Page 1 of 1

ESP32; Disable saving wifi credentials in nvs

Posted: Sat Aug 07, 2021 12:18 pm
by tondar20
I encrypted my ssid & password (hard coded). When I read whole flash by esptool.py read_flash command, I can find the credentials in the flash file as a plaintext. I want to protect my wifi ssid & password. Any solution?

Code: Select all

#include <WiFi.h>
#include "mbedtls/aes.h"

char ssid[17], pass[17];

const char key[17] = "1234567890abcdef";

void aes_decrypt(char *chipherText, char *key, char *outputBuffer)
{
    mbedtls_aes_context aes;
    mbedtls_aes_init(&aes);
    mbedtls_aes_setkey_dec(&aes, (const unsigned char *)key, strlen(key) * 8);
    mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, (const unsigned char *)chipherText, (unsigned char *)outputBuffer);
    mbedtls_aes_free(&aes);
}

void setup()
{
    Serial.begin(115200);
    Serial.println("\nApp starts");

    char enc_ssid[33] = {0xEE, 0xBC, 0xEA, 0x5D, 0xD1, 0x74, 0xF9, 0x00, 0x8C, 0xCD, 0x83, 0xB5, 0xBA, 0xAB, 0xBC, 0x7D};
    char enc_pass[33] = {0x49, 0x5B, 0x89, 0xFB, 0xE0, 0x8C, 0xE8, 0x6A, 0xC8, 0xFE, 0x40, 0x30, 0x06, 0x68, 0x6B, 0x56};

    aes_decrypt(enc_ssid, (char *)key, ssid);
    aes_decrypt(enc_pass, (char *)key, pass);

    Serial.printf("Connecting to %s ", ssid);
    WiFi.begin(ssid, pass);
    while (WiFi.status() != WL_CONNECTED)
    {
        delay(500);
        Serial.print(".");
    }
    Serial.println(" CONNECTED");
    Serial.print("IP address: ");
    Serial.println(WiFi.localIP());
}

void loop()
{
}

Re: ESP32; Disable saving wifi credentials in nvs

Posted: Sun Aug 08, 2021 7:31 am
by ESP_igrr
Hi tondar20,
I think it should be possible by calling WiFi.persistent(false) before calling WiFi.begin(). If that doesn't work, would you mind opening an issue at https://github.com/espressif/arduino-esp32/issues?

Note however that the more secure solution to this problem is to use ESP32 Flash Encryption feature. It isn't available in Arduino IDE, but you can use it if you develop with ESP-IDF. It is also possible to keep using Arduino APIs in this case, with Arduino as an ESP-IDF component.

Re: ESP32; Disable saving wifi credentials in nvs

Posted: Sun Aug 08, 2021 5:02 pm
by tondar20
Thank you. The problem was solved:

calling

Code: Select all

WiFi.persistent(false);
before calling

Code: Select all

WiFi.begin();