1 #define MODULE_LOG_PREFIX "cccam"
7 #include "cscrypt/md5.h"
8 #include "cscrypt/sha1.h"
9 #include "module-cacheex.h"
10 #include "module-cccam.h"
11 #include "module-cccam-data.h"
12 #include "module-cccam-cacheex.h"
13 #include "module-cccshare.h"
14 #include "oscam-chk.h"
15 #include "oscam-cache.h"
16 #include "oscam-client.h"
17 #include "oscam-ecm.h"
18 #include "oscam-emm.h"
19 #include "oscam-failban.h"
20 #include "oscam-garbage.h"
21 #include "oscam-lock.h"
22 #include "oscam-net.h"
23 #include "oscam-reader.h"
24 #include "oscam-string.h"
25 #include "oscam-time.h"
26 #include "oscam-work.h"
28 //Mode names for CMD_05 command:
29 static const char *cmd05_mode_name
[] = { "UNKNOWN", "PLAIN", "AES", "CC_CRYPT", "RC4",
33 //Mode names for CMD_0C command:
34 static const char *cmd0c_mode_name
[] = { "NONE", "RC6", "RC4", "CC_CRYPT", "AES", "IDEA" };
36 uint8_t cc_node_id
[8];
38 int32_t cc_cli_connect(struct s_client
*cl
);
39 int32_t cc_send_pending_emms(struct s_client
*cl
);
41 #define getprefix() (!cl?"":(!cl->cc?"":(((struct cc_data *)(cl->cc))->prefix)))
43 void cc_init_crypt(struct cc_crypt_block
*block
, uint8_t *key
, int32_t len
)
48 for(i
= 0; i
< 256; i
++)
50 block
->keytable
[i
] = i
;
53 for(i
= 0; i
< 256; i
++)
55 j
+= key
[i
% len
] + block
->keytable
[i
];
56 SWAPC(&block
->keytable
[i
], &block
->keytable
[j
]);
64 void cc_crypt(struct cc_crypt_block
*block
, uint8_t *data
, int32_t len
,
70 for(i
= 0; i
< len
; i
++)
73 block
->sum
+= block
->keytable
[block
->counter
];
74 SWAPC(&block
->keytable
[block
->counter
], &block
->keytable
[block
->sum
]);
76 data
[i
] = z
^ block
->keytable
[(block
->keytable
[block
->counter
]
77 + block
->keytable
[block
->sum
]) & 0xff];
78 data
[i
] ^= block
->state
;
81 block
->state
= block
->state
^ z
;
85 void cc_rc4_crypt(struct cc_crypt_block
*block
, uint8_t *data
, int32_t len
,
91 for(i
= 0; i
< len
; i
++)
94 block
->sum
+= block
->keytable
[block
->counter
];
95 SWAPC(&block
->keytable
[block
->counter
], &block
->keytable
[block
->sum
]);
97 data
[i
] = z
^ block
->keytable
[(block
->keytable
[block
->counter
]
98 + block
->keytable
[block
->sum
]) & 0xff];
101 block
->state
= block
->state
^ z
;
105 void cc_xor(uint8_t *buf
)
107 const char cccam
[] = "CCcam";
110 for(i
= 0; i
< 8; i
++)
112 buf
[8 + i
] = i
* buf
[i
];
120 void cc_cw_crypt(struct s_client
*cl
, uint8_t *cws
, uint32_t cardid
)
122 struct cc_data
*cc
= cl
->cc
;
129 node_id
= b2ll(8, cc
->node_id
);
133 node_id
= b2ll(8, cc
->peer_node_id
);
136 for(i
= 0; i
< 16; i
++)
138 tmp
= cws
[i
] ^(node_id
>> (4 * i
));
141 cws
[i
] = (cardid
>> (2 * i
)) ^ tmp
;
145 /** swap endianness (int) */
146 static void SwapLBi(unsigned char *buff
, int32_t len
)
148 #if __BYTE_ORDER != __BIG_ENDIAN
153 unsigned char swap
[4];
154 for(i
= 0; i
< len
/ 4; i
++)
156 memcpy(swap
, buff
, 4);
165 void cc_crypt_cmd0c(struct s_client
*cl
, uint8_t *buf
, int32_t len
)
167 struct cc_data
*cc
= cl
->cc
;
169 if(!cs_malloc(&out
, len
))
172 switch(cc
->cmd0c_mode
)
174 case MODE_CMD_0x0C_NONE
: // none additional encryption
176 memcpy(out
, buf
, len
);
179 case MODE_CMD_0x0C_RC6
: //RC6
181 // buf may be unaligned,
182 // so we use malloc() memory for the uint32_t* cast
186 if(!cs_malloc(&tmp
, len
))
188 memcpy(tmp
, buf
, len
);
191 for(i
= 0; i
< len
/ 16; i
++)
192 { rc6_block_decrypt((uint32_t *)(tmp
+ i
* 16), (uint32_t *)(out
+ i
* 16), 1, cc
->cmd0c_RC6_cryptkey
); }
197 case MODE_CMD_0x0C_RC4
: // RC4
199 cc_rc4_crypt(&cc
->cmd0c_cryptkey
, buf
, len
, ENCRYPT
);
200 memcpy(out
, buf
, len
);
203 case MODE_CMD_0x0C_CC_CRYPT
: // cc_crypt
205 cc_crypt(&cc
->cmd0c_cryptkey
, buf
, len
, DECRYPT
);
206 memcpy(out
, buf
, len
);
209 case MODE_CMD_0x0C_AES
: // AES
212 for(i
= 0; i
< len
/ 16; i
++)
213 AES_decrypt((unsigned char *) buf
+ i
* 16,
214 (unsigned char *) out
+ i
* 16, &cc
->cmd0c_AES_key
);
217 case MODE_CMD_0x0C_IDEA
: //IDEA
224 idea_ecb_encrypt(buf
+ i
, out
+ i
, &cc
->cmd0c_IDEA_dkey
);
231 for(j
= 0; j
< 8; j
++)
232 { out
[j
+ i
] ^= buf
[j
+ i
- 8]; }
239 memcpy(buf
, out
, len
);
245 void set_cmd0c_cryptkey(struct s_client
*cl
, uint8_t *key
, uint8_t len
)
247 struct cc_data
*cc
= cl
->cc
;
250 memset(&key_buf
, 0, sizeof(key_buf
));
255 memcpy(key_buf
, key
, len
);
257 switch(cc
->cmd0c_mode
)
260 case MODE_CMD_0x0C_NONE
: //NONE
265 case MODE_CMD_0x0C_RC6
: //RC6
267 rc6_key_setup(key_buf
, 32, cc
->cmd0c_RC6_cryptkey
);
271 case MODE_CMD_0x0C_RC4
: //RC4
272 case MODE_CMD_0x0C_CC_CRYPT
: //CC_CRYPT
274 cc_init_crypt(&cc
->cmd0c_cryptkey
, key_buf
, 32);
278 case MODE_CMD_0x0C_AES
: //AES
280 memset(&cc
->cmd0c_AES_key
, 0, sizeof(cc
->cmd0c_AES_key
));
281 AES_set_decrypt_key((unsigned char *) key_buf
, 256, &cc
->cmd0c_AES_key
);
285 case MODE_CMD_0x0C_IDEA
: //IDEA
287 uint8_t key_buf_idea
[16];
288 memcpy(key_buf_idea
, key_buf
, 16);
289 IDEA_KEY_SCHEDULE ekey
;
291 idea_set_encrypt_key(key_buf_idea
, &ekey
);
292 idea_set_decrypt_key(&ekey
, &cc
->cmd0c_IDEA_dkey
);
298 int32_t sid_eq(struct cc_srvid
*srvid1
, struct cc_srvid
*srvid2
)
300 return (srvid1
->sid
== srvid2
->sid
&& (srvid1
->chid
== srvid2
->chid
|| !srvid1
->chid
|| !srvid2
->chid
) && (srvid1
->ecmlen
== srvid2
->ecmlen
|| !srvid1
->ecmlen
|| !srvid2
->ecmlen
));
303 int32_t sid_eq_nb(struct cc_srvid
*srvid1
, struct cc_srvid_block
*srvid2
)
305 return sid_eq(srvid1
, (struct cc_srvid
*)srvid2
);
308 int32_t sid_eq_bb(struct cc_srvid_block
*srvid1
, struct cc_srvid_block
*srvid2
)
310 return (srvid1
->sid
== srvid2
->sid
&& (srvid1
->chid
== srvid2
->chid
|| !srvid1
->chid
|| !srvid2
->chid
) && (srvid1
->ecmlen
== srvid2
->ecmlen
|| !srvid1
->ecmlen
|| !srvid2
->ecmlen
)
311 && (srvid1
->blocked_till
== srvid2
->blocked_till
|| !srvid1
->blocked_till
|| !srvid2
->blocked_till
));
314 struct cc_srvid_block
*is_sid_blocked(struct cc_card
*card
, struct cc_srvid
*srvid_blocked
)
316 LL_ITER it
= ll_iter_create(card
->badsids
);
317 struct cc_srvid_block
*srvid
;
318 while((srvid
= ll_iter_next(&it
)))
320 if(sid_eq_nb(srvid_blocked
, srvid
))
328 uint32_t has_perm_blocked_sid(struct cc_card
*card
)
330 LL_ITER it
= ll_iter_create(card
->badsids
);
331 struct cc_srvid_block
*srvid
;
332 while((srvid
= ll_iter_next(&it
)))
334 if(srvid
->blocked_till
== 0)
339 return srvid
!= NULL
;
342 struct cc_srvid
*is_good_sid(struct cc_card
*card
, struct cc_srvid
*srvid_good
)
344 LL_ITER it
= ll_iter_create(card
->goodsids
);
345 struct cc_srvid
*srvid
;
346 while((srvid
= ll_iter_next(&it
)))
348 if(sid_eq(srvid
, srvid_good
))
356 #define BLOCKING_SECONDS 10
358 void add_sid_block(struct cc_card
*card
, struct cc_srvid
*srvid_blocked
, bool temporary
)
360 if(is_sid_blocked(card
, srvid_blocked
))
363 struct cc_srvid_block
*srvid
;
364 if(!cs_malloc(&srvid
, sizeof(struct cc_srvid_block
)))
366 memcpy(srvid
, srvid_blocked
, sizeof(struct cc_srvid
));
369 { srvid
->blocked_till
= time(NULL
) + BLOCKING_SECONDS
; }
371 ll_append(card
->badsids
, srvid
);
372 cs_log_dbg(D_READER
, "added sid block %04X(CHID %04X, length %d) for card %08x",
373 srvid_blocked
->sid
, srvid_blocked
->chid
, srvid_blocked
->ecmlen
, card
->id
);
376 void remove_sid_block(struct cc_card
*card
, struct cc_srvid
*srvid_blocked
)
378 LL_ITER it
= ll_iter_create(card
->badsids
);
379 struct cc_srvid_block
*srvid
;
380 while((srvid
= ll_iter_next(&it
)))
381 if(sid_eq_nb(srvid_blocked
, srvid
))
382 { ll_iter_remove_data(&it
); }
384 cs_log_dbg(D_READER
, "removed sid block %04X(CHID %04X, length %d) for card %08x",
385 srvid_blocked
->sid
, srvid_blocked
->chid
, srvid_blocked
->ecmlen
, card
->id
);
388 void add_good_sid(struct cc_card
*card
, struct cc_srvid
*srvid_good
)
390 if(is_good_sid(card
, srvid_good
))
393 remove_sid_block(card
, srvid_good
);
394 struct cc_srvid
*srvid
;
395 if(!cs_malloc(&srvid
, sizeof(struct cc_srvid
)))
397 memcpy(srvid
, srvid_good
, sizeof(struct cc_srvid
));
398 ll_append(card
->goodsids
, srvid
);
399 cs_log_dbg(D_READER
, "added good sid %04X(%d) for card %08x", srvid_good
->sid
, srvid_good
->ecmlen
, card
->id
);
402 void remove_good_sid(struct cc_card
*card
, struct cc_srvid
*srvid_good
)
404 LL_ITER it
= ll_iter_create(card
->goodsids
);
405 struct cc_srvid
*srvid
;
406 while((srvid
= ll_iter_next(&it
)))
407 if(sid_eq(srvid
, srvid_good
))
408 { ll_iter_remove_data(&it
); }
410 cs_log_dbg(D_READER
, "removed good sid %04X(%d) for card %08x", srvid_good
->sid
, srvid_good
->ecmlen
, card
->id
);
415 * clears and frees values for reinit
417 void cc_cli_close(struct s_client
*cl
, int32_t call_conclose
)
419 struct s_reader
*rdr
= cl
->reader
;
420 struct cc_data
*cc
= cl
->cc
;
424 if(rdr
) { rdr
->tcp_connected
= 0; }
425 if(rdr
) { rdr
->card_status
= NO_CARD
; }
426 if(rdr
) { rdr
->last_s
= rdr
->last_g
= 0; }
427 if(cl
) { cl
->last
= 0; }
429 if(call_conclose
) //clears also pending ecms!
430 { network_tcp_connection_close(rdr
, "close"); }
442 cc
->just_logged_in
= 0;
445 struct cc_extended_ecm_idx
*add_extended_ecm_idx(struct s_client
*cl
,
446 uint8_t send_idx
, uint16_t ecm_idx
, struct cc_card
*card
,
447 struct cc_srvid srvid
, int8_t free_card
)
449 struct cc_data
*cc
= cl
->cc
;
450 struct cc_extended_ecm_idx
*eei
;
451 if(!cs_malloc(&eei
, sizeof(struct cc_extended_ecm_idx
)))
453 eei
->send_idx
= send_idx
;
454 eei
->ecm_idx
= ecm_idx
;
456 eei
->cccam_id
= card
->id
;
458 eei
->free_card
= free_card
;
460 ll_append(cc
->extended_ecm_idx
, eei
);
461 //cs_log_dbg(D_TRACE, "%s add extended ecm-idx: %d:%d", getprefix(), send_idx, ecm_idx);
465 struct cc_extended_ecm_idx
*get_extended_ecm_idx(struct s_client
*cl
,
466 uint8_t send_idx
, int32_t remove_item
)
468 struct cc_data
*cc
= cl
->cc
;
469 struct cc_extended_ecm_idx
*eei
;
470 LL_ITER it
= ll_iter_create(cc
->extended_ecm_idx
);
471 while((eei
= ll_iter_next(&it
)))
473 if(eei
->send_idx
== send_idx
)
476 { ll_iter_remove(&it
); }
477 //cs_log_dbg(D_TRACE, "%s get by send-idx: %d FOUND: %d",
478 // getprefix(), send_idx, eei->ecm_idx);
484 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s get by send-idx: %d NOT FOUND", getprefix(),
490 struct cc_extended_ecm_idx
*get_extended_ecm_idx_by_idx(struct s_client
*cl
,
491 uint16_t ecm_idx
, int32_t remove_item
)
493 struct cc_data
*cc
= cl
->cc
;
494 struct cc_extended_ecm_idx
*eei
;
495 LL_ITER it
= ll_iter_create(cc
->extended_ecm_idx
);
496 while((eei
= ll_iter_next(&it
)))
498 if(eei
->ecm_idx
== ecm_idx
)
501 { ll_iter_remove(&it
); }
502 //cs_log_dbg(D_TRACE, "%s get by ecm-idx: %d FOUND: %d",
503 // getprefix(), ecm_idx, eei->send_idx);
509 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s get by ecm-idx: %d NOT FOUND", getprefix(),
515 void cc_reset_pending(struct s_client
*cl
, int32_t ecm_idx
)
518 for(i
= 0; i
< cfg
.max_pending
; i
++)
520 if(cl
->ecmtask
[i
].idx
== ecm_idx
&& cl
->ecmtask
[i
].rc
== E_ALREADY_SENT
)
521 { cl
->ecmtask
[i
].rc
= E_UNHANDLED
; } //Mark unused
525 void free_extended_ecm_idx_by_card(struct s_client
*cl
, struct cc_card
*card
, int8_t null_only
)
527 struct cc_data
*cc
= cl
->cc
;
528 struct cc_extended_ecm_idx
*eei
;
529 LL_ITER it
= ll_iter_create(cc
->extended_ecm_idx
);
530 while((eei
= ll_iter_next(&it
)))
532 if(eei
->card
== card
)
536 cc_reset_pending(cl
, eei
->ecm_idx
);
538 { NULLFREE(eei
->card
); }
539 ll_iter_remove_data(&it
);
544 { NULLFREE(eei
->card
); }
551 void free_extended_ecm_idx(struct cc_data
*cc
)
553 struct cc_extended_ecm_idx
*eei
;
554 LL_ITER it
= ll_iter_create(cc
->extended_ecm_idx
);
555 while((eei
= ll_iter_next(&it
)))
558 { NULLFREE(eei
->card
); }
559 ll_iter_remove_data(&it
);
563 int32_t cc_recv_to(struct s_client
*cl
, uint8_t *buf
, int32_t len
)
571 pfd
.events
= POLLIN
| POLLPRI
;
573 rc
= poll(&pfd
, 1, cfg
.cc_recv_timeout
);
577 if(errno
== EINTR
) { continue; }
578 return (-1); //error!!
