mardock2009/oscam-2.26.01-11942-802-with-Advanced-fake-dcw-detection
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a81bc11fe7
oscam-2.26.01-11942-802-wit.../reader-irdeto.c
mardock2009 7dd9993d4f mod2
2026-02-17 10:06:53 +00:00

1405 lines
40 KiB
C
Executable File
Raw Blame History

#include "globals.h"
#ifdef READER_IRDETO
#include "oscam-time.h"
#include "reader-common.h"
#include "reader-irdeto.h"
/* some variables for T0 protocol card */
#define T0EMM 0xD1
#define T0ECM 0xD5
#define T0GET 0xD2
/* end define */
typedef struct chid_base_date
{
uint16_t caid;
uint16_t acs;
char c_code[4];
uint32_t base;
} CHID_BASE_DATE;
struct irdeto_data
{
int32_t t0; // A flag for T0 protocol card
uint16_t acs;
char country_code[3]; // irdeto country code.
};
static void XRotateLeft8Byte(uint8_t *buf)
{
int32_t k;
uint8_t t1 = buf[7];
uint8_t t2 = 0;
for(k = 0; k <= 7; k++)
{
t2 = t1;
t1 = buf[k];
buf[k] = (buf[k] << 1) | (t2 >> 7);
}
}
static void ReverseSessionKeyCrypt(const uint8_t *camkey, uint8_t *key)
{
const uint8_t CryptTable[256] = {
0xDA, 0x26, 0xE8, 0x72, 0x11, 0x52, 0x3E, 0x46,
0x32, 0xFF, 0x8C, 0x1E, 0xA7, 0xBE, 0x2C, 0x29,
0x5F, 0x86, 0x7E, 0x75, 0x0A, 0x08, 0xA5, 0x21,
0x61, 0xFB, 0x7A, 0x58, 0x60, 0xF7, 0x81, 0x4F,
0xE4, 0xFC, 0xDF, 0xB1, 0xBB, 0x6A, 0x02, 0xB3,
0x0B, 0x6E, 0x5D, 0x5C, 0xD5, 0xCF, 0xCA, 0x2A,
0x14, 0xB7, 0x90, 0xF3, 0xD9, 0x37, 0x3A, 0x59,
0x44, 0x69, 0xC9, 0x78, 0x30, 0x16, 0x39, 0x9A,
0x0D, 0x05, 0x1F, 0x8B, 0x5E, 0xEE, 0x1B, 0xC4,
0x76, 0x43, 0xBD, 0xEB, 0x42, 0xEF, 0xF9, 0xD0,
0x4D, 0xE3, 0xF4, 0x57, 0x56, 0xA3, 0x0F, 0xA6,
0x50, 0xFD, 0xDE, 0xD2, 0x80, 0x4C, 0xD3, 0xCB,
0xF8, 0x49, 0x8F, 0x22, 0x71, 0x84, 0x33, 0xE0,
0x47, 0xC2, 0x93, 0xBC, 0x7C, 0x3B, 0x9C, 0x7D,
0xEC, 0xC3, 0xF1, 0x89, 0xCE, 0x98, 0xA2, 0xE1,
0xC1, 0xF2, 0x27, 0x12, 0x01, 0xEA, 0xE5, 0x9B,
0x25, 0x87, 0x96, 0x7B, 0x34, 0x45, 0xAD, 0xD1,
0xB5, 0xDB, 0x83, 0x55, 0xB0, 0x9E, 0x19, 0xD7,
0x17, 0xC6, 0x35, 0xD8, 0xF0, 0xAE, 0xD4, 0x2B,
0x1D, 0xA0, 0x99, 0x8A, 0x15, 0x00, 0xAF, 0x2D,
0x09, 0xA8, 0xF5, 0x6C, 0xA1, 0x63, 0x67, 0x51,
0x3C, 0xB2, 0xC0, 0xED, 0x94, 0x03, 0x6F, 0xBA,
0x3F, 0x4E, 0x62, 0x92, 0x85, 0xDD, 0xAB, 0xFE,
0x10, 0x2E, 0x68, 0x65, 0xE7, 0x04, 0xF6, 0x0C,
0x20, 0x1C, 0xA9, 0x53, 0x40, 0x77, 0x2F, 0xA4,
0xFA, 0x6D, 0x73, 0x28, 0xE2, 0xCD, 0x79, 0xC8,
0x97, 0x66, 0x8E, 0x82, 0x74, 0x06, 0xC7, 0x88,
0x1A, 0x4A, 0x6B, 0xCC, 0x41, 0xE9, 0x9D, 0xB8,
0x23, 0x9F, 0x3D, 0xBF, 0x8D, 0x95, 0xC5, 0x13,
0xB9, 0x24, 0x5A, 0xDC, 0x64, 0x18, 0x38, 0x91,
0x7F, 0x5B, 0x70, 0x54, 0x07, 0xB6, 0x4B, 0x0E,
0x36, 0xAC, 0x31, 0xE6, 0xD6, 0x48, 0xAA, 0xB4 };
uint8_t localkey[8], tmp1, tmp2;
int32_t idx1, idx2;
memcpy(localkey, camkey, 8);
for(idx1 = 0; idx1 < 8; idx1++)
{
for(idx2 = 0; idx2 < 8; idx2++)
{
tmp1 = CryptTable[key[7] ^ localkey[idx2] ^ idx1];
tmp2 = key[0];
key[0] = key[1];
key[1] = key[2];
key[2] = key[3];
key[3] = key[4];
key[4] = key[5];
key[5] = key[6] ^ tmp1;
key[6] = key[7];
key[7] = tmp1 ^ tmp2;
}
XRotateLeft8Byte(localkey);
}
}
static time_t chid_date(struct s_reader *reader, uint32_t date, char *buf, int32_t l)
{
// Irdeto date starts 01.08.1997 which is
// 870393600 seconds in unix calendar time
//
// The above might not be true for all Irdeto card
// we need to find a way to identify cards to set the base date
// like we did for NDS
//
// this is the known default value.
