From unboxing a touchscreen dev board to vibe-coding a full WiFi auditor

From unboxing a touchscreen dev board to vibe-coding a full WiFi auditor

A parcel landed at my door from Nextion Systems: the new Open Nextion — an ESP32-based board with a built-in capacitive touch display. Came in two flavors (3.5" and 2.8"), plus a speaker, a dual-microphone board, and an IO adapter. The kind of package that's begging to be turned into something it was never meant to do.

So, naturally, I did exactly that.

What's actually in the box

Before any of the fun started, here's what the Open Nextion package shipped with:

• Two Open Nextion boards — 3.5" and 2.8" variants
• Onboard speaker
• Dual-microphone board (for stereo capture / wake-word work)
• IO adapter for breaking out the rest of the GPIO

The board itself is generous on connectivity: USB-C, a battery connector with a real RTC, I2C, UART, a camera interface, SD card, plus mic and speaker pins. It's basically a tiny computer with a touchscreen bolted on, and the moment you power it on it boots into a default ESP-IDF demo UI.

Build #1: A "Tesla controller" for my son's toy car

First experiment was a small joke project — a touchscreen "Tesla controller" that fires HTTP requests at my son's ESP32-powered toy car to toggle its lights. I built it twice on purpose:

1. Arduino first — quick to get going, lots of libraries, but the touch responsiveness was meh.
2. Rebuilt in ESP-IDF (C) — once you break out of the Arduino abstractions, the difference is night and day. Buttons respond instantly, the UI feels native instead of "Arduino sluggish."

If you're building anything UI-heavy on ESP32 and you've been on the fence about Arduino vs. ESP-IDF: this is the project that convinced me to switch for anything that needs to feel responsive.

Build #2: The main event — a full WiFi auditor on a 2.8" touchscreen

This is where it got interesting. I sat down with Claude AI and vibe-coded a complete WiFi/Bluetooth security toolkit that runs entirely on the Open Nextion. No laptop, no Kali — just the board, the touchscreen, an SD card, and a battery.

Here's what it does:

• WiFi scan — every nearby network, with the usual signal/channel info, plus encryption type, WPS state, and PMF (Protected Management Frames) detection. Useful for spotting weak configurations at a glance.
• Client/station listing — who's actually talking to which AP.
• WPA handshake capture — captures handshakes for offline cracking and writes them straight to the SD card.
• Evil portal emulation — a captive-portal demo for red-team training scenarios.
• Bluetooth/BLE scan — including AirTag detection (it found 7 in my immediate area, which is a separate conversation).
• Audit reports — everything gets exported into structured reports you can carry off the SD card.

All of that, on a tiny ESP32 with a touchscreen. Powerful, responsive, and honestly a blast to build.

"Vibe-coding" — what that actually meant here

I keep using the phrase "vibe-coded with Claude" and I want to be specific about what that means in practice. It wasn't "prompt → finished firmware." It was a tight loop:

• I described the feature I wanted in plain English (e.g., "scan WiFi networks, detect PMF, render them in a scrollable touch list").
• Claude drafted the ESP-IDF C code — Wi-Fi promiscuous mode setup, the LVGL UI bindings, the SD writes.
• I flashed it, found the bugs, told Claude what broke, and iterated.

Doing this in ESP-IDF instead of Arduino mattered. Promiscuous mode, raw frame parsing, the lower-level Wi-Fi events — they're all first-class in ESP-IDF, and an AI assistant that knows the framework can move fast there.

Why this is a useful little project

You could buy a Pwnagotchi or a Flipper Zero. But this build hits a different sweet spot:

• Cheap, off-the-shelf hardware — no specialized boards, just an ESP32 dev kit you might already have lying around.
• You actually own the firmware — every line is yours to modify, and AI-assisted coding makes that approachable even if you're not a pentester by trade.
• It teaches you the stack — by the time you're done, you've genuinely learned how Wi-Fi frames work, what PMF protects against, why handshake capture matters.

Chapter timestamps

If you want to jump to a specific section of the video:

• 0:00 — Unboxing the parcel from Nextion Systems
• 0:19 — What's inside (speaker, IO adapter, dual mic, 2× Open Nextion)
• 0:57 — Two variants: 3.5" and 2.8"
• 1:09 — Board tour + connectivity (USB-C, battery, RTC, I2C, UART, camera, GPIO, mic/speaker, SD)
• 2:13 — Power on — the default demo UI (ESP-IDF)
• 2:57 — Arduino + AI: the toy-car "Tesla controller"
• 4:01 — Rebuilt in ESP-IDF (C) — way more responsive
• 4:20 — The WiFi Auditor: networks, clients & handshake capture
• 4:54 — Vibe-coded with Claude • SD-card captures
• 5:03 — Evil portal demo
• 5:11 — Bluetooth / AirTag detection
• 5:51 — Wrap-up

⚠️ Disclaimer (important — read this)

This is an educational project for security research and auditing on networks and devices you own or are explicitly authorized to test. Deauthing or capturing traffic on networks that aren't yours is illegal in most jurisdictions. Don't be a jerk — use this to learn the stack, harden your own setup, and understand what your network actually exposes. Not to mess with anyone else's.

Watch the build

The video is six minutes — quick board tour, the Arduino → ESP-IDF jump, then straight into the auditor demo. If you like ESP32, hardware tinkering, or seeing what AI-assisted firmware development looks like in practice, you'll get something out of it.

If you enjoyed it, drop a 👍 and subscribe to H4hacks on YouTube for more ESP32, hardware, and security-flavored builds.