583 if(pfd
.revents
& POLLHUP
)
584 { return (-1); } //hangup = error!!
589 { return (-2); } //timeout!!
591 return cs_recv(cl
->udp_fd
, buf
, len
, MSG_WAITALL
);
596 * closes the connection and reopens it.
598 static int8_t cc_cycle_connection(struct s_client
*cl
)
603 cs_log_dbg(D_TRACE
, "%s unlocked-cycleconnection! timeout %d ms",
604 getprefix(), cl
->reader
->cc_reconnect
);
610 return cl
->reader
->tcp_connected
;
617 int32_t cc_msg_recv(struct s_client
*cl
, uint8_t *buf
, int32_t maxlen
)
619 struct s_reader
*rdr
= (cl
->typ
== 'c') ? NULL
: cl
->reader
;
622 struct cc_data
*cc
= cl
->cc
;
624 int32_t handle
= cl
->udp_fd
;
626 if(handle
<= 0 || maxlen
< 4)
629 if(!cl
->cc
) { return -1; }
630 cs_writelock(__func__
, &cc
->lockcmd
);
633 cs_writeunlock(__func__
, &cc
->lockcmd
);
637 len
= cs_recv(handle
, buf
, 4, MSG_WAITALL
);
639 if(len
!= 4) // invalid header length read
642 { cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s disconnected by remote server", getprefix()); }
644 { cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s invalid header length (expected 4, read %d)", getprefix(), len
); }
645 cs_writeunlock(__func__
, &cc
->lockcmd
);
649 cc_crypt(&cc
->block
[DECRYPT
], buf
, 4, DECRYPT
);
650 //cs_log_dump_dbg(D_CLIENT, buf, 4, "cccam: decrypted header:");
654 int32_t size
= (buf
[2] << 8) | buf
[3];
655 if(size
) // check if any data is expected in msg
659 cs_writeunlock(__func__
, &cc
->lockcmd
);
660 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s message too big (size=%d max=%d)", getprefix(), size
, maxlen
);
664 len
= cs_recv(handle
, buf
+ 4, size
, MSG_WAITALL
);
665 if(rdr
&& buf
[1] == MSG_CW_ECM
)
666 { rdr
->last_g
= time(NULL
); }
670 cs_writeunlock(__func__
, &cc
->lockcmd
);
672 { cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s disconnected by remote", getprefix()); }
674 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s invalid message length read (expected %d, read %d)",
675 getprefix(), size
, len
);
679 cc_crypt(&cc
->block
[DECRYPT
], buf
+ 4, len
, DECRYPT
);
683 cs_writeunlock(__func__
, &cc
->lockcmd
);
685 //cs_log_dump_dbg(cl->typ=='c'?D_CLIENT:D_READER, buf, len, "cccam: full decrypted msg, len=%d:", len);
694 int32_t cc_cmd_send(struct s_client
*cl
, uint8_t *buf
, int32_t len
, cc_msg_type_t cmd
)
696 if(!cl
->udp_fd
) //disconnected
699 struct s_reader
*rdr
= (cl
->typ
== 'c') ? NULL
: cl
->reader
;
702 struct cc_data
*cc
= cl
->cc
;
704 if(!cl
->cc
|| cl
->kill
) { return -1; }
705 cs_writelock(__func__
, &cc
->lockcmd
);
706 if(!cl
->cc
|| cl
->kill
)
708 cs_writeunlock(__func__
, &cc
->lockcmd
);
713 if(!cs_malloc(&netbuf
, len
+ 4))
716 if(cmd
== MSG_NO_HEADER
)
718 memcpy(netbuf
, buf
, len
);
722 // build command message
723 netbuf
[0] = cc
->g_flag
; // flags??
724 netbuf
[1] = cmd
& 0xff;
725 netbuf
[2] = len
>> 8;
726 netbuf
[3] = len
& 0xff;
728 { memcpy(netbuf
+ 4, buf
, len
); }
732 cs_log_dump_dbg(D_CLIENT
, netbuf
, len
, "cccam: send:");
733 cc_crypt(&cc
->block
[ENCRYPT
], netbuf
, len
, ENCRYPT
);
735 n
= send(cl
->udp_fd
, netbuf
, len
, 0);
737 cs_writeunlock(__func__
, &cc
->lockcmd
);
744 { cc_cli_close(cl
, 1); }
747 cs_writeunlock(__func__
, &cc
->cards_busy
);
748 cs_disconnect_client(cl
);
756 #define CC_DEFAULT_VERSION 9
757 #define CC_VERSIONS 10
758 static char *version
[CC_VERSIONS
] = { "2.0.11", "2.1.1", "2.1.2", "2.1.3", "2.1.4", "2.2.0", "2.2.1", "2.3.0", "2.3.1", "2.3.2"};
759 static char *build
[CC_VERSIONS
] = { "2892", "2971", "3094", "3165", "3191", "3290", "3316", "3367", "9d508a", "4000"};
760 static char extcompat
[CC_VERSIONS
] = { 0, 0, 0, 0, 0, 1, 1, 1, 1, 1}; //Supporting new card format starting with 2.2.0
764 * checks the cccam-version in the configuration
766 void cc_check_version(char *cc_version
, char *cc_build
)
769 for(i
= 0; i
< CC_VERSIONS
; i
++)
771 if(!memcmp(cc_version
, version
[i
], strlen(version
[i
])))
773 memcpy(cc_build
, build
[i
], strlen(build
[i
]) + 1);
774 cs_log_dbg(D_CLIENT
, "cccam: auto build set for version: %s build: %s",
775 cc_version
, cc_build
);
779 memcpy(cc_version
, version
[CC_DEFAULT_VERSION
], strlen(
780 version
[CC_DEFAULT_VERSION
]));
781 memcpy(cc_build
, build
[CC_DEFAULT_VERSION
], strlen(
782 build
[CC_DEFAULT_VERSION
]));
784 cs_log_dbg(D_CLIENT
, "cccam: auto version set: %s build: %s", cc_version
, cc_build
);
789 int32_t check_cccam_compat(struct cc_data
*cc
)
793 for(i
= 0; i
< CC_VERSIONS
; i
++)
795 if(!strcmp(cfg
.cc_version
, version
[i
]))
804 for(i
= 0; i
< CC_VERSIONS
; i
++)
806 if(!strcmp(cc
->remote_version
, version
[i
]))
818 * sends own version information to the CCCam server
820 int32_t cc_send_cli_data(struct s_client
*cl
)
822 struct s_reader
*rdr
= cl
->reader
;
823 struct cc_data
*cc
= cl
->cc
;
824 const int32_t size
= 20 + 8 + 6 + 26 + 4 + 28 + 1;
827 cs_log_dbg(D_READER
, "cccam: send client data");
829 memcpy(cc
->node_id
, cc_node_id
, sizeof(cc_node_id
));
831 memcpy(buf
, rdr
->r_usr
, sizeof(rdr
->r_usr
));
832 memcpy(buf
+ 20, cc
->node_id
, 8);
833 buf
[28] = rdr
->cc_want_emu
; // <-- Client want to have EMUs, 0 - NO; 1 - YES
834 memcpy(buf
+ 29, rdr
->cc_version
, sizeof(rdr
->cc_version
)); // cccam version (ascii)
835 memcpy(buf
+ 61, rdr
->cc_build
, sizeof(rdr
->cc_build
)); // build number (ascii)
837 //multics seed already detected, now send multics 'WHO' for getting and confirming multics server
838 if (cc
->multics_mode
== 1)
840 memcpy(buf
+ 57, "W", 1);
841 memcpy(buf
+ 58, "H", 1);
842 memcpy(buf
+ 59, "O", 1);
845 cs_log_dbg(D_READER
, "%s sending own version: %s, build: %s", getprefix(),
846 rdr
->cc_version
, rdr
->cc_build
);
848 return cc_cmd_send(cl
, buf
, size
, MSG_CLI_DATA
);
853 * sends version information to the client
855 int32_t cc_send_srv_data(struct s_client
*cl
)
857 struct cc_data
*cc
= cl
->cc
;
859 cs_log_dbg(D_CLIENT
, "cccam: send server data");
861 memcpy(cc
->node_id
, cc_node_id
, sizeof(cc_node_id
));
864 memset(buf
, 0, 0x48);
866 int32_t stealth
= cl
->account
->cccstealth
;
868 { stealth
= cfg
.cc_stealth
; }
869 if(stealth
) { cc
->node_id
[7]++; }
871 memcpy(buf
, cc
->node_id
, 8);
873 char cc_build
[7], tmp_dbg
[17];
874 memset(cc_build
, 0, sizeof(cc_build
));
875 cc_check_version((char *) cfg
.cc_version
, cc_build
);
876 memcpy(buf
+ 8, cfg
.cc_version
, sizeof(cfg
.cc_version
)); // cccam version (ascii)
877 memcpy(buf
+ 40, cc_build
, sizeof(cc_build
)); // build number (ascii)
879 cs_log_dbg(D_CLIENT
, "%s version: %s, build: %s nodeid: %s", getprefix(),
880 cfg
.cc_version
, cc_build
, cs_hexdump(0, cc
->peer_node_id
, 8, tmp_dbg
, sizeof(tmp_dbg
)));
882 return cc_cmd_send(cl
, buf
, 0x48, MSG_SRV_DATA
);
885 int32_t loop_check(uint8_t *myid
, struct s_client
*cl
)
890 struct cc_data
*cc
= cl
->cc
;
894 return !memcmp(myid
, cc
->peer_node_id
, sizeof(cc
->peer_node_id
)); // same nodeid? ignore
899 * retrieves the next waiting ecm request
901 int32_t cc_get_nxt_ecm(struct s_client
*cl
)
903 struct cc_data
*cc
= cl
->cc
;
904 ECM_REQUEST
*er
, *ern
= NULL
;
905 int32_t n
, i
, pending
= 0;
909 int32_t diff
= (int32_t)cfg
.ctimeout
+ 500;
912 for(i
= 0; i
< cfg
.max_pending
; i
++)
914 er
= &cl
->ecmtask
[i
];
915 if((comp_timeb(&t
, &er
->tps
) >= diff
) && (er
->rc
>= E_NOCARD
)) // drop timeouts
917 write_ecm_answer(cl
->reader
, er
, E_TIMEOUT
, 0, NULL
, NULL
, 0, NULL
);
920 else if(er
->rc
>= E_NOCARD
&& er
->rc
<= E_UNHANDLED
) // stil active and waiting
923 if(loop_check(cc
->peer_node_id
, er
->client
))
925 cs_log_dbg(D_READER
, "%s ecm loop detected! client %s (%8lX)",
926 getprefix(), er
->client
->account
->usr
, (unsigned long)er
->client
->thread
);
927 write_ecm_answer(cl
->reader
, er
, E_NOTFOUND
, E2_CCCAM_LOOP
, NULL
, NULL
, 0, NULL
);
930 // search for the ecm with the lowest time, this should be the next to go
931 if(n
< 0 || (ern
->tps
.time
- er
->tps
.time
< 0))
934 //check for already pending:
935 if(cc
&& cc
->extended_mode
)
939 for(found
= j
= 0; j
< cfg
.max_pending
; j
++)
941 erx
= &cl
->ecmtask
[j
];
942 if(i
!= j
&& erx
->rc
== E_ALREADY_SENT
&&
943 er
->caid
== erx
->caid
&&
944 er
->ecmd5
== erx
->ecmd5
)
964 cl
->pending
= pending
;
969 * sends the secret cmd05 answer to the server
971 int32_t send_cmd05_answer(struct s_client
*cl
)
973 struct cc_data
*cc
= cl
->cc
;
974 if(!cc
->cmd05_active
|| cc
->ecm_busy
) //exit if not in cmd05 or waiting for ECM answer
981 uint8_t *data
= cc
->cmd05_data
;
982 cc_cmd05_mode cmd05_mode
= MODE_UNKNOWN
;
984 // by Project:Keynation
985 switch(cc
->cmd05_data_len
)
987 case 0: //payload 0, return with payload 0!
989 cc_cmd_send(cl
, NULL
, 0, MSG_CMD_05
);
990 cmd05_mode
= MODE_LEN0
;
995 cmd05_mode
= cc
->cmd05_mode
;
998 case MODE_PLAIN
: //Send plain unencrypted back
1000 cc_cmd_send(cl
, data
, 256, MSG_CMD_05
);
1003 case MODE_AES
: //encrypt with received aes128 key:
1009 memcpy(aeskey
, cc
->cmd05_aeskey
, 16);
1010 memset(&key
, 0, sizeof(key
));
1012 AES_set_encrypt_key((unsigned char *) &aeskey
, 128, &key
);
1014 for(i
= 0; i
< 256; i
+= 16)
1015 AES_encrypt((unsigned char *) data
+ i
, (unsigned char *) &out
1018 cc_cmd_send(cl
, out
, 256, MSG_CMD_05
);
1021 case MODE_CC_CRYPT
: //encrypt with cc_crypt:
1023 cc_crypt(&cc
->cmd05_cryptkey
, data
, 256, ENCRYPT
);
1024 cc_cmd_send(cl
, data
, 256, MSG_CMD_05
);
1027 case MODE_RC4_CRYPT
: //special xor crypt:
1029 cc_rc4_crypt(&cc
->cmd05_cryptkey
, data
, 256, DECRYPT
);
1030 cc_cmd_send(cl
, data
, 256, MSG_CMD_05
);
1034 cmd05_mode
= MODE_UNKNOWN
;
1039 cmd05_mode
= MODE_UNKNOWN
;
1042 //unhandled types always needs cycle connection after 50 ECMs!!
1043 if(cmd05_mode
== MODE_UNKNOWN
)
1045 cc_cmd_send(cl
, NULL
, 0, MSG_CMD_05
);
1046 if(!cc
->max_ecms
) //max_ecms already set?
1049 cc
->ecm_counter
= 0;
1052 cs_log_dbg(D_READER
, "%s sending CMD_05 back! MODE: %s len=%d",
1053 getprefix(), cmd05_mode_name
[cmd05_mode
], cc
->cmd05_data_len
);
1059 int32_t get_UA_ofs(uint16_t caid
)
1064 case 0x05: //VIACCESS:
1065 case 0x0D: //CRYPTOWORKS:
1068 case 0x4B: //TONGFANG:
1069 case 0x09: //VIDEOGUARD:
1073 case 0x00: //SECAMANAGMENT:
1074 case 0x17: //BETACRYPT
1075 case 0x06: //IRDETO:
1083 int32_t UA_len(uint8_t *ua
)
1086 for(i
= 0; i
< 8; i
++)
1087 if(ua
[i
]) { len
++; }
1090 void UA_left(uint8_t *in
, uint8_t *out
, int32_t ofs
)
1093 memcpy(out
, in
+ ofs
, 8 - ofs
);
1096 void UA_right(uint8_t *in
, uint8_t *out
, int32_t len
)
1101 memcpy(out
+ ofs
, in
, len
);
1103 if(out
[len
]) { break; }
1110 * cccam uses UA right justified
1112 void cc_UA_oscam2cccam(uint8_t *in
, uint8_t *out
, uint16_t caid
)
1117 //switch (caid>>8) {
1118 // case 0x17: //IRDETO/Betacrypt:
1119 // //oscam: AA BB CC DD 00 00 00 00
1120 // //cccam: 00 00 00 00 DD AA BB CC
1121 // out[4] = in[3]; //Hexbase
1127 // //Place here your own adjustments!
1130 if (caid_is_bulcrypt(caid
)) {
1138 hexserial_to_newcamd(in
, tmp
+ 2, caid
);
1139 UA_right(tmp
, out
, 8);
1143 * oscam has a special format, depends on offset or type:
1145 void cc_UA_cccam2oscam(uint8_t *in
, uint8_t *out
, uint16_t caid
)
1151 // case 0x17: //IRDETO/Betacrypt:
1152 // //cccam: 00 00 00 00 DD AA BB CC
1153 // //oscam: AA BB CC DD 00 00 00 00
1157 // out[3] = in[4]; //Hexbase
1160 // //Place here your own adjustments!