uint32_t date_base;
if((reader->caid >> 8) == 0x06)
{
date_base = 946598400L; // this is actually 31.12.1999, 00:00 default for irdeto card
}
else
{
date_base = 870393600L; // this is actually 01.08.1997, 00:00 default for betacrypt cards
}
// CAID, ACS, Country, base date D. M. Y, h : m
CHID_BASE_DATE table[] = {
{0x0616, 0x0608, "ITA", 944110500L}, // 01.12.1999, 23.55 //nitegate
{0x0647, 0x0005, "ITA", 946598400L}, // 31.12.1999, 00:00 //Redlight irdeto
{0x0664, 0x0608, "TUR", 946598400L}, // 31.12.1999, 00:00
{0x0624, 0x0006, "CZE", 946598400L}, // 30.12.1999, 16:00 //skyklink irdeto
{0x0624, 0x0006, "SVK", 946598400L}, // 30.12.1999, 16:00 //skyklink irdeto
{0x0666, 0x0006, "SVK", 946598400L}, // 30.12.1999, 16:00 //cslink irdeto
{0x0668, 0x0006, "SVK", 946598400L}, // 30.12.1999, 00:00 //Towercom Irdeto
{0x0666, 0x0006, "CZE", 946598400L}, // 30.12.1999, 16:00 //cslink irdeto
{0x0653, 0x0608, "HUN", 946598400L}, // 31.12.1999, 00:00 //upc ice irdeto
{0x0653, 0x0005, "HUN", 946598400L}, // 31.12.1999, 00:00 //upc ice irdeto
{0x0650, 0x0608, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf P410 irdeto
{0x0650, 0x0005, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf P410 irdeto
{0x0648, 0x0608, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf ice irdeto
{0x0648, 0x0005, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf ice irdeto
{0x0627, 0x0608, "EGY", 946598400L}, // 30.12.1999, 16:00
{0x0602, 0x0606, "NLD", 946598400L}, // 31.12.1999, 08:00 //Ziggo irdeto caid: 0602, acs: 6.06
{0x0602, 0x0505, "NLD", 946598400L}, // 31.12.1999, 00:00 //Ziggo irdeto caid: 0602, acs: 5.05
{0x0606, 0x0005, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 0.05
{0x0606, 0x0605, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 6.05
{0x0606, 0x0606, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 6.06
{0x0606, 0x0006, "ZAF", 946598400L}, // 31.12.1999, 00:00 //dstv irdeto
{0x0604, 0x1541, "GRC", 977817600L}, // 26.12.2000, 00:00
{0x0604, 0x1542, "GRC", 977817600L}, // 26.12.2000, 00:00
{0x0604, 0x1543, "GRC", 977817600L}, // 26.12.2000, 00:00
{0x0604, 0x1544, "GRC", 977817600L}, // 26.12.2000, 17:00
{0x0604, 0x0608, "EGY", 999993600L}, // 08.09.2001, 17:00
{0x0604, 0x0606, "EGY", 1003276800L}, // 16.10.2001, 17:00
{0x0604, 0x0605, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
{0x0604, 0x0606, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
{0x0604, 0x0607, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
{0x0604, 0x0608, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
{0x0604, 0x0005, "GRC", 1011052800L}, // 15.01.2002, 00:00 //mova irdeto
{0x0604, 0x0606, "NLD", 1066089600L}, // 14.10.2003, 00:00
{0x0610, 0x0608, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0610, acs: 6.08
{0x0604, 0x0608, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 6.08
{0x0604, 0x0605, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 6.05
{0x0604, 0x0005, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 0.05
{0x0628, 0x0606, "MCR", 1159574400L}, // 29.09.2006, 00:00
{0x0652, 0x0005, "MCR", 1206662400L}, // 28.03.2008, 00:00 //Raduga caid:0652, acs: 0.05
{0x0652, 0x0608, "MCR", 1206662400L}, // 28.03.2008, 00:00 //Raduga caid:0652, acs: 6.08
{0x0, 0x0, "", 0L}
};
// now check for specific providers base date
int32_t i = 0;
struct irdeto_data *csystem_data = reader->csystem_data;
while(table[i].caid)
{
if((reader->caid == table[i].caid) && (csystem_data->acs == table[i].acs)
&& (!memcmp(csystem_data->country_code, table[i].c_code, 3)))
{
date_base = table[i].base;
break;
}
i++;
}
time_t ut = date_base + date * (24 * 3600);
if(buf)
{
struct tm t;
cs_gmtime_r(&ut, &t);
l = 27;
snprintf(buf, l, "%04d/%02d/%02d", t.tm_year + 1900, t.tm_mon + 1, t.tm_mday);
}
return (ut);
}
static int32_t irdeto_do_cmd(struct s_reader *reader, uint8_t *buf, uint16_t good, uint8_t *cta_res, uint16_t *p_cta_lr)
{
int32_t rc;
if((rc = reader_cmd2icc(reader, buf, buf[4] + 5, cta_res, p_cta_lr)))
{
return (rc); // result may be 0 (success) or negative
}
if(*p_cta_lr < 2)
{
return (0x7F7F); // this should never happen
}
return (good != b2i(2, cta_res + *p_cta_lr - 2));
}
#define reader_chk_cmd(cmd, l) { if (reader_cmd2icc(reader, cmd, sizeof(cmd), cta_res, &cta_lr)) return ERROR; if (l && (cta_lr!=l)) return ERROR; }
static int32_t irdeto_card_init_provider(struct s_reader *reader)
{
def_resp;
int32_t i, p;
uint8_t buf[256] = {0};
struct irdeto_data *csystem_data = reader->csystem_data;
uint8_t sc_T14GetProvider[] = { 0x02, 0x03, 0x03, 0x00, 0x00 };
uint8_t sc_T0Prov[] = { 0xD2, 0x06, 0x03, 0x00, 0x01, 0x3C };
uint8_t sc_T0_Cmd[] = { T0GET, 0xFE, 0x00, 0x00, 0x00 };
/*
* Provider
*/
memset(reader->prid, 0xff, sizeof(reader->prid));
for(buf[0] = i = p = 0; i < reader->nprov; i++)
{
int32_t anspadd = 0;
if(csystem_data->t0 == 1)
{
anspadd = 8;
sc_T0Prov[3] = i;
irdeto_do_cmd(reader, sc_T0Prov, 0x9021, cta_res, &cta_lr);
int32_t anslength = cta_res[cta_lr - 1];
