Talk:Keys: Difference between revisions
Jump to navigation
Jump to search
Tag: Reverted |
Tag: Reverted |
||
| Line 55: | Line 55: | ||
* then xor each 8 bytes with fuseid | * then xor each 8 bytes with fuseid | ||
* get hmac hash from this buffer | * get hmac hash from this buffer | ||
* first 8 bytes of hmac hash should be inside leaf 0x51 | |||
= Wake Me Up Before You Go Go = | = Wake Me Up Before You Go Go = | ||
Revision as of 16:28, 17 February 2025
Battery Keys
A01V13M07G chip
New Key 8: 0A2E73305C382D4F310D0AED84A41800 New Key 9: D20474308FE269046ED7BB07CF1CFF43 New Key A: AC00C0E3E80AF0683FDD1745194543BD New Key B: 0177D750BDFD2BC1A0493A134A4C6ACF New Key C: 05349170939345EE951A14843334A0DE New Key D: DFF3FCD608B05597CF09A23BD17D3FD2
Even More Keys from Kicho & Dencho
23 1B 76 C8 E3 49 0C AD 05 BD 59 4C 1B 63 40 BE
- from TEST.prx, used for some umd seed generation, which is sent to Lepton using ata test cmd 0xFB
"FlashROM PreCalc"
- from flashData.prx, used in idStorage 256-320 generation
- https://github.com/mathieulh/Despertar-Del-Cementerio/blob/master/idsregeneration/main.c#L5749
"Key-Info MI-Node"
- from flashData.prx, used in idStorage 256-320 generation
Lepton Test Mode Key
0C 0D 0E 0F 08 09 0A 0B 04 05 06 07 00 01 02 03
- from testmode.prx, used to enable Test mode for Lepton. This mode is used to Update Lepton and some tests.
VDV Hmac key
73 70 65 63 69 61 6C 77 65 65 6B 00
"specialweek" in ascii
- Used to calculate hash for idstorage leaf 0x51
- TA085+ Models Only )
- get buffer 0x100 zeroed bytes
- then fill each 8 bytes with 72 65 6C 65 61 73 65 3A
- then xor each 8 bytes with fuseid
- get hmac hash from this buffer
- first 8 bytes of hmac hash should be inside leaf 0x51
Wake Me Up Before You Go Go
HandShake 0x80
Key EB 418499BE9D35A3B9FC6AD0D6F041BB26 Challenge 1 EB 0BD9027E851FA123 Challenge 2 EB F791ED0B3F49A448 Key B3 03BEB65499140483BA187A64EF90261D Challenge 1 B3 DBD3AEA4DB046410 Challenge 2 B3 E32B8F56B2641298
Handshake 0x90
Yet another battery handshake key 1 880E2A94110926B20E53E22AE648AE9D IV/DATA Yet another battery handshake key 2 C66E9ED6ECBCB121B7465D25037D6646 KEY Yet another battery handshake key 3 DA24DAB43A61CBDF61FD255D0AEA7957 KEY Yet another battery handshake const val 82828282
Flash Update Handshake
Flash Update Handshake key1 78721A6284050ACF07F52C6EBAA32F98 Flash Update Handshake key2 08489E59EDD0666E6A83237585C795CB Flash Update Handshake shared secret 1 6EBE650DCEDCB6163158AC0CAD158907
Other Key Material
