3 #include "oscam-time.h"
4 #include "reader-common.h"
5 #include "reader-irdeto.h"
7 static const uchar CryptTable
[256] =
9 0xDA, 0x26, 0xE8, 0x72, 0x11, 0x52, 0x3E, 0x46,
10 0x32, 0xFF, 0x8C, 0x1E, 0xA7, 0xBE, 0x2C, 0x29,
11 0x5F, 0x86, 0x7E, 0x75, 0x0A, 0x08, 0xA5, 0x21,
12 0x61, 0xFB, 0x7A, 0x58, 0x60, 0xF7, 0x81, 0x4F,
13 0xE4, 0xFC, 0xDF, 0xB1, 0xBB, 0x6A, 0x02, 0xB3,
14 0x0B, 0x6E, 0x5D, 0x5C, 0xD5, 0xCF, 0xCA, 0x2A,
15 0x14, 0xB7, 0x90, 0xF3, 0xD9, 0x37, 0x3A, 0x59,
16 0x44, 0x69, 0xC9, 0x78, 0x30, 0x16, 0x39, 0x9A,
17 0x0D, 0x05, 0x1F, 0x8B, 0x5E, 0xEE, 0x1B, 0xC4,
18 0x76, 0x43, 0xBD, 0xEB, 0x42, 0xEF, 0xF9, 0xD0,
19 0x4D, 0xE3, 0xF4, 0x57, 0x56, 0xA3, 0x0F, 0xA6,
20 0x50, 0xFD, 0xDE, 0xD2, 0x80, 0x4C, 0xD3, 0xCB,
21 0xF8, 0x49, 0x8F, 0x22, 0x71, 0x84, 0x33, 0xE0,
22 0x47, 0xC2, 0x93, 0xBC, 0x7C, 0x3B, 0x9C, 0x7D,
23 0xEC, 0xC3, 0xF1, 0x89, 0xCE, 0x98, 0xA2, 0xE1,
24 0xC1, 0xF2, 0x27, 0x12, 0x01, 0xEA, 0xE5, 0x9B,
25 0x25, 0x87, 0x96, 0x7B, 0x34, 0x45, 0xAD, 0xD1,
26 0xB5, 0xDB, 0x83, 0x55, 0xB0, 0x9E, 0x19, 0xD7,
27 0x17, 0xC6, 0x35, 0xD8, 0xF0, 0xAE, 0xD4, 0x2B,
28 0x1D, 0xA0, 0x99, 0x8A, 0x15, 0x00, 0xAF, 0x2D,
29 0x09, 0xA8, 0xF5, 0x6C, 0xA1, 0x63, 0x67, 0x51,
30 0x3C, 0xB2, 0xC0, 0xED, 0x94, 0x03, 0x6F, 0xBA,
31 0x3F, 0x4E, 0x62, 0x92, 0x85, 0xDD, 0xAB, 0xFE,
32 0x10, 0x2E, 0x68, 0x65, 0xE7, 0x04, 0xF6, 0x0C,
33 0x20, 0x1C, 0xA9, 0x53, 0x40, 0x77, 0x2F, 0xA4,
34 0xFA, 0x6D, 0x73, 0x28, 0xE2, 0xCD, 0x79, 0xC8,
35 0x97, 0x66, 0x8E, 0x82, 0x74, 0x06, 0xC7, 0x88,
36 0x1A, 0x4A, 0x6B, 0xCC, 0x41, 0xE9, 0x9D, 0xB8,
37 0x23, 0x9F, 0x3D, 0xBF, 0x8D, 0x95, 0xC5, 0x13,
38 0xB9, 0x24, 0x5A, 0xDC, 0x64, 0x18, 0x38, 0x91,
39 0x7F, 0x5B, 0x70, 0x54, 0x07, 0xB6, 0x4B, 0x0E,
40 0x36, 0xAC, 0x31, 0xE6, 0xD6, 0x48, 0xAA, 0xB4
44 sc_GetCountryCode
[] = { 0x02, 0x02, 0x03, 0x00, 0x00 };
47 sc_GetCountryCode2
[] = { 0x02, 0x0B, 0x00, 0x00, 0x00 },
48 sc_GetCamKey384CZ
[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
49 0x18, 0xD7, 0x55, 0x14, 0xC0, 0x83, 0xF1, 0x38,
50 0x39, 0x6F, 0xF2, 0xEC, 0x4F, 0xE3, 0xF1, 0x85,
51 0x01, 0x46, 0x06, 0xCE, 0x7D, 0x08, 0x2C, 0x74,
52 0x46, 0x8F, 0x72, 0xC4, 0xEA, 0xD7, 0x9C, 0xE0,
53 0xE1, 0xFF, 0x58, 0xE7, 0x70, 0x0C, 0x92, 0x45,
54 0x26, 0x18, 0x4F, 0xA0, 0xE2, 0xF5, 0x9E, 0x46,
55 0x6F, 0xAE, 0x95, 0x35, 0xB0, 0x49, 0xB2, 0x0E,
56 0xA4, 0x1F, 0x8E, 0x47, 0xD0, 0x24, 0x11, 0xD0
58 sc_GetCamKey384DZ
[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
59 0x27, 0xF2, 0xD6, 0xCD, 0xE6, 0x88, 0x62, 0x46,
60 0x81, 0xB0, 0xF5, 0x3E, 0x6F, 0x13, 0x4D, 0xCC,
61 0xFE, 0xD0, 0x67, 0xB1, 0x93, 0xDD, 0xF4, 0xDE,
62 0xEF, 0xF5, 0x3B, 0x04, 0x1D, 0xE5, 0xC3, 0xB2,
63 0x54, 0x38, 0x57, 0x7E, 0xC8, 0x39, 0x07, 0x2E,
64 0xD2, 0xF4, 0x05, 0xAA, 0x15, 0xB5, 0x55, 0x24,
65 0x90, 0xBB, 0x9B, 0x00, 0x96, 0xF0, 0xCB, 0xF1,
66 0x8A, 0x08, 0x7F, 0x0B, 0xB8, 0x79, 0xC3, 0x5D
68 sc_GetCamKey384FZ
[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
69 0x62, 0xFE, 0xD8, 0x4F, 0x44, 0x86, 0x2C, 0x21,
70 0x50, 0x9A, 0xBE, 0x27, 0x15, 0x9E, 0xC4, 0x48,
71 0xF3, 0x73, 0x5C, 0xBD, 0x08, 0x64, 0x6D, 0x13,
72 0x64, 0x90, 0x14, 0xDB, 0xFF, 0xC3, 0xFE, 0x03,
73 0x97, 0xFA, 0x75, 0x08, 0x12, 0xF9, 0x8F, 0x84,
74 0x83, 0x17, 0xAA, 0x6F, 0xEF, 0x2C, 0x10, 0x1B,
75 0xBF, 0x31, 0x41, 0xC3, 0x54, 0x2F, 0x65, 0x50,
76 0x95, 0xA9, 0x64, 0x22, 0x5E, 0xA4, 0xAF, 0xA9
79 /* some variables for acs57 (Dahlia for ITA dvb-t) */
85 typedef struct chid_base_date
95 int32_t acs57
; // A flag for the ACS57 ITA DVB-T
97 char country_code
[3]; // irdeto country code.