1163 if (caid_is_bulcrypt(caid
)) {
1171 int32_t ofs
= get_UA_ofs(caid
);
1172 UA_left(in
, tmp
, ofs
);
1173 newcamd_to_hexserial(tmp
, out
, caid
);
1176 void cc_SA_oscam2cccam(uint8_t *in
, uint8_t *out
)
1181 void cc_SA_cccam2oscam(uint8_t *in
, uint8_t *out
)
1186 int32_t cc_UA_valid(uint8_t *ua
)
1189 for(i
= 0; i
< 8; i
++)
1196 * Updates AU Data: UA (Unique ID / Hexserial) und SA (Shared ID - Provider)
1198 void set_au_data(struct s_client
*cl
, struct s_reader
*rdr
, struct cc_card
*card
, ECM_REQUEST
*cur_er
)
1200 if(rdr
->audisabled
|| !cc_UA_valid(card
->hexserial
))
1203 struct cc_data
*cc
= cl
->cc
;
1205 cc
->last_emm_card
= card
;
1207 cc_UA_cccam2oscam(card
->hexserial
, rdr
->hexserial
, rdr
->caid
);
1210 "%s au info: caid %04X UA: %s",
1211 getprefix(), card
->caid
, cs_hexdump(0, rdr
->hexserial
, 8, tmp_dbg
, sizeof(tmp_dbg
)));
1214 LL_ITER it2
= ll_iter_create(card
->providers
);
1215 struct cc_provider
*provider
;
1217 while((provider
= ll_iter_next(&it2
)))
1219 if(!cur_er
|| provider
->prov
== cur_er
->prid
|| !provider
->prov
|| !cur_er
->prid
)
1221 rdr
->prid
[p
][0] = provider
->prov
>> 24;
1222 rdr
->prid
[p
][1] = provider
->prov
>> 16;
1223 rdr
->prid
[p
][2] = provider
->prov
>> 8;
1224 rdr
->prid
[p
][3] = provider
->prov
& 0xFF;
1225 cc_SA_cccam2oscam(provider
->sa
, rdr
->sa
[p
]);
1227 cs_log_dbg(D_EMM
, "%s au info: provider: %06X:%02X%02X%02X%02X", getprefix(),
1229 provider
->sa
[0], provider
->sa
[1], provider
->sa
[2], provider
->sa
[3]);
1233 if(p
>= CS_MAXPROV
) { break; }
1237 if(!rdr
->nprov
) //No Providers? Add null-provider:
1239 memset(rdr
->prid
[0], 0, sizeof(rdr
->prid
[0]));
1243 rdr
->caid
= card
->caid
;
1245 rdr
->auprovid
= cur_er
->prid
;
1248 int32_t same_first_node(struct cc_card
*card1
, struct cc_card
*card2
)
1250 uint8_t *node1
= ll_has_elements(card1
->remote_nodes
);
1251 uint8_t *node2
= ll_has_elements(card2
->remote_nodes
);
1253 if(!node1
&& !node2
) { return 1; } //both NULL, same!
1255 if(!node1
|| !node2
) { return 0; } //one NULL, not same!
1257 return !memcmp(node1
, node2
, 8); //same?
1260 int32_t same_card2(struct cc_card
*card1
, struct cc_card
*card2
, int8_t compare_grp
)
1262 return (card1
->caid
== card2
->caid
&&
1263 card1
->card_type
== card2
->card_type
&&
1264 card1
->sidtab
== card2
->sidtab
&&
1265 (!compare_grp
|| card1
->grp
== card2
->grp
) &&
1266 !memcmp(card1
->hexserial
, card2
->hexserial
, sizeof(card1
->hexserial
)));
1269 int32_t same_card(struct cc_card
*card1
, struct cc_card
*card2
)
1271 return (card1
->remote_id
== card2
->remote_id
&&
1272 same_card2(card1
, card2
, 1) &&
1273 same_first_node(card1
, card2
));
1276 struct cc_card
*get_matching_card(struct s_client
*cl
, ECM_REQUEST
*cur_er
, int8_t chk_only
)
1278 struct cc_data
*cc
= cl
->cc
;
1279 struct s_reader
*rdr
= cl
->reader
;
1280 if(cl
->kill
|| !rdr
|| !cc
)
1283 struct cc_srvid cur_srvid
;
1284 cur_srvid
.sid
= cur_er
->srvid
;
1285 cur_srvid
.chid
= cur_er
->chid
;
1286 cur_srvid
.ecmlen
= cur_er
->ecmlen
;
1288 int32_t best_rating
= MIN_RATING
- 1, rating
;
1290 LL_ITER it
= ll_iter_create(cc
->cards
);
1291 struct cc_card
*card
= NULL
, *ncard
, *xcard
= NULL
;
1292 while((ncard
= ll_iter_next(&it
)))
1295 if (config_enabled(WITH_LB
)) {
1296 //accept beta card when beta-tunnel is on
1297 lb_match
= chk_only
&& cfg
.lb_mode
&& cfg
.lb_auto_betatunnel
&&
1299 (caid_is_nagra(cur_er
->caid
) && caid_is_betacrypt(ncard
->caid
) && cfg
.lb_auto_betatunnel_mode
<= 3) ||
1300 (caid_is_betacrypt(cur_er
->caid
) && caid_is_nagra(ncard
->caid
) && cfg
.lb_auto_betatunnel_mode
>= 1)
1304 if((ncard
->caid
== cur_er
->caid
// caid matches
1305 || (rdr
->cc_want_emu
&& (ncard
->caid
== (cur_er
->caid
& 0xFF00))))
1306 // or system matches if caid ends with 00
1307 // needed for wantemu
1311 int32_t goodSidCount
= ll_count(ncard
->goodsids
);
1312 int32_t badSidCount
= ll_count(ncard
->badsids
);
1313 struct cc_srvid
*good_sid
;
1314 struct cc_srvid_block
*blocked_sid
;
1316 // only good sids -> check if sid is good
1317 if(goodSidCount
&& !badSidCount
)
1319 good_sid
= is_good_sid(ncard
, &cur_srvid
);
1323 // only bad sids -> check if sid is bad
1324 else if(!goodSidCount
&& badSidCount
)
1326 blocked_sid
= is_sid_blocked(ncard
, &cur_srvid
);
1327 if(blocked_sid
&& (!chk_only
|| blocked_sid
->blocked_till
== 0))
1330 // bad and good sids -> check not blocked and good
1331 else if (goodSidCount
&& badSidCount
)
1333 blocked_sid
= is_sid_blocked(ncard
, &cur_srvid
);
1334 good_sid
= is_good_sid(ncard
, &cur_srvid
);
1336 if(blocked_sid
&& (!chk_only
|| blocked_sid
->blocked_till
== 0))
1343 if(!(rdr
->cc_want_emu
) && caid_is_nagra(ncard
->caid
) && (!xcard
|| ncard
->hop
< xcard
->hop
))
1344 { xcard
= ncard
; } //remember card (D+ / 1810 fix) if request has no provider, but card has
1346 rating
= ncard
->rating
- ncard
->hop
* HOP_RATING
;
1347 if(rating
< MIN_RATING
)
1348 { rating
= MIN_RATING
; }
1349 else if(rating
> MAX_RATING
)
1350 { rating
= MAX_RATING
; }
1352 if(!ll_count(ncard
->providers
)) //card has no providers:
1354 if(rating
> best_rating
)
1358 best_rating
= rating
; // ncard has been matched
1362 else //card has providers
1364 LL_ITER it2
= ll_iter_create(ncard
->providers
);
1365 struct cc_provider
*provider
;
1366 while((provider
= ll_iter_next(&it2
)))
1368 if(!cur_er
->prid
|| (provider
->prov
== cur_er
->prid
)) // provid matches
1370 if(rating
> best_rating
)
1374 best_rating
= rating
; // ncard has been matched
1382 { card
= xcard
; } //18xx: if request has no provider and we have no card, we try this card
1387 //reopen all blocked sids for this srvid:
1388 static void reopen_sids(struct cc_data
*cc
, int8_t ignore_time
, ECM_REQUEST
*cur_er
, struct cc_srvid
*cur_srvid
)
1390 time_t utime
= time(NULL
);
1391 struct cc_card
*card
;
1392 LL_ITER it
= ll_iter_create(cc
->cards
);
1393 while((card
= ll_iter_next(&it
)))
1395 if(card
->caid
== cur_er
->caid
) // caid matches
1397 LL_ITER it2
= ll_iter_create(card
->badsids
);
1398 struct cc_srvid_block
*srvid
;
1399 while((srvid
= ll_iter_next(&it2
)))
1400 if(srvid
->blocked_till
> 0 && sid_eq((struct cc_srvid
*)srvid
, cur_srvid
))
1402 if(ignore_time
|| srvid
->blocked_till
<= utime
)
1403 { ll_iter_remove_data(&it2
); }
1410 static int8_t cc_request_timeout(struct s_client
*cl
)
1412 struct s_reader
*rdr
= cl
->reader
;
1413 struct cc_data
*cc
= cl
->cc
;
1414 struct timeb timeout
;
1415 struct timeb cur_time
;
1417 if(!cc
|| !cc
->ecm_busy
)
1420 cs_ftime(&cur_time
);
1422 timeout
= cc
->ecm_time
;
1423 int32_t tt
= rdr
->cc_reconnect
;
1425 { tt
= DEFAULT_CC_RECONNECT
; }
1427 add_ms_to_timeb(&timeout
, tt
);
1428 return (comp_timeb(&cur_time
, &timeout
) >= 0);
1433 * sends a ecm request to the connected CCCam Server
1435 int32_t cc_send_ecm(struct s_client
*cl
, ECM_REQUEST
*er
)
1437 struct s_reader
*rdr
= cl
->reader
;
1439 //cs_log_dbg(D_TRACE, "%s cc_send_ecm", getprefix());
1440 if(!rdr
->tcp_connected
)
1441 { cc_cli_connect(cl
); }
1444 struct cc_data
*cc
= cl
->cc
;
1445 struct cc_card
*card
= NULL
;
1447 ECM_REQUEST
*cur_er
;
1448 struct timeb cur_time
;
1449 cs_ftime(&cur_time
);
1451 if(!cc
|| (cl
->pfd
< 1) || !rdr
->tcp_connected
)
1455 cs_log_dbg(D_READER
, "%s server not init! ccinit=%d pfd=%d",
1456 rdr
->label
, cc
? 1 : 0, cl
->pfd
);
1457 write_ecm_answer(rdr
, er
, E_NOTFOUND
, E2_CCCAM_NOCARD
, NULL
, NULL
, 0, NULL
);
1463 if(rdr
->tcp_connected
!= 2)
1465 cs_log_dbg(D_READER
, "%s Waiting for CARDS", getprefix());
1469 //No Card? Waiting for shares
1470 if(!ll_has_elements(cc
->cards
))
1472 cs_log_dbg(D_READER
, "%s NO CARDS!", getprefix());
1476 cc
->just_logged_in
= 0;
1478 if(!cc
->extended_mode
)
1480 //Without extended mode, only one ecm at a time could be send
1481 //this is a limitation of "O" CCCam
1482 if(cc
->ecm_busy
> 0) //Unlock by NOK or ECM ACK
1484 cs_log_dbg(D_READER
,
1485 "%s ecm trylock: ecm busy, retrying later after msg-receive",
1488 if(!cc_request_timeout(cl
))
1489 { return 0; } //pending send...
1490 if(!cc_cycle_connection(cl
))
1494 cs_log_dbg(D_READER
, "cccam: ecm trylock: got lock");
1496 int32_t processed_ecms
= 0;
1499 cc
->ecm_time
= cur_time
;
1501 //Search next ECM to send:
1502 if((n
= cc_get_nxt_ecm(cl
)) < 0)
1504 if(!cc
->extended_mode
)
1508 cs_log_dbg(D_READER
, "%s no ecm pending!", getprefix());
1509 if(!cc_send_pending_emms(cl
))
1510 { send_cmd05_answer(cl
); }
1511 return 0; // no queued ecms
1513 cur_er
= &cl
->ecmtask
[n
];
1514 cur_er
->rc
= E_ALREADY_SENT
; //mark ECM as already send
1515 cs_log_dbg(D_READER
, "cccam: ecm-task %d", cur_er
->idx
);
1517 //sleepsend support:
1518 static const char *typtext
[] = { "ok", "invalid", "sleeping" };
1520 if(cc
->sleepsend
&& cl
->stopped
)
1522 if(cur_er
->srvid
== cl
->lastsrvid
&& cur_er
->caid
== cl
->lastcaid
1523 && cur_er
->pid
== cl
->lastpid
)
1526 "%s is stopped - requested by server (%s)", cl
->reader
->label
, typtext
[cl
->stopped
]);
1527 if(!cc
->extended_mode
)
1531 write_ecm_answer(rdr
, cur_er
, E_STOPPED
, 0, NULL
, NULL
, 0, NULL
);
1540 cl
->lastsrvid
= cur_er
->srvid
;
1541 cl
->lastcaid
= cur_er
->caid
;
1542 cl
->lastpid
= cur_er
->pid
;
1543 //sleepsend support end
1545 struct cc_srvid cur_srvid
;
1546 cur_srvid
.sid
= cur_er
->srvid
;
1547 cur_srvid
.chid
= cur_er
->chid
;
1548 cur_srvid
.ecmlen
= cur_er
->ecmlen
;
1550 cs_readlock(__func__
, &cc
->cards_busy
);
1553 if(cfg
.cc_forward_origin_card
&& cur_er
->origin_reader
== rdr
1554 && cur_er
->origin_card
)
1556 it
= ll_iter_create(cc
->cards
);
1557 struct cc_card
*ncard
;
1558 while((ncard
= ll_iter_next(&it
)))
1560 if(ncard
== cur_er
->origin_card
) //Search the origin card
1562 card
= ncard
; //found it, use it!
1570 reopen_sids(cc
, 0, cur_er
, &cur_srvid
);
1571 card
= get_matching_card(cl
, cur_er
, 0);
1574 if(!card
&& has_srvid(rdr
->client
, cur_er
))
1576 reopen_sids(cc
, 1, cur_er
, &cur_srvid
);
1577 card
= get_matching_card(cl
, cur_er
, 0);
1583 if(!cs_malloc(&ecmbuf
, cur_er
->ecmlen
+ 13))
1586 // build ecm message
1587 ecmbuf
[0] = cur_er
->caid
>> 8;
1588 ecmbuf
[1] = cur_er
->caid
& 0xff;
1589 ecmbuf
[2] = cur_er
->prid
>> 24;
1590 ecmbuf
[3] = cur_er
->prid
>> 16;
1591 ecmbuf
[4] = cur_er
->prid
>> 8;
1592 ecmbuf
[5] = cur_er
->prid
& 0xff;
1593 ecmbuf
[6] = card
->id
>> 24;
1594 ecmbuf
[7] = card
->id
>> 16;
1595 ecmbuf
[8] = card
->id
>> 8;
1596 ecmbuf
[9] = card
->id
& 0xff;
1597 ecmbuf
[10] = cur_er
->srvid
>> 8;
1598 ecmbuf
[11] = cur_er
->srvid
& 0xff;
1599 ecmbuf
[12] = cur_er
->ecmlen
& 0xff;
1600 memcpy(ecmbuf
+ 13, cur_er
->ecm
, cur_er
->ecmlen
);
1602 uint8_t send_idx
= 1;
1603 if(cc
->extended_mode
)
1605 cc
->server_ecm_idx
++;
1606 if(cc
->server_ecm_idx
>= 256)
1607 { cc
->server_ecm_idx
= 1; }
1608 cc
->g_flag
= cc
->server_ecm_idx
; //Flag is used as index!
1609 send_idx
= cc
->g_flag
;
1612 struct cc_extended_ecm_idx
*eei
= get_extended_ecm_idx(cl
, send_idx
, 0);
1615 eei
->ecm_idx
= cur_er
->idx
;
1617 eei
->cccam_id
= card
->id
;
1618 eei
->srvid
= cur_srvid
;
1622 eei
= add_extended_ecm_idx(cl
, send_idx
, cur_er
->idx
, card
, cur_srvid
, 0);
1626 cs_readunlock(__func__
, &cc
->cards_busy
);
1630 eei
->tps
= cur_er
->tps
;
1632 rdr
->currenthops
= card
->hop
;
1633 rdr
->card_status
= CARD_INSERTED
;
1637 "%s sending ecm for sid %04X(%d) to card %08x, hop %d, ecmtask %d", getprefix(), cur_er
->srvid
, cur_er
->ecmlen
, card
->id
, card
->hop
, cur_er
->idx
);
1638 cl
->reader
->last_s
= time(NULL
);
1639 cc_cmd_send(cl
, ecmbuf
, cur_er
->ecmlen
+ 13, MSG_CW_ECM
); // send ecm
1644 set_au_data(cl
, rdr
, card
, cur_er
);
1645 cs_readunlock(__func__
, &cc
->cards_busy
);
1648 if(cc
->extended_mode
)
1649 { continue; } //process next pending ecm!
1654 //When connecting, it could happen than ecm requests come before all cards are received.
1655 //So if the last Message was a MSG_NEW_CARD, this "card receiving" is not already done
1656 //if this happens, we do not autoblock it and do not set rc status
1657 //So fallback could resolve it
1658 if(cc
->last_msg
!= MSG_NEW_CARD
1659 && cc
->last_msg
!= MSG_NEW_CARD_SIDINFO
1660 && cc
->last_msg
!= MSG_CARD_REMOVED
1661 && !cc
->just_logged_in
)
1663 cs_log_dbg(D_READER
,
1664 "%s no suitable card on server", getprefix());
1666 write_ecm_answer(rdr
, cur_er
, E_NOTFOUND
, E2_CCCAM_NOCARD
, NULL
, NULL
, 0, NULL
);
1671 rdr
->last_s
= rdr
->last_g
;
1673 reopen_sids(cc
, 0, cur_er
, &cur_srvid
);
1677 //We didn't find a card and the last message was MSG_CARD_REMOVED - so we wait for a new card and process die ecm later
1678 cur_er
->rc
= E_WAITING
; //mark as waiting
1681 cs_readunlock(__func__
, &cc
->cards_busy
);
1683 //process next pending ecm!
