What is ESP?
What is ESP?
If you've ever bought a smart light bulb, automatic power switch, or IoT camera, you probably already have an ESP8266 or ESP32 microcontroller. A Chinese company called Espressif created ESP as an affordable platform for easily making smart products connected to Wi-Fi, Bluetooth, LoraWan, etc. Tiny microcontrollers pack amazing functionality into a rugged and inexpensive package, becoming even more popular after hackers started using the beginner-friendly Arduino IDE language on ESP.
Easy prototyping of Wi-Fi or BLE security devices is made possible by development boards with an ESP microcontroller mounted on a PCB with a USB interface for easy programming. These include NodeMCU and D1 mini, probably the most popular developer boards for ESP. These boards make it easy for beginners to work using popular languages such as Arduino, MicroPython and Lua.
Today we will talk more about ESP32.
For many of these years, the ESP32 seemed to have a good reputation. This is a fairly inexpensive module for developers interested in one-off projects. Over the past year, I've seen the ESP32 not only in several production systems, but also how its capabilities and ecosystem are being used in a variety of ways, making the board extremely interesting for many IoT developers. In today's post, I'll explain why I think the ESP32 is an intriguing solution for IoT and Wireless Pentesting.
Why is it popular?
Reason #1 - It's cheap
In many IoT systems I've developed software for, I've often found that a good percentage of the bill of materials goes directly to the connectivity and the microcontroller itself. ESP32 modules are quite inexpensive compared to many other solutions available on the market today. For example, if you look at the ESP32 modules that are available on the Digikeys website, you will see that these modules range from $3.80 to around $4.80 on average!
Reason #2 - Bluetooth/Wi-Fi combo module
When it comes to IoT or Pentesting, there is a certain need to be able to support multiple solutions for the job. In some cases, Bluetooth may be better for local connectivity needs, while a Wi-Fi connection is needed for cloud and remote device interactions. When a single module can provide both solutions, it is definitely a win-win not only for the developer but also for the end user. If the product only needs a Wi-Fi connection, the Bluetooth stack can be disabled, or Bluetooth can be enabled as a feature to be added later. I've seen several customers choose ESP32 for Wi-Fi functionality and then turn on Bluetooth to expand the feature set for their products.
Reason #3 — It has broad ecosystem support
ESP32 has a surprisingly large ecosystem. First, you can find many open source tools and libraries, such as those provided through the Arduino IDE. For example, Espressif offers development tools and software frameworks that seem robust enough to satisfy most developers.
Reason #4 - You can program in MicroPython
In addition to all the other reasons we discussed, the ESP32 is also an interesting solution because you can install MicroPython on the module and develop an application in Python. While I know this is not necessarily the best solution for the system, it does open up the possibility of quickly prototyping the system.
How to program ESP?
Microcontrollers like ESP don't have many features like full computers like Raspberry Pi. The biggest difference is that the microcontroller has no operating system. Instead, we need to program what we want and then load it to run in a loop.
To get started, download the Arduino IDE, add the ESP32 to the list of boards and connect it via USB. Next, select the development board you are using and flash the downloaded code onto it, such as Wi-Fi Deauther.
Opportunities
- Authentication attacks
One of the most powerful capabilities of the ESP32 is writing almost any type of Wi-Fi packet from scratch.
Wi-Fi routers can send a message called an authentication packet to any connected device. Similarly, a disconnect packet tells a device to disconnect when it leaves Wi-Fi coverage. The ESP32 can be used to spoof these messages, which can disable any target device within Wi-Fi range.
When de-authentication packets are sent continuously, Wi-Fi devices such as laptops and IoT security cameras will stop connecting to the network altogether. This is actually a DOS attack. The upcoming WPA3 standard fixes this by making authentication packets impossible, but until the new standard is widely used, most networks remain vulnerable to this flaw.
- Sniffing packets
The ESP32 can also intercept BLE and Wi-Fi packets. The Arduino PCAP library can read basic network information with Wireshark using ESP as a network adapter.
You can use packet sniffing and the Deauth detector to alert yourself to a possible deauth attack by intercepting a suspicious number of deauth packets. If someone starts using a tool like Deauther against a device on your network, the Deauth detector will detect the packet flow and alert you that your network is under attack.
The ESP32 can also be used to monitor all packets using a Wi-Fi or BLE packet monitor. This tool can monitor the number of access points and devices, as well as the number and type of packets sent in a given area.
- Creation of fake networks
The ESP32 can be used to forge a beacon packet, which is a type of packet used by a Wi-Fi access point to announce its name and basic information to anyone in range. These packages also help you find networks you already know.
A tool called Beacon Spammer can easily create up to a thousand fake networks at once. A hacker who adds the most common public Wi-Fi network names to this list and activates the Beacon Spammer will cause nearby smart devices to stop using MAC address randomization when trying to connect to familiar spoofed networks.
This means two things. First, the ESP32 can cause neighboring devices to stop using randomized MAC addresses, making them vulnerable to tracking. The second is that the ESP32 can determine which network names an attacker is likely to use in order to explore many possibilities while waiting for a response from the target device.
- "Small package, big potential"
For such a small and inexpensive device, it is quite remarkable that this microcontroller can probe nearby network devices, disconnect devices from the network altogether, or even detect a Wi-Fi or BLE attack. These capabilities continue to make the ESP32 an exciting platform for hackers and show how cheap an attack can be.
Practice
To install the Arduino IDE and all the necessary drivers, follow the link .
