ESP8266 Packet Sniffing

As I said in the To-Do list section, one of my goals was to capture some packets from the ESP8266 temperature sensor setup to show that the data is indeed very easy to read.

This took more time than I expected, as I decided to set up a raspberry pi as an acces point for the Esp8266 and use it to capture the traffic going through. I mainly did this because setting up mirroring on the router(s) I’d be using was a bit of a pain, plus there was a LOT of background traffic to have to sift through, since it was a shared router.

There wasn’t a huge amount to it: I basically just followed these instructions, although you’ll want to omit the step titled “Update hostapd” if you’re not using an Adafruit WiFi adapter (which I wasn’t).

Following this, I just installed tshark on the raspberry pi with:

sudo apt-get install tshark

After this, I added a user to the “wireshark” group with:

sudo usermod -a -G wireshark <username>

After doing this, remember to log out and then log back in for the changes to take effect, else they won’t, and you won’t be able to run tshark… Which is why I wasted a few minutes googling the problem…

Next, I just modified and uploaded my sketch in the Arduino IDE to use the SSID and password for the raspberry pi access point (see the “Configure Access Point” step of the “Install Software” section of the Adafruit guide to change these).

I set up the ESP8266 and temperature sensor as before and used the serial management console in Arduino to make sure it connects to the access point.

Now we’re ready to capture some packets:

tshark -i wlan0 -w /home/pi/espcapture.pcap

This will capture all packets being sent between the Pi and the Esp8266. You could change the interface to eth0 to see what’s going between your router and the pi, but frankly it will largely be the same stuff you see, alongside any other traffic being sent/received by background processes on the Pi. Hit Ctrl+C after a minute or so and you should have a good sample.

Finally, make sure you’ve installed Wireshark on your computer, then grab the file from the Pi (I use WinSCP because of personal preference, but FileZilla and other FTP clients are great too) and open it using Wireshark to see the contents of the files. Since they’re unsecured HTTP GET requests, they pretty much get sent in plain text, which should appear as follows:

espcapture2

This snippet of the output from Wireshark shows clearly the private key that I was using, as well as the temperature reading, completely unobscured, and obtained with completely free software!

Definitely not the way to go if you’re sending sensitive or critical information, and it could also compromise the security of other systems (i.e. the private key)…

Next, I will probably try to set up a simple web server on the raspberry pi and send information there so that I can try to implement some security measures in the ESP8266 firmware, and modify the server-side code to be able to handle this. If I find that something like HTTPS can be used, the Pi might not be necessary, but we’ll see!

Advertisements

Connecting to a Server

This will be a short one, since connecting to an HTTP server was surprisingly easy!
After doing everything mentioned in the last 2 posts, I started playing around with some examples, and found some ESP8266 specific ones.

Of particular interest was the example at: File>Examples>ESP8266WiFi>WiFiClient

The comments at the start of this example mention sparkfun.com, which allows users to send small amounts of data and display it either as a list of raw values, or as a chart via analog.io.

The only issues I had getting everything up and running were as follows:

1: The example code has a constant named “streamId” (line 15), which isn’t mentioned on the sparkfun page providing all private keys etc for the stream. Looking at the examples provided in the documentation, it’s clear that this field corresponds to the public key that sparkfun provides.

2: When you create a stream on sparkfun.com, you can choose to set a number of field names. I set mine to “temp” initially. If you choose any field name that isn’t just the word “value”, you will need to change “&value=” to something like “&temp=”.

After doing all this, I was able to see the incremented value posted to my sparkfun page (it’s not very interesting at the moment):

sparkfun1
My super interesting sparkfun page

 

Some things to note when using sparkfun: you can only upload 50MB of data before the earliest values start getting overwritten, and the maximum upload rate is 100 updates every 15 minutes (it’s all explained here).

At the moment I’m waiting on some temperature sensors to arrive, so when they do, I’m going to start trying to get one of those hooked up and post the results to the page!

Getting Off the Ground

esp8266plugged
The board with everything plugged in

Being fairly new to working this closely to the hardware, it took me a little while to get off the ground. I started off with the Olimex board that I linked in the previous post, and from there I had to find a way to get code from my computer onto this chip, and then figure out if said code was running.

I started off with the goal of trying to get a really simple example which makes an LED light on the chip blink.

First the shopping list:

That’s pretty much all you’ll need. A couple of important notes:
as I mentioned, the USB to TTL cable I linked is NOT compatible with windows 8 and 10 out of the box, and I had trouble getting it to work. This, paired with the fact that many of the instructions I saw online were for Unix systems (think Ubuntu and Mac OSX), made me decide to switch over to my Ubuntu 14.04 partition before continuing. Additionally, if you are using a different board to me, you probably won’t be able to attach a 5V power supply. You have been warned!

Much of what I did came from Olimex’ very own wordpress blog, however this is a little dated and leaves out some important info.

In particular: the above blog mentions selecting a programmer in the IDE, but in newer versions of the IDE, this is not necessary; just leave it at the default programmer.

Additionally, the blog does not mention that, in order to put code on the chip, it must be set to bootloader mode by turning off the power, holding down the big white button, turning the power back on, and then releasing this button.

The specifics can be found in Olimex’ more official documentation.

After following most of the steps on the blog and in the documentation, I managed to get the LED blinking! Success!

Next I’ll talk about connecting the chip to your WiFi and sending some basic messages to and from it.