Practice English Speaking&Listening with: Fun with the ESP8266's BBPLL

Difficulty: 0

The following violates 802.11 standards.

It's intended for research purposes only.

Please don't use this as a product or do this well anywhere outside your own home otherwise

somebody like the FCC's gonna get pretty upset.

This is friend Waffles.


And he went to the Chaos Communications Camp and he got one of these.

A rad1o.

And the neat thing is that this is a software defined radio.

It allows you to go see into the RF spectrum without specialized hardware for a specific


Conveniently, unlike the RTL-SDR that I love so much, this one can tune to the 2.4 GHz


Which is where these little guys right here.

These ESP8266s live.

Now the ESP8266's have ESP-NOW, so you can arbitrarily fling packets out and because

of some work that I did before with espnosdk or esp8266nosdk ah whatever the name of that

project was (nosdk8266) you can also do these kind of wacky things and just kinda change

the arbitrary PLL for all the clocks inside the chip.

And so I was just sitting on slack last night for MAGFest because we're going to be having

swadges this year and I was wondering what happens if you clock an ESP differently and

still try to use the wifi hardware.

And, well, the answer is, of course, because right now my computer is in monitor mode,

when it is transmitting the normal packets you can see all of them and they're coming

in, and you can take a look.

In fact I am using 6 mbit/s OFDM 802.11 channel 6 and all of that is fine.

But, then when it's transmitting these other two, the narrower signals, you can't read

them here.

So you're thinking "ok, charles, you found some sort of glitch in the ESP that breaks

everything that lets you clock it differently and for some reason it's still tuned to the

right frequency but now the channel width is narrower."



Whatever except for the fact that then, if you do it to a second ESP, like this one,

right here... and if I set the baud rate to 50 kbaud, it happens to work out that that

is exactly the frequency for when the ESP8266 is running at its slowest.

32 MHz instead of 80.

That it's still able to receive packets.

And so both of these are synchronized, stepping through at the same time at their different


And that's frequency of operation.

And so you can see that they are transmitting at 80 MHz then at 60 then at 32.

Now that's the system clock.

The actual channel bandwidth are 20 and about 16 and about 8 respectively.

As you can see the actual channels and the OFDM channels are getting narrower and narrower

and more and more packed as it's going down which seems crazy that the ESPs can somehow

still communicate despite these are completely wrong and even close to what 802.11 should

really be.

So, this is really neat that somehow by clocking the ESP differently, you're able to violate

all of the 802.11 standard stuff and the ESPs can still talk.

So this means that maybe they can transmit longer distances.

Maybe they can transmit in different conditions.

You can pack more ESPs into the same 802.11 space.

Like this is some really neat stuff.

I don't know if anyone's going to take it anywhere, but I do have all of the source

code online at esp8266oddclock.

And this is using the new esp82xx stuff to really give you more power and able to do

more stuff with the ESP that that is difficult to do otherwise.

Thanks for watching.

The Description of Fun with the ESP8266's BBPLL