ZeroTrace AirLeak
Why ESP32-S3?
Why we chose this chip over newer alternatives like the ESP32-C5
A fair question: the ESP32-C5 is newer, has 5 GHz WiFi 6, Bluetooth 5.2, and on paper looks like the obvious choice for an RF-monitoring tool. We picked the older ESP32-S3 anyway. Here's why.
The short version
AirLeak is CPU-bound under load, not radio-bound. The S3's dual cores at 240 MHz are the only reason we can run BLE scan callbacks on one core while parsing, classifying, and streaming events on the other without dropping packets.
The C5 is single-core. Same workload would saturate that one core within seconds and start dropping events before they ever reached the desktop.
For a tool whose job is "decode and stream every nearby radio packet without dropping any," that's a non-negotiable.
What we'd give up
The C5 has real radio advantages we'd be giving up:
- 5 GHz WiFi 6 — would let us see modern home APs that broadcast on 5 GHz channels (UNII-1 / UNII-3) the S3 simply cannot hear
- BT 5.2 — minor improvements like LE Power Control useful for distance estimation
- Lower idle power — slightly better for battery use cases
These are real, but they don't change AirLeak's core capability:
- All BLE traffic is on 2.4 GHz. Every AirTag, AirPods, smart-home device, and wearable lives there.
- Most APs dual-band. Capturing the 2.4 GHz beacon picks up the network's name, security, and load — only the BSSID of the 5 GHz radio is missed.
- Probe-requests from phones go out on 2.4 GHz first because that's the lowest common denominator.
So the C5's radio advantage shrinks from "huge" to "marginal" for our specific job.
What the S3 gives us
- Dual core — split work across cores so neither saturates under load
- 8 MB PSRAM — room for the device aggregator, alert ring, and stream buffers without internal-heap pressure
- 16 MB flash — comfortable margin for firmware + OTA slot + future features
- USB OTG — composable USB device. Today we use CDC; future capabilities (drag-drop session export, HID modes) become possible.
- Mature platform support — battle-tested toolchain, stable BLE stack, well-known quirks
The trade-off in one table
| ESP32-S3 | ESP32-C5 | |
|---|---|---|
| Cores | 2 | 1 |
| WiFi band | 2.4 only | 2.4 + 5 GHz |
| BT version | 5.0 | 5.2 |
| USB | OTG full-speed | Serial / JTAG only |
| Max PSRAM | 8 MB octal | 2 MB quad |
| Internal SRAM | 512 KB | 320 KB |
| Maturity | mature | new |
For AirLeak's specific workload — passive 2.4 GHz capture, multiple concurrent tasks, USB streaming — the S3 wins on the metrics that gate throughput.
What would change the answer?
A future tool with one of these requirements would tilt toward the C5 (or whatever next-gen chip Espressif ships):
- 5 GHz-only AP detection — corporate networks that have disabled 2.4 GHz entirely
- Active WiFi 6 metrics — features that require participating in the network, which we don't do
- Battery-only operation with strict idle budget — the C5 sleeps slightly better
For a passive room-scanner that maximizes captured detail per packet on the busiest band (2.4 GHz), the S3 wins clearly.
We didn't pick the S3 because it's the best ESP32 in every category — it isn't. We picked it because for AirLeak's specific workload, it's the only ESP32 that doesn't bottleneck on a single core under load. Everything else flows from that one decision.