1685 while(cc
->extended_mode
|| processed_ecms
== 0);
1687 //Now mark all waiting as unprocessed:
1689 for(i
= 0; i
< cfg
.max_pending
; i
++)
1691 er
= &cl
->ecmtask
[i
];
1692 if(er
->rc
== E_WAITING
)
1693 { er
->rc
= E_UNHANDLED
; }
1696 if(!cc
->extended_mode
)
1705 int32_t cc_abort_user_ecms(){
1708 struct cc_data *cc = rdr->cc;
1710 t=time((time_t *)0);
1711 for (i = 1, n = 1; i < cfg.max_pending; i++)
1713 if ((t-cl->ecmtask[i].tps.time > ((cfg.ctimeout + 500) / 1000) + 1) &&
1714 (cl->ecmtask[i].rc>=10)) // drop timeouts
1716 cl->ecmtask[i].rc=0;
1718 int32_t td=abs(comp_timeb(&ecmtask[i].tps, &cc->found->tps);
1719 if (ecmtask[i].rc>=10 && ecmtask[i].cidx==cc->found->cidx && &ecmtask[i]!=cc->found){
1720 cs_log("aborting idx:%d caid:%04x client:%d timedelta:%d",ecmtask[i].idx,ecmtask[i].caid,ecmtask[i].cidx,td);
1723 write_ecm_answer(rdr, fd_c2m, &ecmtask[i], 0, NULL);
1731 int32_t cc_send_pending_emms(struct s_client
*cl
)
1733 struct cc_data
*cc
= cl
->cc
;
1737 LL_ITER it
= ll_iter_create(cc
->pending_emms
);
1740 if((emmbuf
= ll_iter_next(&it
)))
1742 if(!cc
->extended_mode
)
1744 if(cc
->ecm_busy
> 0) //Unlock by NOK or ECM ACK
1746 return 0; //send later with cc_send_ecm
1750 //Support for emmsize>256 bytes:
1751 size
= (emmbuf
[11] | (emmbuf
[2] << 8)) + 12;
1754 cc
->just_logged_in
= 0;
1755 cs_ftime(&cc
->ecm_time
);
1757 cs_log_dbg(D_EMM
, "%s emm send for card %08X", getprefix(), b2i(4,
1760 cc_cmd_send(cl
, emmbuf
, size
, MSG_EMM_ACK
); // send emm
1761 cl
->last
= time(NULL
);
1762 cl
->reader
->last_g
= time(NULL
);
1763 cl
->reader
->last_s
= time(NULL
);
1765 ll_iter_remove_data(&it
);
1773 * find card by hexserial
1775 struct cc_card
*get_card_by_hexserial(struct s_client
*cl
, uint8_t *hexserial
,
1778 struct cc_data
*cc
= cl
->cc
;
1779 LL_ITER it
= ll_iter_create(cc
->cards
);
1780 struct cc_card
*card
;
1781 while((card
= ll_iter_next(&it
)))
1782 if(card
->caid
== caid
&& memcmp(card
->hexserial
, hexserial
, 8) == 0) //found it!
1791 * Copied from http://85.17.209.13:6100/file/8ec3c0c5d257/systems/cardclient/cccam2.c
1794 int32_t cc_send_emm(EMM_PACKET
*ep
)
1796 struct s_client
*cl
= cur_client();
1797 struct s_reader
*rdr
= cl
->reader
;
1799 if(!rdr
->tcp_connected
)
1800 { cc_cli_connect(cl
); }
1802 struct cc_data
*cc
= cl
->cc
;
1804 if(!cc
|| (cl
->pfd
< 1) || !rdr
->tcp_connected
)
1806 cs_log_dbg(D_READER
, "%s server not init! ccinit=%d pfd=%d", getprefix(), cc
? 1 : 0,
1812 cs_log_dbg(D_READER
, "%s au is disabled", getprefix());
1816 uint16_t caid
= b2i(2, ep
->caid
);
1818 //Last used card is first card of current_cards:
1819 cs_readlock(__func__
, &cc
->cards_busy
);
1821 struct cc_card
*emm_card
= cc
->last_emm_card
;
1827 cc_UA_oscam2cccam(ep
->hexserial
, hs
, caid
);
1829 "%s au info: searching card for caid %04X oscam-UA: %s",
1830 getprefix(), b2i(2, ep
->caid
), cs_hexdump(0, ep
->hexserial
, 8, tmp_dbg
, sizeof(tmp_dbg
)));
1832 "%s au info: searching card for caid %04X cccam-UA: %s",
1833 getprefix(), b2i(2, ep
->caid
), cs_hexdump(0, hs
, 8, tmp_dbg
, sizeof(tmp_dbg
)));
1835 emm_card
= get_card_by_hexserial(cl
, hs
, caid
);
1838 if(!emm_card
) //Card for emm not found!
1840 cs_log_dbg(D_EMM
, "%s emm for client %8lX not possible, no card found!",
1841 getprefix(), (unsigned long)ep
->client
->thread
);
1842 cs_readunlock(__func__
, &cc
->cards_busy
);
1847 "%s emm received for client %8lX caid %04X for card %08X",
1848 getprefix(), (unsigned long)ep
->client
->thread
, caid
, emm_card
->id
);
1850 int32_t size
= ep
->emmlen
+ 12;
1852 if(!cs_malloc(&emmbuf
, size
))
1855 // build ecm message
1856 emmbuf
[0] = ep
->caid
[0];
1857 emmbuf
[1] = ep
->caid
[1];
1858 emmbuf
[2] = ep
->emmlen
>> 8; //Support for emm len > 256bytes
1859 emmbuf
[3] = ep
->provid
[0];
1860 emmbuf
[4] = ep
->provid
[1];
1861 emmbuf
[5] = ep
->provid
[2];
1862 emmbuf
[6] = ep
->provid
[3];
1863 emmbuf
[7] = emm_card
->id
>> 24;
1864 emmbuf
[8] = emm_card
->id
>> 16;
1865 emmbuf
[9] = emm_card
->id
>> 8;
1866 emmbuf
[10] = emm_card
->id
& 0xff;
1867 emmbuf
[11] = ep
->emmlen
& 0xff;
1868 memcpy(emmbuf
+ 12, ep
->emm
, ep
->emmlen
);
1870 cs_readunlock(__func__
, &cc
->cards_busy
);
1872 ll_append(cc
->pending_emms
, emmbuf
);
1873 cc_send_pending_emms(cl
);
1878 void cc_free_card(struct cc_card
*card
)
1883 ll_destroy_data(&card
->providers
);
1884 ll_destroy_data(&card
->badsids
);
1885 ll_destroy_data(&card
->goodsids
);
1886 ll_destroy_data(&card
->remote_nodes
);
1891 struct cc_card
*cc_get_card_by_id(uint32_t card_id
, LLIST
*cards
)
1895 LL_ITER it
= ll_iter_create(cards
);
1896 struct cc_card
*card
;
1897 while((card
= ll_iter_next(&it
)))
1899 if(card
->id
== card_id
)
1907 void cc_free_cardlist(LLIST
*card_list
, int32_t destroy_list
)
1911 LL_ITER it
= ll_iter_create(card_list
);
1912 struct cc_card
*card
;
1913 while((card
= ll_iter_next_remove(&it
)))
1918 ll_destroy(&card_list
);
1923 * Clears and free the cc datas
1925 void cc_free(struct s_client
*cl
)
1927 struct cc_data
*cc
= cl
->cc
;
1932 cs_writelock(__func__
, &cc
->lockcmd
);
1934 cs_log_dbg(D_TRACE
, "exit cccam1/3");
1935 cc_free_cardlist(cc
->cards
, 1);
1936 ll_destroy_data(&cc
->pending_emms
);
1937 free_extended_ecm_idx(cc
);
1938 ll_destroy_data(&cc
->extended_ecm_idx
);
1940 cs_writeunlock(__func__
, &cc
->lockcmd
);
1942 cs_log_dbg(D_TRACE
, "exit cccam2/3");
1944 add_garbage(cc
->prefix
);
1947 cs_log_dbg(D_TRACE
, "exit cccam3/3");
1950 int32_t is_null_dcw(uint8_t *dcw
)
1953 for(i
= 0; i
< 15; i
++)
1959 /*int32_t is_dcw_corrupted(uchar *dcw)
1964 for (i=0; i<16; i+=4)
1966 c = (dcw[i] + dcw[i+1] + dcw[i+2]) & 0xFF;
1968 if (cs!=c) return (1);
1974 int32_t check_extended_mode(struct s_client
*cl
, char *msg
)
1976 //Extended mode: if PARTNER String is ending with [PARAM], extended mode is activated
1977 //For future compatibilty the syntax should be compatible with
1978 //[PARAM1,PARAM2...PARAMn]
1980 // EXT: Extended ECM Mode: Multiple ECMs could be send and received
1981 // ECMs are numbered, Flag (byte[0] is the index
1983 // SID: Exchange of good sids/bad sids activated (like cccam 2.2.x)
1984 // card exchange command MSG_NEW_CARD_SIDINFO instead MSG_NEW_CARD is used
1986 // SLP: Sleepsend supported, like camd35
1989 struct cc_data
*cc
= cl
->cc
;
1990 char *saveptr1
= NULL
;
1991 int32_t has_param
= 0;
1992 char *p
= strtok_r(msg
, "[", &saveptr1
);
1995 p
= strtok_r(NULL
, ",]", &saveptr1
);
1996 if(p
&& strncmp(p
, "EXT", 3) == 0)
1998 cc
->extended_mode
= 1;
1999 cs_log_dbg(D_CLIENT
, "%s extended ECM mode", getprefix());
2002 else if(p
&& strncmp(p
, "SID", 3) == 0)
2005 cs_log_dbg(D_CLIENT
, "%s extra SID mode", getprefix());
2008 else if(p
&& strncmp(p
, "SLP", 3) == 0)
2011 cs_log_dbg(D_CLIENT
, "%s sleepsend", getprefix());
2020 struct s_client
*cl
= cur_client();
2021 struct s_reader
*rdr
= cl
->reader
;
2022 struct cc_data
*cc
= cl
->cc
;
2025 { cc_cli_close(cl
, 0); }
2027 if(rdr
&& !rdr
->tcp_connected
&& (rdr
->cc_keepalive
|| (rdr
->tcp_ito
== -1 && (rdr
->last_s
!=0 || rdr
->last_g
!=0))))
2032 if(!rdr
|| !rdr
->tcp_connected
|| !cl
|| !cc
)
2035 time_t now
= time(NULL
);
2036 if(rdr
->cc_keepalive
)
2038 if(cc_cmd_send(cl
, NULL
, 0, MSG_KEEPALIVE
) > 0)
2040 cs_log_dbg(D_READER
, "cccam: keepalive");
2047 cl
->reader
->last_s
= now
;
2048 cl
->reader
->last_g
= now
;
2055 //cs_log("last_s - now = %d, last_g - now = %d, tcp_ito=%d", abs(rdr->last_s - now), abs(rdr->last_g - now), rdr->tcp_ito);
2056 //check inactivity timeout:
2057 if(rdr
->tcp_ito
> 0)
2059 if((llabs(rdr
->last_s
- now
) > rdr
->tcp_ito
) && (llabs(rdr
->last_g
- now
) > rdr
->tcp_ito
)) // inactivity timeout is entered in seconds in webif!
2061 rdr_log_dbg(rdr
, D_READER
, "inactive_timeout, close connection (fd=%d)", rdr
->client
->pfd
);
2062 network_tcp_connection_close(rdr
, "inactivity");
2067 //check read timeout:
2068 int32_t rto
= llabs(rdr
->last_g
- now
);
2069 //cs_log("last_g - now = %d, rto=%d", rto, rdr->tcp_rto);
2070 if(rto
> (rdr
->tcp_rto
) && (rdr
->last_g
!=0 || rdr
->last_s
!=0) && rdr
->last_s
!= rdr
->last_g
) // this is also entered in seconds, actually its an receive timeout!
2072 rdr_log_dbg(rdr
, D_READER
, "read timeout, close connection (fd=%d)", rdr
->client
->pfd
);
2073 network_tcp_connection_close(rdr
, "rto");
2079 struct cc_card
*read_card(uint8_t *buf
, int32_t buflen
, int32_t ext
)
2081 struct cc_card
*card
;
2082 int16_t nprov
, nassign
= 0, nreject
= 0;
2083 int32_t offset
= 21;
2088 if(!cs_malloc(&card
, sizeof(struct cc_card
)))
2091 card
->providers
= ll_create("providers");
2092 card
->badsids
= ll_create("badsids");
2093 card
->goodsids
= ll_create("goodsids");
2094 card
->remote_nodes
= ll_create("remote_nodes");
2095 card
->id
= b2i(4, buf
);
2096 card
->remote_id
= b2i(4, buf
+ 4);
2097 card
->caid
= b2i(2, buf
+ 8);
2098 card
->hop
= buf
[10];
2099 card
->reshare
= buf
[11];
2101 card
->card_type
= CT_REMOTECARD
;
2102 memcpy(card
->hexserial
, buf
+ 12, 8); //HEXSERIAL!!