TA-093 RCON 01020408102040801B366CD8AB4D9A2F5EBC63C697356AD4B37DFAEFC591A9037ED9F08993B79A7C773C0D264810A081FE192402DEFC87AC3C332B48B4EB TA-093 ??? 6A659283E3C41709214D8F29C6BACAFF67C419A2D064F04FA01271307A2BC5F5A56E TA-093 Other Device Key0 (message) 03763C6865C69B0FFE8FD8EEA43616A0 (KIRK 4/7) (0x14) TA-093 Other Device Key1 (Handler) C1BF66818EF953F2E1266B6F550CC9CD (KIRK 4/7) (0x69) TA-093 Other Device Key2 (Handler) 7D50B85CAF6769F0E54AA8098B0EBE1C (KIRK 4/7) (0x15) TA-093 Other Device Key3 (message) F10730C311E026FCF87B50AEA3D17BA0 TA-093 Other Device Secret0 (Handler) 8D5DA608F2BBC6CC TA-093 Other Device Secret1 (Handler) 34DB81241D6F4057 TA-093 Other Device Secret2 (Handler) E0DC41AFC2CD1C2D TA-093 Battery Magic String (Handler) SonyEnergyDevices\x00 TA-093 Other Device Secret3 (session) 0B2385010FB279BD TA-093 Other Device Secret4 (session) E1C3ECA91959040D TA-093 Other Device Secret5 (session) 661A4D7F6ECD33C52BF5F29586A76448
V5 Script for comms of battery
#!/usr/bin/env python
'''
PSP v4 Syscon Handshake Calculator by Proxima (R)
'''
from Crypto.Cipher import AES
import os
keystore = {
0: [0x5C, 0x52, 0xD9, 0x1C, 0xF3, 0x82, 0xAC, 0xA4, 0x89, 0xD8, 0x81, 0x78, 0xEC, 0x16, 0x29, 0x7B],
1: [0x9D, 0x4F, 0x50, 0xFC, 0xE1, 0xB6, 0x8E, 0x12, 0x09, 0x30, 0x7D, 0xDB, 0xA6, 0xA5, 0xB5, 0xAA],
2: [0x09, 0x75, 0x98, 0x88, 0x64, 0xAC, 0xF7, 0x62, 0x1B, 0xC0, 0x90, 0x9D, 0xF0, 0xFC, 0xAB, 0xFF],
3: [0xC9, 0x11, 0x5C, 0xE2, 0x06, 0x4A, 0x26, 0x86, 0xD8, 0xD6, 0xD9, 0xD0, 0x8C, 0xDE, 0x30, 0x59],
4: [0x66, 0x75, 0x39, 0xD2, 0xFB, 0x42, 0x73, 0xB2, 0x90, 0x3F, 0xD7, 0xA3, 0x9E, 0xD2, 0xC6, 0x0C],
5: [0xF4, 0xFA, 0xEF, 0x20, 0xF4, 0xDB, 0xAB, 0x31, 0xD1, 0x86, 0x74, 0xFD, 0x8F, 0x99, 0x05, 0x66],
6: [0xEA, 0x0C, 0x81, 0x13, 0x63, 0xD7, 0xE9, 0x30, 0xF9, 0x61, 0x13, 0x5A, 0x4F, 0x35, 0x2D, 0xDC],
8: [0x0A, 0x2E, 0x73, 0x30, 0x5C, 0x38, 0x2D, 0x4F, 0x31, 0x0D, 0x0A, 0xED, 0x84, 0xA4, 0x18, 0x00],
0xA: [0xAC, 0x00, 0xC0, 0xE3, 0xE8, 0x0A, 0xF0, 0x68, 0x3F, 0xDD, 0x17, 0x45, 0x19, 0x45, 0x43, 0xBD],
0xD: [0xDF, 0xF3, 0xFC, 0xD6, 0x08, 0xB0, 0x55, 0x97, 0xCF, 0x09, 0xA2, 0x3B, 0xD1, 0x7D, 0x3F, 0xD2],
0xD9: [0xC7, 0xAC, 0x13, 0x06, 0xDE, 0xFE, 0x39, 0xEC, 0x83, 0xA1, 0x48, 0x3B, 0x0E, 0xE2, 0xEC, 0x89],
}
challenge1_secret = {
0: [0xD2, 0x07, 0x22, 0x53, 0xA4, 0xF2, 0x74, 0x68],
1: [0xF5, 0xD7, 0xD4, 0xB5, 0x75, 0xF0, 0x8E, 0x4E],
2: [0xB3, 0x7A, 0x16, 0xEF, 0x55, 0x7B, 0xD0, 0x89],
3: [0xCC, 0x69, 0x95, 0x81, 0xFD, 0x89, 0x12, 0x6C],
4: [0xA0, 0x4E, 0x32, 0xBB, 0xA7, 0x13, 0x9E, 0x46],
5: [0x49, 0x5E, 0x03, 0x47, 0x94, 0x93, 0x1D, 0x7B],
6: [0xB0, 0xB8, 0x09, 0x83, 0x39, 0x89, 0xFA, 0xE2],
8: [0xAD, 0x40, 0x43, 0xB2, 0x56, 0xEB, 0x45, 0x8B],
0xA: [0xC2, 0x37, 0x7E, 0x8A, 0x74, 0x09, 0x6C, 0x5F],
0xD: [0x58, 0x1C, 0x7F, 0x19, 0x44, 0xF9, 0x62, 0x62],
0xD9: [0x90, 0xE1, 0xF0, 0xC0, 0x01, 0x78, 0xE3, 0xFF]
}
challenge2_secret = {
0: [0xF4, 0xE0, 0x43, 0x13, 0xAD, 0x2E, 0xB4, 0xDB],
1: [0xFE, 0x7D, 0x78, 0x99, 0xBF, 0xEC, 0x47, 0xC5],
2: [0x86, 0x5E, 0x3E, 0xEF, 0x9D, 0xFB, 0xB1, 0xFD],
3: [0x30, 0x6F, 0x3A, 0x03, 0xD8, 0x6C, 0xBE, 0xE4],
4: [0xFF, 0x72, 0xBD, 0x2B, 0x83, 0xB8, 0x9D, 0x2F],
5: [0x84, 0x22, 0xDF, 0xEA, 0xE2, 0x1B, 0x63, 0xC2],
6: [0x58, 0xB9, 0x5A, 0xAE, 0xF3, 0x99, 0xDB, 0xD0],
