search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
revert breaks some stupid old compilers
[oscam.git] / reader-irdeto.c
blob967068f1144f4c034fda33239b8d51717106e8f4
1 #include "globals.h"
2 #ifdef READER_IRDETO
3 #include "oscam-time.h"
4 #include "reader-common.h"
5 #include "reader-irdeto.h"
6
7 static const uchar CryptTable[256] =
8 {
9 0xDA, 0x26, 0xE8, 0x72, 0x11, 0x52, 0x3E, 0x46,
10 0x32, 0xFF, 0x8C, 0x1E, 0xA7, 0xBE, 0x2C, 0x29,
11 0x5F, 0x86, 0x7E, 0x75, 0x0A, 0x08, 0xA5, 0x21,
12 0x61, 0xFB, 0x7A, 0x58, 0x60, 0xF7, 0x81, 0x4F,
13 0xE4, 0xFC, 0xDF, 0xB1, 0xBB, 0x6A, 0x02, 0xB3,
14 0x0B, 0x6E, 0x5D, 0x5C, 0xD5, 0xCF, 0xCA, 0x2A,
15 0x14, 0xB7, 0x90, 0xF3, 0xD9, 0x37, 0x3A, 0x59,
16 0x44, 0x69, 0xC9, 0x78, 0x30, 0x16, 0x39, 0x9A,
17 0x0D, 0x05, 0x1F, 0x8B, 0x5E, 0xEE, 0x1B, 0xC4,
18 0x76, 0x43, 0xBD, 0xEB, 0x42, 0xEF, 0xF9, 0xD0,
19 0x4D, 0xE3, 0xF4, 0x57, 0x56, 0xA3, 0x0F, 0xA6,
20 0x50, 0xFD, 0xDE, 0xD2, 0x80, 0x4C, 0xD3, 0xCB,
21 0xF8, 0x49, 0x8F, 0x22, 0x71, 0x84, 0x33, 0xE0,
22 0x47, 0xC2, 0x93, 0xBC, 0x7C, 0x3B, 0x9C, 0x7D,
23 0xEC, 0xC3, 0xF1, 0x89, 0xCE, 0x98, 0xA2, 0xE1,
24 0xC1, 0xF2, 0x27, 0x12, 0x01, 0xEA, 0xE5, 0x9B,
25 0x25, 0x87, 0x96, 0x7B, 0x34, 0x45, 0xAD, 0xD1,
26 0xB5, 0xDB, 0x83, 0x55, 0xB0, 0x9E, 0x19, 0xD7,
27 0x17, 0xC6, 0x35, 0xD8, 0xF0, 0xAE, 0xD4, 0x2B,
28 0x1D, 0xA0, 0x99, 0x8A, 0x15, 0x00, 0xAF, 0x2D,
29 0x09, 0xA8, 0xF5, 0x6C, 0xA1, 0x63, 0x67, 0x51,
30 0x3C, 0xB2, 0xC0, 0xED, 0x94, 0x03, 0x6F, 0xBA,
31 0x3F, 0x4E, 0x62, 0x92, 0x85, 0xDD, 0xAB, 0xFE,
32 0x10, 0x2E, 0x68, 0x65, 0xE7, 0x04, 0xF6, 0x0C,
33 0x20, 0x1C, 0xA9, 0x53, 0x40, 0x77, 0x2F, 0xA4,
34 0xFA, 0x6D, 0x73, 0x28, 0xE2, 0xCD, 0x79, 0xC8,
35 0x97, 0x66, 0x8E, 0x82, 0x74, 0x06, 0xC7, 0x88,
36 0x1A, 0x4A, 0x6B, 0xCC, 0x41, 0xE9, 0x9D, 0xB8,
37 0x23, 0x9F, 0x3D, 0xBF, 0x8D, 0x95, 0xC5, 0x13,
38 0xB9, 0x24, 0x5A, 0xDC, 0x64, 0x18, 0x38, 0x91,
39 0x7F, 0x5B, 0x70, 0x54, 0x07, 0xB6, 0x4B, 0x0E,
40 0x36, 0xAC, 0x31, 0xE6, 0xD6, 0x48, 0xAA, 0xB4
41 };
42
43 static const uchar
44 sc_GetCountryCode[] = { 0x02, 0x02, 0x03, 0x00, 0x00 };
45
46 static const uchar
47 sc_GetCountryCode2[] = { 0x02, 0x0B, 0x00, 0x00, 0x00 },
48 sc_GetCamKey384CZ[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
49 0x18, 0xD7, 0x55, 0x14, 0xC0, 0x83, 0xF1, 0x38,
50 0x39, 0x6F, 0xF2, 0xEC, 0x4F, 0xE3, 0xF1, 0x85,
51 0x01, 0x46, 0x06, 0xCE, 0x7D, 0x08, 0x2C, 0x74,
52 0x46, 0x8F, 0x72, 0xC4, 0xEA, 0xD7, 0x9C, 0xE0,
53 0xE1, 0xFF, 0x58, 0xE7, 0x70, 0x0C, 0x92, 0x45,
54 0x26, 0x18, 0x4F, 0xA0, 0xE2, 0xF5, 0x9E, 0x46,
55 0x6F, 0xAE, 0x95, 0x35, 0xB0, 0x49, 0xB2, 0x0E,
56 0xA4, 0x1F, 0x8E, 0x47, 0xD0, 0x24, 0x11, 0xD0
57 },
58 sc_GetCamKey384DZ[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
59 0x27, 0xF2, 0xD6, 0xCD, 0xE6, 0x88, 0x62, 0x46,
60 0x81, 0xB0, 0xF5, 0x3E, 0x6F, 0x13, 0x4D, 0xCC,
61 0xFE, 0xD0, 0x67, 0xB1, 0x93, 0xDD, 0xF4, 0xDE,
62 0xEF, 0xF5, 0x3B, 0x04, 0x1D, 0xE5, 0xC3, 0xB2,
63 0x54, 0x38, 0x57, 0x7E, 0xC8, 0x39, 0x07, 0x2E,
64 0xD2, 0xF4, 0x05, 0xAA, 0x15, 0xB5, 0x55, 0x24,
65 0x90, 0xBB, 0x9B, 0x00, 0x96, 0xF0, 0xCB, 0xF1,
66 0x8A, 0x08, 0x7F, 0x0B, 0xB8, 0x79, 0xC3, 0x5D
67 },
68 sc_GetCamKey384FZ[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
69 0x62, 0xFE, 0xD8, 0x4F, 0x44, 0x86, 0x2C, 0x21,
70 0x50, 0x9A, 0xBE, 0x27, 0x15, 0x9E, 0xC4, 0x48,
71 0xF3, 0x73, 0x5C, 0xBD, 0x08, 0x64, 0x6D, 0x13,
72 0x64, 0x90, 0x14, 0xDB, 0xFF, 0xC3, 0xFE, 0x03,
73 0x97, 0xFA, 0x75, 0x08, 0x12, 0xF9, 0x8F, 0x84,
74 0x83, 0x17, 0xAA, 0x6F, 0xEF, 0x2C, 0x10, 0x1B,
75 0xBF, 0x31, 0x41, 0xC3, 0x54, 0x2F, 0x65, 0x50,
76 0x95, 0xA9, 0x64, 0x22, 0x5E, 0xA4, 0xAF, 0xA9
77 };
78
79 /* some variables for acs57 (Dahlia for ITA dvb-t) */
80 #define ACS57EMM 0xD1
81 #define ACS57ECM 0xD5
82 #define ACS57GET 0xD2
83 /* end define */
84
85 typedef struct chid_base_date
86 {
87 uint16_t caid;
88 uint16_t acs;
89 char c_code[4];
90 uint32_t base;
91 } CHID_BASE_DATE;
92
93 struct irdeto_data
94 {
95 int32_t acs57; // A flag for the ACS57 ITA DVB-T
96 uint16_t acs;
97 char country_code[3]; // irdeto country code.
