Reverse engineering BBK @ibox H2

步步高打火机学习机,哪里不会点哪里!

The BBK @ibox H2 is another device that I had previously played with, one of my classmate had it, so I’m interested in seeing it again. It also uses the JZ4740-series Ingenic SoC. With the knowledge and skills that I now have, I should be able to reverse engineer its software, then emulate it using QEMU without having access to the hardware.

Its software is surprising difficult to reverse engineer. Here I recorded the steps I took to understand its software architecture, and I’ve learned quite a few new things in the process.

Read More

逆向分析诺亚舟 NP7000 的诺亚神舟系统

最近在搞模拟诺亚舟学习机,群聊里提到了 NP7000。

NP7000 蛮有意思的,它使用的是诺亚舟自制的诺亚神舟操作系统,我之前也蛮有兴趣想研究逆向一下这个系统怎么设计的,底层怎么工作的。
正好 NP7000 使用的是君正的 SoC 芯片,文档比较全,我之前模拟的学习机也是君正系列的芯片。

模拟器使用的是修改过的 QEMU 来支持各种君正的硬件外设,这里有我写的相关的 Wiki 页面:
https://github.com/OpenNoah/OpenNoah.github.io/wiki/NP7000-Emulation

Read More

Reverse engineering NOAHOS-V2 on NP7000

By group chat requests, I started looking at emulating various e-learning devices manufactured by Noahedu.

NP7000 is a particularly interesting device, as it runs a fully custom NOAHOS operating system that I was always interested in reverse engineering, and it uses Ingenic SoC with available documentation and I have prior experiences working with and emulating them.

Emulation is done using a patched version QEMU to support various Ingenic peripherals, here is the relevant wiki page I wrote:
https://github.com/OpenNoah/OpenNoah.github.io/wiki/NP7000-Emulation

Read More