- BLE-scanner
The ESP32 can act as a BLE server or as a BLE client. There are several examples of BLE for ESP32 in the ESP32 BLE for Arduino IDE library. This library is installed by default when you install ESP32 in the Arduino IDE.
Note: You need to install the ESP32 add-on in the Arduino IDE. Follow one of the following links to prepare the Arduino IDE to work with the ESP32 if you haven't already.
▪ Windows instructions — ESP32 Board in Arduino IDE
▪ Mac and Linux instructions — ESP32 Board in Arduino IDE
In your Arduino IDE, you can go to File > Examples > ESP32 BLE Arduino and explore the examples installed with the BLE library.
Note: To see the ESP32 examples, select the ESP32 board from the Tools > Boards menu.
For a quick example of ESP32 with BLE in the Arduino IDE, we will create an ESP32 BLE server and then an ESP32 BLE scanner to find this server. We will use and explain the examples that come with the BLE library.
To replicate this example, you need two ESP32 boards. We will be using the DOIT DEVKIT V1 ESP32 board.
ESP32 BLE server
To create a BLE ESP32 server, open the Arduino IDE and go to File > Examples > ESP32 BLE Arduino and select the BLE_server example. The following code is loaded:
To create a BLE server, the code must perform the following steps:
- Create a BLE server.
- Create a BLE service.
- Create a BLE feature on the service.
- Create a BLE-descriptor on the characteristic.
- Start the service.
- Start advertisement so that it can be found by other devices.
How does the code work?
Let's take a quick look at how the BLE server example works.
It starts by importing the necessary libraries for BLE capabilities.
Then you need to define the UUID for the Service and Feature.
You can leave the default UUID or go to uuidgenerator.net to generate random UUIDs for your services and features.
In the setup() function, it starts a serial communication with a baud rate of 115200.
Then you create a BLE device called “MyESP32”. You can change this name to anything you like.
In the next line, you will set the BLE device as the server.
You then create a service for the BLE server with the UUID defined earlier.
Then you set a characteristic for that service. As you can see, you need to pass the characteristics properties as arguments. In this case it is: READ & WRITE.
After creating a characteristic, you can set its value using the setValue () method.
In this case, we set the value to the text “Hello World says Neil”. You can change this text to your liking. In future projects, this text can be a sensor reading or, for example, the state of a lamp.
Finally, you can run services and advertisements so that other BLE devices can scan and find this BLE device.
This is just a simple example of how to create a BLE server. This code doesn't do anything in the loop() function, but you can add it when a new client connects.
ESP32 BLE scanner
Creating an ESP32 BLE scanner is very easy. Grab another ESP32 (while the other one does the BLE server sketch). In your Arduino IDE, go to File > Examples > ESP32 BLE Arduino and select the BLE_scan example. You need to download the following code.
This code initializes the ESP32 as a BLE device and scans for nearby devices. Upload this code to the ESP32. You may want to temporarily disconnect the other ESP32 from the computer to make sure you are uploading the code to the correct ESP32 board.
Once the code is loaded and you should enable the two ESP32 boards.
Go to the serial monitor with the ESP32 running the “BLE_scan” example, press the ESP32 (with the “BLE_scan” sketch) ENABLE button to restart, and wait a few seconds for it to scan.
The scanner found two devices, one is ESP32 (it's named “MyESP32) and the other is MiBand2.
- ESP32 — Wi-Fi sniffer
This experimental project shows how to build a simple and inexpensive Wi-Fi packet analyzer (also known as a Wi-Fi sniffer). The heart of this project is the Wi-Fi module ESP32, which is capable of working in promisc mode. This means that this smart chip allows you to capture IEEE802.11 network packets for further analysis. Since the Wi-Fi module does not implement automatic channel switching, additional code is added to the main loop that switches channels at 500ms intervals. The presented sniffer requires a callback function that handles all received unreadable packets. The example callback function displays a few basic details, such as packet type (control packet, control packet, etc.), RSSI, or MAC addresses. The full code using ESP-IDF is on GitHub, click here .
Arduino version - https://github.com/ESP-EOS/ESP32-WiFi-Sniffer .
Here is the actual code to use:
Here is the result:
With one ESP32 board, it is better to monitor only 1 channel for better information collection, but considering their cheapness, it can look something like this:
Conclusions
I'm not trying to be an advocate or bias towards the ESP32 in any way. What I'm trying to do is share how intriguing these modules have become for professional developers building low-cost IoT products. The potential of using modules to reduce costs due to the integration of several solutions is quite high.
As you can see, in terms of the ratio of capabilities and price, ESP32 is quite interesting, and in any case, much more functional than ordinary Arduinos. Experiments with Wi-Fi are also quite interesting, on the board you can keep not only a fully functioning web server (even with support for websockets), but also study the operation of Wi-Fi and MAC in more detail.
In general, ESP32 modules are interesting when the capabilities of Arduino are not enough, and using Raspberry Pi with Linux is very expensive. By the way, the ESP32's computing capabilities allow you to use even a camera module, so that the board can be used as a wireless video call or a prototype for a home video surveillance system.
What do you think? Have you used or considered ESP32 in your products?
Коментарі
Дописати коментар
Олег Мічман в X: «Donations and support for media resources, bloggers, projects, and individuals. https://t.co/HPKsNRd4Uo https://t.co/R6NXVPK62M» / X
https://twitter.com/olukawy/status/1703876551505309973