2104 //cs_log_dbg(D_CLIENT, "cccam: card %08x added, caid %04X, hop %d, key %s, count %d",
2105 // card->id, card->caid, card->hop, cs_hexdump(0, card->hexserial, 8, tmp_dbg, sizeof(tmp_dbg)),
2106 // ll_count(cc->cards));
2113 { cc_free_card(card
); return NULL
; }
2121 if(buflen
< (offset
+ (nprov
*7)))
2122 { cc_free_card(card
); return NULL
; }
2125 for(i
= 0; i
< nprov
; i
++) // providers
2127 struct cc_provider
*prov
;
2128 if(!cs_malloc(&prov
, sizeof(struct cc_provider
)))
2130 prov
->prov
= b2i(3, buf
+ offset
);
2131 if(prov
->prov
== 0xFFFFFF && caid_is_betacrypt(card
->caid
))
2133 memcpy(prov
->sa
, buf
+ offset
+ 3, 4);
2134 //cs_log_dbg(D_CLIENT, " prov %d, %06x, sa %08x", i + 1, prov->prov, b2i(4,
2137 ll_append(card
->providers
, prov
);
2143 if(buflen
< (offset
+ (nassign
*2) + (nreject
*2)))
2144 { cc_free_card(card
); return NULL
; }
2146 for(i
= 0; i
< nassign
; i
++)
2148 uint16_t sid
= b2i(2, buf
+ offset
);
2149 //cs_log_dbg(D_CLIENT, " assigned sid = %04X, added to good sid list", sid);
2151 struct cc_srvid
*srvid
;
2152 if(!cs_malloc(&srvid
, sizeof(struct cc_srvid
)))
2157 ll_append(card
->goodsids
, srvid
);
2161 for(i
= 0; i
< nreject
; i
++)
2163 uint16_t sid
= b2i(2, buf
+ offset
);
2164 //cs_log_dbg(D_CLIENT, " rejected sid = %04X, added to sid block list", sid);
2166 struct cc_srvid_block
*srvid
;
2167 if(!cs_malloc(&srvid
, sizeof(struct cc_srvid_block
)))
2172 srvid
->blocked_till
= 0;
2173 ll_append(card
->badsids
, srvid
);
2178 if(buflen
< (offset
+ 1))
2181 int16_t remote_count
= buf
[offset
];
2184 if(buflen
< (offset
+ (remote_count
*8)))
2185 { cc_free_card(card
); return NULL
; }
2187 for(i
= 0; i
< remote_count
; i
++)
2189 uint8_t *remote_node
;
2190 if(!cs_malloc(&remote_node
, 8))
2192 memcpy(remote_node
, buf
+ offset
, 8);
2193 ll_append(card
->remote_nodes
, remote_node
);
2199 void cc_card_removed(struct s_client
*cl
, uint32_t shareid
)
2201 struct cc_data
*cc
= cl
->cc
;
2202 struct cc_card
*card
;
2203 LL_ITER it
= ll_iter_create(cc
->cards
);
2205 while((card
= ll_iter_next(&it
)))
2207 if(card
->id
== shareid
) // && card->sub_id == b2i (3, buf + 9)) {
2209 //cs_log_dbg(D_CLIENT, "cccam: card %08x removed, caid %04X, count %d",
2210 // card->id, card->caid, ll_count(cc->cards));
2211 ll_iter_remove(&it
);
2212 if(cc
->last_emm_card
== card
)
2214 cc
->last_emm_card
= NULL
;
2215 cs_log_dbg(D_READER
, "%s current card %08x removed!",
2216 getprefix(), card
->id
);
2218 free_extended_ecm_idx_by_card(cl
, card
, 1);
2219 if(card
->hop
== 1) { cc
->num_hop1
--; }
2220 else if(card
->hop
== 2) { cc
->num_hop2
--; }
2221 else { cc
->num_hopx
--; }
2223 if(card
->reshare
== 0) { cc
->num_reshare0
--; }
2224 else if(card
->reshare
== 1) { cc
->num_reshare1
--; }
2225 else if(card
->reshare
== 2) { cc
->num_reshare2
--; }
2226 else { cc
->num_resharex
--; }
2228 cs_log_dbg(D_TRACE
, "%s card removed: id %8X remoteid %8X caid %4X hop %d reshare %d originid %8X cardtype %d",
2229 getprefix(), card
->id
, card
->remote_id
, card
->caid
, card
->hop
, card
->reshare
, card
->origin_id
, card
->card_type
);
2232 cc
->card_removed_count
++;
2238 void move_card_to_end(struct s_client
*cl
, struct cc_card
*card_to_move
)
2241 struct cc_data
*cc
= cl
->cc
;
2243 LL_ITER it
= ll_iter_create(cc
->cards
);
2244 struct cc_card
*card
;
2245 while((card
= ll_iter_next(&it
)))
2247 if(card
== card_to_move
)
2249 ll_iter_remove(&it
);
2255 cs_log_dbg(D_READER
, "%s Moving card %08X to the end...", getprefix(), card_to_move
->id
);
2256 free_extended_ecm_idx_by_card(cl
, card
, 0);
2257 ll_append(cc
->cards
, card_to_move
);
2263 /*void fix_dcw(uchar *dcw)
2266 for (i=0; i<16; i+=4)
2268 dcw[i+3] = (dcw[i] + dcw[i+1] + dcw[i+2]) & 0xFF;
2272 void addParam(char *param
, char *value
)
2274 if(strlen(param
) < 4)
2275 { strcat(param
, value
); }
2279 strcat(param
, value
);
2283 static void chk_peer_node_for_oscam(struct cc_data
*cc
)
2285 if(!cc
->is_oscam_cccam
) //Allready discovered oscam-cccam:
2287 uint16_t sum
= 0x1234;
2288 uint16_t recv_sum
= (cc
->peer_node_id
[6] << 8)
2289 | cc
->peer_node_id
[7];
2291 for(i
= 0; i
< 6; i
++)
2293 sum
+= cc
->peer_node_id
[i
];
2295 //Create special data to detect oscam-cccam:
2296 cc
->is_oscam_cccam
= sum
== recv_sum
;
2300 #ifdef MODULE_CCCSHARE
2301 static void cc_s_idle(struct s_client
*cl
)
2303 cs_log_dbg(D_TRACE
, "ccc idle %s", username(cl
));
2304 if(cfg
.cc_keep_connected
)
2306 cc_cmd_send(cl
, NULL
, 0, MSG_KEEPALIVE
);
2307 cl
->last
= time(NULL
);
2311 cs_log_dbg(D_CLIENT
, "%s keepalive after maxidle is reached", getprefix());
2312 cs_disconnect_client(cl
);
2317 int32_t cc_parse_msg(struct s_client
*cl
, uint8_t *buf
, int32_t l
)
2319 struct s_reader
*rdr
= (cl
->typ
== 'c') ? NULL
: cl
->reader
;
2320 int32_t ret
= buf
[1];
2321 struct cc_data
*cc
= cl
->cc
;
2326 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s parse_msg=%d", getprefix(), buf
[1]);
2328 uint8_t *data
= buf
+ 4;
2333 memcpy(&cc
->receive_buffer
, data
, l
- 4);
2334 cc
->last_msg
= buf
[1];
2338 cs_log_dbg(D_CLIENT
, "cccam: client data ack");
2342 cs_log_dbg(D_READER
, "%s MSG_SRV_DATA (payload=%d, hex=%02X)", getprefix(), l
, l
);
2343 data
= cc
->receive_buffer
;
2345 if(l
== 0x48) //72 bytes: normal server data
2347 cs_writelock(__func__
, &cc
->cards_busy
);
2348 cc_free_cardlist(cc
->cards
, 0);
2349 free_extended_ecm_idx(cc
);
2350 cc
->last_emm_card
= NULL
;
2354 cc
->num_reshare0
= 0;
2355 cc
->num_reshare1
= 0;
2356 cc
->num_reshare2
= 0;
2357 cc
->num_resharex
= 0;
2358 cs_writeunlock(__func__
, &cc
->cards_busy
);
2360 memcpy(cc
->peer_node_id
, data
, 8);
2361 memcpy(cc
->peer_version
, data
+ 8, 8);
2363 memcpy(cc
->cmd0b_aeskey
, cc
->peer_node_id
, 8);
2364 memcpy(cc
->cmd0b_aeskey
+ 8, cc
->peer_version
, 8);
2366 strncpy(cc
->remote_version
, (char *)data
+ 8, sizeof(cc
->remote_version
) - 1);
2367 strncpy(cc
->remote_build
, (char *)data
+ 40, sizeof(cc
->remote_build
) - 1);
2368 cc
->remote_build_nr
= atoi(cc
->remote_build
);
2370 //multics server response
2371 if(data
[33] == 'M' && data
[34] == 'C' && data
[35] == 'S')
2373 cc
->multics_mode
= 2; //multics server finaly confirmed.
2374 cc
->multics_version
[0] = data
[37];
2375 cc
->multics_version
[1] = data
[38];
2376 cs_log_dbg(D_READER
, "multics detected: %s!", getprefix());
2379 cs_log_dbg(D_READER
, "%s remove server %s running v%s (%s)", getprefix(), cs_hexdump(0,
2380 cc
->peer_node_id
, 8, tmp_dbg
, sizeof(tmp_dbg
)), cc
->remote_version
, cc
->remote_build
);
2382 chk_peer_node_for_oscam(cc
);
2383 //Trick: when discovered partner is an Oscam Client, then we send him our version string:
2384 if(cc
->is_oscam_cccam
)
2387 snprintf((char *)token
, sizeof(token
),
2388 "PARTNER: OSCam v%s, build r%s (%s) [EXT,SID,SLP]", CS_VERSION
,
2389 CS_SVN_VERSION
, CS_TARGET
);
2390 cc_cmd_send(cl
, token
, strlen((char *)token
) + 1, MSG_CW_NOK1
);
2393 cc
->cmd05_mode
= MODE_PLAIN
;
2395 //Keyoffset is payload-size:
2398 else if(l
>= 0x00 && l
<= 0x0F)
2400 cc
->cmd05_offset
= l
;
2402 //16..43 bytes: RC4 encryption:
2405 else if((l
>= 0x10 && l
<= 0x1f) || (l
>= 0x24 && l
<= 0x2b))
2407 cc_init_crypt(&cc
->cmd05_cryptkey
, data
, l
);
2408 cc
->cmd05_mode
= MODE_RC4_CRYPT
;
2410 //32 bytes: set AES128 key for CMD_05, Key=16 bytes offset keyoffset
2415 memcpy(cc
->cmd05_aeskey
, data
+ cc
->cmd05_offset
, 16);
2416 cc
->cmd05_mode
= MODE_AES
;
2418 //33 bytes: xor-algo mit payload-bytes, offset keyoffset
2423 cc_init_crypt(&cc
->cmd05_cryptkey
, data
+ cc
->cmd05_offset
, l
);
2424 cc
->cmd05_mode
= MODE_CC_CRYPT
;
2426 //34 bytes: cmd_05 plain back
2431 cc
->cmd05_mode
= MODE_PLAIN
;
2433 //35 bytes: Unknown!! 2 256 byte keys exchange
2438 cc
->cmd05_mode
= MODE_UNKNOWN
;
2439 cc_cycle_connection(cl
);
2441 //44 bytes: set aes128 key, Key=16 bytes [Offset=len(password)]
2446 memcpy(cc
->cmd05_aeskey
, data
+ strlen(rdr
->r_pwd
), 16);
2447 cc
->cmd05_mode
= MODE_AES
;
2449 //45 bytes: set aes128 key, Key=16 bytes [Offset=len(username)]
2454 memcpy(cc
->cmd05_aeskey
, data
+ strlen(rdr
->r_usr
), 16);
2455 cc
->cmd05_mode
= MODE_AES
;
2462 cs_log_dbg(D_READER
,
2463 "%s received improper MSG_SRV_DATA! No change to current mode, mode=%d",
2464 getprefix(), cc
->cmd05_mode
);
2467 cs_log_dbg(D_READER
, "%s MSG_SRV_DATA MODE=%s, len=%d", getprefix(),
2468 cmd05_mode_name
[cc
->cmd05_mode
], l
);
2471 case MSG_NEW_CARD_SIDINFO
:
2477 uint16_t caid
= b2i(2, buf
+ 12);
2478 //filter caid==0 and maxhop:
2479 if(!caid
|| buf
[14] >= rdr
->cc_maxhops
+ 1)
2483 if(buf
[15] < rdr
->cc_mindown
)
2487 if(!chk_ctab(caid
, &rdr
->ctab
))
2490 rdr
->tcp_connected
= 2; //we have card
2491 rdr
->card_status
= CARD_INSERTED
;
2493 cs_writelock(__func__
, &cc
->cards_busy
);
2494 struct cc_card
*card
= read_card(data
, l
- 4, buf
[1] == MSG_NEW_CARD_SIDINFO
);
2497 cs_writeunlock(__func__
, &cc
->cards_busy
);
2500 card
->origin_reader
= rdr
;
2501 card
->origin_id
= card
->id
;
2502 card
->grp
= rdr
->grp
;
2503 card
->rdr_reshare
= rdr
->cc_reshare
> -1 ? rdr
->cc_reshare
: cfg
.cc_reshare
;
2505 //Check if this card is from us:
2506 LL_ITER it
= ll_iter_create(card
->remote_nodes
);
2508 while((node_id
= ll_iter_next(&it
)))
2510 if(memcmp(node_id
, cc_node_id
, sizeof(cc_node_id
)) == 0) //this card is from us!
2512 cs_log_dbg(D_READER
, "filtered card because of recursive nodeid: id=%08X, caid=%04X", card
->id
, card
->caid
);
2518 #ifdef MODULE_CCCSHARE
2519 //Check Ident filter:
2522 if(!chk_ident(&rdr
->ftab
, card
))
2531 //Check if we already have this card:
2532 it
= ll_iter_create(cc
->cards
);
2533 struct cc_card
*old_card
;
2534 while((old_card
= ll_iter_next(&it
)))
2536 if(old_card
->id
== card
->id
|| same_card(old_card
, card
)) //We already have this card, delete it.
2546 card
->card_type
= CT_REMOTECARD
;
2547 ll_append(cc
->cards
, card
);
2548 set_au_data(cl
, rdr
, card
, NULL
);
2549 cc
->card_added_count
++;
2551 if(card
->hop
== 1) { cc
->num_hop1
++; }
2552 else if(card
->hop
== 2) { cc
->num_hop2
++; }
2553 else { cc
->num_hopx
++; }
2555 if(card
->reshare
== 0) { cc
->num_reshare0
++; }
2556 else if(card
->reshare
== 1) { cc
->num_reshare1
++; }
2557 else if(card
->reshare
== 2) { cc
->num_reshare2
++; }
2558 else { cc
->num_resharex
++; }
2560 cs_log_dbg(D_TRACE
, "%s card added: id %8X remoteid %8X caid %4X hop %d reshare %d originid %8X cardtype %d",
2561 getprefix(), card
->id
, card
->remote_id
, card
->caid
, card
->hop
, card
->reshare
, card
->origin_id
, card
->card_type
);
2565 cs_writeunlock(__func__
, &cc
->cards_busy
);
2567 #ifdef MODULE_CCCSHARE
2568 cccam_refresh_share();
2574 case MSG_CARD_REMOVED
:
2578 cs_writelock(__func__
, &cc
->cards_busy
);
2579 cc_card_removed(cl
, b2i(4, buf
+ 4));
2580 cs_writeunlock(__func__
, &cc
->cards_busy
);
2585 //Server sends SLEEPSEND:
2589 if(!cfg
.c35_suppresscmd08
)
2593 cl
->stopped
= 2; // server says sleep
2594 //rdr->card_status = NO_CARD;
2598 if(config_enabled(WITH_LB
) && !cfg
.lb_mode
)
2600 cl
->stopped
= 1; // server says invalid
2601 rdr
->card_status
= CARD_FAILURE
;
2605 //NO BREAK!! NOK Handling needed!
2614 //Received NOK with payload:
2615 char *msg
= (char *) buf
+ 4;
2617 //Check for PARTNER connection:
2618 if((l
>= (4+8)) && strncmp(msg
, "PARTNER:", 8) == 0)
2620 //When Data starts with "PARTNER:" we have an Oscam-cccam-compatible client/server!
2622 strncpy(cc
->remote_oscam
, msg
+ 9, sizeof(cc
->remote_oscam
) - 1);
2623 int32_t has_param
= check_extended_mode(cl
, msg
);
2624 if(!cc
->is_oscam_cccam
)
2626 cc
->is_oscam_cccam
= 1;
2628 //send params back. At the moment there is only "EXT"
2634 cs_strncpy(param
, " [", sizeof(param
));
2635 if(cc
->extended_mode
)
2636 { addParam(param
, "EXT"); }
2638 { addParam(param
, "SID"); }
2640 { addParam(param
, "SLP"); }
2645 snprintf((char *)token
, sizeof(token
),
2646 "PARTNER: OSCam v%s, build r%s (%s)%s",
2647 CS_VERSION
, CS_SVN_VERSION
, CS_TARGET
, param
);
2648 cc_cmd_send(cl
, token
, strlen((char *)token
) + 1, MSG_CW_NOK1
);
2653 size_t msg_size
= l
- 4;
2654 char last_char
= msg
[msg_size
- 1];
2655 if(last_char
== 0) // verify if the payload is a null terminated string
2657 if(cs_realloc(&cc
->nok_message
, msg_size
))
2658 { memcpy(cc
->nok_message
, msg
, msg_size
); }
2661 { NULLFREE(cc
->nok_message
); }
2672 cc
->recv_ecmtask
= -1;
2674 if(cc
->just_logged_in
)
2675 { return -1; } // reader restart needed
2677 cs_readlock(__func__
, &cc
->cards_busy
);
2679 struct cc_extended_ecm_idx
*eei
= get_extended_ecm_idx(cl
,
2680 cc
->extended_mode
? cc
->g_flag
: 1, 1);
2683 cs_log_dbg(D_READER
, "%s received extended ecm NOK id %d but not found!",
2684 getprefix(), cc
->g_flag
);
2688 uint16_t ecm_idx
= eei
->ecm_idx
;
2689 cc
->recv_ecmtask
= ecm_idx
;
2690 struct cc_card
*card
= eei
->card
;
2691 // uint32_t cccam_id = eei->cccam_id;
2692 struct cc_srvid srvid
= eei
->srvid
;
2696 int64_t cwlastresptime
= comp_timeb(&tpe
, &eei
->tps
);
2702 if(buf
[1] == MSG_CW_NOK1
) //MSG_CW_NOK1: share no more available
2704 cs_log_dbg(D_TRACE
, "NOK1: share temporarily not available %d %04X ecm %d %d!", card
->id
, card
->caid
, eei
->send_idx
, eei
->ecm_idx
);
2706 for(j
= 0; j
< cfg
.max_pending
; j
++)
2708 if(cl
->ecmtask
[j
].idx
== ecm_idx
&& cl
->ecmtask
[j
].rc
== E_ALREADY_SENT
) {
2709 ECM_REQUEST
*er
= &cl
->ecmtask
[j
];
2712 write_ecm_answer(rdr
, er
, E_NOTFOUND
, 0, NULL
, NULL
, 0, NULL
);
2717 //else MSG_CW_NOK2: can't decode
2718 else if(cc
->cmd05NOK
)
2720 move_card_to_end(cl
, card
);
2721 if(cwlastresptime
< 5000)
2723 add_sid_block(card
, &srvid
, true);
2727 if(card
->rating
<= MIN_RATING
)
2729 add_sid_block(card
, &srvid
, true);
2737 else if(cacheex_get_rdr_mode(rdr
) != 1)
2739 if(!is_good_sid(card
, &srvid
))
2741 move_card_to_end(cl
, card
);
2742 if(cwlastresptime
< 5000)
2744 add_sid_block(card
, &srvid
, true);
2748 if(card
->rating
<= MIN_RATING
)
2750 add_sid_block(card
, &srvid
, true);
2760 move_card_to_end(cl
, card
);
2761 add_sid_block(card
, &srvid
, true);
2764 if(card
->rating
< MIN_RATING
)
2765 { card
->rating
= MIN_RATING
; }
2767 if(cfg
.cc_forward_origin_card
&& card
->origin_reader
== rdr
)
2769 //this card is from us but it can't decode this ecm
2770 //also origin card is only set on cccam clients
2771 //so wie send back the nok to the client
2772 cs_log_dbg(D_TRACE
, "%s forward card: %s", getprefix(), (buf
[1] == MSG_CW_NOK1
) ? "NOK1" : "NOK2");
2779 cs_log_dbg(D_READER
, "%s NOK: NO CARD!", getprefix());
2783 //A "NOK" in extended mode means, NOTHING found, regardless of the requested card. So do not retry
2784 if(cc
->extended_mode
)
2792 cc_reset_pending(cl
, ecm_idx
);
2797 for(i
= 0; i
< cfg
.max_pending
; i
++)
2799 if(cl
->ecmtask
[i
].idx
== ecm_idx
&& cl
->ecmtask
[i
].rc
== E_ALREADY_SENT
)
2802 "%s ext NOK %s", getprefix(), (buf
[1] == MSG_CW_NOK1
) ? "NOK1" : "NOK2");
2803 ECM_REQUEST
*er
= &cl
->ecmtask
[i
];
2806 write_ecm_answer(rdr
, er
, E_NOTFOUND
, 0, NULL
, NULL
, 0, NULL
);
2813 cs_readunlock(__func__
, &cc
->cards_busy
);
2815 if(!cc
->extended_mode
)
2820 cc_send_ecm(cl
, NULL
);
2823 case MSG_CACHE_PUSH
:
2827 cc_cacheex_push_in(cl
, data
);
2832 case MSG_CACHE_FILTER
:
2836 cc_cacheex_filter_in(cl
, data
);
2842 cc
->just_logged_in
= 0;
2843 if(cl
->typ
== 'c') //SERVER:
2845 #define CCMSG_HEADER_LEN 17
2848 struct cc_card
*server_card
;
2850 if(l
< CCMSG_HEADER_LEN
)
2853 if(!cs_malloc(&server_card
, sizeof(struct cc_card
)))
2855 server_card
->id
= buf
[10] << 24 | buf
[11] << 16 | buf
[12] << 8
2857 server_card
->caid
= b2i(2, data
);
2859 if((er
= get_ecmtask()) && l
> CCMSG_HEADER_LEN
&& MAX_ECM_SIZE
> l
- CCMSG_HEADER_LEN
)
2861 er
->caid
= b2i(2, buf
+ 4);
2862 er
->prid
= b2i(4, buf
+ 6);
2863 er
->srvid
= b2i(2, buf
+ 14);
2864 er
->ecmlen
= l
- CCMSG_HEADER_LEN
;
2865 memcpy(er
->ecm
, buf
+ CCMSG_HEADER_LEN
, er
->ecmlen
);
2866 cc
->server_ecm_pending
++;
2867 er
->idx
= ++cc
->server_ecm_idx
;
2869 #ifdef MODULE_CCCSHARE
2871 if(cfg
.cc_forward_origin_card
) //search my shares for this card:
2873 cs_log_dbg(D_TRACE
, "%s forward card: %04X:%04x search share %d", getprefix(), er
->caid
, er
->srvid
, server_card
->id
);
2874 LLIST
**sharelist
= get_and_lock_sharelist();
2875 LL_ITER itr
= ll_iter_create(get_cardlist(er
->caid
, sharelist
));
2876 struct cc_card
*card
;
2877 struct cc_card
*rcard
= NULL
;
2878 while((card
= ll_iter_next(&itr
)))
2880 if(card
->id
== server_card
->id
) //found it
2885 cs_log_dbg(D_TRACE
, "%s forward card: share %d found: %d", getprefix(), server_card
->id
, card
? 1 : 0);
2887 struct s_reader
*ordr
= NULL
;
2888 if(card
&& card
->origin_reader
) // found own card, now search reader card:
2890 //Search reader in list, because it is maybe offline?
