Espressif have released a fix for the WPA2 crack and it’s available in the newly released 2.40-rc2 for ESP8266.
3 Likes
Nice… Thanks for the update (I don’t actively follow GitHub, so I didn’t know).
Added this into my IDE preferences: https://github.com/esp8266/Arduino/releases/download/2.4.0-rc2/package_esp8266com_index.json and updated in the Board manager.
ESP32 was supposedly patched yesterday but I can’t see the patch https://github.com/espressif/arduino-esp32/issues/739
I just ran the ESP32 Git GUI update for Windows and it pulled and installed this.
xtensa-esp32-elf-win32-1.22.0-61-gab8375a-5.2.0-2.zip
@Gunner that’s the same zip file as shown in the 17th August 2017 updated windows.md file so I would say it can’t have the ESP32 patch from yesterday.
Hmmm… well, whatever was pulled was new since my last update about 5 days ago… so who knows… perhaps I am looking at the wrong file?
UPDATE - Looks like I am following the correct update procedure… and the date of that file must be when I first started using the ESP32… it seems it just downloads and re-processes it after a Git GUI pull?
I am unsure how to see what build version actually gets “loaded” on the the ESP though. Oh well, outside the scope of this topic.
Here’s a TL;DR version of how to upgrade which I stole from their Github page.
- Install the current upstream Arduino IDE at the 1.8 level or later. The current version is at the Arduino website.
- Start Arduino and open Preferences window.
- Enter https://github.com/esp8266/Arduino/releases/download/2.4.0-rc2/package_esp8266com_index.json into Additional Board Manager URLs field. You can add multiple URLs, separating them with commas.
- Open Boards Manager from Tools > Board menu and install esp8266 platform (and don’t forget to select your ESP8266 board from Tools > Board menu after installation).
You should now have xtensa-esp32-elf-win32-1.22.0-73-ge28a011-5.2.0.zip available has shown from the update below:
C:\ESP32\sketchbook\git\tools>get
System: Windows, Info: Windows-8.1-6.3.9600
Platform: i686-mingw32
Tool xtensa-esp32-elf-win32-1.22.0-73-ge28a011-5.2.0.zip already downloaded
Extracting xtensa-esp32-elf-win32-1.22.0-73-ge28a011-5.2.0.zip
Tool esptool-4dab24e-windows.zip already downloaded
Extracting esptool-4dab24e-windows.zip
Tool mkspiffs-0.2.1-windows.zip already downloaded
Extracting mkspiffs-0.2.1-windows.zip
Renaming mkspiffs-0.2.1-windows/ to mkspiffs
Done
Well, I know it was updating as after one update, weeks ago, it developed OTA issues, which was fixed in the next update… but the file name always stayed the same… so who knows…
Earlier today I ended up wiping it (the espressif folder) out, updating the IDE to 1.8.5, reinstalling the ESP32 core… and all the Blynk libraries for good measure, since the ESP32 showed up on the Serial Monitor as v0.4.8 on Arduino… but after, the Blynk msg still shows as Arduino… so who knows about that.
So now I now have the latest ESP32 core for sure… but the former stability in my 24/7 running project seems to have become mildly unstable… Go figure… next update I guess… 
Interesting to see if this file changes next update or not.
How to update ESP8266? Or the lib in Blynk needs to be updated and need to reflash my code?
As per my 1st post up above… Read the Obtaining 2.4.0-rc2 pre-release directions here.
And then, yes, reflash all your sketches for it to take effect on them.
We still have some Blynkers running the old 2.3.0 core. Not only is WPA2 compromised, it’s old rubbish. Do yourselves a favour and get on to 2.4.0-rc2.
Not that it’s old rubbish, previous version was much better, it’s full of bugs and using 2.3.0 core made my life total misery in last few days, can’t even describe what I have been trough. Thanks to Costas and 2.4.0rc2 update, problem solved. So do not even try to run your projects on 2.3.0 core.
1 Like
2.4.0 was released today, although it’s still shown with a pre-release status, so their is now no excuse for not switching from the ancient 2.3.0.
@vshymanskyy this has the SSL fixes, right?
3 Likes
I contacted Ivan via GitHub and he’s now corrected the status to “Latest release”.
SOLVED an explained in next post.
Hello @Costas, I found (I think) something for not to change to 2.4.0…
I was working yesterday with 2.3.0 version with no problem in all nodemcu and a small esp8266-1
Today I switched to 2.4.0 (also 2.4.0-rc2) version but my “before working project” don’t it does not set the esp8266-1 to AP mode using wifimanager as it does with 2.3.0.
I switched back to 2.3.0 and same code works flawlesly…
What i did wrong?
this is my code:
#define BLYNK_PRINT Serial
#include "termostato.h"
#include <ESP8266WebServer.h>
#include <DNSServer.h>
#include <WiFiManager.h>
#include <ESP8266WiFi.h>
#include <BlynkSimpleEsp8266.h>
#include <SimpleTimer.h>
#include <OneWire.h>
#include <DallasTemperature.h>
#define ONE_WIRE_BUS 2
#define LED BUILTIN_LED
OneWire oneWire(ONE_WIRE_BUS);
DallasTemperature sensors(&oneWire);
char auth[] = "something correct here";
float temp = 0;
bool isFirstConnect = true;
SimpleTimer Timer;
WidgetBridge bridge1(V8);
void CheckConnectionProc()
{
if (!Blynk.connected()) {
if(Blynk.connect()) {
Serial.println("Reconexion OK");
} else {
Serial.println("Reconexion no OK");
}
}
}
void leeTemp()
{
sensors.requestTemperatures();
temp = sensors.getTempCByIndex(0);
Blynk.virtualWrite(V4, temp);
bridge1.virtualWrite(V7, temp);
}
BLYNK_CONNECTED()
{
if (isFirstConnect)
{
Blynk.syncAll();
isFirstConnect = false;
}
bridge1.setAuthToken("something correct here also");
}
void setup()
{
Serial.begin(9600);
sensors.begin();
leeTemp();
WiFiManager wifi;
//wifi.setTimeout(120);
wifi.autoConnect("Termostato_Slave2");
Blynk.config(auth, "my local server address");
pinMode(LED, OUTPUT);
digitalWrite(LED, HIGH);
Timer.setInterval(5000L, leeTemp);
Timer.setInterval(10000L, CheckConnectionProc);
}
void loop()
{
Blynk.run();
Timer.run();
}
In any 2.4.0 version I can’t see the Termostato_Slave2 on my iPhone wifi area… should be something related to the 2.4.0 version, isn’t it?
Thanks!!
Hello again,
This is what I call a weird situation… I found the problem, it was a hardware problem, but it’s very curious…
I see that after some time, the esp runs ok with version 2.4.0 so I check hardware side
- Removing the esp8266-1 from the device where it was installed I broke the link between reset and 3.3v
- There is no problem programming the esp without 3.3v on it
- Also seems that running without this pin to high is not a problem on 2.3.0 version, because it works!
- As I said before, after some time, the esp works fine (I suppose that there was some noise on this pin and finally it starts…)
Well, problem solved.
Thanks!
2 Likes
what should I write to the board manager for 2.4.0?
now I am still using:
https://github.com/esp8266/Arduino/releases/download/2.4.0-rc2/package_esp8266com_index.json
should it be:
https://github.com/esp8266/Arduino/releases/download/2.4.0/package_esp8266com_index.json ?