Now if you are dangerous enough to remove the Li-Ion battery, LCD, and desolder the NAND Flash TSOPs then you will pretty much have a bare board. That’s what we’ll be showing you today. Let’s start with the back of the board – go ahead and click the pic for a little higher resolution if you need.
On the back of the board we can see the support hardware and ancillary bits.
- 1.3MP Camera with video function (no flash or torch light)
- MicroSD/TransFlash socket
- USB 2.0 port
- Video Out (and maybe IN) jack
- Headphone out jack
- Back of the Analog Joystick
- Footprint for Flash 2 extended storage
- CPU Serial Port – Note this location, folks. You’ll be soldering here soon!
Continuing on with the front of the PCB…
Fig 4 – Front of the PCB with all the cool bits labelled
Here we can see most of the interesting IC’s in the list of goodies.
- CPU – Sunplus SPMP8000A Media Processor (ARM926) with plenty of bells, whistles, and media-decoding subsystems to make it worth a second look.
- DDR – 16MB (boo) Hynix HY5DU561622ETP
- Flash 1 (Main Flash) – Can be various devices and sizes. Ours was Hynix H27UAG8T2 2GB
- Analog Joystick ala PSP
Not bad. A nice, compact, low-cost system ripe for the hacking. This pretty much concludes our overview for today, so go start fetching datasheets and installing the ARM toolchains in preparation for some pretty deep hacking that’s about to take place. In order to whet your appetite, we’ll leave you with a few fun facts.
- Absolutely no firmware signing, checking, or security
- Built in bootloader accessed by plugging USB while holding a magic button, or by starting up or plugging USB with no flash or blank flash installed.
- Bootloader automatically executes anything you send to it, as the firmware updater consists of first sending a flashing program, then sending a flash image. What could be easier – you can run your own code in 30 seconds!