ESP-TOUCH

1,304 views
Skip to first unread message

Drasko DRASKOVIC

unread,
May 5, 2016, 2:19:24 PM5/5/16
to esp-open-rtos mailing list
Hi guys,
anybody knows something more about ESP_TOUCH protocol? It is described here: file:///home/drasko/esp8266/doc/30B-ESP-TOUCH_User_Guide__EN_V1.1_20160412.pdf, and as I understand it sends UDP packets that ESP8266 is capable to recieve in AP mode, even though telephone is not connected to this AP, but to your home router.

How is this possible? Is this some kind of WiFi advertisement that two APs (ESP and your home router) exchange?

The other question is - how secure is this and does it have any kind of encryption at all...

BR,
Drasko

Drasko DRASKOVIC

unread,
May 5, 2016, 2:34:27 PM5/5/16
to esp-open-rtos mailing list
Here: https://github.com/DeqingSun/ESP8266-Dash-Button

"You can connect your phone to target WiFi network, fill textbox with
SSID and password and press "ESPTouch", then the app will encode SSID
and password in length of UDP packets and broadcast packets to all
devices. If ESP8266 decodes WiFi information successfully, it will
broadcast a UDP packet back to your phone to end pairing process."

This means that SSID and PSWD are broadcasted via UDP... Not very secure :).

I am still not getting how ESP8266 in AP mode is getting these
packets, as they are broadcasted on your home network (your phone is
connected to your home router).

BR,
Drasko

Michael Jacobsen

unread,
May 5, 2016, 2:56:12 PM5/5/16
to Drasko DRASKOVIC, esp-open-rtos mailing list
Not sure about Espressifs version but TI's (the CC3000) encode data "in" the length of UDP packets - so each transmitted packet sort of containd one character. The length of the packets are not encrypted. So with this method you can "leak" data on an encrypted WLAN....
> --
> You received this message because you are subscribed to the Google Groups "esp-open-rtos mailing list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to esp-open-rto...@googlegroups.com.
> To post to this group, send email to esp-op...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/esp-open-rtos/CAEk6gTBrM6ENV4hLnA4W73VZvsEvhbWNUbhgVv1Of%3Dfnm6ckeg%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.

Drasko DRASKOVIC

unread,
May 5, 2016, 3:14:51 PM5/5/16
to Michael Jacobsen, esp-open-rtos mailing list
On Thu, May 5, 2016 at 8:56 PM, Michael Jacobsen
<mic...@visbyjacobsen.dk> wrote:
> Not sure about Espressifs version but TI's (the CC3000) encode data "in" the length of UDP packets - so each transmitted packet sort of containd one character. The length of the packets are not encrypted. So with this method you can "leak" data on an encrypted WLAN....

Well - this is exactly what they are doing. It is described here:
https://espressif.com/en/file/689/download?token=7iiQZSQK (I have sent
the wrong link).

How come that ESP in AP mode receives these UDP packages which are
sent on the private home network?

BR,
Drasko

Drasko DRASKOVIC

unread,
May 5, 2016, 3:42:22 PM5/5/16
to Michael Jacobsen, esp-open-rtos mailing list
Here is some more info:
http://electronics.stackexchange.com/questions/61704/how-does-ti-cc3000-wifi-smart-config-work

WiFi is put into monitor mode and captures UDP packets, then decodes
the length... very nice approach. Do not know if it is patented,
though...

BR,
Drasko

Angus Gratton

unread,
May 5, 2016, 7:15:44 PM5/5/16
to Drasko DRASKOVIC, esp-open-rtos mailing list
On Thu, May 05, 2016 at 09:42:21PM +0200, Drasko DRASKOVIC wrote:
> Here is some more info:
> http://electronics.stackexchange.com/questions/61704/how-does-ti-cc3000-wifi-smart-config-work
>
> WiFi is put into monitor mode and captures UDP packets, then decodes
> the length... very nice approach. Do not know if it is patented,
> though...
>
> BR,
> Drasko

For what it's worth, I looked into this last year for a client and I couldn't find any patent filings (and I just clicked on the patent search link in the Stack Overflow link again, and it doesn't look like any newer patent filing has appeared.)

I am not a lawyer, but I suspect it may be a hard thing to patent because it's just a subtle variation/reuse of WiFi's normal function.

SmartConfig is a TI trademark, hence the reason Espressif have renamed it (I think early on they may have had support in the SDK but no app, you had to use the TI app. But I may be remembering that wrong, or maybe they only had an app available on one out of iOS/Android or something.)


Angus
Reply all
Reply to author
Forward
0 new messages