98 };
99
100 static void XRotateLeft8Byte(uchar *buf)
101 {
102 int32_t k;
103 uchar t1 = buf[7];
104 uchar t2 = 0;
105 for(k = 0; k <= 7; k++)
106 {
107 t2 = t1;
108 t1 = buf[k];
109 buf[k] = (buf[k] << 1) | (t2 >> 7);
110 }
111 }
112
113 static void ReverseSessionKeyCrypt(const uchar *camkey, uchar *key)
114 {
115 uchar localkey[8], tmp1, tmp2;
116 int32_t idx1, idx2;
117
118 memcpy(localkey, camkey, 8) ;
119 for(idx1 = 0; idx1 < 8; idx1++)
120 {
121 for(idx2 = 0; idx2 < 8; idx2++)
122 {
123 tmp1 = CryptTable[key[7] ^ localkey[idx2] ^ idx1] ;
124 tmp2 = key[0] ;
125 key[0] = key[1] ;
126 key[1] = key[2] ;
127 key[2] = key[3] ;
128 key[3] = key[4] ;
129 key[4] = key[5] ;
130 key[5] = key[6] ^ tmp1 ;
131 key[6] = key[7] ;
132 key[7] = tmp1 ^ tmp2 ;
133 }
134 XRotateLeft8Byte(localkey);
135 }
136 }
137
138 static unsigned char XorSum(const unsigned char *mem, int len)
139 {
140 unsigned char cs = 0;
141 while(len > 0)
142 {
143 cs ^= *mem++;
144 len--;
145 }
146 return cs;
147 }
148
149 static time_t chid_date(struct s_reader *reader, uint32_t date, char *buf, int32_t l)
150 {
151
152 // Irdeto date starts 01.08.1997 which is
153 // 870393600 seconds in unix calendar time
154 //
155 // The above might not be true for all Irdeto card
156 // we need to find a way to identify cards to set the base date
157 // like we did for NDS
158 //
159 // this is the known default value.
160 uint32_t date_base;
161
162 if((reader->caid>>8) == 0x06)
163 { date_base = 946598400L; } // this is actually 31.12.1999, 00:00 default for irdeto card
164 else
165 { date_base = 870393600L; } // this is actually 01.08.1997, 00:00 default for betacrypt cards
166
167 // CAID, ACS, Country, base date D . M. Y, h : m
168 CHID_BASE_DATE table[] = {
169
170 {0x0662, 0x0608, "ITA", 944110500L}, // 01.12.1999, 23.55
171 {0x0616, 0x0608, "ITA", 944110500L}, // 01.12.1999, 23.55 //nitegate
172
173 {0x0647, 0x0005, "ITA", 946598400L}, // 31.12.1999, 00:00 //Redlight irdeto
174 {0x0664, 0x0608, "TUR", 946598400L}, // 31.12.1999, 00:00
175 {0x0624, 0x0006, "CZE", 946598400L}, // 30.12.1999, 16:00 //skyklink irdeto
176 {0x0624, 0x0006, "SVK", 946598400L}, // 30.12.1999, 16:00 //skyklink irdeto
177 {0x0666, 0x0006, "SVK", 946598400L}, // 30.12.1999, 16:00 //cslink irdeto
178 {0x0668, 0x0006, "SVK", 946598400L}, // 30.12.1999, 00:00 //Towercom Irdeto
179 {0x0666, 0x0006, "CZE", 946598400L}, // 30.12.1999, 16:00 //cslink irdeto
180 {0x0650, 0x0608, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf P410 irdeto
181 {0x0650, 0x0005, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf P410 irdeto
182 {0x0648, 0x0608, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf ice irdeto
183 {0x0648, 0x0005, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf ice irdeto
184 {0x0627, 0x0608, "EGY", 946598400L}, // 30.12.1999, 16:00
185 {0x0602, 0x0606, "NLD", 946598400L}, // 31.12.1999, 08:00 //Ziggo irdeto caid: 0602, acs: 6.06
186 {0x0602, 0x0505, "NLD", 946598400L}, // 31.12.1999, 00:00 //Ziggo irdeto caid: 0602, acs: 5.05
187 {0x0606, 0x0005, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 0.05
188 {0x0606, 0x0605, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 6.05
189 {0x0606, 0x0606, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 6.06
190 {0x0606, 0x0006, "ZAF", 946598400L}, // 31.12.1999, 00:00 //dstv irdeto
191
192 {0x0604, 0x1541, "GRC", 977817600L}, // 26.12.2000, 00:00
193 {0x0604, 0x1542, "GRC", 977817600L}, // 26.12.2000, 00:00
194 {0x0604, 0x1543, "GRC", 977817600L}, // 26.12.2000, 00:00
195 {0x0604, 0x1544, "GRC", 977817600L}, // 26.12.2000, 17:00
196
197 {0x0604, 0x0608, "EGY", 999993600L}, // 08.09.2001, 17:00
198
199 {0x0604, 0x0606, "EGY", 1003276800L}, // 16.10.2001, 17:00
200
201 {0x0604, 0x0605, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
202 {0x0604, 0x0606, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
203 {0x0604, 0x0607, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
204 {0x0604, 0x0608, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
205 {0x0604, 0x0005, "GRC", 1011052800L}, // 15.01.2002, 00:00 //mova irdeto
206
207 {0x0604, 0x0606, "NLD", 1066089600L}, // 14.10.2003, 00:00
208 {0x0610, 0x0608, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0610, acs: 6.08
209 {0x0604, 0x0608, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 6.08
210 {0x0604, 0x0605, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 6.05
211 {0x0604, 0x0005, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 0.05
212
213 {0x0628, 0x0606, "MCR", 1159574400L}, // 29.09.2006, 00:00
214
215 {0x0652, 0x0005, "MCR", 1206662400L}, // 28.03.2008, 00:00 //Raduga caid:0652, acs: 0.05
216 {0x0652, 0x0608, "MCR", 1206662400L}, // 28.03.2008, 00:00 //Raduga caid:0652, acs: 6.08
217
218 // {0x1702, 0x0384, "AUT", XXXXXXXXXL}, // -> we need the base date for this
219 // {0x1702, 0x0384, "GER", 888883200L}, // 02.03.1998, 16:00 -> this fixes some card but break others (S02).
