ESP32 secure wifi credentials

I encrypted ssid & password, and saved them (encrypted) in eeprom. but when I read whole flash by esptool.py read_flash command, I can find the credentials in the flash file. I want to protect my wifi ssid & password. Is it possible?

1 Like

Please post the sketch that you used to encrypt and save the SSID and password to EEPROM

Had you uploaded another sketch since the one used to encrypt and save the details and was it larger than the encryption sketch ?

Has the OP looked through the ESP32's API Non-Volatile storage library?

Here is my code:
I don't use eeprom, and don't use my ssid and pass directly in the sketch, but I see then in flash bin file.:

first I did esptool.py erase_flash
then upload sketch
esptool.py read_flash

#include <WiFi.h>
#include "mbedtls/aes.h"

char ssid[17], pass[17];

const char key[17] = "1234567890abcdef";

void Wifi_connected(WiFiEvent_t event, WiFiEventInfo_t info)
{
Serial.println("Connected to AP!");
}

void Get_IPAddress(WiFiEvent_t event, WiFiEventInfo_t info)
{
Serial.print("IP address: ");
Serial.println(WiFi.localIP());
}

void Wifi_disconnected(WiFiEvent_t event, WiFiEventInfo_t info)
{
Serial.println("Trying to Reconnect...");
WiFi.begin(ssid, pass);
}

void aes_decrypt(char *chipherText, char *key, char *outputBuffer)
{
mbedtls_aes_context aes;
mbedtls_aes_init(&aes);
mbedtls_aes_setkey_dec(&aes, (const unsigned char *)key, strlen(key) * 8);
mbedtls_aes_crypt_ecb(&aes, MBEDTLS_AES_DECRYPT, (const unsigned char *)chipherText, (unsigned char *)outputBuffer);
mbedtls_aes_free(&aes);
}

void printArray(char *arr, int len)
{
for (int i = 0; i < len; i++)
Serial.print((char)arr[i]);
Serial.println();
}

void setup()
{
Serial.begin(115200);
Serial.println("\nApp starts");

char enc_ssid[33] = {0xEE, 0xBC, 0xEA, 0x5D, 0xD1, 0x74, 0xF9, 0x00, 0x8C, 0xCD, 0x83, 0xB5, 0xBA, 0xAB, 0xBC, 0x7D};
char enc_pass[33] = {0x49, 0x5B, 0x89, 0xFB, 0xE0, 0x8C, 0xE8, 0x6A, 0xC8, 0xFE, 0x40, 0x30, 0x06, 0x68, 0x6B, 0x56};

aes_decrypt(enc_ssid, (char *)key, ssid);
aes_decrypt(enc_pass, (char *)key, pass);

Serial.print("ssid: ");
printArray(ssid, strlen(ssid));
Serial.print("pass: ");
printArray(pass, strlen(pass));

WiFi.disconnect(true);
delay(100);
WiFi.onEvent(Wifi_connected, SYSTEM_EVENT_STA_CONNECTED);
WiFi.onEvent(Get_IPAddress, SYSTEM_EVENT_STA_GOT_IP);
WiFi.onEvent(Wifi_disconnected, SYSTEM_EVENT_STA_DISCONNECTED);

WiFi.begin(ssid, pass);
Serial.println("Wait for WiFi... ");

}

void loop()
{
delay(1000);
}

Please take a look my code.

I took a look at your code.

If the decryption is not working, I'd suspect a garbage in garbage out kind of thing going on. Have you confirmed the encryption was done correctly?

Yes, everything is fine.

I guess it's because of the flash structure. It seems it makes RAM at the flash cache. Is that so? If yes, what should be done?

I do not see that the way the ESP32's API Non-Volatile Storage system operates to be a problem.

The problem was solved:

calling

WiFi.persistent(false);

before calling

WiFi.begin();

https://www.esp32.com/viewtopic.php?f=19&t=22611