8: [0x67, 0xC0, 0x72, 0x15, 0xD9, 0x6B, 0x39, 0xA1],
0xA: [0x09, 0x3E, 0xC5, 0x19, 0xAF, 0x0F, 0x50, 0x2D],
0xD: [0x31, 0x80, 0x53, 0x87, 0x5C, 0x20, 0x3E, 0x24],
0xD9: [0xC3, 0x4A, 0x6A, 0x7B, 0x20, 0x5F, 0xE8, 0xF9]
}
def MixChallenge1(version, challenge):
data = [ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
secret1=challenge1_secret[version]
data[0] =secret1[0]
data[4] =secret1[1]
data[8] =secret1[2]
data[0xC] =secret1[3]
data[1] =secret1[4]
data[5] =secret1[5]
data[9] =secret1[6]
data[0xD] =secret1[7]
data[2] = challenge[0]
data[6] = challenge[1]
data[0xA] = challenge[2]
data[0xE] = challenge[3]
data[3] = challenge[4]
data[7] = challenge[5]
data[0xB] = challenge[6]
data[0xF] = challenge[7]
return data
def MixChallenge2(version, challenge):
data = [ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
secret2=challenge2_secret[version]
data[0] =challenge[0]
data[4] =challenge[1]
data[8] =challenge[2]
data[0xC] =challenge[3]
data[1] =challenge[4]
data[5] =challenge[5]
data[9] =challenge[6]
data[0xD] =challenge[7]
data[2] = secret2[0]
data[6] = secret2[1]
data[0xA] = secret2[2]
data[0xE] = secret2[3]
data[3] = secret2[4]
data[7] = secret2[5]
data[0xB] = secret2[6]
data[0xF] = secret2[7]
return data
newmap = [
0x00, 0x04, 0x08, 0x0C, 0x01, 0x05, 0x09, 0x0D, 0x02, 0x06, 0x0A, 0x0E, 0x03, 0x07, 0x0B, 0x0F,
]
def MatrixSwap(key):
temp = [0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
for i in range(0,len(key)):
temp[i] = key[newmap[i]]
return temp[0:len(key)]
def main():
screq=bytes.fromhex(input("Syscon Challenge 1(9 bytes, first byte is version):"))
if(len(screq) != 9):
print("Error! Expecting a 0x80 type challenge message of length 9 (i.e. 02D65C94ABB92E5DBA)\n")
return
version= screq[0]
req = screq[1:]
print('-> Syscon Challenge 1: 0B 80 ' + bytes(screq).hex().upper())
# The first challenge mixes the syscon generated challenge and the first challenge secret
data=MixChallenge1(version,req)
# The first challenge has two encryption, one for the first half and one for the second half
challenge1a=AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(bytes(MatrixSwap(data)))
#print("Challenge1a: " +(bytes( challenge1a).hex().upper()))
#second = bytearray(0x10)
#second[:] = challenge1a[:]
#challenge1b=MatrixSwap(AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(bytes((second))))
#print("Challenge1b: " +(bytes( challenge1b).hex().upper()))
challenge1b = bytearray.fromhex('AAAAAAAAAAAAAAAA')
response1 = bytes(challenge1a[0:8]) + bytes(challenge1b[0:8])
print('<- Battery Response 1: 12 06 ' + bytes(response1).hex().upper())
# The second challenge only uses the half of the first challenge and the second challenge secret
data2=MixChallenge2(version,challenge1b[0:8])
#data2=MixChallenge2(version,cb)
challenge2=AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(bytes(MatrixSwap(data2)))