220 {0x0, 0x0, "", 0L}
221 };
222
223 // now check for specific providers base date
224 int32_t i = 0;
225 struct irdeto_data *csystem_data = reader->csystem_data;
226 while(table[i].caid)
227 {
228 if(reader->caid == table[i].caid && csystem_data->acs == table[i].acs && !memcmp(csystem_data->country_code, table[i].c_code, 3))
229 {
230 date_base = table[i].base;
231 break;
232 }
233 i++;
234 }
235
236 time_t ut = date_base + date * (24 * 3600);
237 if(buf)
238 {
239 struct tm t;
240 cs_gmtime_r(&ut, &t);
241 snprintf(buf, l, "%04d/%02d/%02d", t.tm_year + 1900, t.tm_mon + 1, t.tm_mday);
242 }
243 return (ut);
244 }
245
246 static int32_t irdeto_do_cmd(struct s_reader *reader, uchar *buf, uint16_t good, uchar *cta_res, uint16_t *p_cta_lr)
247 {
248 int32_t rc;
249 if((rc = reader_cmd2icc(reader, buf, buf[4] + 5, cta_res, p_cta_lr)))
250 { return (rc); } // result may be 0 (success) or negative
251 if(*p_cta_lr < 2)
252 { return (0x7F7F); } // this should never happen
253 return (good != b2i(2, cta_res + *p_cta_lr - 2));
254 }
255
256 #define reader_chk_cmd(cmd, l) \
257 { \
258 if (reader_cmd2icc(reader, cmd, sizeof(cmd), cta_res, &cta_lr)) return ERROR; \
259 if (l && (cta_lr!=l)) return ERROR; }
260
261 static int32_t irdeto_card_init_provider(struct s_reader *reader)
262 {
263 def_resp;
264 int32_t i, p;
265 uchar buf[256] = {0};
266 struct irdeto_data *csystem_data = reader->csystem_data;
267
268 uchar sc_GetProvider[] = { 0x02, 0x03, 0x03, 0x00, 0x00 };
269 uchar sc_Acs57Prov[] = { 0xD2, 0x06, 0x03, 0x00, 0x01, 0x3C };
270 uchar sc_Acs57_Cmd[] = { ACS57GET, 0xFE, 0x00, 0x00, 0x00 };
271 /*
272 * Provider
273 */
274 memset(reader->prid, 0xff, sizeof(reader->prid));
275 for(buf[0] = i = p = 0; i < reader->nprov; i++)
276 {
277 int32_t acspadd = 0;
278 if(csystem_data->acs57 == 1)
279 {
280 acspadd = 8;
281 sc_Acs57Prov[3] = i;
282 irdeto_do_cmd(reader, sc_Acs57Prov, 0x9021, cta_res, &cta_lr);
283 int32_t acslength = cta_res[cta_lr - 1];
284 sc_Acs57_Cmd[4] = acslength;
285 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
286 sc_Acs57Prov[5]++;
287 sc_Acs57_Cmd[3]++;
288 }
289 else
290 {
291 sc_GetProvider[3] = i;
292 reader_chk_cmd(sc_GetProvider, 0);
293 }
294 //if ((cta_lr==26) && (cta_res[0]!=0xf))
295 if(((cta_lr == 26) && ((!(i & 1)) || (cta_res[0] != 0xf))) || (csystem_data->acs57 == 1))
296 {
297 reader->prid[i][4] = p++;
298
299 // maps the provider id for Betacrypt from FFFFFF to 000000,
300 // fixes problems with cascading CCcam and OSCam
301 if(caid_is_betacrypt(reader->caid))
302 { memset(&reader->prid[i][0], 0, 4); }
303 else
304 { memcpy(&reader->prid[i][0], cta_res + acspadd, 4); }
305
306 if(!memcmp(cta_res + acspadd + 1, &reader->hexserial, 3))
307 { reader->prid[i][3] = 0xFF; }
308
309 snprintf((char *) buf + strlen((char *)buf), sizeof(buf) - strlen((char *)buf), ",%06x", b2i(3, &reader->prid[i][1]));
310 }
311 else
312 { reader->prid[i][0] = 0xf; }
313 }
314 if(p)
315 { rdr_log(reader, "active providers: %d (%s)", p, buf + 1); }
316
317 return OK;
318 }
319
320
321
322 static int32_t irdeto_card_init(struct s_reader *reader, ATR *newatr)
323 {
324 def_resp;
325 get_atr;
326 int32_t camkey = 0;
327 uchar buf[256] = {0};
328 uchar sc_GetCamKey383C[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
329 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
330 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
331 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
332 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
333 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
334 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
335 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
336 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
337 };
338
339 uchar sc_GetASCIISerial[] = { 0x02, 0x00, 0x03, 0x00, 0x00 },
340 sc_GetHEXSerial[] = { 0x02, 0x01, 0x00, 0x00, 0x00 },
341 sc_GetSCDetails[] = { 0x02, 0x1E, 0x00, 0x00, 0x00 },
342 sc_GetCardFile[] = { 0x02, 0x0E, 0x02, 0x00, 0x00 };
343
344
345 uchar sc_Acs57CamKey[70] = { 0xD2, 0x12, 0x03, 0x00, 0x41},
346 sc_Acs57Country[] = { 0xD2, 0x04, 0x00, 0x00, 0x01, 0x3E },
347 sc_Acs57Ascii[] = { 0xD2, 0x00, 0x03, 0x00, 0x01, 0x3F },
348 sc_Acs57Hex[] = { 0xD2, 0x02, 0x03, 0x00, 0x01, 0x3E },
349 sc_Acs57CFile[] = { 0xD2, 0x1C, 0x02, 0x00, 0x01, 0x30 },
350 sc_Acs57_Cmd[] = { ACS57GET, 0xFE, 0x00, 0x00, 0x00 };
351
352 int32_t acspadd = 0;
353 int32_t acs57 = 0;
354 if(!memcmp(atr + 4, "IRDETO", 6))
355 { acs57 = 0; }
356 else
357 {
358 if((!memcmp(atr + 5, "IRDETO", 6)) || ((atr[6] == 0xC4 && atr[9] == 0x8F && atr[10] == 0xF1) && reader->force_irdeto))
359 {
360 acs57 = 1;
361 acspadd = 8;
362 rdr_log(reader, "Hist. Bytes: %s", atr + 5);
363 }
364 else
365 {
366 return ERROR;
367 }
368 }
369
370 if(!cs_malloc(&reader->csystem_data, sizeof(struct irdeto_data)))
371 { return ERROR; }
372 struct irdeto_data *csystem_data = reader->csystem_data;
373 csystem_data->acs57 = acs57;
374
375 rdr_log(reader, "detect irdeto card");
376 if(array_has_nonzero_byte(reader->rsa_mod, 64) > 0 && (!reader->force_irdeto || csystem_data->acs57)) // we use rsa from config as camkey
377 {
378 char tmp_dbg[65];
379 rdr_log_dbg(reader, D_READER, "using camkey data from config");
380 rdr_log_dbg(reader, D_READER, " camkey: %s", cs_hexdump(0, reader->boxkey, sizeof(reader->boxkey), tmp_dbg, sizeof(tmp_dbg)));
381 if(csystem_data->acs57 == 1)
382 {
383 memcpy(&sc_Acs57CamKey[5], reader->rsa_mod, 0x40);
384 rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_Acs57CamKey[5], 32, tmp_dbg, sizeof(tmp_dbg)));
385 rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_Acs57CamKey[37], 32, tmp_dbg, sizeof(tmp_dbg)));
386 }
387 else
388 {
389 memcpy(&sc_GetCamKey383C[5], reader->rsa_mod, 0x40);
390 rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_GetCamKey383C[5], 32, tmp_dbg, sizeof(tmp_dbg)));
