Editing Talk:Keys



= V4 Script for comms of battery =
<pre>
#!/usr/bin/env python
'''

PSP v4 Syscon Handshake Calculator by Proxima (R)

'''
from Crypto.Cipher import AES
import os



keystore = {
0: [0x5C, 0x52, 0xD9, 0x1C, 0xF3, 0x82, 0xAC, 0xA4, 0x89, 0xD8, 0x81, 0x78, 0xEC, 0x16, 0x29, 0x7B],
1: [0x9D, 0x4F, 0x50, 0xFC, 0xE1, 0xB6, 0x8E, 0x12, 0x09, 0x30, 0x7D, 0xDB, 0xA6, 0xA5, 0xB5, 0xAA],
2: [0x09, 0x75, 0x98, 0x88, 0x64, 0xAC, 0xF7, 0x62, 0x1B, 0xC0, 0x90, 0x9D, 0xF0, 0xFC, 0xAB, 0xFF],
3: [0xC9, 0x11, 0x5C, 0xE2, 0x06, 0x4A, 0x26, 0x86, 0xD8, 0xD6, 0xD9, 0xD0, 0x8C, 0xDE, 0x30, 0x59],
4: [0x66, 0x75, 0x39, 0xD2, 0xFB, 0x42, 0x73, 0xB2, 0x90, 0x3F, 0xD7, 0xA3, 0x9E, 0xD2, 0xC6, 0x0C],
5: [0xF4, 0xFA, 0xEF, 0x20, 0xF4, 0xDB, 0xAB, 0x31, 0xD1, 0x86, 0x74, 0xFD, 0x8F, 0x99, 0x05, 0x66],
6: [0xEA, 0x0C, 0x81, 0x13, 0x63, 0xD7, 0xE9, 0x30, 0xF9, 0x61, 0x13, 0x5A, 0x4F, 0x35, 0x2D, 0xDC],
0xA: [0xAC, 0x00, 0xC0, 0xE3, 0xE8, 0x0A, 0xF0, 0x68, 0x3F, 0xDD, 0x17, 0x45, 0x19, 0x45, 0x43, 0xBD],
0xD: [0xDF, 0xF3, 0xFC, 0xD6, 0x08, 0xB0, 0x55, 0x97, 0xCF, 0x09, 0xA2, 0x3B, 0xD1, 0x7D, 0x3F, 0xD2],
0xD9: [0xC7, 0xAC, 0x13, 0x06, 0xDE, 0xFE, 0x39, 0xEC, 0x83, 0xA1, 0x48, 0x3B, 0x0E, 0xE2, 0xEC, 0x89],
} 



    



challenge1_secret = {
0: [0xD2, 0x07, 0x22, 0x53, 0xA4, 0xF2, 0x74, 0x68],
1: [0xF5, 0xD7, 0xD4, 0xB5, 0x75, 0xF0, 0x8E, 0x4E],
2: [0xB3, 0x7A, 0x16, 0xEF, 0x55, 0x7B, 0xD0, 0x89],
3: [0xCC, 0x69, 0x95, 0x81, 0xFD, 0x89, 0x12, 0x6C],
4: [0xA0, 0x4E, 0x32, 0xBB, 0xA7, 0x13, 0x9E, 0x46],
5: [0x49, 0x5E, 0x03, 0x47, 0x94, 0x93, 0x1D, 0x7B],
6: [0xB0, 0xB8, 0x09, 0x83, 0x39, 0x89, 0xFA, 0xE2],
0xA: [0xC2, 0x37, 0x7E, 0x8A, 0x74, 0x09, 0x6C, 0x5F],
0xD: [0x58, 0x1C, 0x7F, 0x19, 0x44, 0xF9, 0x62, 0x62],
0xD9: [0x90, 0xE1, 0xF0, 0xC0, 0x01, 0x78, 0xE3, 0xFF]
}

challenge2_secret = {
0: [0xF4, 0xE0, 0x43, 0x13, 0xAD, 0x2E, 0xB4, 0xDB],
1: [0xFE, 0x7D, 0x78, 0x99, 0xBF, 0xEC, 0x47, 0xC5],
2: [0x86, 0x5E, 0x3E, 0xEF, 0x9D, 0xFB, 0xB1, 0xFD],
3: [0x30, 0x6F, 0x3A, 0x03, 0xD8, 0x6C, 0xBE, 0xE4],
4: [0xFF, 0x72, 0xBD, 0x2B, 0x83, 0xB8, 0x9D, 0x2F],
5: [0x84, 0x22, 0xDF, 0xEA, 0xE2, 0x1B, 0x63, 0xC2],
6: [0x58, 0xB9, 0x5A, 0xAE, 0xF3, 0x99, 0xDB, 0xD0],
0xA: [0x09, 0x3E, 0xC5, 0x19, 0xAF, 0x0F, 0x50, 0x2D],
0xD: [0x31, 0x80, 0x53, 0x87, 0x5C, 0x20, 0x3E, 0x24],
0xD9: [0xC3, 0x4A, 0x6A, 0x7B, 0x20, 0x5F, 0xE8, 0xF9]
}
    