100 static void XRotateLeft8Byte(uchar
*buf
)
105 for(k
= 0; k
<= 7; k
++)
109 buf
[k
] = (buf
[k
] << 1) | (t2
>> 7);
113 static void ReverseSessionKeyCrypt(const uchar
*camkey
, uchar
*key
)
115 uchar localkey
[8], tmp1
, tmp2
;
118 memcpy(localkey
, camkey
, 8) ;
119 for(idx1
= 0; idx1
< 8; idx1
++)
121 for(idx2
= 0; idx2
< 8; idx2
++)
123 tmp1
= CryptTable
[key
[7] ^ localkey
[idx2
] ^ idx1
] ;
130 key
[5] = key
[6] ^ tmp1
;
132 key
[7] = tmp1
^ tmp2
;
134 XRotateLeft8Byte(localkey
);
138 static unsigned char XorSum(const unsigned char *mem
, int len
)
140 unsigned char cs
= 0;
149 static time_t chid_date(struct s_reader
*reader
, uint32_t date
, char *buf
, int32_t l
)
152 // Irdeto date starts 01.08.1997 which is
153 // 870393600 seconds in unix calendar time
155 // The above might not be true for all Irdeto card
156 // we need to find a way to identify cards to set the base date
157 // like we did for NDS
159 // this is the known default value.
162 if((reader
->caid
>>8) == 0x06)
163 { date_base
= 946598400L; } // this is actually 31.12.1999, 00:00 default for irdeto card
165 { date_base
= 870393600L; } // this is actually 01.08.1997, 00:00 default for betacrypt cards
167 // CAID, ACS, Country, base date D . M. Y, h : m
168 CHID_BASE_DATE table
[] = {
170 {0x0662, 0x0608, "ITA", 944110500L}, // 01.12.1999, 23.55
171 {0x0616, 0x0608, "ITA", 944110500L}, // 01.12.1999, 23.55 //nitegate
173 {0x0647, 0x0005, "ITA", 946598400L}, // 31.12.1999, 00:00 //Redlight irdeto
174 {0x0664, 0x0608, "TUR", 946598400L}, // 31.12.1999, 00:00
175 {0x0624, 0x0006, "CZE", 946598400L}, // 30.12.1999, 16:00 //skyklink irdeto
176 {0x0624, 0x0006, "SVK", 946598400L}, // 30.12.1999, 16:00 //skyklink irdeto
177 {0x0666, 0x0006, "SVK", 946598400L}, // 30.12.1999, 16:00 //cslink irdeto
178 {0x0668, 0x0006, "SVK", 946598400L}, // 30.12.1999, 00:00 //Towercom Irdeto
179 {0x0666, 0x0006, "CZE", 946598400L}, // 30.12.1999, 16:00 //cslink irdeto
180 {0x0650, 0x0608, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf P410 irdeto
181 {0x0650, 0x0005, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf P410 irdeto
182 {0x0648, 0x0608, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf ice irdeto
183 {0x0648, 0x0005, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf ice irdeto
184 {0x0627, 0x0608, "EGY", 946598400L}, // 30.12.1999, 16:00
185 {0x0602, 0x0606, "NLD", 946598400L}, // 31.12.1999, 08:00 //Ziggo irdeto caid: 0602, acs: 6.06
186 {0x0602, 0x0505, "NLD", 946598400L}, // 31.12.1999, 00:00 //Ziggo irdeto caid: 0602, acs: 5.05
187 {0x0606, 0x0005, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 0.05
188 {0x0606, 0x0605, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 6.05
189 {0x0606, 0x0606, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 6.06
190 {0x0606, 0x0006, "ZAF", 946598400L}, // 31.12.1999, 00:00 //dstv irdeto
192 {0x0604, 0x1541, "GRC", 977817600L}, // 26.12.2000, 00:00
193 {0x0604, 0x1542, "GRC", 977817600L}, // 26.12.2000, 00:00
194 {0x0604, 0x1543, "GRC", 977817600L}, // 26.12.2000, 00:00
195 {0x0604, 0x1544, "GRC", 977817600L}, // 26.12.2000, 17:00
197 {0x0604, 0x0608, "EGY", 999993600L}, // 08.09.2001, 17:00
199 {0x0604, 0x0606, "EGY", 1003276800L}, // 16.10.2001, 17:00
201 {0x0604, 0x0605, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
202 {0x0604, 0x0606, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
203 {0x0604, 0x0607, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
204 {0x0604, 0x0608, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
205 {0x0604, 0x0005, "GRC", 1011052800L}, // 15.01.2002, 00:00 //mova irdeto
207 {0x0604, 0x0606, "NLD", 1066089600L}, // 14.10.2003, 00:00
208 {0x0610, 0x0608, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0610, acs: 6.08
209 {0x0604, 0x0608, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 6.08
210 {0x0604, 0x0605, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 6.05
211 {0x0604, 0x0005, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 0.05
213 {0x0628, 0x0606, "MCR", 1159574400L}, // 29.09.2006, 00:00
215 {0x0652, 0x0005, "MCR", 1206662400L}, // 28.03.2008, 00:00 //Raduga caid:0652, acs: 0.05
216 {0x0652, 0x0608, "MCR", 1206662400L}, // 28.03.2008, 00:00 //Raduga caid:0652, acs: 6.08
218 // {0x1702, 0x0384, "AUT", XXXXXXXXXL}, // -> we need the base date for this
219 // {0x1702, 0x0384, "GER", 888883200L}, // 02.03.1998, 16:00 -> this fixes some card but break others (S02).
