In embedded systems you've often got a bit of an issue with people downloading your code - even if you're using compiled code. While some chips do have readout protection (STM32, nRF52) sometimes it can be circumvented with the right tools, and any firmware updates tend to be sent unencrypted too.
With ESP8266 that is especially the case since the SPI flash is separate - and regardless of what you do on the CPU, someone could just unsolder the chip, read the entire contents and clone it.
Personally, my advice is assume that someone could read out your code, and design accordingly. For instance don't include global private keys in the firmware.
That advice isn't specifically for Espruino, but literally any embedded target
Thank you so much. I'll tell you from myself. I really want to have a tool to protect my code at least at the level of a simple connection and reading it from memory using the Espruino IDE.
Thanks for the help, I will think about how to implement this for myself.
© Espruino, powered by microcosm.
Report a problem