I am currently trying to follow this tutorial to reverse engineer an esp8266-01 firmware dump I retrieved from flash.
The esp8266 processor is based on the Tensilica Xtensa and radare2 supports its instruction set when started with the -a xtensa flag. From the tutorial I also know that the following segments exist (quote from above link):
0x40100000 – Instruction RAM. Used by bootloader to load SPI Flash <40000h
0x3FFE8000 – User data RAM. Available to applications.
0x3FFFFFFF – Anything below this address appears to be data, not code
0×40100000 – Anything above this address appears to be code, not data
I know that the entry point is contained within the header of the file, and in my case is 0x4010f29c.
Now to my question: How do I go about telling radare2 all of these values and map the segments correctly? All I've come up with so far is to map the file like so:
radare2 -a xtensa -m 0x4010f29c flash.bin but I'm pretty sure that's not really what I want.
Thank you so much in advance! <3