391 rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_GetCamKey383C[37], 32, tmp_dbg, sizeof(tmp_dbg)));
392 }
393 }
394 else
395 {
396 if(csystem_data->acs57 == 1)
397 {
398 rdr_log(reader, "WARNING: ACS57 card can require the CamKey from config");
399 }
400 else
401 {
402 memcpy(reader->boxkey, "\x11\x22\x33\x44\x55\x66\x77\x88", 8);
403 }
404 }
405 /*
406 * Get Irdeto Smartcard Details - version - patch level etc
407 */
408 if(csystem_data->acs57 == 0)
409 {
410 if(!irdeto_do_cmd(reader, sc_GetSCDetails, 0, cta_res, &cta_lr))
411 rdr_log(reader, "Irdeto SC %0x version %0x revision %0x, patch level %0x", cta_res[0 + acspadd],
412 cta_res[1 + acspadd], cta_res[2 + acspadd], cta_res[5 + acspadd]);
413 }
414 /*
415 * CountryCode
416 */
417 if(csystem_data->acs57 == 1)
418 {
419 irdeto_do_cmd(reader, sc_Acs57Country, 0x9019, cta_res, &cta_lr);
420 int32_t acslength = cta_res[cta_lr - 1];
421 sc_Acs57_Cmd[4] = acslength;
422 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
423 }
424 else
425 {
426 reader_chk_cmd(sc_GetCountryCode, 18);
427 }
428 csystem_data->acs = (cta_res[0 + acspadd] << 8) | cta_res[1 + acspadd];
429 reader->caid = (cta_res[5 + acspadd] << 8) | cta_res[6 + acspadd];
430 memcpy(csystem_data->country_code, cta_res + 13 + acspadd, 3);
431 rdr_log(reader, "caid: %04X, acs: %x.%02x, country code: %c%c%c",
432 reader->caid, cta_res[0 + acspadd], cta_res[1 + acspadd], cta_res[13 + acspadd], cta_res[14 + acspadd], cta_res[15 + acspadd]);
433
434 /*
435 * Ascii/Hex-Serial
436 */
437 if(csystem_data->acs57 == 1)
438 {
439 irdeto_do_cmd(reader, sc_Acs57Ascii, 0x901D, cta_res, &cta_lr);
440 int32_t acslength = cta_res[cta_lr - 1];
441 sc_Acs57_Cmd[4] = acslength;
442 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
443 }
444 else
445 {
446 reader_chk_cmd(sc_GetASCIISerial, 22);
447 }
448 memcpy(buf, cta_res + acspadd, 10);
449 buf[10] = 0;
450 if(csystem_data->acs57 == 1)
451 {
452 irdeto_do_cmd(reader, sc_Acs57Hex, 0x903E, cta_res, &cta_lr);
453 int32_t acslength = cta_res[cta_lr - 1];
454 sc_Acs57_Cmd[4] = acslength;
455 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
456 }
457 else
458 {
459 reader_chk_cmd(sc_GetHEXSerial, 18);
460 }
461 reader->nprov = cta_res[10 + acspadd];
462 memcpy(reader->hexserial, cta_res + 12 + acspadd, 4);
463
464 rdr_log_sensitive(reader, "providers: %d, ascii serial: {%s}, hex serial: {%02X%02X%02X}, hex base: {%02X}",
465 reader->nprov, buf, reader->hexserial[0], reader->hexserial[1], reader->hexserial[2], reader->hexserial[3]);
466
467 /*
468 * CardFile
469 */
470 if(csystem_data->acs57 == 1)
471 {
472 irdeto_do_cmd(reader, sc_Acs57CFile, 0x9049, cta_res, &cta_lr);
473 int32_t acslength = cta_res[cta_lr - 1];
474 sc_Acs57_Cmd[4] = acslength;
475 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
476 sc_Acs57CFile[2] = 0x03;
477 sc_Acs57CFile[5]++;
478 irdeto_do_cmd(reader, sc_Acs57CFile, 0x9049, cta_res, &cta_lr);
479 acslength = cta_res[cta_lr - 1];
480 sc_Acs57_Cmd[4] = acslength;
481 sc_Acs57_Cmd[2] = 0x03;
482 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
483 sc_Acs57_Cmd[2] = 0x00;
484 }
485 else
486 {
487 for(sc_GetCardFile[2] = 2; sc_GetCardFile[2] < 4; sc_GetCardFile[2]++)
488 { reader_chk_cmd(sc_GetCardFile, 0); }
489 }
490
491 /*
492 * CamKey
493 */
494 if(((atr[14] == 0x03) && (atr[15] == 0x84) && (atr[16] == 0x55)) || (((atr[14] == 0x53) && (atr[15] == 0x20) && (atr[16] == 0x56))))
495 {
496 switch(reader->caid)
497 {
498 case 0x1702:
499 camkey = 1;
500 break;
501 case 0x1722:
502 camkey = 2;
503 break;
504 case 0x1762:
505 camkey = 3;
506 break;
507 // case 0x0624: camkey = 4; break; //ice 0D96/0624 has short ATR
508 default :
509 camkey = 5;
510 break;
511 }
512 }
513
514 if((reader->caid == 0x0648) || (reader->caid == 0x0650) || (reader->caid == 0x0666) || (reader->caid == 0x0624 && csystem_data->acs57 == 1)) // acs 6.08 and ice 0D96/0624
515 {
516 camkey = 4;
517 sc_Acs57CamKey[2] = 0;
518 }
519 // Dirthy hack for Ziggo will be removed when optimum values are find on these T14 cards for v2 and triple
520 // There are also other readers suffering from simmilar issue for those cards.
521 if(((reader->caid == 0x0604) || (reader->caid == 0x1722)) && (reader->typ == R_SMART) && (reader->smart_type >= 2))
522 {
523 // Quick and dirty containment for the SmargoV2,Triple and Ziggo irdeto caid: 0604 using smartreader protocol
524 camkey = 999;
525 } // end dirthy hack
526 rdr_log_dbg(reader, D_READER, "set camkey for type=%d", camkey);
527
528 switch(camkey)
529 {
530 case 1:
531 reader_chk_cmd(sc_GetCamKey384CZ, 10);
532 break;
533 case 2:
534 reader_chk_cmd(sc_GetCamKey384DZ, 10);
535 break;
536 case 3:
537 reader_chk_cmd(sc_GetCamKey384FZ, 10);
538 break;
539 case 4:
540 {
541 int32_t i, crc = 61;
542 crc ^= 0x01, crc ^= 0x02, crc ^= 0x09;
543 crc ^= sc_Acs57CamKey[2], crc ^= sc_Acs57CamKey[3], crc ^= (sc_Acs57CamKey[4] + 1);
544 for(i = 5; i < (int)sizeof(sc_Acs57CamKey) - 1; i++)
545 { crc ^= sc_Acs57CamKey[i]; }
546 sc_Acs57CamKey[69] = crc;
547 if((reader->caid == 0x0648) || (reader->caid == 0x0650) || (reader->caid == 0x0666) || (reader->caid == 0x0624 && csystem_data->acs57 == 1))
548 {
549 sc_Acs57CamKey[69] = XorSum(sc_Acs57CamKey, 69) ^ 0x3f ^(sc_Acs57CamKey[0] & 0xf0) ^ 0x1b;
550 if(irdeto_do_cmd(reader, sc_Acs57CamKey, 0x9011, cta_res, &cta_lr))
551 {
552 rdr_log(reader, "You have a bad Cam Key set");
553 return ERROR;
554 }
555 }
556 else
557 { irdeto_do_cmd(reader, sc_Acs57CamKey, 0x9012, cta_res, &cta_lr); }
558 int32_t acslength = cta_res[cta_lr - 1];
559 sc_Acs57_Cmd[4] = acslength;
560 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
561 }
562 break;
563 // dirthy hack ziggo nl card smartredaer v2 and triple will be removed after findings optimum T14 values for v2 and triple
564 case 999:
565 {
566 // For some reason only 4 to 5 bytes are received, while 8 bytes are expected.
