ESP32 Bit Pirate: Open-Source Firmware Turns ESP32-S3 into a Multi-Protocol Hacking Tool

ESP32 Bit Pirate: Turn Your ESP32-S3 into a Swiss Army Knife for Hardware Hacking

The ESP32 Bit Pirate is an open-source firmware that transforms any compatible ESP32-S3 board into a multi-protocol hardware hacking tool. Inspired by the classic Bus Pirate, it supports sniffing, sending, scripting, and interacting with a wide range of digital and radio protocols. The firmware is available now on GitHub under the repo geo-tp/ESP32-Bit-Pirate.

What It Supports

The firmware boasts an extensive list of modes and protocols:

• Digital: I2C (scan, glitch, slave mode, dump, eeprom), SPI (eeprom, flash, sdcard, slave mode), UART/Half-Duplex UART (bridge, read, write), 1-Wire (ibutton, eeprom), 2-Wire (sniff, smartcard), 3-Wire (eeprom), DIO (digital I/O, PWM, servo), JTAG (scan, SWD, openOCD), CAN (sniff, send/receive), I2S (audio test).
• Radio: Bluetooth (BLE HID, scan, spoofing, sniffing), Wi-Fi/Ethernet (sniff, deauth, nmap, netcat), Sub-GHz (analyze, record, replay), RFID (read, write, clone), RF24 (scan, send, receive), FM (analyze, broadcast), Infrared (send, record, universal remote with 80+ protocols).
• USB: HID, flashrom, storage, USB-UART.
• Cellular: SIM card dump, SMS, call.

It also includes a "Device-B-Gone" command that can send IR signals for over 80 protocols, making it a universal remote control killer.

Supported Hardware

The firmware targets ESP32-S3 boards with at least 8 MB of flash. Officially supported devices include:

• ESP32 S3 Dev Kit (20+ GPIO, 1 button)
• M5 Cardputer (2 GPIO Grove, screen, keyboard, mic, speaker, IR TX, SD card, battery)
• M5 Cardputer ADV (12 GPIO, plus extras)
• M5 Stick S3 (13 GPIO, screen, mic, speaker, IR, IMU, 3 buttons, battery)
• M5 StampS3 (9 GPIO, 1 button)
• M5 AtomS3 Lite (8 GPIO, IR TX, 1 button)
• LilyGO T-Display (13 GPIO, screen, 2 buttons)
• LilyGO T-Embed (9 GPIO, screen, encoder, speaker, mic, SD card)
• LilyGO T-Embed CC1101/Plus (adds CC1101, NRF24, PN532, IR)
• Seeed Studio Xiao S3 (9 GPIO, 1 button)

Any ESP32-S3 board with 8 MB flash can work, but pin mappings may need adjustment.

Getting Started

Flashing is straightforward via the ESP32 Bit Pirate Web Flasher — a browser-based tool that installs the firmware in one click. Alternatively, use M5Burner for M5 devices. After flashing, connect via serial (USB) or Wi-Fi web interface.

Example commands from the CLI:

> i2c scan
> spi eeprom read 0x50 0x00 256
> uart write "Hello"
> wifi sniff
> subghz record 433.92M

Three CLI Interfaces

The firmware offers three command-line interfaces:

• Web Interface: Accessible from any browser over Wi-Fi — no cables needed, ideal for quick tests.
• Serial Interface: Faster performance, better for intensive sessions.
• Standalone: Only on M5 Cardputer — uses on-device keyboard and screen.

All interfaces share the same command structure and can be used interchangeably.

Scripting and Automation

Users can automate interactions using Python scripts over serial or Bus Pirate-style bytecode instructions. The repository includes ready-to-use scripts for logging data, dumping EEPROM/flash, controlling GPIOs, and LED animations.

Hardware Extensions

Two additional hardware modules are available:

• ESP32 Bus Expander: Adds support for 5 GHz Wi-Fi and other radio protocols.
• ESP32 Bit Pirate Dock: A docking station for ESP32 S3 DevKit that works with original Bus Pirate adapters and accessories (coming soon).

Community and Documentation

The project's Wiki provides detailed documentation for every mode and command. Users can contribute by adding new commands following the contribution guide.

Why It Matters

For developers and hardware hackers, the ESP32 Bit Pirate consolidates dozens of tools into a single, inexpensive device. Instead of carrying multiple dedicated tools for I2C, SPI, UART, Bluetooth, Wi-Fi, etc., you can now use one ESP32-S3 board with this firmware. It's especially valuable for IoT debugging, protocol reverse engineering, and educational purposes.

Editor's Take

I've used Bus Pirate for years, and I've always wished for a cheaper, wireless alternative. The ESP32 Bit Pirate delivers on that promise — the web CLI is a game-changer for quick tests on the go. However, I'm concerned about the voltage warning: the firmware only supports 3.3V or 5V, so you need level shifters for higher voltages. Also, the number of supported boards is impressive, but the pin mapping can be a pain if your board isn't exactly one of the listed ones. Still, for $10 worth of hardware, this is an incredible value.

Developer Insights

• Flash the firmware using the Web Flasher at https://geo-tp.github.io/ESP32-Bit-Pirate/ — no local tools needed.
• Use the i2c scan command to quickly find devices on your bus; it's much faster than wiring up a logic analyzer.
• The Sub-GHz mode can record and replay signals at common frequencies like 433.92 MHz — useful for testing garage doors or weather stations.

Quiz

1. Which ESP32 chip variant is required for the ESP32 Bit Pirate firmware?

   • A) ESP32
   • B) ESP32-S3
   • C) ESP32-C3
   • D) ESP8266 Answer: B

2. How many IR protocols does the "Device-B-Gone" command support?

   • A) 50
   • B) 80
   • C) 100
   • D) 120 Answer: B

3. True or False: The firmware can only be used via a serial terminal.

   • A) True
   • B) False Answer: False (it also supports a web CLI and standalone mode on Cardputer)