How to protect my main.py
iotmaker last edited by
if i were to release a product with a pycom board. How can i make sure no body looks at the main.py file?
@jmarcelino if that is built in to the low level esp.read and esp.write to flash, then it may be transparent, covering anything in flash, like binary code, frozen bytecode and file system. It would then protect against raw readout of flash bypassing the esp.
jmarcelino last edited by
The ESP32 does have Flash encryption, the key is then stored in the efuses and is read protected. At ESP-IDF level it's already documented: http://esp-idf.readthedocs.io/en/latest/security/flash-encryption.html
This doesn't need support from the compiler but looks difficult to reconcile this with the current flexible, change firmware at any time, development system though.
@livius besides decryption on the fly, which is a task of the compiler/parser, then the protection and management of the key is the challenge.
jmarcelino last edited by jmarcelino
Security for the 4MB modules (OEM, FiPy, etc) with the external SPI pSRAM (which conveniently comes in a SOP-8 package) will be quite interesting.
livius last edited by
@robert-hh show some first steap in protection
i wait for bigger steap to be finalized - look here "Encryption of Python scripts to protect code"
@iotmaker A simple method would be to make main.py very primitive and put the code in some other script, let's call it myapp.py, which will be embedded as frozen bytecode. main.py would then simply consist of:
Frozen bytecode would require you to build your own image, which is not that hard. And frozen bytecode is like compiled code. Text and constants are visible in clear, and it is possible to create wome kind of decoder. But it is some barrier.
Putting main.py literally is not reccomended.