PwnPower v2.1-rc1

Flashing Instructions

PwnPower uses OTA partition layouts:

• Application: firmware.bin at 0x20000
• Bootloader: bootloader.bin at 0x0
• Partition Table: partitions.bin at 0x8000
• Flash Size: 4MB (ESP32-C3) or 8MB (ESP32-C5)

Important: Do NOT use factory offsets (0x10000 for app).

Supported Targets

• ESP32-C3: 4MB flash, 2.4GHz WiFi
• ESP32-C5: 8MB flash, 2.4GHz + 5GHz WiFi

Changelog

Fixed

• Removed blocking delay from the Wi-Fi disconnect event callback by deferring reconnect attempts to a timer.
• Fixed a webhook payload memory leak by ensuring JSON payload buffers are freed on all send paths.
• Replaced shared static handshake/general-capture task arguments with per-request heap arguments and task-owned cleanup.
• Reduced promiscuous deauth log spam by rate-limiting and aggregating deauth logging in background scans.
• Potentially fixed issue where device access point wouldn't come up after a promiscuous scan.

Changed

• Reduced static JSON buffer allocations by ~14KB RAM (report_json, intelligence_json, device_presence_buf, unified_buf).
• Reduced background scan temp_stations buffer from 128 to 64 entries (~900 bytes saved).

PwnPower v2.0

Flashing Instructions

PwnPower uses OTA partition layouts:

• Application: firmware.bin at 0x20000
• Bootloader: bootloader.bin at 0x0
• Partition Table: partitions.bin at 0x8000
• Flash Size: 4MB (ESP32-C3) or 8MB (ESP32-C5)

Important: Do NOT use factory offsets (0x10000 for app).

Supported Targets

• ESP32-C3: 4MB flash, 2.4GHz WiFi
• ESP32-C5: 8MB flash, 2.4GHz + 5GHz WiFi

Added

• Secure login flow with token-based API protection for the web UI
• Privacy mode toggle to censor PII (MACs, SSIDs, vendors) for demos and content creation
• Configuration of onboard WiFi AP
• Option to connect device to home network with access over mDNS (pwnpower.local)
• Device will automatically perform deep scans and capture handshakes when device is not being used
• Added automatic OUI lookup for AP and STA vendor information
• Added automatic SNTP sync when connecting to a network for timestamping
• Added a network intelligence section with:
  • Deauths seen
  • Rouge APs detected
  • Persistent device tracking
  • Network bottleneck analysis
• Added a Network History section with:
  • AP and STA history
  • Channel congestion history
• Added ability to send configurable alerts to a webhook
• Enabled HTTPS with on-device self-signed cert
• Added mDNS support for pwnpower.local on PwnPower AP
• Added a first time boot setup wizard
• Added support for the ESP32-C5
• Added a recovery system to clear NVS and Storage partition on 5 rapid power cycles
• Added peer discovery to switch between multiple devices on a home network from one interface
• Added limiting so you can't select clients on different channels

Changed

• Merged WiFi Recon and Attack sections into a single section
• Changed to use custom partition table for extra flash storage
• Separated web interface into seperate js, css and html files
• Revised web interface styling
• Changed SoftAP IP to 192.168.66.1 to prevent conflicts with STA connection

PwnPower v2.0 prerelease-03

Changed since last prerelease

• Added a recovery system to clear NVS and Storage partition on 5 rapid power cycles
• Added peer discovery to switch between multiple devices on a home network from one interface
• Added limiting so you can't select clients on different channels
• Fixed potential hang while scanning
• Improved server socket exhaustion
• Changed SoftAP IP to 192.168.66.1 to prevent conflicts with STA connection
• Changed history samples to use absolute time instead of relative time
• Fixed issue where old samples would 'disappear' after a while
• Changed scan reports to allow downloading raw json and an image containing chart info seperately
• Revisions to interface styling and layout

Added

• Secure login flow with token-based API protection for the web UI
• Privacy mode toggle to censor PII (MACs, SSIDs, vendors) for demos and content creation
• Configuration of onboard WiFi AP
• Option to connect device to home network with access over mDNS (pwnpower.local)
• Device will automatically perform deep scans and capture handshakes when device is not being used
• Added automatic OUI lookup for AP and STA vendor information
• Added automatic SNTP sync when connecting to a network for timestamping
• Added a network intelligence section with:
  • Deauths seen
  • Rouge APs detected
  • Persistent device tracking
  • Network bottleneck analysis
• Added a Network History section with:
  • AP and STA history
  • Channel congestion history
• Added ability to send configurable alerts to a webhook
• Enabled HTTPS with on-device self-signed cert
• Added mDNS support for pwnpower.local on PwnPower AP
• Added a first time boot setup wizard
• Added support for the ESP32-C5
• Added a recovery system to clear NVS and Storage partition on 5 rapid power cycles
• Added peer discovery to switch between multiple devices on a home network from one interface
• Added limiting so you can't select clients on different channels

Changed

• Merged WiFi Recon and Attack sections into a single section
• Changed to use custom partition table for extra flash storage
• Separated web interface into seperate js, css and html files
• Revised web interface styling
• Changed SoftAP IP to 192.168.66.1 to prevent conflicts with STA connection

Flashing Instructions

PwnPower uses OTA partition layouts:

• Application: firmware.bin at 0x20000
• Bootloader: bootloader.bin at 0x0
• Partition Table: partitions.bin at 0x8000
• Flash Size: 4MB (ESP32-C3) or 8MB (ESP32-C5)

Important: Do NOT use factory offsets (0x10000 for app).

