DFU with password

I assume you are updating your central by switch it to peripheral mode and your phone as central to do DFU.

To add a password, you need to implement it on your own. Says the DFU target will reject DFU init packet if there is no "password" command is written on the DFU Control point characteristic. If you want to avoid attacker to sniff your connection and catch that fixed password, you can implement a scheme when the DFU target send to the DFU master a random number, and the DFU master have to encrypt it using the secret key (that hardcorded in the bootloader) and send the result back. The DFU target will check, if it match then it will allows the DFU process to be started.

Of course you would need to modify the DFU app on the phone. All the source code are available, so I don't think there would be any problem.

I assume you are updating your central by switch it to peripheral mode and your phone as central to do DFU.

To add a password, you need to implement it on your own. Says the DFU target will reject DFU init packet if there is no "password" command is written on the DFU Control point characteristic. If you want to avoid attacker to sniff your connection and catch that fixed password, you can implement a scheme when the DFU target send to the DFU master a random number, and the DFU master have to encrypt it using the secret key (that hardcorded in the bootloader) and send the result back. The DFU target will check, if it match then it will allows the DFU process to be started.

Of course you would need to modify the DFU app on the phone. All the source code are available, so I don't think there would be any problem.

Fine. Where I can get source code of DFU app for phone ? Thx.

Here you go: github.com/.../Android-DFU-Library

Thank you.