ESP32; Disable saving wifi credentials in nvs

tondar20
Posts: 2
Joined: Sat Aug 07, 2021 12:01 pm

ESP32; Disable saving wifi credentials in nvs

Postby tondar20 » Sat Aug 07, 2021 12:18 pm

I encrypted my ssid & password (hard coded). When I read whole flash by esptool.py read_flash command, I can find the credentials in the flash file as a plaintext. I want to protect my wifi ssid & password. Any solution?

Code: Select all

#include <WiFi.h>
#include "mbedtls/aes.h"

char ssid[17], pass[17];

const char key[17] = "1234567890abcdef";

void aes_decrypt(char *chipherText, char *key, char *outputBuffer)
{
    mbedtls_aes_context aes;
    mbedtls_aes_init(&aes);
    mbedtls_aes_setkey_dec(&aes, (const unsigned char *)key, strlen(key) * 8);
    mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, (const unsigned char *)chipherText, (unsigned char *)outputBuffer);
    mbedtls_aes_free(&aes);
}

void setup()
{
    Serial.begin(115200);
    Serial.println("\nApp starts");

    char enc_ssid[33] = {0xEE, 0xBC, 0xEA, 0x5D, 0xD1, 0x74, 0xF9, 0x00, 0x8C, 0xCD, 0x83, 0xB5, 0xBA, 0xAB, 0xBC, 0x7D};
    char enc_pass[33] = {0x49, 0x5B, 0x89, 0xFB, 0xE0, 0x8C, 0xE8, 0x6A, 0xC8, 0xFE, 0x40, 0x30, 0x06, 0x68, 0x6B, 0x56};

    aes_decrypt(enc_ssid, (char *)key, ssid);
    aes_decrypt(enc_pass, (char *)key, pass);

    Serial.printf("Connecting to %s ", ssid);
    WiFi.begin(ssid, pass);
    while (WiFi.status() != WL_CONNECTED)
    {
        delay(500);
        Serial.print(".");
    }
    Serial.println(" CONNECTED");
    Serial.print("IP address: ");
    Serial.println(WiFi.localIP());
}

void loop()
{
}

ESP_igrr
Posts: 2071
Joined: Tue Dec 01, 2015 8:37 am

Re: ESP32; Disable saving wifi credentials in nvs

Postby ESP_igrr » Sun Aug 08, 2021 7:31 am

Hi tondar20,
I think it should be possible by calling WiFi.persistent(false) before calling WiFi.begin(). If that doesn't work, would you mind opening an issue at https://github.com/espressif/arduino-esp32/issues?

Note however that the more secure solution to this problem is to use ESP32 Flash Encryption feature. It isn't available in Arduino IDE, but you can use it if you develop with ESP-IDF. It is also possible to keep using Arduino APIs in this case, with Arduino as an ESP-IDF component.

tondar20
Posts: 2
Joined: Sat Aug 07, 2021 12:01 pm

Re: ESP32; Disable saving wifi credentials in nvs

Postby tondar20 » Sun Aug 08, 2021 5:02 pm

Thank you. The problem was solved:

calling

Code: Select all

WiFi.persistent(false);
before calling

Code: Select all

WiFi.begin();

Who is online

Users browsing this forum: No registered users and 109 guests