These are chat archives for esp8266/Arduino

6th
Jun 2016
Ivan Grokhotkov
@igrr
Jun 06 2016 04:12
Created esp8266/Arduino#2099 to add information on core version (release and git version) into the compiled binary. Would be awesome if someone with Windows skills can come up with a version which works on Windows
FWeinb
@FWeinb
Jun 06 2016 09:01
Is there a why to sign updates with a private key and verify it before updating the firmware using HTTPUpdateServer?
Me No Dev
@me-no-dev
Jun 06 2016 09:09
you can add authentication to the upload routine
HTTPUpdateServer was just an example that was turned into lib, the code is not much, so you can take it out and use it in your sketch
FWeinb
@FWeinb
Jun 06 2016 09:12
Thanks. I think that it would help improve general security using automated firmware updates if such a verification was present in the core library.
Me No Dev
@me-no-dev
Jun 06 2016 09:13
the _server->sendHeader lines are not needed anymore also
Ivan Grokhotkov
@igrr
Jun 06 2016 09:43
@FWeinb there was a feature request issue for update signature/verification, but i can't find it in the tracker...
We can do it based on x509 certificates, would be good to export that part of SSL library into something reusable.
FWeinb
@FWeinb
Jun 06 2016 09:45
That sounds great.
@igrr I found this thread in the issue tracker: https://github.com/esp8266/Arduino/pull/883#issuecomment-149470141
Ivan Grokhotkov
@igrr
Jun 06 2016 09:57
Maybe it's a good idea to open a new issue for that.
I'll check if we (Espressif) can post a bounty for implementing that.
Ivan Grokhotkov
@igrr
Jun 06 2016 10:25
@FWeinb created #2103
FWeinb
@FWeinb
Jun 06 2016 10:31
Great thanks for creating the issue. I don't have much time in the next weeks (written exams). If there is no hurry I will have a look next month.
sticilface
@sticilface
Jun 06 2016 10:49
This would be really great. I've got an updater working via downloading a json manifest which can then update/download required files for Spiffs and then update the sketch, obviously this is totally useless security wise. I'm not so keen to have it use https as that swallows a huge amount of ram on the esp. But some signing would be great (and even a way to sign files for spiffs too?) would be even better.
@igrr I'm trying to
Me No Dev
@me-no-dev
Jun 06 2016 10:50
in a mean time esp8266/Arduino#2104
one thing that we can do is mask the firmware after compile and unmask it on the device. WebSocket uses such thing, though there the mask is known
on the ESP it can be given by the user (like OTA auth)
that will permit on-the-fly decoding and checking the integrity of the result
not really SSL secure, but if the mask key is 32 bytes long, it should be pretty secure
FWeinb
@FWeinb
Jun 06 2016 10:55
implementing signing will get us authenticity + integrity. But for the mean time adding a username / password should work.
It is possible to dump the binary from an ESP? Or is there read protection?
Me No Dev
@me-no-dev
Jun 06 2016 10:56
sure it's possible :)
esp32 will have such option as far as I know
but the 8266 does not protect the flash
FWeinb
@FWeinb
Jun 06 2016 10:57
Okay. Than username / password isn't that secure if there is physical access to a device.
Me No Dev
@me-no-dev
Jun 06 2016 10:57
programatically you can always dump it
hardware hacking, only if not esp32 and secured
you can never be 100% protected :D if the ESP is accessible phisically, then I can flash whatever I want on it
FWeinb
@FWeinb
Jun 06 2016 10:59
Sure but you cant screw with the firmware that is already on it except you want to patch the binary.
Me No Dev
@me-no-dev
Jun 06 2016 11:00
I can hook up to the flash chip and alter enough on web enabled ESP
including ssid/pass and such
FWeinb
@FWeinb
Jun 06 2016 11:01
Okay, that is true. There should really be a secure location where to store passwords on the esp.