223 // now check for specific providers base date
225 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
228 if(reader
->caid
== table
[i
].caid
&& csystem_data
->acs
== table
[i
].acs
&& !memcmp(csystem_data
->country_code
, table
[i
].c_code
, 3))
230 date_base
= table
[i
].base
;
236 time_t ut
= date_base
+ date
* (24 * 3600);
240 cs_gmtime_r(&ut
, &t
);
241 snprintf(buf
, l
, "%04d/%02d/%02d", t
.tm_year
+ 1900, t
.tm_mon
+ 1, t
.tm_mday
);
246 static int32_t irdeto_do_cmd(struct s_reader
*reader
, uchar
*buf
, uint16_t good
, uchar
*cta_res
, uint16_t *p_cta_lr
)
249 if((rc
= reader_cmd2icc(reader
, buf
, buf
[4] + 5, cta_res
, p_cta_lr
)))
250 { return (rc
); } // result may be 0 (success) or negative
252 { return (0x7F7F); } // this should never happen
253 return (good
!= b2i(2, cta_res
+ *p_cta_lr
- 2));
256 #define reader_chk_cmd(cmd, l) \
258 if (reader_cmd2icc(reader, cmd, sizeof(cmd), cta_res, &cta_lr)) return ERROR; \
259 if (l && (cta_lr!=l)) return ERROR; }
261 static int32_t irdeto_card_init_provider(struct s_reader
*reader
)
265 uchar buf
[256] = {0};
266 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
268 uchar sc_GetProvider
[] = { 0x02, 0x03, 0x03, 0x00, 0x00 };
269 uchar sc_Acs57Prov
[] = { 0xD2, 0x06, 0x03, 0x00, 0x01, 0x3C };
270 uchar sc_Acs57_Cmd
[] = { ACS57GET
, 0xFE, 0x00, 0x00, 0x00 };
274 memset(reader
->prid
, 0xff, sizeof(reader
->prid
));
275 for(buf
[0] = i
= p
= 0; i
< reader
->nprov
; i
++)
278 if(csystem_data
->acs57
== 1)
282 irdeto_do_cmd(reader
, sc_Acs57Prov
, 0x9021, cta_res
, &cta_lr
);
283 int32_t acslength
= cta_res
[cta_lr
- 1];
284 sc_Acs57_Cmd
[4] = acslength
;
285 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
291 sc_GetProvider
[3] = i
;
292 reader_chk_cmd(sc_GetProvider
, 0);
294 //if ((cta_lr==26) && (cta_res[0]!=0xf))
295 if(((cta_lr
== 26) && ((!(i
& 1)) || (cta_res
[0] != 0xf))) || (csystem_data
->acs57
== 1))
297 reader
->prid
[i
][4] = p
++;
299 // maps the provider id for Betacrypt from FFFFFF to 000000,
300 // fixes problems with cascading CCcam and OSCam
301 if(caid_is_betacrypt(reader
->caid
))
302 { memset(&reader
->prid
[i
][0], 0, 4); }
304 { memcpy(&reader
->prid
[i
][0], cta_res
+ acspadd
, 4); }
306 if(!memcmp(cta_res
+ acspadd
+ 1, &reader
->hexserial
, 3))
307 { reader
->prid
[i
][3] = 0xFF; }
309 snprintf((char *) buf
+ strlen((char *)buf
), sizeof(buf
) - strlen((char *)buf
), ",%06x", b2i(3, &reader
->prid
[i
][1]));
312 { reader
->prid
[i
][0] = 0xf; }
315 { rdr_log(reader
, "active providers: %d (%s)", p
, buf
+ 1); }
322 static int32_t irdeto_card_init(struct s_reader
*reader
, ATR
*newatr
)
327 uchar buf
[256] = {0};
328 uchar sc_GetCamKey383C
[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
329 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
330 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
331 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
332 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
333 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
334 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
335 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
336 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
339 uchar sc_GetASCIISerial
[] = { 0x02, 0x00, 0x03, 0x00, 0x00 },
340 sc_GetHEXSerial
[] = { 0x02, 0x01, 0x00, 0x00, 0x00 },
341 sc_GetSCDetails
[] = { 0x02, 0x1E, 0x00, 0x00, 0x00 },
342 sc_GetCardFile
[] = { 0x02, 0x0E, 0x02, 0x00, 0x00 };
345 uchar sc_Acs57CamKey
[70] = { 0xD2, 0x12, 0x03, 0x00, 0x41},
346 sc_Acs57Country
[] = { 0xD2, 0x04, 0x00, 0x00, 0x01, 0x3E },
347 sc_Acs57Ascii
[] = { 0xD2, 0x00, 0x03, 0x00, 0x01, 0x3F },
348 sc_Acs57Hex
[] = { 0xD2, 0x02, 0x03, 0x00, 0x01, 0x3E },
349 sc_Acs57CFile
[] = { 0xD2, 0x1C, 0x02, 0x00, 0x01, 0x30 },
350 sc_Acs57_Cmd
[] = { ACS57GET
, 0xFE, 0x00, 0x00, 0x00 };
354 if(!memcmp(atr
+ 4, "IRDETO", 6))
358 if((!memcmp(atr
+ 5, "IRDETO", 6)) || ((atr
[6] == 0xC4 && atr
[9] == 0x8F && atr
[10] == 0xF1) && reader
->force_irdeto
))
362 rdr_log(reader
, "Hist. Bytes: %s", atr
+ 5);
370 if(!cs_malloc(&reader
->csystem_data
, sizeof(struct irdeto_data
)))
372 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
373 csystem_data
->acs57
= acs57
;
375 rdr_log(reader
, "detect irdeto card");
376 if(array_has_nonzero_byte(reader
->rsa_mod
, 64) > 0 && (!reader
->force_irdeto
|| csystem_data
->acs57
)) // we use rsa from config as camkey
379 rdr_log_dbg(reader
, D_READER
, "using camkey data from config");
380 rdr_log_dbg(reader
, D_READER
, " camkey: %s", cs_hexdump(0, reader
->boxkey
, sizeof(reader
->boxkey
), tmp_dbg
, sizeof(tmp_dbg
)));
381 if(csystem_data
->acs57
== 1)
383 memcpy(&sc_Acs57CamKey
[5], reader
->rsa_mod
, 0x40);
384 rdr_log_dbg(reader
, D_READER
, "camkey-data: %s", cs_hexdump(0, &sc_Acs57CamKey
[5], 32, tmp_dbg
, sizeof(tmp_dbg
)));
385 rdr_log_dbg(reader
, D_READER
, "camkey-data: %s", cs_hexdump(0, &sc_Acs57CamKey
[37], 32, tmp_dbg
, sizeof(tmp_dbg
)));
389 memcpy(&sc_GetCamKey383C
[5], reader
->rsa_mod
, 0x40);
390 rdr_log_dbg(reader
, D_READER
, "camkey-data: %s", cs_hexdump(0, &sc_GetCamKey383C
[5], 32, tmp_dbg
, sizeof(tmp_dbg
)));
