Page 1 of 1

ESP8266 AES256 / firmware protection / encrypted bootcode

Posted: Tue Jun 30, 2015 4:08 am
by rudi

my name is rudi and i come from germany.

I will show you as preview my works last weeks in this now.
I will update the uncuted videos asap - sorry for the qualitity.

Webserver with AES256
you will be identify encrypted ;-)

protected AT Version with AES256
you can communicate in AES256 over UART, SPI, I2C, (H)SPI and more
AT Commands for testings..

protected developer key AT+GMR and more extended security tags
this will be a must have - and if you use - you will never missed - i am sure
i work with this for Industry 4.0 Apps and more ( database application mesh network with auto configured esp8266 for P2P automation .. ( > 500 pcs )

LIB: ... ibaes256.a

with an own bootloader i boot in an asap comming project
from sd card part of encrypted bootcode (firmware) ( copy protected part )
and transfer it to iram... protected and run this mapped/direct :)
details for this only you give me gift, wifes, cars, (drugs-no this is bad!) , rockn roll and other good things :) :)
fun! ;-) will ´think about this .. but just in time - only libs because this is many month work in bootcode and more -

ESP8266 goes AES256 now with own bootcode

best wishes
rudi ;-)


and yes
will post all here as a small project and describe all fine.
please be patient, i am work at other project until this weekend
and then i will update all here with all docu step by step , examples and more.

feel free for google search: ESP8266 AES256

The first you will find - is the best german Forum where i be 'at Home'

greetings fly out to friends all over the globe


my base was:

Free AES256 ECB Implantation
will post more and a sample project next time.

Re: ESP8266 AES256 / firmware protection / encrypted bootcode

Posted: Fri Aug 28, 2015 10:21 pm
by rudi

small Continued:

have you a short time at you tube?
have phun:


1st step was done:
i tested an open src bootloader named 'rboot'
i extended open src Bootloader with AES256 support in a test (aes256.a)
user firmware is on the SDHC

next step:
- 2) user firmware is encrypted on the SDHC and will decrypt on the fly
- 3) bootloader is on sdhc and esp will boot from sd card without flash ic
- 4) ;-) be surprised!

continued Description and final code will follows later time with a projekt.

best wishes
rudi ;-)

info: opens src bootloader

rBoot is designed to be a flexible open source boot loader, a replacement for
the binary blob supplied with the SDK. It has the following advantages over the
Espressif loader:

- Open source (written in C) ;-)
- Supports up to 256 roms. ;-)
- Roms can be variable size. ;-)
- Able to test multiple roms to find a valid backup (without resetting). ;-)
- Flash layout can be changed on the fly (with care and appropriately linked ;-)
rom images).
- GPIO support for rom selection. ;-)
- Wastes no stack space (SDK boot loader uses 144 bytes). ;-)
- Documented config structure to allow easy editing from user code. ;-)
- Can validate .irom0.text section with checksum. ;-)

ESP8266 AES256 / firmware protection / encrypted bootcode

Posted: Fri Jul 14, 2017 8:01 pm
by Hanspebram
Hello Colin,

this looks interesting. In your source OneWire.h is included.
I cannot find it for ESP32 somewhere. Could you please help ?