sc_T0_Cmd[4] = anslength;
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
sc_T0Prov[5]++;
sc_T0_Cmd[3]++;
}
else
{
sc_T14GetProvider[3] = i;
reader_chk_cmd(sc_T14GetProvider, 0);
}
if(((cta_lr == 26) && ((!(i & 1)) || (cta_res[0] != 0xf))) || (csystem_data->t0 == 1))
{
reader->prid[i][4] = p++;
// maps the provider id for Betacrypt from FFFFFF to 000000,
// fixes problems with cascading CCcam and OSCam
if(caid_is_betacrypt(reader->caid))
{
memset(&reader->prid[i][0], 0, 4);
}
else
{
memcpy(&reader->prid[i][0], cta_res + anspadd, 4);
}
if(!memcmp(cta_res + anspadd + 1, &reader->hexserial, 3))
{
reader->prid[i][3] = 0xFF;
}
snprintf((char *) buf + cs_strlen((char *)buf), sizeof(buf) - cs_strlen((char *)buf), ",%06x", b2i(3, &reader->prid[i][1]));
}
else
{
reader->prid[i][0] = 0xf;
}
}
if(p)
{
rdr_log_sensitive(reader, "active providers: %d {(%s)}", p, buf + 1);
}
return OK;
}
static int32_t irdeto_card_init(struct s_reader *reader, ATR *newatr)
{
def_resp;
get_atr;
uint8_t buf[256] = { 0 };
uint8_t sc_T14GetCamKey384DZ[] = {
0x02, 0x09, 0x03, 0x00, 0x40,
0x27, 0xF2, 0xD6, 0xCD, 0xE6, 0x88, 0x62, 0x46,
0x81, 0xB0, 0xF5, 0x3E, 0x6F, 0x13, 0x4D, 0xCC,
0xFE, 0xD0, 0x67, 0xB1, 0x93, 0xDD, 0xF4, 0xDE,
0xEF, 0xF5, 0x3B, 0x04, 0x1D, 0xE5, 0xC3, 0xB2,
0x54, 0x38, 0x57, 0x7E, 0xC8, 0x39, 0x07, 0x2E,
0xD2, 0xF4, 0x05, 0xAA, 0x15, 0xB5, 0x55, 0x24,
0x90, 0xBB, 0x9B, 0x00, 0x96, 0xF0, 0xCB, 0xF1,
0x8A, 0x08, 0x7F, 0x0B, 0xB8, 0x79, 0xC3, 0x5D };
uint8_t sc_T14GetCamKey383C[] = {
0x02, 0x09, 0x03, 0x00, 0x40,
0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
uint8_t sc_T14GetCountryCode[] = { 0x02, 0x02, 0x03, 0x00, 0x00 };
uint8_t sc_T14GetASCIISerial[] = { 0x02, 0x00, 0x03, 0x00, 0x00 };
uint8_t sc_T14GetHEXSerial[] = { 0x02, 0x01, 0x00, 0x00, 0x00 };
uint8_t sc_T14GetSCDetails[] = { 0x02, 0x1E, 0x00, 0x00, 0x00 };
uint8_t sc_T14GetCardFile[] = { 0x02, 0x0E, 0x02, 0x00, 0x00 };
uint8_t sc_T0CamKey[70] = { 0xD2, 0x12, 0x00, 0x00, 0x41 };
uint8_t sc_T0Country[] = { 0xD2, 0x04, 0x00, 0x00, 0x01, 0x3E };
uint8_t sc_T0Ascii[] = { 0xD2, 0x00, 0x03, 0x00, 0x01, 0x3F };
uint8_t sc_T0Hex[] = { 0xD2, 0x02, 0x03, 0x00, 0x01, 0x3E };
uint8_t sc_T0SCDetails[] = { 0xD2, 0x3C, 0x00, 0x00, 0x01, 0x22 };
uint8_t sc_T0CFile[] = { 0xD2, 0x1C, 0x02, 0x00, 0x01, 0x30 };
uint8_t sc_T0_Cmd[] = { T0GET, 0xFE, 0x00, 0x00, 0x00 };
int32_t anspadd = 0;
int32_t t0 = 0;
if(!memcmp(atr + 4, "IRDETO", 6))
{
t0 = 0;
}
else
{
if((!memcmp(atr + 5, "IRDETO", 6)) || (((atr[6] == 0xC4) && (atr[9] == 0x8F) && (atr[10] == 0xF1)) && reader->force_irdeto))
{
t0 = 1;
anspadd = 8;
rdr_log(reader, "Hist. Bytes: %s", atr + 5);
}
else
{
return ERROR;
}
}
if(!cs_malloc(&reader->csystem_data, sizeof(struct irdeto_data)))
{
return ERROR;
}
struct irdeto_data *csystem_data = reader->csystem_data;
csystem_data->t0 = t0;
rdr_log(reader, "detect irdeto card");
if((array_has_nonzero_byte(reader->rsa_mod, 64) > 0) && (!reader->force_irdeto || csystem_data->t0)) // we use rsa from config as camkey
{
char tmp_dbg[65];
rdr_log_dbg(reader, D_READER, "using camkey data from config");
rdr_log_dbg(reader, D_READER, " camkey: %s", cs_hexdump(0, reader->boxkey, sizeof(reader->boxkey), tmp_dbg, sizeof(tmp_dbg)));
if(csystem_data->t0 == 1)
{
memcpy(&sc_T0CamKey[5], reader->rsa_mod, 0x40);
rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_T0CamKey[5], 32, tmp_dbg, sizeof(tmp_dbg)));
rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_T0CamKey[37], 32, tmp_dbg, sizeof(tmp_dbg)));
}
else
{
memcpy(&sc_T14GetCamKey383C[5], reader->rsa_mod, 0x40);
rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_T14GetCamKey383C[5], 32, tmp_dbg, sizeof(tmp_dbg)));
rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_T14GetCamKey383C[37], 32, tmp_dbg, sizeof(tmp_dbg)));
}
}
else
{
if(csystem_data->t0 == 1)
{
rdr_log(reader, "WARNING: T0 protocol card can require the CamKey from config");
}
else
{
memcpy(reader->boxkey, "\x11\x22\x33\x44\x55\x66\x77\x88", 8);
}
}
/*
* Get Irdeto Smartcard Details - version - patch level etc
*/
if(csystem_data->t0 == 1)
{
irdeto_do_cmd(reader, sc_T0SCDetails, 0x9015, cta_res, &cta_lr);
int32_t anslength = cta_res[cta_lr - 1];
sc_T0_Cmd[4] = anslength;
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
rdr_log(reader, "Irdeto SC %0x version %0x revision %0x, patch level %0x", cta_res[0 + anspadd], cta_res[1 + anspadd], cta_res[2 + anspadd], cta_res[5 + anspadd]);
}
else
{
if(!irdeto_do_cmd(reader, sc_T14GetSCDetails, 0, cta_res, &cta_lr))
{
rdr_log(reader, "Irdeto SC %0x version %0x revision %0x, patch level %0x", cta_res[0 + anspadd], cta_res[1 + anspadd], cta_res[2 + anspadd], cta_res[5 + anspadd]);
}
}
/*
* CountryCode
*/
if(csystem_data->t0 == 1)
{
irdeto_do_cmd(reader, sc_T0Country, 0x9019, cta_res, &cta_lr);
int32_t anslength = cta_res[cta_lr - 1];
sc_T0_Cmd[4] = anslength;
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
}
else
{
