carglglz / upydev Goto Github PK
View Code? Open in Web Editor NEWCommand line tool for MicroPython devices
Home Page: https://pypi.org/project/upydev/
License: MIT License
Command line tool for MicroPython devices
Home Page: https://pypi.org/project/upydev/
License: MIT License
(.venv) maho@udlaptop:~/workspace/upydev$ upydev -h
Traceback (most recent call last):
File "/home/maho/workspace/garageopen/.venv/bin/upydev", line 7, in <module>
exec(compile(f.read(), __file__, 'exec'))
File "/home/maho/workspace/upydev/upydev_dir/bin/upydev", line 1432, in <module>
parser.add_argument("-@", help=help_dv, required=False).completer = ChoicesCompleter(see_global_devs())
File "/home/maho/workspace/upydev/upydev_dir/bin/upydev", line 197, in see_global_devs
with open('{}/UPY_G.config'.format(upydev.__path__[0]), 'r', encoding='utf-8') as group:
FileNotFoundError: [Errno 2] No such file or directory: '/home/maho/workspace/upydev/upydev/UPY_G.config'
In the adc_config, Pin needs to be imported as well for my ESP32 board with Micropython.
Is there any way to disable standard webrepl access to the device, so that only SSLWebREPL can be used?
thanks,
Chris
When I was switching back and forth between wrepl via WiFi and sh_srepl via USB-serial, I found a glitch.
conf for sh_srepl via USB-serial:
upydev config -t /dev/tty.SLAB_USBtoUART -p pass
conf for wrepl via WiFi
upydev config -t 192.168.1.32 -p pass
and in the conf file, port and ip is stored bound with the same key "ip". So I have to specify the port or ip inline like follows:
upydev sh_srepl -port /dev/tty.SLAB_USBtoUART
upydev wrepl -t 192.168.1.32
It could be bettrt if port was stored as "port".
In the upydev repository, specifically within the keygen.py script, the RSA algorithm is implemented with PKCS 1v1.5 padding, which is known to be insecure and vulnerable to Bleichenbacher](https://link.springer.com/content/pdf/10.1007/bfb0055716.pdf) attack which is a chosen-ciphertext attack that exploits vulnerabilities within the RSA PKCS1v1.5 padding scheme. The use of this padding scheme can lead to security issues where an attacker may exploit the vulnerability to decipher encrypted messages or forge signatures.
upydev 0.4.3
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L919
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1176
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1253
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1311
https://github.com/Carglglz/upydev/blob/master/upydev/keygen.py#L1125
Expected Behavior:
The cryptographic module should utilize a secure padding scheme for RSA such as OAEP (Optimal Asymmetric Encryption Padding) which is currently recommended as a safer alternative to PKCS 1v1.5.
Actual Behavior:
The current implementation of the RSA encryption and signature verification in keygen.py uses PKCS 1v1.5 padding, which is outdated and has known vulnerabilities that compromise the security of cryptographic operations.
CWE-780: Use of RSA Algorithm without OAEP
It is recommended to use OAEP (Optimal Asymmetric Encryption Padding) as the encryption scheme and PSS (Probabilistic Signature Scheme) as the signature scheme, as they offer better security.
PyCryptodome
and cryptography.io
.It's crucial for the security of upydev users that this issue is addressed promptly, as cryptographic weaknesses can have severe implications for the privacy and integrity of communications facilitated by this tool.
message = b"encrypted data"
ciphertext = public_key.encrypt(
message,
padding.OAEP(
mgf=padding.MGF1(algorithm=hashes.SHA256()),
algorithm=hashes.SHA256(),
label=None
)
)
https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#encryption
Please let me know if you require any further information or assistance in addressing this issue.
upydev watch -fre ./src/*.py
would watch for any changes in files in a project directory. If change occurred it will upload only the changed file.
I tried sh_srepl and the connection established successfully but I got no echo back to the terminal.
No, it was there but in white. If I changed the color theme from light to dark, it turned to visible.
It seems the character color for the local echo is hard coded to white.
The target is ESP32 and I'm on macOS Mojave with iterm2 app.
It would be nice to be able to use upydev get main.py
without uploading aditional files onto the device
get the file tree from the device and make all the filtering on the pc
this concept should be applied to other scripts where possible.
OSError: [Errno 113] No route to host
File Uploaded!
Should throw an error.
When generating private key and certs for SSLWebREPL with
upydev sslgen_key -tfkey
It failed with:
Generating SSL ECDSA key and certificates...
Getting unique id...
