I've been playing with these ESP8266 devices lately and they're incredible. They sip power, they cost 2 bucks, and are incredibly versatile. Watch these chips in the future. They're really gonna push the envelope for the IoT.
I was playing around with them until I realised they're incapable of being secure.
They only have enough ram for one, maybe two TLS sessions at once; to make things worse, no one has written support for modern (secure) ciphers. The SSL stacks that come with the Espressif SDK are vulnerable to almost every attack you've probably heard of. Slightly better (but not fixed) is https://github.com/superhouse/esp-open-rtos.
I could no longer rationalise being party to the propagation of the "internet of insecure things". Instead, spend the extra $7 and use something with a bit more power, like a C.H.I.P. http://getchip.com then you can write normal programs (it's a full linux OS) and not be limited to only insecure protocols.
Is the lack of modern ciphers fixable in software? There are plenty of use cases for one TLS session as are there use cases where security doesn't matter, like sending sensor data.
There is no such thing as a case where security doesn't matter. Even if a sensor isn't detecting something sensitive, it is probably being fed into a system that does need to be secure and now you have an easy entry point.
> Is the lack of modern ciphers fixable in software? There are plenty of use cases for one TLS session as are there use cases where security doesn't matter, like sending sensor data.
They don't have enough resources for an 4096 bit RSA negotiation, so they top out at 2048 bit. You may be able to use some of the newer elliptical curve stuff.
I was going to try and get nacl/libsodium working on them, but gave up when I realised I can just use a more powerful board instead.
I can't wait for the ESP32 to become generally available. Bluetooth, way more IO, dual core processor. Basically taking all the lessons of repurposing the ESP8266 as a IoT board and applying it to a purpose built chip that is still supposed to be dirt cheap compared to things like a Particle Photon.
I emailed espressif yesterday seeing if I could pay for a beta ESP32 since I've got the hang of working on these devices. They said I had to wait til august for general release :(
That's great to know. I'm just finishing up an sms messaging water detector. My next project is going to be a small mesh network in the woods. Haven't seen any range tests yet, so this is great news.
Instead of a WiFi mesh at 2.4GHz, why not a low-power radio like the RFM69 with a much longer range? I'm assuming your next project also requires low data rates like the water detector.
I'd like to test the bluetooth functionality of the ESP32 to see power consumption of that vs wifi. My requirement will be cell phones connecting to this mesh network. Data rates aren't a concern for the next project. The mesh nodes should connect to each other. And on everyone's phone, it should look like one wireless network.
I'm using an amica nodemcu board paired with a sainrite water level sensor. It's powered off of a cell phone battery charger for now. The code is all in C. I use twilio to send texts.
The final thing I need to build is a way to wake the device up from sleep when water is detected. Doing so should let it run for a very long time. (year(s)) I have a few ideas for a solution, but have been swamped lately.
Nice writeup. Someone gave me a great idea of running an ATTiny to send a wake command to the ESP when water is detected. I'm going to try a few different ways and compare battery usage.
"Originally ray's code "latched" onto the open access point and requested an IP address just to prove the WiFi was truly open; but various laws govern connecting anonymously to private WiFi networks, so the project was changed to simply identify their presence."
Interesting, I hadn't heard about that. Are these US Laws? Is this the Richard Stanley ruling?
Does anyone have a good tutorial to get started? I have a few ESP8266s for a project I'm working on. I have a solar regulator that outputs the load over serial connection. I'd like to do this over wifi so i don't have to run a 50ft serial cable.
It's too bad they don't have GPS but maybe tower location is good enough. It would be cool as anything to have these get cheap enough you could attach one to every runner's bib in the New York City Marathon and watch the resulting data set.
I could see both real-time location services (where's my wife on the course?), cheating prevention (why is this tag in the back of a taxi on 8th avenue?) and so on. People would probably pay $5-$10 extra to have that attached to their bib for their family to see.
Sure you can accomplish the same using any number of iphone / android tracking apps but they're all battery suckers.
You can get a GPS module on aliexpress for around $6, whereas an ESP8266 is <$2. So it's still very affordable, but GPS is quite a bit more complicated than WiFi and correspondingly more expensive.
Does anybody know of a low powered chip that's standalone can be used as an addon to the ESP8266,which is capable of sending rf signals in the 60ft range?
Basically I'm trying to have a setup with a few low powered devices that can talk to a central device. I figured each one having wifi would be too expensive and power consuming so I was think of sending rf signals to communicate. I'm more than open to ideas since this is my first project of this sort. Please and thank you!
Nordic's nRF24L01 was all the rage before the ESP came along. It's 2.4GHz, but you don't have to worry about following the Bluetooth Smart protocol - you can do what you want.
Very low power. There are $2-$3 boards everywhere.
Agreed, I use NR24L01's for multiple low power arduino sensors that send temperature data every 10 minutes to a central hub: a raspberry Pi connected to the internet. The batteries on the sensors last for up to a year.
These boards are dirt cheap. 2 dollars cheap. It depends if you'll be running these devices from an outlet or battery. The ESPs will do exactly what you want but there's a learning curve. I don't know your experience with all of this, but I recommend picking up an arduino starter kit, some rf shields, a good soldering iron, and misc wires/caps/transistors etc. Play around with that stuff first and it'll be easier to transition into the ESPs.
You're doing way better than I am at the writeups. I suggest the arduino starter kit because it comes with a bunch of other components that are helpful to a beginner besides the arduino.
I wonder how long the battery lasts? I've been playing with the ESP8266 chips as well, and they're great. Haven't had a chance to hook them up to a battery yet or test more precise power consumption.
Running all the time you'll drain a 1000 mAh battery in an hour or two, but if you aggressively deep sleep and wake infrequently you can easily get a month. That's about the limit though, you aren't going to be able to do a year or so like you can with other technologies, at least not in a device that reports data at a useful frequency.
Wifi is high bandwidth and ubiquitous, but it uses a lot of power. Other options are better if power or long range is your goal.
Normally I do to, but in this case there's good reason to talk about thousands of mAh's instead of Ah's, which is that the typical sort of things you'd power with these batteries have current draw in the mA range, so mA's are the natural unit to use.
It's like measuring energy in Joules normally versus talking about electron volts for chemistry or mega-/giga-/tera- electron volts for nuclear physics (depending on the flavor).
It depends on the battery, of course. I don't have my kit with me right now, or I'd measure for you, but I think it's about 70 mA connected to a nearby wifi.
Not really, you have much better hardware for that, one that could actually do hacking (not that many people still use WEP these days since it's not the default anymore on pretty much all routers).
There isn't that much use for it, it's very small so people find it cool and spystuff like, it might have some uses like a cheap rogue access point detection system in places where you don't want any wireless networks but beyond that kinda nothing.
No, the Espressif SDK doesn't include the ability to do packet injection. They are likely going to completely remove the RFMON features if people start "abusing" them.