ESP8266 Community Forum

Is is possible to prevent a NodeMCU module from being flashed? I'm thinking about future product opportunities for this board in which flashing custom firmware by a user is not possible, but over the air firmware upgrades can still be issued by the developer/vendor. How would I go about this? Thanks!

Is is possible to prevent a NodeMCU module from being flashed?

No. It still can be done by someone who knows what they are doing.

You can tie GPIO0 to Vcc and that might make it a little harder. But that is just an annoyance and can be changed.

If you want security then consider the ESP32 instead. There are more options available.

It is certainly not possible to make it totally secure against local flashing by a determined hacker. As an extreme example they could just replace the whole NodeMCU unit.

One can make it more difficult. The basic principle is to make it difficult to get serial access and get into download mode. As the NodeMCU has the serial tied to the USB connector then disabling access to that would make life difficult. That could be extreme like squishing the connector, or a small track cut on one of the USB data lines.

In a product using a module without a USB serial (e.g ESP-12) also raises the stakes a fair bit as this then requires access to an external USB / serial converter and the means of connecting to the serial TX / RX lines.

btidey wrote:It is certainly not possible to make it totally secure against local flashing by a determined hacker. As an extreme example they could just replace the whole NodeMCU unit.

One can make it more difficult. The basic principle is to make it difficult to get serial access and get into download mode. As the NodeMCU has the serial tied to the USB connector then disabling access to that would make life difficult. That could be extreme like squishing the connector, or a small track cut on one of the USB data lines.

In a product using a module without a USB serial (e.g ESP-12) also raises the stakes a fair bit as this then requires access to an external USB / serial converter and the means of connecting to the serial TX / RX lines.

Thank you for helping me frame how to think about this problem. I may not be tackling it in the very near future but when I do I’ll come back and discuss my solution.