Detecting Cars With An ESP8266 Magnetometer

Having a motorized gate on your driveway is great, but only if there’s an easy way to trigger it. [Andrew] says the gate at his parent’s place could only be controlled by manually pushing a button on the panel or with a dinky remote that didn’t have nearly the range they wanted. So he decided to build his own magnetometer allowing the gate to automatically open when a car was trying to leave.

Naturally, there are commercial offerings that would solve this problem. But with a sticker price of more than $150 USD, [Andrew] was more than happy to spend a bit of time tinkering to get the job done for less than 1/10th the cost with an ESP8266 and a QMC5883X series magneto-resistive sensor. Of course, this is one of those projects that seems simple enough in your head, but ends up taking a bit of finesse to pull off in the real-world.

For one, [Andrew] had to figure out how to prevent false positives. Pretty much any object brought close enough to the sensor, including his hand, would cause it to react. He ended up coming up with a way to use a rolling average to prevent the gate from firing off just because a squirrel ran past. The built-in safeties are designed to ensure that the gate only opens when an actual car is sitting in the appropriate spot for long enough.

Speaking of, we love how [Andrew] deployed the QMC5883X sensor for this project. The small sensor board and a few moisture-absorbing packets were placed in a Sonoff IP66 waterproof enclosure, and buried under the rocks of the driveway. A standard CAT5 cable is used to tether it to the ESP8266, relay, and assorted other goodies that now live in the gate’s control box. In the future he says the cable will likely have to go into a conduit, but for now the system is working more or less how he expected.

If your estate isn’t quite palatial enough to have a motorized gate out front, we’ve seen plenty of projects that add some much-needed intelligence to the humble garage door opener which might be more your speed.

Reading The Water Meter In A Literal Sense With An ESP8266

In our info-obsessed culture, hackers are increasingly interested in ways to quantify the world around them. One popular project is to collect data about their home energy or water consumption to try and identify any trends or potential inefficiencies. For safety and potentially legal reasons, this usually has to be done in a minimally invasive way that doesn’t compromise the metering done by the utility provider. As you might expect, that often leads to some creative methods of data collection.

The latest solution comes courtesy of [Keilin Bickar], who’s using the ESP8266 and a serial TTL camera module to read the characters from the LCD of his water meter. With a 3D printed enclosure that doubles as a light source for the camera, the finished device perches on top of the water meter and sends the current reading to HomeAssistant via MQTT without any permanent wiring or mounting.

Of course, the ESP8266 is not a platform we generally see performing optical character recognition. Some clever programming was required to get the Wemos D1 Mini Lite to reliably read the numbers from the meter without having to push the task to a more computationally powerful device such as a Raspberry Pi. The process starts with a 160×120 JPEG image provided by a VC0706 camera module, which is then processed with the JPEGDecoder library. The top and bottom of the image are discarded, and the center band is isolated into blocks that correspond with the position of each digit on the display.

Within each block, the code checks an array of predetermined points to see if the corresponding pixel is black or not. In theory this allows detecting all the digits between 0 and 9, though [Keilin] says there were still the occasional false readings due to inherent instabilities in the camera and mounting. But with a few iterations to the code and the aid of a Python testing program that allowed him to validate the impact of changes to the algorithm, he was able to greatly improve the detection accuracy. He says it also helps that the nature of the data allows for some basic sanity checks;  for example the number only ever goes up, and only by a relatively small amount each time.

This method might not allow the per-second sampling required to pull off the impressive (if slightly creepy) water usage data mining we saw recently, but as long as you’re not after very high resolution data this is an elegant and creative way to pull useful data from your existing utility meter.

ESP8266 And ESP32 WiFi Hacked!

[Matheus Garbelini] just came out with three (3!) different WiFi attacks on the popular ESP32/8266 family of chips. He notified Espressif first (thanks!) and they’ve patched around most of the vulnerabilities already, but if you’re running software on any of these chips that’s in a critical environment, you’d better push up new firmware pretty quick.

The first flaw is the simplest, and only effects ESP8266s. While connecting to an access point, the access point sends the ESP8266 an “AKM suite count” field that contains the number of authentication methods that are available for the connection. Because the ESP doesn’t do bounds-checking on this value, a malicious fake access point can send a large number here, probably overflowing a buffer, but definitely crashing the ESP. If you can send an ESP8266 a bogus beacon frame or probe response, you can crash it.

What’s most fun about the beacon frame crasher is that it can be implemented on an ESP8266 as well. Crash-ception! This takes advantage of the ESP’s packet injection mode, which we’ve covered before.

The second and third vulnerabilities exploit bugs in the way the ESP libraries handle the extensible authentication protocol (EAP) which is mostly used in enterprise and higher-security environments. One hack makes the ESP32 or ESP8266 on the EAP-enabled network crash, but the other hack allows for a complete hijacking of the encrypted session.

These EAP hacks are more troubling, and not just because session hijacking is more dangerous than a crash-DOS scenario. The ESP32 codebase has already been patched against them, but the older ESP8266 SDK has not yet. So as of now, if you’re running an ESP8266 on EAP, you’re vulnerable. We have no idea how many ESP8266 devices are out there in EAP networks,  but we’d really like to see Espressif patch up this hole anyway.

[Matheus] points out the irony that if you’re using WPA2, you’re actually safer than if you’re unpatched and using the nominally more secure EAP. He also wrote us that if you’re stuck with a bunch of ESP8266s in an EAP environment, you should at least encrypt and sign your data to prevent eavesdropping and/or replay attacks.

