Most recent activity
-
Would one idea validate the following?
- Send data from the GPS module to the Espruino along with a token. (This token must depend on the latitude and longitude given by that module.)
Espruino sends this data to the cloud and from there:
If that latitude and longitude change, then it is an invalid token.
If the internal algorithms match, then they are correct data.This for the moment seems a good idea.
But for that I have to trust that the encoding algorithm generates the token based on its length and latitude can not be observed, and that leads me to my other post http://forum.espruino.com/conversations/310068/ # comment13841208
- Send data from the GPS module to the Espruino along with a token. (This token must depend on the latitude and longitude given by that module.)
-
Yes, I would list on my webserver the serials and compare them against what returns me getSerial (). That would serve to authenticate it on the server. But I have a query that may be due to a misunderstanding of my concept.
Is there any way to read the data that has been flashed in Espruino?
Because if so, someone could read that getSerial () and authenticate as if it were my device. This is true?Is there any way to protect Espruino from unwanted flash read/write?
-
-
-
-
Many thanks friends !
Most of these concepts are new to me, so I'll invest a little and when I can create a solution I'll pick it up!
The subject is that the GPS module is standard, I do not have so much control over it.
The other issue that worries me is ..
Beyond the security method you choose, if I create a bridge between the GPS module and ESPRUINO, can I see / change your information? I think it's called "Snooping" (As I read above) -
I understood your first explanation, but I get the following doubt:
Beyond obfuscating my code and so on. Any malicious customer, can access that code in flash memory?
Why is it so, even if you have reason to tell me that the client would have to recreate the flash code, obtaining the serial number of the board and a possible random data stored in flash memory (if you can read it and hence my doubt ) could falsify the device and access my server via API or whatever it is, since the authentication mechanism is the serial number (Qe can be obtained by flashing) and a salt that is housed in the flash memory (if it is can, I think so)