Me No Dev
@me-no-dev
Jun 06 2016 11:02
there is this one new ESP that has 1MB flash inside the chip
that is a bit more secure, though space is a bit limited to what we grew accustomed to
FWeinb
@FWeinb
Jun 06 2016 11:03
Saw that one too. Looks great but 1MB is limiting.
Ivan Grokhotkov
@igrr
Jun 06 2016 11:03
ESP8285 is no different, desolder it, put it into download mode, read back flash with esptool...
but that's a separate subject altogether.
firmware signature verification is needed to prevent a different attack channel
i.e. someone hacked your firmware update distribution server and placed a different binary there
FWeinb
@FWeinb
Jun 06 2016 11:06
Correct. But that firmware signature verification needs to be in hardware, right?
Ivan Grokhotkov
@igrr
Jun 06 2016 11:07
If you want to protect the device from firmware modification in case of physical access to it, then yes it needs to be in hardware
but that's more of an edge case IMO, the first thing you should think about is rejecting a malicious firmware update downloaded over OTA
i.e. "someone hacked the webserver with firmware binaries" case
FWeinb
@FWeinb
Jun 06 2016 11:08
Right.
Clemens Kirchgatterer
@everslick
Jun 06 2016 11:12
IMHO the legit owner of the device should be able to update/replace the firmware anyway
Ivan Grokhotkov
@igrr
Jun 06 2016 11:13
@me-no-dev awesome! just one more nitpick (sorry)
Clemens Kirchgatterer
@everslick
Jun 06 2016 11:14
nevertheless a generic OTA update mechanism with encrypted binaries would be great for general usacases
Ivan Grokhotkov
@igrr
Jun 06 2016 11:14
@everslick For the ESP8266, yes please. You can flash whatever you like.
For the new chip, unfortunately this is not the case. It can be locked down completely. Maybe we change this in the future.
FWeinb
@FWeinb
Jun 06 2016 11:17
I can understand both use cases. In commercial application locking down the devices makes sense.
Clemens Kirchgatterer
@everslick
Jun 06 2016 13:02
often a licensing dilemma. you MUST NOT have GPLv3 code in your firmware if you plan to lock the user out.
Ivan Grokhotkov
@igrr
Jun 06 2016 13:10
Yes. Par
Part of the reason why I want to move to BSD for the next iteration of this project.
Clemens Kirchgatterer
@everslick
Jun 06 2016 13:11
0x40224cba: tcp_input at /home/clemens/Devel/ESP8266/Arduino/tools/sdk/lwip/src/core/tcp_in.c:441 0x40202204: xPortGetFreeHeapSize at ??:? 0x40221f81: ip_input at /home/clemens/Devel/ESP8266/Arduino/tools/sdk/lwip/src/core/ipv4/ip.c:559 0x402010f2: __wrap_free at ??:?
this is a stacktrace, does anybody know why sometimes i have filenames and linenumbers and sometimes not?
i compile with -Og
Ivan Grokhotkov
@igrr
Jun 06 2016 13:12
Functions which are in SDK libs are not annotated with debug information
But, xPortGetFreeHeapSize should be in our code.
Did you add -Og to all the relevant lines in platform.txt (there are 3 places)?
Oh wait, you must be using something else to build your code, not arduino-builder?
Holger Lembke
@holgerlembke
Jun 06 2016 16:43
20160606_122602.jpg
20160606_122602.jpg
20160606_122602.jpg
Holger Lembke
@holgerlembke
Jun 06 2016 16:49
![alt]http://e84i.imgup.net/20160606_11929.jpg
First IoT/ESP8266 with Arduino-IDE class... :-)
sticilface
@sticilface
Jun 06 2016 18:23
Is it normal/correct/expected for the IDE to try to compile .cpp files that are in a library /src folder even if its .h file is not included anywhere in the lib or the ino?
Me No Dev
@me-no-dev
Jun 06 2016 18:44
yes
sticilface
@sticilface
Jun 06 2016 18:45
ok fair enough.. thanks:)
Holger Lembke
@holgerlembke
Jun 06 2016 20:28
sorry for the multiple posts, browser didn't show them here.... grrr.