Re: Firmware Dump
Posted:
Sat Sep 06, 2014 2:13 pmby Claude
Here is a dump from my Wi07c (version 091).
I patched flashrom by myself , was just a matter of adding a new struct to flashchips.c . All the correct IDs for the W25Q40BV were allready there
Edit : somehow my attachment doesn't show up , here is a link to the dump
https://drive.google.com/file/d/0B_5UXaEUPGdZMW1QWnVETVRpYU0/edit?usp=sharing
Re: Firmware Dump
Posted:
Sat Sep 06, 2014 3:31 pmby obvy
Ok, so previously posted esp8266.bin (alleged I-ROM image) is not contained in this latest FlashROM dump. The latter consists of several parts:
0x0 (256K) - AT command handler (based on the strings), sized ~32K, padded with zeroes for 256K len
0x40000 - 0x7c000 - something without a single ascii string, padded with zeroes (actually ends at ~0x61200)
0x7c000 - 0x7e000 - apparently config area
0x7e000 - 0x80000 - pristine unprogrammed 0xff
Re: Firmware Dump
Posted:
Sat Sep 06, 2014 5:13 pmby jonsmirl
Layout of the flash chip
Boot 4KB
Flash.bin 64KB
irom0text.bin 172KB
User parameters 16KB
Duplicate this twice to make 512KB.
The duplicate copy is to support OTA update which may fail.
So maybe this is some kind of scheme where the ROM section is hardware cached from the flash to make it imitate a ROM.
Could it be:
64KB of real RAM
172KB of cached pseudo ROM?
Where the cache might consist of two 4KB hardware pages that fault in pages from the flash chip as needed?
Re: Firmware Dump
Posted:
Sat Sep 06, 2014 5:58 pmby Squonk
Apparently, the layout is simpler than that, since what is in 0x40000 is not a copy of what is at 0x00000.
My guess is:
- flash.bin @ 0x00000
- irom0text.bin @ 0x40000
- some config @ 0x7c000
- blank.bin @ 0x7e000