Releases: geo-tp/ESP32-Bus-Pirate
v1.4
Changelog
GENERAL
profile
🔹 Save and load complete pin configuration profiles to quickly switch between hardware setups.
hex [number]
🔹 Convert values between decimal, hexadecimal, and binary formats.
wizard <pin>
🔹 Advanced pin activity analyzer to monitor a pin and detect the signal type (Data, PWM, Noise...).
UART
scan (behavior change)
🔹 Monitor UART lines to detect activity on a group of pins and identify active UART lines
autobaud
🔹 Automatically detect the baud rate on the RX line by analyzing signal timing
emulator
🔹 Emulate a UART peripheral device (GPS, shell, bootloader) to test communication with external hardware.
trigger [pattern]
🔹 Automatically send a predefined response when a specific pattern is detected on the UART stream.
I2C
discovery
🔹 Perform extended I2C device discovery and provide detailed reporting on detected addresses.
health <addr>
🔹 Run timing and stability diagnostics on a specific I2C device to evaluate communication reliability.
DIO
pwm <pin> [frq] [duty%]
🔹 Improved, can go to higher frequencies.
scan
🔹 Scan a group of pins to detect signal transitions and identify active lines.
USB
host
🔹 Enable USB host mode to connect USB devices to the ESP32 and dump informations
BLUETOOTH
sniff
🔹 Improved, more readable format.
WIFI
repeater
🔹 Forward and relay Wi-Fi traffic, allowing the ESP32 to operate as a lightweight repeater.
MISC
autocorrection
🔹 Intelligent command autocorrection system that fixes common typos (e.g. "mode uaart" → "mode uart", "discovry" → "discovery").
autocompletion
🔹 Interactive command autocompletion including command keywords and command history navigation using TAB key.
arduino core update
🔹 Updated to the latest Arduino core version.
screen mode
🔹 Dedicated system screen mode allowing users to adjust display brightness.
infrared backend
🔹 New infrared backend powered by the ESP8266 IR library for improved compatibility and improved signal handling.
categorized help
🔹 Help output is now organized by functional categories for clearer navigation and improved usability.
LINKS
- Use the webflasher: https://geo-tp.github.io/ESP32-Bus-Pirate/webflasher/
- Collection of scripts: https://github.com/geo-tp/ESP32-Bus-Pirate-Scripts
- Full guide: https://github.com/geo-tp/ESP32-Bus-Pirate/wiki
v1.3
Changelog
GENERAL
- analogic
<pin>
🔹 Analogic plotter on the ESP32 screen (thanks to @fdufnews) - man
🔹 Show firmware guide
UART
- swap
🔹 Swap RX and TX pins
I2C
- swap
🔹 Swap SDA and SCL pins - jam
🔹 Jam I2C bus with noise
DIO
- jam
<pin>[min max]
🔹 Random high/low states
INFRARED
- record
🔹 Record IR signals to file on the LittleFS - jam
🔹 Send random IR signals to disrupt receiver
NEW DEVICES
- M5Stick S3
LINKS
- Use the webflasher: https://geo-tp.github.io/ESP32-Bus-Pirate/webflasher/
- Collection of scripts: https://github.com/geo-tp/ESP32-Bus-Pirate-Scripts
- Full guide: https://github.com/geo-tp/ESP32-Bus-Pirate/wiki
Contributors
Assets 13
v1.2
Changelog
GENERAL
- Add serial logic analyzer for devices with no screen (thanks to @fdufnews)
- Maximize available flash space for files (now up to 4.5MB instead of 1.5MB)
- Fix Tembed WiFi setup to accept specials chars (thanks to @fdufnews)
- Fix LED mode config to not prompt data/clock pins
NEW DEVICE
- Add support for the ESP32S3-DevKit N16R8 (thanks to @fdufnews)
MISC
- Use the webflasher: https://geo-tp.github.io/ESP32-Bus-Pirate/webflasher/
- Collection of scripts: https://github.com/geo-tp/ESP32-Bus-Pirate-Scripts
- Full guide: https://github.com/geo-tp/ESP32-Bus-Pirate/wiki
Contributors
Assets 12
v1.1
Changelog
I2C
sniff
🔹 More readable data, improvements.
