Passive LoRa reconnaissance firmware for ESP32-S3 + SX1262 hardware. Scans 29 frequency configurations, captures and replays packets, tests 23 default Meshtastic PSKs, decrypts MeshCore public channels and hashtag rooms, extracts GPS coordinates, and serves a phone-accessible web UI — all from a low-cost board.
Version: 2.6.0 | Status: Production
- Heltec WiFi LoRa 32 V3 — proven, lowest cost, CP210x serial
- Heltec WiFi LoRa 32 V4 — adds optional L76K GPS; native USB (no serial monitor)
- LilyGO T3-S3 V1.2/V1.3 — native SD card slot for PCAP/CSV logging
- LilyGO T-Beam Supreme — SD + built-in GPS + AXP2101 PMIC + battery management
See docs/HARDWARE.md for specs, pin maps, and purchase links.
One-click flash from your browser (Chrome/Edge, no downloads): → https://haksht.github.io/lorecon/install/
Full setup (flash + WiFi + Python analysis tools): → docs/SETUP.md — three install paths, picks the one that fits
Want to build or modify the firmware: → docs/developers/BUILDING.md — PlatformIO, serial monitor, OTA
This project delivers low-cost, stand-alone LoRa reconnaissance with a phone-friendly web UI, PSK testing, and built-in export options.
| Area | What it does |
|---|---|
| Reconnaissance | Cycles 29 LoRa configs (Meshtastic, LoRaWAN/TTN, Helium, ISM, MeshCore) on a ~6-minute scan |
| Packet capture | Interrupt-driven, <50 ms latency, 50-packet queue |
| PSK decryption | Tests 23 Meshtastic default keys; decrypts MeshCore public channel and common hashtag rooms |
| LoRaWAN testing | Verifies 16 default AppKeys against captured Join Requests |
| GPS extraction | Extracts coordinates from Meshtastic POSITION_APP packets |
| Packet replay | 10 slots, configurable repeat count and delay |
| Export | CSV, PCAP (Wireshark), KML, GeoJSON — wireless download from web UI |
| Web UI | 6-tab interface (Info, Devices, Packets, Frequencies, Dashboard, Settings); live stats sidebar always visible on desktop, hamburger popup on mobile |
| Security | Token-based API auth, device-unique AP password, NVS credential storage |
| Stability | Device Health panel (Settings) — last reset reason, min-free heap, crash context surviving reboot via RTC memory; T-Beam Supreme PSRAM extends heap by 8 MB |
For users:
- docs/SETUP.md — flash + first boot + WiFi provisioning
- docs/USAGE.md — web interface, Python tools, field deployment
- docs/TOOLS.md — Python toolkit full reference
- docs/HARDWARE.md — board comparison, specs, purchase links
- docs/TROUBLESHOOTING.md — common problems and fixes
For developers:
- docs/developers/BUILDING.md — PlatformIO, build commands, serial monitor, OTA
- docs/developers/ARCHITECTURE.md — code structure and design decisions
- docs/developers/API.md — REST and WebSocket reference
Reference:
- docs/reference/HOW_IT_WORKS.md — security scoring, router detection, protocol analysis
- docs/reference/ENCRYPTION.md — what PSK decryption can and cannot do
- docs/reference/NETWORK_HUNTING.md — hunting strategies by network type
- docs/reference/THREAT_MODEL.md — security threat model
This tool is for authorized security research, education, and testing on networks you own or have explicit permission to analyze.
Legitimate uses: Auditing your own Meshtastic/LoRa networks, security research with authorization, conference demonstrations, identifying devices using vulnerable default configurations.
Not for: Intercepting private communications without consent, tracking individuals without authorization, jamming or disrupting networks, commercial exploitation of captured data.
US context: passive RF reception is generally legal; interception of content may implicate 18 U.S.C. § 2511. Laws vary by jurisdiction. Default PSKs are tested to demonstrate the risk of using factory-default encryption keys.
See CONTRIBUTING.md. Keep modules focused, patches small, and include hardware details in bug reports.