I got some more information.

Turns out that the dump's SHA1 itself matches the one in MAME as the 36pcase device, which is currently non-functioning.

Yes, it's a VT369, but there's a bunch of extra registers all through 0x41xx. I can't tell whether these simply aren't in https://www.nesdev.org/wiki/VT02%2B_Registers or whether it's a VT369 derivative. I've identified the LCD backlight switch, for example, on 0x4144 and 0x4146. The MAME source does describe some of these extra registers but not all of them. Is there any good source for VT369 documentation? The MAME source describes way more registers than any of the wikis.

If it's a VT369 then it'll be starting up from the internal mask ROM, which makes sense from what I'm seeing sniffing the SPI. I'm going to try and dump this; I've no idea if it's different to any of the other dumps around. Maybe that'll make MAME emulation work. I'm hoping there isn't an internal I2C device in the blob; looks like some VT369s have this.

Also, I broke the screen. Dammit.

I'm pulling apart a 36-in-1 phone case thing which plays NES games. I've dumped the ROM and have got as far as figuring out that it's some late VTxx device, possibly a VT369, with the ROM on SPI flash connected via a 90MHz (!) SPI bridge. This makes it quite interesting because it's relatively easy to reprogram.

I gather that emulators like Nintendulator stand a chance of playing this, depending on the details of the implementation, but I've found that Nintendulator insists on there being a valid .nes header on the top of the image. What's the right header to put on something like this?

Thanks!