print('-> Syscon Challenge 2: 0A 81 ' + bytes(challenge2[0:8]).hex().upper())
response2=(AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(challenge2))
print('<- Battery Response 2: 0A 06 ' + bytes(response2[0:8]).hex().upper())
if __name__ == "__main__":
main()
Script for comms of battery
#!/usr/bin/env python
'''
PSP v2 Syscon Handshake Calculator by Proxima (R)
Dedicated to zecoxao <3
'''
sbox = [
0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76,
0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0,
0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75,
0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84,
0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8,
0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2,
0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB,
0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79,
0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A,
0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E,
0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16,
]
key = [
0x5C, 0xF3, 0x89, 0xEC, 0x52, 0x82, 0xD8, 0x16, 0xD9, 0xAC, 0x81, 0x29, 0x1C, 0xA4, 0x78, 0x7B,
0x1A, 0xE9, 0x60, 0x8C, 0xF7, 0x75, 0xAD, 0xBB, 0xF8, 0x54, 0xD5, 0xFC, 0xD2, 0x76, 0x0E, 0x75,
0xF2, 0x1B, 0x7B, 0xF7, 0x47, 0x32, 0x9F, 0x24, 0x65, 0x31, 0xE4, 0x18, 0xB6, 0xC0, 0xCE, 0xBB,
0xC0, 0xDB, 0xA0, 0x57, 0xEA, 0xD8, 0x47, 0x63, 0x8F, 0xBE, 0x5A, 0x42, 0xDE, 0x1E, 0xD0, 0x6B,
0x33, 0xE8, 0x48, 0x1F, 0xC6, 0x1E, 0x59, 0x3A, 0xF0, 0x4E, 0x14, 0x56, 0x85, 0x9B, 0x4B, 0x20,
0xA3, 0x4B, 0x03, 0x1C, 0x77, 0x69, 0x30, 0x0A, 0x47, 0x09, 0x1D, 0x4B, 0x45, 0xDE, 0x95, 0xB5,
0xE4, 0xAF, 0xAC, 0xB0, 0xC4, 0xAD, 0x9D, 0x97, 0x92, 0x9B, 0x86, 0xCD, 0xD9, 0x07, 0x92, 0x27,
0x2C, 0x83, 0x2F, 0x9F, 0x79, 0xD4, 0x49, 0xDE, 0x5E, 0xC5, 0x43, 0x8E, 0x3E, 0x39, 0xAB, 0x8C,
0xB1, 0x32, 0x1D, 0x82, 0x60, 0xB4, 0xFD, 0x23, 0x3A, 0xFF, 0xBC, 0x32, 0xE5, 0xDC, 0x77, 0xFB,
0x8C, 0xBE, 0xA3, 0x21, 0x43, 0xF7, 0x0A, 0x29, 0x35, 0xCA, 0x76, 0x44, 0xF6, 0x2A, 0x5D, 0xA6,
0x1F, 0xA1, 0x02, 0x23, 0x58, 0xAF, 0xA5, 0x8C, 0x11, 0xDB, 0xAD, 0xE9, 0x0B, 0x21, 0x7C, 0xDA,
0x9D, 0xE1, 0x09, 0xA6, 0x4F, 0xB6, 0x30, 0xA5, 0x50, 0x8E, 0x7D, 0xB5, 0xFC, 0x12, 0xDB, 0xAA,
0x9A, 0x7B, 0x72, 0xD4, 0x9A, 0x2C, 0x1C, 0xB9, 0xFC, 0x72, 0x0F, 0xBA, 0xD8, 0xCA, 0x11, 0xBB,
0xCE, 0xB5, 0xC7, 0x13, 0x6E, 0x42, 0x5E, 0xE7, 0x16, 0x64, 0x6B, 0xD1, 0x90, 0x5A, 0x4B, 0xF0,
0x5E, 0xEB, 0x2C, 0x3F, 0x50, 0x12, 0x4C, 0xAB, 0x9A, 0xFE, 0x95, 0x44, 0xED, 0xB7, 0xFC, 0x0C,
0x34, 0xDF, 0xF3, 0xCC, 0x4B, 0x59, 0x15, 0xBE, 0x64, 0x9A, 0x0F, 0x4B, 0x98, 0x2F, 0xD3, 0xDF,
0x8A, 0x55, 0xA6, 0x6A, 0xF8, 0xA1, 0xB4, 0x0A, 0xFA, 0x60, 0x6F, 0x24, 0xD3, 0xFC, 0x2F, 0xF0,
0xCD, 0x98, 0x3E, 0x54, 0xCE, 0x6F, 0xDB, 0xD1, 0x76, 0x16, 0x79, 0x5D, 0xD1, 0x2D, 0x02, 0xF2,
0xB3, 0x2B, 0x15, 0x41, 0x82, 0xED, 0x36, 0xE7, 0xFF, 0xE9, 0x90, 0xCD, 0xF1, 0xDC, 0xDE, 0x2C,
