ESPKEY

Description

The Hackitsune ESPKey Wiegand Interception & Replay Module is a compact, inline hardware platform designed for professional access control testing, diagnostics, and research.

Designed to sit transparently between a reader and controller, ESPKey operates on standard 5V Wiegand signalling, making it compatible with a wide range of access control systems including card readers, keypads, fobs, and many biometric devices that output Wiegand downstream.

Featuring a punchdown cable interface to allow you to tap into exposed cables coming from a range of card readers, once installed, the module can capture credential bitstreams in transit, store them in onboard non-volatile memory (up to ~80,000 records depending on format), and replay them via its built-in Wi-Fi web interface.

Small enough to fit behind most readers, yet powerful enough to demonstrate real-world access control weaknesses, ESPKey is a practical tool for authorised red team engagements, system validation, and security training.

This module is based on the original open-source hardware and firmware by OctoSavvi, with updates to the design to make it easier to flash (via pins on the back of the ESPKey using a compatible FTDI serial adaptor or similar.) Boot and Reset buttons have been added to make the flash process easier, we recommend using a pin clamp or pin clip to avoid having to solder contacts to the pcb. 

In the spirit of Open Source updated Hackitsune PCB designs and build files available github

Small enough to fit behind most readers, powerful enough to demonstrate real-world vulnerabilities.

Technical Requirements

• Compatible access control system using 5V Wiegand interface
• Inline installation between reader and controller
• Wi-Fi capable device (laptop/mobile) for interface access

Installation Overview

• Connect between reader and panel using Wiegand lines (D0, D1, GND, VCC)
• Power via standard 5V Wiegand supply
• Device operates transparently once installed

Firmware

Pre-installed:

• Latest ESPKey firmware (shipped ready to use)

Firmware Updates

Firmware can be installed or updated using the Hackitsune Web Flasher (supported browsers only):

https://www.hackitsune.com/pages/hackitsune-web-flasher

Post-Flash Storage Setup (Important)

After flashing ESPKey firmware, you must initialise the onboard storage:

  1. Connect your laptop to the ESPKey Wi-Fi access point
    (SSID format: ESPKEY-*)
  2. Download and run the storage setup script locally:
    ui-update.sh
  3. This process prepares the filesystem for credential storage

Note:
If this step is skipped, credential logging and storage functionality will not operate correctly.

How to Use

  1. Install ESPKey inline between the reader and controller
  2. Power the system using standard Wiegand supply
  3. Connect to the ESPKey Wi-Fi access point
  4. Access the web interface via browser
  5. Capture, store, and replay credential data as required

Important Usage Notes

• Designed for 5V Wiegand systems only
• Ensure correct wiring before installation
• Some biometric systems output alternative protocols — verify compatibility
• Storage must be initialised after firmware flashing
• Device operates passively unless actively used

Preventative Measures to Mitigate Risk of Use

• Only use on systems you are authorised to test
• Avoid deployment on production systems without approval
• Ensure safe handling of captured credential data
• Follow responsible disclosure practices
• Comply with local laws regarding access control testing

Product Specifications

Specification Details
Interface Wiegand (D0/D1)
Voltage 5V
Connectivity Wi-Fi (web interface)
Storage ~80,000 credentials (format dependent)
Operation Mode Inline interception and replay
Firmware ESPKey (pre-installed)
Open Source Base OctoSavvi ESPKey
Hardware Files GitHub
Form Factor Compact inline module
Use Case Access control testing and diagnostics

Key Features 

• Inline Wiegand interception and replay module
• Compatible with 5V access control systems
• Captures and stores credential bitstreams
• Built-in Wi-Fi web interface for control
• Stores up to ~80,000 credentials
• Based on open-source OctoSavvi ESPKey platform
• Hackitsune-enhanced PCB design and build files available
• Firmware updatable via Hackitsune Web Flasher

Disclaimer

Hackitsune hardware is designed for professional security research, development, and authorised testing purposes only. Users are responsible for ensuring compliance with all applicable laws and regulations in their jurisdiction. Always obtain proper authorisation before interacting with systems, networks, or devices you do not own.

Hackitsune accepts no liability for misuse of this product. Use responsibly. 🦊

Product form

The Hackitsune ESPKey Wiegand Interception & Replay Module is a compact, inline hardware platform designed for professional access control testing,... Read more

$75.00

    • Shipped today? Order within: Apr 20, 2026 23:59:00 +1000

    Description

    The Hackitsune ESPKey Wiegand Interception & Replay Module is a compact, inline hardware platform designed for professional access control testing, diagnostics, and research.

