Avatar for Eyzi


Member since Apr 2018 • Last active Sep 2018
  • 2 conversations

Most recent activity

  • in General
    Avatar for Eyzi

    Yeah, I understand. I don't expect anyone to go as far as taking the device apart or anything hardcore. (If they're that dedicated in getting data off of the device, they deserve to know lol)

    I'm more or less just trying to prevent other people from easily accessing it, specifically plugging the Espruino WiFi into their computer and getting access to the SSID and password with Storage.read. If E.setPassword can do that, then it's all I need, for now at least.

    Thanks, @Gordon!

  • in General
    Avatar for Eyzi

    Awesome. Thanks, @Gordon! Every device will be configured by the server/MQTT broker (in this case, an Rpi) where the encryption keys will be stored so they're not in the device itself.

    I'll give the AES encryption a go. Though, I wonder if the device will run as is without needing to decrypt the data in it, if it doesn't have the key. For example, if I store an AES encrypted WiFi SSID and password via the Storage module, will it be able to read/use it?

  • in General
    Avatar for Eyzi

    Neat! For starters, I can use that to make the data on the flash memory less accessible. Thanks, @Wilberforce!

  • in General
    Avatar for Eyzi

    Thanks, @allObjects!

    I have read the Security thread prior to posting this, actually. Though, the conversation is mostly about the Puckjs. That's where I learned about the E.setPassword which would be a pretty good addition to the Espruino WiFi, if not already included.

    I was hoping that Espruino has a native solution for security rather than relying on another firmware/hardware. It'd be great if Espruino releases a board with built-in HW security in the near future!

    As for the transmission security, I think MQTT over TLS is a sufficient solution which the Espruino WiFi can already use. So at this point, securing the flash memory is really what I'm worried about.

  • in General
    Avatar for Eyzi

    Thanks for the reply, @allObjects!

    Does the Espruino WiFi have this Flash EEPROM? I load data (wifi ssid, wifi password, server ip, etc) into the device (Espruino WiFi) using the Storage module, but when I connect this device to another computer, I can access these data with Storage.read() which is more or less what I'm trying to avoid.

    Essentially, I want the data to only be accessible by the computer that loaded config into the device.

  • in General
    Avatar for Eyzi

    Hi, guys! Hope you're having a great day.

    I'm working on a small IoT project and I'm mostly using Espruino WiFi and Sonoff devices.

    I'm wondering what's the best way to secure data, both the transmitted data and the data on the flash memory. I've seen a few posts on encrypting transmitted data so I'm less worried about that, but what about the data in flash memory?

    Correct me if I'm wrong, but when I load a program into a device, I can plug it into another computer with an Espruino IDE and access the loaded program and anything stored in the flash memory, right? Is there a way to encrypt the data loaded into it, or maybe require a password before being able to access it? I saw that Puckjs has E.setPassword or something. Is there a similar function for Espruino WiFi and/or Sonoff?


  • Avatar for Eyzi

    Hi Gordon! Thanks for the reply. My bad for not noticing the Storage module. This works and it makes it much easier than calling save() every time. Thank you!

  • in Pico / Wifi / Original Espruino
    Avatar for Eyzi


    I'm having trouble removing the previous instance of the Wifi connection when I call the save() function. (see attached image)

    I have a function setConfig(options) where I set variables like the Wifi SSID, password, device name, etc, and I'd like to be able to save these variables to the flash memory on the fly. This function has a save() function at the end which calls onInit() again. I noticed that the previous Wifi connection reconnects on top of the new Wifi connection. I tried explicitly disconnecting it and setting the wifi variable to null, but it still does the same thing.

    Is there anything I can do to remove the previous instance? Or is this normal and I shouldn't be worried about it?