def MixChallenge1(version, challenge):
    
    data = [ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
    secret1=challenge1_secret[version]
    data[0] =secret1[0]
    data[4] =secret1[1]
    data[8] =secret1[2]
    data[0xC] =secret1[3]
    data[1] =secret1[4]
    data[5] =secret1[5]
    data[9] =secret1[6]
    data[0xD] =secret1[7]
    data[2] = challenge[0]
    data[6] = challenge[1]
    data[0xA] = challenge[2]
    data[0xE] = challenge[3]
    data[3] = challenge[4]
    data[7] = challenge[5]
    data[0xB] = challenge[6]
    data[0xF] = challenge[7]
    return data


def MixChallenge2(version, challenge):

    data = [ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
    secret2=challenge2_secret[version]
    data[0] =challenge[0]
    data[4] =challenge[1]
    data[8] =challenge[2]
    data[0xC] =challenge[3]
    data[1] =challenge[4]
    data[5] =challenge[5]
    data[9] =challenge[6]
    data[0xD] =challenge[7]
    data[2] = secret2[0]
    data[6] = secret2[1]
    data[0xA] = secret2[2]
    data[0xE] = secret2[3]
    data[3] = secret2[4]
    data[7] = secret2[5]
    data[0xB] = secret2[6]
    data[0xF] = secret2[7]
    return data


       

newmap = [
    0x00, 0x04, 0x08, 0x0C, 0x01, 0x05, 0x09, 0x0D, 0x02, 0x06, 0x0A, 0x0E, 0x03, 0x07, 0x0B, 0x0F, 
]



def MatrixSwap(key):
    temp = [0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
    for i in range(0,len(key)):
        temp[i] = key[newmap[i]]
    return temp[0:len(key)]
 



def main():

    screq=bytes.fromhex(input("Syscon Challenge 1(9 bytes, first byte is version):"))


    if(len(screq) != 9):
        print("Error! Expecting a 0x80 type challenge message of length 9 (i.e. 02D65C94ABB92E5DBA)\n")
        return
        
    version= screq[0]
    req = screq[1:]
    
    print('-> Syscon Challenge 1: 0B 80 ' + bytes(screq).hex().upper())
    
    # The first challenge mixes the syscon generated challenge and the first challenge secret
    data=MixChallenge1(version,req)
    
    # The first challenge has two encryption, one for the first half and one for the second half
    challenge1a=AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(bytes(MatrixSwap(data)))
    #print("Challenge1a: " +(bytes( challenge1a).hex().upper()))
    #second = bytearray(0x10)
    #second[:] = challenge1a[:]
    
    #challenge1b=MatrixSwap(AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(bytes((second))))
    #print("Challenge1b: " +(bytes( challenge1b).hex().upper()))
    challenge1b = bytearray(os.urandom(0x8))
    response1 = bytes(challenge1a[0:8]) + bytes(challenge1b[0:8])
        
    print('<- Battery Response 1: 12 06 ' + bytes(response1).hex().upper())
    
    # The second challenge only uses the half of the first challenge and the second challenge secret
    data2=MixChallenge2(version,challenge1b[0:8])
    #data2=MixChallenge2(version,cb)
    challenge2=AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(bytes(MatrixSwap(data2)))
    
    print('-> Syscon Challenge 2: 0A 81 ' + bytes(challenge2[0:8]).hex().upper())
    
    response2=(AES.new(bytes(keystore[version]), AES.MODE_ECB).encrypt(challenge2))
    
    print('<- Battery Response 2: 0A 06 ' + bytes(response2[0:8]).hex().upper())

    
if __name__ == "__main__":
    main()


</pre>

= Script for comms of battery =

<pre>
#!/usr/bin/env python
'''

PSP v2 Syscon Handshake Calculator by Proxima (R)

