Designed by Cirket open-source hardware in China, the ESP32-DIV V1 is a handheld wireless pentesting and experimentation tool with Wi-Fi, BLE, generic 2.4 GHz (NRF24), and Sub-GHz RF (CC1101) communication. The device targets hardware hackers and cybersecurity researchers for learning and testing wireless vulnerabilities across multiple frequency bands.
The device features a modular “sandwich” design consisting of a Main Board and a Shield Board connected via a 20-pin header. The Main Board integrates an ESP32 microcontroller, a 2.8-inch ILI9341 TFT display with XPT2046 touch controller, SD card slot, battery charging and power management, and navigation controls. The Shield Board hosts the RF hardware, including three NRF24L01 modules, a CC1101 Sub-GHz transceiver, and multiple SMA antenna connectors.
ESP32-DIV (V1) specifications:
- Wireless Module – ESP32-WROOM-32U
- SoC – ESP32 dual-core wireless microcontroller
- CPU – Dual-core Xtensa 32-bit microprocessor @ 240MHz
- Memory – 520KB internal SRAM
- Wireless – Wi-Fi 802.11b/g/n, and Bluetooth (4.2 and BLE)
- Memory – 2MB PSRAM
- Storage – 16MB flash
- IPEX antenna connector (antenna provided)
- SoC – ESP32 dual-core wireless microcontroller
- Storage – MicroSD card slot for captured signals, logs, and firmware files
- Display – 2.8-inch TFT LCD (ILI9341) with touch input (XPT2046)
- Wireless
- 3x nRF24 modules for scanning, jamming, and protocol experimentation
- CC1101 transceiver for signal capture, replay, and jamming
- USB – 1x USB-C port for power, charging, and programming via CP2102 USB to UART IC
- User control – 5-key D-Pad for navigation
- Misc
- Charge and standby LEDs (TP4056)
- Boot and reset buttons (ESP32)
- TX and RX LEDs(CP2102)
- Slider switch (switches battery and USB power)
- Big menu button
- 4x SMA antennas (Main Board)
- 2x SMA antennas (Shield Board)
- Power Supply
- 18650 Lithium battery with TP4056 battery charger and protection
- 5V via USB Type-C port
- 3.3 V voltage regulation (LF33)
- Dimensions – 107.31 x 67.43 mm
Hardware Versions: V1 vs. V2. While writing, I found a significant discrepancy between the available hardware and the documentation. The version currently sold on Tindie is Hardware V1, while the GitHub repository and schematics have been updated to Hardware V2.
- V1 (Currently Sold): Features 6 SMA antenna connectors (4 on the top edge, 2 on the side), and lacks the RGB LEDs and speaker found in the new documentation.
- V2 (In Development/Repo): Upgrades to the ESP32-S3 microcontroller, reduces the physical footprint, adds WS2812B RGB LEDs, and includes a buzzer/speaker.
Note: The specifications above reflect the V1 hardware, which is currently available for purchase.
The software is open source, so the device can be programmed using the Arduino IDE. To simplify installation and debugging, CiferTech provides precompiled firmware binaries, libraries, schematics, and PCB design files through its GitHub repository, along with a Wiki that includes usage instructions, feature explanations, and a detailed firmware upload guide.
The device supports live Wi-Fi packet monitoring with waterfall visualization, beacon spamming, deauthentication attacks and detection, network scanning, and basic Wi-Fi analysis features in ESP32-DIV V1. V2 adds promiscuous-mode packet capture with PCAP logging to the SD card, background scanning, and captive portal attacks where the ESP32 acts as a Wi-Fi access point, DNS redirector, and local web server. Bluetooth tools in V1 include BLE and classic Bluetooth jamming, spoofing, scanning, and Apple-focused BLE attacks such as Sour Apple, while V2 adds a BLE sniffer with device tracking and a BLE Rubber Ducky mode that executes HID scripts from the SD card. The 2.4 GHz radio in both versions uses multiple nRF24 modules for wideband scanning and protocol jamming, with improved visualization and stability in V2. The CC1101-based Sub-GHz transceiver supports signal capture, replay attacks, jamming, and saved profiles in both versions, with auto-scan and profile management features in V2. Infrared (IR) is only supported in V2. I can see there were pads available in the V1, but I think there was no software support. The V2 adds IR capture, visualization, storage, and replay with the correct carrier frequency.
It can be seen as a competitor to the popular Flipper Zero and its various expansion modules, including the FlipMods 3-in-1 expansion module, Mayhem v2 expansion, ESP32 Marauder, and DisruptorX. The FlipMods 3-in-1 module integrates CC1101 and GPS, while Mayhem v2 features an ESP32 and NRF24L01, with CC1101 as an optional add-on. The ESP32 Marauder adds 5 GHz Wi-Fi scanning, deauthentication, and related attacks, while DisruptorX focuses on analyzing, jamming, spoofing, and disrupting Bluetooth Low Energy (BLE) signals. However, none of these solutions combine all of these features into a single, integrated platform as the ESP32-DIV does.
The ESP32-DIV is available on Tindie for $69.99, and ships from China (typical 10-15 days transit time).
Debashis Das is a technical content writer and embedded engineer with over five years of experience in the industry. With expertise in Embedded C, PCB Design, and SEO optimization, he effectively blends difficult technical topics with clear communication
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress. We also use affiliate links in articles to earn commissions if you make a purchase after clicking on those links.