Again, because [Matheus] informed Espressif first, most of the bugs are already fixed. It’s even percolated downstream into the Arduino-for-ESP, where it’s just been worked into the latest release a few hours ago. Time for an update. But those crusty old NodeMCU builds that we’ve got running everything in our house?  Time for a full recompile.

We’ve always wondered when we’d see the first ESP8266 attacks in the wild, and that day has finally come. Thanks, [Matheus]!

Race RC Cars From Anywhere On Earth

Racing games have come a long way over the years. From basic 2D sprite-based titles, they’ve evolved to incorporate advanced engines with highly realistic simulated physics that can even be used to help develop real-world automobiles. For [], that still wasn’t quite good enough, so they decided to create something more rooted in reality.

The game is played in a web browser. Players are assigned a car and view the action from a top-down camera.

Their project resulted in a racing game based on controlling real RC cars over the internet, in live races against other human opponents. Starting with a series of Siku 1:43 scale RC cars, the team had to overcome a series of engineering challenges to make this a reality. For one, the original electronics had to be gutted as the team had issues when running many cars at the same time.

Instead, the cars were fitted with ESP8266s running custom firmware. An overhead GoPro is used with special low-latency streaming software to allow players to guide their car to victory. A computer vision system is used for lap timing, and there’s even automatic charging stations to help keep the cars juiced up for hours of play.

The game is free to play online, with the races currently operating on a regular schedule. We look forward to trying our hand at a race or three, and will be interested to see how the latency holds up from various parts of the world.

We’ve seen other remote RC builds before; usually featuring the power of the Raspberry Pi. We’ve also covered useful techniques for low latency video for real-time applications. Video after the break.

Continue reading “Race RC Cars From Anywhere On Earth”

Following Pigs: Building An Injectable Livestock Tracking System

I’m often asked to design customer and employee tracking systems. There are quite a few ways to do it, and it’s an interesting intersection of engineering and ethics – what information is reasonable to collect in different contexts, anonymizing and securely storing it, and at a fundamental level whether the entire system should exist at all.

On one end of the spectrum, a system that simply counts the number of people that are in your restaurant at different times of day is pretty innocuous and allows you to offer better service. On the other end, when you don’t pay for a mobile app, generally that means your private data is the product being bought and sold. Personally, I find that the whole ‘move fast and break things’ attitude, along with a general disregard for the privacy of user data, has created a pretty toxic tech scene. So until a short while ago, I refused to build invasive tracking systems – then I got a request that I simply couldn’t put aside…

Continue reading “Following Pigs: Building An Injectable Livestock Tracking System”

The Danish Internet Of Hot Tubs

Every hacker camp has its own flavor, and BornHack 2019 in the Danish countryside gave us the opportunity to sample some hacker relaxation, Scandinavian style. Among the attractions was a wood-fired hot tub of gargantuan proportions, in which the tired attendee could rejuvenate themselves at 40 Celcius in the middle of the forest. A wood-fired hot tub is not the easiest of appliances to control, so to tame it [richard42graham] and a group of Danish hackerspace friends took it upon themselves to give it an internet-connected temperature sensor.

The starting point was a TMP112 temperature sensor and an ESP8266 module, which initially exposed the temperature reading via a web interface, but then collapsed under too much load. The solution was to make the raw data available via MQTT, and from that create a web interface for the event bar, Twitter and IRC bots. There was even an interface to display hot tub temperature on the ubiquitous OHMlights dotted around the camp.

It’s more normal to control a hot tub via an electric heater, but since the wood fire on this one has to be tended by a camp volunteer it made sense to use the IRC system as an alert. It will be back at BornHack 2020, so we’ll have to do our job here at Hackaday and spend a long time lounging in the hot tub in the name of journalistic research to see how well it works.

A Custom Milled Jig For Smart Bulb Programming

Who would have thought that some day we’d need programming jigs for our light bulbs? But progress marches on, and as there’s currently a number of affordable Internet-controlled bulbs powered by the ESP8266 on the market, we’re at the point where a tool to help update the firmware on the light over your kitchen sink might be something nice to have. Which is why [cperiod] created this programming jig for AiLight smart bulbs.

Flashing the AiLight bulbs is easy enough, there’s a series of test points right on the face of the PCB that you can hook up to. But if you’re updating more than one of them, you don’t want to have to solder your programmer up to each bulb individually. That’s where the jig comes in. [cperiod] says there are already some 3D printed designs out there, but they proved to be a bit finicky.

The design that [cperiod] came up with and eventually milled out on a 1610 CNC router is quite simple. It’s effectively just a holder to keep the five pogo pins where they need to be, and a jumper that lets you toggle the chip’s programming mode (useful for debugging).

The neat trick here are the “alignment pins”, which are actually two pieces of 14 gauge copper wire that have had their ends rounded off. It turns out these will slip perfectly into holes on the AliLight PCB, ensuring that the pogo pins end up on target. It works well enough that you can hold the bulb and jig in one hand while programming, it just needs a little downwards pressure to make good contact.

We’ve previously seen how easily you can replace the firmware on some of these ESP8266 bulbs. While there’s certainly a downside to these bulbs being so simple to modify, it’s hard to deny their hackability makes them very appealing for anyone looking to roll their own network-controlled lighting system.