Question on security of .bin file

[spyder0069]

I happen to look at the .bin file created by arduino and noticed that there were several things that show up as plain text in it. I have variables that contain default passwords and such that I prefer not to be openly viewable.

In my project I use OTA so I need the bin files for that process. Is there a way to hide variables to not be stored as plain text in the .bin? Any other ideas how to protect sensitive info but still allow OTA?

[ESP_Sprite]

The canonical way would be to have the encryption and authentication in the transport layer. Have the ESP32 connect to the OTA server using HTTPS, use some kind of shared secret to make sure that the server is actually talking to one of your boards and certificate pinning to make sure the board is talking to your HTTPS server, then send the bin file over the HTTPS connection.

[spyder0069]

I was probably not as clear as I needed to be. My project has things such as default wifi passwords, ftp site passwords and such. Things that I want to keep hidden but when I open the .bin file in notepad I am able to see these among the text at the top of the file. One thing that I noticed is it seems to be data that was assigned to a String variable. It seems if I put the data in a Char then it doesn't show up in the .bin as plain text. I do use a lot of String variables and am pretty far along on the project. I may convert just the variables that are sensitive. Is there anyway of preventing the String variables from showing up as plain text in the .bin?

[ESP_Sprite]

Well, if you have the binary and don't encrypt it with a key that's not retrievable from the outside, things like the password can *always* be found out. Worst case, someone programs the bin file into a new esp32 and sets a breakpoint on the location where WiFi starts up; you can just read the password from RAM that way.

What's your threat model here? What attacks are you trying to stop people from doing, and what data (presumably WiFi username/password) are you trying to protect, and from whom?

[spyder0069]

Every home has a lock set. However, you do have people that can pick the lock, use bump keys, or simply kick the door in. Yet we use a cheap lock set because it provides good enough security. I understand there will always be a way someone can find a way in but I just don't want to leave the door wide open.

This is a project that will be going into production. The wifi password would be used in the production environment for pretesting. Having to type it in manually would slow things down. While the shop is remote and I will have a separate router that it attaches to I just prefer info such as this not to be easily seen by the public. There is some other info such as this that has the same sensitivity.

[spyder0069]

Looks like I was wrong the char array. It doesn't show up in the .bin initially but if you do something with it then the value shows as plain text as well.

[chegewara]

You could use 2-3 char arrays that will be concatenated just before connecting to wifi AP.

[spyder0069]

That is actually what I was just working on. :^) I would just use ssid and passwords that were scrambled letters and have my array out of sequence too. Kind of the long way around the issue.

[ESP_Sprite]

Every home has a lock set. However, you do have people that can pick the lock, use bump keys, or simply kick the door in.

Sure, that is why I asked about your threat model.

If these credentials indeed are only used for testing: Any chance you can e.g. store the credentials you need somewhere else than in the program (e.g. an NVS-partition in flash), then just bulk-erase that partition in the last step of testing? No one can decypher what's not there

[spyder0069]

Those are just an example. The app also does a ftp of data to a site so it needs the site credentials as well.