Dedicated to zecoxao <3

'''



sbox = [
    0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 
    0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 
    0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 
    0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, 
    0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 
    0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 
    0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, 
    0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 
    0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, 
    0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, 
    0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 
    0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, 
    0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 
    0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 
    0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 
    0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16, 
    ]


key = [
    0x5C, 0xF3, 0x89, 0xEC, 0x52, 0x82, 0xD8, 0x16, 0xD9, 0xAC, 0x81, 0x29, 0x1C, 0xA4, 0x78, 0x7B, 
    0x1A, 0xE9, 0x60, 0x8C, 0xF7, 0x75, 0xAD, 0xBB, 0xF8, 0x54, 0xD5, 0xFC, 0xD2, 0x76, 0x0E, 0x75, 
    0xF2, 0x1B, 0x7B, 0xF7, 0x47, 0x32, 0x9F, 0x24, 0x65, 0x31, 0xE4, 0x18, 0xB6, 0xC0, 0xCE, 0xBB, 
    0xC0, 0xDB, 0xA0, 0x57, 0xEA, 0xD8, 0x47, 0x63, 0x8F, 0xBE, 0x5A, 0x42, 0xDE, 0x1E, 0xD0, 0x6B, 
    0x33, 0xE8, 0x48, 0x1F, 0xC6, 0x1E, 0x59, 0x3A, 0xF0, 0x4E, 0x14, 0x56, 0x85, 0x9B, 0x4B, 0x20, 
    0xA3, 0x4B, 0x03, 0x1C, 0x77, 0x69, 0x30, 0x0A, 0x47, 0x09, 0x1D, 0x4B, 0x45, 0xDE, 0x95, 0xB5, 
    0xE4, 0xAF, 0xAC, 0xB0, 0xC4, 0xAD, 0x9D, 0x97, 0x92, 0x9B, 0x86, 0xCD, 0xD9, 0x07, 0x92, 0x27, 
    0x2C, 0x83, 0x2F, 0x9F, 0x79, 0xD4, 0x49, 0xDE, 0x5E, 0xC5, 0x43, 0x8E, 0x3E, 0x39, 0xAB, 0x8C, 
    0xB1, 0x32, 0x1D, 0x82, 0x60, 0xB4, 0xFD, 0x23, 0x3A, 0xFF, 0xBC, 0x32, 0xE5, 0xDC, 0x77, 0xFB, 
    0x8C, 0xBE, 0xA3, 0x21, 0x43, 0xF7, 0x0A, 0x29, 0x35, 0xCA, 0x76, 0x44, 0xF6, 0x2A, 0x5D, 0xA6, 
    0x1F, 0xA1, 0x02, 0x23, 0x58, 0xAF, 0xA5, 0x8C, 0x11, 0xDB, 0xAD, 0xE9, 0x0B, 0x21, 0x7C, 0xDA, 
    0x9D, 0xE1, 0x09, 0xA6, 0x4F, 0xB6, 0x30, 0xA5, 0x50, 0x8E, 0x7D, 0xB5, 0xFC, 0x12, 0xDB, 0xAA, 