0xA7, 0x8C, 0x99, 0xD8, 0x3F, 0xD2, 0xE4, 0x03, 0x8E, 0x67, 0xF7, 0x3A, 0x72, 0xAE, 0x70, 0x5C,
0xC7, 0x4B, 0xD2, 0x0A, 0xBF, 0x6D, 0x89, 0x8A, 0xC4, 0xA3, 0x54, 0x6E, 0x13, 0xBD, 0xCD, 0x91,
0x8F, 0xC4, 0x16, 0x1C, 0x20, 0x4D, 0xC4, 0x4E, 0x45, 0xE6, 0xB2, 0xDC, 0x74, 0xC9, 0x04, 0x95,
0x09, 0x64, 0x1B, 0xF0, 0x75, 0xAC, 0xC0, 0xFC, 0x98, 0xF7, 0x90, 0xAB, 0x88, 0x62, 0x9D, 0xFF,
0xB8, 0xDC, 0xC7, 0x37, 0x17, 0xBB, 0x7B, 0x87, 0x8E, 0x79, 0xE9, 0x42, 0x04, 0x66, 0xFB, 0x04,
0xAD, 0x71, 0xB6, 0x81, 0x3B, 0x80, 0xFB, 0x7C, 0x7C, 0x05, 0xEC, 0xAE, 0x9E, 0xF8, 0x03, 0x07,
0xB9, 0xC8, 0x7E, 0xFF, 0xDF, 0x5F, 0xA4, 0xD8, 0xB9, 0xBC, 0x50, 0xFE, 0x92, 0x6A, 0x69, 0x6E,
0xD0, 0x18, 0x66, 0x99, 0x64, 0x3B, 0x9F, 0x47, 0x26, 0x9A, 0xCA, 0x34, 0x84, 0xEE, 0x87, 0xE9,
0x60, 0x78, 0x1E, 0x87, 0x7C, 0x47, 0xD8, 0x9F, 0x38, 0xA2, 0x68, 0x5C, 0x6A, 0x84, 0x03, 0xEA,
0x9B, 0xE3, 0xFD, 0x7A, 0x36, 0x71, 0xA9, 0x36, 0xBF, 0x1D, 0x75, 0x29, 0x7D, 0xF9, 0xFA, 0x10,
0xDE, 0x3D, 0xC0, 0xBA, 0x93, 0xE2, 0x4B, 0x7D, 0x75, 0x68, 0x1D, 0x34, 0xA7, 0x5E, 0xA4, 0xB4,
0xA1, 0x9C, 0x5C, 0xE6, 0x8B, 0x69, 0x22, 0x5F, 0xF8, 0x90, 0x8D, 0xB9, 0x53, 0x0D, 0xA9, 0x1D,
0x75, 0xE9, 0xB5, 0x53, 0xDD, 0xB4, 0x96, 0xC9, 0x5C, 0xCC, 0x41, 0xF8, 0xDD, 0xD0, 0x79, 0x64,
0x9E, 0x77, 0xC2, 0x91, 0x9C, 0x28, 0xBE, 0x77, 0x1F, 0xD3, 0x92, 0x6A, 0x30, 0xE0, 0x99, 0xFD,
0xC9, 0x06, 0xD8, 0x8C, 0x11, 0x4A, 0xD6, 0xDE, 0x5C, 0x26, 0xD9, 0x30, 0xE2, 0x86, 0xD0, 0x59,
0xD5, 0xD3, 0x0B, 0x87, 0x15, 0x5F, 0x89, 0x57, 0x97, 0xB1, 0x68, 0x58, 0x86, 0x00, 0xD0, 0x89,
0x8C, 0x5F, 0x54, 0xD3, 0x7F, 0x20, 0xA9, 0xFE, 0x30, 0x81, 0xE9, 0xB1, 0x91, 0x91, 0x41, 0xC8,
0x33, 0x6C, 0x38, 0xEB, 0xB7, 0x97, 0x3E, 0xC0, 0xD8, 0x59, 0xB0, 0x01, 0xF7, 0x66, 0x27, 0xEF,
0x81, 0xED, 0xD5, 0x3E, 0xCB, 0x5C, 0x62, 0xA2, 0x07, 0x5E, 0xEE, 0xEF, 0x1E, 0x78, 0x5F, 0xB0,
0xAB, 0x46, 0x93, 0xAD, 0x14, 0x48, 0x2A, 0x88, 0xE0, 0xBE, 0x50, 0xBF, 0xAC, 0xD4, 0x8B, 0x3B,
0x4F, 0x09, 0x9A, 0x37, 0x1C, 0x54, 0x7E, 0xF6, 0x02, 0xBC, 0xEC, 0x53, 0x39, 0xED, 0x66, 0x5D,
0x4D, 0x44, 0xDE, 0xE9, 0xF1, 0xA5, 0xDB, 0x2D, 0x4E, 0xF2, 0x1E, 0x4D, 0xA3, 0x4E, 0x28, 0x75,
0x15, 0x51, 0x8F, 0x66, 0x12, 0xB7, 0x6C, 0x41, 0xD3, 0x21, 0x3F, 0x72, 0xBD, 0xF3, 0xDB, 0xAE,
0x8D, 0xDC, 0x53, 0x35, 0x52, 0xE5, 0x89, 0xC8, 0x37, 0x16, 0x29, 0x5B, 0x8E, 0x7D, 0xA6, 0x08,
0x53, 0x8F, 0xDC, 0xE9, 0x6B, 0x8E, 0x07, 0xCF, 0x07, 0x11, 0x38, 0x63, 0x18, 0x65, 0xC3, 0xCB,
0x66, 0xFB, 0x90, 0x9E, 0x75, 0x42, 0x3F, 0xD2, 0x39, 0x73, 0xD7, 0xC6, 0xD2, 0xB2, 0xA3, 0x0C,
0xD2, 0x29, 0xB9, 0x27, 0xC1, 0x83, 0xBC, 0x6E, 0xC7, 0xB4, 0x63, 0xA5, 0xD9, 0x6B, 0xC8, 0xC4,
0x4F, 0x66, 0xDF, 0xF8, 0xC7, 0x44, 0xF8, 0x96, 0xDB, 0x6F, 0x0C, 0xA9, 0x15, 0x7E, 0xB6, 0x72,
0xDB, 0xBD, 0x62, 0x9A, 0x14, 0x50, 0xA8, 0x3E, 0x9B, 0xF4, 0xF8, 0x51, 0x54, 0x2A, 0x9C, 0xEE,