ID: 30aea42313e0
Passphrase:
Traceback (most recent call last):
File "/home/chris/.espressif/python_env/idf3.3_py3.6_env/bin/upydev", line 5147, in <module>
get_ssl_keycert(args.t, args.p)
File "/home/chris/.espressif/python_env/idf3.3_py3.6_env/bin/upydev", line 4176, in get_ssl_keycert
ssl_ECDSA_key_certgen(ip, passwd, dir=upydev.__path__[0]+'/')
File "/home/chris/.espressif/python_env/idf3.3_py3.6_env/bin/upydev", line 1730, in ssl_ECDSA_key_certgen
host_ip = netifaces.ifaddresses('en0')[netifaces.AF_INET][0]['addr']
ValueError: You must specify a valid interface name.
When looking at upydev#L1730 I could see it expected network interface of the host to be 'en0', which does not exist in my env (Ubuntu WSL in Windows 10). I edited the file and changed this to a network interface from ifconfig and the key generation and upload then succeeded.
upydev is getting stuck, how can i debug what's going wrong with it? I read all docs but there is no hint how to turn on a more verbose mode.
shell-repl @ upydev
WebREPL connected
WARNING: ENCRYPTION DISABLED IN THIS MODE
MicroPython v1.18 on 2022-01-17; ESP module (1M) with ESP8266
Type "help()" for more information.
for i in [1,2]:
print(i)
............
....
no key combination will get you out of this situation
you have to close the terminal and start another one
It would be easier to checkout to specific version.
Also would be cool to make releases also on Github. ๐
If I use upydev in a virtual environment utilising poetry:
$ upydev config -t /dev/ttyACM3 -g -@ pybd
SerialDevice pybd settings saved globally!
$ pybd
[Errno 2] No such file or directory: '/home/ser/.cache/pypoetry/virtualenvs/mymgnss-enA7ukaw-py3.12/lib/python3.11/site-packages/upydev/UPY_G.config'
Traceback (most recent call last):
File "/home/ser/.cache/pypoetry/virtualenvs/mymgnss-enA7ukaw-py3.12/lib/python3.11/site-packages/upydev/devicemanagement.py", line 476, in devicemanagement_action
target, passwd = address_entry_point(dev, args=args)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/ser/.cache/pypoetry/virtualenvs/mymgnss-enA7ukaw-py3.12/lib/python3.11/site-packages/upydev/devicemanagement.py", line 313, in address_entry_point
with open('{}.config'.format(group_file), 'r', encoding='utf-8') as group:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
FileNotFoundError: [Errno 2] No such file or directory: '/home/ser/.cache/pypoetry/virtualenvs/mymgnss-enA7ukaw-py3.12/lib/python3.11/site-packages/upydev/UPY_G.config'
in summary, upydev should use ~/.config
directory to store config :)
upydev/upydev/upyutils_dir/
has a copy of files in upydev/upyutils/
. Not sure, is it on purpose?
Uploading file main.py...
op:put, host:192.168.1.102, port:8266, passwd:****.
src/main.py -> /main.py
Traceback (most recent call last):
File "/home/stsdc/.local/bin/upytool", line 385, in <module>
main()
File "/home/stsdc/.local/bin/upytool", line 363, in main
s.connect(addr)
ConnectionRefusedError: [Errno 111] Connection refused
File Uploaded!
First of all: this tool is amazing! Thank You!
But the readme file is huge, it is hard to find how to do basic things.
IMHO: Readme should be decluttered and must include most basic things, other specific options and functions should be on gitbook or wiki.
If You're ok with this, I'll try to make a PR.
Thanks again for this utility and please continue <3
I ran into the error:
$ upydev -h
Traceback (most recent call last):
File "/Users/thomas/Programming/HA/MicroPython/venv/bin/upydev", line 17, in <module>
import requests
ModuleNotFoundError: No module named 'requests'
which was resolved by:
pip install requests
I am using python 3.7.4 from MacPorts wrapped via venv
under Mac OS Mojave
I'm using upydev put -fre src/*
Traceback (most recent call last):
File "/home/stsdc/.local/bin/upytool", line 385, in <module>
main()
File "/home/stsdc/.local/bin/upytool", line 379, in main
put_file(ws, src_file, dst_file)
File "/home/stsdc/.local/bin/upytool", line 178, in put_file
with open(local_file, "rb") as f:
IsADirectoryError: [Errno 21] Is a directory: 'src/ble'
File Uploaded!
BTW how to upload a folder? My project structure:
โโโ dev-requirements.txt
โโโ micropy.json
โโโ pymakr.conf
โโโ requirements.txt
โโโ src
โย ย โโโ ble
โย ย โย ย โโโ ble_advertising.py
โย ย โย ย โโโ ble.py
โย ย โย ย โโโ ble_temperature.py
โย ย โโโ boot.py
โย ย โโโ main.py
โโโ upydev_.config
When I removed global conf and local conf,
upydev sh_srepl causes an error, even if port and password were set inline, but wrepl is ok with it.
$ upydev sh_srepl -port /dev/tty.SLAB_USBtoUART -p pass
upydev_.config file not found, please provide target and password or create config file with command "config" (see help)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.