Recover OTA password from .bin file

ESPHome
1

Ok, so i’ve just retrieved my OTA password from the .bin file.
First of all I want to say that I know anything about the stuff I use, I’m just a stubborn with access to Google (Neither am I a native English speaker, so sorry for any typo or grammatical error)

So first of all it’s downloading Cutter (I downloaded for Linux, so I haven’t tried Mac or Windows’s alternatives, but i guess they’d work the same way)

Then you open your .bin file, you’ll see something like this:

image
image1280×654 76.6 KB

Then you go to “Strings” which is the second option in the bottom menu
In there you’ll look for wifi in the Quick filter

image
image1280×654 88.2 KB

Then you’re going to right click on the second-to-last option and select Show in>Hexdump:

image
image1280×720 159 KB

You’ll see something like this:

image
image1280×720 214 KB

I’ve highlighted the OTA password and also just before that there’s the fallback wifi network password (it wasn’t useful in my case as I didn’t have captive portal setted up :sleepy:)
Thank you and I hope this is useful for whomever tries to solve this in the future

2

It should at least worry some devs, as this doesn’t seem to be an intended behaviour. Or am I misunderstanding this?

So if you’d steal my mailbox ESP, you’d be able to get an OTA password from the device, so you could use that device to infiltrate my ESPHome network…? Not saying you would, but in my opinion this seems to be a security flaw.

Others will step in and say something about that. :sunglasses:

3

I dont know how would you get the .bin file if you just have access to the device itself, I did this just because i flashed the wrong firmware and didnt note the OTA password nor the wifi fallback password, but I did have the .bin file with the firmware