391 rdr_log_dbg(reader
, D_READER
, "camkey-data: %s", cs_hexdump(0, &sc_GetCamKey383C
[37], 32, tmp_dbg
, sizeof(tmp_dbg
)));
396 if(csystem_data
->acs57
== 1)
398 rdr_log(reader
, "WARNING: ACS57 card can require the CamKey from config");
402 memcpy(reader
->boxkey
, "\x11\x22\x33\x44\x55\x66\x77\x88", 8);
406 * Get Irdeto Smartcard Details - version - patch level etc
408 if(csystem_data
->acs57
== 0)
410 if(!irdeto_do_cmd(reader
, sc_GetSCDetails
, 0, cta_res
, &cta_lr
))
411 rdr_log(reader
, "Irdeto SC %0x version %0x revision %0x, patch level %0x", cta_res
[0 + acspadd
],
412 cta_res
[1 + acspadd
], cta_res
[2 + acspadd
], cta_res
[5 + acspadd
]);
417 if(csystem_data
->acs57
== 1)
419 irdeto_do_cmd(reader
, sc_Acs57Country
, 0x9019, cta_res
, &cta_lr
);
420 int32_t acslength
= cta_res
[cta_lr
- 1];
421 sc_Acs57_Cmd
[4] = acslength
;
422 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
426 reader_chk_cmd(sc_GetCountryCode
, 18);
428 csystem_data
->acs
= (cta_res
[0 + acspadd
] << 8) | cta_res
[1 + acspadd
];
429 reader
->caid
= (cta_res
[5 + acspadd
] << 8) | cta_res
[6 + acspadd
];
430 memcpy(csystem_data
->country_code
, cta_res
+ 13 + acspadd
, 3);
431 rdr_log(reader
, "caid: %04X, acs: %x.%02x, country code: %c%c%c",
432 reader
->caid
, cta_res
[0 + acspadd
], cta_res
[1 + acspadd
], cta_res
[13 + acspadd
], cta_res
[14 + acspadd
], cta_res
[15 + acspadd
]);
437 if(csystem_data
->acs57
== 1)
439 irdeto_do_cmd(reader
, sc_Acs57Ascii
, 0x901D, cta_res
, &cta_lr
);
440 int32_t acslength
= cta_res
[cta_lr
- 1];
441 sc_Acs57_Cmd
[4] = acslength
;
442 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
446 reader_chk_cmd(sc_GetASCIISerial
, 22);
448 memcpy(buf
, cta_res
+ acspadd
, 10);
450 if(csystem_data
->acs57
== 1)
452 irdeto_do_cmd(reader
, sc_Acs57Hex
, 0x903E, cta_res
, &cta_lr
);
453 int32_t acslength
= cta_res
[cta_lr
- 1];
454 sc_Acs57_Cmd
[4] = acslength
;
455 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
459 reader_chk_cmd(sc_GetHEXSerial
, 18);
461 reader
->nprov
= cta_res
[10 + acspadd
];
462 memcpy(reader
->hexserial
, cta_res
+ 12 + acspadd
, 4);
464 rdr_log_sensitive(reader
, "providers: %d, ascii serial: {%s}, hex serial: {%02X%02X%02X}, hex base: {%02X}",
465 reader
->nprov
, buf
, reader
->hexserial
[0], reader
->hexserial
[1], reader
->hexserial
[2], reader
->hexserial
[3]);
470 if(csystem_data
->acs57
== 1)
472 irdeto_do_cmd(reader
, sc_Acs57CFile
, 0x9049, cta_res
, &cta_lr
);
473 int32_t acslength
= cta_res
[cta_lr
- 1];
474 sc_Acs57_Cmd
[4] = acslength
;
475 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
476 sc_Acs57CFile
[2] = 0x03;
478 irdeto_do_cmd(reader
, sc_Acs57CFile
, 0x9049, cta_res
, &cta_lr
);
479 acslength
= cta_res
[cta_lr
- 1];
480 sc_Acs57_Cmd
[4] = acslength
;
481 sc_Acs57_Cmd
[2] = 0x03;
482 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
483 sc_Acs57_Cmd
[2] = 0x00;
487 for(sc_GetCardFile
[2] = 2; sc_GetCardFile
[2] < 4; sc_GetCardFile
[2]++)
488 { reader_chk_cmd(sc_GetCardFile
, 0); }
494 if(((atr
[14] == 0x03) && (atr
[15] == 0x84) && (atr
[16] == 0x55)) || (((atr
[14] == 0x53) && (atr
[15] == 0x20) && (atr
[16] == 0x56))))
507 // case 0x0624: camkey = 4; break; //ice 0D96/0624 has short ATR
514 if((reader
->caid
== 0x0648) || (reader
->caid
== 0x0650) || (reader
->caid
== 0x0666) || (reader
->caid
== 0x0624 && csystem_data
->acs57
== 1)) // acs 6.08 and ice 0D96/0624
517 sc_Acs57CamKey
[2] = 0;
519 // Dirthy hack for Ziggo will be removed when optimum values are find on these T14 cards for v2 and triple
520 // There are also other readers suffering from simmilar issue for those cards.
521 if(((reader
->caid
== 0x0604) || (reader
->caid
== 0x1722)) && (reader
->typ
== R_SMART
) && (reader
->smart_type
>= 2))
523 // Quick and dirty containment for the SmargoV2,Triple and Ziggo irdeto caid: 0604 using smartreader protocol
526 rdr_log_dbg(reader
, D_READER
, "set camkey for type=%d", camkey
);
531 reader_chk_cmd(sc_GetCamKey384CZ
, 10);
534 reader_chk_cmd(sc_GetCamKey384DZ
, 10);
537 reader_chk_cmd(sc_GetCamKey384FZ
, 10);
542 crc
^= 0x01, crc
^= 0x02, crc
^= 0x09;
543 crc
^= sc_Acs57CamKey
[2], crc
^= sc_Acs57CamKey
[3], crc
^= (sc_Acs57CamKey
[4] + 1);
544 for(i
= 5; i
< (int)sizeof(sc_Acs57CamKey
) - 1; i
++)
545 { crc
^= sc_Acs57CamKey
[i
]; }
546 sc_Acs57CamKey
[69] = crc
;
547 if((reader
->caid
== 0x0648) || (reader
->caid
== 0x0650) || (reader
->caid
== 0x0666) || (reader
->caid
== 0x0624 && csystem_data
->acs57
== 1))
549 sc_Acs57CamKey
[69] = XorSum(sc_Acs57CamKey
, 69) ^ 0x3f ^(sc_Acs57CamKey
[0] & 0xf0) ^ 0x1b;
550 if(irdeto_do_cmd(reader
, sc_Acs57CamKey
, 0x9011, cta_res
, &cta_lr
))
552 rdr_log(reader
, "You have a bad Cam Key set");
557 { irdeto_do_cmd(reader
, sc_Acs57CamKey
, 0x9012, cta_res
, &cta_lr
); }
558 int32_t acslength
= cta_res
[cta_lr
- 1];
559 sc_Acs57_Cmd
[4] = acslength
;
560 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
563 // dirthy hack ziggo nl card smartredaer v2 and triple will be removed after findings optimum T14 values for v2 and triple
566 // For some reason only 4 to 5 bytes are received, while 8 bytes are expected.
