最近在研究一款索尼筆記本電池的協議，筆記本型號是VPCM121AX，最終目的是看能否山寨一塊能在這個本上正常使用的電池。抓了些數據觀察，但是發現有加密的地方。

     筆記本電池和筆記本之間通過SMbus協議通訊（其實就是I2C，兩條線SCL和SDA），筆記本可以通過SMbus總線讀取到電池的一些信息，如剩余電量、充放電電流、電壓、溫度等信息。經過大量數據分析發現，在插入電池的5秒時間內，筆記本會對電池進行判別，如果是非法電池則無法開機。

     具體是這樣的，監測發現，在插入電池后，電池和筆記本中的另一條數據線（標識為ID線）上有一系列電平變化動作，接下來筆記本在SMbus總線發一條0x3e讀命令給電池，電池回復9字節給筆記本，每次監測發現這9字節數據開始兩字節每次相同，剩余7字節每次不同。

    我的猜測是：每次插入電池，筆記本通過ID線傳送一些數據給電池，筆記本電池通過約定好的算法將數據處理，接著筆記本通過SMbus總線發送0x3e讀命令讀取計算結果，通過比對確定是否為原裝電池。

    USB邏輯分析儀將ID線上的電平變化按異步串口分析，結果為47字節數據，開始兩字節每次相同。

    有沒有大俠對這塊有了解，可以給些建議。

貼張USB邏輯分析儀圖和兩組電池識別通訊數據。

第一組數據

ID上數據
Time [s],Serial Data,Parity Error,Framing Error
0.0137357,0x6f,,
0.0149858,0xbf,,
0.0166256,0x03,,
0.0178294,0x3b,,
0.0190363,0x5b,,
0.0201407,0x97,,
0.0212467,0x4c,,
0.0222487,0xb4,,
0.0232551,0xf8,,
0.0248612,0x4e,,
0.0261661,0xb6,,
0.0272719,0xff,,
0.0303659,0xc3,,
0.0315740,0xb3,,
0.0327791,0x7f,,
0.0339872,0x0e,,
0.0351922,0x09,,
0.0364002,0xa8,,
0.0376052,0x47,,
0.0388132,0x6b,,
0.0400182,0x53,,
0.0412263,0xb9,,
0.0460132,0xc5,,
0.0472171,0x17,,
0.0484239,0xa5,,
0.0496278,0xef,,
0.0508346,0x28,,
0.0520384,0x5f,,
0.0532452,0xed,,
0.0544492,0x4a,,
0.0556560,0xc7,,
0.0568598,0x4b,,
0.0580667,0x29,,
0.0592706,0x8a,,
0.0604775,0xc3,,
0.0616813,0x30,,
0.0628882,0x62,,
0.0640920,0x48,,
0.0673342,0xc7,,
0.0685422,0x7b,,
0.0697472,0x14,,
0.0709553,0xb2,,
0.0721603,0x41,,
0.0733683,0xc9,,
0.0745732,0x20,,
0.0757812,0xa1,,
0.0769861,0x53,,
0.0781941,0x26,,

SMbus總線上0x3e命令數據

3.5180406,Start
3.5181241,Setup write to 0x0b. +ACK
3.5183848,Wrote 0x3e to 0x0b. +ACK
3.5187619,Start
3.5187829,Setup read from 0x0b. +ACK
3.5194416,Read 0x08 from 0x0b. +ACK
3.5196974,Read 0xd7 from 0x0b. +ACK
3.5199539,Read 0xc4 from 0x0b. +ACK
3.5202098,Read 0x44 from 0x0b. +ACK
3.5204663,Read 0x72 from 0x0b. +ACK
3.5207228,Read 0x4d from 0x0b. +ACK
3.5209791,Read 0x88 from 0x0b. +ACK
3.5212356,Read 0x19 from 0x0b. +ACK
3.5214920,Read 0x3f from 0x0b. +No ACK
3.5218308,Stop

第二組數據

ID線上數據
Time [s],Serial Data,Parity Error,Framing Error
0.0137430,0x6f,,
0.0149920,0xbf,,
0.0159295,0xb0,,
0.0169331,0x98,,
0.0181401,0x95,,
0.0193440,0xf3,,
0.0205510,0xc6,,
0.0217549,0x18,,
0.0229619,0x9a,,
0.0241658,0x5f,,
0.0253728,0x80,,
0.0265767,0x38,,
0.0303698,0xc3,,
0.0315768,0xbe,,
0.0327807,0x90,,
0.0339876,0x3b,,
0.0351915,0x36,,
0.0363984,0x53,,
0.0376022,0xa1,,
0.0388092,0x77,,
0.0400131,0x4e,,
0.0412200,0x3b,,
0.0460110,0xc5,,
0.0472149,0xf9,,
0.0484218,0x15,,
0.0496258,0x82,,
0.0508328,0x37,,
0.0520367,0x5c,,
0.0532437,0xa3,,
0.0544476,0xdf,,
0.0556545,0x95,,
0.0568584,0xf3,,
0.0580653,0xc6,,
0.0592692,0x18,,
0.0604762,0x9a,,
0.0616800,0x5f,,
0.0628869,0x80,,
0.0640908,0x49,,
0.0673272,0xc7,,
0.0685340,0x4d,,
0.0697378,0x83,,
0.0709448,0x5c,,
0.0721485,0x16,,
0.0733554,0x43,,
0.0745592,0x8c,,
0.0757661,0x4e,,
0.0769699,0x4e,,
0.0781768,0x74,,

SMbus總線上0x3e命令數據

3.5180426,Start
3.5181263,Setup write to 0x0b. +ACK
3.5183871,Wrote 0x3e to 0x0b. +ACK
3.5187626,Start
3.5187836,Setup read from 0x0b. +ACK
3.5194416,Read 0x08 from 0x0b. +ACK
3.5196989,Read 0xd7 from 0x0b. +ACK
3.5199544,Read 0x24 from 0x0b. +ACK
3.5202118,Read 0xbf from 0x0b. +ACK
3.5204703,Read 0xdb from 0x0b. +ACK
3.5207268,Read 0x8d from 0x0b. +ACK
3.5209817,Read 0x69 from 0x0b. +ACK
3.5212371,Read 0x99 from 0x0b. +ACK
3.5214941,Read 0x24 from 0x0b. +No ACK
3.5217608,Stop