DIO
pulldown <pin>
🔹 Active pulldown resistor on given pin
SUBGHZ
load
🔹 Fixes and improvements.listen
🔹 RSSI to audio mapping (using I2S configured output or internal speaker if any)replay
🔹 Fixes and improvement.
STANDALONE TERMINAL MODE (New)
Use arrows up/down to scroll and esc to scroll down line by line. Use tab for command history.
MISC
- Use the webflasher: https://geo-tp.github.io/ESP32-Bus-Pirate/webflasher/
- Collection of scripts: https://github.com/geo-tp/ESP32-Bus-Pirate-Scripts
- Full guide: https://github.com/geo-tp/ESP32-Bus-Pirate/wiki
v1.0
Changelog
INFRARED
load
🔹 Load.irfiles from LittleFS (https://github.com/Lucaslhm/Flipper-IRDB)
WIFI
nmap
🔹 Improvements for services discovery. Thanks to @AndreiVladescu
SUBGHZ
bruteforce
🔹 Fixes and improvements.load
🔹 Load.subfiles from LittleFS (https://github.com/Zero-Sploit/FlipperZero-Subghz-DB)
RF24 (New mode)
scan
🔹 Search best active channel.sniff
🔹 Sniff raw frames.sweep
🔹 Analyze channels activity.jam
🔹 Jam selected channels group.setchannel
🔹 Set operating channel.config
🔹 Configure NRF24 settings.
LittleFS (Storage / Import & Export)
- Import / Export
🔹 Upload.ir,.subfiles to LittleFS.
🔹See: https://github.com/geo-tp/ESP32-Bus-Pirate/wiki/99-LittleFS
New Device Supported
- M5Cardputer ADV
Misc / Notes
- Use the webflasher : https://geo-tp.github.io/ESP32-Bus-Pirate/webflasher/
- New scripts: https://github.com/geo-tp/ESP32-Bus-Pirate-Scripts
- Visuals assets to talk about the firmware: https://github.com/geo-tp/ESP32-Bus-Pirate/wiki/99-Visual-Assets
Contributors
Assets 11
v0.9
Changelog
SUBGHZ (New mode)
scan
🔹 Search best frequencies.
sniff
🔹 Raw frame sniffing.
sweep
🔹 Analyze frequency band.
decode
🔹 Receive and decode frames.
replay
🔹 Record and replay frames.
jam
🔹 Jam selected frequencies.
bruteforce
🔹 Bruteforce 12-bit keys.
trace
🔹 Observe RX signal trace.
setfrequency
🔹 Set operating frequency.
config
🔹 Configure CC1101 settings.
RFID (New mode)
read
🔹 Read RFID tag data.
write
🔹 Write UID/Block to tag.
clone
🔹 Clone Mifare UID.
erase
🔹 Erase RFID tag.
config
🔹 Configure PN532 settings.
Webflasher (NEW)
🔹 Easily flash the firmware with a web browser: https://geo-tp.github.io/ESP32-Bus-Pirate/webflasher/
Python Scripting (NEW)
🔹 Easily automate hardware tasks, dump, log: https://github.com/geo-tp/ESP32-Bus-Pirate-Scripts
v0.8
Changelog
1WIRE
eeprom
🔹 EEPROM operations for 1-Wire chips (DS2431, DS2433, DS28).
DIO
servo <pin> <angle>
🔹 Sets the angle of a servo motor connected to the specified pin.
pulse <pin> <us>
🔹 Sends a pulse on the given pin with configurable duration (microseconds).
WIFI / ETHERNET
telnet <host> [port]
🔹 Opens a Telnet session to the target host (default port 23).
modbus <host> [port]
🔹 Performs Modbus TCP operations on the specified host.
http analyze <url>
🔹 Prints an analysis report of the given URL.
lookup mac|ip <addr>
🔹 Looks up information about a MAC or IP address (vendor, geolocation, etc.).
New Supported Device
- Seeed Studio XIAO ESP32S3
v0.7
Changelog
2WIRE
sniff
🔹 Opens a passive 2-WIRE sniffer to view traffic in real time.
