Photon softAP: either suppress SSID broadcast or password protect?

Hi folks, I want to use web pages in softAP instead of connecting to external Wifi. SSID is broadcast in softAP mode, and is not secured (unsecure, insecure?)

Is there a way to either password protect softAP (WPA2-Personal, say), or can I at least suppress SSID broadcast?

Looks like changing SSID is possible at least, so that helps.
System.set(SYSTEM_CONFIG_SOFTAP_PREFIX, “prefix”);
System.set(SYSTEM_CONFIG_SOFTAP_SUFFIX, “suffix”);

Edit: I found this in wiced_defaults.h, but uncommenting seems to have no effect. In any case, I need this feature in runtime, so this would not be ideal even if it did work.

/************************************************************************
 * Uncomment to "hide" the soft AP */
#define WICED_DISABLE_SSID_BROADCAST

Also found something about this online
https://community.cypress.com/thread/2044?start=0&tstart=0

wiced_result_t wiced_wifi_set_closednet(uint32_t closed) {
    wiced_buffer_t buffer;
    uint32_t *data = (uint32_t *)wiced_get_iovar_buffer(&buffer, (uint16_t)4, IOVAR_STR_CLOSEDNET);
    CHECK_IOCTL_BUFFER(data);
    *data = closed;
    return wiced_send_iovar(SDPCM_SET, buffer, NULL, SDPCM_AP_INTERFACE);
}

Some additional info here regarding WICED SDK compatibility, which seems to be where this is headed. https://community.cypress.com/thread/5280

Thanks
Doug

@dougcl Welcome to the Particle Community.

I have been using softAP for setup of the WiFi credentials for all products based upon the Photon. Under this use case having an SSID that is visible and recognized is important.

You have correctly identified the System calls to change the system SSID. I have never seen the need to hide the SSID but I can see why you would want to use this as a security feature. There is no runtime feature - as a System call to do this that I am aware of.

Password protection of you web pages is possible. I could not find an example but a google search will highlight simple and more complicated approaches.

Thanks for your response.

It appears that some if not all of the necessary WICED SDK files are in the Particle Workbench distribution, but I am having trouble referencing them.

For example, I can browse to this, but it has dependencies elsewhere under wiced, so it doesn’t work.
#include “wiced/WWD/include/wwd_wifi.h”

I spent some time looking up info about the Workbench include path, and it’s unclear how to modify it.

Due to the modular design of the Particle device OS application code can only access functions for which a dynamic link is made available.
If you want to use anything beyond that you’d need to create a monolithic build where all system parts and the application are unified in one binary file.

I would have suggested the build task
Particle: Compile application & DeviceOS for debug (local)
but that seems to have disappeared

Okay thanks. There are two parts, system and user. There is a compile-debug option and flash-debug in the makefile FWIW.

But can’t the modification be done in the OS then, and modular build work? That get/send_iovar is pretty much all I can think to do. The commands appear to be in wwd_sdpcm.h. But if it were this easy, it seems like you would have done it.

Doug

Since SoftAP was not intended for any highly secure data exchange Particle (I'm not an employee) has never really invested more time into that feature than was necessary for the original intent: setting up the WiFi creds (plus some (optional) one-time parametrisation).
That also manifests in the fact that SoftAP is only available via Listening Mode (aka Setup Mode).

Thanks again.

I got a variation of the iovar approach above working.

I happen to be modifying deviceOS version 1.2.1.

I used the #define WICED_DISABLE_SSID_BROADCAST in wiced_defaults.h to test it. (It appears the problem with that define is that it is used by wwd_ap.c, but that code has been pre compiled for the Workbench distribution, so changing the define after the fact doesn’t do anything.)

I added the following code (taken from wwd_ap.c elsewhere) to softap.cpp:

#include "wwd_sdpcm.h"
#include "wwd_wlioctl.h"
#include "wwd_ap_common.h"
#include "rtos.h"
#include "wwd_rtos_interface.h"

static host_semaphore_type_t wwd_wifi_sleep_flag;

wwd_result_t disable_ssid_broadcast()
{
    wiced_buffer_t buffer;
    uint32_t*      data;

	/* Make the AP "hidden" */
	data = (uint32_t*) wwd_sdpcm_get_iovar_buffer( &buffer, (uint16_t) 4, IOVAR_STR_CLOSEDNET );
	CHECK_IOCTL_BUFFER_WITH_SEMAPHORE( data, &wwd_wifi_sleep_flag );
	data[0] = (uint32_t) 1;
	CHECK_RETURN_WITH_SEMAPHORE( wwd_sdpcm_send_iovar( SDPCM_SET, buffer, 0, WWD_AP_INTERFACE ), &wwd_wifi_sleep_flag );
	return WWD_SUCCESS;
}

I added this to softap.h:

#include "wwd_constants.h"  // for wwd_result_t

wwd_result_t disable_ssid_broadcast();

and I added the define to wlan_smart_config_init() in wlan_hal.cpp (which seemed like a good place to call the function):

void wlan_smart_config_init()
{
    wifi_creds_changed = false;
    if (!current_softap_handle)
    {
        softap_config config;
        config.softap_complete = HAL_WLAN_notify_simple_config_done;
        wlan_disconnect_now();
        wlan_restart(NULL);
        current_softap_handle = softap_start(&config);
        /* FIXME: particle-iot/photon-wiced#29 */
		#ifdef WICED_DISABLE_SSID_BROADCAST
		     disable_ssid_broadcast();
		#endif
        netif_set_default(wiced_ip_handle[WICED_AP_INTERFACE]);
    }
}

I have not tried calling iovar methods to turn it back on, not sure it is possible, but that’s next.

Okay I added a new option to the hal_system_config_t enum called SYSTEM_CONFIG_SOFTAP_DISABLE_BROADCAST.

So now I can call this from within the ino in Workbench:
System.set(SYSTEM_CONFIG_SOFTAP_DISABLE_BROADCAST,"1");
or
System.set(SYSTEM_CONFIG_SOFTAP_DISABLE_BROADCAST,"0");

List of files altered:
core_hal.h
ota_flash_hal.cpp
ota_flash_hal_stm32f2xx.cpp
softap.cpp
softap.h
wlan_hal.cpp

I have submitted an enhancement request here in case anyone is interested in getting this added (assuming it is acceptable.)