569 rc
= reader_cmd2icc(reader
, sc_GetCamKey383C
, sizeof(sc_GetCamKey383C
), cta_res
, &cta_lr
);
570 rdr_log_dbg(reader
, D_READER
, "SmargoV2 camkey exchange containment: Ignoring returncode (%d), should have been 0.", rc
);
571 rdr_log_dbg(reader
, D_READER
, "In case cardinit NOK and/or no entitlements, retry by restarting oscam.");
576 if(csystem_data
->acs57
== 1)
578 int32_t i
, crc
= 0x76;
579 for(i
= 6; i
< (int)sizeof(sc_Acs57CamKey
) - 1; i
++)
580 { crc
^= sc_Acs57CamKey
[i
]; }
581 sc_Acs57CamKey
[69] = crc
;
582 irdeto_do_cmd(reader
, sc_Acs57CamKey
, 0x9012, cta_res
, &cta_lr
);
583 int32_t acslength
= cta_res
[cta_lr
- 1];
584 sc_Acs57_Cmd
[4] = acslength
;
585 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
589 reader_chk_cmd(sc_GetCamKey383C
, 0);
593 if((reader
->cardmhz
!= 600 && reader
->typ
!= R_INTERNAL
) || (reader
->typ
== R_INTERNAL
&& (reader
->mhz
< 510 || reader
->cardmhz
> 690)))
594 { rdr_log(reader
, "WARNING: For Irdeto cards you will have to set '%s= 600' in oscam.server", (reader
->typ
== R_INTERNAL
? "mhz" : "cardmhz") ); }
596 return irdeto_card_init_provider(reader
);
599 int32_t irdeto_do_ecm(struct s_reader
*reader
, const ECM_REQUEST
*er
, struct s_ecm_answer
*ea
)
602 cta_lr
= 0; //suppress compiler error
603 static const uchar sc_EcmCmd
[] = { 0x05, 0x00, 0x00, 0x02, 0x00 };
604 uchar sc_Acs57Ecm
[] = {0xD5, 0x00, 0x00, 0x02, 0x00};
605 uchar sc_Acs57_Cmd
[] = { ACS57ECM
, 0xFE, 0x00, 0x00, 0x00 };
606 uchar cta_cmd
[MAX_ECM_SIZE
];
607 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
609 int32_t i
= 0, acspadd
= 0;
610 if(csystem_data
->acs57
== 1)
613 sc_Acs57Ecm
[4] = er
->ecm
[2] - 2;
614 if((reader
->caid
== 0x0648) || (reader
->caid
== 0x0650) || (reader
->caid
== 0x0666) || (reader
->caid
== 0x0624 && csystem_data
->acs57
== 1)) //crc for orf, cslink, skylink
619 crc
^= sc_Acs57Ecm
[2];
620 crc
^= sc_Acs57Ecm
[3];
621 crc
^= (sc_Acs57Ecm
[4] - 1);
622 for(i
= 6; i
< er
->ecm
[2] + 4; i
++)
623 { crc
^= er
->ecm
[i
]; }
627 sc_Acs57Ecm
[2] = er
->ecm
[6];
630 crc
^= sc_Acs57Ecm
[2];
631 crc
^= sc_Acs57Ecm
[3];
632 crc
^= (sc_Acs57Ecm
[4] - 1);
633 for(i
= 6; i
< er
->ecm
[3] - 5; i
++)
634 { crc
^= er
->ecm
[i
]; }
636 memcpy(cta_cmd
, sc_Acs57Ecm
, sizeof(sc_Acs57Ecm
));
637 memcpy(cta_cmd
+ 5, er
->ecm
+ 6, er
->ecm
[2] - 1);
638 cta_cmd
[er
->ecm
[2] + 2] = crc
;
640 irdeto_do_cmd(reader
, cta_cmd
, 0, cta_res
, &cta_lr
);
641 int32_t acslength
= cta_res
[cta_lr
- 1];
642 // If acslength != 0x1F you don't have the entitlements or you camkey is bad
643 if(acslength
!= 0x1F)
648 rdr_log(reader
, "Maybe you don't have the entitlements for this channel");
651 rdr_log(reader
, "Maybe you have a bad Cam Key set it from config file");
656 sc_Acs57_Cmd
[4] = acslength
;
658 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
663 memcpy(cta_cmd
, sc_EcmCmd
, sizeof(sc_EcmCmd
));
664 cta_cmd
[4] = (er
->ecm
[2]) - 3;
665 memcpy(cta_cmd
+ sizeof(sc_EcmCmd
), &er
->ecm
[6], cta_cmd
[4]);
672 snprintf(ea
->msglog
, MSGLOGSIZE
, "%s irdeto_do_cmd try nr %i", reader
->label
, try);
673 ret
= (irdeto_do_cmd(reader
, cta_cmd
, 0x9D00, cta_res
, &cta_lr
));
674 ret
= ret
|| (cta_lr
< 24);
677 switch(cta_res
[cta_lr
- 2])
679 case 0x26: // valid for V6 and V7 cards *26 rare case card gets locked if bad EMM being written
681 snprintf(ea
->msglog
, MSGLOGSIZE
, "%s cardstatus: LOCKED", reader
->label
);
684 case 0x27: // valid for V6 and V7 cards Time sync EMMs
686 snprintf(ea
->msglog
, MSGLOGSIZE
, "%s need global EMMs first", reader
->label
);
689 case 0x33: // valid for all cards *33 comes in 2 cases Either Card Requires to be init with Dynamic RSA AKA cmd28/A0 or Pairing Enabled
691 snprintf(ea
->msglog
, MSGLOGSIZE
, "%s dynamic RSA init or pairing enabled", reader
->label
);
694 case 0x35: // valid for V6 and V7 cards Time sync EMMs
696 snprintf(ea
->msglog
, MSGLOGSIZE
, "%s need global EMMs first", reader
->label
);
699 case 0x90: // valid for all cards
701 snprintf(ea
->msglog
, MSGLOGSIZE
,"%s unsubscribed channel or chid missing", reader
->label
);
704 case 0x92: // valid for all cards
706 snprintf(ea
->msglog
, MSGLOGSIZE
,"%s regional chid missing", reader
->label
);
709 case 0x9E: // valid for all cards *9E comes in 2 cases if card not fully updated OR if pairing Enabled
711 if(cta_res
[cta_lr
- 1] == 0x65)
713 snprintf(ea
->msglog
, MSGLOGSIZE
,"%s chipset pairing enabled", reader
->label
);
718 snprintf(ea
->msglog
, MSGLOGSIZE
,"%s needs EMMs", reader
->label
);
722 case 0xA0: // valid for all cards
724 snprintf(ea
->msglog
, MSGLOGSIZE
,"%s surflock enabled", reader
->label
);
728 default: // all other error status
730 snprintf(ea
->msglog
, MSGLOGSIZE
, "%s irdeto_do_cmd [%d] %02x %02x", reader
->label
, cta_lr
, cta_res
[cta_lr
- 2], cta_res
[cta_lr
- 1]);
737 while((try < 3) && (ret
));
742 if(cta_res
[5]== 0x36 || cta_res
[5]== 0x37 || cta_res
[5]== 0x24 || cta_res
[5]== 0x25)
744 snprintf(ea
->msglog
, MSGLOGSIZE
, "cw needs tweaking");
746 ReverseSessionKeyCrypt(reader
->boxkey
, cta_res
+ 6 + acspadd
);
747 ReverseSessionKeyCrypt(reader
->boxkey
, cta_res
+ 14 + acspadd
);
748 memcpy(ea
->cw
, cta_res
+ 6 + acspadd
, 16);
752 static int32_t irdeto_get_emm_type(EMM_PACKET
*ep
, struct s_reader
*rdr
)
755 int32_t i
, l
= (ep
->emm
[3] & 0x07);
756 int32_t base
= (ep
->emm
[3] >> 3);
757 char dumprdrserial
[l
* 3], dumpemmserial
[l
* 3];
759 rdr_log_dbg(rdr
, D_EMM
, "Entered irdeto_get_emm_type ep->emm[3]=%02x", ep
->emm
[3]);
765 // global emm, 0 bytes addressed
767 rdr_log_dbg(rdr
, D_EMM
, "GLOBAL base = %02x", base
);
768 if(base
& 0x10) // hex serial based?
770 if(base
== rdr
->hexserial
[3]) // does base match?
776 return 0; // base doesnt match!
779 else { return 1; } // provider based, match all!