USB
keyboard
🔹 Starts a USB HID keyboard bridge so you can type from the device into the host.
mouse jiggle [ms]
🔹 Randomly moves the mouse to keep the host awake, optional period in milliseconds.
BLUETOOTH
keyboard
🔹 Starts a BLE HID keyboard bridge for wireless typing.
mouse jiggle [ms]
🔹 Randomly moves the mouse over BLE, optional period in milliseconds.
WIFI
connect
🔹 Connects to a Wi-Fi network; now retrieves saved credentials when available.
ap spam
🔹 Spam random access point.
discovery
🔹 Discovers devices on the local network. Thanks to @AndreiVladescu
nmap <h> [-p ports]
🔹 Scans the specified host for open ports, with optional port range selection (new features added). Thanks to @AndreiVladescu
http get <url>
🔹 Performs an HTTP(S) GET request and prints the response (headers + Json body if any).
ETHERNET (NEW MODE)
connect
🔹 Connects via DHCP on the wired interface.
status
🔹 Shows Ethernet link status and network details (MAC, IP, gateway, DNS).
ping <host>
🔹 Sends ICMP echo requests to test reachability and latency.
discovery
🔹 Discovers devices on the local wired network.
ssh <h> <u> <p> [p]
🔹 Opens an interactive SSH session to the target host.
nc <host> <port>
🔹 Opens a netcat-like TCP client session for raw socket testing.
nmap <h> [-p ports]
🔹 Scans the specified host for open ports, with optional port range selection.
http get <url>
🔹 Performs an HTTP(S) GET request and prints the response (headers + Json body if any).
reset
🔹 Hardware reset the wired W5500 interface.
config
🔹 Configures Ethernet settings for W5500.
Contributors
Assets 9
v0.6
Changelog
GENERAL
system
🔹 Opens a system shell to display information about the device (version, hardware info, memory usage, NVS, filesystem).
UART
at
🔹 Opens an interactive AT commands shell with input assistance and built-in help for common AT operations.
SPI
eeprom
🔹 Finalized implementation. Opens an interactive SPI EEPROM shell (probe, analyze, dump, read, write, erase).
INFRARED
replay [count]
🔹 Records and replays IR frames, with an optional repeat count or infinitely until ENTER is pressed.
WIFI
connect [ssid] [password]
🔹 Fixed to work with ssid with spaces in the name. Now also works with no args provided, just use connect to scan, select the network, type the password and connect.
probe
🔹 Searches for internet access on accessible open Wi-Fi networks by attempting connections and validating access with HTTP requests.
nmap <host> [-p ports]
🔹 Scans the specified host for open ports, with optional port range selection. Thanks to @AndreiVladescu
Contributors
Assets 9
v0.5
Changelog
1WIRE
ibutton
🔹 Opens an interactive iButton shell for reading, writing, and copying IDs between tags (RW1990).
I2C
identify <addr>
🔹 Identifies an I2C device based on its address.
monitor <addr> [ms]
🔹 Continuously monitors an I2C device’s registers for changes, with an optional polling interval.
eeprom [addr]
🔹 Opens an interactive I2C 24X series EEPROM shell (probe, read, write, analyze, dump, erase).
SPI
flash
🔹 Opens an interactive SPI Flash shell (probe, analyze, extract strings, read, write, erase).
eeprom
🔹 Opens an interactive SPI 25X EEPROM shell (probe, read, write, erase, dump).
2WIRE
smartcard
🔹 Opens an interactive smartcard shell for SLE44XX cards (probe, get/set PSC, dump, unlock, protect, read, write).
3WIRE
eeprom
🔹 Opens an interactive 3WIRE EEPROM shell for 93CX series (probe, read, write, dump, erase)..
DIO
measure <pin> [ms]
🔹 Measures the signal frequency on the specified pin, with an optional sampling interval.
INFRARED
remote
🔹 Opens a universal remote shell with common commands (on, mute, volume control, channel control, etc.).
BLUETOOTH
scan|sniff
🔹Fix crash using theses commands for the M5Stick
WIFI
nc <host> <port>
🔹 Opens a netcat session to the specified host and port. Thanks to @AndreiVladescu
JTAG
scan jtag
🔹 Fix for JTAG scan