reader_chk_cmd(sc_T14GetCountryCode, 18);
}
csystem_data->acs = (cta_res[0 + anspadd] << 8) | cta_res[1 + anspadd];
reader->caid = (cta_res[5 + anspadd] << 8) | cta_res[6 + anspadd];
memcpy(csystem_data->country_code, cta_res + 13 + anspadd, 3);
rdr_log(reader, "caid: %04X, acs: %x.%02x, country code: %c%c%c",
reader->caid, cta_res[0 + anspadd], cta_res[1 + anspadd], cta_res[13 + anspadd], cta_res[14 + anspadd], cta_res[15 + anspadd]);
/*
* Ascii/Hex-Serial
*/
if(csystem_data->t0 == 1)
{
irdeto_do_cmd(reader, sc_T0Ascii, 0x901D, cta_res, &cta_lr);
int32_t anslength = cta_res[cta_lr - 1];
sc_T0_Cmd[4] = anslength;
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
}
else
{
reader_chk_cmd(sc_T14GetASCIISerial, 22);
}
memcpy(buf, cta_res + anspadd, 10);
buf[10] = 0;
if(csystem_data->t0 == 1)
{
irdeto_do_cmd(reader, sc_T0Hex, 0x903E, cta_res, &cta_lr);
int32_t anslength = cta_res[cta_lr - 1];
sc_T0_Cmd[4] = anslength;
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
}
else
{
reader_chk_cmd(sc_T14GetHEXSerial, 18);
}
reader->nprov = cta_res[10 + anspadd];
memcpy(reader->hexserial, cta_res + 12 + anspadd, 4);
rdr_log_sensitive(reader, "providers: %d, ascii serial: {%s}, hex serial: {%02X%02X%02X}, hex base: {%02X}",
reader->nprov, buf, reader->hexserial[0], reader->hexserial[1], reader->hexserial[2], reader->hexserial[3]);
/*
* CardFile
*/
if(csystem_data->t0 == 1)
{
irdeto_do_cmd(reader, sc_T0CFile, 0x9049, cta_res, &cta_lr);
int32_t anslength = cta_res[cta_lr - 1];
sc_T0_Cmd[4] = anslength;
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
sc_T0CFile[2] = 0x03;
sc_T0CFile[5]++;
irdeto_do_cmd(reader, sc_T0CFile, 0x9049, cta_res, &cta_lr);
anslength = cta_res[cta_lr - 1];
sc_T0_Cmd[4] = anslength;
sc_T0_Cmd[2] = 0x03;
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
sc_T0_Cmd[2] = 0x00;
}
else
{
for(sc_T14GetCardFile[2] = 2; sc_T14GetCardFile[2] < 4; sc_T14GetCardFile[2]++)
{
reader_chk_cmd(sc_T14GetCardFile, 0);
}
}
/*
* CamKey
*/
if(csystem_data->t0 == 1)
{
int32_t i, crc = 61;
crc ^= 0x01, crc ^= 0x02, crc ^= 0x09;
crc ^= sc_T0CamKey[2], crc ^= sc_T0CamKey[3], crc ^= (sc_T0CamKey[4] + 1);
for(i = 5; i < (int)sizeof(sc_T0CamKey) - 1; i++)
{
crc ^= sc_T0CamKey[i];
}
sc_T0CamKey[69] = crc;
if(irdeto_do_cmd(reader, sc_T0CamKey, 0x9011, cta_res, &cta_lr))
{
rdr_log(reader, "You have a bad Cam Key set");
return ERROR;
}
int32_t anslength = cta_res[cta_lr - 1];
sc_T0_Cmd[4] = anslength;
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
}
// Dirty hack for Ziggo will be removed when optimum values are find on these T14 cards for v2 and triple
// There are also other readers suffering from simmilar issue for those cards.
else if(((reader->caid == 0x0604) || (reader->caid == 0x1722)) && (csystem_data->t0 == 0) && (reader->typ == R_SMART) && (reader->smart_type >= 2))
{
// Quick and dirty containment for the SmargoV2, Triple and Ziggo irdeto caid: 0604 using smartreader protocol
// dirty hack ziggo nl card smartreader v2 and triple will be removed after findings optimum T14 values for v2 and triple
// For some reason only 4 to 5 bytes are received, while 8 bytes are expected.
int32_t rc;
if(reader->caid == 0x1722)
{
rc = reader_cmd2icc(reader, sc_T14GetCamKey384DZ, sizeof(sc_T14GetCamKey384DZ), cta_res, &cta_lr);
}
else
{
rc = reader_cmd2icc(reader, sc_T14GetCamKey383C, sizeof(sc_T14GetCamKey383C), cta_res, &cta_lr);
}
rdr_log_dbg(reader, D_READER, "SmargoV2 camkey exchange containment: Ignoring returncode (%d), should have been 0.", rc);
rdr_log_dbg(reader, D_READER, "In case cardinit NOK and/or no entitlements, retry by restarting oscam.");
} // end dirty hack
else
{
if(reader->caid == 0x1722)
{
reader_chk_cmd(sc_T14GetCamKey384DZ, 0);
}
else
{
reader_chk_cmd(sc_T14GetCamKey383C, 0);
}
}
return irdeto_card_init_provider(reader);
}
int32_t irdeto_do_ecm(struct s_reader *reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)
{
def_resp;
cta_lr = 0; // suppress compiler error
static const uint8_t sc_T14EcmCmd[] = { 0x05, 0x00, 0x00, 0x02, 0x00 };
uint8_t sc_T0Ecm[] = { 0xD5, 0x00, 0x00, 0x02, 0x00 };
uint8_t sc_T0_Cmd[] = { T0ECM, 0xFE, 0x00, 0x00, 0x00 };
uint8_t cta_cmd[MAX_ECM_SIZE];
struct irdeto_data *csystem_data = reader->csystem_data;
int32_t i = 0, anspadd = 0;
if(csystem_data->t0 == 1)
{
int32_t crc = 63;
anspadd = 8;
sc_T0Ecm[4] = er->ecm[2] - 2;
crc ^= 0x01;
crc ^= 0x05;
crc ^= sc_T0Ecm[2];
crc ^= sc_T0Ecm[3];
crc ^= (sc_T0Ecm[4] - 1);
for(i = 6; i < er->ecm[2] + 4; i++)
{
crc ^= er->ecm[i];
}
memcpy(cta_cmd, sc_T0Ecm, sizeof(sc_T0Ecm));
memcpy(cta_cmd + 5, er->ecm + 6, er->ecm[2] - 1);
cta_cmd[er->ecm[2] + 2] = crc;
irdeto_do_cmd(reader, cta_cmd, 0, cta_res, &cta_lr);
int32_t anslength = cta_res[cta_lr - 1];
sc_T0_Cmd[4] = anslength;
int32_t try = 1;
int32_t ret;
do
{
if(try > 1)
{
snprintf(ea->msglog, MSGLOGSIZE, "%.22s reader_chk_cmd try nr %i", reader->label, try);
}
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
