How to execute ROM Basic after it was disabled via efuse?

User avatar
HermannSW
Posts: 97
Joined: Fri Oct 27, 2017 6:58 am
Location: Eberbach, Germany
Contact:

Re: How to execute ROM Basic after it was disabled via efuse?

Postby HermannSW » Mon Oct 30, 2017 8:57 pm

Thanks for that information, which confirms that ROM Basic cannot be ESP32 debug shell.

And thanks to WiFive, I tried Micorpython and it works great, see this posting:
viewtopic.php?f=2&t=3476#p16515
Image

mobluse
Posts: 2
Joined: Tue Apr 24, 2018 12:26 pm

Re: How to execute ROM Basic after it was disabled via efuse?

Postby mobluse » Tue Apr 24, 2018 12:34 pm

ESP_Sprite wrote:The thing is that esp-idf massages the UART in such a way that ROM BASIC has problems using it.

You can work around this by starting a new esp-idf project, and add in your app_main.c this:

Code: Select all

typedef void(*start_tb_console_fn)();

void IRAM_ATTR start_cpu0() {
	start_tb_console_fn start_tb_console=(start_tb_console_fn)0x4005a980;
	start_tb_console();
}

void app_main() {
}
What you will get, however, is that ROM BASIC accepts one command, but then hangs because the check for the BASIC-disable-fuse fails.
Is it possible to "repair" the BASIC-disable-fuse or circumvent it?
BTW I made this into an Arduino-program that works, but after entering the first character it only echos that whatever I typed first.

Code: Select all

typedef void(*start_tb_console_fn)();

void setup() {
   start_tb_console_fn start_tb_console=(start_tb_console_fn)0x4005a980;
   start_tb_console();
}

void loop() {
}
Last edited by mobluse on Sat Apr 28, 2018 6:22 am, edited 1 time in total.

ESP_Sprite
Posts: 9708
Joined: Thu Nov 26, 2015 4:08 am

Re: How to execute ROM Basic after it was disabled via efuse?

Postby ESP_Sprite » Wed Apr 25, 2018 3:23 am

mobluse wrote: Is it possible to "repair" the BASIC-disable-fuse or circumvent it?
BTW I made this into an Arduino-program that works, but after entering the first character it only echos that whatever I type.
Not unless you have a FIB workstation in your garage, sorry. The BASIC console also checks the fuses during its runtime, effectively to make it harder for someone to 'glitch' an otherwise secured ESP32 into the basic console and breach security that way.

mobluse
Posts: 2
Joined: Tue Apr 24, 2018 12:26 pm

Re: How to execute ROM Basic after it was disabled via efuse?

Postby mobluse » Sat Apr 28, 2018 8:09 am

ESP_Sprite wrote:The BASIC console also checks the fuses during its runtime, effectively to make it harder for someone to 'glitch' an otherwise secured ESP32 into the basic console and breach security that way.
Perhaps one could copy TinyBasic to RAM and patch it so that it doesn't check for fuse, and then run it from RAM.

ESP_Sprite
Posts: 9708
Joined: Thu Nov 26, 2015 4:08 am

Re: How to execute ROM Basic after it was disabled via efuse?

Postby ESP_Sprite » Sat Apr 28, 2018 9:53 am

That actually may be a possibility. TinyBasic is stores in ROM 'encrypted'; using a simple XOR cypher (again, to stop people using it for nefarious purposes) and the invocation routine de'crypt's it in RAM before jumping to it. You may be able to rewrite this routine and patch out the fuse checking calls. I think all that is more work than just taking the original and doing the modifications I also did, however.

Who is online

Users browsing this forum: No registered users and 71 guests