I'm trying to RE a Novatek NT96650 based trail cam. This device is circa 2012, and has a MIPS32 24Kec core.
- I have copies of the firmware,
- I have extracted the contents of flash,
- and have a pretty good assembly language listing of it from Ghidra.
But I am now stuck trying to get any further. The listing shows the detail of (what I assume is) device drivers for memory-mapped peripherals, but the Novatek device and dev environment are not documented. Without the ability to (say) isolate LCD management code or flash access code, I am really struggling to make any sense of it.
I do not have any low-level access to the device, or the ability to upload amended firmware. Does anyone have any suggestions on other information sources I could use or techniques I could try? I did wonder if Novatek's SoC architecture is maybe similar to other MIPS vendor's devices, and I might get some clues from that. Does anyone have any idea if that idea is a runner, and if so where I could look?