    0x9A, 0x7B, 0x72, 0xD4, 0x9A, 0x2C, 0x1C, 0xB9, 0xFC, 0x72, 0x0F, 0xBA, 0xD8, 0xCA, 0x11, 0xBB, 
    0xCE, 0xB5, 0xC7, 0x13, 0x6E, 0x42, 0x5E, 0xE7, 0x16, 0x64, 0x6B, 0xD1, 0x90, 0x5A, 0x4B, 0xF0, 
    0x5E, 0xEB, 0x2C, 0x3F, 0x50, 0x12, 0x4C, 0xAB, 0x9A, 0xFE, 0x95, 0x44, 0xED, 0xB7, 0xFC, 0x0C, 
    0x34, 0xDF, 0xF3, 0xCC, 0x4B, 0x59, 0x15, 0xBE, 0x64, 0x9A, 0x0F, 0x4B, 0x98, 0x2F, 0xD3, 0xDF, 
    0x8A, 0x55, 0xA6, 0x6A, 0xF8, 0xA1, 0xB4, 0x0A, 0xFA, 0x60, 0x6F, 0x24, 0xD3, 0xFC, 0x2F, 0xF0, 
    0xCD, 0x98, 0x3E, 0x54, 0xCE, 0x6F, 0xDB, 0xD1, 0x76, 0x16, 0x79, 0x5D, 0xD1, 0x2D, 0x02, 0xF2, 
    0xB3, 0x2B, 0x15, 0x41, 0x82, 0xED, 0x36, 0xE7, 0xFF, 0xE9, 0x90, 0xCD, 0xF1, 0xDC, 0xDE, 0x2C, 
    0xA7, 0x8C, 0x99, 0xD8, 0x3F, 0xD2, 0xE4, 0x03, 0x8E, 0x67, 0xF7, 0x3A, 0x72, 0xAE, 0x70, 0x5C, 
    0xC7, 0x4B, 0xD2, 0x0A, 0xBF, 0x6D, 0x89, 0x8A, 0xC4, 0xA3, 0x54, 0x6E, 0x13, 0xBD, 0xCD, 0x91, 
    0x8F, 0xC4, 0x16, 0x1C, 0x20, 0x4D, 0xC4, 0x4E, 0x45, 0xE6, 0xB2, 0xDC, 0x74, 0xC9, 0x04, 0x95, 
    0x09, 0x64, 0x1B, 0xF0, 0x75, 0xAC, 0xC0, 0xFC, 0x98, 0xF7, 0x90, 0xAB, 0x88, 0x62, 0x9D, 0xFF, 
    0xB8, 0xDC, 0xC7, 0x37, 0x17, 0xBB, 0x7B, 0x87, 0x8E, 0x79, 0xE9, 0x42, 0x04, 0x66, 0xFB, 0x04, 
    0xAD, 0x71, 0xB6, 0x81, 0x3B, 0x80, 0xFB, 0x7C, 0x7C, 0x05, 0xEC, 0xAE, 0x9E, 0xF8, 0x03, 0x07, 
    0xB9, 0xC8, 0x7E, 0xFF, 0xDF, 0x5F, 0xA4, 0xD8, 0xB9, 0xBC, 0x50, 0xFE, 0x92, 0x6A, 0x69, 0x6E, 
    0xD0, 0x18, 0x66, 0x99, 0x64, 0x3B, 0x9F, 0x47, 0x26, 0x9A, 0xCA, 0x34, 0x84, 0xEE, 0x87, 0xE9, 
    0x60, 0x78, 0x1E, 0x87, 0x7C, 0x47, 0xD8, 0x9F, 0x38, 0xA2, 0x68, 0x5C, 0x6A, 0x84, 0x03, 0xEA, 
    0x9B, 0xE3, 0xFD, 0x7A, 0x36, 0x71, 0xA9, 0x36, 0xBF, 0x1D, 0x75, 0x29, 0x7D, 0xF9, 0xFA, 0x10, 
    0xDE, 0x3D, 0xC0, 0xBA, 0x93, 0xE2, 0x4B, 0x7D, 0x75, 0x68, 0x1D, 0x34, 0xA7, 0x5E, 0xA4, 0xB4, 
    0xA1, 0x9C, 0x5C, 0xE6, 0x8B, 0x69, 0x22, 0x5F, 0xF8, 0x90, 0x8D, 0xB9, 0x53, 0x0D, 0xA9, 0x1D, 
    0x75, 0xE9, 0xB5, 0x53, 0xDD, 0xB4, 0x96, 0xC9, 0x5C, 0xCC, 0x41, 0xF8, 0xDD, 0xD0, 0x79, 0x64, 
    0x9E, 0x77, 0xC2, 0x91, 0x9C, 0x28, 0xBE, 0x77, 0x1F, 0xD3, 0x92, 0x6A, 0x30, 0xE0, 0x99, 0xFD, 
