esp8266 reverse-engineering

[pfalcon]

A bit offtopic, but - saw your (I guess so) topic on bbs.espressif about packet injection work you did. Would like to make sure that folks who're interested in getting more of esp8266 know about each other's efforts and hopefully stay in touch. Some my stuff of interest mentioned here: tommie/lx106-hal#1 (comment)

[israellot]

Hi,
It's nice to meet people working around Esp8266. I really believe this chip
has potential, but Espressif is not moving towards opening their low level
stack. I see some open frameworks arising here and there, as the Sming, I
guess lead by some russian guys.
I've been seeking packet injection cause I have this crazy idea of making a
mesh framework for the ESP, without AP associations and all the 802.11
stuff, using just probe packets with a protocol stuffed into it, in a real
multi-to-multi scenario. It could replace solutions like zigbee and other
low power wireless devices, apart from being open sourced.
I'm probably not that familiar with such low level programming as you are
and I'm really learning a low from your tools. I'll try to make my way
around the ScratchABit https://github.com/pfalcon/ScratchABit and see if
I can patch some interesting rom functions.
Thank you for your work and reaching out to me. Let's definitely keep in
touch.

On Thu, Apr 30, 2015 at 9:59 AM, Paul Sokolovsky [email protected]
wrote:

A bit offtopic, but - saw your (I guess so) topic on bbs.espressif about
packet injection work you did. Would like to make sure that folks who're
interested in getting more of esp8266 know about each other's efforts and
hopefully stay in touch. Some my stuff of interest mentioned here: tommie/lx106-hal#1
(comment)
tommie/lx106-hal#1 (comment)

—
Reply to this email directly or view it on GitHub
#2.

[pfalcon]

I really believe this chip has potential, but Espressif is not moving towards opening their low level stack.

Well, there're even bigger problems with Espressif SDK, like completely messed up licensing, see http://www.cnx-software.com/2015/04/24/wipy-wi-fi-board-for-iot-runs-micropython-on-texas-instruments-cc3200-crowdfunding/#comments .

I see some open frameworks arising here and there, as the Sming, I guess lead by some russian guys.

Most of these are application-level frameworks which tends to use adhoc Espressif API instead of standard socket / TCP/IP APIs. However, taking a fresh look at Sming, I found https://github.com/kadamski/esp-lwip , which is something I had in my TODO, and very glad that there're people who actually can to do it right and making it truly open-source.

I'm probably not that familiar with such low level programming as you are and I'm really learning a low from your tools.

Well, it's good approach to try learn new (generic) things when working on reverse engineering on some closed product, because otherwise it can be just waste of time. I'm already glad that hacking with ESP8266 made me look into lwIP (I didn't have experience with it before). And I'm looking forward to learn more of how 802.11 protocol works ;-).

I'll try to make my way around the ScratchABit https://github.com/pfalcon/ScratchABit and see if I can patch some interesting rom functions.

Thanks. It works with https://github.com/themadinventor/ida-xtensa and while it is work in progress, should already let to do some useful things.

[ernacktob]

If you guys are interested, check out my repo. I have found ways to send (almost) arbitrary wifi frames, as well as receiving complete frames (it's not monitor mode, but can receive broadcast frames and frames with your MAC address).