if((cta_res[2] == 0x9D) && (cta_res[3] == 0x00))
{
ret = 0;
}
else
{
ret = 1;
}
ret = ret || (cta_lr == 11);
if(ret)
{
switch(cta_res[2])
{
case 0x26: // valid for V6 and V7 cards *26 rare case card gets locked if bad EMM being written
{
snprintf(ea->msglog, MSGLOGSIZE, "%.19s cardstatus: LOCKED", reader->label);
return ERROR;
}
case 0x27: // valid for V6 and V7 cards Time sync EMMs
{
snprintf(ea->msglog, MSGLOGSIZE, "%.23s Time Sync Global EMM needed", reader->label);
return ERROR;
}
case 0x33: // valid for all cards *33 comes in 2 cases Either Card Requires to be init with Dynamic RSA AKA cmd28/A0 or Pairing Enabled
{
snprintf(ea->msglog, MSGLOGSIZE, "%.26s dynamic RSA init or pairing enabled", reader->label);
return ERROR;
}
case 0x35: // valid for V6 and V7 cards Time sync EMMs
{
snprintf(ea->msglog, MSGLOGSIZE, "%.23s Time Sync Global EMM needed", reader->label);
return ERROR;
}
case 0x90: // valid for all cards
{
snprintf(ea->msglog, MSGLOGSIZE,"%.26s unsubscribed channel or chid missing", reader->label);
return ERROR;
}
case 0x92: // valid for all cards
{
snprintf(ea->msglog, MSGLOGSIZE,"%.22s regional chid missing", reader->label);
return ERROR;
}
case 0x9E: // valid for all cards *9E comes in 2 cases if card not fully updated OR if pairing Enabled
{
if(cta_res[3] == 0x65)
{
snprintf(ea->msglog, MSGLOGSIZE,"%.24s chipset pairing enabled", reader->label);
return ERROR;
}
else
{
snprintf(ea->msglog, MSGLOGSIZE,"%.11s needs EMMs", reader->label);
return ERROR;
}
}
case 0xA0: // valid for all cards
{
snprintf(ea->msglog, MSGLOGSIZE,"%.17s surflock enabled", reader->label);
return ERROR;
}
default: // all other error status
{
snprintf(ea->msglog, MSGLOGSIZE, "%.16s reader_chk_cmd [%d] %02x %02x", reader->label, cta_lr, cta_res[2], cta_res[3]);
break;
}
}
}
try++;
}
while((try < 3) && (ret));
if(ret)
{
return ERROR;
}
}
else
{
memcpy(cta_cmd, sc_T14EcmCmd, sizeof(sc_T14EcmCmd));
cta_cmd[4] = (er->ecm[2]) - 3;
memcpy(cta_cmd + sizeof(sc_T14EcmCmd), &er->ecm[6], cta_cmd[4]);
int32_t try = 1;
int32_t ret;
do
{
if(try > 1)
{
snprintf(ea->msglog, MSGLOGSIZE, "%.22s irdeto_do_cmd try nr %i", reader->label, try);
}
ret = (irdeto_do_cmd(reader, cta_cmd, 0x9D00, cta_res, &cta_lr));
ret = ret || (cta_lr == 2);
if(ret)
{
switch(cta_res[cta_lr - 2])
{
case 0x26: // valid for V6 and V7 cards *26 rare case card gets locked if bad EMM being written
{
snprintf(ea->msglog, MSGLOGSIZE, "%.19s cardstatus: LOCKED", reader->label);
return ERROR;
}
case 0x27: // valid for V6 and V7 cards Time sync EMMs
{
snprintf(ea->msglog, MSGLOGSIZE, "%.23s Time Sync Global EMM needed", reader->label);
return ERROR;
}
case 0x33: // valid for all cards *33 comes in 2 cases Either Card Requires to be init with Dynamic RSA AKA cmd28/A0 or Pairing Enabled
{
snprintf(ea->msglog, MSGLOGSIZE, "%.26s dynamic RSA init or pairing enabled", reader->label);
return ERROR;
}
case 0x35: // valid for V6 and V7 cards Time sync EMMs
{
snprintf(ea->msglog, MSGLOGSIZE, "%.23s Time Sync Global EMM needed", reader->label);
return ERROR;
}
case 0x90: // valid for all cards
{
snprintf(ea->msglog, MSGLOGSIZE,"%.26s unsubscribed channel or chid missing", reader->label);
return ERROR;
}
case 0x92: // valid for all cards
{
snprintf(ea->msglog, MSGLOGSIZE,"%.22s regional chid missing", reader->label);
return ERROR;
}
case 0x9E: // valid for all cards *9E comes in 2 cases if card not fully updated OR if pairing Enabled
{
if(cta_res[cta_lr - 1] == 0x65)
{
snprintf(ea->msglog, MSGLOGSIZE,"%.24s chipset pairing enabled", reader->label);
return ERROR;
}
else
{
snprintf(ea->msglog, MSGLOGSIZE,"%.11s needs EMMs", reader->label);
return ERROR;
}
}
case 0xA0: // valid for all cards
{
snprintf(ea->msglog, MSGLOGSIZE,"%.17s surflock enabled", reader->label);
return ERROR;
}
default: // all other error status
{
snprintf(ea->msglog, MSGLOGSIZE, "%.16s irdeto_do_cmd [%d] %02x %02x", reader->label, cta_lr, cta_res[cta_lr - 2], cta_res[cta_lr - 1]);
break;
}
}
}
try++;
}
while((try < 3) && (ret));
if(ret)
{
return ERROR;
}
}
if((cta_res[3 + anspadd] == 0x36) || (cta_res[3 + anspadd] == 0x37) || (cta_res[3 + anspadd] == 0x24) || (cta_res[3 + anspadd] == 0x25))
{
snprintf(ea->msglog, MSGLOGSIZE, "cw needs tweaking");
}
ReverseSessionKeyCrypt(reader->boxkey, cta_res + 6 + anspadd);
ReverseSessionKeyCrypt(reader->boxkey, cta_res + 14 + anspadd);
memcpy(ea->cw, cta_res + 6 + anspadd, 16);
return OK;
}
static int32_t irdeto_get_emm_type(EMM_PACKET *ep, struct s_reader *rdr)
{
int32_t i, l = (ep->emm[3] & 0x07);
int32_t base = (ep->emm[3] >> 3);
char dumprdrserial[l * 3], dumpemmserial[l * 3];
rdr_log_dbg(rdr, D_EMM, "Entered irdeto_get_emm_type ep->emm[3]=%02x", ep->emm[3]);
switch(l)
{
case 0:
// global emm, 0 bytes addressed
ep->type = GLOBAL;
rdr_log_dbg(rdr, D_EMM, "GLOBAL base = %02x", base);
if(base & 0x10) // hex serial based?
{
if(base == rdr->hexserial[3]) // does base match?
{
return 1;
}
else
{
return 0; // base doesnt match!