2891 for(ordr
= first_active_reader
; ordr
; ordr
= ordr
->next
)
2893 if(ordr
== card
->origin_reader
) { break; }
2897 { cs_log_dbg(D_TRACE
, "%s origin reader not found!", getprefix()); }
2900 cs_log_dbg(D_TRACE
, "%s forward card: share %d origin reader %s origin id %d", getprefix(), card
->id
, ordr
->label
, card
->origin_id
);
2901 struct s_client
*cl2
= ordr
->client
;
2902 if(card
->origin_id
&& cl2
&& cl2
->cc
) //only if we have a origin from a cccam reader
2904 struct cc_data
*rcc
= cl2
->cc
;
2908 itr
= ll_iter_create(rcc
->cards
);
2909 while((rcard
= ll_iter_next(&itr
)))
2911 if(rcard
->id
== card
->origin_id
) //found it!
2919 er
->origin_reader
= ordr
;
2922 er
->origin_card
= rcard
;
2925 cs_log_dbg(D_TRACE
, "%s forward card: share %d not found!", getprefix(), server_card
->id
);
2926 er
->rc
= E_NOTFOUND
;
2927 er
->rcEx
= E2_CCCAM_NOK1
; //share not found!
2930 cs_log_dbg(D_TRACE
, "%s forward card: share %d forwarded to %s origin as id %d", getprefix(),
2931 card
->id
, ordr
->label
, rcard
->id
);
2938 "%s ECM request from client: caid %04x srvid %04x(%d) prid %06x",
2939 getprefix(), er
->caid
, er
->srvid
, er
->ecmlen
, er
->prid
);
2941 struct cc_srvid srvid
;
2942 srvid
.sid
= er
->srvid
;
2943 srvid
.chid
= er
->chid
;
2944 srvid
.ecmlen
= er
->ecmlen
;
2945 add_extended_ecm_idx(cl
, cc
->extended_mode
? cc
->g_flag
: 1,
2946 er
->idx
, server_card
, srvid
, 1);
2953 cs_log_dbg(D_CLIENT
, "%s NO ECMTASK!!!! l=%d", getprefix(), l
);
2954 NULLFREE(server_card
);
2963 cs_readlock(__func__
, &cc
->cards_busy
);
2964 cc
->recv_ecmtask
= -1;
2965 eei
= get_extended_ecm_idx(cl
,
2966 cc
->extended_mode
? cc
->g_flag
: 1, 1);
2969 cs_log_dbg(D_READER
, "%s received extended ecm id %d but not found!",
2970 getprefix(), cc
->g_flag
);
2971 if(!cc
->extended_mode
)
2972 { cc_cli_close(cl
, 0); }
2976 uint16_t ecm_idx
= eei
->ecm_idx
;
2977 cc
->recv_ecmtask
= ecm_idx
;
2978 struct cc_card
*card
= eei
->card
;
2979 uint32_t cccam_id
= eei
->cccam_id
;
2980 struct cc_srvid srvid
= eei
->srvid
;
2986 if(!cc
->extended_mode
)
2988 cc_cw_crypt(cl
, buf
+ 4, card
->id
);
2989 cc_crypt_cmd0c(cl
, buf
+ 4, 16);
2992 memcpy(cc
->dcw
, buf
+ 4, 16);
2994 if(!cc
->extended_mode
)
2995 { cc_crypt(&cc
->block
[DECRYPT
], buf
+ 4, l
- 4, ENCRYPT
); } // additional crypto step
2997 if(is_null_dcw(cc
->dcw
))
2999 cs_log_dbg(D_READER
, "%s null dcw received! sid=%04X(%d)", getprefix(),
3000 srvid
.sid
, srvid
.ecmlen
);
3001 move_card_to_end(cl
, card
);
3002 add_sid_block(card
, &srvid
, true);
3004 cc_reset_pending(cl
, ecm_idx
);
3005 buf
[1] = MSG_CW_NOK2
; //So it's really handled like a nok!
3009 cs_log_dbg(D_READER
, "%s cws: %d %s", getprefix(),
3010 ecm_idx
, cs_hexdump(0, cc
->dcw
, 16, tmp_dbg
, sizeof(tmp_dbg
)));
3012 //check response time, if > fallbacktime, switch cards!
3015 int64_t cwlastresptime
= comp_timeb(&tpe
, &cc
->ecm_time
);
3016 if(cwlastresptime
> get_fallbacktimeout(card
->caid
) && !cc
->extended_mode
)
3018 cs_log_dbg(D_READER
, "%s card %04X is too slow, moving to the end...", getprefix(), card
->id
);
3019 move_card_to_end(cl
, card
);
3021 if(card
->rating
< MIN_RATING
)
3022 { card
->rating
= MIN_RATING
; }
3027 if(card
->rating
> MAX_RATING
)
3028 { card
->rating
= MAX_RATING
; }
3035 cs_log_dbg(D_READER
,
3036 "%s warning: ECM-CWS respond by CCCam server without current card!",
3039 if(!cc
->extended_mode
)
3041 cc_cw_crypt(cl
, buf
+ 4, cccam_id
);
3042 cc_crypt_cmd0c(cl
, buf
+ 4, 16);
3044 memcpy(cc
->dcw
, buf
+ 4, 16);
3046 if(!cc
->extended_mode
)
3047 { cc_crypt(&cc
->block
[DECRYPT
], buf
+ 4, l
- 4, ENCRYPT
); } // additional crypto step
3049 cs_log_dbg(D_READER
, "%s cws: %d %s", getprefix(),
3050 ecm_idx
, cs_hexdump(0, cc
->dcw
, 16, tmp_dbg
, sizeof(tmp_dbg
)));
3053 cs_readunlock(__func__
, &cc
->cards_busy
);
3055 if(!cc
->extended_mode
)
3060 //cc_abort_user_ecms();
3062 cc_send_ecm(cl
, NULL
);
3065 { cc
->ecm_counter
++; }
3072 cl
->last
= time(NULL
);
3074 if(rdr
&& rdr
->cc_keepalive
)
3076 rdr
->last_g
= time(NULL
);
3077 rdr
->last_s
= time(NULL
);
3078 rdr_log_dbg(rdr
, D_READER
, "%s: receive keepalive", __func__
);
3081 cc
->just_logged_in
= 0;
3087 cc
->just_logged_in
= 0;
3088 l
= l
- 4;//Header Length=4 Byte
3092 cs_log_dbg(D_READER
, "%s MSG_CMD_05 recvd, payload length=%d mode=%d",
3093 getprefix(), l
, cc
->cmd05_mode
);
3094 cc
->cmd05_active
= 1;
3095 cc
->cmd05_data_len
= l
;
3096 memcpy(&cc
->cmd05_data
, buf
+ 4, l
);
3097 if(!cc
->ecm_busy
&& ll_has_elements(cc
->cards
))
3098 { send_cmd05_answer(cl
); }
3106 // by Project:Keynation
3107 cs_log_dbg(D_READER
, "%s MSG_CMD_0B received (payload=%d)!",
3108 getprefix(), l
- 4);
3114 memcpy(aeskey
, cc
->cmd0b_aeskey
, 16);
3115 memset(&key
, 0, sizeof(key
));
3117 //cs_log_dump_dbg(D_READER, aeskey, 16, "%s CMD_0B AES key:", getprefix());
3118 //cs_log_dump_dbg(D_READER, data, 16, "%s CMD_0B received data:", getprefix());
3120 AES_set_encrypt_key((unsigned char *) &aeskey
, 128, &key
);
3121 AES_encrypt((unsigned char *) data
, (unsigned char *) &out
, &key
);
3123 cs_log_dbg(D_TRACE
, "%s sending CMD_0B! ", getprefix());
3124 //cs_log_dump_dbg(D_READER, out, 16, "%s CMD_0B out:", getprefix());
3125 cc_cmd_send(cl
, out
, 16, MSG_CMD_0B
);
3130 case MSG_CMD_0C
: //New CCCAM 2.2.0 Server/Client fake check!
3132 int32_t len
= l
- 4;
3136 if(cl
->typ
== 'c') //Only im comming from "client"
3138 cs_log_dbg(D_CLIENT
, "%s MSG_CMD_0C received (payload=%d)!", getprefix(), len
);
3140 uint8_t bytes
[0x20];
3141 if(len
< 0x20) //if less then 0x20 bytes, clear others:
3142 { memset(data
+ len
, 0, 0x20 - len
); }
3144 //change first 0x10 bytes to the second:
3145 memcpy(bytes
, data
+ 0x10, 0x10);
3146 memcpy(bytes
+ 0x10, data
, 0x10);
3150 for(i
= 0; i
< 0x20; i
++)
3151 { bytes
[i
] ^= (data
[i
] & 0x7F); }
3153 //key is now the 16bit hash of md5:
3154 uint8_t md5hash
[0x10];
3155 MD5(data
, 0x20, md5hash
);
3156 memcpy(bytes
, md5hash
, 0x10);
3158 cs_log_dbg(D_CLIENT
, "%s sending CMD_0C! ", getprefix());
3159 //cs_log_dump_dbg(D_CLIENT, bytes, 0x20, "%s CMD_0C out:", getprefix());
3160 cc_cmd_send(cl
, bytes
, 0x20, MSG_CMD_0C
);
3164 // by Project:Keynation + Oscam team
3165 cc_crypt_cmd0c(cl
, data
, len
);
3167 uint8_t CMD_0x0C_Command
= data
[0];
3169 switch(CMD_0x0C_Command
)
3174 cc
->cmd0c_mode
= MODE_CMD_0x0C_RC6
;
3180 cc
->cmd0c_mode
= MODE_CMD_0x0C_RC4
;
3186 cc
->cmd0c_mode
= MODE_CMD_0x0C_CC_CRYPT
;
3192 cc
->cmd0c_mode
= MODE_CMD_0x0C_AES
;
3198 cc
->cmd0c_mode
= MODE_CMD_0x0C_IDEA
;
3204 cc
->cmd0c_mode
= MODE_CMD_0x0C_NONE
;
3208 set_cmd0c_cryptkey(cl
, data
, len
);
3210 cs_log_dbg(D_READER
, "%s received MSG_CMD_0C from server! CMD_0x0C_CMD=%d, MODE=%s",
3211 getprefix(), CMD_0x0C_Command
, cmd0c_mode_name
[cc
->cmd0c_mode
]);
3216 case MSG_CMD_0D
: //key update for the active cmd0x0c algo
3218 int32_t len
= l
- 4;
3222 if(cc
->cmd0c_mode
== MODE_CMD_0x0C_NONE
)
3225 cc_crypt_cmd0c(cl
, data
, len
);
3226 set_cmd0c_cryptkey(cl
, data
, len
);
3228 cs_log_dbg(D_READER
, "%s received MSG_CMD_0D from server! MODE=%s",
3229 getprefix(), cmd0c_mode_name
[cc
->cmd0c_mode
]);
3238 cs_log_dbg(D_READER
, "cccam 2.2.x commands not implemented: 0x%02X", buf
[1]);
3239 //Unkwon commands...need workout algo
3240 if(cl
->typ
== 'c') //client connection
3242 //switching to an oder version and then disconnect...
3243 cs_strncpy(cfg
.cc_version
, version
[0], sizeof(cfg
.cc_version
));
3246 else //reader connection
3248 cs_strncpy(cl
->reader
->cc_version
, version
[0], sizeof(cl
->reader
->cc_version
));
3249 cs_strncpy(cl
->reader
->cc_build
, build
[0], sizeof(cl
->reader
->cc_build
));
3250 cc_cycle_connection(cl
);
3257 cc
->just_logged_in
= 0;
3258 if(cl
->typ
== 'c') //EMM Request received
3260 cc_cmd_send(cl
, NULL
, 0, MSG_EMM_ACK
); //Send back ACK
3265 cs_log_dbg(D_EMM
, "%s EMM Request received!", getprefix());
3267 if(!ll_count(cl
->aureader_list
))
3271 "%s EMM Request discarded because au is not assigned to an reader!",
3277 if(!cs_malloc(&emm
, sizeof(EMM_PACKET
)))
3279 emm
->caid
[0] = buf
[4];
3280 emm
->caid
[1] = buf
[5];
3281 emm
->provid
[0] = buf
[7];
3282 emm
->provid
[1] = buf
[8];
3283 emm
->provid
[2] = buf
[9];
3284 emm
->provid
[3] = buf
[10];
3285 //emm->hexserial[0] = buf[11];
3286 //emm->hexserial[1] = buf[12];
3287 //emm->hexserial[2] = buf[13];
3288 //emm->hexserial[3] = buf[14];
3290 { emm
->emmlen
= buf
[15]; }
3292 { emm
->emmlen
= MIN(l
- 16, (int32_t)sizeof(emm
->emm
)); }
3294 if(emm
->emmlen
< 0 || emm
->emmlen
> MAX_EMM_SIZE
|| emm
->emmlen
+16 > l
)
3295 { NULLFREE(emm
); break;}
3297 memcpy(emm
->emm
, buf
+ 16, emm
->emmlen
);
3298 //emm->type = UNKNOWN;
3299 //emm->cidx = cs_idx;
3303 else //Our EMM Request Ack!
