Editing Talk:Keys

Jump to navigation Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
= Battery Keys =
== A01V13M07G chip ==
<pre>
New Key 8: 0A2E73305C382D4F310D0AED84A41800
New Key 9: D20474308FE269046ED7BB07CF1CFF43
New Key A: AC00C0E3E80AF0683FDD1745194543BD
New Key B: 0177D750BDFD2BC1A0493A134A4C6ACF
New Key C: 05349170939345EE951A14843334A0DE
New Key D: DFF3FCD608B05597CF09A23BD17D3FD2
</pre>
= Even More Keys from Kicho & Dencho =
<pre>
23 1B 76 C8 E3 49 0C AD  05 BD 59 4C 1B 63 40 BE
</pre>
* from TEST.prx, used for some umd seed generation
<pre>
"FlashROM PreCalc"
</pre>
* from flashData.prx, used in idStorage 256-320 generation
* https://github.com/mathieulh/Despertar-Del-Cementerio/blob/master/idsregeneration/main.c#L5749
<pre>
"Key-Info MI-Node"
</pre>
* from flashData.prx, used in idStorage 256-320 generation
= Wake Me Up Before You Go Go =
== HandShake 0x80 ==
<pre>
Key EB
418499BE9D35A3B9FC6AD0D6F041BB26
Challenge 1 EB
0BD9027E851FA123
Challenge 2 EB
F791ED0B3F49A448
Key B3
03BEB65499140483BA187A64EF90261D
Challenge 1 B3
DBD3AEA4DB046410
Challenge 2 B3
E32B8F56B2641298
</pre>
== Handshake 0x90 ==
<pre>
Yet another battery handshake key 1
880E2A94110926B20E53E22AE648AE9D IV/DATA
Yet another battery handshake key 2
C66E9ED6ECBCB121B7465D25037D6646 KEY
Yet another battery handshake key 3
DA24DAB43A61CBDF61FD255D0AEA7957 KEY
Yet another battery handshake const val
82828282
</pre>
== Flash Update Handshake ==
<pre>
Flash Update Handshake key1
78721A6284050ACF07F52C6EBAA32F98
Flash Update Handshake key2
08489E59EDD0666E6A83237585C795CB
Flash Update Handshake shared secret 1
6EBE650DCEDCB6163158AC0CAD158907
</pre>
= Other Key Material =
<pre>
TA-093 RCON
01020408102040801B366CD8AB4D9A2F5EBC63C697356AD4B37DFAEFC591A9037ED9F08993B79A7C773C0D264810A081FE192402DEFC87AC3C332B48B4EB
TA-093 ???
6A659283E3C41709214D8F29C6BACAFF67C419A2D064F04FA01271307A2BC5F5A56E
TA-093 Other Device Key0 (message)
03763C6865C69B0FFE8FD8EEA43616A0 (KIRK 4/7) (0x14)
TA-093 Other Device Key1 (Handler)
C1BF66818EF953F2E1266B6F550CC9CD (KIRK 4/7) (0x69)
TA-093 Other Device Key2 (Handler)
7D50B85CAF6769F0E54AA8098B0EBE1C (KIRK 4/7) (0x15)
TA-093 Other Device Key3 (message)
F10730C311E026FCF87B50AEA3D17BA0
TA-093 Other Device Secret0 (Handler)
8D5DA608F2BBC6CC
TA-093 Other Device Secret1 (Handler)
34DB81241D6F4057
TA-093 Other Device Secret2 (Handler)
E0DC41AFC2CD1C2D
TA-093 Battery Magic String (Handler)
SonyEnergyDevices\x00
TA-093 Other Device Secret3 (session)
0B2385010FB279BD
TA-093 Other Device Secret4 (session)
E1C3ECA91959040D
TA-093 Other Device Secret5 (session)
661A4D7F6ECD33C52BF5F29586A76448
</pre>
= V5 Script for comms of battery =
<pre>
#!/usr/bin/env python
'''
PSP v4 Syscon Handshake Calculator by Proxima (R)
'''
from Crypto.Cipher import AES
import os
keystore = {
0: [0x5C, 0x52, 0xD9, 0x1C, 0xF3, 0x82, 0xAC, 0xA4, 0x89, 0xD8, 0x81, 0x78, 0xEC, 0x16, 0x29, 0x7B],
1: [0x9D, 0x4F, 0x50, 0xFC, 0xE1, 0xB6, 0x8E, 0x12, 0x09, 0x30, 0x7D, 0xDB, 0xA6, 0xA5, 0xB5, 0xAA],
2: [0x09, 0x75, 0x98, 0x88, 0x64, 0xAC, 0xF7, 0x62, 0x1B, 0xC0, 0x90, 0x9D, 0xF0, 0xFC, 0xAB, 0xFF],
3: [0xC9, 0x11, 0x5C, 0xE2, 0x06, 0x4A, 0x26, 0x86, 0xD8, 0xD6, 0xD9, 0xD0, 0x8C, 0xDE, 0x30, 0x59],
4: [0x66, 0x75, 0x39, 0xD2, 0xFB, 0x42, 0x73, 0xB2, 0x90, 0x3F, 0xD7, 0xA3, 0x9E, 0xD2, 0xC6, 0x0C],
5: [0xF4, 0xFA, 0xEF, 0x20, 0xF4, 0xDB, 0xAB, 0x31, 0xD1, 0x86, 0x74, 0xFD, 0x8F, 0x99, 0x05, 0x66],
6: [0xEA, 0x0C, 0x81, 0x13, 0x63, 0xD7, 0xE9, 0x30, 0xF9, 0x61, 0x13, 0x5A, 0x4F, 0x35, 0x2D, 0xDC],
8: [0x0A, 0x2E, 0x73, 0x30, 0x5C, 0x38, 0x2D, 0x4F, 0x31, 0x0D, 0x0A, 0xED, 0x84, 0xA4, 0x18, 0x00],
0xA: [0xAC, 0x00, 0xC0, 0xE3, 0xE8, 0x0A, 0xF0, 0x68, 0x3F, 0xDD, 0x17, 0x45, 0x19, 0x45, 0x43, 0xBD],
0xD: [0xDF, 0xF3, 0xFC, 0xD6, 0x08, 0xB0, 0x55, 0x97, 0xCF, 0x09, 0xA2, 0x3B, 0xD1, 0x7D, 0x3F, 0xD2],
0xD9: [0xC7, 0xAC, 0x13, 0x06, 0xDE, 0xFE, 0x39, 0xEC, 0x83, 0xA1, 0x48, 0x3B, 0x0E, 0xE2, 0xEC, 0x89],
}
   
