ESP8266 Community Forum

Hi People,

So i have been thinking quite some time about how to prevent the ESP from being programmed and to " Brick" itself after time. It should also be able to unbrick again
But i would like to hear you thoughts about it.

I will explain the situation.
Let say the project has run for 3 month , then the computer Server send a Lockdown message to the ESP.
I want the esp to lock itself after a period of time let say 15 Minutes (or other random time) each time after startup giving the impression the System has some sort of failure. My idea was to put GPIO 0 to ground using a pin, and then reset the ESP. Might work just need to workout the hardware aspect specifically. The random time before bricking will give me time to send a unlock message.

But i don't want to give the possibility to reprogram the ESP since any software developer could just change the code then. Are there any thought on how could i prevent the ESP8266 from being reprogrammed preferably by software or else by hardware.

I was thinking of changing something in the program sequence like a special code, different from the standard, but i'm afraid that might be out of my comfort zone still.

Just a note, i program the ESP using the Arduino IDE,

I'm looking forward to hear your thoughts !

Often to only allow programming by a trusted source an obscured password is buried in a custom boot loader. Only the trusted installer of new code has the password and can access the bootloader. This isn't a total solution since if anyone has physical access to the chip they could just replace the bootloader and end around the security.

Indeed i was thinking of that aswell, However i will asume for now not everyone is capable of doing that.
Indeed a custom bootloader might do the trick, Any thought on how

I suspect the bootloader code is public. I haven't looked at it but if the bootloader code is available then it could be altered to accept a preflash sentence with a check code something like MD5 with a variation to obscure things, the bootloader would compute the check digit at some (known only to the legit owner of the code) position in the code; if it didn't match at that position the bootloader would abort and erase the unauthorized attempt. As long as new updated doesn't shorten the code to less than the secret mid code check position it would be hard to know what the position being used is. If a final MD5 type code is also included in the preflash sentence then all the code itself could be validated.