I would like to submit that making the open source version compatible with the closed source API might be an asset.
By being compatible, users get all the benefits of the existing corpus of help on the internet. And being compatible make the cost to entry lower. If somebody wants to make a very small modification of the MAC layer, they can do it as with the closed source and just go behind the curtain and file a little the thing they want to hack, without the cognitive load of learning a new API.
They hit the right combo of cheap ($€), accessible (you can buy them everywhere, shipped everywhere, even in quantities of 1), easy to use hardware (they're sold on many different 'breakout boards' with usb connectors for power and programming and marked pins), easy to use software (documentation, examples, arduino ide, nodemcu) and without any weird limits licencing wise.
Arduino was similar at first, but stayed on low-performance avr chips for way too long and non-chinese ones were expensive (and well, no wifi), rpi pico has some nice features, but much harder to get at first, and everything else is a "raw chip" bought on sites like digikey, with expensive shipping, 600+ pages of documentation, 300+ of them needed to send a first ping, you need to solder them onto a board and programming usually requires some expensive rig.
Fyi, while Nordic products are usually excellent, they did not design the wifi ics. They bought a company and slapped their name on the chips. I haven't used them yet, but from what I've heard they don't live up to Nordic's standard.
Edit: also afaik they don't have a mcu+wifi in one yet.
Because the prices are not competitive enough for hobbyists. How can you expect people to adopt and develop on top of your chips if they can't afford it?
Those are great in a professional context, but the CC3200s never had a <$10 Chinese breakout board.
And they're programmed in IAR or CCS instead of in the Arduino IDE, and they're programmed with an RTOS and the Cortex M4's powerful ISR engine instead of just a "while" loop.
ESP32/ESP8266 are basically optimized to be hobbyist-friendly, while most other wireless systems are not.
I haven't had chance to watch the video yet so apologies if this is covered, but are the ESP32 radios regulatory certifications tied to the official black box firmware? Would the same hardware but with open firmware need to be sent to the FCC (and others) again for proper compliance?
Yes, if distributed that way. No, if modified by the end user.
I don't remember the CFR off hand, but the FCC explicitly allows anyone to use small numbers of uncertified devices. It would still be a violation if those devices don't otherwise follow regulations, but using modified hardware or software isn't itself prohibited.
The power and directionality rules for ISM bands are good guidelines for not interfering with other's use of the band. If you have another story that makes interference unlikely, it probably also makes it unlikely to get caught. Plenty of items for sale on Amazon don't have any silkscreen on chips or boards, much less an FCC id. If they can get away with it...
15.23, but it applies specifically to "home-built devices", so I'm not sure if modification of a commercially available device would be within scope. Devices constructed from a kit are specifically excluded.
This could change depending on the fallout from the current drone saga, no pun intended. Or other upcoming events.
Even if it's not FCC regulations, but some other agencies, there may be some close re-examination of what's allowed due to safety.
I'm guessing certain manufacturers are going to be impacted more than others.
I'm sorry for the uncertainty in boardrooms and garages across the world. I diversified my embedded sources but damn it's annoying.
But I suppose that's the machine.
I just picked up an ESP32-C6 for some mostly legal Bluetooth and maybe Zigbee experiments. I don't plan on hacking to this level, the Rust ecosystem is welcoming enough to make just building fun so far.
On a side note, I stepped in shit today. I know I have five q-tips in storage somewhere. And a few more in the closet. Sorry for the weird tangent.
I think it's a gray area. If I'm not grossly mistaken, only worst case radio performances are tested and documented, and the rest of required technical documents are more of rather detailed brochures like high level block diagrams and theory of operations than modern full design documents like PCB manufacturing files and firmware build scripts. They hardly acknowledge existence of firmware.
And there is at least one good reason: certified and unlicensed radio equipment, like Wi-Fi(or unlike HAM) are expected to be tamper resistant, for public good. And so last time FCC discussed certification requirements for Wi-Fi routers, they naturally considered extending it to software in form of mandatory Secure Boot - for every ultra vulnerable garbage Wi-Fi routers! That was a horrible idea and was scrapped.
For now, I think, IANAL, this is semi-legal or semi-illegal unless resulting firmware clearly generates out-of-spec emissions.
> And there is at least one good reason: certified and unlicensed radio equipment, like Wi-Fi(or unlike HAM) are expected to be tamper resistant, for public good.
This is such an own-goal.