    0xC9, 0x06, 0xD8, 0x8C, 0x11, 0x4A, 0xD6, 0xDE, 0x5C, 0x26, 0xD9, 0x30, 0xE2, 0x86, 0xD0, 0x59, 
    0xD5, 0xD3, 0x0B, 0x87, 0x15, 0x5F, 0x89, 0x57, 0x97, 0xB1, 0x68, 0x58, 0x86, 0x00, 0xD0, 0x89, 
    0x8C, 0x5F, 0x54, 0xD3, 0x7F, 0x20, 0xA9, 0xFE, 0x30, 0x81, 0xE9, 0xB1, 0x91, 0x91, 0x41, 0xC8, 
    0x33, 0x6C, 0x38, 0xEB, 0xB7, 0x97, 0x3E, 0xC0, 0xD8, 0x59, 0xB0, 0x01, 0xF7, 0x66, 0x27, 0xEF, 
    0x81, 0xED, 0xD5, 0x3E, 0xCB, 0x5C, 0x62, 0xA2, 0x07, 0x5E, 0xEE, 0xEF, 0x1E, 0x78, 0x5F, 0xB0, 
    0xAB, 0x46, 0x93, 0xAD, 0x14, 0x48, 0x2A, 0x88, 0xE0, 0xBE, 0x50, 0xBF, 0xAC, 0xD4, 0x8B, 0x3B, 
    0x4F, 0x09, 0x9A, 0x37, 0x1C, 0x54, 0x7E, 0xF6, 0x02, 0xBC, 0xEC, 0x53, 0x39, 0xED, 0x66, 0x5D, 
    0x4D, 0x44, 0xDE, 0xE9, 0xF1, 0xA5, 0xDB, 0x2D, 0x4E, 0xF2, 0x1E, 0x4D, 0xA3, 0x4E, 0x28, 0x75, 
    0x15, 0x51, 0x8F, 0x66, 0x12, 0xB7, 0x6C, 0x41, 0xD3, 0x21, 0x3F, 0x72, 0xBD, 0xF3, 0xDB, 0xAE, 
    0x8D, 0xDC, 0x53, 0x35, 0x52, 0xE5, 0x89, 0xC8, 0x37, 0x16, 0x29, 0x5B, 0x8E, 0x7D, 0xA6, 0x08, 
    0x53, 0x8F, 0xDC, 0xE9, 0x6B, 0x8E, 0x07, 0xCF, 0x07, 0x11, 0x38, 0x63, 0x18, 0x65, 0xC3, 0xCB, 
    0x66, 0xFB, 0x90, 0x9E, 0x75, 0x42, 0x3F, 0xD2, 0x39, 0x73, 0xD7, 0xC6, 0xD2, 0xB2, 0xA3, 0x0C, 
    0xD2, 0x29, 0xB9, 0x27, 0xC1, 0x83, 0xBC, 0x6E, 0xC7, 0xB4, 0x63, 0xA5, 0xD9, 0x6B, 0xC8, 0xC4, 
    0x4F, 0x66, 0xDF, 0xF8, 0xC7, 0x44, 0xF8, 0x96, 0xDB, 0x6F, 0x0C, 0xA9, 0x15, 0x7E, 0xB6, 0x72, 
    0xDB, 0xBD, 0x62, 0x9A, 0x14, 0x50, 0xA8, 0x3E, 0x9B, 0xF4, 0xF8, 0x51, 0x54, 0x2A, 0x9C, 0xEE, 
    0x61, 0xDC, 0xBE, 0x24, 0xC5, 0x95, 0x3D, 0x03, 0xB3, 0x47, 0xBF, 0xEE, 0xEC, 0xC6, 0x5A, 0xB4, 
    0x0A, 0xD6, 0x68, 0x4C, 0xED, 0x78, 0x45, 0x46, 0x3E, 0x79, 0xC6, 0x28, 0xDA, 0x1C, 0x46, 0xF2, 
    0x70, 0xA6, 0xCE, 0x82, 0xD9, 0xA1, 0xE4, 0xA2, 0xB7, 0xCE, 0x08, 0x20, 0xF3, 0xEF, 0xA9, 0x5B, 
    0x0A, 0xAC, 0x62, 0xE0, 0x6E, 0xCF, 0x2B, 0x89, 0x8E, 0x40, 0x48, 0x68, 0xE0, 0x0F, 0xA6, 0xFD, 
    0x2D, 0x81, 0xE3, 0x03, 0x2B, 0xE4, 0xCF, 0x46, 0xDA, 0x9A, 0xD2, 0xBA, 0x01, 0x0E, 0xA8, 0x55, 
    0x6C, 0xED, 0x0E, 0x0D, 0xDF, 0x3B, 0xF4, 0xB2, 0x26, 0xBC, 0x6E, 0xD4, 0x7A, 0x74, 0xDC, 0x89, 
    0x6D, 0x80, 0x8E, 0x83, 0x97, 0xAC, 0x58, 0xEA, 0x81, 0x3D, 0x53, 0x87, 0xAD, 0xD9, 0x05, 0x8C, 