3305 cs_log_dbg(D_EMM
, "%s EMM ACK!", getprefix());
3306 if(!cc
->extended_mode
)
3310 cc_send_ecm(cl
, NULL
);
3315 //cs_log_dump_dbg(D_CLIENT, buf, l, "%s unhandled msg: %d len=%d", getprefix(), buf[1], l);
3319 if(cc
->max_ecms
&& (cc
->ecm_counter
> cc
->max_ecms
))
3321 cs_log_dbg(D_READER
, "%s max ecms (%d) reached, cycle connection!", getprefix(),
3323 cc_cycle_connection(cl
);
3329 * Reader: write dcw to receive
3331 int32_t cc_recv_chk(struct s_client
*cl
, uchar
*dcw
, int32_t *rc
, uchar
*buf
, int32_t UNUSED(n
))
3333 struct cc_data
*cc
= cl
->cc
;
3335 if(buf
[1] == MSG_CW_ECM
)
3337 memcpy(dcw
, cc
->dcw
, 16);
3338 //cs_log_dbg(D_CLIENT, "cccam: recv chk - MSG_CW %d - %s", cc->recv_ecmtask,
3339 // cs_hexdump(0, dcw, 16, tmp_dbg, sizeof(tmp_dbg)));
3341 return (cc
->recv_ecmtask
);
3343 else if((buf
[1] == (MSG_CW_NOK1
)) || (buf
[1] == (MSG_CW_NOK2
)))
3346 //if (cc->is_oscam_cccam)
3347 if(cfg
.cc_forward_origin_card
)
3348 { return (cc
->recv_ecmtask
); }
3356 //int32_t is_softfail(int32_t rc)
3358 // //see oscam.c send_dcw() for a full list
3361 // case 5: // 5 = timeout
3362 // case 6: // 6 = sleeping
3363 // case 7: // 7 = fake
3364 // case 10:// 10= no card
3365 // case 11:// 11= expdate
3366 // case 12:// 12= disabled
3367 // case 13:// 13= stopped
3368 // case 14:// 100= unhandled
3376 * Server: send DCW to client
3378 void cc_send_dcw(struct s_client
*cl
, ECM_REQUEST
*er
)
3381 struct cc_data
*cc
= cl
->cc
;
3383 memset(buf
, 0, sizeof(buf
));
3385 struct cc_extended_ecm_idx
*eei
= get_extended_ecm_idx_by_idx(cl
, er
->idx
,
3388 if(er
->rc
< E_NOTFOUND
&& eei
) //found:
3390 memcpy(buf
, er
->cw
, sizeof(buf
));
3392 //cs_log_dbg(D_TRACE, "%s send cw: %s cpti: %d", getprefix(),
3393 // cs_hexdump(0, buf, 16, tmp_dbg, sizeof(tmp_dbg)), er->cpti);
3394 if(!cc
->extended_mode
)
3395 { cc_cw_crypt(cl
, buf
, eei
->cccam_id
); }
3397 { cc
->g_flag
= eei
->send_idx
; }
3398 cc_cmd_send(cl
, buf
, 16, MSG_CW_ECM
);
3399 if(!cc
->extended_mode
)
3400 { cc_crypt(&cc
->block
[ENCRYPT
], buf
, 16, ENCRYPT
); } // additional crypto step
3405 //cs_log_dbg(D_TRACE, "%s send cw: NOK cpti: %d", getprefix(),
3408 if(eei
&& cc
->extended_mode
)
3409 { cc
->g_flag
= eei
->send_idx
; }
3411 int32_t nok
, bufsize
= 0;
3412 if(cc
->sleepsend
&& er
->rc
== E_STOPPED
)
3414 buf
[0] = cl
->c35_sleepsend
;
3416 nok
= MSG_SLEEPSEND
;
3418 else if(!eei
|| !eei
->card
)
3419 { nok
= MSG_CW_NOK1
; } //share no more available
3422 if(cfg
.cc_forward_origin_card
&& er
->origin_card
== eei
->card
)
3423 { nok
= (er
->rcEx
== E2_CCCAM_NOK1
) ? MSG_CW_NOK1
: MSG_CW_NOK2
; }
3425 { nok
= MSG_CW_NOK2
; } //can't decode
3427 cc_cmd_send(cl
, buf
, bufsize
, nok
);
3429 cc
->server_ecm_pending
--;
3432 NULLFREE(eei
->card
);
3437 int32_t cc_recv(struct s_client
*cl
, uchar
*buf
, int32_t l
)
3440 struct s_reader
*rdr
= (cl
->typ
== 'c') ? NULL
: cl
->reader
;
3442 if(buf
== NULL
|| l
<= 0)
3445 n
= cc_msg_recv(cl
, buf
, l
); // recv and decrypt msg
3446 //cs_log_dump_dbg(D_CLIENT, buf, n, "cccam: received %d bytes from %s", n, remote_txt());
3451 struct cc_data
*cc
= cl
->cc
;
3452 if(cc
&& cc
->nok_message
)
3453 { cs_log_dbg(D_CLIENT
, "%s connection closed by %s. n=%d, Reason: %s", getprefix(), remote_txt(), n
, cc
->nok_message
); }
3456 cs_log_dbg(D_CLIENT
, "%s connection closed by %s, n=%d.", getprefix(), remote_txt(), n
);
3459 cc_cli_close(cl
, 1);
3463 //cs_writelock(__func__, &cc->cards_busy); maybe uninitialized
3464 cs_disconnect_client(cl
);
3465 //cs_writeunlock(__func__, &cc->cards_busy);
3475 cs_log("%s packet is too small (%d bytes)", getprefix(), n
);
3478 else if(n
> CC_MAXMSGSIZE
)
3480 cs_log("%s packet is too big (%d bytes, max: %d)", getprefix(), n
, CC_MAXMSGSIZE
);
3485 // parse it and write it back, if we have received something of value
3486 n
= cc_parse_msg(cl
, buf
, n
);
3487 if(n
== MSG_CW_ECM
|| n
== MSG_EMM_ACK
)
3489 cl
->last
= time(NULL
); // last client action is now
3490 if(rdr
) { rdr
->last_g
= time(NULL
); } // last reader receive is now
3497 { cc_cli_close(cl
, 1); }
3502 void cc_init_locks(struct cc_data
*cc
)
3504 cs_lock_create(__func__
, &cc
->lockcmd
, "lockcmd", 5000);
3505 cs_lock_create(__func__
, &cc
->cards_busy
, "cards_busy", 10000);
3508 #ifdef MODULE_CCCSHARE
3510 * Starting readers to get cards:
3512 int32_t cc_srv_wakeup_readers(struct s_client
*cl
)
3515 struct s_reader
*rdr
;
3516 struct s_client
*client
;
3518 for(rdr
= first_active_reader
; rdr
; rdr
= rdr
->next
)
3520 if(rdr
->typ
!= R_CCCAM
)
3522 if(rdr
->tcp_connected
== 2)
3524 if(!(rdr
->grp
& cl
->grp
))
3526 if(rdr
->cc_keepalive
) //if reader has keepalive but is NOT connected, reader can't connect. so don't ask him
3528 if((client
= rdr
->client
) == NULL
|| (cc
= client
->cc
) == NULL
|| client
->kill
) //reader is in shutdown
3530 if(is_connect_blocked(rdr
)) //reader cannot be waked up currently because its blocked
3533 //This wakeups the reader:
3534 add_job(rdr
->client
, ACTION_READER_CARDINFO
, NULL
, 0);
3541 int32_t cc_srv_connect(struct s_client
*cl
)
3543 int32_t i
, ccversion_pos
, ccbuild_pos
;
3544 int32_t no_delay
= 1;
3546 char usr
[21], pwd
[65], tmp_dbg
[17];
3547 struct s_auth
*account
;
3550 if(!cs_malloc(&cc
, sizeof(struct cc_data
)))
3553 memset(usr
, 0, sizeof(usr
));
3554 memset(pwd
, 0, sizeof(pwd
));
3556 // init internals data struct
3558 cc
->extended_ecm_idx
= ll_create("extended_ecm_idx");
3561 uint8_t *buf
= cc
->send_buffer
;
3563 cc
->server_ecm_pending
= 0;
3564 cc
->extended_mode
= 0;
3567 int32_t keep_alive
= 1;
3568 setsockopt(cl
->udp_fd
, SOL_SOCKET
, SO_KEEPALIVE
,
3569 (void *)&keep_alive
, sizeof(keep_alive
));
3571 //Create checksum for "O" cccam:
3572 get_random_bytes(data
, 12);
3573 for(i
= 0; i
< 4; i
++)
3575 data
[12 + i
] = (data
[i
] + data
[4 + i
] + data
[8 + i
]) & 0xff;
3578 cs_log_dbg(D_TRACE
, "send ccc checksum");
3580 send(cl
->udp_fd
, data
, 16, 0);
3582 cc_xor(data
); // XOR init bytes with 'CCcam'
3586 SHA1_Update(&ctx
, data
, 16);
3587 SHA1_Final(buf
, &ctx
);
3589 cc_init_crypt(&cc
->block
[ENCRYPT
], buf
, 20);
3590 cc_crypt(&cc
->block
[ENCRYPT
], data
, 16, DECRYPT
);
3591 cc_init_crypt(&cc
->block
[DECRYPT
], data
, 16);
3592 cc_crypt(&cc
->block
[DECRYPT
], buf
, 20, DECRYPT
);
3594 cs_log_dbg(D_TRACE
, "receive ccc checksum");
3596 if((i
= cc_recv_to(cl
, buf
, 20)) == 20)
3598 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: recv:");
3599 cc_crypt(&cc
->block
[DECRYPT
], buf
, 20, DECRYPT
);
3600 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: hash:");
3606 memset(buf
, 0, CC_MAXMSGSIZE
);
3607 i
= cc_recv_to(cl
, buf
, 20);
3608 if(i
< 0) { return -1; } // errors during receive!
3611 cc_crypt(&cc
->block
[DECRYPT
], buf
, 20, DECRYPT
);
3613 strncpy(usr
, (char *) buf
, sizeof(usr
));
3615 //test for nonprintable characters:
3616 for(i
= 0; i
< 20; i
++)
3618 if(usr
[i
] > 0 && usr
[i
] < 0x20) //found nonprintable char
3620 cs_log("illegal username received");
3624 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: username '%s':", usr);
3628 cs_add_violation(cl
, NULL
);
3631 cs_log_dbg(D_TRACE
, "ccc username received %s", usr
);
3635 //CCCam only supports len=20 usr/pass. So we could have more than one user that matches the first 20 chars.
3637 //receive password-CCCam encrypted Hash:
3638 i
= cc_recv_to(cl
, buf
, 6);
3639 if(i
< 0) { return -1; } // errors during receive!
3640 if(i
!= 6) // received invalid password length
3642 cs_add_violation(cl
, usr
);
3646 cs_log_dbg(D_TRACE
, "ccc passwdhash received %s", usr
);
3648 account
= cfg
.account
;
3649 struct cc_crypt_block
*save_block
;
3650 if(!cs_malloc(&save_block
, sizeof(struct cc_crypt_block
)))
3652 memcpy(save_block
, cc
->block
, sizeof(struct cc_crypt_block
));
3658 if(strncmp(usr
, account
->usr
, 20) == 0)
3660 memset(pwd
, 0, sizeof(pwd
));
3661 cs_strncpy(pwd
, account
->pwd
, sizeof(pwd
));
3665 account
= account
->next
;
3671 // receive passwd / 'CCcam'
3672 memcpy(cc
->block
, save_block
, sizeof(struct cc_crypt_block
));
3673 cc_crypt(&cc
->block
[DECRYPT
], (uint8_t *) pwd
, strlen(pwd
), ENCRYPT
);
3674 cc_crypt(&cc
->block
[DECRYPT
], buf
, 6, DECRYPT
);
3675 //cs_log_dump_dbg(D_CLIENT, buf, 6, "cccam: pwd check '%s':", buf); //illegal buf-bytes could kill the logger!
3676 if(memcmp(buf
, "CCcam\0", 6) == 0) //Password Hash OK!
3677 { break; } //account is set
3679 account
= account
->next
;
3681 NULLFREE(save_block
);
3683 if(cs_auth_client(cl
, account
, NULL
)) //cs_auth_client returns 0 if account is valid/active/accessible
3686 { cs_log("account '%s' not found!", usr
); }
3688 { cs_log("password for '%s' invalid!", usr
); }
3689 cs_add_violation(cl
, usr
);
3694 cs_log("account '%s' duplicate login, disconnect!", usr
);
3699 cs_log("account '%s' disabled, blocking+disconnect!", usr
);
3700 cs_add_violation(cl
, usr
);
3703 if(account
->cccmaxhops
< -1)
3705 cs_log("account '%s' has cccmaxhops < -1, cccam can't handle this, disconnect!", usr
);
3709 cs_log_dbg(D_TRACE
, "ccc user authenticated %s", usr
);
3711 if(account
->cccmaxhops
== -1)
3712 { cs_log("account '%s' has cccmaxhops = -1: user will not see any card!", usr
); }
3714 if(!cs_malloc(&cc
->prefix
, strlen(cl
->account
->usr
) + 20))
3716 snprintf(cc
->prefix
, strlen(cl
->account
->usr
) + 20, "cccam(s) %s:", cl
->account
->usr
);
3719 if(cl
->account
->cacheex
.mode
< 2)
3721 if(cl
->tcp_nodelay
== 0)
3723 setsockopt(cl
->udp_fd
, IPPROTO_TCP
, TCP_NODELAY
, (void *)&no_delay
, sizeof(no_delay
));
3724 cl
->tcp_nodelay
= 1;
3727 //Starting readers to get cards:
3728 cc_srv_wakeup_readers(cl
);
3732 memcpy(buf
, "CCcam\0", 6);
3733 cs_log_dump_dbg(D_CLIENT
, buf
, 20, "cccam: send ack:");
3734 cc_crypt(&cc
->block
[ENCRYPT
], buf
, 20, ENCRYPT
);
3735 send(cl
->pfd
, buf
, 20, 0);
3738 memset(buf
, 0, CC_MAXMSGSIZE
);
3739 i
= cc_msg_recv(cl
, buf
, CC_MAXMSGSIZE
-1);
3742 cs_log_dump_dbg(D_CLIENT
, buf
, i
, "cccam: cli data:");
3745 { cs_log_dbg(D_CLIENT
, "cccam: cli data too small"); return -1; }
3747 memcpy(cc
->peer_node_id
, buf
+ 24, 8);
3748 //chk_peer_node_for_oscam(cc);
3751 while(ccversion_pos
+1 < i
&& ccversion_pos
< 33+5 && buf
[ccversion_pos
] == 0)
3757 while(ccbuild_pos
+1 < i
&& ccbuild_pos
< 65+5 && buf
[ccbuild_pos
] == 0)
3762 strncpy(cc
->remote_version
, (char *)buf
+ ccversion_pos
, sizeof(cc
->remote_version
) - 1);
3763 strncpy(cc
->remote_build
, (char *)buf
+ ccbuild_pos
, sizeof(cc
->remote_build
) - 1);
3765 cs_log_dbg(D_CLIENT
, "%s client '%s' (%s) running v%s (%s)", getprefix(), buf
+ 4,
3766 cs_hexdump(0, cc
->peer_node_id
, 8, tmp_dbg
, sizeof(tmp_dbg
)), cc
->remote_version
, cc
->remote_build
);
3768 // send cli data ack
3769 cc_cmd_send(cl
, NULL
, 0, MSG_CLI_DATA
);
3771 cs_log_dbg(D_TRACE
, "ccc send srv_data %s", usr
);
3772 if(cc_send_srv_data(cl
) < 0)
3775 cc
->cccam220
= check_cccam_compat(cc
);
3776 cc
->just_logged_in
= 1;
3778 //Wait for Partner detection (NOK1 with data) before reporting cards
3779 //When Partner is detected, cccam220=1 is set. then we can report extended card data
3780 i
= process_input(buf
, CC_MAXMSGSIZE
, 1);
3781 if(i
<= 0 && i
!= -9)
3782 { return 0; } //disconnected
3785 { cs_log_dbg(D_CLIENT
, "%s extended sid mode activated", getprefix()); }
3787 { cs_log_dbg(D_CLIENT
, "%s 2.1.x compatibility mode", getprefix()); }
3789 cs_log_dbg(D_TRACE
, "ccc send cards %s", usr
);
3790 if(!cc_srv_report_cards(cl
))
3792 cs_ftime(&cc
->ecm_time
);
3794 //some clients, e.g. mgcamd, does not support keepalive. So if not answered, keep connection
3795 // check for client timeout, if timeout occurs try to send keepalive
3796 cs_log_dbg(D_TRACE
, "ccc connected and waiting for data %s", usr
);
3800 void cc_srv_init2(struct s_client
*cl
)
3802 if(!cl
->init_done
&& !cl
->kill
)
3804 if(IP_ISSET(cl
->ip
))
3805 { cs_log_dbg(D_CLIENT
, "cccam: new connection from %s", cs_inet_ntoa(cl
->ip
)); }
3807 cl
->pfd
= cl
->udp_fd
;
3809 if((ret
= cc_srv_connect(cl
)) < 0)
3812 { cs_log_dbg(D_CLIENT
, "cccam: failed errno: %d (%s)", errno
, strerror(errno
)); }
3814 { cs_log_dbg(D_CLIENT
, "cccam: failed ret: %d", ret
); }
3815 cs_disconnect_client(cl
);
3820 cc_cacheex_filter_out(cl
);
3826 void *cc_srv_init(struct s_client
*cl
, uchar
*UNUSED(mbuf
), int32_t UNUSED(len
))
3833 int32_t cc_cli_connect(struct s_client
*cl
)
3835 struct s_reader
*rdr
= cl
->reader
;
3836 struct cc_data
*cc
= cl
->cc
;
3837 rdr
->card_status
= CARD_FAILURE
;
3842 // init internals data struct
3843 if(!cs_malloc(&cc
, sizeof(struct cc_data
)))
3846 cc
->cards
= ll_create("cards");
3848 cc
->pending_emms
= ll_create("pending_emms");
3849 cc
->extended_ecm_idx
= ll_create("extended_ecm_idx");
3853 cc_free_cardlist(cc
->cards
, 0);
3854 free_extended_ecm_idx(cc
);
3858 if(!cs_malloc(&cc
->prefix
, strlen(cl
->reader
->label
) + 20))
3861 snprintf(cc
->prefix
, strlen(cl
->reader
->label
) + 20, "cccam(r) %s:", cl
->reader
->label
);
3865 uint8_t hash
[SHA_DIGEST_LENGTH
];
3866 uint8_t *buf
= cc
->send_buffer
;
3869 // check cred config
3870 if(rdr
->device
[0] == 0 || rdr
->r_pwd
[0] == 0 || rdr
->r_usr
[0] == 0
3871 || rdr
->r_port
== 0)
3873 cs_log("%s configuration error!", rdr
->label
);
3878 handle
= network_tcp_connection_open(rdr
);
3881 cs_log_dbg(D_READER
, "%s network connect error!", rdr
->label
);
3884 if(errno
== EISCONN
)
3886 cc_cli_close(cl
, 0);
3891 int32_t no_delay
= 1;
3892 if(cacheex_get_rdr_mode(rdr
) < 2)
3893 setsockopt(cl
->udp_fd
, IPPROTO_TCP
, TCP_NODELAY
, (void *)&no_delay
, sizeof(no_delay
));
3896 if((n
= cc_recv_to(cl
, data
, 16)) != 16)
3899 { cs_log("init error from reader %s", rdr
->label
); }
3901 cs_log("%s server returned %d instead of 16 bytes as init seed (errno=%d %s)",
3902 rdr
->label
, n
, errno
, strerror(errno
));
3903 cc_cli_close(cl
, 0);
3908 cc
->ecm_counter
= 0;
3910 cc
->cmd05_mode
= MODE_UNKNOWN
;
3911 cc
->cmd05_offset
= 0;
3912 cc
->cmd05_active
= 0;
3913 cc
->cmd05_data_len
= 0;
3914 cc
->extended_mode
= 0;
3915 cc
->last_emm_card
= NULL
;
3919 cc
->num_reshare0
= 0;
3920 cc
->num_reshare1
= 0;
3921 cc
->num_reshare2
= 0;
3922 cc
->num_resharex
= 0;
3923 memset(&cc
->cmd05_data
, 0, sizeof(cc
->cmd05_data
));
3924 memset(&cc
->receive_buffer
, 0, sizeof(cc
->receive_buffer
));
3925 NULLFREE(cc
->nok_message
);
3926 cc
->cmd0c_mode
= MODE_CMD_0x0C_NONE
;
3928 cs_log_dump_dbg(D_CLIENT
, data
, 16, "cccam: server init seed:");
3930 uint16_t sum
= 0x1234;
3931 uint16_t recv_sum
= (data
[14] << 8) | data
[15];
3933 for(i
= 0; i
< 14; i
++)
3937 //Create special data to detect oscam-cccam:
3938 cc
->is_oscam_cccam
= sum
== recv_sum
;
3940 //detect multics seed
3941 uint8_t a
= (data
[0]^'M') + data
[1] + data
[2];
3942 uint8_t b
= data
[4] + (data
[5]^'C') + data
[6];
3943 uint8_t c
= data
[8] + data
[9] + (data
[10]^'S');
3944 if((a
== data
[3]) && (b
== data
[7]) && (c
== data
[11]))
3946 cc
->multics_mode
= 1; //detected multics seed.
