So continuing with publishing my research, I’m releasing some custom firmware for the M5NanoC6 a super cheap and small ESP32C6 dongle. It supports Matter, WiFi/2/5/6, Thread and Zigbee.
In fact I’ve went over how to configure it for Zigbee in the past, HERE.
Anyway, as I was looking for something small enough that supports 5GHz to carry around with me. As it turns out, the devices that support it, seem to use 5GHz by default. Which is relevant to some disclosures coming in a few month.
Since most ESP32 don’t support 5GHz that kicks out the M5Stack Core2 (love that thing) and a flipper, I decided to go with the M5NanoC6.
So I threw together some custom firmware to get a PoC out, but I plan to polish it up, integrate BLE sniffing and alerting and configure it so its light will flash a bunch when it gets a hit so that you don’t even need to be view the UART output.
For now though, it’ll alert you of client probes or SSIDs broadcasting that contain ‘flock’ (case insensitive) but I’ll definitely add more to that as well.
The point is as you saw in my post HERE covering the first chunk of vulnerabilities I found in their ALPR (and other devices next one is being published on 09/19/25) their devices have default hotspot passwords of ‘security’.
So I wanted a way to be alerted of anything in the air that contains ‘Flock’.
I will also add installation instructions, etc to the GainSec Github in a day or two.
More to come 09/19/25 and 09/27/25!
Grab the source code HERE!
View all my write-ups in regards to my Flock Safety Security Research:
Part 1: Bird Hunting Season – Security Research on Flock Safety’s Anti-Crime Systems: HERE
Part 2: Plucked and Rooted – Device 1: Debug Shell on Flock Safety’s Raven Gunshot Detection System: HERE
Part 3: Grounded Flight – Device 2: Root Shell on Flock Safety’s Falcon/Sparrow Automated License Plate Reader: HERE
Part 4: Trap Shooter – Flock Safety Sniffer & Alarm: HERE
Part 5: Root from the Coop – Device 3: Root Shell on Flock Safety’s Bravo Compute Box: HERE
Part 6: Fly-By – Device 2: The Falcon/Sparrow – Gated Wireless RCE, Camera Feed, DoS, Information Disclosure and More: HERE
Part 7: Button Presses to Wireless RCE: Shell on Flock Safety’s License Plate Cameras Over Wi-Fi: HERE
END TRANSMISSION