Reader

so you probably had one of these, they are cheap chinese mp4 players, if you had more than one you'd know becaues they all have the same ui, even though something might differ, an app, the start menu, the brand, they all use the same chip and base software which is made by Actions.

its either the ATJ2127 or the ATJ2157, i do have an atj2157 which compared to the atj2127 is slightly more powerful i think and its arm-based, compared to the 2127 which is mipsel (mips 32 bit little endian). but im going to do work on the atj2127, i have 2 mp4s with the atj2127, 1 is the BT-8057R and the other is the BT 1680R. im going to do work mostly on the BT-8057R.

this one is one of the more recent models: it has got an spi nor as an internal storage for firmware and user settings but uses an external sd card up to like 64gb(even though you can use higher sdcard capacity the main partition has to be lower than 64 or somewhere around there) for videos photos audios on so on, and it has bluetooth.

some time ago i managed to use an arduino with some voltage dividors to make a really hacky setup to dump the spi nor on the device and it ended up making a 16MiB dump. running this through binwalk was essentially pointless as it just finds 2 AES S-Box's which im pretty sure are false positives anyways and a copyright text which is actions copyright.

however when running strings we find that there are the ui strings but most importantly stuff like this ./../../../casenor/ap/bluetoothaudiosource/mips16o0/a2dp_hdl.c

these are compiler paths and i found this repo https://github.com/Suber/PD196_ATJ2127 which is apparentely a leak of actions sdk. even with a very long pdf in chinese on the device which might be really helpful. but that compiler path follows the exact structure of that repo. except the repo is case. aka for the old devices that didnt use an external sdcard and had an internal NAND which held both system, user settings and files.

now i tried compiling the stuff on that repo but its essentially impossible. i mean im pretty sure it isnt but like it requires toolchains that are honestly so outdated its just a joke and setups i wont even lose my time on getting working. at the time i also found this repo https://github.com/ilyakurdyukov/actions_flash which lets me run arbitrary code on it through the like flash or update mode? which works but that also contains a nandreader which, you guessed it wont work on here because its a nor.

now what i always wanted to do is have some way of like be able to modify the firmware and maybe make some funny changes like idk make a custom theme maybe? perhaps i could even write my own emulator (spoiler no i cant because i barely know python, i dont know a single thing of C* languages) but for a fact I probably need an emulator because it would make debugging and understanding how it works much much easier. except making the emulator in the first place is already pain. now i'd figured it has some sort of UART output. which it does https://www.datasheetcafe.com/wp-content/uploads/2022/06/ATJ2127.pdf but its apparentely locked under this EN1 and when i tried reading last time it didnt work.

i was so desperate i even tried loading the nor dump in ghidra but remember i dont know a single thing about ghidra xd.

there are some tools which can decrypt the upgrade files. would have been useful if i had a single update file. i looked in the manufacturer website and there's nothing. heck i even tried contacting them and they told me theres nothing!

while searching i just found this https://gitlab.com/reverse2682701/ruizu-x02-rev so something has happend. and they do modify the resource files which i knew were a thing. i managed to understand myself some time ago. like i managed to understand .ap were the apps and .sty .res were like resource files but never understood how they worked. even because there was no way to “extract” them from the firmware or atleast i couldnt find a way to easily do so.

but for now. this is all i really got so far, ill keep trying new stuff until i get something great.