Extracting ESP8266 with OTA partitions.

[Jose Morales]

Hello all, I have been pondering on getting to do some reversing on the ESP8266.

I have extracted a firmware that has a OTA partition on it, and I'm struggling just to extract the App partition.

Here is an excerpt of the output...

esptool.py --chip esp8266 image_info flash_4M.bin

esptool.py v3.3-dev

Image version: 1

Entry point: 4010057c 3 segments

Segment 1: len 0x00a20 load 0x40100000 file_offs 0x00000008[IRAM]

Segment 2: len 0x002fc load 0x3ffe8000 file_offs 0x00000a30[DRAM]

Segment 3: len 0x002a4 load 0x3ffe82fc file_offs 0x00000d34[DRAM]

In theory, I should be able to just use esptool.py and read_flash with a give offset, but I'm not getting any success.

I'm able to get to the code on Ghidra, but for some reason, it's not capturing a good amount of data that is there, so I'm guessing it's mostly do to a poor memory map setup on Ghidra, I'm hoping someone can share is they've been more successful.

Cheers,