giving it a very close look.

Meanwhile if [Mel] sounds a little familiar it might be because of their print-in-place PCB holder we featured recently.

Simple Device Can Freeze Wi-Fi Camera Feeds

November 1, 2025 by 149 Comments

Wi-Fi cameras are everywhere these days, with wireless networking making surveillance systems easier to deploy than ever. [CiferTech] has been recently developing the RF Clown—a tool that can block transmissions from these cameras at some range.

The build is based around an ESP32, with three tactile switches and an OLED display for the user interface. The microcontroller is hooked up to a trio of GT—24 Mini radio modules, which feed a bank of antennas on top of the device. Depending on the mode the device is set to, it will command these modules to jam Bluetooth, BLE, or Wi-Fi traffic in the area with relatively crude transmissions.

The use of multiple radio modules isn’t particularly sophisticated—it just makes it easier to put out more signal on more bands at the same time, flooding the zone and making it less likely legitimate transmissions will get through. Specifically, [CiferTech] demonstrates the use case of taking out a Wi-Fi camera—with the device switched on, the video feed freezes because packets from the camera simply stop making it through.

It’s perhaps impolite to interfere with the operation of somebody else’s cameras, so keep that in mind before you pursue a project like this one. Files are on GitHub for the curious. Video after the break.

Continue reading “Simple Device Can Freeze Wi-Fi Camera Feeds”

Original E39 Head Unit Modernized

October 28, 2025 by 24 Comments

Although most modern cars have moved to using proprietary components nearly everywhere, especially when it comes to infotainment systems, for a brief moment which peaked in the 90s and 00s most cars shipped with radios that fit in a standard size opening called a DIN slot. If you wanted a new Pioneer or Kenwood stereo it was usually a simple matter to slide the factory radio out and put your choice of aftermarket head unit in its place. [Stefan] has an E39 BMW from this era and wanted to upgrade the factory radio but use the original hardware instead of replacing it.

This isn’t just a simple stereo upgrade either. [Stefan] has gone all-out for this build which he started in 2020. Beginning with a Kotlin/Jetpack Compose Linux application to handle control input from the vehicle’s various knobs and buttons he moved on to a map application and an on-screen keyboard. From there he implemented VGA to send video to the OEM screen, and now has a fully functional system based on a Raspberry Pi. It does everything the original unit can do including playing music and showing the feed from the backup camera, plus adds plenty of new, modern features like Bluetooth.

For a certain classic car enthusiast, this build hits a sweet spot of modernizing a true classic like the E39 without removing or permanently modifying any OEM components. The amount of work that went into it is pretty staggering as well, with [Stephan] putting in over 100 hours of work just to get the video signal timing correct. We also like it because it reminds us of the flash-in-the-pan “carputer” trend from the late 00s where people in the pre-smartphone age were shoving all kinds of computing horsepower in their trunks.

A photo of the robot and the controller

A Simple $25 Robot Based On The ESP32

October 25, 2025 by 16 Comments

[Paul McCabe] wrote in to let us know about his $25 robot. This small wheeled robot is based on an ESP32 and made using cardboard and hot glue.

You drive the contraption using a Bluetooth game controller thanks to the Bluepad32 library, which boasts a long list of supported hardware. [Paul] provides a Bill of Materials (BoM), complete with current component pricing. We don’t know about you, but it struck us as funny that the microcontroller is less expensive than the battery! Ah, the times we live in. Also [Paul] assumes you already have an appropriate Bluetooth controller and doesn’t include that in the total cost.

Continue reading “A Simple $25 Robot Based On The ESP32”