The CPU and all essential components are BGA which makes it extremely difficult to get any kind of probing going as one can't trace alternate vias and points. It also appears that all routing between components such as for example CPU to NAND is done via internal layer in PCB. Alternate test points may exist but in order to trace where they connect it will be required to remove the chip from the board. While not an impossible task, there is a high risk of damage to either the chip itself or PCB and surrounding components.
What's more interesting is the points on the left side of the CPU. There is a group of 6 points forming a letter "C". Looks very suspicious and JTAG like. Then there are 2 points below the 6 which could be DAP.
JTAG pinouts I've seen in devices:
TCK - Clock
TMS - Mode Select
TDI - Data In
TDO - Data Out
TRST - Reset
GND - Ground
4 pins are required for JTAG with Reset (TRST) and Ground (GND) being optional. If you pay attention to the shape, you'll see that 4 pins are lined up vertically, with 2 pins not being part of that group but kind of sitting on their own to the right.
The 2 points below the "C" could very well be for debugging.
Upper left corner of CPU:
http://www.4gamer.net/games/017/G001762 ... TN/025.jpgOn a side note, some photos such as those from techinsight show NAND as Toshiba model, eMMC NAND 4GB version. Also, the main CPU is developed by Toshiba and the main processor is actually system-in-chip with ARM core developed by Toshiba, DRAM modules from Samsung and a small internal flash (bootloader?), all inside a single package.
Toshiba NAND:
http://www.ubmtechinsights.com/teardown ... n_id=13825I don't expect that the points I mention will do anything or serve any purpose since JTAG/DAP could possibly be disabled in-chip and the only way to re-enable them would be to perform full chip erase (many MCUs employ such security mechanism), but doing so would probably turn Vita into a nice looking paper weight as I believe chip-internal flash contains bootloader or some other critical software necessary to get main OS/recovery going from NAND.
If you have logic analyzer and/or bus pirate you can try playing with 6 pins. Tracing ground should be easy. Finding reset shouldn't be too difficult either. I would be careful with logic levels though. Finding out what logic levels Vita uses before putting any signal on the bus or test points should be the first step, otherwise you run at risk of damaging the chip input buffers or other circuitry as we don't know if the chip has overvoltage protection.
