I've recently been reverse-engineering parts of the JXD201 firmware. So far, I've managed to create a custom firmware that will accept binary format executables over the serial port, and run them.
A dump from my serial terminal:
Code:
S+
Ver:1.2
Boot From Nand
S+
Erant's CBL (Crappy BootLoader) BUILD: 5
Press C to continue regular boot.
Press L to load binary data.
Unfortunatly, I havn't been able to find the memory locations for the GPIO pins, nor for the display. I have been able to determine that the original firmware for this device is most likely an RTOS. It uses a function call very similar to: add_thread(void (*ft_pointer)(), char* stack, stack_sz, int priority, char* threadname); to add a shitload of background threads, like KeyDriver, FileSystem, BackGround, GAME_CTL, etc.
I'm willing to share my custom firmware, if anyone wants it. You need a serial link soldered to your PMP, and you need to know your way around C and GCC (I use devkitARM).
What I was wondering was wether there was anyone also involved in reverse engineering these devices, that maybe has some information to share?