How to Secure the lua scripts inside Nodemcu - lua

I am writing a script having user personal information like "User Id", "Password", "Server detail", Bla bla bla. And I want to secure these all personal data.
And you know, Script inside Nodemcu is not secure at all. Anybody can download the script and make a cop of my project.
So, I want to encrypt the script which is uploaded in the Nodemcu so that some other can not decrypt or read my script.
Is it possible in NodeMCU?
I am using NodeMCU V3(Written at the back side of nodemcu)
Initial Details :
NodeMCU custom build by frightanic.com
branch: 1.5.4.1-final
commit: b9436bdfa452c098d5cb42a352ca124c80b91b25
SSL: false
modules: file,gpio,mqtt,net,node,rtctime,tmr,uart,wifi
build created on 2019-09-21 17:56
powered by Lua 5.1.4 on SDK 1.5.4.1(39cb9a32)
lua: cannot open init.lua

It is possible to achieve high security level but not 100%. NodeMCU stores data in external flash which is not protected from reading, even encrypted.
You need at least a firmware with standard crypto and TLS modules for basic encryption. Without TLS encryption (as module for net communication) you are vulnerable event without touching your device.
Better, is to use modified firmware with custom encryption/decryption functionality using internal unique chip id's as part of key, making it harder to break.
Some interesting ideas: https://bbs.espressif.com/viewtopic.php?t=936
To protect your scripts, compile in binary form without storing original scripts: https://nodemcu.readthedocs.io/en/master/compiling/
Edit:
In module crypto you can add a modified version of crypto_encdec() as encryptintern/decryptintern with predefined/calculated key and iv.
To get device specific id for key calculation you can use MAC address with wifi_get_macaddr() and flash id with spi_flash_get_id() as suggested: https://bbs.espressif.com/viewtopic.php?t=1303
To encrypt/decrypt compiled scripts you can modify luaL_loadfile (require uses it too) to decrypt files, and luac.c for encryption on your host.

Note that nothing will help against an even halfway determined person. It's trivial to dump the contents of flash, find keys, and decrypt everything. Without hardware support (there are cheap crypto chips out there), it is impossible to secure these devices.
Depending on your situation, there are alternatives; for example, for my home usage I'm planning to set up a separate WiFi network that's low security (no access to internet, just IoT devices) once I start deploying ESP8266 based devices. Yes, people can easily get the credentials but you'll be connected to a mostly useless network.
Security is very situational. What kind of attackers are you protecting against? How valuable is what you are protecting? It's hard to give advice without knowing more about that.

Related

Can I use the ESP-01 (ESP8266) to connect securely to MQTT broker?

The latest ESP-WROOM-02 support TLS1.2 over AT commands (I got this confirmed by Expressif). However I would like to use the ESP-01 unmodified to connect to an MQTT-broker, using TLS1.2. Is it possible to use the ESP01? Does it use the same firmware or codebase? I can't seem to find concrete answers.
Note that my app runs on another MCU (unavoidable). In principle I could reflash the ESP module, but that would add a step in the production process, plus yet another development environment. An advantage would be that the ESP01 firmware version would be strictly known.
I've seen that many advise to reflash the ESP with an Arduino derived firmware aka WiFiClientSecure and thus avoid working with the AT-commands (indeed I found NO library to specifically (and reliably) work with them).
Any advice greatly appreciated.
If you're concerned about security, then ESP8266 family modules (such as the ESP-01, ESP-WROOM-02, D1, NodeMCU) are likely not a practical choice.
They don't provide a mechanism for encrypting credentials on the device or a way to ensure that no one has altered the code that's running, and you end up in a situation like this one: https://thehackernews.com/2016/01/doorbell-hacking-wifi-pasword.html
However, the ESP-32 does provide that. It also allows you to make a secure MQTT connection. While it's more expensive than the ESP-01, it's still pretty affordable (about $6 on AliExpress).
The doorbell hack example is just stupid.
Why didn't they add a password for the Access Point connection.

Why is it safe to put secret keys into iOS binaries

I've noticed several tutorials for most of the major players in social networks have examples where a API key tied to your account is embedded (usually in plan text) in the source code. For example, Google Maps APIs Premium Plan. This key is used to bill your company.
I found a similar question in Is it safe to put private API keys in your .m files when exporting to the appstore?1 - Of note, anyone with a jailbroken phone can see the unencrypted executable.
Is this practice actually safe, and if so, why?
Embedding API keys in an app is not secure and generally not a good practice but does require a substantial work factor to obtain them, it is not trivial. There is no tool to decrypt the executable other than the OS for execution.
RE: "anyone with a jailbroken phone can see the unencrypted executable." is not really true. Just jailbreaking will not decrypt the app binary, it is only decrypted as the binary is loaded in RAM to execute and the key will not be available, it is decrypted in hardware in the DMA path. One needs to add debugging tools and catch the binary after it is loaded into memory for execution.
You need to determine who the attacker is, how much skill and time the attacker will spend and the cost to you.
There is no 100% secure solution, only increasing the work factor.
An alternative is to obtain the API keys on first run at login to a server and then move them to the Keychain. But this is also just an increase in work factor because as above the executable can be examined at run time when it is sent to the service.
As long as the key has to be in the app memory during any part of execution it is vulnerable.
Putting the API keys in the source may meet the security needs.