567
568 int32_t rc;
569 rc = reader_cmd2icc(reader, sc_GetCamKey383C, sizeof(sc_GetCamKey383C), cta_res, &cta_lr);
570 rdr_log_dbg(reader, D_READER, "SmargoV2 camkey exchange containment: Ignoring returncode (%d), should have been 0.", rc);
571 rdr_log_dbg(reader, D_READER, "In case cardinit NOK and/or no entitlements, retry by restarting oscam.");
572 }
573 break;
574 // end dirthy hack
575 default:
576 if(csystem_data->acs57 == 1)
577 {
578 int32_t i, crc = 0x76;
579 for(i = 6; i < (int)sizeof(sc_Acs57CamKey) - 1; i++)
580 { crc ^= sc_Acs57CamKey[i]; }
581 sc_Acs57CamKey[69] = crc;
582 irdeto_do_cmd(reader, sc_Acs57CamKey, 0x9012, cta_res, &cta_lr);
583 int32_t acslength = cta_res[cta_lr - 1];
584 sc_Acs57_Cmd[4] = acslength;
585 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
586 }
587 else
588 {
589 reader_chk_cmd(sc_GetCamKey383C, 0);
590 }
591 break;
592 }
593 if((reader->cardmhz != 600 && reader->typ != R_INTERNAL) || (reader->typ == R_INTERNAL && (reader->mhz < 510 || reader->cardmhz > 690)))
594 { rdr_log(reader, "WARNING: For Irdeto cards you will have to set '%s= 600' in oscam.server", (reader->typ == R_INTERNAL ? "mhz" : "cardmhz") ); }
595
596 return irdeto_card_init_provider(reader);
597 }
598
599 int32_t irdeto_do_ecm(struct s_reader *reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)
600 {
601 def_resp;
602 cta_lr = 0; //suppress compiler error
603 static const uchar sc_EcmCmd[] = { 0x05, 0x00, 0x00, 0x02, 0x00 };
604 uchar sc_Acs57Ecm[] = {0xD5, 0x00, 0x00, 0x02, 0x00};
605 uchar sc_Acs57_Cmd[] = { ACS57ECM, 0xFE, 0x00, 0x00, 0x00 };
606 uchar cta_cmd[MAX_ECM_SIZE];
607 struct irdeto_data *csystem_data = reader->csystem_data;
608
609 int32_t i = 0, acspadd = 0;
610 if(csystem_data->acs57 == 1)
611 {
612 int32_t crc = 63;
613 sc_Acs57Ecm[4] = er->ecm[2] - 2;
614 if((reader->caid == 0x0648) || (reader->caid == 0x0650) || (reader->caid == 0x0666) || (reader->caid == 0x0624 && csystem_data->acs57 == 1)) //crc for orf, cslink, skylink
615 {
616 sc_Acs57Ecm[2] = 0;
617 crc ^= 0x01;
618 crc ^= 0x05;
619 crc ^= sc_Acs57Ecm[2];
620 crc ^= sc_Acs57Ecm[3];
621 crc ^= (sc_Acs57Ecm[4] - 1);
622 for(i = 6; i < er->ecm[2] + 4; i++)
623 { crc ^= er->ecm[i]; }
624 }
625 else
626 {
627 sc_Acs57Ecm[2] = er->ecm[6];
628 crc ^= 0x01;
629 crc ^= 0x05;
630 crc ^= sc_Acs57Ecm[2];
631 crc ^= sc_Acs57Ecm[3];
632 crc ^= (sc_Acs57Ecm[4] - 1);
633 for(i = 6; i < er->ecm[3] - 5; i++)
634 { crc ^= er->ecm[i]; }
635 }
636 memcpy(cta_cmd, sc_Acs57Ecm, sizeof(sc_Acs57Ecm));
637 memcpy(cta_cmd + 5, er->ecm + 6, er->ecm[2] - 1);
638 cta_cmd[er->ecm[2] + 2] = crc;
639
640 irdeto_do_cmd(reader, cta_cmd, 0, cta_res, &cta_lr);
641 int32_t acslength = cta_res[cta_lr - 1];
642 // If acslength != 0x1F you don't have the entitlements or you camkey is bad
643 if(acslength != 0x1F)
644 {
645 switch(acslength)
646 {
647 case 0x09:
648 rdr_log(reader, "Maybe you don't have the entitlements for this channel");
649 break;
650 default:
651 rdr_log(reader, "Maybe you have a bad Cam Key set it from config file");
652 break;
653 }
654 return ERROR;
655 }
656 sc_Acs57_Cmd[4] = acslength;
657 cta_lr = 0;
658 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
659 acspadd = 8;
660 }
661 else
662 {
663 memcpy(cta_cmd, sc_EcmCmd, sizeof(sc_EcmCmd));
664 cta_cmd[4] = (er->ecm[2]) - 3;
665 memcpy(cta_cmd + sizeof(sc_EcmCmd), &er->ecm[6], cta_cmd[4]);
666
667 int32_t try = 1;
668 int32_t ret;
669 do
670 {
671 if(try > 1)
672 snprintf(ea->msglog, MSGLOGSIZE, "%s irdeto_do_cmd try nr %i", reader->label, try);
673 ret = (irdeto_do_cmd(reader, cta_cmd, 0x9D00, cta_res, &cta_lr));
674 ret = ret || (cta_lr < 24);
675 if(ret)
676 {
677 switch(cta_res[cta_lr - 2])
678 {
679 case 0x26: // valid for V6 and V7 cards *26 rare case card gets locked if bad EMM being written
680 {
681 snprintf(ea->msglog, MSGLOGSIZE, "%s cardstatus: LOCKED", reader->label);
682 return E_CORRUPT;
683 }
684 case 0x27: // valid for V6 and V7 cards Time sync EMMs
685 {
686 snprintf(ea->msglog, MSGLOGSIZE, "%s need global EMMs first", reader->label);
687 return E_CORRUPT;
688 }
689 case 0x33: // valid for all cards *33 comes in 2 cases Either Card Requires to be init with Dynamic RSA AKA cmd28/A0 or Pairing Enabled
690 {
691 snprintf(ea->msglog, MSGLOGSIZE, "%s dynamic RSA init or pairing enabled", reader->label);
692 return ERROR;
693 }
694 case 0x35: // valid for V6 and V7 cards Time sync EMMs
695 {
696 snprintf(ea->msglog, MSGLOGSIZE, "%s need global EMMs first", reader->label);
697 return E_CORRUPT;
698 }
699 case 0x90: // valid for all cards
700 {
701 snprintf(ea->msglog, MSGLOGSIZE,"%s unsubscribed channel or chid missing", reader->label);
702 return ERROR;
703 }
704 case 0x92: // valid for all cards
705 {
706 snprintf(ea->msglog, MSGLOGSIZE,"%s regional chid missing", reader->label);
707 return ERROR;
708 }
709 case 0x9E: // valid for all cards *9E comes in 2 cases if card not fully updated OR if pairing Enabled
710 {
711 if(cta_res[cta_lr - 1] == 0x65)
712 {
713 snprintf(ea->msglog, MSGLOGSIZE,"%s chipset pairing enabled", reader->label);
714 return ERROR;
715 }
716 else
717 {
718 snprintf(ea->msglog, MSGLOGSIZE,"%s needs EMMs", reader->label);
719 return E_CORRUPT;
720 }
721 }
722 case 0xA0: // valid for all cards
723 {
724 snprintf(ea->msglog, MSGLOGSIZE,"%s surflock enabled", reader->label);
725 return E_CORRUPT;
726 }
727
728 default: // all other error status
729 {
730 snprintf(ea->msglog, MSGLOGSIZE, "%s irdeto_do_cmd [%d] %02x %02x", reader->label, cta_lr, cta_res[cta_lr - 2], cta_res[cta_lr - 1]);
731 break;
732 }
733 }
734 }
735 try++;
736 }
737 while((try < 3) && (ret));
738 if(ret)
739 { return ERROR; }
740 }
741
742 if(cta_res[5]== 0x36 || cta_res[5]== 0x37 || cta_res[5]== 0x24 || cta_res[5]== 0x25)
743 {
744 snprintf(ea->msglog, MSGLOGSIZE, "cw needs tweaking");
745 }
746 ReverseSessionKeyCrypt(reader->boxkey, cta_res + 6 + acspadd);
747 ReverseSessionKeyCrypt(reader->boxkey, cta_res + 14 + acspadd);
748 memcpy(ea->cw, cta_res + 6 + acspadd, 16);
749 return OK;
750 }
751
752 static int32_t irdeto_get_emm_type(EMM_PACKET *ep, struct s_reader *rdr)
753 {
754
755 int32_t i, l = (ep->emm[3] & 0x07);
756 int32_t base = (ep->emm[3] >> 3);
757 char dumprdrserial[l * 3], dumpemmserial[l * 3];
758
759 rdr_log_dbg(rdr, D_EMM, "Entered irdeto_get_emm_type ep->emm[3]=%02x", ep->emm[3]);
760
761 switch(l)
762 {
763
764 case 0:
765 // global emm, 0 bytes addressed
766 ep->type = GLOBAL;
767 rdr_log_dbg(rdr, D_EMM, "GLOBAL base = %02x", base);
768 if(base & 0x10) // hex serial based?
769 {
770 if(base == rdr->hexserial[3]) // does base match?
771 {
772 return 1;
773 }
774 else
775 {
776 return 0; // base doesnt match!
777 }
778 }
779 else { return 1; } // provider based, match all!
