Anyone seen these handheld retro units from China? Gba, gb, gbc, nes, snes, Sega, psx, cps1+2.
I'm trying to locate firmware. Factory or otherwise, trying to figure out what this is running.
No problem. I've got a small army of development boards. It's very possible I can find a way in. PS4 was modded using the same setup. And this has absolutely nowhere near that type of security I'm sure.That's awesome!
Man, im crossing my fingers. Hopefully this unit can be improved. Thanks!
Haven't had any luck finding the firmware. Their site afaikn cannot be translated bc it uses images instead of text. I am trying to contact a Chinese friend with some tech knowledge to see if he can find out more in the site, or in the social network used in china (Weiboo). I'll keep you posted.
There is another thread here with more up to date information, including a newer firmware. Here is the link:
Has anybody got further with this I'm needing the powkiddy x18 firmware and I'm stuck cant find it anywhere.
Please keep us posted, its a shame that those old posts disappeared because there was a lot of good info there. Have you tried reading the flash with a bin walk? Kind of something similar to what they did with the game+watch handheld. Might be a good place to start.. or was that what you meant when you mentioned the dev boards/ps4 hacking?..The other threads on this seem to have vanished, i have the firmware download linked on techtoytinker.com
I was digging into this device more today, despite seeing the internal memory im not convinced we are 100% in yet. the emulators seem to launch from ./emulator but we cant see that folder. I do however have a theory it might be possible to add an emulator to G drive as it now pops up on pc, and write a script that points there. there is a lib folder on g, and on other devices like this putting libs in there is detected at launch, so thats something at least.
I'm new here to posting but have been here a few times looking at the old x16 post. I have an x12 model so I've been digging around trying to find any information I can in regards to the hacking/homebrew scene. Not a bad device for the money but definitely has its shortcomings.The other threads on this seem to have vanished, i have the firmware download linked on techtoytinker.com
I was digging into this device more today, despite seeing the internal memory im not convinced we are 100% in yet. the emulators seem to launch from ./emulator but we cant see that folder. I do however have a theory it might be possible to add an emulator to G drive as it now pops up on pc, and write a script that points there. there is a lib folder on g, and on other devices like this putting libs in there is detected at launch, so thats something at least.
Yeah, got that , thanks a lot. Well in the meantime I kinda figured it out, all except the modify the bit in the encrypted firmware, that didn't occur to me. I guess based on the decrypt software we could write one that does the encryption back.Hello @mforce2 and @ThegreatHAMbino !
You just gave a lot of info, I had never found the PDF explaining the whole dev process before, I wish you were here few years ago when we started the first thread
There are still some issues because we don't have the toolchain they are using (SDE). SDE has been replaced and I was not able to find it back.
Regarding the modified firmware, I did the step step as you did: I used the atjboottool you found, it gave me an SQL database. I guess it's the role of the flasher to go through the tables and flash the files one by one to the NAND flash. Anyway, I checked all the table with a classic SQL database explorer, then I checked the configuration files (txt), and there was a single flag called "mount system partition = 0" or something like that. My goal was to find the bit in the encrypted firmware in order to modify it. The fact is the encryption used by ATJ is quiet simple, each byte is encoded by using a XOR with a specific value, the good thing is each byte is encoded independently. This means that changing encrypted byte X will not affected byte X+1 encryption/decryption.
Anyway, after understanding this, and after finding the byte to modify, it was quiet simple, so I used a hex editor (dhex on linux) to modify directly the encrypted firmware.
I hope it was not too confusing
I haven't tried modifying/adding a whole file to the SQL database and re-encrypting it. In that case, we'd need to write an ATJEncryptTool as I couldn't find one