Accept any Wi-Fi password on OpenWRT (hostap)

After reading this article on Ars Technica I started looking for a way to enable an encrypted, yet passwordless public network. It is probably not possible due to specifications which require a certain number of characters and OSs complying with them, but what about accepting any password?
It will most definitely require custom scripting or even modifying the sources, so I've chosen OpenWRT to try this out. The relevant sources can be found here and here, which are used for building the wpad, hostpad and wpa-supplicant packages. By default OpenWRT uses wpad-mini (suffix mini means an absence of the WPA Enterprise support).
One of my thoughts was to also try WPA Enterprise for this purpose. Would it be possible to write a simple script to mimic the Radius server response, being always positive, as if credentials were correct?
Another aspect of this question is security. If accepting any password was possible, wouldn't it mean that anyone could trick my device to connect to an AP with the same name, as say, I use at home, and have control over the traffic? This can be a very serious issue and it is better to talk about it publicly than just pretending that if we don't publish a way to do this, no one else will do the same on black markets or in governments.
upd: Would it be possible to use a simple captive portal to 'negotiate' encryption, ideally, without any user interaction apart of opening the page? Naturally, it won't be WPA. Here is a good list of captive portal solutions for OpenWRT. A precaution: with the current OS-level implementations this wouldn't prevent leaking unencrypted data before the negotiation happens. But since OSs already recognize captive portals and display notifications, it should be possible to add a security feature to prevent any data transfers before passing the captive portal.

how do i access my cisco router details from ios mobile

Is it possible to access my Cisco router details like Name,Model,IP Address,Connection status etc from my iOS mobile.
I'm even ready to write small mobile app in iOS to get all router details.
Since I have just started learning in iOS, don't know if any library already exists for above task.
If my router does not work or gets hang.. I even want to try for restart of router using my mobile.
If example code exist, it will be very useful.
Like Cisco already has andriod and iOS app for same above function but dont want to use this app and want to write my own app with limited features only.
(http://www.addictivetips.com/mobile/cisco-connect-express-manage-router-settings-remotely-android-ios/)
Thanks,
Accessing network gear is best done by using SNMP. Cisco has extremely rich management/monitoring capabilities via SNMP and all of their MIBs are publicly available here.
Almost all Cisco gear supports the SNMPv2-SMI MIB (the 1.3.6.1.2.1 OID) so querying things like sysName, sysLocation, sysContact, sysDescription, sysUpTime should be very easy. This MIB even supports tables for listing all the interfaces and IP addresses and has a whole lot of other things that might be of interest to you.
If you have SNMP write access on the device then you can even make config changes and perform management functions like rebooting or bringing an interface up/down.
There are a few SNMP libraries for ObjectiveC and I think Net-SNMP is the most popular (It's not .net even though the title suggests that).
If you are new to SNMP then I suggest starting simple by querying easy objects like 1.3.6.1.2.1.1.5 (sysName) and 1.3.6.1.2.1.1.6 (sysLocation) before trying to jump into tables like 1.3.6.1.2.1.2.2 (ifTable)
Remember, you don't have to stick with the standard MIBs you can download all of the custom ones that are particular to your device which will give you incredible amounts of flexibility.
You could use a screen-scraping technique to telnet or ssh to the Cisco device and parse the "show version" output. This will give you some of the information you need. For others, like IP addresses, you can use "show ip interface brief", "show cdp neighbors" etc. as you need.
Keep security in mind: make sure that telnet/ssh credentials are adequately protected in your app's settings, and try to restrict your commands to those that do not need privileged access on the Cisco device.
Be aware that Cisco devices have a small pool of available VTYs, and every telnet/ssh access from your app will use up one VTY. So if you have for example 30 guys wanting to use the access the device simultaneously from their apps, some of those instances are not going to get access to the device.
If this is a concern, SNMP is a better and more scalable option as suggested by previous answer. Make sure that you (a) have a read-only community string configured on the device, and (b) use only the ro community string from the app.

Trusted Computing, iPad, Certifying Unmodified Apps

Since Apple controls the entire hardware/software stack, is it possible to obtain the following (through some type of trusted computing):
the hardware certifies that the software is genuine, non-jail broken iOS
iOS certifies to my server that the app run is an unmodified app
What this achieve is as follows:
when my server sends out data, it is guaranteed that the data can only be used in the way I intend it to be used (since it's running my app unmodified, on an non-jail broken iOS).
This prevents things like a modified app which steals data being transmitted from the server to the client. I realize one could theoretically eavesdrop, but this can be eliminated via encryption.
Thanks!
Briefly, no.
You're talking about Trusted Computing concepts on a platform that does not support TC. IOS does not include anything near Trusted Computing - Remote Attestation. It has no TPM.
The chain of trust established by Apple chip merely tries to stop execution if the signature of the next element in the boot chain is invalid. If one thing fails (jailbroken), their's no real -effective- way of detecting it. It is very similar to Secure Boot introduce by Microsoft but it's very different then Trusted Computing which attest which version of the system it is currently running.
With Trusted Computing, the TPM store the measurements (PCRs) of the system boot (SRTM). At boot, the first thing executed (CRTM - the only thing we really need to trust implicitly) will start the chain by measuring the BIOS, send the measure to the TPM (in a PCR) and pass execution to it (the BIOS). Then the BIOS does the same thing for the next element in the boot chain.
The measurements stored in the PCRs can then be used to encrypt or decrypt information (SEAL/UNSEAL operations) depending on the environment loaded in memory.
The TPM does not take action on the measurements (good or bad). The idea is not to restrain what can be loaded but to being able to know what environment is loaded on the platform. If something has been modified, the TPM will not contain the proper PCRs values and the UNSEAL operation (decrypt using PCRs as the key) will not work.
In the case of Remote Attestation, we're talking about the QUOTE operation. It's basically the same thing then SEAL but uses other keys to make sure the evaluating party can validate the attestation is really coming from a real/compliant TPM.
Sure, a system could use the SEAL operation to protect a secret used to decrypt the operating system and thus produce -in some way- the same effect as secure boot.
For more info, see my other posts.

Resources