Your new topic does not fit any of the above??? Check first. Then post here. Thanks.

Moderator: igrr

User avatar
By joshbg2k
#78717 Is is possible to prevent a NodeMCU module from being flashed? I'm thinking about future product opportunities for this board in which flashing custom firmware by a user is not possible, but over the air firmware upgrades can still be issued by the developer/vendor. How would I go about this? Thanks!
User avatar
By rudy
#78725
Is is possible to prevent a NodeMCU module from being flashed?


No. It still can be done by someone who knows what they are doing.

You can tie GPIO0 to Vcc and that might make it a little harder. But that is just an annoyance and can be changed.

If you want security then consider the ESP32 instead. There are more options available.
User avatar
By btidey
#78730 It is certainly not possible to make it totally secure against local flashing by a determined hacker. As an extreme example they could just replace the whole NodeMCU unit.

One can make it more difficult. The basic principle is to make it difficult to get serial access and get into download mode. As the NodeMCU has the serial tied to the USB connector then disabling access to that would make life difficult. That could be extreme like squishing the connector, or a small track cut on one of the USB data lines.

In a product using a module without a USB serial (e.g ESP-12) also raises the stakes a fair bit as this then requires access to an external USB / serial converter and the means of connecting to the serial TX / RX lines.
User avatar
By joshbg2k
#78764
btidey wrote:It is certainly not possible to make it totally secure against local flashing by a determined hacker. As an extreme example they could just replace the whole NodeMCU unit.

One can make it more difficult. The basic principle is to make it difficult to get serial access and get into download mode. As the NodeMCU has the serial tied to the USB connector then disabling access to that would make life difficult. That could be extreme like squishing the connector, or a small track cut on one of the USB data lines.

In a product using a module without a USB serial (e.g ESP-12) also raises the stakes a fair bit as this then requires access to an external USB / serial converter and the means of connecting to the serial TX / RX lines.


Thank you for helping me frame how to think about this problem. I may not be tackling it in the very near future but when I do I’ll come back and discuss my solution.