    Designed to sit transparently between a reader and controller, ESPKey operates on standard 5V Wiegand signalling, making it compatible with a wide range of access control systems including card readers, keypads, fobs, and many biometric devices that output Wiegand downstream.

    Featuring a punchdown cable interface to allow you to tap into exposed cables coming from a range of card readers, once installed, the module can capture credential bitstreams in transit, store them in onboard non-volatile memory (up to ~80,000 records depending on format), and replay them via its built-in Wi-Fi web interface.

    Small enough to fit behind most readers, yet powerful enough to demonstrate real-world access control weaknesses, ESPKey is a practical tool for authorised red team engagements, system validation, and security training.

    This module is based on the original open-source hardware and firmware by OctoSavvi, with updates to the design to make it easier to flash (via pins on the back of the ESPKey using a compatible FTDI serial adaptor or similar.) Boot and Reset buttons have been added to make the flash process easier, we recommend using a pin clamp or pin clip to avoid having to solder contacts to the pcb. 

    In the spirit of Open Source updated Hackitsune PCB designs and build files available github

    Small enough to fit behind most readers, powerful enough to demonstrate real-world vulnerabilities.

    Technical Requirements

    • Compatible access control system using 5V Wiegand interface
    • Inline installation between reader and controller
    • Wi-Fi capable device (laptop/mobile) for interface access

    Installation Overview

    • Connect between reader and panel using Wiegand lines (D0, D1, GND, VCC)
    • Power via standard 5V Wiegand supply
    • Device operates transparently once installed

    Firmware

    Pre-installed:

    • Latest ESPKey firmware (shipped ready to use)

    Firmware Updates

    Firmware can be installed or updated using the Hackitsune Web Flasher (supported browsers only):

    https://www.hackitsune.com/pages/hackitsune-web-flasher

    Post-Flash Storage Setup (Important)

    After flashing ESPKey firmware, you must initialise the onboard storage:

    1. Connect your laptop to the ESPKey Wi-Fi access point
      (SSID format: ESPKEY-*)
    2. Download and run the storage setup script locally:
      ui-update.sh
    3. This process prepares the filesystem for credential storage

    Note:
    If this step is skipped, credential logging and storage functionality will not operate correctly.

    How to Use

    1. Install ESPKey inline between the reader and controller
    2. Power the system using standard Wiegand supply
    3. Connect to the ESPKey Wi-Fi access point
    4. Access the web interface via browser
    5. Capture, store, and replay credential data as required

    Important Usage Notes

    • Designed for 5V Wiegand systems only
    • Ensure correct wiring before installation
    • Some biometric systems output alternative protocols — verify compatibility
    • Storage must be initialised after firmware flashing
    • Device operates passively unless actively used

    Preventative Measures to Mitigate Risk of Use

    • Only use on systems you are authorised to test
    • Avoid deployment on production systems without approval
    • Ensure safe handling of captured credential data
    • Follow responsible disclosure practices
    • Comply with local laws regarding access control testing

    Product Specifications

    Specification Details
    Interface Wiegand (D0/D1)
    Voltage 5V
    Connectivity Wi-Fi (web interface)
    Storage ~80,000 credentials (format dependent)
    Operation Mode Inline interception and replay
    Firmware ESPKey (pre-installed)
    Open Source Base OctoSavvi ESPKey
    Hardware Files GitHub
    Form Factor Compact inline module
    Use Case Access control testing and diagnostics

    Key Features 

    • Inline Wiegand interception and replay module
    • Compatible with 5V access control systems
    • Captures and stores credential bitstreams
    • Built-in Wi-Fi web interface for control
    • Stores up to ~80,000 credentials
    • Based on open-source OctoSavvi ESPKey platform
    • Hackitsune-enhanced PCB design and build files available
    • Firmware updatable via Hackitsune Web Flasher

    Disclaimer

    Hackitsune hardware is designed for professional security research, development, and authorised testing purposes only. Users are responsible for ensuring compliance with all applicable laws and regulations in their jurisdiction. Always obtain proper authorisation before interacting with systems, networks, or devices you do not own.

    Hackitsune accepts no liability for misuse of this product. Use responsibly. 🦊

    Recently viewed products

      • Most Wicked theme in the themestore
      • Create landingspages in minutes
      • Premium design for an affordable price

      Login

      Forgot your password?

      Don't have an account yet?
      Create account