780
781 case 2:
782 // shared emm, 2 bytes addressed
783 ep->type = SHARED;
784 memset(ep->hexserial, 0, 8);
785 memcpy(ep->hexserial, ep->emm + 4, l);
786 cs_hexdump(1, rdr->hexserial, l, dumprdrserial, sizeof(dumprdrserial));
787 cs_hexdump(1, ep->hexserial, l, dumpemmserial, sizeof(dumpemmserial));
788 rdr_log_dbg_sensitive(rdr, D_EMM, "SHARED l = %d ep = {%s} rdr = {%s} base = %02x", l,
789 dumpemmserial, dumprdrserial, base);
790
791 if(base & 0x10)
792 {
793 // hex addressed
794 return (base == rdr->hexserial[3] && !memcmp(ep->emm + 4, rdr->hexserial, l));
795 }
796 else
797 {
798 if(!memcmp(ep->emm + 4, rdr->hexserial, l))
799 { return 1; }
800
801 // provider addressed
802 for(i = 0; i < rdr->nprov; i++)
803 if(base == rdr->prid[i][0] && !memcmp(ep->emm + 4, &rdr->prid[i][1], l))
804 { return 1; }
805 }
806 rdr_log_dbg(rdr, D_EMM, "neither hex nor provider addressed or unknown provider id");
807 return 0;
808
809 case 3:
810 // unique emm, 3 bytes addressed
811 ep->type = UNIQUE;
812 memset(ep->hexserial, 0, 8);
813 memcpy(ep->hexserial, ep->emm + 4, l);
814 cs_hexdump(1, rdr->hexserial, l, dumprdrserial, sizeof(dumprdrserial));
815 cs_hexdump(1, ep->hexserial, l, dumpemmserial, sizeof(dumpemmserial));
816 rdr_log_dbg_sensitive(rdr, D_EMM, "UNIQUE l = %d ep = {%s} rdr = {%s} base = %02x", l,
817 dumpemmserial, dumprdrserial, base);
818
819 if(base & 0x10)
820 // unique hex addressed
821 { return (base == rdr->hexserial[3] && !memcmp(ep->emm + 4, rdr->hexserial, l)); }
822 else
823 {
824 if(!memcmp(ep->emm + 4, rdr->hexserial, l))
825 { return 1; }
826
827 // unique provider addressed
828 for(i = 0; i < rdr->nprov; i++)
829 if(base == rdr->prid[i][0] && !memcmp(ep->emm + 4, &rdr->prid[i][1], l))
830 { return 1; }
831 }
832 rdr_log_dbg(rdr, D_EMM, "neither hex nor provider addressed or unknown provider id");
833 return 0;
834
835 default:
836 ep->type = UNKNOWN;
837 rdr_log_dbg(rdr, D_EMM, "UNKNOWN");
838 return 1;
839 }
840
841 }
842
843 static int32_t irdeto_get_emm_filter(struct s_reader *rdr, struct s_csystem_emm_filter **emm_filters, unsigned int *filter_count)
844 {
845 if(*emm_filters == NULL)
846 {
847 const unsigned int max_filter_count = 3 + (rdr->nprov * 2);
848 if(!cs_malloc(emm_filters, max_filter_count * sizeof(struct s_csystem_emm_filter)))
849 { return ERROR; }
850
851 struct s_csystem_emm_filter *filters = *emm_filters;
852 *filter_count = 0;
853
854 unsigned int idx = 0;
855
856 filters[idx].type = EMM_GLOBAL;
857 filters[idx].enabled = 1;
858 filters[idx].filter[0] = 0x82;
859 filters[idx].mask[0] = 0xFF;
860 filters[idx].filter[1] = 0xF8;
861 filters[idx].mask[1] = 0x07;
862 idx++;
863
864 filters[idx].type = EMM_UNIQUE;
865 filters[idx].enabled = 1;
866 filters[idx].filter[0] = 0x82;
867 filters[idx].mask[0] = 0xFF;
868 filters[idx].filter[1] = 0xFB;
869 filters[idx].mask[1] = 0x07;
870 memcpy(&filters[idx].filter[2], rdr->hexserial, 3);
871 memset(&filters[idx].mask[2], 0xFF, 3);
872 idx++;
873
874 // Shared on Hex Serial only for Betacrypt
875 if(caid_is_betacrypt(rdr->caid))
876 {
877 filters[idx].type = EMM_SHARED;
878 filters[idx].enabled = 1;
879 filters[idx].filter[0] = 0x82;
880 filters[idx].mask[0] = 0xFF;
881 filters[idx].filter[1] = 0xFA;
882 filters[idx].mask[1] = 0x07;
883 memcpy(&filters[idx].filter[2], rdr->hexserial, 2);
884 memset(&filters[idx].mask[2], 0xFF, 2);
885 idx++;
886 }
887
888 int32_t i;
889 for(i = 0; i < rdr->nprov; i++)
890 {
891 // 00XX00 provider is a not initialised not used provider
892 if(rdr->prid[i][1] == 0xFF || (rdr->prid[i][1] == 0x00 && rdr->prid[i][3] == 0x00 && rdr->caid != 0x0647))
893 { continue; }
894
895 filters[idx].type = EMM_UNIQUE;
896 filters[idx].enabled = 1;
897 filters[idx].filter[0] = 0x82;
898 filters[idx].mask[0] = 0xFF;
899 filters[idx].filter[1] = 0xFB;
900 filters[idx].mask[1] = 0x07;
901 memcpy(&filters[idx].filter[2], &rdr->prid[i][1], 3);
902 memset(&filters[idx].mask[2], 0xFF, 3);
903 idx++;
904
905 filters[idx].type = EMM_SHARED;
906 filters[idx].enabled = 1;
907 filters[idx].filter[0] = 0x82;
908 filters[idx].mask[0] = 0xFF;
909 filters[idx].filter[1] = 0xFA;
910 filters[idx].mask[1] = 0x07;
911 memcpy(&filters[idx].filter[2], &rdr->prid[i][1], 2);
912 memset(&filters[idx].mask[2], 0xFF, 2);
913 idx++;
914 }
915
916 *filter_count = idx;
917 }
918
919 return OK;
920 }
921
922 static int32_t irdeto_get_tunemm_filter(struct s_reader *rdr, struct s_csystem_emm_filter **emm_filters, unsigned int *filter_count)
923 {
924 if(*emm_filters == NULL)
925 {
926 const unsigned int max_filter_count = 3;
927 if(!cs_malloc(emm_filters, max_filter_count * sizeof(struct s_csystem_emm_filter)))
928 { return ERROR; }
929
930 struct s_csystem_emm_filter *filters = *emm_filters;
931 *filter_count = 0;
932
933 unsigned int idx = 0;
934
935 filters[idx].type = EMM_GLOBAL;
936 filters[idx].enabled = 1;
937 filters[idx].filter[0] = 0x82;
938 filters[idx].mask[0] = 0xFF;
939 idx++;
940
941 filters[idx].type = EMM_SHARED;
942 filters[idx].enabled = 1;
943 filters[idx].filter[0] = 0x83;
944 filters[idx].filter[1] = rdr->hexserial[1];
945 filters[idx].filter[2] = rdr->hexserial[0];
946 filters[idx].filter[3] = 0x10;
947 filters[idx].filter[4] = 0x00;
948 filters[idx].filter[5] = 0x10;
949 memset(&filters[idx].mask[0], 0xFF, 6);
950 idx++;
951
952 filters[idx].type = EMM_UNIQUE;
953 filters[idx].enabled = 1;
954 filters[idx].filter[0] = 0x83;
955 filters[idx].filter[1] = rdr->hexserial[1];
956 filters[idx].filter[2] = rdr->hexserial[0];
957 filters[idx].filter[3] = 0x10;
958 filters[idx].filter[4] = rdr->hexserial[2];