0x61, 0xDC, 0xBE, 0x24, 0xC5, 0x95, 0x3D, 0x03, 0xB3, 0x47, 0xBF, 0xEE, 0xEC, 0xC6, 0x5A, 0xB4,
0x0A, 0xD6, 0x68, 0x4C, 0xED, 0x78, 0x45, 0x46, 0x3E, 0x79, 0xC6, 0x28, 0xDA, 0x1C, 0x46, 0xF2,
0x70, 0xA6, 0xCE, 0x82, 0xD9, 0xA1, 0xE4, 0xA2, 0xB7, 0xCE, 0x08, 0x20, 0xF3, 0xEF, 0xA9, 0x5B,
0x0A, 0xAC, 0x62, 0xE0, 0x6E, 0xCF, 0x2B, 0x89, 0x8E, 0x40, 0x48, 0x68, 0xE0, 0x0F, 0xA6, 0xFD,
0x2D, 0x81, 0xE3, 0x03, 0x2B, 0xE4, 0xCF, 0x46, 0xDA, 0x9A, 0xD2, 0xBA, 0x01, 0x0E, 0xA8, 0x55,
0x6C, 0xED, 0x0E, 0x0D, 0xDF, 0x3B, 0xF4, 0xB2, 0x26, 0xBC, 0x6E, 0xD4, 0x7A, 0x74, 0xDC, 0x89,
0x6D, 0x80, 0x8E, 0x83, 0x97, 0xAC, 0x58, 0xEA, 0x81, 0x3D, 0x53, 0x87, 0xAD, 0xD9, 0x05, 0x8C,
0xF4, 0xF4, 0xD1, 0x8F, 0xFA, 0xDB, 0x86, 0x99, 0xEF, 0xAB, 0x74, 0x05, 0x20, 0x31, 0xFD, 0x66,
0x1B, 0xEF, 0x3E, 0xB1, 0x91, 0x4A, 0xCC, 0x55, 0xDC, 0x77, 0x03, 0x06, 0x53, 0x62, 0x9F, 0xF9,
0xE5, 0x0A, 0x34, 0x85, 0xFE, 0xB4, 0x78, 0x2D, 0x45, 0x32, 0x31, 0x37, 0x9B, 0xF9, 0x66, 0x9F,
0x39, 0x33, 0x07, 0x82, 0x64, 0xD0, 0xA8, 0x85, 0x9E, 0xAC, 0x9D, 0xAA, 0x0C, 0xF5, 0x93, 0x0C,
0xA6, 0x95, 0x92, 0x10, 0xC8, 0x18, 0xB0, 0x35, 0x60, 0xCC, 0x51, 0xFB, 0x1F, 0xEA, 0x79, 0x75,
0x20, 0xB5, 0x27, 0x37, 0xC7, 0xDF, 0x6F, 0x5A, 0xFD, 0x31, 0x60, 0x9B, 0xD5, 0x3F, 0x46, 0x33,
0xBE, 0x0B, 0x2C, 0x1B, 0xD3, 0x0C, 0x63, 0x39, 0x3E, 0x0F, 0x6F, 0xF4, 0x4F, 0x70, 0x36, 0x05,
0xEC, 0xE7, 0xCB, 0xD0, 0x6C, 0x60, 0x03, 0x3A, 0x55, 0x5A, 0x35, 0xC1, 0xE0, 0x90, 0xA6, 0xA3,
0xEC, 0x0B, 0xC0, 0x10, 0x14, 0x74, 0x77, 0x4D, 0x5F, 0x05, 0x30, 0xF1, 0x90, 0x00, 0xA6, 0x05,
0x14, 0x1F, 0xDF, 0xCF, 0xB5, 0xC1, 0xB6, 0xFB, 0x34, 0x31, 0x01, 0xF0, 0x5A, 0x5A, 0xFC, 0xF9,
0x2D, 0x32, 0xED, 0x22, 0x39, 0xF8, 0x4E, 0xB5, 0xAD, 0x9C, 0x9D, 0x6D, 0xD0, 0x8A, 0x76, 0x8F,
0xEA, 0x63, 0xF9, 0x4F, 0x0C, 0xD7, 0x61, 0x35, 0x81, 0xE9, 0x13, 0x2D, 0x13, 0x30, 0x5A, 0xDC,
0x7D, 0x1E, 0xE7, 0xA8, 0xD4, 0x03, 0x62, 0x57, 0x07, 0xEE, 0xFD, 0xD0, 0x97, 0xA7, 0xFD, 0x21,
0x24, 0x3A, 0xDD, 0x75, 0xA4, 0xA7, 0xC5, 0x92, 0xFA, 0x14, 0xE9, 0x39, 0x55, 0xF2, 0x0F, 0x2E,
0x6F, 0x55, 0x88, 0xFD, 0xB6, 0x11, 0xD4, 0x46, 0xCB, 0xDF, 0x36, 0x0F, 0xC8, 0x3A, 0x35, 0x1B,
0x3D, 0x68, 0xE0, 0x1D, 0xC0, 0xD1, 0x05, 0x43, 0x64, 0xBB, 0x8D, 0x82, 0x9C, 0xA6, 0x93, 0x88,
0x37, 0x5F, 0xBF, 0xA2, 0xD3, 0x02, 0x07, 0x44, 0xA0, 0x1B, 0x96, 0x14, 0x38, 0x9E, 0x0D, 0x85,
0x0C, 0x53, 0xEC, 0x4E, 0x29, 0x2B, 0x2C, 0x68, 0x37, 0x2C, 0xBA, 0xAE, 0x02, 0x9C, 0x91, 0x14,
0x09, 0x5A, 0xB6, 0xF8, 0xCD, 0xE6, 0xCA, 0xA2, 0xCD, 0xE1, 0x5B, 0xF5, 0x2D, 0xB1, 0x20, 0x34,
0xB3, 0xE9, 0x5F, 0xA7, 0x2B, 0xCD, 0x07, 0xA5, 0xD5, 0x34, 0x6F, 0x9A, 0x6C, 0xDD, 0xFD, 0xC9,
0xAE, 0x47, 0x18, 0xBF, 0x93, 0x5E, 0x59, 0xFC, 0x08, 0x3C, 0x53, 0xC9, 0x30, 0xED, 0x10, 0xD9,
0x28, 0x6F, 0x77, 0xC8, 0x4E, 0x10, 0x49, 0xB5, 0x3D, 0x01, 0x52, 0x9B, 0x38, 0xD5, 0xC5, 0x1C,
]
def ShiftRows(state):
tmp = state[5]
state[5] = state[7]
state[7] = tmp
tmp = state[8]
state[8] = state[0xB]
