@3dprinting I have just burned two frustrating days learning the hard way that the Seeed XIAO ESP32-C3 does not have a one-to-one mapping from pin numbers to GPIO numbers. I don't know why I thought it did.
Now I've got working cold side temperature and ambient temp/humidity sensors in ESPHome.
17/N
I just finished work on this cute little #wifi scanner. Build on #esp32 also designed and #3dprinted little case for it. RGB led indicator is showing what intensity of signal wifi has and boot button on a back can select only specific ssid to track its strength. This all was done for #noApparentReason
Idea for this PR is to add a network bridge mode for repeaters.
This will let you take multiple LoRa radios, setup meshcore repeater firmware and listen on any number of channels or with different antenna setups and bridge the routing across those different channels with a shared Wifi link(the two dotted white boxes).
I've tested it for a few days and it's pretty amazing to see meshcore automatically finding bridged routes.
Writing my first meshcore PR 
It's still a work-in progress, but having a lot of fun learning this code base!
Stupid question, someone may know.
ESP32-S3-MINI-1-N4R2 has PSRAM (2M).
It is Quad SPI, data sheet says that.
But is it 40MHz or 80MHz.
Anyone know? I could not find in data sheet. Data sheet says flash is 80MHz, but does not mention PSRAM speed. I don't want to just rely on what seems to work in case marginal.
@G33KatWork @jiska OFC they ain't 1:1 and I do expect this to be not a.bug but feature of the #ESP32 family as it's commonly used to #develop stuff and isn't easily exploitable OTA.
sudo is unfixable!Undocumented hidden feature found in #Espressif #ESP32 #microchip
https://securityaffairs.com/175102/hacking/undocumented-hidden-feature-espressif-esp32-microchip.html
#securityaffairs #hacking
The recent news about an alleged backdoor in #ESP32 chips is largely overhyped, but it’s a good opportunity to explain how we designed #CHERIoT to make this kind of attack almost impossible by construction.
SCI and the CHERI Alliance will both be at Embedded World next week. Come and talk to us about CHERIoT and how you can adopt it with SCI’s ICENI chips in your next products.
It's easy to get scared when headlines combine terms like "backdoor", "Bluetooth", and "a billion devices".
Should you be worried? No.
The "attack" for ESP32 chips in some Internet of Things devices is some undocumented commands that are likely to be for testing by the manufacturer, Espressif, the in the factory. It cannot spread from one device to another like a virus/worm, and it takes a lot more than being within Bluetooth range -- it requires physical access to I/O pins on the chip itself or access to a USB port (if one is present). That's just the standard way to flash the firmware. It should go without saying that if a malicious person has physical access to the inside of your device then you may have more security concerns.
It's been fascinating to watch the propagation of fear and misinformation in a niche where I have dabbled enough to develop a bit of technical proficiency.
My interpretation of events is that Tarlogic Security is spreading panic to gain attention or notoriety.
Undocumented "backdoor" found in Bluetooth chip used by a billion devices:
https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/
NIST (National Institute of Standards and Technology) has a CVE:
https://nvd.nist.gov/vuln/detail/CVE-2025-27840
Edit to update:
Espressif’s Response to Claimed Backdoor and Undocumented Commands in ESP32 Bluetooth Stack
https://www.espressif.com/en/news/Response_ESP32_Bluetooth
Whilst it’s unfortunately relatively common to see limited details in early-stage vulnerability announcements of commercial labs, the lack of technical evidence in such a significant claim raises even more significant questions.
The expectation is that further detailed information should be released through more technical channels to allow for proper evaluation and remediation.
In lack of that, it's slander in a teacup.
Tarlogic’s press release asserts that there is a backdoor in the ESP32 chip, but the headlines don't match the substance of the article. The article does not provide detailed technical evidence such as a live demonstration, specific conditions under which the vulnerability is triggered, or step-by-step instructions to reproduce the findings. The announcement primarily focuses on the potential risks and implications—likely as part of a broader strategy to promote their security tools—without delving into the granular technical details that would allow independent verification.
They use the term "backdoor", but I'm unsure that they understand what that word really means, or whether they understand the weight of such claims, which so far appear to be completely unsubstantiated.
I really hope they have something to show.
Rapidly moving my meshtastic nodes over to meshcore
Going very smoothly so far. Meshcore is notably very fast at message delivery and delivery confirmations back to the sender.
Thinking I'll leave my primary meshtastic infrastructure nodes up and build meshcore nodes to deploy next to them so as the network matures I can do head to head comparisons.
RE: Alleged ESP32 so-called "backdoor"
The talk where a couple of researchers presented their findings in Madrid is about undocumented commands found in the ESP32. They presented themselves as civilians, but they also have a consultancy or work for a company called Tarlogic.
Nothing about the talk, and nothing about the Tarlogic article (that doubles as marketing material for their security product) says that they found anything about backdoors, or any malicious commands.
https://reg.rootedcon.com/cfp/schedule/talk/5
Tarlogic
https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
They don't claim that there is a backdoor, they use many conditionals such as "would" and "could", and they say "maybe" but they didn't demonstrate any exploits.
They've shown that they found interesting undocumented functionality, and they are extrapolating that it could possibly be used somehow, but they don't really know if it's possible or not.
Slander in a teacup
It seems that Espressif built in some debugging functionality? Is that a horrible thing? They don't know, but they make sure to promote their own security product to protect you. How nice of them.
There's too many time-wasters with very specific ideologies creating chaos and confusion out there, it's good to identify them.
This is why we can't have nice things.
Sincerely disappointing.
“In total, they found 29 undocumented commands, collectively characterized as a "backdoor," that could be used for memory manipulation (read/write RAM and Flash), MAC address spoofing (device impersonation), and LMP/LLCP packet injection.”
Yay, my weather station and a bunch of my IoT ESP32 projects (may) have a backdoor. https://www.bleepingcomputer.com/news/security/undocumented-backdoor-found-in-bluetooth-chip-used-by-a-billion-devices/ #ESP32 #expressif #cybersecurity
Unveiling the ESP32 Backdoor: Implications for IoT Security
https://thedefendopsdiaries.com/unveiling-the-esp32-backdoor-implications-for-iot-security/
#esp32
#iotsecurity
#cybersecurity
#bluetoothvulnerability
#tarlogicsecurity
This is amazing, and 27 quid on Amazon.
https://files.waveshare.com/wiki/ESP32-S3-Touch-LCD-1.28/ESP32-S3-Touch-LCD-1.28-Sch.pdf
But…
What I don’t understand is the UART and boot/reset buttons, and logic. For a start they link the UART to boot and reset so you don’t need the buttons. But also the ESP32S3 does USB directly. You just need the 5k1s. So why waste space and components on two buttons a UART and some transistors on such a compact board?!
Am I missing the obvious here?
That guy hacked his air purifier, reversed part of the Android app, then the PCB, downloaded the firmware and reversed everything .. to integrate it to HomeAssistant! :o
Didn't know about MessagePack nor esp32knife.