782 // shared emm, 2 bytes addressed
784 memset(ep
->hexserial
, 0, 8);
785 memcpy(ep
->hexserial
, ep
->emm
+ 4, l
);
786 cs_hexdump(1, rdr
->hexserial
, l
, dumprdrserial
, sizeof(dumprdrserial
));
787 cs_hexdump(1, ep
->hexserial
, l
, dumpemmserial
, sizeof(dumpemmserial
));
788 rdr_log_dbg_sensitive(rdr
, D_EMM
, "SHARED l = %d ep = {%s} rdr = {%s} base = %02x", l
,
789 dumpemmserial
, dumprdrserial
, base
);
794 return (base
== rdr
->hexserial
[3] && !memcmp(ep
->emm
+ 4, rdr
->hexserial
, l
));
798 if(!memcmp(ep
->emm
+ 4, rdr
->hexserial
, l
))
801 // provider addressed
802 for(i
= 0; i
< rdr
->nprov
; i
++)
803 if(base
== rdr
->prid
[i
][0] && !memcmp(ep
->emm
+ 4, &rdr
->prid
[i
][1], l
))
806 rdr_log_dbg(rdr
, D_EMM
, "neither hex nor provider addressed or unknown provider id");
810 // unique emm, 3 bytes addressed
812 memset(ep
->hexserial
, 0, 8);
813 memcpy(ep
->hexserial
, ep
->emm
+ 4, l
);
814 cs_hexdump(1, rdr
->hexserial
, l
, dumprdrserial
, sizeof(dumprdrserial
));
815 cs_hexdump(1, ep
->hexserial
, l
, dumpemmserial
, sizeof(dumpemmserial
));
816 rdr_log_dbg_sensitive(rdr
, D_EMM
, "UNIQUE l = %d ep = {%s} rdr = {%s} base = %02x", l
,
817 dumpemmserial
, dumprdrserial
, base
);
820 // unique hex addressed
821 { return (base
== rdr
->hexserial
[3] && !memcmp(ep
->emm
+ 4, rdr
->hexserial
, l
)); }
824 if(!memcmp(ep
->emm
+ 4, rdr
->hexserial
, l
))
827 // unique provider addressed
828 for(i
= 0; i
< rdr
->nprov
; i
++)
829 if(base
== rdr
->prid
[i
][0] && !memcmp(ep
->emm
+ 4, &rdr
->prid
[i
][1], l
))
832 rdr_log_dbg(rdr
, D_EMM
, "neither hex nor provider addressed or unknown provider id");
837 rdr_log_dbg(rdr
, D_EMM
, "UNKNOWN");
843 static int32_t irdeto_get_emm_filter(struct s_reader
*rdr
, struct s_csystem_emm_filter
**emm_filters
, unsigned int *filter_count
)
845 if(*emm_filters
== NULL
)
847 const unsigned int max_filter_count
= 3 + (rdr
->nprov
* 2);
848 if(!cs_malloc(emm_filters
, max_filter_count
* sizeof(struct s_csystem_emm_filter
)))
851 struct s_csystem_emm_filter
*filters
= *emm_filters
;
854 unsigned int idx
= 0;
856 filters
[idx
].type
= EMM_GLOBAL
;
857 filters
[idx
].enabled
= 1;
858 filters
[idx
].filter
[0] = 0x82;
859 filters
[idx
].mask
[0] = 0xFF;
860 filters
[idx
].filter
[1] = 0xF8;
861 filters
[idx
].mask
[1] = 0x07;
864 filters
[idx
].type
= EMM_UNIQUE
;
865 filters
[idx
].enabled
= 1;
866 filters
[idx
].filter
[0] = 0x82;
867 filters
[idx
].mask
[0] = 0xFF;
868 filters
[idx
].filter
[1] = 0xFB;
869 filters
[idx
].mask
[1] = 0x07;
870 memcpy(&filters
[idx
].filter
[2], rdr
->hexserial
, 3);
871 memset(&filters
[idx
].mask
[2], 0xFF, 3);
874 // Shared on Hex Serial only for Betacrypt
875 if(caid_is_betacrypt(rdr
->caid
))
877 filters
[idx
].type
= EMM_SHARED
;
878 filters
[idx
].enabled
= 1;
879 filters
[idx
].filter
[0] = 0x82;
880 filters
[idx
].mask
[0] = 0xFF;
881 filters
[idx
].filter
[1] = 0xFA;
882 filters
[idx
].mask
[1] = 0x07;
883 memcpy(&filters
[idx
].filter
[2], rdr
->hexserial
, 2);
884 memset(&filters
[idx
].mask
[2], 0xFF, 2);
889 for(i
= 0; i
< rdr
->nprov
; i
++)
891 // 00XX00 provider is a not initialised not used provider
892 if(rdr
->prid
[i
][1] == 0xFF || (rdr
->prid
[i
][1] == 0x00 && rdr
->prid
[i
][3] == 0x00 && rdr
->caid
!= 0x0647))
895 filters
[idx
].type
= EMM_UNIQUE
;
896 filters
[idx
].enabled
= 1;
897 filters
[idx
].filter
[0] = 0x82;
898 filters
[idx
].mask
[0] = 0xFF;
899 filters
[idx
].filter
[1] = 0xFB;
900 filters
[idx
].mask
[1] = 0x07;
901 memcpy(&filters
[idx
].filter
[2], &rdr
->prid
[i
][1], 3);
902 memset(&filters
[idx
].mask
[2], 0xFF, 3);
905 filters
[idx
].type
= EMM_SHARED
;
906 filters
[idx
].enabled
= 1;
907 filters
[idx
].filter
[0] = 0x82;
908 filters
[idx
].mask
[0] = 0xFF;
909 filters
[idx
].filter
[1] = 0xFA;
910 filters
[idx
].mask
[1] = 0x07;
911 memcpy(&filters
[idx
].filter
[2], &rdr
->prid
[i
][1], 2);
912 memset(&filters
[idx
].mask
[2], 0xFF, 2);
922 static int32_t irdeto_get_tunemm_filter(struct s_reader
*rdr
, struct s_csystem_emm_filter
**emm_filters
, unsigned int *filter_count
)
924 if(*emm_filters
== NULL
)
926 const unsigned int max_filter_count
= 3;
927 if(!cs_malloc(emm_filters
, max_filter_count
* sizeof(struct s_csystem_emm_filter
)))
930 struct s_csystem_emm_filter
*filters
= *emm_filters
;
933 unsigned int idx
= 0;
935 filters
[idx
].type
= EMM_GLOBAL
;
936 filters
[idx
].enabled
= 1;
937 filters
[idx
].filter
[0] = 0x82;
938 filters
[idx
].mask
[0] = 0xFF;
941 filters
[idx
].type
= EMM_SHARED
;
942 filters
[idx
].enabled
= 1;
943 filters
[idx
].filter
[0] = 0x83;
944 filters
[idx
].filter
[1] = rdr
->hexserial
[1];
945 filters
[idx
].filter
[2] = rdr
->hexserial
[0];
946 filters
[idx
].filter
[3] = 0x10;
947 filters
[idx
].filter
[4] = 0x00;
948 filters
[idx
].filter
[5] = 0x10;
949 memset(&filters
[idx
].mask
[0], 0xFF, 6);
952 filters
[idx
].type
= EMM_UNIQUE
;
953 filters
[idx