challenge1_secret = {
0: [0xD2, 0x07, 0x22, 0x53, 0xA4, 0xF2, 0x74, 0x68],
1: [0xF5, 0xD7, 0xD4, 0xB5, 0x75, 0xF0, 0x8E, 0x4E],
2: [0xB3, 0x7A, 0x16, 0xEF, 0x55, 0x7B, 0xD0, 0x89],
3: [0xCC, 0x69, 0x95, 0x81, 0xFD, 0x89, 0x12, 0x6C],
4: [0xA0, 0x4E, 0x32, 0xBB, 0xA7, 0x13, 0x9E, 0x46],
5: [0x49, 0x5E, 0x03, 0x47, 0x94, 0x93, 0x1D, 0x7B],
6: [0xB0, 0xB8, 0x09, 0x83, 0x39, 0x89, 0xFA, 0xE2],
8: [0xAD, 0x40, 0x43, 0xB2, 0x56, 0xEB, 0x45, 0x8B],
0xA: [0xC2, 0x37, 0x7E, 0x8A, 0x74, 0x09, 0x6C, 0x5F],
0xD: [0x58, 0x1C, 0x7F, 0x19, 0x44, 0xF9, 0x62, 0x62],
0xD9: [0x90, 0xE1, 0xF0, 0xC0, 0x01, 0x78, 0xE3, 0xFF]
}
challenge2_secret = {
0: [0xF4, 0xE0, 0x43, 0x13, 0xAD, 0x2E, 0xB4, 0xDB],
1: [0xFE, 0x7D, 0x78, 0x99, 0xBF, 0xEC, 0x47, 0xC5],
2: [0x86, 0x5E, 0x3E, 0xEF, 0x9D, 0xFB, 0xB1, 0xFD],
3: [0x30, 0x6F, 0x3A, 0x03, 0xD8, 0x6C, 0xBE, 0xE4],
4: [0xFF, 0x72, 0xBD, 0x2B, 0x83, 0xB8, 0x9D, 0x2F],
5: [0x84, 0x22, 0xDF, 0xEA, 0xE2, 0x1B, 0x63, 0xC2],
6: [0x58, 0xB9, 0x5A, 0xAE, 0xF3, 0x99, 0xDB, 0xD0],
8: [0x67, 0xC0, 0x72, 0x15, 0xD9, 0x6B, 0x39, 0xA1],
0xA: [0x09, 0x3E, 0xC5, 0x19, 0xAF, 0x0F, 0x50, 0x2D],
0xD: [0x31, 0x80, 0x53, 0x87, 0x5C, 0x20, 0x3E, 0x24],
0xD9: [0xC3, 0x4A, 0x6A, 0x7B, 0x20, 0x5F, 0xE8, 0xF9]
}
   
