00 Quick
ESP32 Bit Pirate is a multi-protocol exploration and debugging tool for hardware hacking.
It allows you to:
- Explore electronic buses (I2C, SPI, UART, 1-Wire, JTAG, SWD, CAN, etc.)
- Explore radio protocols (RFID, RF, Bluetooth, WiFi, SubGhz)
- Reverse engineer unknown devices
- Send raw transactions
- Read / write memories (EEPROM, Flash, Smartcards)
- Automate tests and scripts
Think of it as a modern, scriptable toolbox running on ESP32, with a large range of supported protocols.
To get started with ESP32 Bit Pirate, you only need a few basic components.
- An ESP32-S3 board
- Any ESP32S3N8 or ESP32S3N16, at least 8MB Flash, no PSRAM required
- For maximum compatibility, use the boards listed in the README
- You can install the firmware in one click using the Web Flasher
- Wiring:
- Dupont jumper wires (male/female)
- Or Grove → Dupont / Qwiic → Dupont cables
- Test hooks / grabbers
Additional protocol support and features can be enabled by connecting external modules:
- Accessories from the Original Bus Pirate ecosystem
- ESP32 Bit Pirate Dock for ESP32S3 DevKit
- ESP32 Bus Expander for WiFi 5GHZ
The connection details, references, and information for each module are described in the corresponding mode.
Everything is done using commands. Don’t worry though, most commands are intentionally kept very simple. You even have a Pirate Assistant on the web UI to translate what you want to do into commands.
In many cases, you only need to type a single word with no arguments or flags at all, such as read, receive, or scan.
Some commands do accept arguments, but they follow straightforward and intuitive formats.
General form:
command [arg1] [arg2] ...
Examples:
scan
monitor 0x13
wizard 1
sniff
logic 1
jam
read 0x13 6
- Arguments are space-separated
- Arguments in
< >are required - Arguments in
[ ]are optionnal - Numbers can be decimal or hex:
255
0xFF
You can chain multiple commands, repeat commands, and insert delays between actions.
This makes it possible to build simple scripts directly from the command line interface.
Exemples:
m dio || read 1 || set 1 LOW || delayms 1 || set 1 HIGH
repeat 5 scan
repeat 10 set 1 LOW || delayus 100 || set 1 HIGH || delayus 100
You usually start by selecting a protocol:
Type m, mode or m uart, m i2c.
m (prompt for mode)
mode (prompt for mode)
mode uart (direct mode access)
m dio (direct mode access)
ESP32 Bus Pirate also supports instruction-based execution(similar to bytecode). See Instruction Syntax.
You can control ESP32 Bus Pirate from Python over Serial. See Python Automation
ESP32 Bus Pirate is designed to be explored. Type commands, experiment, break things, learn.