    0xF4, 0xF4, 0xD1, 0x8F, 0xFA, 0xDB, 0x86, 0x99, 0xEF, 0xAB, 0x74, 0x05, 0x20, 0x31, 0xFD, 0x66, 
    0x1B, 0xEF, 0x3E, 0xB1, 0x91, 0x4A, 0xCC, 0x55, 0xDC, 0x77, 0x03, 0x06, 0x53, 0x62, 0x9F, 0xF9, 
    0xE5, 0x0A, 0x34, 0x85, 0xFE, 0xB4, 0x78, 0x2D, 0x45, 0x32, 0x31, 0x37, 0x9B, 0xF9, 0x66, 0x9F, 
    0x39, 0x33, 0x07, 0x82, 0x64, 0xD0, 0xA8, 0x85, 0x9E, 0xAC, 0x9D, 0xAA, 0x0C, 0xF5, 0x93, 0x0C, 
    0xA6, 0x95, 0x92, 0x10, 0xC8, 0x18, 0xB0, 0x35, 0x60, 0xCC, 0x51, 0xFB, 0x1F, 0xEA, 0x79, 0x75, 
    0x20, 0xB5, 0x27, 0x37, 0xC7, 0xDF, 0x6F, 0x5A, 0xFD, 0x31, 0x60, 0x9B, 0xD5, 0x3F, 0x46, 0x33, 
    0xBE, 0x0B, 0x2C, 0x1B, 0xD3, 0x0C, 0x63, 0x39, 0x3E, 0x0F, 0x6F, 0xF4, 0x4F, 0x70, 0x36, 0x05, 
    0xEC, 0xE7, 0xCB, 0xD0, 0x6C, 0x60, 0x03, 0x3A, 0x55, 0x5A, 0x35, 0xC1, 0xE0, 0x90, 0xA6, 0xA3, 
    0xEC, 0x0B, 0xC0, 0x10, 0x14, 0x74, 0x77, 0x4D, 0x5F, 0x05, 0x30, 0xF1, 0x90, 0x00, 0xA6, 0x05, 
    0x14, 0x1F, 0xDF, 0xCF, 0xB5, 0xC1, 0xB6, 0xFB, 0x34, 0x31, 0x01, 0xF0, 0x5A, 0x5A, 0xFC, 0xF9, 
    0x2D, 0x32, 0xED, 0x22, 0x39, 0xF8, 0x4E, 0xB5, 0xAD, 0x9C, 0x9D, 0x6D, 0xD0, 0x8A, 0x76, 0x8F, 
    0xEA, 0x63, 0xF9, 0x4F, 0x0C, 0xD7, 0x61, 0x35, 0x81, 0xE9, 0x13, 0x2D, 0x13, 0x30, 0x5A, 0xDC, 
    0x7D, 0x1E, 0xE7, 0xA8, 0xD4, 0x03, 0x62, 0x57, 0x07, 0xEE, 0xFD, 0xD0, 0x97, 0xA7, 0xFD, 0x21, 
    0x24, 0x3A, 0xDD, 0x75, 0xA4, 0xA7, 0xC5, 0x92, 0xFA, 0x14, 0xE9, 0x39, 0x55, 0xF2, 0x0F, 0x2E, 
    0x6F, 0x55, 0x88, 0xFD, 0xB6, 0x11, 0xD4, 0x46, 0xCB, 0xDF, 0x36, 0x0F, 0xC8, 0x3A, 0x35, 0x1B, 
    0x3D, 0x68, 0xE0, 0x1D, 0xC0, 0xD1, 0x05, 0x43, 0x64, 0xBB, 0x8D, 0x82, 0x9C, 0xA6, 0x93, 0x88, 
    0x37, 0x5F, 0xBF, 0xA2, 0xD3, 0x02, 0x07, 0x44, 0xA0, 0x1B, 0x96, 0x14, 0x38, 0x9E, 0x0D, 0x85, 
    0x0C, 0x53, 0xEC, 0x4E, 0x29, 0x2B, 0x2C, 0x68, 0x37, 0x2C, 0xBA, 0xAE, 0x02, 0x9C, 0x91, 0x14, 
    0x09, 0x5A, 0xB6, 0xF8, 0xCD, 0xE6, 0xCA, 0xA2, 0xCD, 0xE1, 0x5B, 0xF5, 0x2D, 0xB1, 0x20, 0x34, 
    0xB3, 0xE9, 0x5F, 0xA7, 0x2B, 0xCD, 0x07, 0xA5, 0xD5, 0x34, 0x6F, 0x9A, 0x6C, 0xDD, 0xFD, 0xC9, 
    0xAE, 0x47, 0x18, 0xBF, 0x93, 0x5E, 0x59, 0xFC, 0x08, 0x3C, 0x53, 0xC9, 0x30, 0xED, 0x10, 0xD9, 
    0x28, 0x6F, 0x77, 0xC8, 0x4E, 0x10, 0x49, 0xB5, 0x3D, 0x01, 0x52, 0x9B, 0x38, 0xD5, 0xC5, 0x1C, 
]
    

