burn code for production.

The official pyboard running MicroPython.
This is the reference design and main target board for MicroPython.
You can buy one at the store.
Target audience: Users with a pyboard.
Post Reply
rohitshekhar
Posts: 3
Joined: Mon Dec 30, 2019 6:35 pm

burn code for production.

Post by rohitshekhar » Sat Feb 01, 2020 5:03 am

New in pyboard, could not find answer - possibly its a duplicate thread.

pyboard Code may be either in flash or sd, so its ready to download if given to end user. How we can save our code from copying ?

User avatar
jimmo
Posts: 1848
Joined: Tue Aug 08, 2017 1:57 am
Location: Sydney, Australia
Contact:

Re: burn code for production.

Post by jimmo » Sun Feb 02, 2020 11:46 pm

There are a few options:
- Use mpy-cross to make a .mpy file out of your .py files and put them on the filesystem instead. (They'll be bytecode instead, so someone can't just open them up and read your code text)
- "Freeze" your Python code into the firmware image. (This is a good idea anyway as it means your program will use less RAM)

Both these options means that the bytecode will be accessible. With the second approach (freezing) you could additionally enable flash readout protection, but note that as long as an 'attacker' can still get access to a REPL or to run Python code they can still extract data from flash.

That said, it depends on how much protection you need. The disassembled bytecode loses all local variable names, but it's still possible to extract all class, method, function and global names. I'm not aware of any tools that do this automaticalyy (although they wouldn't be that hard to build), but honestly if someone's going to go to that much trouble to work with your disassembled code it's probably easier for them to write the code from scratch.

The more important question is how to store secrets like encryption key. I'm not sure if there's a good solution to that -- even if you wrote those bits in C and used flash readout protection, as long as the attacker can access the REPL and use things like machine.mem8 it's very hard to protect against.

Post Reply