Avatar for user81097

user81097

Member since Sep 2017 • Last active Sep 2017
  • 2 conversations
  • 9 comments

Most recent activity

    • 10 comments
    • 3,675 views
  • in Projects
    Avatar for user81097

    I understood your first explanation, but I get the following doubt:
    Beyond obfuscating my code and so on. Any malicious customer, can access that code in flash memory?

    Why is it so, even if you have reason to tell me that the client would have to recreate the flash code, obtaining the serial number of the board and a possible random data stored in flash memory (if you can read it and hence my doubt ) could falsify the device and access my server via API or whatever it is, since the authentication mechanism is the serial number (Qe can be obtained by flashing) and a salt that is housed in the flash memory (if it is can, I think so)

    • 10 comments
    • 2,870 views
  • in Projects
    Avatar for user81097

    Would one idea validate the following?

    • Send data from the GPS module to the Espruino along with a token. (This token must depend on the latitude and longitude given by that module.)

    Espruino sends this data to the cloud and from there:

    If that latitude and longitude change, then it is an invalid token.
    If the internal algorithms match, then they are correct data.

    This for the moment seems a good idea.

    But for that I have to trust that the encoding algorithm generates the token based on its length and latitude can not be observed, and that leads me to my other post http://forum.espruino.com/conversations/310068/ # comment13841208

  • in Projects
    Avatar for user81097

    Yes, I would list on my webserver the serials and compare them against what returns me getSerial (). That would serve to authenticate it on the server. But I have a query that may be due to a misunderstanding of my concept.

    Is there any way to read the data that has been flashed in Espruino?
    Because if so, someone could read that getSerial () and authenticate as if it were my device. This is true?

    Is there any way to protect Espruino from unwanted flash read/write?

  • in Projects
    Avatar for user81097

    Thanks for your answer.
    The issue is that I need to authenticate the device over the internet, so I figured I could store a token somewhere in the Espruino and check it in the cloud

  • in Projects
    Avatar for user81097

    Thank you very much for your answer
    The issue is that apart from protecting my device against physical copy, I need to rely on the information provided by the GPS. It is so that the device can be used in a stated range.

  • in Projects
    Avatar for user81097

    Thank you for your answers!
    At this moment I do not have time to investigate this and create a solution, but as soon as I do I will let you know by reliving the post

  • in Projects
    Avatar for user81097

    Many thanks friends !
    Most of these concepts are new to me, so I'll invest a little and when I can create a solution I'll pick it up!
    The subject is that the GPS module is standard, I do not have so much control over it.
    The other issue that worries me is ..
    Beyond the security method you choose, if I create a bridge between the GPS module and ESPRUINO, can I see / change your information? I think it's called "Snooping" (As I read above)

  • in Projects
    Avatar for user81097

    Hi, how are you?

    I would like to know if there is any way to protect the information in flash memory so that not anyone who connects to the serialport can get the javascript source code.

    Is this possible?

    Thank you in advance.

Actions