def ShiftRows(state):
    tmp = state[5]
    state[5] = state[7]
    state[7] = tmp
    tmp = state[8]
    state[8] = state[0xB]
    state[0xB] = tmp
    tmp = state[9]
    state[9] = state[0xA]
    state[0xA] = tmp
    tmp = state[0xC]
    state[0xC] = state[0xE]
    state[0xE] = tmp


def SubBytes(state):
    for i in range(0,0x10):
        state[i] = sbox[state[i]]


def MixColumns(a,state):
    b=state[a]
    tmp =b
    tmp = tmp <<1
    if(tmp >=0x100):
        tmp = tmp ^ 0x1B
    b = tmp & 0xff
    
    c=state[a+4]
    tmp =c
    tmp = tmp <<1
    if(tmp >=0x100):
        tmp = tmp ^ 0x1B
    c = tmp & 0xff
 
    u = c ^ state[a+4] ^ b ^ state[a+8] ^ state[a+0xC]

    c=state[a+4]
    tmp =c
    tmp = tmp <<1
    if(tmp >=0x100):
        tmp = tmp ^ 0x1B
    c = tmp & 0xff
    
    d=state[a+8]
    tmp =d
    tmp = tmp <<1
    if(tmp >=0x100):
        tmp = tmp ^ 0x1B
    d = tmp & 0xff

    x = d ^ state[a+8] ^ c ^ state[a] ^ state[a+0xc]
    
    d=state[a+8]
    tmp =d
    tmp = tmp <<1
    if(tmp >=0x100):
        tmp = tmp ^ 0x1B
    d = tmp & 0xff
    
    e=state[a+0xC]
    tmp =e
    tmp = tmp <<1
    if(tmp >=0x100):
        tmp = tmp ^ 0x1B
    e = tmp & 0xff

    y = e ^ state[a+0xC] ^ d ^ state[a] ^ state[a+4]    
    
    e=state[a+0xC]
    tmp =e
    tmp = tmp <<1
    if(tmp >=0x100):
        tmp = tmp ^ 0x1B
    e = tmp & 0xff
    
    b=state[a]
    tmp =b
    tmp = tmp <<1
    if(tmp >=0x100):
        tmp = tmp ^ 0x1B
    b = tmp & 0xff

    z = b ^ state[a] ^ e ^ state[a+4] ^ state[a+8]    
    state[a+0xC] = z
    state[a+8] = y
    state[a+4] = x
    state[a] = u
    
   
def AddRoundKey(version,b,state):
    for i in range(0, 2):
        state[(i*2)] ^= key[(0xB0*version)+(b*0x10)+(i*2)]
        state[(i*2)+1] ^= key[(0xB0*version)+(b*0x10)+(i*2)+1]
    for i in range(2, 8):
        a=state[(i*2)] ^ key[(0xB0*version)+(b*0x10)+(i*2)]
        c=state[(i*2)+1] ^ key[(0xB0*version)+(b*0x10)+(i*2)+1]
        state[(i*2)+1]=a
        state[(i*2)]=c


def FinalRoundKey(version,state):
    for i in range(0, 2):
        state[(i*2)] ^= key[(0xB0*version)+(10*0x10)+(i*2)]
        state[(i*2)+1] ^= key[(0xB0*version)+(10*0x10)+(i*2)+1]
    for i in range(2, 8):
        a=state[(i*2)] ^ key[(0xB0*version)+(10*0x10)+(i*2)]
        c=state[(i*2)+1] ^ key[(0xB0*version)+(10*0x10)+(i*2)+1]
        state[(i*2)+1]=c
        state[(i*2)]=a


def sony_encrypt(version,data):
    AddRoundKey(version,0,data)
    for i in range (1,10):
        ShiftRows(data)
        SubBytes(data)
        MixColumns(0,data)
        MixColumns(1,data)
        MixColumns(2,data)
        MixColumns(3,data)
        AddRoundKey(version,i,data)
    ShiftRows(data)
    SubBytes(data)
    FinalRoundKey(version,data)


def MixSecret1(version,data, challenge):
    secret1 = [ 
    0xD2, 0x07, 0x22, 0x53, 0xA4, 0xF2, 0x74, 0x68, 
    0xF5, 0xD7, 0xD4, 0xB5, 0x75, 0xF0, 0x8E, 0x4E, 
    0xB3, 0x7A, 0x16, 0xEF, 0x55, 0x7B, 0xD0, 0x89, 
    0xCC, 0x69, 0x95, 0x81, 0xFD, 0x89, 0x12, 0x6C, 
    0xA0, 0x4E, 0x32, 0xBB, 0xA7, 0x13, 0x9E, 0x46, 
    0x49, 0x5E, 0x03, 0x47, 0x94, 0x93, 0x1D, 0x7B, 
    0xB0, 0xB8, 0x09, 0x83, 0x39, 0x89, 0xFA, 0xE2, 
    ]

    data[0] =secret1[(version *8)+0]
    data[4] =secret1[(version *8)+1]
    data[8] =secret1[(version *8)+2]
    data[0xC] =secret1[(version *8)+3]
    data[1] =secret1[(version *8)+4]
    data[5] =secret1[(version *8)+5]
    data[9] =secret1[(version *8)+6]
    data[0xD] =secret1[(version *8)+7]
    data[2] = challenge[0]
    data[6] = challenge[1]
    data[0xA] = challenge[2]
    data[0xE] = challenge[3]
    data[3] = challenge[4]
    data[7] = challenge[5]
    data[0xB] = challenge[6]
    data[0xF] = challenge[7]


