Which hardware to buy - IR blaster

Excellent recommendation :+1:t3: Will reconfigure the RMā€™s right away.

1 Like

You can also just configure a open wifi directly in your case as with the double layer snake oil :snake: your network access is unbreakable for most anyway!

I believe there are other attack vectors within a home network more worth the effort for potential intruders in case someone really intends to break in into a WiFi network than looking for some WPA2 protected Broadlinks.

It is clear that you prefer ESPHome wherever you can which is fine.

Nevertheless it seems simply too far-fetched to talk down Broadlink IR-Blasters per se just because they are using WPA2 algorithms.

But then again, to each his own :wink:

2 Likes

WPA2 can be sufficient if PMF is enabled. :white_check_mark:

If not (because it is not supported or wanted) it is enough for a bad actor to just de-auth your wifi client (like a broadlink device) and capture the handshake when it reconnects. A device which can does this is a $5 esp32 for example. The cracking of the handshake can then be conveniently done in the clouds :cloud:

But then again, if you have nothing to hide you can just use an open/unencrypted wifi :wink:

I am not opposing the fact that WPA2 authentication can be cracked. That is all too well known.

What I donā€™t see is why some bad actor would want to bother to sniff out some Joe Averageā€™s hidden SSID for IoT devices? Besides of no MAC-address is allowed to connect to that network other than the known.

Thus as for the time being I see no urge to throw all RMā€™s away just to jump on the ESPHome train.

Thatā€™s simply a superfluous statement.

Whatā€™s all the FUD about? :thinking:

1 Like

It might be a bright and sunny day but you donā€™t see it :person_shrugging: :sunny:

The average joeā€™s hidden wifi with mac positive list is nothing but snake oil. Both are not measures to secure a network. Decloaking hidden wifi or mac spoofing is nothing new. Joe certainly put his faith in the wrong peopleā€¦ :business_suit_levitating:

But again, what you (or joe) does with his private network is up to him. :tada:

The problem starts when suggesting to use broken/weak/obsolete WEP/WPA/WPA2(without PMF) and further more making false claims that their weaknesses could be mitigated by hiding a ssid or limit access by mac. :bulb:

No FUD, just facts :muscle:

https://www.wi-fi.org/beacon/philipp-ebbecke/protected-management-frames-enhance-wi-fi-network-security

There is no way a device can connect using MAC spoofing unless it has physical access to the network or knows the address in advance. Even in the link you quoted it is explicitly mentioned ā€œā€¦ in MAC address spoofing the response is usually received by the spoofing party if MAC filtering is not turned on making the spoofer able to impersonate a new deviceā€.

3 Likes

If you make use of WPA2 without protected management frames (801.11w) all devices permanently broadcast their MACs in plain text. That means the mac address is known in advance and physical access is not necessary. :house::no_entry_sign:

For the same reason (plaintext management frames) deauth attacks are possible :signal_strength::no_entry_sign:

[ā€¦] even when the session was established with Wired Equivalent Privacy (WEP), WPA or WPA2 for data privacy, and the attacker only needs to know the victimā€™s MAC address, which is available in the clear through wireless network sniffing.

to round :arrows_counterclockwise: it all up :arrow_up:

But WEP, WPA or WPA2 (without 801.11w) is not the way to go in 2024! :no_entry_sign:

The weakest link in your network is always the weakest device! It can be that you put all the snake oil :snake::oil_drum: techniques in place people with little expertise ramble about (mac positive list and what not) but still this all doesnā€™t mitigate the severe downgrade you do when not using WPA3 (or WPA2 with 801.11w) :warning:

In the end you might have 99 devices that support 801.11w and one broadlink device that isnā€™t capable. Depending on your AP you might need to downgrade all 100 devices to make use of WPA2 without PMF which greatly exposes your wireless communication and allows denial-of-service attacks that canā€™t be proper mitigated :put_litter_in_its_place:

A little bit like groundhog dayā€¦ over 20 years ago I had people that just continued using their WEP only capable devices (like a roku internet radio)ā€¦ not for to long as their network was compromised quickly. :boom:

Still you find ā€œexpertsā€ that will still suggest to try WEP so you get your hardware with super sh*tty software support running - maybeā€¦ :person_facepalming:

Thereā€™s at least one report that changing to WEP made the SSID show up on the Roku.

