V1 Unpatched Switch ESP32-S3 payload injector

AmeliaFox · Apr 10, 2026

killerrichard said:
Nice work !

Thanks, Since esp32-s3 supports capacitive touch pins, I've now added touch code so we can use a TTP223 Capacitive Touch Sensor through the plastic back cover of the switch without needing to wire to any buttons. This allows us to wake the chip up if it's in sleep mode or sensing touch for 5 seconds allows us to reset the config file.

Also done now is the bluetooth code on the esp32-s3 side, currently it allows us to connect to the esp32-s3 with the following UUID's:

SERVICE_UUID "8f41ca5d-f679-45bb-a603-9bc1c5eedefc"
CHARACTERISTIC_UUID "432954d8-eef6-41b4-9686-749f35e6fa6d"
COMMAND_UUID "0000abcd-0000-1000-8000-00805f9b34fb"
RESPONSE_UUID "0000dcba-0000-1000-8000-00805f9b34fb"

So for example if our bluetooth app on our phone is connected to the esp32-s3 we can send and receive like this:
If we send command - LIST, this will create a list of all the payloads stored in the payloads folder.
If we send commnad - SELECT:ourpayload.bin then we write a new file to esp32-s3 with the payload we selected.

I've added a few more commands for debugging, but no need to post them for now...

Still to do: Create an apk file for Android, I am going to make this with MIT app inventor 2 website and then post the aia file so people that don't know how to make an Android app can modify this easily to add their own commands, change the background or whatever.

Code will be put on github once this is completed, esp32-s3 code is finished now, so I just need to make the android app and then I'll release.

Nephiel · Apr 10, 2026

AmeliaFox said:
Thanks, Since esp32-s3 supports capacitive touch pins, I've now added touch code so we can use a TTP223 Capacitive Touch Sensor through the plastic back cover of the switch without needing to wire to any buttons.

But by adding a TTP223 you would not need or use any of the capacitive sensing features of the ESP32, right? Just any common GPIO as input.

AmeliaFox · Apr 10, 2026

Nephiel said:
But by adding a TTP223 you would not need or use any of the capacitive sensing features of the ESP32, right? Just any common GPIO as input.

Adding TTP223 to the one of the touch GPIO pins makes it read much more accurately and able to read through the plastic case. I've updated the config page so you can tell it which GPIO to use (but use one of the touch GPIO's), I've also added a threshold value to the config page so if you get any electrical interference from the switch it can ignore that. TTP223 boards are very cheap (less than £1 each), and work much better than just using a wire on a gpio pin.

In the code I make it read the value 10 times and then divide it by 10 to get an average value as a base, then if the threshold value and the average value are added we know the touch pin is active. If the esp32-s3 is in deepsleep it can wake up. Once the touch is detected it starts a 5 second timer - if the value keeps increasing for 5 seconds, then the config file gets reset.

Any of these Touch GPIO's on S3 can be selected from the config page: (these are the only available touch pins)

T1 (GPIO 1)
T2 (GPIO 2)
T3 (GPIO 3)
T4 (GPIO 4)
T5 (GPIO 5)
T6 (GPIO 6)
T7 (GPIO 7)
T8 (GPIO 8)
T9 (GPIO 9)
T10 (GPIO 10)
T11 (GPIO 11)
T12 (GPIO 12)
T13 (GPIO 13)
T14 (GPIO 14)

FYI I've finally gotten around to ordering some n channel mosfets - AO3400A - N-Channel MOS-FET (£1.47 for 100) and a SMD Resistor kit (various values) £2 for 1000. So with the Esp32-s3 board, mosftets/resistors/touch sensor/breakout board - probably it comes to about £10 with the postage altogether. It's a bit crap having to buy 100 mosfets when I only need 2, but I'll have some spares I guess

AmeliaFox · Apr 12, 2026

For those that know how to compile, here's the updated source code, there's been a few things added/fixed so RCM code is now complete (I didn't test this yet as I am waiting for some mosfets), there's pictures and explanations on how this works included. For those that want to test touch sensor stuff - I recommend buying a touch senor as they are very cheap, but you can just put your finger on the GPIO pin to test it works. Bluetooth code is complete (i'll post an apk soon as I still didn't make the android app yet), I tested the code using nRF connect for Android and everything works fine in that, so as soon as I make the android app I'll post it. See the Partitons CSV Files folder for the correct partition file to use for 4mb/8mb/16mb flash chips. Make sure your chip has psam or some features won't work (firmware updates/tar installer/file editor).

If you want to test and report back how you get on, I'd like to hear about it.

