1. Datasheet.

So thanks to the datasheet, we know now that Lunii chipset is based on a 16bit DSP core and I also found out that the 10 pts connector is belonging to ICE-Debug (very known in the arduino/avr world) and not for UART or SWD.

Unfortunately I don't have an ICE-Debug probe. Maybe I have to consider to buy one if I'm stuck.

On the other hand according to the chip pinout, the UART seems to be on p4.10 and p4.11 lines which I have to trace to see if I can still hook through a Logic Analyzer.

2. Googling

Some googling about the chip name lead me to an interesting paper about reverse engineering a toy called "Teddy Ruxpin" which it is based on the same Sonix chip SNC7001A.

The paper contains useful information about the proprietary audio format "AU".

@Frederic Renet who just joined the project point me also to an interesting code in github that contains code which we believe it for the SNC7001A firmware. But we don't know how we can build/flash it.

3. SDCard Dump

I successfully dumped the SDCard (I will upload the dump somewhere tomorrow). The size of the dump is 8G. but I found useful raw data only starting from address 0x03ad2000

$ hexdump -C lunii.dump

03ad2000  05 00 07 00 0a 00 04 00  fb ff f4 ff 00 00 03 00  |................|
03ad2010  ff ff 09 00 08 00 03 00  0c 00 04 00 fe ff fc ff  |................|
03ad2020  ff ff 11 00 06 00 01 00  fd ff 00 00 01 00 0a 00  |................|
03ad2030  18 00 0b 00 11 00 12 00  12 00 05 00 ff ff f7 ff  |................|
03ad2040  17 00 0f 00 13 00 13 00  06 00 03 00 16 00 21 00  |..............!.|
03ad2050  24 00 11 00 f9 ff 0f 00  f4 ff ec ff 18 00 03 00  |$...............|
03ad2060  ed ff df ff 2c 00 29 00  00 00 09 00 02 00 e8 ff  |....,.).........

=====

Next Steps

1. Looking for SNC7001A Toolchain/SDK.

2. Try to find the UART.

3. Try to buy a ICE-Debug.

4. Learn more about Sonix proprietary audio format.

5. Analyze more deeply the sdcard dump.