- Fri Sep 07, 2018 4:56 am
#78133
+1
- Thu Oct 03, 2019 1:35 pm
#84020
Yes it is possible to protect the ESP8266 code. Company https://www.keeloc.com provides a special bootloader that can generate a unique AES key based on internal security unique bits for each chip. Is it a 100% theft resistant? No, but it certainly wouldn't be an easy hack either. The more you do to close off the chip from being queried for internal memory dumps afterwards the safer your code will be. One way to do this is to fuse out the serial port pins once you load your encrypted firmware. Like add a section of code that drives the bootloader pins high voltage and low impedance after the first usage. This will prevent a hacker from talking through the serial port pins to get unecrypted code or the security configuration bits used to derive the AES keys. The company charges like $1.00 for each device you would want to sell or protect. Your firmware doesn't get uploaded to their site. Basically you plug your ESP8266 into the usb port, run the batch script. And it queries the ESP8266 internal security bits and send them up to their central server for processing. What is returned is the AES key. The AES Key is then used with another local binary on your computer to encrypt the firmware for that device. Finally the entire encrypted firmware along with the special bootloader is automatically loaded into the ESP8266. At this point you would fuse out the serial pins to keep the ESP8266 pretty unknown to an outside user.