state[0xB] = tmp
tmp = state[9]
state[9] = state[0xA]
state[0xA] = tmp
tmp = state[0xC]
state[0xC] = state[0xE]
state[0xE] = tmp
def SubBytes(state):
for i in range(0,0x10):
state[i] = sbox[state[i]]
def MixColumns(a,state):
b=state[a]
tmp =b
tmp = tmp <<1
if(tmp >=0x100):
tmp = tmp ^ 0x1B
b = tmp & 0xff
c=state[a+4]
tmp =c
tmp = tmp <<1
if(tmp >=0x100):
tmp = tmp ^ 0x1B
c = tmp & 0xff
u = c ^ state[a+4] ^ b ^ state[a+8] ^ state[a+0xC]
c=state[a+4]
tmp =c
tmp = tmp <<1
if(tmp >=0x100):
tmp = tmp ^ 0x1B
c = tmp & 0xff
d=state[a+8]
tmp =d
tmp = tmp <<1
if(tmp >=0x100):
tmp = tmp ^ 0x1B
d = tmp & 0xff
x = d ^ state[a+8] ^ c ^ state[a] ^ state[a+0xc]
d=state[a+8]
tmp =d
tmp = tmp <<1
if(tmp >=0x100):
tmp = tmp ^ 0x1B
d = tmp & 0xff
e=state[a+0xC]
tmp =e
tmp = tmp <<1
if(tmp >=0x100):
tmp = tmp ^ 0x1B
e = tmp & 0xff
y = e ^ state[a+0xC] ^ d ^ state[a] ^ state[a+4]
e=state[a+0xC]
tmp =e
tmp = tmp <<1
if(tmp >=0x100):
tmp = tmp ^ 0x1B
e = tmp & 0xff
b=state[a]
tmp =b
tmp = tmp <<1
if(tmp >=0x100):
tmp = tmp ^ 0x1B
b = tmp & 0xff
z = b ^ state[a] ^ e ^ state[a+4] ^ state[a+8]
state[a+0xC] = z
state[a+8] = y
state[a+4] = x
state[a] = u
def AddRoundKey(version,b,state):
for i in range(0, 2):
state[(i*2)] ^= key[(0xB0*version)+(b*0x10)+(i*2)]
state[(i*2)+1] ^= key[(0xB0*version)+(b*0x10)+(i*2)+1]
for i in range(2, 8):
a=state[(i*2)] ^ key[(0xB0*version)+(b*0x10)+(i*2)]
c=state[(i*2)+1] ^ key[(0xB0*version)+(b*0x10)+(i*2)+1]
state[(i*2)+1]=a
state[(i*2)]=c
def FinalRoundKey(version,state):
for i in range(0, 2):
state[(i*2)] ^= key[(0xB0*version)+(10*0x10)+(i*2)]
state[(i*2)+1] ^= key[(0xB0*version)+(10*0x10)+(i*2)+1]
for i in range(2, 8):
a=state[(i*2)] ^ key[(0xB0*version)+(10*0x10)+(i*2)]
c=state[(i*2)+1] ^ key[(0xB0*version)+(10*0x10)+(i*2)+1]
state[(i*2)+1]=c
state[(i*2)]=a
def sony_encrypt(version,data):
AddRoundKey(version,0,data)
for i in range (1,10):
ShiftRows(data)
SubBytes(data)
MixColumns(0,data)
MixColumns(1,data)
MixColumns(2,data)
MixColumns(3,data)
AddRoundKey(version,i,data)
ShiftRows(data)
SubBytes(data)
FinalRoundKey(version,data)
def MixSecret1(version,data, challenge):
secret1 = [
0xD2, 0x07, 0x22, 0x53, 0xA4, 0xF2, 0x74, 0x68,
0xF5, 0xD7, 0xD4, 0xB5, 0x75, 0xF0, 0x8E, 0x4E,
0xB3, 0x7A, 0x16, 0xEF, 0x55, 0x7B, 0xD0, 0x89,
0xCC, 0x69, 0x95, 0x81, 0xFD, 0x89, 0x12, 0x6C,
0xA0, 0x4E, 0x32, 0xBB, 0xA7, 0x13, 0x9E, 0x46,
0x49, 0x5E, 0x03, 0x47, 0x94, 0x93, 0x1D, 0x7B,
0xB0, 0xB8, 0x09, 0x83, 0x39, 0x89, 0xFA, 0xE2,
]
data[0] =secret1[(version *8)+0]
data[4] =secret1[(version *8)+1]
data[8] =secret1[(version *8)+2]
data[0xC] =secret1[(version *8)+3]
data[1] =secret1[(version *8)+4]
data[5] =secret1[(version *8)+5]
data[9] =secret1[(version *8)+6]
data[0xD] =secret1[(version *8)+7]
data[2] = challenge[0]
data[6] = challenge[1]
data[0xA] = challenge[2]
data[0xE] = challenge[3]
data[3] = challenge[4]
