ฝัง
- เผยแพร่เมื่อ 10 ก.พ. 2025
- Reverse engineering the Wi-Fi peripheral of the ESP32 to build an open source Wi-Fi stack.
During the 38c3, there are probably multiple thousands of ESP32s in the CCH, all of which run a closed source Wi-Fi stack. And while that stack works, it would be nicer to have an open source stack, which would grant us the ability to modify and audit the software, which carries potentially sensitive data.
So we set to work, reverse engineering the proprietary stack and building a new open source one. We soon discovered just how versatile the ESP32 can be, both as a tool for research and IoT SoC, when its capabilities are fully unlocked. This includes using it as a pentesting tool, a B.A.T.M.A.N. mesh router or an AirDrop client.
You'll learn something about Wi-Fi, the ESP32, reverse engineering in general and how to approach such a project.
Licensed to the public under creativecommons...
I can't wait to see what more comes of this
Someone finally did it, holly shit. I thought it would never happen.
Not only great work but also comcise and enjoyable presentation!
I am mainly working with esp stuff for years and always wondered when it will get reverse engineered. Thanks ;).
Look at you now! Ripping the original videos, before they go online on youtube. Clever hacker 😂
I can't complain. good video
Wow. I haven't watched the video yet, but I hope that an open-source stack is going to make it possible to run IPv6 properly on ESP devices, including ULAs, multiple prefixes, IPv6-only networks and all the other IPv6 features missing from the official stack.
Awesome work!
Keep up the good work!
Great work and presentation!
How come some videos are not found on the official ccc TH-cam channel? Like this one
official channel takes time, they are still uploading videos and this one has been posted there 5 hours ago.
anyone had more recent ESP32 S2 and S3 disconnecting from certain WiFi base stations and not others? for instance they'll disconnect from Cisco AP after 1h exactly, and it is repeatable, regardless of whether there are or aren't any signals being sent to or from esp32, but it works just fine with TPLink, Dlink and Mikrotik APs
software rebooting and reconnecting also doesn't help, it needs to be a completely power down, only then it will reestablish connection with Cisco AP
1h exactly is strange, my first guess would be DHCP lease time? Whatever it is it sounds cursed af, good luck!
@@piotrfila3684 DHCP lease time was set to like 24h or something, at least that is what I was told, I don't have access to that system, and weird part is that the problems persists with only Cisco APs on that network, TPlinks were also set to DHCP passthrough and connection to those APs isn't lost, only the Ciscos, and it happens only with esp32 S2 and S3, it doesn't happen to esp8266, those work more or less ok
it isn't a huge deal, the network is going to get upgraded, those Ciscos are from 2005 or something, old devices, not supported any more
I had this issue and to me always occurred with Huawei and ZTE APs, however when I change to TpLink, Netgear and GL.inet (all of them running Openwrt) then works flawlessly without drops. In my case, I always use static IPs for IOTs, so no definitely no DHCP related. At the beginning, I was suspecting about the stock Huawei and ZTE firmware but I am not sure because only occurs with ESP32 devices.
Who likes rust? *Crickets*
Me and the entire embedded rust community does. It's all open source, so if you want to have a completely free C stack, you can write one yourself. Don't tell other people how to use their free time according to your personal preferences.
@cablematrix5334
Two things: First, my comment was an observation based on the video--which it seems you didn't watch. The presenter asks the audience "Who of you likes Rust?" (0:23) which gets almost no response. Secondly, I couldn't ask for a better summary of the "Entire embedded rust community" than your shrill reply to something that was never said. Well done.
@@davidwillmoreThe response to that was pretty similar to that of the question regarding reverse engineering. Also your original comment does imply something and I've seen multiple comments like this on different platforms. There was a fairly large rust community on the 38c3, but rust isn't as established yet in the embedded community.
@cablematrix5334 The only implication is in your head. And the reply to the reverse engineering question was more signifigant than you imply. People can just listen for themselves if they like.
@davidwillmore If you say so, then my reply may have been a bit too harsh, that I'll admit. In the end it doesn't really matter how many people like the language it was made in, since it's open source, so they can do whatever they like with it.
This is likely the first time a linked list was used in the wild, this must be how Neil Armstrong felt when he made that first step.
See, this is why you need to study linked lists for 10 weeks of your first semester and why the exam will be entirely about linked lists.
I love that first question, "Who here likes Rust?" ... maybe like... one dude...
"Who likes Reverse Engineering?" Ah, so there is a crowd. Rust is just unpopular and sucks.
What exactly do you mean by "it sucks"? Do you have any real issues with it or does it just not meet your personal preference, which you perceive as objective.
@cablematrix5334 Calm down, Rusty.
@@adibemaxwell6111 That was a genuine question. What's your issue with Rust?
Great work! Would love to help, do you have a discord?
Keep up the good work!