ESP Firmware Image Support

[brandond]

I have some firmware images dumped from the flash of a few IOT devices whose functionality I'm trying to re-implement using ESPHomeLib. They all appear to be in esp8266 v1 format. It appears that the esptool.py 'elf2image' command grabs various parts of the ELF binary (IROM, TEXT, etc) and packs them into the format that the on-chip bootloader wants. It does not appear to have any code to do the reverse - convert the flash image back to an ELF binary for analysis.

Is there any way I can analyze these files with ScratchABit, or is it pretty well dependent on having an ELF binary?

[pfalcon]

ScratchABit is a completely generic solution, operated by plugins. As long as you have (written) suitable loader plugin, it will load anything. ELF loader is nothing but a plugin shipped with the main repo. For simple formats (no symbolic relocations, etc.), you can just split images to raw binary sections (by any tools you like) and load where needed.

The original motivation for writing ScratchABit was reverse-engineering ESP8266 code. See example project at https://github.com/pfalcon/xtensa-subjects

[brandond]

Alright, I'll take a look at that. It looks like in your project rather than writing a whole loader you're just importing the scratchabit module and calling it on blobs of extracted ROM dump. Would you recommend that I start that way, or would it be better to write a proper loader that understood the images?

[pfalcon]

Just use common sense: what's your aim - writing loaders? Or reverse engineer a firmware? ;-) The quickest solution is the best. YMMV