Supported Targets

• ESP32-C3: 4MB flash, 2.4GHz WiFi
• ESP32-C5: 8MB flash, 2.4GHz + 5GHz WiFi

PwnPower v2.0 prerelease-02

Automated pre-release build for tag v2.0-rc2.

Changed since last pre-release

• Tweaked C3 memory related configs to resolve not being able to load the UI

Added

• Secure login flow with token-based API protection for the web UI
• Privacy mode toggle to censor PII (MACs, SSIDs, vendors) for demos and content creation
• Configuration of onboard WiFi AP
• Option to connect device to home network with access over mDNS (pwnpower.local)
• Device will automatically perform deep scans and capture handshakes when device is not being used
• Added automatic OUI lookup for AP and STA vendor information
• Added automatic SNTP sync when connecting to a network for timestamping
• Added a network intelligence section with:
  • Deauths seen
  • Rouge APs detected
  • Persistent device tracking
  • Network bottleneck analysis
• Added a Network History section with:
  • AP and STA history
  • Channel congestion history
• Added ability to send configurable alerts to a webhook
• Enabled HTTPS with on-device self-signed cert
• Added mDNS support for pwnpower.local on PwnPower AP
• Added a first time boot setup wizard
• Added support for the ESP32-C5

Changed

• Merged WiFi Recon and Attack sections into a single section
• Changed to use custom partition table for extra flash storage
• Separated web interface into seperate js, css and html files
• Revised web interface styling

Flashing Instructions

PwnPower uses OTA partition layouts:

• Application: firmware.bin at 0x20000
• Bootloader: bootloader.bin at 0x0
• Partition Table: partitions.bin at 0x8000
• Flash Size: 4MB (ESP32-C3) or 8MB (ESP32-C5)

Important:

• Do NOT use factory offsets (0x10000 for app).
• Unfortunately if you have a v1 flashed device you will have to erase the flash and flash it manually to be able to use the new integrated storage and will not be able to update to v2 from v1 using OTA.

Supported Targets

• ESP32-C3: 4MB flash, 2.4GHz WiFi
• ESP32-C5: 8MB flash, 2.4GHz + 5GHz WiFi

PwnPower v2.0 prerelease-01

Automated pre-release build for tag v2.0-rc1.

Added

• Secure login flow with token-based API protection for the web UI
• Privacy mode toggle to censor PII (MACs, SSIDs, vendors) for demos and content creation
• Configuration of onboard WiFi AP
• Option to connect device to home network with access over mDNS (pwnpower.local)
• Device will automatically perform deep scans and capture handshakes when device is not being used
• Added automatic OUI lookup for AP and STA vendor information
• Added automatic SNTP sync when connecting to a network for timestamping
• Added a network intelligence section with:
  • Deauths seen
  • Rouge APs detected
  • Persistent device tracking
  • Network bottleneck analysis
• Added a Network History section with:
  • AP and STA history
  • Channel congestion history
• Added ability to send configurable alerts to a webhook
• Enabled HTTPS with on-device self-signed cert
• Added mDNS support for pwnpower.local on PwnPower AP
• Added a first time boot setup wizard
• Added support for the ESP32-C5

Changed

• Merged WiFi Recon and Attack sections into a single section
• Changed to use custom partition table for extra flash storage
• Separated web interface into seperate js, css and html files
• Revised web interface styling

Flashing Instructions

PwnPower uses OTA partition layouts:

• Application: firmware.bin at 0x20000
• Bootloader: bootloader.bin at 0x0
• Partition Table: partitions.bin at 0x8000
• Flash Size: 4MB (ESP32-C3) or 8MB (ESP32-C5)

Important:

• Do NOT use factory offsets (0x10000 for app).
• Unfortunately if you have a v1 flashed device you will have to erase the flash and flash it manually to be able to use the new integrated storage and will not be able to update to v2 from v1 using OTA.

Supported Targets

• ESP32-C3: 4MB flash, 2.4GHz WiFi
• ESP32-C5: 8MB flash, 2.4GHz + 5GHz WiFi

PwnPower v1.0

v1.0

Added

• Web UI
• Deauthentication and disassociation attack
• Passive handshake capture (EAPOL detection) and general 802.11 capture with in-memory PCAP export (handshake.pcap)
• OTA Firmware upload
• Simple smart-plug GPIO control endpoints

Security and Usage Notes

• The default AP password is password
• Intended for research, learning, and authorized penetration testing only. Use responsibly and comply with local laws.
• This project can disrupt Wi‑Fi networks; do not use on networks where you do not have permission.