Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there any method to ensure security in Flashing avr remotely? #367

Open
szjiajin opened this issue Mar 26, 2018 · 4 comments
Open

Is there any method to ensure security in Flashing avr remotely? #367

szjiajin opened this issue Mar 26, 2018 · 4 comments

Comments

@szjiajin
Copy link

I have spent some time learning this module and I have to say it is very useful! Thank you for all the hard work. I have two questions in my mind right now.

  1. To my understanding any machines in the same LAN with esp8266 board could send the flash command therefore it is not very safe. Is there any method to do a verifying process before flashing MCU attached?
  2. Although esp8266 has a LAN IP, it does not have a WAN IP so server on other network cannot send the flash command to esp board. Is there any way to flash attached MCU via Internet?

Thank you in advance!
@DJManas
Copy link

DJManas commented Apr 7, 2018

+1

@susanin-ivan
Copy link

susanin-ivan commented Apr 10, 2018
edited
Loading

Hi,

@szjiajin , regarding your q2 - It is posible by setting correct routes on all involved gateways.

For example, my setup:

ESP12 ---> BlackSwift Board (OpenWrt) ---> Room's wifi (OpenWrt) ---> Main GW ---> Internet

ESP12: 10.10.20.55 from BlackSwift (std dhcp alloc)
BlackSwift: dhcp 10.10.20.0/24 to internal wifi clients, external 172.21.1.20 from Room's wifi (controlled dhcp allocation)
Room's wifi: dhcp 172.21.1.0/24 to internal clients, external 10.10.10.123 from Main GW
My PC: 10.10.10.222 from Main GW (std dhcp alloc)

To reach ESP12 (10.10.20.55) from my PC (10.10.10.222) I do once:

My PC # route add 10.10.20.0/24 gw 10.10.10.123
Room's wifi # route add 10.10.20.0/24 gw 172.21.1.20

Now My PC know where to route packets for ESP12 and involved Room's wifi also know where to find ESP12's network

By adding same route as on on My PC to Main GW will allow to reach ESP12 from Internet (well, not so good idea because of yours q1, but ssh tunneling can help here)

Hope this helps :)

Best regards,
Ivan

@rtek1000
Copy link

rtek1000 commented Aug 3, 2018

Hello,

A way I tested: change the reset pin, this can be done in the configuration page of the esp-link, in Pin assignment.

The default for the ESP-01 is in GPIO2, but can be disabled, or changed to another pin as GPIO0.

Another way would be for the avr to intercept or block access to the reset, this needs a specific hardware scheme, but it might allow for password deployment, avr could receive a password via serial port to enable access to the reset.

Without access to the reset pin, avrdude informs the wrong parameter and the programmer does not respond.

On the internet, the cool thing would be to be able to read email and download the attached update file. I do not know if the ESP8266 has this capability.

@overisberg
Copy link

Have a look at my "Security Pin" idea:
#19

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@DJManas @overisberg @rtek1000 @szjiajin @susanin-ivan