The open source ESP8266 esptool that’s part of the esp-open-sdk is used as a tool to create a firmware image from elf image/binary. It is also used to flash/program an ESP8266 with this firmware image. In addition you can do the opposite, download a firmware image.
Browsing through the
esptool.py source code I found an interesting piece of
binary blob I just had to take a closer look at.
It is used in the following python function.
This means the stub is prefixed with 3x 32bit integers, respectively
The stub plus prefix is flashed into memory @
0x40100000 and then execution
0x4010001c meaning that first 4x 32bit integers of the stub
is probably data.
I figured, this was a perfect use case of showing how to use radare. Here it is:
There you have it!
esptool uploads the sflash stub and executes it.
The stub itself contains a small function which calls two functions in a loop.
SPIRead is called to fetch a block from flash into RAM.
send_pakcet is called to send this block back over UART.
send_packet resides in ROM and are so called