Raghu G S wrote:
Hi Everyone,
I developed a application based on ESP8266 module, I need this application to be safe and secure in the module itself,
means no other intruder should read the application, there is no support feature to enable code read protection for
this module. But I found that, to read any flash memory, .
hi Raghu,
a word before i describe a possible way, have a look in the thread:
viewtopic.php?f=7&t=911#p3086
try to understand the basics.
until as time as espressif do not opensource the bootloader code, you must write your own.
the bootloader must can do:
a) read extendeds securyty tags example read from bootmedium own register
thats example in sdhc card protected register
thats example in spi flash own unique id mac! ( not manufacturer id spi_flash_get_id ) that is not the same!
example arduino spiflash library:
morte info https://lowpowerlab.com/forum/index.php?topic=498.0
Code:
Serial.print("SPI Flash Init OK ... UniqueID: ");
flash.readUniqueId();
for (byte i=0;i<8;i++)
{
Serial.print(flash.UNIQUEID[i], HEX);
Serial.print(' ');
}
or
Code:
byte* MAC = flash.readUniqueId();
for (byte i=0;i<8;i++)
{
Serial.print(MAC[i], HEX);
Serial.print(' ');
}
this is the unique id of flash chip, each winbond have own unique id, so if you write firmware for this spi flash, so you can't start your bootcode from other ( one step of copy protected )
b) read extendeds security tags from the esp8266, example the chip id, this id is in the esp8266 and can not overwrite, so each esp8266 have own unique id, ( system_get_chip_id )
..
.. more steps possible
..
c) decrypt firmware parts that is aes256 encrypted with parts of security tags and signed with certifikate the firmware and put encrypted seeds in the firmware
try to understand this basic:
signing
https://www.youtube.com/watch?v=bvaHLp1BXaM
storage encrypted files
https://www.youtube.com/watch?v=K2jtYLVJZtM
https://www.youtube.com/watch?v=_WNxFtI5A9E
after this you will understand the doings
better later; the basics are here from
atmel ATSHA204 -
please feel free and have a view to the aes256 lib that you can encrypt and decrypt in 16 byte block size ECB
viewtopic.php?f=15&t=665
there are examples how you can make a simply at command for use in encrypting and decrypting the firmware!
Raghu G S wrote:
the bootloader and the flash memory reader should communicate, verify and then proceeds for reading the flash memory contents,
Is there any way to intrude or stop this communication ?.
Or Is there any way to detect this communication?
so that I can erase the contents of Flash memory itself
this question better answered espressif itself.
best wishes
rudi;-)
eriksl wrote:
It's a piece of cake to desolder the flash and read it without any help of the esp8266.
eriksl, with all respect to your crypto inside knowledge..
that is not need to desolder the flash, simply connect the pins for read.
with extendeds security tags like describe here, you will get a
- signed bootloader
- signed firmware
- encrypted firmware without cleartext key
if you can break the signed bootloader
you must break the signed firmware
if you have break the signed firmware
you must break encrypted firmware ( AES256 )
if you have break the AES256
you must debug the firmware
if you can debug the firmware
you must simulate the security tags
because:
if you copy this firmware to an other flash
it would be not run, because original unique mac id != destination unique mac id
if you can emulate the uid
you must emulate the esp8266 chip id
because
if you run this firmware in an other esp8266
it would be not run, because original unique chip id != destination unique chip id
if you can emulate the uid
respekt!
you have it done
btw:
there are more as 12 parts of ways to make protection,
here only
- signed bootloader
- signed firmware
- encrypted firmware
- check id mac of flash / check protected sdhc register
- check id esp8266
------
5 parts - the other more as 7 parts are not describe here,
for good reason.
have phun with this
edit:
@eriksl - begin here
eagle.rom.addr.v6.ld
what you mean, how this hw function to be use?
aes_decrypt = 0x400092d4
aes_decrypt_deinit = 0x400092e4
aes_decrypt_init = 0x40008ea4
aes_unwrap = 0x40009410
_rom_store = 0x4000e388
_rom_store_table = 0x4000e328
there are MD5, SHA and more availabel...
we have more protection availabel!?
are there api function Statistics: Posted by rudi — Tue Aug 11, 2015 7:47 pm
]]>