].enabled
= 1;
954 filters
[idx
].filter
[0] = 0x83;
955 filters
[idx
].filter
[1] = rdr
->hexserial
[1];
956 filters
[idx
].filter
[2] = rdr
->hexserial
[0];
957 filters
[idx
].filter
[3] = 0x10;
958 filters
[idx
].filter
[4] = rdr
->hexserial
[2];
959 filters
[idx
].filter
[5] = 0x00;
960 memset(&filters
[idx
].mask
[0], 0xFF, 6);
969 void irdeto_add_emm_header(EMM_PACKET
*ep
)
971 uint8_t bt_emm
[MAX_EMM_SIZE
];
972 static const char *typtext
[] = { "unknown", "unique", "shared", "global" };
973 memset(bt_emm
, 0, sizeof(bt_emm
));
976 if(ep
->emm
[0] == 0x83 && ep
->emm
[5] == 0x10)
978 if(ep
->emm
[7] == 0x00)
979 { ep
->type
= UNIQUE
; }
981 { ep
->type
= SHARED
; }
985 if(ep
->emm
[0] == 0x82)
986 { ep
->type
= GLOBAL
; }
989 if(ep
->type
!= UNKNOWN
&& ep
->emmlen
== 142)
990 { cs_log_dbg(D_EMM
, "[TUN_EMM] Type: %s - rewriting header", typtext
[ep
->type
]); }
994 // BETACRYPT/IRDETO EMM HEADER:
995 static uint8_t headerD0
[6] = { 0x82, 0x70, 0x89, 0xd0, 0x01, 0x00 }; // GLOBAL
996 static uint8_t headerD2
[8] = { 0x82, 0x70, 0x8b, 0xd2, 0x00, 0x00, 0x01, 0x00 }; // SHARED
997 static uint8_t headerD3
[9] = { 0x82, 0x70, 0x8c, 0xd3, 0x00, 0x00, 0x00, 0x01, 0x00 }; // UNIQUE
1002 memcpy(bt_emm
, headerD3
, sizeof(headerD3
));
1003 memcpy(bt_emm
+ sizeof(headerD3
), ep
->emm
+ 8, ep
->emmlen
- 8);
1004 bt_emm
[4] = ep
->emm
[4];
1005 bt_emm
[5] = ep
->emm
[3];
1006 bt_emm
[6] = ep
->emm
[6];
1010 memcpy(bt_emm
, headerD2
, sizeof(headerD2
));
1011 memcpy(bt_emm
+ sizeof(headerD2
), ep
->emm
+ 8, ep
->emmlen
- 8);
1012 bt_emm
[4] = ep
->emm
[4];
1013 bt_emm
[5] = ep
->emm
[3];
1017 memcpy(bt_emm
, headerD0
, sizeof(headerD0
));
1018 memcpy(bt_emm
+ sizeof(headerD0
), ep
->emm
+ 8, ep
->emmlen
- 8);
1022 memcpy(ep
->emm
, bt_emm
, sizeof(bt_emm
));
1025 #define ADDRLEN 4 // Address length in EMM commands
1027 static int32_t irdeto_do_emm(struct s_reader
*reader
, EMM_PACKET
*ep
)
1030 static const uchar sc_EmmCmd
[] = { 0x01, 0x00, 0x00, 0x00, 0x00 };
1031 static uchar sc_Acs57Emm
[] = { 0xD1, 0x00, 0x00, 0x00, 0x00 };
1032 uchar sc_Acs57_Cmd
[] = { ACS57EMM
, 0xFE, 0x00, 0x00, 0x00 };
1033 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
1036 if(ep
->emm
[0] != 0x82)
1038 rdr_log_dbg(reader
, D_EMM
, "Invalid EMM: Has to start with 0x82, but starts with %02x!", ep
->emm
[0]);
1042 int32_t i
, l
= (ep
->emm
[3] & 0x07), ok
= 0;
1043 int32_t mode
= (ep
->emm
[3] >> 3);
1044 uchar
*emm
= ep
->emm
;
1049 ok
= (mode
== reader
->hexserial
[3] && (!l
|| !memcmp(&emm
[4], reader
->hexserial
, l
)));
1053 ok
= !memcmp(&emm
[4], reader
->hexserial
, l
);
1055 // provider addressed
1056 for(i
= 0; i
< reader
->nprov
&& !ok
; i
++)
1058 ok
= (mode
== reader
->prid
[i
][0] && (!l
|| !memcmp(&emm
[4], &reader
->prid
[i
][1], l
)));
1067 if(csystem_data
->acs57
== 1)
1069 int32_t dataLen
= 0;
1070 if(ep
->type
== UNIQUE
)
1072 dataLen
= ep
->emm
[2] - 1;
1076 dataLen
= ep
->emm
[2];
1078 if(dataLen
< 7 || dataLen
> (int32_t)sizeof(ep
->emm
) - 6 || dataLen
> (int32_t)sizeof(cta_cmd
) - 9)
1080 rdr_log_dbg(reader
, D_EMM
, "dataLen %d seems wrong, faulty EMM?", dataLen
);
1083 if(ep
->type
== GLOBAL
&& ((reader
->caid
== 0x0624 && csystem_data
->acs57
== 1) || reader
->caid
== 0x0648 || reader
->caid
== 0x0650 || reader
->caid
== 0x0666)) { dataLen
+= 2; }
1085 sc_Acs57Emm
[4] = dataLen
;
1086 memcpy(&cta_cmd
, sc_Acs57Emm
, sizeof(sc_Acs57Emm
));
1092 crc
^= (dataLen
- 1);
1093 memcpy(&cta_cmd
[5], &ep
->emm
[3], 10);
1094 if(ep
->type
== UNIQUE
)
1096 memcpy(&cta_cmd
[9], &ep
->emm
[9], dataLen
- 4);
1100 if(ep
->type
== GLOBAL
&& ((reader
->caid
== 0x0624 && csystem_data
->acs57
== 1) || reader
->caid
== 0x0648 || reader
->caid
== 0x0650 || reader
->caid
== 0x0666))
1102 memcpy(&cta_cmd
[9], &ep
->emm
[6], 1);
1103 memcpy(&cta_cmd
[10], &ep
->emm
[7], dataLen
- 6);
1106 else if((reader
->caid
== 0x0624 && csystem_data
->acs57
== 1) || reader
->caid
== 0x0648 || reader
->caid
== 0x0650 || reader
->caid
== 0x0666) //only orf, cslink, skylink
1108 memcpy(&cta_cmd
[9], &ep
->emm
[8], dataLen
- 4);
1112 memcpy(&cta_cmd
[10], &ep
->emm
[9], dataLen
- 6);
1115 for(i
= 5; i
< dataLen
+ 4; i
++)
1116 { crc
^= cta_cmd
[i
]; }
1117 cta_cmd
[dataLen
- 1 + 5] = crc
;
1118 irdeto_do_cmd(reader
, cta_cmd
, 0, cta_res
, &cta_lr
);
1119 int32_t acslength
= cta_res
[cta_lr
- 1];
1120 sc_Acs57_Cmd
[4] = acslength
;
1121 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
1122 rdr_log_dbg(reader
, D_EMM
,"response %02X %02X %02X %02X %02X (%s)", cta_res
[0], cta_res
[1], cta_res
[2], cta_res
[3], cta_res
[4],
1123 ((cta_res
[2] == 0 || cta_res
[2] == 0x7B || cta_res
[2] == 0x7C) ? "OK" : "ERROR"));
1124 if(cta_res
[2] == 0x7B || cta_res
[2] == 0x7C) // chid already written or chid already up to date
1128 if(cta_res
[2] == 0x00)
1132 return ERROR
; // all other
1134 else // non acs57 based cards
1136 const int32_t dataLen
