Now if you are dangerous enough to remove the Li-Ion battery, LCD, and desolder the NAND Flash TSOPs then you will pretty much have a bare board. That’s what we’ll be showing you today. Let’s start with the back of the board – go ahead and click the pic for a little higher resolution if you need.
On the back of the board we can see the support hardware and ancillary bits.
- 1.3MP Camera with video function (no flash or torch light)
- MicroSD/TransFlash socket
- USB 2.0 port
- Video Out (and maybe IN) jack
- Headphone out jack
- Back of the Analog Joystick
- Footprint for Flash 2 extended storage
- CPU Serial Port – Note this location, folks. You’ll be soldering here soon!
Continuing on with the front of the PCB…
Fig 4 – Front of the PCB with all the cool bits labelled
Here we can see most of the interesting IC’s in the list of goodies.
- CPU – Sunplus SPMP8000A Media Processor (ARM926) with plenty of bells, whistles, and media-decoding subsystems to make it worth a second look.
- DDR – 16MB (boo) Hynix HY5DU561622ETP
- Flash 1 (Main Flash) – Can be various devices and sizes. Ours was Hynix H27UAG8T2 2GB
- Analog Joystick ala PSP
Not bad. A nice, compact, low-cost system ripe for the hacking. This pretty much concludes our overview for today, so go start fetching datasheets and installing the ARM toolchains in preparation for some pretty deep hacking that’s about to take place. In order to whet your appetite, we’ll leave you with a few fun facts.
- Absolutely no firmware signing, checking, or security
- Built in bootloader accessed by plugging USB while holding a magic button, or by starting up or plugging USB with no flash or blank flash installed.
- Bootloader automatically executes anything you send to it, as the firmware updater consists of first sending a flashing program, then sending a flash image. What could be easier – you can run your own code in 30 seconds!
[...] SPMP8000 via serial port – Part I By openschemes, on January 12th, 2010 As you may have read in our first article about SPMP8000 hacking, this PMP has an easily-accessed serial port on the mainboard. To better get to know your PMP [...]
Hey there! I arrived at your blog via this post and I liked it so much I’ve subscribed to your rss feed. Thanks for the useful content!
I have the same device that you guys have…… and my biggest question was is there anyway to modify its circuit so that it will have an A/V-In port function so it can be hook to any device with an A/V-Out……… cause I’ve been planning to make a modification regarding this PSP clone…….
I also own this mp5 player. Unfortunatly my one is broken so i need to reflash the firmware. Is it possible to get your dumped firmware?
kind regards
so9
No, we won’t give it out because the firmware is copyright whatever junky manufacturer shat it out.
Sorry.
Try the MP5 forums, they seemed to be cataloging every possible firmware and which ones works on which devices.