iot thermostat

2 Articles

Honeywell X2S Smart Thermostat Firmware Reverse-Engineering

May 26, 2026 by 10 Comments

The Honeywell X2S Smart Thermostat is a Wi-Fi-enabled thermostat that is meant to integrate with your typical ‘smart home’ setup, with mobile app control available as well. Of course, just using it as-is would be extremely boring, so fortunately we have [author0] to take it apart and reverse-engineer its encrypted firmware.

Of the two brains in this thermostat the first is a succinctly named Renesas R7FA6M4AF3CFP MCU containing a 200 MHz Cortex-M33 core with TrustZone features to theoretically keep out any firmware hackers. Handling the wireless side is a Realtek RTL8721DM Wi-Fi/BLE 5.0 SoC. There are also two Winbond Flash chips connected to these two main chips, with their contents of course encrypted.

Fortunately there are plenty of test points to connect to, for which a custom pogo-pin equipped breakout board was created. Cracking the encryption for the Realtek turned out to be as simple as using its RSIP decrypt-on-the-fly feature. From there exploring the firmware was the next step, with a TLS issue pertaining to certificates found to make man-in-the-middle attacks easy, along with a seeding bug that makes recovering session keys possible.

Although the Renesas MCU firmware still has to be decrypted and the full wireless handshake reverse-engineered, these do seem to be solid steps towards fully reverse-engineering this thermostat. It also makes it very clear once again that the ‘S’ in IoT absolutely stands for ‘security’. Maybe that’s why the smart home bubble popped.

SST Is A Very Tidy ESP8266 Smart Thermostat

January 1, 2017 by 15 Comments

The smart thermostat has become in a way the public face of the Internet of Things. It’s a demonstration that technological uptake by the general public is driven not by how clever the technology is, but by how much use they can see in it. A fridge that offers your recipes or orders more eggs may be a very neat idea, but at street level a device allowing you to turn your heating on at home before you leave work is much cooler. Products like Nest or Hive have started to become part of normal suburban life.

There is no reason though for an IoT thermostat to be a commercial product like the two mentioned. Our subject today demonstrates this; SST is a Wi-Fi smart thermostat using an ESP8266 that can be controlled by an app, thanks to its use of the open-source Souliss IoT Framework.

The build is very well finished, with PCBs, colour display and other components in a neat 3D-printed box. It’s a project that you could put in front of an end-user, it’s finished to such a high standard. Physical entity files are available from the hackaday.io page linked above, while its firmware is available in a GitHub repository. THere is a video showing some of the device’s capabilities, which we’ve put below the break.

Continue reading “SST Is A Very Tidy ESP8266 Smart Thermostat”