Hello everyone. Hopefully this is the appropriate place to ask for help
Long story short, i've extracted the firmware from a chinese bluetooth speaker, because i want to modify the terrible chinese speaker voice prompts, along with the bluetooth name of the speaker.
It's a tiny speaker, and before i go into depth, here's some background information:
- The MCU/Main proccessing unit is a 'Anyka AK1052', which should be based on ARM architecture.
- The bluetooth/FM Chip is a: RDA/RDK 5876
- The firmware is stored on an eeprom: GD25Q16B
After doing extensive research on a lot of chinese websites i've found the manufacturer behind the firmware and speaker circuit/MCU. Apparently it's a custom firmware/operating system that's running on the board, which they call 'Spotlight10/Spotlight10C'.
- Analyzing the firmware dump, it's possible to find some different directoy entries (BOOT, PROFILE, PROG, VOICE).
- Running binwalk on the firmware dump, i'm not able to find any signatures.
- Running the 'file' command on the firmware dump it interestingly comes up with the following:
Apple DiskCopy 4.2 image , 3359642880 bytes, 0x2000 tag size, GCR CLV ssdd (400k), 0x0 format- The bluetooth speaker name can be found near the end of the firmware dump (BQ-615PRO) - Possibly it's just a matter of replacing the name here, to solve that.
I've not been able to come any further with this project, so hopefully someone can help me, extract and or replace the chinese speaker voice. It would be awesome also to somehow be able to extract the whole operating system/firmware, just for the learning experience, however my main interest is really to replace the chinese speaker voice and sounds.
I've attached the firmware dump and an entropy of the firmware dump. Thanks!