Liberating Wi-Fi on the ESP32 [video]

Original Article ↗ Hacker News Discussion ↗

Project: Open Wi‑Fi MAC on ESP32

  • Linked repo provides an open-source Wi‑Fi MAC implementation for ESP32, with a blog series documenting the reverse engineering.
  • Some argue maintaining compatibility with Espressif’s closed API is valuable so existing examples and docs still apply, lowering the barrier to experimenting with MAC‑layer changes.
  • Questions remain on how “deep” the hack is: it appears to manipulate registers and interrupts, likely still talking to internal firmware layers rather than fully replacing all radio logic.

Cost and Architecture of Wi‑Fi ICs

  • Wi‑Fi is described as computationally and RF‑intensive: effectively a fast 32‑bit system plus complex RF front‑end, certification, and standards overhead.
  • Historically, many vendors treated Wi‑Fi as an add‑on to an MCU; Espressif inverted this by making a Wi‑Fi chip that also runs user code, eliminating a separate MCU.
  • Some note you can buy ESP32 boards cheaper than many standalone Wi‑Fi chips, especially from Chinese vendors; others point out volume pricing for traditional Wi‑Fi ICs can be low but not hobbyist‑friendly.

Performance, Power, and Use Cases

  • ESP32 is characterized as a low‑end IoT solution: tens of Mbit/s in practice, far below modern Wi‑Fi 5/6 adapters that can sustain hundreds of Mbit/s or more.
  • Some report overheating or needing cooling at higher throughput; others challenge such anecdotes.
  • Commenters argue this makes ESP32 unsuitable for high‑end products (e.g., laptops/phones), citing speed and power consumption.

Open Wi‑Fi Alternatives

  • Open firmware exists for some Qualcomm Atheros chips (ath9k‑htc), cited as a rare fully open example.
  • Progress on fully open RF hardware is called “virtually non‑existent” due to high tapeout and RF costs; most open work focuses on SDR.

Regulation, Firmware, and FCC Rules

  • Using open firmware on ESP32 modules appears to invalidate existing certifications if devices are distributed that way; end‑user modifications for personal use may fall under “home‑built” allowances, but the scope is debated.
  • There’s concern that regulatory pressure can lead to tamper‑resistant Wi‑Fi gear, which often means locking out third‑party firmware and increasing long‑term security risk.
  • Past FCC discussions about requiring secure boot on routers were mentioned as a near‑miss that could have severely restricted hacking and updates.

ESP32 vs Other Vendors and Ecosystem

  • Nordic, TI, Infineon, Beken, Realtek, and others offer Wi‑Fi/Bluetooth solutions, but often as separate chips, more expensive, or less accessible to hobbyists.
  • ESP32/8266 succeeded by being cheap, globally available, on ready‑to‑use breakout boards, with Arduino/MicroPython support and permissive attitudes toward community hacking.
  • Some lament lost low‑level hacks possible on ESP8266 that are harder or blocked on ESP32, possibly due to regulatory pressure.

Wi‑Fi Provisioning and PHY‑Level Tricks

  • One idea: encode SSID/password in packet length patterns so a device without keys can still “read” them from traffic; difficulty is that few IoT chips expose that low‑level PHY control.
  • Similar schemes exist commercially (e.g., TI SmartConfig, Espressif AirKiss/ESPTouch), but 2.4‑GHz‑only support makes UX awkward with dual‑band networks; many now prefer BLE for provisioning.

Culture and Side Threads

  • CCC conferences still run DECT (and SIP, GSM, even ISDN) internal phone networks; DECT is considered robust and has better range than Wi‑Fi in that context.
  • Some discussion touches on Chinese IP practices, “sharing” culture vs. Western IP law, and historical analogies, with strong disagreement and no consensus.