}
}
else
{
return 1;
} // provider based, match all!
case 2:
// shared emm, 2 bytes addressed
ep->type = SHARED;
memset(ep->hexserial, 0, 8);
memcpy(ep->hexserial, ep->emm + 4, l);
#ifdef WITH_DEBUG
if(cs_dblevel & D_EMM)
{
cs_hexdump(1, rdr->hexserial, l, dumprdrserial, sizeof(dumprdrserial));
cs_hexdump(1, ep->hexserial, l, dumpemmserial, sizeof(dumpemmserial));
}
#endif
rdr_log_dbg_sensitive(rdr, D_EMM, "SHARED l = %d ep = {%s} rdr = {%s} base = %02x",
l, dumpemmserial, dumprdrserial, base);
if(base & 0x10)
{
// hex addressed
return ((base == rdr->hexserial[3]) && (!memcmp(ep->emm + 4, rdr->hexserial, l)));
}
else
{
if(!memcmp(ep->emm + 4, rdr->hexserial, l))
{
return 1;
}
// provider addressed
for(i = 0; i < rdr->nprov; i++)
{
if((base == rdr->prid[i][0]) && (!memcmp(ep->emm + 4, &rdr->prid[i][1], l)))
{
return 1;
}
}
}
rdr_log_dbg(rdr, D_EMM, "neither hex nor provider addressed or unknown provider id");
return 0;
case 3:
// unique emm, 3 bytes addressed
ep->type = UNIQUE;
memset(ep->hexserial, 0, 8);
memcpy(ep->hexserial, ep->emm + 4, l);
#ifdef WITH_DEBUG
if(cs_dblevel & D_EMM)
{
cs_hexdump(1, rdr->hexserial, l, dumprdrserial, sizeof(dumprdrserial));
cs_hexdump(1, ep->hexserial, l, dumpemmserial, sizeof(dumpemmserial));
rdr_log_dbg_sensitive(rdr, D_EMM, "UNIQUE l = %d ep = {%s} rdr = {%s} base = %02x",
l, dumpemmserial, dumprdrserial, base);
}
#endif
if(base & 0x10) // unique hex addressed
{
return ((base == rdr->hexserial[3]) && (!memcmp(ep->emm + 4, rdr->hexserial, l)));
}
else
{
if(!memcmp(ep->emm + 4, rdr->hexserial, l))
{
return 1;
}
// unique provider addressed
for(i = 0; i < rdr->nprov; i++)
{
if((base == rdr->prid[i][0]) && (!memcmp(ep->emm + 4, &rdr->prid[i][1], l)))
{
return 1;
}
}
}
rdr_log_dbg(rdr, D_EMM, "neither hex nor provider addressed or unknown provider id");
return 0;
default:
ep->type = UNKNOWN;
rdr_log_dbg(rdr, D_EMM, "UNKNOWN");
return 1;
}
}
static int32_t irdeto_get_emm_filter(struct s_reader *rdr, struct s_csystem_emm_filter **emm_filters, unsigned int *filter_count)
{
if(*emm_filters == NULL)
{
const unsigned int max_filter_count = 3 + (rdr->nprov * 2);
if(!cs_malloc(emm_filters, max_filter_count * sizeof(struct s_csystem_emm_filter)))
{
return ERROR;
}
struct s_csystem_emm_filter *filters = *emm_filters;
*filter_count = 0;
unsigned int idx = 0;
filters[idx].type = EMM_GLOBAL;
filters[idx].enabled = 1;
filters[idx].filter[0] = 0x82;
filters[idx].mask[0] = 0xFF;
filters[idx].filter[1] = rdr->hexserial[3] << 3;
filters[idx].mask[1] = 0xFF;
idx++;
filters[idx].type = EMM_UNIQUE;
filters[idx].enabled = 1;
filters[idx].filter[0] = 0x82;
filters[idx].mask[0] = 0xFF;
filters[idx].filter[1] = 0xFB;
filters[idx].mask[1] = 0x07;
memcpy(&filters[idx].filter[2], rdr->hexserial, 3);
memset(&filters[idx].mask[2], 0xFF, 3);
idx++;
// Shared on Hex Serial only for Betacrypt
if(caid_is_betacrypt(rdr->caid))
{
filters[idx].type = EMM_SHARED;
filters[idx].enabled = 1;
filters[idx].filter[0] = 0x82;
filters[idx].mask[0] = 0xFF;
filters[idx].filter[1] = 0xFA;
filters[idx].mask[1] = 0x07;
memcpy(&filters[idx].filter[2], rdr->hexserial, 2);
memset(&filters[idx].mask[2], 0xFF, 2);
idx++;
}
int32_t i;
for(i = 0; i < rdr->nprov; i++)
{
filters[idx].type = EMM_UNIQUE;
filters[idx].enabled = 1;
filters[idx].filter[0] = 0x82;
filters[idx].mask[0] = 0xFF;
filters[idx].filter[1] = 0xFB;
filters[idx].mask[1] = 0x07;
memcpy(&filters[idx].filter[2], &rdr->prid[i][1], 3);
memset(&filters[idx].mask[2], 0xFF, 3);
idx++;
filters[idx].type = EMM_SHARED;
filters[idx].enabled = 1;
filters[idx].filter[0] = 0x82;
filters[idx].mask[0] = 0xFF;
filters[idx].filter[1] = 0xFA;
filters[idx].mask[1] = 0x07;
memcpy(&filters[idx].filter[2], &rdr->prid[i][1], 2);
memset(&filters[idx].mask[2], 0xFF, 2);
idx++;
}
*filter_count = idx;
}
return OK;
}
static int32_t irdeto_get_tunemm_filter(struct s_reader *rdr, struct s_csystem_emm_filter **emm_filters, unsigned int *filter_count)
{
if(*emm_filters == NULL)
{
const unsigned int max_filter_count = 3;
if(!cs_malloc(emm_filters, max_filter_count * sizeof(struct s_csystem_emm_filter)))
{
return ERROR;
}
struct s_csystem_emm_filter *filters = *emm_filters;
*filter_count = 0;
unsigned int idx = 0;
filters[idx].type = EMM_GLOBAL;
filters[idx].enabled = 1;
filters[idx].filter[0] = 0x82;
filters[idx].mask[0] = 0xFF;
idx++;
filters[idx].type = EMM_SHARED;
filters[idx].enabled = 1;
filters[idx].filter[0] = 0x83;
filters[idx].filter[1] = rdr->hexserial[1];
filters[idx].filter[2] = rdr->hexserial[0];
filters[idx].filter[3] = 0x10;
filters[idx].filter[4] = 0x00;
filters[idx].filter[5] = 0x10;
memset(&filters[idx].mask[0], 0xFF, 6);
idx++;
filters[idx].type = EMM_UNIQUE;
