Questions about reverse engineering of a bootloader

Hi, I'm learning reversing, practicing with a old router(Huawei HG532s)
I extracted the router's flash content with a script of this post

I have used binwalk to see the differents sections, with binwalk -e I have localiced the first section which seems be the bootloader. With ghidra i have analyzed this mips section and i found that there is a lot of references undefined , I know that I have to fix the memory map but I don't know how because the memory maps that appears in the previous web points to a lot places out of bootloader.
This is my problem, I want to repair the references because when the router boots it appears any strings that I would like to find where in the code are called.

Router booting:

RT63365 at Wed Dec 17 16:09:06 CST 2014 version 0.8 Memory size 32MB Found SPI Flash 8MiB S25FL064A at 0xb0000000 Press any key in 3 secs to enter boot command mode. Search PHY addr and found PHY addr=0

I would like to find for example where is called the string "Press any key in 3Secs"

The question is how could I correct the references to locate where the strings are called to get more information about the bootloader's operation?

1 Like