May 11, 2018

The ESP32 bootrom - read from the chip

The esptool.py program is happy to do this for us. I used the following Makefile.

This was reasonably fast using my WeMOS board, but runs at glacially slow speed with my Sparkfun thing board. No doubt because the "thing" has a 26 Mhz crystal and there is some baud rate mismatch. I am surprised that it runs at all. This may be something I will want to iron out before I start loading code into the "thing".

Once I read out the image from both of these boards and compared them, it turned out that they are identical, which is what you would expect. Both are ESP32-D0WDQ6 chips.

# Makefile for ESP32 reverse engineering
# Tom Trebisky  5-12-2018
#
#   currently on my system the following
#   environment variable is set:
# IDF_PATH=/opt/esp32/esp-idf

all:
	@echo "You need to be more specific"

#PORT           = /dev/ttyUSB1
PORT           = /dev/ttyUSB2

ESPTOOL = $(IDF_PATH)/components/esptool_py/esptool/esptool.py -p $(PORT)

info:
	$(ESPTOOL) read_mac
	$(ESPTOOL) flash_id

#ROM0_SIZE = 65536 * 5
ROM0_SIZE = 393216
ROM1_SIZE = 65536

rom1:
	$(ESPTOOL) dump_mem 0x3ff90000 $(ROM1_SIZE) esp32_rom1.bin

rom0:
	$(ESPTOOL) dump_mem 0x40000000 $(ROM0_SIZE) esp32_rom0.bin

Feedback? Questions? Drop me a line!

Tom's Computer Info / tom@mmto.org