filters[idx].enabled = 1;
filters[idx].filter[0] = 0x83;
filters[idx].filter[1] = rdr->hexserial[1];
filters[idx].filter[2] = rdr->hexserial[0];
filters[idx].filter[3] = 0x10;
filters[idx].filter[4] = rdr->hexserial[2];
filters[idx].filter[5] = 0x00;
memset(&filters[idx].mask[0], 0xFF, 6);
idx++;
*filter_count = idx;
}
return OK;
}
void irdeto_add_emm_header(EMM_PACKET *ep)
{
uint8_t bt_emm[MAX_EMM_SIZE];
static const char *typtext[] = { "unknown", "unique", "shared", "global" };
memset(bt_emm, 0, sizeof(bt_emm));
ep->type = UNKNOWN;
if((ep->emm[0] == 0x83) && (ep->emm[5] == 0x10))
{
if(ep->emm[7] == 0x00)
{
ep->type = UNIQUE;
}
else
{
ep->type = SHARED;
}
}
else
{
if(ep->emm[0] == 0x82)
{
ep->type = GLOBAL;
}
}
if((ep->type != UNKNOWN) && (ep->emmlen == 142))
{
cs_log_dbg(D_EMM, "[TUN_EMM] Type: %s - rewriting header", typtext[ep->type]);
}
else
{
return;
}
// BETACRYPT/IRDETO EMM HEADER:
static uint8_t headerD0[6] = { 0x82, 0x70, 0x89, 0xd0, 0x01, 0x00 }; // GLOBAL
static uint8_t headerD2[8] = { 0x82, 0x70, 0x8b, 0xd2, 0x00, 0x00, 0x01, 0x00 }; // SHARED
static uint8_t headerD3[9] = { 0x82, 0x70, 0x8c, 0xd3, 0x00, 0x00, 0x00, 0x01, 0x00 }; // UNIQUE
switch(ep->type)
{
case UNIQUE:
memcpy(bt_emm, headerD3, sizeof(headerD3));
memcpy(bt_emm + sizeof(headerD3), ep->emm + 8, ep->emmlen - 8);
bt_emm[4] = ep->emm[4];
bt_emm[5] = ep->emm[3];
bt_emm[6] = ep->emm[6];
ep->emmlen = 143;
break;
case SHARED:
memcpy(bt_emm, headerD2, sizeof(headerD2));
memcpy(bt_emm + sizeof(headerD2), ep->emm + 8, ep->emmlen - 8);
bt_emm[4] = ep->emm[4];
bt_emm[5] = ep->emm[3];
ep->emmlen = 142;
break;
case GLOBAL:
memcpy(bt_emm, headerD0, sizeof(headerD0));
memcpy(bt_emm + sizeof(headerD0), ep->emm + 8, ep->emmlen - 8);
ep->emmlen = 140;
break;
}
memcpy(ep->emm, bt_emm, sizeof(bt_emm));
}
#define ADDRLEN 4 // Address length in EMM commands
static int32_t irdeto_do_emm(struct s_reader *reader, EMM_PACKET *ep)
{
def_resp;
static const uint8_t sc_T14EmmCmd[] = { 0x01, 0x00, 0x00, 0x00, 0x00 };
static uint8_t sc_T0Emm[] = { 0xD1, 0x00, 0x00, 0x00, 0x00 };
uint8_t sc_T0_Cmd[] = { T0EMM, 0xFE, 0x00, 0x00, 0x00 };
struct irdeto_data *csystem_data = reader->csystem_data;
uint8_t cta_cmd[272];
if(ep->emm[0] != 0x82)
{
rdr_log_dbg(reader, D_EMM, "Invalid EMM: Has to start with 0x82, but starts with %02x!", ep->emm[0]);
return ERROR;
}
int32_t i, l = (ep->emm[3] & 0x07), ok = 0;
int32_t mode = (ep->emm[3] >> 3);
uint8_t *emm = ep->emm;
if(mode & 0x10)
{
// hex addressed
ok = ((mode == reader->hexserial[3]) && ((!l) || (!memcmp(&emm[4], reader->hexserial, l))));
}
else
{
ok = !memcmp(&emm[4], reader->hexserial, l);
// provider addressed
for(i = 0; i < reader->nprov && !ok; i++)
{
ok = ((mode == reader->prid[i][0]) && ((!l) || (!memcmp(&emm[4], &reader->prid[i][1], l))));
}
}
if(ok)
{
l++;
if(l <= ADDRLEN)
{
if(csystem_data->t0 == 1)
{
int32_t dataLen = 0;
if(ep->type == UNIQUE)
{
dataLen = ep->emm[2] - 1;
}
else
{
dataLen = ep->emm[2];
}
if((dataLen < 7) || (dataLen > ((int32_t)sizeof(ep->emm) - 6)) || (dataLen > ((int32_t)sizeof(cta_cmd) - 9)))
{
rdr_log_dbg(reader, D_EMM, "dataLen %d seems wrong, faulty EMM?", dataLen);
return ERROR;
}
if(ep->type == GLOBAL)
{
dataLen += 2;
}
int32_t crc = 63;
sc_T0Emm[4] = dataLen;
memcpy(&cta_cmd, sc_T0Emm, sizeof(sc_T0Emm));
crc ^= 0x01;
crc ^= 0x01;
crc ^= 0x00;
crc ^= 0x00;
crc ^= 0x00;
crc ^= (dataLen - 1);
memcpy(&cta_cmd[5], &ep->emm[3], 10);
if(ep->type == UNIQUE)
{
memcpy(&cta_cmd[9], &ep->emm[9], dataLen - 4);
}
else
{
if(ep->type == GLOBAL)
{
memcpy(&cta_cmd[9], &ep->emm[6], 1);
memcpy(&cta_cmd[10], &ep->emm[7], dataLen - 6);
// cta_cmd[9]=0x00;
}
else
{
memcpy(&cta_cmd[9], &ep->emm[8], dataLen - 4);
}
}
for(i = 5; i < dataLen + 4; i++)
{
crc ^= cta_cmd[i];
}
cta_cmd[dataLen - 1 + 5] = crc;
irdeto_do_cmd(reader, cta_cmd, 0, cta_res, &cta_lr);
int32_t anslength = cta_res[cta_lr - 1];
sc_T0_Cmd[4] = anslength;
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
rdr_log_dbg(reader, D_EMM,"response %02X %02X %02X %02X %02X (%s)",
cta_res[0], cta_res[1], cta_res[2], cta_res[3], cta_res[4],
(((cta_res[2] == 0) || (cta_res[2] == 0x7B) || (cta_res[2] == 0x7C)) ? "OK" : "ERROR"));
if((cta_res[2] == 0x7B) || (cta_res[2] == 0x7C)) // chid already written or chid already up to date
{
return SKIPPED;
}
if(cta_res[2] == 0x00)
{
return OK;
}
return ERROR; // all other
}
else // T14 protocol based cards
{
const int32_t dataLen = SCT_LEN(emm) - 5 - l; // sizeof of emm bytes (nanos)
if((dataLen < 1) || (dataLen > ((int32_t)sizeof(ep->emm) - 5 - l))
|| (dataLen > ((int32_t)sizeof(cta_cmd) - (int32_t)sizeof(sc_T14EmmCmd) - ADDRLEN)))
{
rdr_log_dbg(reader, D_EMM, "dataLen %d seems wrong, faulty EMM?", dataLen);
