I am writing a script having user personal information like "User Id", "Password", "Server detail", Bla bla bla. And I want to secure these all personal data.
And you know, Script inside Nodemcu is not secure at all. Anybody can download the script and make a cop of my project.
So, I want to encrypt the script which is uploaded in the Nodemcu so that some other can not decrypt or read my script.
Is it possible in NodeMCU?
I am using NodeMCU V3(Written at the back side of nodemcu)
Initial Details :
NodeMCU custom build by frightanic.com
branch: 1.5.4.1-final
commit: b9436bdfa452c098d5cb42a352ca124c80b91b25
SSL: false
modules: file,gpio,mqtt,net,node,rtctime,tmr,uart,wifi
build created on 2019-09-21 17:56
powered by Lua 5.1.4 on SDK 1.5.4.1(39cb9a32)
lua: cannot open init.lua
It is possible to achieve high security level but not 100%. NodeMCU stores data in external flash which is not protected from reading, even encrypted.
You need at least a firmware with standard crypto and TLS modules for basic encryption. Without TLS encryption (as module for net communication) you are vulnerable event without touching your device.
Better, is to use modified firmware with custom encryption/decryption functionality using internal unique chip id's as part of key, making it harder to break.
Some interesting ideas: https://bbs.espressif.com/viewtopic.php?t=936
To protect your scripts, compile in binary form without storing original scripts: https://nodemcu.readthedocs.io/en/master/compiling/
Edit:
In module crypto you can add a modified version of
crypto_encdec()asencryptintern/decryptinternwith predefined/calculated key and iv.To get device specific id for key calculation you can use MAC address with
wifi_get_macaddr()and flash id withspi_flash_get_id()as suggested: https://bbs.espressif.com/viewtopic.php?t=1303To encrypt/decrypt compiled scripts you can modify
luaL_loadfile(requireuses it too) to decrypt files, andluac.cfor encryption on your host.