Skip to content
Provide ESP8266 based itead Sonoff with Web, MQTT and OTA firmware using Arduino IDE
Branch: master
Clone or download
Pull request Compare This branch is 2 commits ahead, 1434 commits behind arendst:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Sonoff-Angel firmware is a fork off Sonoff-Tasmota which hardens usage of dangerous MQTT routines in order to have a more secure, out-of-the-box, firmware experience.

Sonoff-Angel Logo

That said - there is no particular hardeining except MQTT protocol starilizations, which omits dangerous method usages from the code base.

In particular - "Angel edition" eliminates the usage of those commands:

  1. cmnd/sonoff/AP
  2. cmnd/sonoff/Status 2
  3. cmnd/sonoff/SSId
  4. cmnd/sonoff/Password
  5. cmnd/sonoff/WebServer
  6. cmnd/sonoff/WebConfig
  7. cmnd/sonoff/MqttClient
  8. cmnd/sonoff/MqttHost
  9. cmnd/sonoff/MqttUser
  10. cmnd/sonoff/MqttPassword
  11. cmnd/sonoff/otaUrl
  12. cmnd/sonoff/Upgrade
  13. cmnd/sonoff/Upload

Current version is 5.2.4 - See sonoff/_releasenotes.ino for change information.

What about the Robin hood scenario?

As the original version of sonoff is wildly used and found to be able to be exploited over MQTT while the broker is connected promiscuously to the internet - this version can be implemented by sucessfuly exploiting the otaUrl parameter overwrite and then Upgrade/Upload triggering in order to control the box - one can be a Robin Hood of sorts and hack those devices in order to bring "Aangel" into working, a wise hacker would be able to do so without harming configuration and keeping all other functionalities intact.

As I perceive that this scenario is possible - I do not encourage that by any means as this, albeit being righteous, is illegal over the globe.

Is Angel is the only option to defend Sonoff's vulnerable MQTT topics?


It is neither the only nor the best option to harden your systems but in many cases can be the easiest method because of the complexity of implementing a broker-centric permission scheme over known topics which can be changed and are, in times, hard to interpret correctly.

In particular - one can enact a policy on the broker with a similar fashion to disallowing anonymous connections and authorizing user per topic per publish method, and one should be able to subscribe to stat/sonoff/RESULT without proper authentication as well.

You can’t perform that action at this time.