The way manufacturers implement this is by locking out third party firmware. Then the device goes out of support a decade before people stop using it, but because nobody else can update it either -- and the manufacturer has higher internal support costs because there is no community submitting patches they could just adopt and ship -- the device gets full of public unpatched security vulnerabilities. Which at scale is a significant threat to national security. On top of losing whatever other benefits the public would derive from the community being able to fix firmware bugs or add features.
Meanwhile the purpose of the requirement is supposed to be to keep users from modifying the radio parameters to exceed regulatory limits. Which, first of all, hardly anybody is going to do anyway, because the vast majority of people don't even know how and most of the remainder aren't interested in risking huge fines just to avoid buying a second access point. But the people who are going to do it, because the devices don't get patched, can just use the vulnerabilities to root them and then modify the radio parameters anyway.
Which makes it a pointless rule that compromises the public good.
I had a cool idea for WiFi password provisioning once: it's possible to modulate the packet _length_ to transmit the SSID and the password. A new IoT device obviously can't decrypt the packets, but it can observe their length.
I even made a sample implementation for Linux. Unfortunately, I couldn't find a single IoT chip that would give low-level access to the PHY good enough for this :(
Also supported by Espressif under their own name “Airkiss/ESPTouch”.
Unfortunately since the chip doesn’t support 5G WiFi it’s a mess where you need to switch the phone to a different 2.4 only network, configure the device, then switch back. Better to just use BLE..
They operate several different networks for voice communications during the events. From what I found usually DECT, SIP, GSM. [1]
They have a status dashboard with metrics during the events. [2]
Yes it's pretty handy for hacker camps. I still have one too. Especially because out on the camping fields the WiFi coverage can be hit and miss. This way you can even get calls when you walked to the toilet building or the car park.
Also it's got its own frequency so it's not cluttering the ones used for WiFi, Bluetooth, Zigbee etc.
I guess they could use an app or something but dect is rock stable and has much better range than WiFi.
I got a nice Siemens one that is about the size of a nokia 8210 so it's not like you have to carry a huge brick either. I guess the battery is pretty dead now though. But it is replaceable like all batteries of that time.
I never considered DECT phones as anything more than cordless landline phones for your home that can intercom between each other. Even the cordless phone systems in the US you can buy are usually 2.4GHz ISM now.
Yes, although you can also use GSM or SIP and it's often called a DECT number even if you're actually on one of the newer networks, since the number space is the same. DECT simply was there first and thus became the generic term for the internal phone network.
There is a conference phone network hosted by eventphone. The most popular way to access it is indeed using DECT handsets, but you can also access it via SIP (probably the second most popular method), GSM (yes, really, they used to hand out SIM cards), landline (supports rotary phones!) and probably even more esoteric ways. There's also a post office delivering mail both internally and externally.
I'm wondering how deep the hack is... it seems sending a frame is just setting some registers and waiting for an interrupt. This suggests (though I'm not an expert!) that they are talking to another layer of firmware that does the actual stuff? Reminds me a bit of the Raspberry pico board which has the main RP2040 SoC but where the WiFi is a separate WiFi/BT module (CYW43xx) with its own Arm cores. Not even the external register interface to the WiFi module is documented publicly, but there is an open source driver (https://github.com/georgerobotics/cyw43-driver/tree/cf924bb0...) so one can infer the specification. However, this driver yet again talks to software running on Arm codes inside the module, the code for which is supplied as big firmware binary blobs by the manufacturer (the blobs are actually in the linked repo, defined inside header files in the firmware directory). I'm wondering how this ESP32 hack corresponds to this?
Everything is out in the open nowadays. Kids can start learning whatever they what an younger and younger ages.
A perfect example is chess. It used that a lot of knowledge was in books, often in foreign languages. Nowadays everything is out there in the open and additionally you can casually play games against top 100 opposition once you are okeish enough accelerating the development even more.
Readit News
By being compatible, users get all the benefits of the existing corpus of help on the internet. And being compatible make the cost to entry lower. If somebody wants to make a very small modification of the MAC layer, they can do it as with the closed source and just go behind the curtain and file a little the thing they want to hack, without the cognitive load of learning a new API.
ST still far behind when it comes to this stuff.