3947 cs_log_dbg(D_READER
, "multics seed detected: %s", rdr
->label
);
3950 cc_xor(data
); // XOR init bytes with 'CCcam'
3954 SHA1_Update(&ctx
, data
, 16);
3955 SHA1_Final(hash
, &ctx
);
3957 cs_log_dump_dbg(D_CLIENT
, hash
, sizeof(hash
), "cccam: sha1 hash:");
3959 //initialisate crypto states
3960 cc_init_crypt(&cc
->block
[DECRYPT
], hash
, 20);
3961 cc_crypt(&cc
->block
[DECRYPT
], data
, 16, DECRYPT
);
3962 cc_init_crypt(&cc
->block
[ENCRYPT
], data
, 16);
3963 cc_crypt(&cc
->block
[ENCRYPT
], hash
, 20, DECRYPT
);
3965 cc_cmd_send(cl
, hash
, 20, MSG_NO_HEADER
); // send crypted hash to server
3967 memset(buf
, 0, CC_MAXMSGSIZE
);
3968 memcpy(buf
, rdr
->r_usr
, strlen(rdr
->r_usr
));
3969 cs_log_dump_dbg(D_CLIENT
, buf
, 20, "cccam: username '%s':", buf
);
3970 cc_cmd_send(cl
, buf
, 20, MSG_NO_HEADER
); // send usr '0' padded -> 20 bytes
3972 memset(buf
, 0, CC_MAXMSGSIZE
);
3973 memset(pwd
, 0, sizeof(pwd
));
3975 //cs_log_dbg(D_CLIENT, "cccam: 'CCcam' xor");
3976 memcpy(buf
, "CCcam", 5);
3977 strncpy(pwd
, rdr
->r_pwd
, sizeof(pwd
) - 1);
3978 cc_crypt(&cc
->block
[ENCRYPT
], (uint8_t *) pwd
, strlen(pwd
), ENCRYPT
);
3979 cc_cmd_send(cl
, buf
, 6, MSG_NO_HEADER
); // send 'CCcam' xor w/ pwd
3981 if((n
= cc_recv_to(cl
, data
, 20)) != 20)
3983 cs_log("%s login failed, usr/pwd invalid", getprefix());
3984 cc_cli_close(cl
, 0);
3988 cc_crypt(&cc
->block
[DECRYPT
], data
, 20, DECRYPT
);
3989 cs_log_dump_dbg(D_CLIENT
, data
, 20, "cccam: login data");
3991 if(memcmp(data
, buf
, 5)) // check server response
3993 cs_log("%s login failed, usr/pwd invalid", getprefix());
3994 cc_cli_close(cl
, 0);
4000 cs_log_dbg(D_READER
, "%s login succeeded", getprefix());
4003 cs_log_dbg(D_READER
, "cccam: last_s=%ld, last_g=%ld", rdr
->last_s
, rdr
->last_g
);
4005 cl
->pfd
= cl
->udp_fd
;
4006 cs_log_dbg(D_READER
, "cccam: pfd=%d", cl
->pfd
);
4008 if(cc_send_cli_data(cl
) <= 0)
4010 cs_log("%s login failed, could not send client data", getprefix());
4011 cc_cli_close(cl
, 0);
4016 if (rdr
->ftab
.filts
)
4018 rdr
->caid
= rdr
->ftab
.filts
[0].caid
;
4019 rdr
->nprov
= rdr
->ftab
.filts
[0].nprids
;
4020 for(n
= 0; n
< rdr
->nprov
; n
++)
4022 rdr
->prid
[n
][0] = rdr
->ftab
.filts
[0].prids
[n
] >> 24;
4023 rdr
->prid
[n
][1] = rdr
->ftab
.filts
[0].prids
[n
] >> 16;
4024 rdr
->prid
[n
][2] = rdr
->ftab
.filts
[0].prids
[n
] >> 8;
4025 rdr
->prid
[n
][3] = rdr
->ftab
.filts
[0].prids
[n
] & 0xff;
4029 rdr
->card_status
= CARD_NEED_INIT
;
4030 rdr
->last_g
= rdr
->last_s
= time((time_t *) 0);
4031 rdr
->tcp_connected
= 1;
4033 cc
->just_logged_in
= 1;
4037 cc_cacheex_filter_out(cl
);
4042 int32_t cc_cli_init_int(struct s_client
*cl
)
4044 struct s_reader
*rdr
= cl
->reader
;
4045 if(rdr
->tcp_connected
)
4048 if(rdr
->tcp_ito
< 15 && rdr
->tcp_ito
!=-1)
4049 { rdr
->tcp_ito
= 30; }
4050 if(rdr
->cc_maxhops
< 0)
4051 { rdr
->cc_maxhops
= DEFAULT_CC_MAXHOPS
; }
4053 if(rdr
->tcp_rto
< 1)
4054 { rdr
->tcp_rto
= 30; } // timeout to 30s
4055 cs_log_dbg(D_READER
, "cccam: inactivity timeout: %d seconds, receive timeout: %d seconds", rdr
->tcp_ito
, rdr
->tcp_rto
);
4056 cc_check_version(rdr
->cc_version
, rdr
->cc_build
);
4057 cs_log_dbg(D_READER
, "proxy reader: %s (%s:%d) cccam v%s build %s, maxhops: %d",
4058 rdr
->label
, rdr
->device
, rdr
->r_port
, rdr
->cc_version
,
4059 rdr
->cc_build
, rdr
->cc_maxhops
);
4064 int32_t cc_cli_init(struct s_client
*cl
)
4066 struct s_reader
*reader
= cl
->reader
;
4068 int32_t res
= cc_cli_init_int(cl
); //Create socket
4070 if(res
== 0 && reader
&& (reader
->cc_keepalive
|| !cl
->cc
) && !reader
->tcp_connected
)
4073 cc_cli_connect(cl
); //connect to remote server
4075 // while (!reader->tcp_connected && reader->cc_keepalive && cfg.reader_restart_seconds > 0) {
4077 // if ((cc && cc->mode == CCCAM_MODE_SHUTDOWN))
4080 // if (!reader->tcp_connected) {
4081 // cc_cli_close(cl, 0);
4082 // res = cc_cli_init_int(cl);
4086 // cs_log_dbg(D_READER, "%s restarting reader in %d seconds", reader->label, cfg.reader_restart_seconds);
4087 // cs_sleepms(cfg.reader_restart_seconds*1000);
4088 // cs_log_dbg(D_READER, "%s restarting reader...", reader->label);
4089 // cc_cli_connect(cl);
4096 * return 1 if we are able to send requests:
4099 int32_t cc_available(struct s_reader
*rdr
, int32_t checktype
, ECM_REQUEST
*er
)
4101 if(!rdr
|| !rdr
->client
) { return 0; }
4103 struct s_client
*cl
= rdr
->client
;
4104 if(!cl
) { return 0; }
4105 struct cc_data
*cc
= cl
->cc
;
4107 if(er
&& cc
&& rdr
->tcp_connected
)
4109 struct cc_card
*card
= get_matching_card(cl
, er
, 1);
4113 //cs_log_dbg(D_TRACE, "checking reader %s availibility", rdr->label);
4114 if(!cc
|| rdr
->tcp_connected
!= 2)
4117 // 1. Keepalive ON but not connected: Do NOT send requests,
4118 // because we can't connect - problem of full running pipes
4119 // 2. Keepalive OFF but not connected: Send requests to connect
4120 // pipe won't run full, because we are reading from pipe to
4121 // get the ecm request
4122 if(rdr
->cc_keepalive
)
4126 //if (er && er->ecmlen > 255 && cc && !cc->extended_mode && (cc->remote_build_nr < 3367))
4127 // return 0; // remote does not support large ecms!
4130 if(checktype
== AVAIL_CHECK_LOADBALANCE
&& cc
&& cc
->ecm_busy
)
4132 if(cc_request_timeout(cl
))
4133 { cc_cycle_connection(cl
); }
4134 if(!rdr
->tcp_connected
|| cc
->ecm_busy
)
4136 cs_log_dbg(D_TRACE
, "checking reader %s availibility=0 (unavail)",
4138 return 0; //We are processing EMMs/ECMs
4149 void cc_card_info(void)
4151 struct s_client
*cl
= cur_client();
4152 struct s_reader
*rdr
= cl
->reader
;
4154 if(rdr
&& !rdr
->tcp_connected
)
4155 { cc_cli_connect(cl
); }
4158 void cc_cleanup(struct s_client
*cl
)
4162 cc_cli_close(cl
, 1); // we need to close open fd's
4167 void cc_update_nodeid(void)
4169 if(array_has_nonzero_byte(cfg
.cc_fixed_nodeid
, sizeof(cfg
.cc_fixed_nodeid
)))
4171 memcpy(cc_node_id
, cfg
.cc_fixed_nodeid
, 8);
4174 //Partner Detection:
4175 uint16_t sum
= 0x1234; //This is our checksum
4177 get_random_bytes(cc_node_id
, 4);
4178 for(i
= 0; i
< 4; i
++)
4180 sum
+= cc_node_id
[i
];
4184 cc_node_id
[4] = 0x10; // (Oscam 0x10, vPlugServer 0x11, Hadu 0x12,...)
4185 sum
+= cc_node_id
[4];
4187 // generate checksum for Partner ID:
4188 cc_node_id
[5] = 0xAA;
4189 for(i
= 0; i
< 5; i
++)
4191 cc_node_id
[5] ^= cc_node_id
[i
];
4193 sum
+= cc_node_id
[5];
4195 cc_node_id
[6] = sum
>> 8;
4196 cc_node_id
[7] = sum
& 0xff;
4198 memcpy(cfg
.cc_fixed_nodeid
, cc_node_id
, 8);
4201 bool cccam_forward_origin_card(ECM_REQUEST
*er
)
4203 if(cfg
.cc_forward_origin_card
&& er
->origin_card
)
4205 struct cc_card
*card
= er
->origin_card
;
4206 struct s_ecm_answer
*eab
= NULL
;
4207 struct s_ecm_answer
*ea
;
4208 for(ea
= er
->matching_rdr
; ea
; ea
= ea
->next
)
4210 ea
->status
&= ~(READER_ACTIVE
| READER_FALLBACK
);
4211 if(card
->origin_reader
== ea
->reader
)
4216 cs_log_dbg(D_LB
, "loadbalancer: forward card: forced by card %d to reader %s", card
->id
, eab
->reader
->label
);
4217 eab
->status
|= READER_ACTIVE
;
4224 bool cccam_snprintf_cards_stat(struct s_client
*cl
, char *emmtext
, size_t emmtext_sz
)
4226 struct cc_data
*rcc
= cl
->cc
;
4229 LLIST
*cards
= rcc
->cards
;
4232 int32_t ncards
= ll_count(cards
);
4233 int32_t locals
= rcc
->num_hop1
;
4234 snprintf(emmtext
, emmtext_sz
, " %3d/%3d card%s", locals
, ncards
, ncards
> 1 ? "s " : " ");
4241 bool cccam_client_extended_mode(struct s_client
*cl
)
4243 return cl
&& cl
->cc
&& ((struct cc_data
*)cl
->cc
)->extended_mode
;
4246 bool cccam_client_multics_mode(struct s_client
*cl
)
4248 return cl
&& cl
->cc
&& ((struct cc_data
*)cl
->cc
)->multics_mode
== 2;
4251 void module_cccam(struct s_module
*ph
)
4254 ph
->type
= MOD_CONN_TCP
;
4255 ph
->large_ecm_support
= 1;
4256 ph
->listenertype
= LIS_CCCAM
;
4259 ph
->cleanup
= cc_cleanup
;
4261 ph
->c_init
= cc_cli_init
;
4262 ph
->c_idle
= cc_idle
;
4263 ph
->c_recv_chk
= cc_recv_chk
;
4264 ph
->c_send_ecm
= cc_send_ecm
;
4265 ph
->c_send_emm
= cc_send_emm
;
4266 #ifdef MODULE_CCCSHARE
4267 IP_ASSIGN(ph
->s_ip
, cfg
.cc_srvip
);
4268 ph
->s_handler
= cc_srv_init
;
4269 ph
->s_init
= cc_srv_init2
;
4270 ph
->s_idle
= cc_s_idle
;
4271 ph
->send_dcw
= cc_send_dcw
;
4273 ph
->c_available
= cc_available
;
4274 ph
->c_card_info
= cc_card_info
;
4275 cc_cacheex_module_init(ph
);
4279 #ifdef MODULE_CCCSHARE
4281 for(i
= 0; i
< CS_MAXPORTS
; i
++)
4283 if(!cfg
.cc_port
[i
]) { break; }
4284 ph
->ptab
.ports
[i
].s_port
= cfg
.cc_port
[i
];
4289 { cccam_init_share(); }