EDIT: New Code and Android App+Code below

CMDreamer · Apr 12, 2026

Simply awesome!

I'm definitely following this thread.

Thank a lot!

AmeliaFox · Apr 12, 2026

CMDreamer said:
Simply awesome!

I'm definitely following this thread.

Thank a lot!

If you are going to compile this yourself use ArduinoIDE and make sure you have the latest esp32 boards- 3.3.7 installed. You'll also need some libraries in your arduino folder, ArduinoJson, ESP_Async_WebServer, etc. Just look at the header section to see what you need. If you get stuck let me know. Also make sure you have disabled cdc on boot in the Arduino settings - read back a few posts for info on settings.

You can test this code as a dongle as well, just enable autorcm and injection will work straight away. If using as a dongle comment out this line in the main loop - cleanup_rcm_tasks(); //remove the rcm tasks to free up 12kb memory.

Once flashed, just join wifi network esp32 - then upload your payloads using the web interface, choose the default payload. Go to the config page if you want to turn on bluetooth/touch etc.

shinwg · Apr 12, 2026

sorry i dont really understand do I need modchip installed already or this for v1 switch no mod chip install?

AmeliaFox · Apr 14, 2026

Done, everything is now nearly complete. Here's the newest esp32s3 code and the Android app for those that want to use bluetooth(le) on their phones to switch payloads without a computer. Both the modchip code and the android code (mit app inventor 2) and apk are included.

Note: When the Android is connected to bluetooth on your chip and you quit via the button, your esp32s3 will reboot - this is done on purpose. You can modify the code if you want to change anything, Android code is made in mit app inventor so you can easily change stuff by just using a mouse and dragging and dropping stuff - ie you don't need to be a coder to mess about and you don't need to install any android compiler stuff on your computer.

If you have issues connecting to bluetooth, you might also need to turn on location on your android device (since android 12+ble needs this permission) & don't pair the esp32s3 to your phone or it won't work.

I'll get around to putting this on github this week, but for now this is pretty much the completed code - only thing left to check is rcm circuit and code, which works fine in all simulations I tried so I don't expect any issues with that. I've also got to fix some of the pages for mobile view (shouldn't be hard) and do some minor tweaks to the android app.

EDIT: source code updated, posted below.

AmeliaFox · Apr 23, 2026

FYI web pages are now done for mobile phone viewing and bluetooth apk has been updated. New code will be posted later today or tomorrow. This will probably be the last update to the code unless anyone finds some bugs. Github page will be opened at the same time I post so you can go there to report issues.

The Real Jdbye · Apr 23, 2026

shinwg said:
sorry i dont really understand do I need modchip installed already or this for v1 switch no mod chip install?

This is a modchip, of sorts. You use it instead of an external payload injector, just like Trinket M0. If your v1 Switch is patched, this won't be any use to you.

AmeliaFox · Apr 25, 2026

Updated: New updated source code and Android app attached.

Fixed:
Web pages should be better viewable on mobile phones as well as PC/Laptops.
Android App for bluetooth updated (mit app inventor source included).

Also is the web page source html pages and custom homemade tools (and sourcecode) to convert them into compressed header files.

NOTE: If you want to edit the language in the html files, don't edit the html files directly, just go to the must have/helper/binaries folder and edit the included text files for each page, in the text files you add lines like this:

original_text@replacement_text.

Once done click runme.bat in the helper folder and it will make some new web pages with the changes/strip them to make them smaller, compress them and convert them into binary array header files and automatically put them in the correct folder.

I don't think much more needs done now, but you can report bugs if you find any. Now you have the html files you can theme them how you want, it will be good to see what you come up with.

EDIT: Updated code below.

AmeliaFox · Apr 27, 2026

Here you go, this the the final bluetooth android app for the source code above, it's not the same as the MIT app inventor version because it's a bit more advanced, MIT app inventor is good for noobs and fast prototyping but this one is nicer and themed to be the same as the modchip + it's faster. No source will be posted for this version as it's a pain to set up the android sdk and other apps needed to compile it,

Heykrop · May 6, 2026

AmeliaFox said:
Updated: New updated source code and Android app attached.

Fixed:
Web pages should be better viewable on mobile phones as well as PC/Laptops.
Android App for bluetooth updated (mit app inventor source included).

Also is the web page source html pages and custom homemade tools (and sourcecode) to convert them into compressed header files.

NOTE: If you want to edit the language in the html files, don't edit the html files directly, just go to the must have/helper/binaries folder and edit the included text files for each page, in the text files you add lines like this:

original_text@replacement_text.

Once done click runme.bat in the helper folder and it will make some new web pages with the changes/strip them to make them smaller, compress them and convert them into binary array header files and automatically put them in the correct folder.

