Pico-w password protected wireless updates

ghubcoder

Sep 3 2022

Pico-w password protected wireless updates

If you have been programming a pico you will be familiar with the usual process of building your projects, resetting your pico whilst holding down the boot select button and uploading your uf2 file. There are other ways of course, you can use a Raspberry pi hooked up via SWD allowing you to remotely connect to the Pi and uploading your code via gdb.

Here though is an example of how you can remotely upgrade a Pico W with nothing else required.

The inclusion of a webserver allows the reboot into the bootloader to be initiated remotely and a means of setting a username and password.

TLDR

Git repo can be found here

Credits

The code described here makes use of the excellent picowota bootloader by usedbytes which can be seen here.

As well as the example here by krzmaz demonstrating how to run a web browser from your Pico-w using lwip.

Building

Build instructions can be found in the repo readme, main thing to note is that you will need to add a credentials.cmake file, this is used to configure wifi and to set a username and password required to put the Pico into bootloader mode.

Running

Once you have everything built, you will need to perform the initial upload in the normal way, easiest method is to hold down the bootsel button and upload the picowota_blink.uf2 file onto your Pico W.

This will reboot the Pico and after a short period it will start to flash indicating it has connected to your wifi network. If you are connected via usb and minicom you will see the assigned ip address printed out in the logs.

Flashing your Pico-w remotely

You will need the flash utility provided by usedbytes here

There are two methods to place your Pico-w into bootloader mode. You can either navigate to the ip address if your pico in your browser:

http://ip_of_pico/reboot.html

Here you need to enter the username and password you set for REBOOT_USER and REBOOT_PASS. The Pico will then reboot into the bootloader.

Or you can run the following command via curl:

curl -d "user=USERNAME&pass=PASSWORD" -X POST http://ip_of_pico/reboot.cgi

Where USERNAME and PASSWORD are the values you set for REBOOT_USER and REBOOT_PASS.

Finally make sure you are in the build directory and then run:

~/go/bin/serial-flash tcp:192.168.25.12:4242 blink.elf

On my machine ~/go/bin/serial-flash is where serial-flash is located after installation, this may differ on your machine.

The output will look something like:

~/go/bin/serial-flash tcp:192.168.25.12:4242 blink.elf
Opened connection to 192.168.25.12:4242
Synchronising:
 1 / 5 [==========>--------------------------------------------]  20.00% 13/s 0s
Querying device info:
 1 / 1 [======================================================] 100.00% 171/s 0s
Erasing:
 352256 / 352256 [==========================================] 100.00% 92998/s 3s
Writing:
 350464 / 350464 [=========================================] 100.00% 105397/s 3s
Finalising:
 1 / 1 [=======================================================] 100.00% 12/s 0s

The Pico-w will then reboot once more and be running your latest code. That’s pretty much it. Using just two commands you can remotely flash your Pico-w.

As the connection to your Pico-w is using http and not https, there is a risk that the username and password could be sniffed, the risk is minimal though on your local network, but should be noted. Adding in TLS is definitely something to think about though for the future.

Summary

This simple example shows how we can use FreeRTOS to run multiple tasks on a Pico-W and run an embedded http server which provides a means for remote updates.

Code location

Code can be found here.