Unofficial Nextion/TJC User Forum

Is "locking" a page with a password secure?

Is locking all pages in my .HMI file with a password secure?
Can the password be recovered form either .HMI or .tft file?
Same question to securing the project with a password, is it secure?

Thanks for all the answers!

Never have tried reverse-engineering a HMI or tft file to check this out. But they say (and have appropriate warnings in the editor about that) that lost passwords can’t be recovered, even not by them which makes me pretty confident.
Afterwards, the question is: Why should someone try to crack a password protected HMI file? I mean, it’s a little subsystem firmware, not a bitcoin storage…

Anything can be cracked given the time & motivation to do so. I think the statement “lost passwords can’t be recovered” is more of a guarantee that Nextion ‘support’ won’t help you if you encounter that problem (and any other issue for that matter) It says nothing about the security of the password itself…

I wouldn’t put too much trust in TJC code either way. They probably just hash the password and crc the file…

1 Like

Password-protected pages is a great tool, if the .HMI file is distributed to technicians who only need to upload the new firmware without access to the source code.
I agree locking the entire project kinda makes no sense(but its good to have an option right?).

That’s what I though too…
I preferred to ask if someone actually put some effort and investigated that topic :slight_smile:

Has someone compared a protected vs an unprotected in hex view ?

1 Like

This forum is in no way affiliated with NEXTION®, ITEAD STUDIO®, TJC®, or anyone else really. All product names, logos, and brands are property of their respective owners. All company, product, and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement from the respective rights holder(s).