I don't think much more needs done now, but you can report bugs if you find any. Now you have the html files you can theme them how you want, it will be good to see what you come up with.

This is amazing. Thank you. I'm currently trying to compile for an ESP32-S3 Super Mini with 4MB. Got a bunch off AliExpress. Issue I'm running into is that it compiles and installs fine but I can't seem to get any to load into WiFi mode by pressing a button at startup. I literally saw a WiFi device of ESP32 show up once and nothing would connect to it. I've also installed the BT App on a spare Android device and it never sees any BT or WiFi boards. Any suggestions.
Link to board

UPDATE Resolved my issue. Discovered that my board for this project would not function properly using the standard ESP32-S3 Dev device type. Using the Waveshare ESP32-S3-Zero did work as they more resemble that board form all the details I can find.
While accessible now via HTTP at 192.168.0.1. I still cannot get the Android app to see anything via BT or IP. Even when it's connected to the board at the 192 address.

AmeliaFox · May 6, 2026

Heykrop said:
This is amazing. Thank you. I'm currently trying to compile for an ESP32-S3 Super Mini with 4MB. Got a bunch off AliExpress. Issue I'm running into is that it compiles and installs fine but I can't seem to get any to load into WiFi mode by pressing a button at startup. I literally saw a WiFi device of ESP32 show up once and nothing would connect to it. I've also installed the BT App on a spare Android device and it never sees any BT or WiFi boards. Any suggestions.
Link to board

UPDATE Resolved my issue. Discovered that my board for this project would not function properly using the standard ESP32-S3 Dev device type. Using the Waveshare ESP32-S3-Zero did work as they more resemble that board form all the details I can find.
While accessible now via HTTP at 192.168.0.1. I still cannot get the Android app to see anything via BT or IP. Even when it's connected to the board at the 192 address.

You need to enable bluetooth in the settings page. Then reboot the esp32-s3. Your phone/pc needs to have bluetooth LE support as this is what version bluetooth is on esp32-s3. Your phone needs to be on the same network as the esp32-s3 to connect to it, So if using the esp32 as an access point then you need to connect your phone the the access point the esp32-s3 is creating, or connect the esp32-s3 to your home wifi network and then look at your router ip logs to check the ip address it assigned to the esp32-s3.

Also try this code, it's got some minor changes to how bluetooth works and the apk is already compiled to work on it.

Heykrop · May 7, 2026

AmeliaFox said:
You need to enable bluetooth in the settings page. Then reboot the esp32-s3. Your phone/pc needs to have bluetooth LE support as this is what version bluetooth is on esp32-s3. Your phone needs to be on the same network as the esp32-s3 to connect to it, So if using the esp32 as an access point then you need to connect your phone the the access point the esp32-s3 is creating, or connect the esp32-s3 to your home wifi network and then look at your router ip logs to check the ip address it assigned to the esp32-s3.

Also try this code, it's got some minor changes to how bluetooth works and the apk is already compiled to work on it.

Found my error. (note: using in dongle mode) I was connecting my Android device as AP to 192.168.0.1 which then shows the Payload selector screen. I added payloads but what I was missing is that I could click the "Payload Selector" header and get a menu where I can go to Settings and turn on BT function. Once I figured this out I was able to get the BT App to scan and find the ESP32 and show its IP and make connection. All working thus far. Thank you again for the support

AmeliaFox · May 7, 2026

Heykrop said:
Found my error. (note: using in dongle mode) I was connecting my Android device as AP to 192.168.0.1 which then shows the Payload selector screen. I added payloads but what I was missing is that I could click the "Payload Selector" header and get a menu where I can go to Settings and turn on BT function. Once I figured this out I was able to get the BT App to scan and find the ESP32 and show its IP and make connection. All working thus far. Thank you again for the support

All the pages have a menu like that, so if you click on the header in each page you will see the dropdown menu where you can go to another page or select a feature. For example in the file manager page you can enable/disable FTP. Anyway glad you are all sorted now. Let me know if you find any bugs, I've fixed everything I know about, but you never know as I might have missed something. Everything is working well for me though, I've still to do an internal install but I've hurt my back and sitting at a chair soldering is not an option for now, It should work fine, but I didn't try rcm hardware/code mod yet, there shouldn't be any issues with that though.

V1 Unpatched Switch ESP32-S3 payload injector

Well-Known Member

Artificer

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Well-Known Member

Le derg

Well-Known Member

Well-Known Member

Attachments

Active Member

Well-Known Member

Attachments

Active Member

Well-Known Member

Similar threads

Popular threads in this forum