959 filters[idx].filter[5] = 0x00;
960 memset(&filters[idx].mask[0], 0xFF, 6);
961 idx++;
962
963 *filter_count = idx;
964 }
965
966 return OK;
967 }
968
969 void irdeto_add_emm_header(EMM_PACKET *ep)
970 {
971 uint8_t bt_emm[MAX_EMM_SIZE];
972 static const char *typtext[] = { "unknown", "unique", "shared", "global" };
973 memset(bt_emm, 0, sizeof(bt_emm));
974
975 ep->type = UNKNOWN;
976 if(ep->emm[0] == 0x83 && ep->emm[5] == 0x10)
977 {
978 if(ep->emm[7] == 0x00)
979 { ep->type = UNIQUE; }
980 else
981 { ep->type = SHARED; }
982 }
983 else
984 {
985 if(ep->emm[0] == 0x82)
986 { ep->type = GLOBAL; }
987 }
988
989 if(ep->type != UNKNOWN && ep->emmlen == 142)
990 { cs_log_dbg(D_EMM, "[TUN_EMM] Type: %s - rewriting header", typtext[ep->type]); }
991 else
992 { return; }
993
994 // BETACRYPT/IRDETO EMM HEADER:
995 static uint8_t headerD0[6] = { 0x82, 0x70, 0x89, 0xd0, 0x01, 0x00 }; // GLOBAL
996 static uint8_t headerD2[8] = { 0x82, 0x70, 0x8b, 0xd2, 0x00, 0x00, 0x01, 0x00 }; // SHARED
997 static uint8_t headerD3[9] = { 0x82, 0x70, 0x8c, 0xd3, 0x00, 0x00, 0x00, 0x01, 0x00 }; // UNIQUE
998
999 switch(ep->type)
1000 {
1001 case UNIQUE:
1002 memcpy(bt_emm, headerD3, sizeof(headerD3));
1003 memcpy(bt_emm + sizeof(headerD3), ep->emm + 8, ep->emmlen - 8);
1004 bt_emm[4] = ep->emm[4];
1005 bt_emm[5] = ep->emm[3];
1006 bt_emm[6] = ep->emm[6];
1007 ep->emmlen = 143;
1008 break;
1009 case SHARED:
1010 memcpy(bt_emm, headerD2, sizeof(headerD2));
1011 memcpy(bt_emm + sizeof(headerD2), ep->emm + 8, ep->emmlen - 8);
1012 bt_emm[4] = ep->emm[4];
1013 bt_emm[5] = ep->emm[3];
1014 ep->emmlen = 142;
1015 break;
1016 case GLOBAL:
1017 memcpy(bt_emm, headerD0, sizeof(headerD0));
1018 memcpy(bt_emm + sizeof(headerD0), ep->emm + 8, ep->emmlen - 8);
1019 ep->emmlen = 140;
1020 break;
1021 }
1022 memcpy(ep->emm, bt_emm, sizeof(bt_emm));
1023 }
1024
1025 #define ADDRLEN 4 // Address length in EMM commands
1026
1027 static int32_t irdeto_do_emm(struct s_reader *reader, EMM_PACKET *ep)
1028 {
1029 def_resp;
1030 static const uchar sc_EmmCmd[] = { 0x01, 0x00, 0x00, 0x00, 0x00 };
1031 static uchar sc_Acs57Emm[] = { 0xD1, 0x00, 0x00, 0x00, 0x00 };
1032 uchar sc_Acs57_Cmd[] = { ACS57EMM, 0xFE, 0x00, 0x00, 0x00 };
1033 struct irdeto_data *csystem_data = reader->csystem_data;
1034
1035 uchar cta_cmd[272];
1036 if(ep->emm[0] != 0x82)
1037 {
1038 rdr_log_dbg(reader, D_EMM, "Invalid EMM: Has to start with 0x82, but starts with %02x!", ep->emm[0]);
1039 return ERROR;
1040 }
1041
1042 int32_t i, l = (ep->emm[3] & 0x07), ok = 0;
1043 int32_t mode = (ep->emm[3] >> 3);
1044 uchar *emm = ep->emm;
1045
1046 if(mode & 0x10)
1047 {
1048 // hex addressed
1049 ok = (mode == reader->hexserial[3] && (!l || !memcmp(&emm[4], reader->hexserial, l)));
1050 }
1051 else
1052 {
1053 ok = !memcmp(&emm[4], reader->hexserial, l);
1054
1055 // provider addressed
1056 for(i = 0; i < reader->nprov && !ok; i++)
1057 {
1058 ok = (mode == reader->prid[i][0] && (!l || !memcmp(&emm[4], &reader->prid[i][1], l)));
1059 }
1060 }
1061
1062 if(ok)
1063 {
1064 l++;
1065 if(l <= ADDRLEN)
1066 {
1067 if(csystem_data->acs57 == 1)
1068 {
1069 int32_t dataLen = 0;
1070 if(ep->type == UNIQUE)
1071 {
1072 dataLen = ep->emm[2] - 1;
1073 }
1074 else
1075 {
1076 dataLen = ep->emm[2];
1077 }
1078 if(dataLen < 7 || dataLen > (int32_t)sizeof(ep->emm) - 6 || dataLen > (int32_t)sizeof(cta_cmd) - 9)
1079 {
1080 rdr_log_dbg(reader, D_EMM, "dataLen %d seems wrong, faulty EMM?", dataLen);
1081 return ERROR;
1082 }
1083 if(ep->type == GLOBAL && ((reader->caid == 0x0624 && csystem_data->acs57 == 1) || reader->caid == 0x0648 || reader->caid == 0x0650 || reader->caid == 0x0666)) { dataLen += 2; }
1084 int32_t crc = 63;
1085 sc_Acs57Emm[4] = dataLen;
1086 memcpy(&cta_cmd, sc_Acs57Emm, sizeof(sc_Acs57Emm));
1087 crc ^= 0x01;
1088 crc ^= 0x01;
1089 crc ^= 0x00;
1090 crc ^= 0x00;
1091 crc ^= 0x00;
1092 crc ^= (dataLen - 1);
1093 memcpy(&cta_cmd[5], &ep->emm[3], 10);
1094 if(ep->type == UNIQUE)
1095 {
1096 memcpy(&cta_cmd[9], &ep->emm[9], dataLen - 4);
1097 }
1098 else
1099 {
1100 if(ep->type == GLOBAL && ((reader->caid == 0x0624 && csystem_data->acs57 == 1) || reader->caid == 0x0648 || reader->caid == 0x0650 || reader->caid == 0x0666))
1101 {
1102 memcpy(&cta_cmd[9], &ep->emm[6], 1);
1103 memcpy(&cta_cmd[10], &ep->emm[7], dataLen - 6);
1104 // cta_cmd[9]=0x00;
1105 }
1106 else if((reader->caid == 0x0624 && csystem_data->acs57 == 1) || reader->caid == 0x0648 || reader->caid == 0x0650 || reader->caid == 0x0666) //only orf, cslink, skylink
1107 {
1108 memcpy(&cta_cmd[9], &ep->emm[8], dataLen - 4);
1109 }
1110 else
1111 {
1112 memcpy(&cta_cmd[10], &ep->emm[9], dataLen - 6);
1113 }
1114 }
1115 for(i = 5; i < dataLen + 4; i++)
1116 { crc ^= cta_cmd[i]; }
1117 cta_cmd[dataLen - 1 + 5] = crc;
1118 irdeto_do_cmd(reader, cta_cmd, 0, cta_res, &cta_lr);
1119 int32_t acslength = cta_res[cta_lr - 1];
1120 sc_Acs57_Cmd[4] = acslength;
1121 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
1122 rdr_log_dbg(reader, D_EMM,"response %02X %02X %02X %02X %02X (%s)", cta_res[0], cta_res[1], cta_res[2], cta_res[3], cta_res[4],
1123 ((cta_res[2] == 0 || cta_res[2] == 0x7B || cta_res[2] == 0x7C) ? "OK" : "ERROR"));
1124 if(cta_res[2] == 0x7B || cta_res[2] == 0x7C) // chid already written or chid already up to date
1125 {
1126 return SKIPPED;
1127 }
1128 if(cta_res[2] == 0x00)
1129 {
1130 return OK;
1131 }
1132 return ERROR; // all other
1133 }
1134 else // non acs57 based cards
1135 {
1136 const int32_t dataLen = SCT_LEN(emm) - 5 - l; // sizeof of emm bytes (nanos)