return ERROR;
}
uint8_t *ptr = cta_cmd;
memcpy(ptr, sc_T14EmmCmd, sizeof(sc_T14EmmCmd)); // copy card command
ptr[4] = dataLen + ADDRLEN; // set card command emm size
ptr += sizeof(sc_T14EmmCmd);
emm += 3;
memset(ptr, 0, ADDRLEN); // clear addr range
memcpy(ptr, emm, l); // copy addr bytes
ptr += ADDRLEN;
emm += l;
memcpy(ptr, &emm[2], dataLen); // copy emm bytes]
irdeto_do_cmd(reader, cta_cmd, 0, cta_res, &cta_lr);
rdr_log_dbg(reader, D_EMM,"response %02X %02X %02X %02X %02X (%s)",
cta_res[0], cta_res[1], cta_res[2], cta_res[3], cta_res[4],
(((cta_res[cta_lr-2] == 0) || (cta_res[cta_lr-2] == 0x7B) || (cta_res[cta_lr-2] == 0x7C)) ? "OK" : "ERROR"));
if((cta_res[cta_lr-2] == 0x7B) || (cta_res[cta_lr-2] == 0x7C)) // chid already written or chid already up to date
{
return SKIPPED;
}
if(cta_res[cta_lr-2] == 0x00)
{
return OK;
}
return ERROR; // all other
}
}
else
{
rdr_log_dbg(reader, D_EMM, "addrlen %d > %d", l, ADDRLEN);
return ERROR;
}
}
else
{
rdr_log_dbg(reader, D_EMM, "EMM skipped since its hexserial or base doesnt match with this card!");
return SKIPPED;
}
}
static int32_t irdeto_card_info(struct s_reader *reader)
{
def_resp;
int32_t i, p;
struct irdeto_data *csystem_data = reader->csystem_data;
cs_clear_entitlement(reader); // reset the entitlements
uint8_t sc_T14GetChannelIds[] = { 0x02, 0x04, 0x00, 0x00, 0x01, 0x00 };
uint8_t sc_T14GetCountryCode2[] = { 0x02, 0x0B, 0x00, 0x00, 0x00 };
uint8_t sc_T0Code[] = { 0xD2, 0x16, 0x00, 0x00, 0x01 , 0x37 };
uint8_t sc_T0Prid[] = { 0xD2, 0x08, 0x00, 0x00, 0x02, 0x00, 0x00 };
uint8_t sc_T0_Cmd[] = { T0GET, 0xFE, 0x00, 0x00, 0x00 };
/*
* ContryCode2
*/
int32_t anspadd = 0;
if(csystem_data->t0 == 1)
{
anspadd = 8;
reader_chk_cmd(sc_T0Code, 0);
int32_t anslength = cta_res[cta_lr - 1];
sc_T0_Cmd[4] = anslength;
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
}
else
{
reader_chk_cmd(sc_T14GetCountryCode2, 0);
}
if(((cta_lr > 9) && !(cta_res[cta_lr - 2] | cta_res[cta_lr - 1])) || (csystem_data->t0 == 1))
{
rdr_log_dbg(reader, D_READER, "max chids: %d, %d, %d, %d",
cta_res[6 + anspadd], cta_res[7 + anspadd], cta_res[8 + anspadd], cta_res[9 + anspadd]);
/*
* Provider 2
*/
for(i = p = 0; i < reader->nprov; i++)
{
int32_t j, k, chid, first = 1;
char t[32];
if(reader->prid[i][4] != 0xff)
{
p++;
sc_T0Prid[3] = i;
sc_T14GetChannelIds[3] = i; // provider at index i
j = 0;
// for (j=0; j<10; j++) => why 10 .. do we know for sure the there are only 10 chids !!!
// shouldn't it me the max chid value we read above ?!
while(1) // will exit if cta_lr < 61 .. which is the correct break condition.
{
if(csystem_data->t0 == 1)
{
int32_t crc = 63;
sc_T0Prid[5] = j;
crc ^= 0x01;
crc ^= 0x02;
crc ^= 0x04;
crc ^= sc_T0Prid[2];
crc ^= sc_T0Prid[3];
crc ^= (sc_T0Prid[4] - 1);
crc ^= sc_T0Prid[5];
sc_T0Prid[6] = crc;
irdeto_do_cmd(reader, sc_T0Prid, 0x903C, cta_res, &cta_lr);
int32_t anslength = cta_res[cta_lr - 1];
if(anslength == 0x09)
{
break;
}
sc_T0_Cmd[4] = anslength;
reader_chk_cmd(sc_T0_Cmd, anslength + 2);
if(cta_res[10] == 0xFF)
{
break;
}
cta_res[cta_lr - 3] = 0xff;
cta_res[cta_lr - 2] = 0xff;
cta_res[cta_lr - 1] = 0xff;
anspadd = 8;
}
else
{
sc_T14GetChannelIds[5] = j; // chid at index j for provider at index i
reader_chk_cmd(sc_T14GetChannelIds, 0);
}
// if (cta_lr<61) break; // why 61 (0 to 60 in steps of 6 .. is it 10*6 from the 10 in the for loop ?
// what happen if the card only send back.. 9 chids (or less)... we don't see them
// so we should check whether or not we have at least 6 bytes (1 chid).
if(cta_lr < 6)
{
break;
}
for(k = 0 + anspadd; k < cta_lr; k += 6)
{
chid = b2i(2, cta_res + k);
if(chid && chid != 0xFFFF)
{
time_t date, start_t, end_t;
start_t = chid_date(reader, date = b2i(2, cta_res + k + 2), t, 16);
end_t = chid_date(reader, date + cta_res[k + 4], t + 16, 16);
// todo: add entitlements to list but produces a warning related to date variable
cs_add_entitlement(reader, reader->caid, b2i(3, &reader->prid[i][1]), chid, 0, start_t, end_t, 3, 1);
if(first)
{
rdr_log_sensitive(reader, "entitlements for provider: %d, id: {%06X}", p, b2i(3, &reader->prid[i][1]));
first = 0;
}
rdr_log(reader, "chid: %04X, date: %s - %s", chid, t, t + 16);
}
}
j++;
}
}
}
}
rdr_log(reader, "ready for requests");
return OK;
}
const struct s_cardsystem reader_irdeto =
{
.desc = "irdeto",
.caids = (uint16_t[]){ 0x06, 0x17, 0 },
.do_emm = irdeto_do_emm,
.do_ecm = irdeto_do_ecm,
.card_info = irdeto_card_info,
.card_init = irdeto_card_init,
.get_emm_type = irdeto_get_emm_type,
.get_emm_filter = irdeto_get_emm_filter,
.get_tunemm_filter = irdeto_get_tunemm_filter,
};
#endif
Reference in New Issue View Git Blame Copy Permalink