How to execute ROM Basic after it was disabled via efuse?

[HermannSW]

Thanks for that information, which confirms that ROM Basic cannot be ESP32 debug shell.

And thanks to WiFive, I tried Micorpython and it works great, see this posting:
viewtopic.php?f=2&t=3476#p16515

[mobluse]

The thing is that esp-idf massages the UART in such a way that ROM BASIC has problems using it.

You can work around this by starting a new esp-idf project, and add in your app_main.c this:

Code: Select all

typedef void(*start_tb_console_fn)();

void IRAM_ATTR start_cpu0() {
	start_tb_console_fn start_tb_console=(start_tb_console_fn)0x4005a980;
	start_tb_console();
}

void app_main() {
}

What you will get, however, is that ROM BASIC accepts one command, but then hangs because the check for the BASIC-disable-fuse fails.

Is it possible to "repair" the BASIC-disable-fuse or circumvent it?
BTW I made this into an Arduino-program that works, but after entering the first character it only echos that whatever I typed first.

Code: Select all

typedef void(*start_tb_console_fn)();

void setup() {
   start_tb_console_fn start_tb_console=(start_tb_console_fn)0x4005a980;
   start_tb_console();
}

void loop() {
}

[ESP_Sprite]

Is it possible to "repair" the BASIC-disable-fuse or circumvent it?
BTW I made this into an Arduino-program that works, but after entering the first character it only echos that whatever I type.

Not unless you have a FIB workstation in your garage, sorry. The BASIC console also checks the fuses during its runtime, effectively to make it harder for someone to 'glitch' an otherwise secured ESP32 into the basic console and breach security that way.

[mobluse]

The BASIC console also checks the fuses during its runtime, effectively to make it harder for someone to 'glitch' an otherwise secured ESP32 into the basic console and breach security that way.

Perhaps one could copy TinyBasic to RAM and patch it so that it doesn't check for fuse, and then run it from RAM.

[ESP_Sprite]

That actually may be a possibility. TinyBasic is stores in ROM 'encrypted'; using a simple XOR cypher (again, to stop people using it for nefarious purposes) and the invocation routine de'crypt's it in RAM before jumping to it. You may be able to rewrite this routine and patch out the fuse checking calls. I think all that is more work than just taking the original and doing the modifications I also did, however.