Tell me what you want, What you really, really want.

Moderator: Mmiscool

User avatar
By tcpipchip
#51166 Well, my suggestion is implements a command (UDP LISTEN) that waits for a BASIC commands (ASCII), for example

tft.setup(16, 4, 3) + cr+ lf (simple setence, only with 1 instruction)...

Then interprets at time!

Then the main basic routine can be a loop that waits for UDP command and executes it.

The idea is the BASIC be connected to internet and we send BASIC commands using UDP.

What do you think ?

Miguel
User avatar
By livetv
#51749 This would be a very powerful but potentially dangerous feature. How would you safeguard against hacking? I can see how I would use it, but consider this scenario: I put together an application in BASIC which uses configuration files read by my code to do things like signing in to my router, logging in to an external server, keeping encryption keys, etc. What happens if a hacker uses BASIC commands to view the contents of these configuration files? Now she has access to my router and server and an encryption key to boot. This could also put my esp8266 in the role of a proxy, doing abusive things on the Internet from my IP address. This would have to be very carefully thought through.
User avatar
By livetv
#54929 I gave this some thought and have a kludgy solution using three separate files:

Code: Select all=== DEFAULT.BAS ==
' Put program and variable initialization here.
let safe_remote = "123.45.67.89:4568";   ' Might read this from a file instead after pulling it from a safe web server
udpbegin 4567
load "main.bas"
wait
=== End of DEFAULT.BAS ===

=== MAIN.BAS ===
udpbranch [UDPreceived]
let execute_cmd = 0
do
  ' Do whatever else you want the main program to do.
  ' put an optional delay here
  while execute_cmd = 0
load "/data/executable.dat"
wait

[UDPreceived]
let newcode = udpread()
' Check to see that command came from a trusted source and bail out if not
if udpremote <> safe_remote then return
' Build EXECUTABLE.BAS from the received command line plus a line to reload MAIN.BAS when complete.
let newcode = newcode & chr(13) & "load " & chr(34) & "main.bas" & chr(34) & chr(13)
write("executable", newcode)
let execute_cmd = 1
return
=== End of MAIN.BAS ===


Theory: The DEFAULT.BAS program handles initialization and then runs the meat of the program found in MAIN.BAS. If a command is received via UDP, the source IP is checked for safety. If it passes, the command is written to EXECUTABLE.DAT along with a load "main.bas" line to return control to the main procedure where the usual fun and UDP listening happens. After the executable file is written, a flag is set to allow the executable to run. The actual execution is not done in the UDP interrupt to avoid a stack overflow. Once control returns, the main loop drops out, the EXECUTABLE.DAT file is run, then MAIN.BAS is reloaded and run.

I see one flaw: If a UDP packet is received while EXECUTABLE.DAT is running, an error will be thrown because the interrupt routine will not be present. This can be avoided by stopping UDP listening before launching EXECUTABLE.BAS and restarted in MAIN.BAS but there is a risk of missing UDP messages altogether.
User avatar
By Mmiscool
#55125 unfortunately I think this is going to be a hard no to implement as a feature.

This would open up a security hole a mile wide and could be wildly abused.