This repository demonstrates a practical timing side-channel attack using an ESP32 as the attacker and an ESP8266 as the vulnerable target. The attacker deduces a secret password character-by-character by analyzing response time variations over Wi-Fi.
Extract a secret password (e.g.,
secret42) from the ESP8266
using only timing variations in its response to login attempts.
- πΉ ESP32 (e.g., DevKit V1)
- πΉ ESP8266 (e.g., NodeMCU)
- πΉ Shared Wi-Fi connection
- Arduino IDE with:
- ESP32 board package
- ESP8266 board package
- Python 3.7+
matplotlibpandas
Install dependencies:
pip install matplotlib pandas- ESP32 connects to Wi-Fi and targets the ESP8266 server.
- It sends login attempts with different guesses at each character position.
- Measures the time taken for each response using micros().
- Builds a statistical profile of response times per character.
- Chooses the character with the highest average time as the likely correct one.
- Repeats for each subsequent position until the full password is revealed.
- Use constant-time string comparisons
- Introduce artificial random delays
- Perform rate-limiting and lockouts on repeated guesses
- Avoid using strcmp() or similar early-return logic in auth routines
Β© 2025 intelligent-ears. All rights reserved.