def MixSecret2(version,data, challenge):
    secret2 = [ 
    0xF4, 0xE0, 0x43, 0x13, 0xAD, 0x2E, 0xB4, 0xDB, 
    0xFE, 0x7D, 0x78, 0x99, 0xBF, 0xEC, 0x47, 0xC5, 
    0x86, 0x5E, 0x3E, 0xEF, 0x9D, 0xFB, 0xB1, 0xFD, 
    0x30, 0x6F, 0x3A, 0x03, 0xD8, 0x6C, 0xBE, 0xE4, 
    0xFF, 0x72, 0xBD, 0x2B, 0x83, 0xB8, 0x9D, 0x2F, 
    0x84, 0x22, 0xDF, 0xEA, 0xE2, 0x1B, 0x63, 0xC2, 
    0x58, 0xB9, 0x5A, 0xAE, 0xF3, 0x99, 0xDB, 0xD0, 
    ]
    
    data[0] =challenge[0]
    data[4] =challenge[1]
    data[8] =challenge[2]
    data[0xC] =challenge[3]
    data[1] =challenge[4]
    data[5] =challenge[5]
    data[9] =challenge[6]
    data[0xD] =challenge[7]
    data[2] = secret2[(version *8)+0]
    data[6] = secret2[(version *8)+1]
    data[0xA] = secret2[(version *8)+2]
    data[0xE] = secret2[(version *8)+3]
    data[3] = secret2[(version *8)+4]
    data[7] = secret2[(version *8)+5]
    data[0xB] = secret2[(version *8)+6]
    data[0xF] = secret2[(version *8)+7]


def BatteryResponseRemap(dataA, dataB):
    message = [ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
    message[0] = dataA[0] 
    message[1] = dataA[4] 
    message[2] = dataA[8] 
    message[3] = dataA[0xC] 
    message[4] = dataA[1] 
    message[5] = dataA[5] 
    message[6] = dataA[7] 
    message[7] = dataA[0xD]  

    message[8] = dataB[0] 
    message[9] = dataB[1] 
    message[0xA] = dataB[2] 
    message[0xB] = dataB[3] 
    message[0xC] = dataB[4] 
    message[0xD] = dataB[5] 
    message[0xE] = dataB[6] 
    message[0xF] = dataB[7]      
    
    return message      


def SysconResponseRemap(dataA):
    message = [ 0,0,0,0, 0,0,0,0]
    message[0] = dataA[0] 
    message[1] = dataA[4] 
    message[2] = dataA[8] 
    message[3] = dataA[0xC] 
    message[4] = dataA[1] 
    message[5] = dataA[5] 
    message[6] = dataA[7] 
    message[7] = dataA[0xD]  
    
    return message


def BatteryResponseRemap2(dataA):
    message = [ 0,0,0,0, 0,0,0,0]
    message[0] = dataA[0] 
    message[1] = dataA[4] 
    message[2] = dataA[8] 
    message[3] = dataA[0xC] 
    message[4] = dataA[1] 
    message[5] = dataA[5] 
    message[6] = dataA[7] 
    message[7] = dataA[0xD]  

    return message
      
 
def main():
    data = [ 0,0,0,0, 0,0,0,0, 0,0,0,0, 0,0,0,0]
    

    screq=bytes.fromhex(input("Syscon Challenge 1:"))


    if(len(screq) != 9):
        print("Error! Expecting a 0x80 type challenge message of length 9 (i.e. 02D65C94ABB92E5DBA)\n")
        return
        
    version= screq[0]
    req = screq[1:]
    print('-> Syscon Challenge 1: 0B 80 ' + bytes(screq).hex().upper())
    MixSecret1(version,data,req)
    sony_encrypt(version,data)
    second = data.copy()
    sony_encrypt(version,second)
    lastResponse=second[0:8]
    message=BatteryResponseRemap(data, second)
    print('<- Battery Response 1: 12 06 ' + bytes(message).hex().upper())
    
    MixSecret2(version,data,lastResponse)
    sony_encrypt(version,data)   
    message=SysconResponseRemap(data)
    print('-> Syscon Challenge 2: 0A 81 ' + bytes(message).hex().upper())
    sony_encrypt(version,data)   
    message=BatteryResponseRemap2(data)
    print('<- Battery Response 2: 0A 06 ' + bytes(message).hex().upper())

    
if __name__ == "__main__":
    main()
</pre>