ESP8266, MQTT & SmartConfig

In Embedded, Technology

Having done a lot recently with the ESP8266 and the excellent MQTT firmware by Minh Tuan I found that there was one mayor thing missing in the whole headless module setup; An easy way to configure the ESP8266 while it didn’t have Wi-Fi yet. Looking around I found some code made by YoungBuger on GitHub which is basically an ESP8266 implementation of the SmartConfig featured in the CC3300 made by Texas Instruments.

So how does it work? Let me explain: The module is not yet connected to a Wi-Fi access point, so the SmartConfig application cannot send its information directly to the device. Instead of talking to the device you’re trying to set up directly it sends UDP packets on the network as a broadcast.

While the module can monitor the traffic in promiscuous mode it can’t decrypt it, it can’t even tell for certain that a given encrypted packet contains UDP data. So the only way of transmitting data without having to decrypt it is using the length of the packages as the payload instead of the content. Wifi encryption affects the length of packets, but in a consistent way. The added bytes in size to each packet is a constant.

The SmartConfig application encodes the SSID, keyphrase and any other data you might want to add into the packet lengths of a sequence of UDP packets. The ESP8266 can sniff out these packets and while not knowing their contents, their size is where the magic happens.

The only thing missing is how to know what data to look for, cause there might be a lot of data flowing through the air. Even after encryption one can still see the MAC addresses of the source and destination of a packet so one can group traffic this way. In addition to the primary information that SmartConfig is trying to send it also sends out regularly repeating patterns of packet lengths, so the ESP8266 looks out for such patterns and when it finds them in the traffic of a given source and destination pair it then focuses in to recover the primary information.

My code is based on the work of YoungBurger and includes a firmware implementation and an Android app illustrating the principle. The MQTT firmware tries to connect to the SSID in it’s settings and if it can’t it automatically switches to SmartConfig mode. After receiving its new configuration it saves it to the EEPROM & gives itself a restart.

Find it on my Github, the firmware & the android project.