def MixChallenge1(version, challenge):
   
    data = [ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
    secret1=challenge1_secret[version]
    data[0] =secret1[0]
    data[4] =secret1[1]
    data[8] =secret1[2]
    data[0xC] =secret1[3]
    data[1] =secret1[4]
    data[5] =secret1[5]
    data[9] =secret1[6]
    data[0xD] =secret1[7]
    data[2] = challenge[0]
    data[6] = challenge[1]
    data[0xA] = challenge[2]
    data[0xE] = challenge[3]
    data[3] = challenge[4]
    data[7] = challenge[5]
    data[0xB] = challenge[6]
    data[0xF] = challenge[7]
    return data
def MixChallenge2(version, challenge):
    data = [ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
    secret2=challenge2_secret[version]
    data[0] =challenge[0]
    data[4] =challenge[1]
    data[8] =challenge[2]
    data[0xC] =challenge[3]
    data[1] =challenge[4]
    data[5] =challenge[5]
    data[9] =challenge[6]
    data[0xD] =challenge[7]
    data[2] = secret2[0]
    data[6] = secret2[1]
    data[0xA] = secret2[2]
    data[0xE] = secret2[3]
    data[3] = secret2[4]
    data[7] = secret2[5]
    data[0xB] = secret2[6]
    data[0xF] = secret2[7]
    return data
     
newmap = [
    0x00, 0x04, 0x08, 0x0C, 0x01, 0x05, 0x09, 0x0D, 0x02, 0x06, 0x0A, 0x0E, 0x03, 0x07, 0x0B, 0x0F,
]
def MatrixSwap(key):
    temp = [0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
    for i in range(0,len(key)):
        temp[i] = key[newmap[i]]
    return temp[0:len(key)]
def main():
    screq=bytes.fromhex(input("Syscon Challenge 1(9 bytes, first byte is version):"))
    if(len(screq) != 9):
        print("Error! Expecting a 0x80 type challenge message of length 9 (i.e. 02D65C94ABB92E5DBA)\n")
        return
       
    version= screq[0]
    req = screq[1:]
   
    print('-> Syscon Challenge 1: 0B 80 ' + bytes(screq).hex().upper())
   
    # The first challenge mixes the syscon generated challenge and the first challenge secret
    data=MixChallenge1(version,req)
   
    # The first challenge has two encryption, one for the first half and one for the second half
    challenge1a=AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(bytes(MatrixSwap(data)))
    #print("Challenge1a: " +(bytes( challenge1a).hex().upper()))
    #second = bytearray(0x10)
    #second[:] = challenge1a[:]
   
    #challenge1b=MatrixSwap(AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(bytes((second))))
    #print("Challenge1b: " +(bytes( challenge1b).hex().upper()))
    challenge1b = bytearray.fromhex('AAAAAAAAAAAAAAAA')
    response1 = bytes(challenge1a[0:8]) + bytes(challenge1b[0:8])
       
    print('<- Battery Response 1: 12 06 ' + bytes(response1).hex().upper())
   
    # The second challenge only uses the half of the first challenge and the second challenge secret
    data2=MixChallenge2(version,challenge1b[0:8])
    #data2=MixChallenge2(version,cb)
    challenge2=AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(bytes(MatrixSwap(data2)))
   
    print('-> Syscon Challenge 2: 0A 81 ' + bytes(challenge2[0:8]).hex().upper())
   
    response2=(AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(challenge2))
   
    print('<- Battery Response 2: 0A 06 ' + bytes(response2[0:8]).hex().upper())
   
if __name__ == "__main__":
    main()
</pre>
= Script for comms of battery =
= Script for comms of battery =


Please note that all contributions to PSP Developer wiki are considered to be released under the GNU Free Documentation License 1.2 (see PSP Developer wiki:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To protect the wiki against automated edit spam, we kindly ask you to solve the following hCaptcha:

Cancel Editing help (opens in new window)
Retrieved from "http://www.psdevwiki.com/psp/Talk:Keys"