1137 if(dataLen < 1 || dataLen > (int32_t)sizeof(ep->emm) - 5 - l || dataLen > (int32_t)sizeof(cta_cmd) - (int32_t)sizeof(sc_EmmCmd) - ADDRLEN)
1138 {
1139 rdr_log_dbg(reader, D_EMM, "dataLen %d seems wrong, faulty EMM?", dataLen);
1140 return ERROR;
1141 }
1142 uchar *ptr = cta_cmd;
1143 memcpy(ptr, sc_EmmCmd, sizeof(sc_EmmCmd)); // copy card command
1144 ptr[4] = dataLen + ADDRLEN; // set card command emm size
1145 ptr += sizeof(sc_EmmCmd);
1146 emm += 3;
1147 memset(ptr, 0, ADDRLEN); // clear addr range
1148 memcpy(ptr, emm, l); // copy addr bytes
1149 ptr += ADDRLEN;
1150 emm += l;
1151 memcpy(ptr, &emm[2], dataLen); // copy emm bytes]
1152 irdeto_do_cmd(reader, cta_cmd, 0, cta_res, &cta_lr);
1153 rdr_log_dbg(reader, D_EMM,"response %02X %02X %02X %02X %02X (%s)", cta_res[0], cta_res[1], cta_res[2], cta_res[3], cta_res[4],
1154 ((cta_res[cta_lr-2] == 0 || cta_res[cta_lr-2] == 0x7B || cta_res[cta_lr-2] == 0x7C) ? "OK" : "ERROR"));
1155
1156 if(cta_res[cta_lr-2] == 0x7B || cta_res[cta_lr-2] == 0x7C) // chid already written or chid already up to date
1157 {
1158 return SKIPPED;
1159 }
1160 if(cta_res[cta_lr-2] == 0x00)
1161 {
1162 return OK;
1163 }
1164 return ERROR; // all other
1165 }
1166 }
1167 else
1168 {
1169 rdr_log_dbg(reader, D_EMM, "addrlen %d > %d", l, ADDRLEN);
1170 return ERROR;
1171 }
1172 }
1173 else
1174 {
1175 rdr_log_dbg(reader, D_EMM, "EMM skipped since its hexserial or base doesnt match with this card!");
1176 return SKIPPED;
1177 }
1178 }
1179
1180 static int32_t irdeto_card_info(struct s_reader *reader)
1181 {
1182 def_resp;
1183 int32_t i, p;
1184 struct irdeto_data *csystem_data = reader->csystem_data;
1185
1186 cs_clear_entitlement(reader); // reset the entitlements
1187
1188 uchar sc_GetChanelIds[] = { 0x02, 0x04, 0x00, 0x00, 0x01, 0x00 };
1189 uchar sc_Acs57Code[] = { 0xD2, 0x16, 0x00, 0x00, 0x01 , 0x37},
1190 sc_Acs57Prid[] = { 0xD2, 0x08, 0x00, 0x00, 0x02, 0x00, 0x00 },
1191 sc_Acs57_Cmd[] = { ACS57GET, 0xFE, 0x00, 0x00, 0x00 };
1192
1193 /*
1194 * ContryCode2
1195 */
1196 int32_t acspadd = 0;
1197 if(csystem_data->acs57 == 1)
1198 {
1199 acspadd = 8;
1200 reader_chk_cmd(sc_Acs57Code, 0);
1201 int32_t acslength = cta_res[cta_lr - 1];
1202 sc_Acs57_Cmd[4] = acslength;
1203 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
1204 }
1205 else
1206 {
1207 reader_chk_cmd(sc_GetCountryCode2, 0);
1208 }
1209
1210 if(((cta_lr > 9) && !(cta_res[cta_lr - 2] | cta_res[cta_lr - 1])) || (csystem_data->acs57 == 1))
1211 {
1212 rdr_log_dbg(reader, D_READER, "max chids: %d, %d, %d, %d", cta_res[6 + acspadd], cta_res[7 + acspadd], cta_res[8 + acspadd], cta_res[9 + acspadd]);
1213
1214 /*
1215 * Provider 2
1216 */
1217 for(i = p = 0; i < reader->nprov; i++)
1218 {
1219 int32_t j, k, chid, first = 1;
1220 char t[32];
1221 if(reader->prid[i][4] != 0xff)
1222 {
1223 p++;
1224 sc_Acs57Prid[3] = i;
1225 sc_GetChanelIds[3] = i; // provider at index i
1226 j = 0;
1227 // for (j=0; j<10; j++) => why 10 .. do we know for sure the there are only 10 chids !!!
1228 // shouldn't it me the max chid value we read above ?!
1229 while(1) // will exit if cta_lr < 61 .. which is the correct break condition.
1230 {
1231 if(csystem_data->acs57 == 1)
1232 {
1233 int32_t crc = 63;
1234 sc_Acs57Prid[5] = j;
1235 crc ^= 0x01;
1236 crc ^= 0x02;
1237 crc ^= 0x04;
1238 crc ^= sc_Acs57Prid[2];
1239 crc ^= sc_Acs57Prid[3];
1240 crc ^= (sc_Acs57Prid[4] - 1);
1241 crc ^= sc_Acs57Prid[5];
1242 sc_Acs57Prid[6] = crc;
1243 irdeto_do_cmd(reader, sc_Acs57Prid, 0x903C, cta_res, &cta_lr);
1244 int32_t acslength = cta_res[cta_lr - 1];
1245 if(acslength == 0x09) { break; }
1246 sc_Acs57_Cmd[4] = acslength;
1247 reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
1248 if(cta_res[10] == 0xFF) { break; }
1249 cta_res[cta_lr - 3] = 0xff;
1250 cta_res[cta_lr - 2] = 0xff;
1251 cta_res[cta_lr - 1] = 0xff;
1252 acspadd = 8;
1253 }
1254 else
1255 {
1256 sc_GetChanelIds[5] = j; // chid at index j for provider at index i
1257 reader_chk_cmd(sc_GetChanelIds, 0);
1258 }
1259 // if (cta_lr<61) break; // why 61 (0 to 60 in steps of 6 .. is it 10*6 from the 10 in the for loop ?
1260 // what happen if the card only send back.. 9 chids (or less)... we don't see them
1261 // so we should check whether or not we have at least 6 bytes (1 chid).
1262 if(cta_lr < 6) { break; }
1263
1264 for(k = 0 + acspadd; k < cta_lr; k += 6)
1265 {
1266 chid = b2i(2, cta_res + k);
1267 if(chid && chid != 0xFFFF)
1268 {
1269 time_t date, start_t, end_t;
1270
1271 start_t = chid_date(reader, date = b2i(2, cta_res + k + 2), t, 16);
1272 end_t = chid_date(reader, date + cta_res[k + 4], t + 16, 16);
1273
1274 // todo: add entitlements to list but produces a warning related to date variable
1275 cs_add_entitlement(reader, reader->caid, b2i(3, &reader->prid[i][1]), chid, 0, start_t, end_t, 3, 1);
1276
1277 if(first)
1278 {
1279 rdr_log(reader, "entitlements for provider: %d, id: %06X", p, b2i(3, &reader->prid[i][1]));
1280 first = 0;
1281 }
1282 rdr_log(reader, "chid: %04X, date: %s - %s", chid, t, t + 16);
1283 }
1284 }
1285 j++;
1286 }
1287 }
1288 }
1289 }
1290 rdr_log(reader, "ready for requests");
1291 return OK;
1292 }
1293
1294 const struct s_cardsystem reader_irdeto =
1295 {
1296 .desc = "irdeto",
1297 .caids = (uint16_t[]){ 0x06, 0x17, 0 },
1298 .do_emm = irdeto_do_emm,
1299 .do_ecm = irdeto_do_ecm,
1300 .card_info = irdeto_card_info,
1301 .card_init = irdeto_card_init,
1302 .get_emm_type = irdeto_get_emm_type,
1303 .get_emm_filter = irdeto_get_emm_filter,
1304 .get_tunemm_filter = irdeto_get_tunemm_filter,
1305 };
1306
1307 #endif
Open Source Conditional Access Modul