= SCT_LEN(emm
) - 5 - l
; // sizeof of emm bytes (nanos)
1137 if(dataLen
< 1 || dataLen
> (int32_t)sizeof(ep
->emm
) - 5 - l
|| dataLen
> (int32_t)sizeof(cta_cmd
) - (int32_t)sizeof(sc_EmmCmd
) - ADDRLEN
)
1139 rdr_log_dbg(reader
, D_EMM
, "dataLen %d seems wrong, faulty EMM?", dataLen
);
1142 uchar
*ptr
= cta_cmd
;
1143 memcpy(ptr
, sc_EmmCmd
, sizeof(sc_EmmCmd
)); // copy card command
1144 ptr
[4] = dataLen
+ ADDRLEN
; // set card command emm size
1145 ptr
+= sizeof(sc_EmmCmd
);
1147 memset(ptr
, 0, ADDRLEN
); // clear addr range
1148 memcpy(ptr
, emm
, l
); // copy addr bytes
1151 memcpy(ptr
, &emm
[2], dataLen
); // copy emm bytes]
1152 irdeto_do_cmd(reader
, cta_cmd
, 0, cta_res
, &cta_lr
);
1153 rdr_log_dbg(reader
, D_EMM
,"response %02X %02X %02X %02X %02X (%s)", cta_res
[0], cta_res
[1], cta_res
[2], cta_res
[3], cta_res
[4],
1154 ((cta_res
[cta_lr
-2] == 0 || cta_res
[cta_lr
-2] == 0x7B || cta_res
[cta_lr
-2] == 0x7C) ? "OK" : "ERROR"));
1156 if(cta_res
[cta_lr
-2] == 0x7B || cta_res
[cta_lr
-2] == 0x7C) // chid already written or chid already up to date
1160 if(cta_res
[cta_lr
-2] == 0x00)
1164 return ERROR
; // all other
1169 rdr_log_dbg(reader
, D_EMM
, "addrlen %d > %d", l
, ADDRLEN
);
1175 rdr_log_dbg(reader
, D_EMM
, "EMM skipped since its hexserial or base doesnt match with this card!");
1180 static int32_t irdeto_card_info(struct s_reader
*reader
)
1184 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
1186 cs_clear_entitlement(reader
); // reset the entitlements
1188 uchar sc_GetChanelIds
[] = { 0x02, 0x04, 0x00, 0x00, 0x01, 0x00 };
1189 uchar sc_Acs57Code
[] = { 0xD2, 0x16, 0x00, 0x00, 0x01 , 0x37},
1190 sc_Acs57Prid
[] = { 0xD2, 0x08, 0x00, 0x00, 0x02, 0x00, 0x00 },
1191 sc_Acs57_Cmd
[] = { ACS57GET
, 0xFE, 0x00, 0x00, 0x00 };
1196 int32_t acspadd
= 0;
1197 if(csystem_data
->acs57
== 1)
1200 reader_chk_cmd(sc_Acs57Code
, 0);
1201 int32_t acslength
= cta_res
[cta_lr
- 1];
1202 sc_Acs57_Cmd
[4] = acslength
;
1203 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
1207 reader_chk_cmd(sc_GetCountryCode2
, 0);
1210 if(((cta_lr
> 9) && !(cta_res
[cta_lr
- 2] | cta_res
[cta_lr
- 1])) || (csystem_data
->acs57
== 1))
1212 rdr_log_dbg(reader
, D_READER
, "max chids: %d, %d, %d, %d", cta_res
[6 + acspadd
], cta_res
[7 + acspadd
], cta_res
[8 + acspadd
], cta_res
[9 + acspadd
]);
1217 for(i
= p
= 0; i
< reader
->nprov
; i
++)
1219 int32_t j
, k
, chid
, first
= 1;
1221 if(reader
->prid
[i
][4] != 0xff)
1224 sc_Acs57Prid
[3] = i
;
1225 sc_GetChanelIds
[3] = i
; // provider at index i
1227 // for (j=0; j<10; j++) => why 10 .. do we know for sure the there are only 10 chids !!!
1228 // shouldn't it me the max chid value we read above ?!
1229 while(1) // will exit if cta_lr < 61 .. which is the correct break condition.
1231 if(csystem_data
->acs57
== 1)
1234 sc_Acs57Prid
[5] = j
;
1238 crc
^= sc_Acs57Prid
[2];
1239 crc
^= sc_Acs57Prid
[3];
1240 crc
^= (sc_Acs57Prid
[4] - 1);
1241 crc
^= sc_Acs57Prid
[5];
1242 sc_Acs57Prid
[6] = crc
;
1243 irdeto_do_cmd(reader
, sc_Acs57Prid
, 0x903C, cta_res
, &cta_lr
);
1244 int32_t acslength
= cta_res
[cta_lr
- 1];
1245 if(acslength
== 0x09) { break; }
1246 sc_Acs57_Cmd
[4] = acslength
;
1247 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
1248 if(cta_res
[10] == 0xFF) { break; }
1249 cta_res
[cta_lr
- 3] = 0xff;
1250 cta_res
[cta_lr
- 2] = 0xff;
1251 cta_res
[cta_lr
- 1] = 0xff;
1256 sc_GetChanelIds
[5] = j
; // chid at index j for provider at index i
1257 reader_chk_cmd(sc_GetChanelIds
, 0);
1259 // if (cta_lr<61) break; // why 61 (0 to 60 in steps of 6 .. is it 10*6 from the 10 in the for loop ?
1260 // what happen if the card only send back.. 9 chids (or less)... we don't see them
1261 // so we should check whether or not we have at least 6 bytes (1 chid).
1262 if(cta_lr
< 6) { break; }
1264 for(k
= 0 + acspadd
; k
< cta_lr
; k
+= 6)
1266 chid
= b2i(2, cta_res
+ k
);
1267 if(chid
&& chid
!= 0xFFFF)
1269 time_t date
, start_t
, end_t
;
1271 start_t
= chid_date(reader
, date
= b2i(2, cta_res
+ k
+ 2), t
, 16);
1272 end_t
= chid_date(reader
, date
+ cta_res
[k
+ 4], t
+ 16, 16);
1274 // todo: add entitlements to list but produces a warning related to date variable
1275 cs_add_entitlement(reader
, reader
->caid
, b2i(3, &reader
->prid
[i
][1]), chid
, 0, start_t
, end_t
, 3, 1);
1279 rdr_log(reader
, "entitlements for provider: %d, id: %06X", p
, b2i(3, &reader
->prid
[i
][1]));
1282 rdr_log(reader
, "chid: %04X, date: %s - %s", chid
, t
, t
+ 16);
1290 rdr_log(reader
, "ready for requests");
1294 const struct s_cardsystem reader_irdeto
=
1297 .caids
= (uint16_t[]){ 0x06, 0x17, 0 },
1298 .do_emm
= irdeto_do_emm
,
1299 .do_ecm
= irdeto_do_ecm
,
1300 .card_info
= irdeto_card_info
,
1301 .card_init
= irdeto_card_init
,
1302 .get_emm_type
= irdeto_get_emm_type
,
1303 .get_emm_filter
= irdeto_get_emm_filter
,
1304 .get_tunemm_filter
= irdeto_get_tunemm_filter
,