@Tamsy I would highly suggest you talking to a professional for a second opinion. You probably will hear what you donā€™t want to hearā€¦ :hear_no_evil: But instead of dumping your broadlink device right away (and upgrade your wifi to make use of 801.11w) you could also might just invest $2 and put a esp32-c3 (supermini) inside so the device can continue to do itā€™s thing for another decade or two in a safe way. Beside you extend functionalities of your device as it also can handle bluetooth this way and work as a proxy for HA as an example :signal_strength:

Wow this thread has derailed quite a bit.

Anywaysā€¦

Brand: none
Model: ESP8285 based
Link to exact product: https://de.aliexpress.com/item/1005005777409596.html
Protocol: WIFI
HA Integration: ESP -Home
In use since: 2022?
Number of this item in use: 1
Positive:

  • Easy to flash
  • Local
  • You can add more things to it
  • DIY
  • Dirt cheap
  • Very small

Negative:

  • DIY
  • No case

My rating (1-5, 1 being bad, 5 being super): 4.5
Comment: you can solder other components to the board, itā€™s not easy but itā€™s doable.
The LED can be desoldered and extended using cables.

5 Likes

Well, I am a professional working as a system integrator and system administrator for over 30 years now and I am surrounded by IT pros in a data center nearly every single working day :wink:

Nevertheless I regard using WPA2 authenticating devices until their ā€œnatural deathā€™sā€ (caused by hardware failure) still feasible at this time and I am convinced the risk of my RMā€™s are getting de-authenticated within a guarded housing estate neglectable. Maybe I have to point out that I am not talking about WEP here.

BTW, I have quite a few ESPHome based devices including bluetooth-proxies in place already since I have started this HA-journey.

1 Like

Hey orange. I realize this post is getting a bit old but I was hoping you could do me a favorā€¦ can you find a current link to this product? Or just an image to show me which to look for?

Might want to add the (valuable) findings from this thread to your device listing? :point_up:

Protocol: Wi-fi (limited to WPA2 without PMF/801.11w, pre-shared key limited to 30ish characters)

:warning: This product should be avoided as it does not offer basic security features :warning:

Negative:

  • No 801.11w (protected management frames) support present :warning:

I tried but didnā€™t find the exact device I haveā€¦ still it is essentially enough to have any device thatā€™s supported by esphome ā€¦ so like a esp82xx, esp32, beken on realtek chipsā€¦ :chipmunk:

For example (esp8266 based): :point_down:

Thanks. I mostly just want to avoid having to swap a module. I have some extra esp32-c2 superminis that I believe would fit, but I have less time to play with than I did 5-10 years ago. I ordered this https://a.aliexpress.com/_mrXCjUG and will report back for anyone interested what my experience is like. Thanks again for the reply.

For anyone interestedā€¦ I received this device in the mail yesterday, played around with it (until way too late) last night, and it seems to be doing everything I want it to do. The item I linked is IR only so it does not have 315/443. Ignore the wires other than brown, white, and black. Those are connected to clearly marked (on the board, not in my pic) pads for rx/tx/gnd.

This page is about the exact board that I linked.
This page has this pinout. I thought it was odd that the button on pin 9 was not mentioned since that is the easiest to determine, butā€¦ button is pin9. For me there is no use case for it, but thatā€™s where it is.
image

I backed up the stock image with ltchiptool, then used that same tool to flash a binary that can now be made directly in esphome gui.

Here is the esphome page for LibreTiny.

More info about the BK7231T/BK7231N here.

I used one of these cheap CH340 programmers from Amazon, connecting only rx/tx/gnd and powering with the on-board type C port of the board. Quick tip on thatā€¦ if you are simple like me and connect rx to rx you might waste some time troubleshooting. :person_facepalming:

Thereā€™s nothing fancy in my esphome yaml and there probably wonā€™t be because my only goal here is to not send data through the internet (possibly to the other side of the planet) and back just to turn on my AC. :slight_smile: Formatting was annoying me on here, so I used pastebin.

2 Likes

Hey can you update the link of your product? I bought a rm3 mini and is very bad, losing WiFi every mins

Have you increased the bandwidth on the frequency you are using? I had similar problems with devices and increasing bandwidth from 20 to 40 MHz in the router fixed this.

Id like to do not touch my router settings. The device should work nonetheless,

If your broadlink rm3 mini works with your router/ap actually reveals that you have weak wifi security. :boom:

You should do that right away and activate protected management frames (PMF/801.11w - a 15 years old security feature :warning:) :lock: