Page 1 of 1

Protect code on the ESP8266

PostPosted: Wed Oct 05, 2016 12:52 pm
by Ecoli-557
OK ESPers, I am working on a project but I want to protect the code or remove the easy access to the code we have when developing.
It would be easy to turn off the radio, but I need it to communicate.
Is there a way to protect the code so it cannot be accessed in any way from a wireless or USB device?
So it won't show up at all? Or even use the web-interface?
In order for these things to have commercial interest, they need a way to be locked down.

Re: Protect code on the ESP8266

PostPosted: Wed Oct 05, 2016 5:41 pm
by Barnabybear
Hi, at the end of the day if you have one in your possession all you have to do is hold CH_PD low, power up and read the contents of the flash (spec on net). So not that I know of.

Re: Protect code on the ESP8266

PostPosted: Thu Oct 03, 2019 1:50 pm
by ciaoperator
You can generate a bootloader that will AES decrypt the flash contents inside the iram for execution. The AES key would be based off internal security bits like the MAC address for example as well as other security bits. The key is that if someone knew the bootloader algorithm they could if they also knew your security bits figure out the AES key. That's sounds easier than it really is though. But to seal that off if you can afford to then after loading flash with the encrypted firmware and bootloader you could drive the serial port pin(s) to high level on voltage and low impedance then with fixture or by jumpering short that to ground to fuse the serial port pins. Nothing is fool proof but it would work. Or instead of writing your own bootloader just use https://www.keeloc.com to do all the hard work and calculate the AES key, encrypt the firmware binary and load the encrypted firmware and bootloader in a chain script in about 20 seconds. Then you'd have the option to close off the serial pin(s) by fusing them out on your own.