- BK72xx Ex: BK7231T, BK7231N
- RTL87xx Ex: RTL8710BN, RTL8710BX
- RP2040 But seems like the wifi is an extranl module in W boards
Taken from https://esphome.io
Arduino was similar at first, but stayed on low-performance avr chips for way too long and non-chinese ones were expensive (and well, no wifi), rpi pico has some nice features, but much harder to get at first, and everything else is a "raw chip" bought on sites like digikey, with expensive shipping, 600+ pages of documentation, 300+ of them needed to send a first ping, you need to solder them onto a board and programming usually requires some expensive rig.
Edit: also afaik they don't have a mcu+wifi in one yet.
That'd be revolutionary.
I love the ESP32. But they love (too much) current.
And they're programmed in IAR or CCS instead of in the Arduino IDE, and they're programmed with an RTOS and the Cortex M4's powerful ISR engine instead of just a "while" loop.
ESP32/ESP8266 are basically optimized to be hobbyist-friendly, while most other wireless systems are not.
https://github.com/qca/open-ath9k-htc-firmware
I don't remember the CFR off hand, but the FCC explicitly allows anyone to use small numbers of uncertified devices. It would still be a violation if those devices don't otherwise follow regulations, but using modified hardware or software isn't itself prohibited.
https://www.ecfr.gov/current/title-47/section-15.23
Even if it's not FCC regulations, but some other agencies, there may be some close re-examination of what's allowed due to safety.
I'm guessing certain manufacturers are going to be impacted more than others.
I'm sorry for the uncertainty in boardrooms and garages across the world. I diversified my embedded sources but damn it's annoying.
But I suppose that's the machine.
I just picked up an ESP32-C6 for some mostly legal Bluetooth and maybe Zigbee experiments. I don't plan on hacking to this level, the Rust ecosystem is welcoming enough to make just building fun so far.
On a side note, I stepped in shit today. I know I have five q-tips in storage somewhere. And a few more in the closet. Sorry for the weird tangent.
And there is at least one good reason: certified and unlicensed radio equipment, like Wi-Fi(or unlike HAM) are expected to be tamper resistant, for public good. And so last time FCC discussed certification requirements for Wi-Fi routers, they naturally considered extending it to software in form of mandatory Secure Boot - for every ultra vulnerable garbage Wi-Fi routers! That was a horrible idea and was scrapped.
For now, I think, IANAL, this is semi-legal or semi-illegal unless resulting firmware clearly generates out-of-spec emissions.
This is such an own-goal.
The way manufacturers implement this is by locking out third party firmware. Then the device goes out of support a decade before people stop using it, but because nobody else can update it either -- and the manufacturer has higher internal support costs because there is no community submitting patches they could just adopt and ship -- the device gets full of public unpatched security vulnerabilities. Which at scale is a significant threat to national security. On top of losing whatever other benefits the public would derive from the community being able to fix firmware bugs or add features.
Meanwhile the purpose of the requirement is supposed to be to keep users from modifying the radio parameters to exceed regulatory limits. Which, first of all, hardly anybody is going to do anyway, because the vast majority of people don't even know how and most of the remainder aren't interested in risking huge fines just to avoid buying a second access point. But the people who are going to do it, because the devices don't get patched, can just use the vulnerabilities to root them and then modify the radio parameters anyway.
Which makes it a pointless rule that compromises the public good.
I even made a sample implementation for Linux. Unfortunately, I couldn't find a single IoT chip that would give low-level access to the PHY good enough for this :(
Unfortunately since the chip doesn’t support 5G WiFi it’s a mess where you need to switch the phone to a different 2.4 only network, configure the device, then switch back. Better to just use BLE..
Cleaning up the Linux code and publishing it is on my TODO list...
[1] https://events.ccc.de/2024/12/22/38c3-poc-isdn-version/
[2] https://dashboard.eventphone.de/d/de7sgxz63vzeoe/38c3?orgId=...
Also it's got its own frequency so it's not cluttering the ones used for WiFi, Bluetooth, Zigbee etc.
I guess they could use an app or something but dect is rock stable and has much better range than WiFi.
I got a nice Siemens one that is about the size of a nokia 8210 so it's not like you have to carry a huge brick either. I guess the battery is pretty dead now though. But it is replaceable like all batteries of that time.
Way more robust than VoIP over Wifi.
A perfect example is chess. It used that a lot of knowledge was in books, often in foreign languages. Nowadays everything is out there in the open and additionally you can casually play games against top 100 opposition once you are okeish enough accelerating the development even more.