Reverse Engineering an ESP32 Smart Home Device: Remote Control and Home Assistant Integration
The author, obsessed with connecting everything to Home Assistant, tackled a sleek air purifier only controllable via its proprietary app. To achieve seamless automation, he reverse-engineered the ESP32-based device. Analyzing the app revealed a WebSocket connection to a cloud server. By intercepting network traffic and using a UDP proxy to forward to the cloud server, UDP packets were captured. These packets were encrypted. Disassembling the device revealed an ESP32-WROOM-32D microcontroller; the firmware was extracted using esptool. Analysis revealed the use of the mbedtls library for encryption, identifying AES-128-CBC as the algorithm. Finally, a Node.js script was written to perform a man-in-the-middle (MITM) attack, integrating the device into Home Assistant.