<a href="http://imgur.com/a/Z1hyd" rel="nofollow">http://imgur.com/a/Z1hyd</a> has a few parts labeled<p>theres a main processor which is way overpowered (the big TQFP part) which is covered by a plug-in 2G GSM/GPRS modem. You can 'sniff' the modem control pins, its almost certainly the standard plain 'AT' command set used for these modems, at 9600 or 57600 baud, 3.3V logic<p>The plug in module looks a lot like a SIM300 or Spreadtrum 5100b. It probably had an IMEI sticker that was pulled off. Theres probably a dozen makers of nearly identical modems during that time period. This one looks fairly old since its a plug-in type. I'd guess the GSM module is at least 5 yrs old<p>On the other side is a standard 32-pin NAND flash, you could desolder and then use a NAND-reader kit (google etc) to suck the data off. its probably just the GPS coordinates stored between modem data uploads.<p>SIM holder, some crystals, power circuitry, and a (95% sure) uBlox GPS - the uBlox have that funny shape and pinout. uBlox have high sensitivity so a good choice! unclear which generation this us, they're up to Neo-8. You could decap it to find out.<p>probably the most fun could be had by first figuring out the RX/TX pins from the microcontroller to the GSM/GPRS module, then soldering thin wires to that and listening with a UART TTL cable. Put in a new SIM, wait a few seconds for the GSM module to get onto the cell network, then quickly faraday it up and see what website, IP address or phone number the micro is trying to connect to. ymmv tho, might just be a random drop point.<p>(theres a bunch of chips with no clear markings, could be motion/accel/gyro or other sensors - @ioerror if you post up the #s on each chip it'll be easier to tell! :)<p>edit: i thought about the huge coin cell battery backup. its a bit odd, quite large sized! if its well designed, the microcontroller will detect that the battery has been disconnected, and while on backup coin cell power quickly erase the NAND flash and microcontroller memory :(