ESP32 Bit Pirate, a Hardware Hacking Tool with WebCLI That Speaks Every Protocol

Hacker News Top 06/05/26, 07:40 AM Tools

open-source firmware hardware-hacking esp32 multiprotocol cli webcli

Summary

ESP32 Bit Pirate is an open-source firmware that turns an ESP32 into a multi-protocol hacking tool, supporting sniffing and interaction with various digital and radio protocols via serial or web-based CLI.

No content available

Original Article

View Cached Full Text

Cached at: 06/05/26, 11:07 AM

geo-tp/ESP32-Bit-Pirate

Source: https://github.com/geo-tp/ESP32-Bit-Pirate

ESP32 Bit Pirate

Logo banner of the ESP32 Bit Pirate firmware

ESP32 Bit Pirate is an open-source firmware that turns your device into a multi-protocol hacker’s tool, inspired by the legendary Bus Pirate.

It supports sniffing, sending, scripting, and interacting with various digital protocols (I2C, UART, 1-Wire, SPI, etc.) via a serial terminal or web-based CLI. It also communicates with radio protocols like Bluetooth, Wi-Fi, Sub-GHz and RFID.

Use the ESP32 Bit Pirate Web Flasher to install the firmware in one click. See the Wiki for step-by-step guides on every mode and command. Check ESP32 Bit Pirate Scripts for a collection of scripts.

For hardware extensions, see the ESP32 Bus Expander for additional radio interfaces, and the ESP32 Bit Pirate Dock to use original Bus Pirate adapters and accessories.

Demo showing the different mode of the ESP32 Bit Pirate firmware Demo showing the LittleFS file system of the ESP32 Bit Pirate firmware

Features

Interactive command-line interface (CLI) via USB Serial or WiFi Web.
Modes for:
- HiZ (default)
- I2C (scan, glitch, slave mode, dump, eeprom)
- SPI (eeprom, flash, sdcard, slave mode)
- UART / Half-Duplex UART (bridge, read, write)
- 1WIRE (ibutton, eeprom)
- 2WIRE (sniff, smartcard) / 3WIRE (eeprom)
- DIO (Digital I/O, read, pullup, set, pwm)
- Infrared (send, record, universal remote)
- USB (HID, flashrom, storage, usb-uart)
- Bluetooth (BLE HID, scan, spoofing, sniffing)
- Wi-Fi / Ethernet (sniff, deauth, nmap, netcat)
- JTAG (scan, SWD, openOCD)
- LED (animations, set LEDs)
- I2S (test speakers, mic, play sound)
- CAN (sniff, send and receive frames)
- SUBGHZ (analyze, record, replay)
- RFID (read, write, clone)
- RF24 (scan, send, receive)
- FM (analyze, broadcast)
- CELL (dump sim card, sms, call)
Protocol sniffers I2C, UART, SPI, 1Wire, 2wire, CAN, Wi-Fi, Bluetooth, SubGhz.
Baudrate auto-detection, AT commands and various tools for UART.
Registers manipulation, EEPROM dump tools, identify devices for I2C.
Read all sort of EEPROM, Flash and various others tools for SPI.
Scripting using Bus Pirate-style bytecode instructions or Python.
Device-B-Gone command with more than 80 supported INFRARED protocols.
Direct I/O management, PWM, servo, GPIOs state.
Analyze radio signals and frequencies on every bands.
Near than 50 addressable LEDs protocols supported.
Ethernet and WiFi are supported to access networks.
Import and export data with the LittleFS over HTTP.
Pirate assistant to help you with the firmware.
USB-Uart dongle, SPI programmer, logic analyzer and more.