data[7] = challenge[5]
data[0xB] = challenge[6]
data[0xF] = challenge[7]
def MixSecret2(version,data, challenge):
secret2 = [
0xF4, 0xE0, 0x43, 0x13, 0xAD, 0x2E, 0xB4, 0xDB,
0xFE, 0x7D, 0x78, 0x99, 0xBF, 0xEC, 0x47, 0xC5,
0x86, 0x5E, 0x3E, 0xEF, 0x9D, 0xFB, 0xB1, 0xFD,
0x30, 0x6F, 0x3A, 0x03, 0xD8, 0x6C, 0xBE, 0xE4,
0xFF, 0x72, 0xBD, 0x2B, 0x83, 0xB8, 0x9D, 0x2F,
0x84, 0x22, 0xDF, 0xEA, 0xE2, 0x1B, 0x63, 0xC2,
0x58, 0xB9, 0x5A, 0xAE, 0xF3, 0x99, 0xDB, 0xD0,
]
data[0] =challenge[0]
data[4] =challenge[1]
data[8] =challenge[2]
data[0xC] =challenge[3]
data[1] =challenge[4]
data[5] =challenge[5]
data[9] =challenge[6]
data[0xD] =challenge[7]
data[2] = secret2[(version *8)+0]
data[6] = secret2[(version *8)+1]
data[0xA] = secret2[(version *8)+2]
data[0xE] = secret2[(version *8)+3]
data[3] = secret2[(version *8)+4]
data[7] = secret2[(version *8)+5]
data[0xB] = secret2[(version *8)+6]
data[0xF] = secret2[(version *8)+7]
def BatteryResponseRemap(dataA, dataB):
message = [ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
message[0] = dataA[0]
message[1] = dataA[4]
message[2] = dataA[8]
message[3] = dataA[0xC]
message[4] = dataA[1]
message[5] = dataA[5]
message[6] = dataA[7]
message[7] = dataA[0xD]
message[8] = dataB[0]
message[9] = dataB[1]
message[0xA] = dataB[2]
message[0xB] = dataB[3]
message[0xC] = dataB[4]
message[0xD] = dataB[5]
message[0xE] = dataB[6]
message[0xF] = dataB[7]
return message
def SysconResponseRemap(dataA):
message = [ 0,0,0,0, 0,0,0,0]
message[0] = dataA[0]
message[1] = dataA[4]
message[2] = dataA[8]
message[3] = dataA[0xC]
message[4] = dataA[1]
message[5] = dataA[5]
message[6] = dataA[7]
message[7] = dataA[0xD]
return message
def BatteryResponseRemap2(dataA):
message = [ 0,0,0,0, 0,0,0,0]
message[0] = dataA[0]
message[1] = dataA[4]
message[2] = dataA[8]
message[3] = dataA[0xC]
message[4] = dataA[1]
message[5] = dataA[5]
message[6] = dataA[7]
message[7] = dataA[0xD]
return message
def main():
data = [ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
screq=bytes.fromhex(input("Syscon Challenge 1:"))
if(len(screq) != 9):
print("Error! Expecting a 0x80 type challenge message of length 9 (i.e. 02D65C94ABB92E5DBA)\n")
return
version= screq[0]
req = screq[1:]
print('-> Syscon Challenge 1: 0B 80 ' + bytes(screq).hex().upper())
MixSecret1(version,data,req)
sony_encrypt(version,data)
second = data.copy()
sony_encrypt(version,second)
lastResponse=second[0:8]
message=BatteryResponseRemap(data, second)
print('<- Battery Response 1: 12 06 ' + bytes(message).hex().upper())
MixSecret2(version,data,lastResponse)
sony_encrypt(version,data)
message=SysconResponseRemap(data)
print('-> Syscon Challenge 2: 0A 81 ' + bytes(message).hex().upper())
sony_encrypt(version,data)
message=BatteryResponseRemap2(data)
print('<- Battery Response 2: 0A 06 ' + bytes(message).hex().upper())
if __name__ == "__main__":
main()