Comment by paranoidrobot
5 days ago
As far as I can tell it doesn't mention which air purifier.
Knowing that might help influence purchasing decisions for those also interested in a "sleek" air purifier that contains an ESP32.
5 days ago
As far as I can tell it doesn't mention which air purifier.
Knowing that might help influence purchasing decisions for those also interested in a "sleek" air purifier that contains an ESP32.
I highly suspect that this is a Levoit air purifier. I recently purchased a Levoit 300S and had the same issue. The VeSync app connects the device directly over the internet and you can control it via an API on their domain with a username and password. Your air purifier is then a backdoor to your home network. I just put it on a guest network now rather than go through this.
I suspect hiding the manufacturer/model was very much on purpose, they blurred the markings on the PCB and hid the domain name for the manufacturer's API calls (and in the console logs as well).
I agree, hopefully it helps not getting the article taken down because its a very good primer on getting any ESP based device locally working.
I guess that is on purpose. After all the article could easily be rewritten as a successful attack on the manufacturer infra using a private key extracted from a device.
So the Authors Home Assistant Integration could be at risk to stop working quite quickly...