Supported Devices

Device		Description
ESP32 S3 Dev Kit		More than 20 available GPIO, 1 button
M5 Cardputer		2 GPIO (Grove), screen, keyboard, mic, speaker, IR TX, SD card, battery, standalone mode
M5 Cardputer ADV		12 GPIO (Grove, Header), screen, keyboard, mic, speaker, IR TX, SD card, IMU, battery, standalone mode
M5 Stick S3		13 GPIO (Grove, Header), screen, mic, speaker, IR TX, IR RX, IMU, 3 buttons, battery
M5 StampS3		9 GPIO (exposed pins), 1 button
M5 AtomS3 Lite		8 GPIO (Grove, Header), IR TX, 1 buttton
LILYGO T-Display		13 GPIO (1 Qwicc), screen, 2 buttons
LILYGO T-Embed		9 GPIO (Grove, Header), screen, encoder, speaker, mic, SD card
LILYGO T-Embed CC1101		4 GPIO (2x Qwiic), screen, encoder, speaker, mic, SD Card, CC1101, PN532, IR TX, IR RX , battery
LILYGO T-Embed CC1101 Plus		4 GPIO (2x Qwiic), screen, encoder, speaker, mic, SD Card, CC1101, NRF24, PN532, IR TX, IR RX , battery
Seeed Studio Xiao S3		9 GPIO (exposed pins), 1 button

Other ESP32-S3-based Boards
- All boards based on the ESP32-S3 can be supported, provided they have at least 8 MB of flash.
- You can flash the s3 dev-kit firmware onto any ESP32-S3 board.
- Keep in mind that the default pin mapping in the firmware may not match your specific board.

Getting Started

🔧 Flash the firmware
- Use the ESP32 Bit Pirate Web Flasher to burn the firmware directly from a web browser.
- You can also burn it on M5Burner, in the StickS3, AtomS3, M5StampS3 or Cardputer category.
🔌 Connect via Serial or Web
- Serial: any terminal app (see Connect via Serial)
- Web: configure Wi-Fi and access the CLI via browser (see Wi-Fi Connection)
🧪 Use commands like:
```
mode
help
scan
sniff
...
```

Wiki

📚 Visit the Wiki for detailed documentation on every mode and command.

Includes:

Terminal mode - About serial and web terminal.
Mode overviews - Browse supported modes.
Serial setup - Serial access via USB.

The wiki is the best place to learn how everything works.

Scripting

🛠️ Automate interactions with the ESP32 Bit Pirate using Python scripts over serial.

Examples and ready-to-use scripts are available in the repository: ESP32 Bit Pirate Scripts.

Including: Logging data in a file, eeprom and flash dump, interracting with GPIOs, LED animation…

Expander

🔌 Expand the capabilities of the ESP32 Bit Pirate with additional hardware modules. The Expander adds support for the WiFi 5 GhZ or other radio protocols.

A Cardputer connected to an expander C5

Dock

🔧 A docking station for the ESP32 S3 DevKit designed to work with original Bus Pirate adapters.
It allows you to plug and use the original Bus Pirate ecosystem of adapters and accessories.

The ESP32 Bit Pirate dock board

(Coming soon)

Command-Line Interfaces

The ESP32 Bit Pirate firmware provides three command-line interface (CLI) modes:

Interface	Advantages	Ideal for…
Web Interface	- Accessible from any browser - PC, tablets, mobiles - Works over Wi-Fi - No cables needed	Quick tests, demos, headless setups
Serial Interface	- Faster performance - Instant responsiveness - Handles large data smoothly	Intensive sessions, frequent interactions
Standalone	- Only for the Cardputer - On device keyboard - On device screen	Portable sessions, Quick tests

All interfaces share the same command structure and can be used interchangeably (more details).

Mobile Web Interface over WiFi

An iPhone screenshot showing the Bit Pirate firmware web interface

Standalone Mode for the Cardputer

A Cardputer running the ESP32 Bit Pirate in standalone mode

Using the ESP32 Bit Pirate to speak UART over WiFi

A demo Using the ESP32 Bit Pirate firmware with UART

Contribute

See How To Contribute section, which outlines a simple way to add a new command to any mode.

Visuals Assets

See images, logo, presentations, photo, video, illustrations. These visuals can be freely used in blog posts, documentation, videos, or articles to help explain and promote the firmware.

Warning

⚠️ Voltage Warning: Devices should only operate at 3.3V or 5V.

Do not connect peripherals using other voltage levels — doing so may damage your ESP32.

⚠️ Usage Warning: This firmware is provided for educational, diagnostic, and interoperability testing purposes only.

Do not use it to interfere with, probe, or manipulate devices without proper authorization.

Avoid any unauthorized RF transmissions (e.g., sub-GHz) that could violate local regulations or disrupt networks and communications.

The authors are not responsible for any misuse of this software or hardware, including legal consequences resulting from unauthorized access or signal emission.

Always stay within the bounds of your country’s laws and responsible disclosure policies.