2 #include "reader-common.h"
4 extern uchar cta_cmd
[], cta_res
[];
8 static const uchar CryptTable
[256] =
10 0xDA, 0x26, 0xE8, 0x72, 0x11, 0x52, 0x3E, 0x46,
11 0x32, 0xFF, 0x8C, 0x1E, 0xA7, 0xBE, 0x2C, 0x29,
12 0x5F, 0x86, 0x7E, 0x75, 0x0A, 0x08, 0xA5, 0x21,
13 0x61, 0xFB, 0x7A, 0x58, 0x60, 0xF7, 0x81, 0x4F,
14 0xE4, 0xFC, 0xDF, 0xB1, 0xBB, 0x6A, 0x02, 0xB3,
15 0x0B, 0x6E, 0x5D, 0x5C, 0xD5, 0xCF, 0xCA, 0x2A,
16 0x14, 0xB7, 0x90, 0xF3, 0xD9, 0x37, 0x3A, 0x59,
17 0x44, 0x69, 0xC9, 0x78, 0x30, 0x16, 0x39, 0x9A,
18 0x0D, 0x05, 0x1F, 0x8B, 0x5E, 0xEE, 0x1B, 0xC4,
19 0x76, 0x43, 0xBD, 0xEB, 0x42, 0xEF, 0xF9, 0xD0,
20 0x4D, 0xE3, 0xF4, 0x57, 0x56, 0xA3, 0x0F, 0xA6,
21 0x50, 0xFD, 0xDE, 0xD2, 0x80, 0x4C, 0xD3, 0xCB,
22 0xF8, 0x49, 0x8F, 0x22, 0x71, 0x84, 0x33, 0xE0,
23 0x47, 0xC2, 0x93, 0xBC, 0x7C, 0x3B, 0x9C, 0x7D,
24 0xEC, 0xC3, 0xF1, 0x89, 0xCE, 0x98, 0xA2, 0xE1,
25 0xC1, 0xF2, 0x27, 0x12, 0x01, 0xEA, 0xE5, 0x9B,
26 0x25, 0x87, 0x96, 0x7B, 0x34, 0x45, 0xAD, 0xD1,
27 0xB5, 0xDB, 0x83, 0x55, 0xB0, 0x9E, 0x19, 0xD7,
28 0x17, 0xC6, 0x35, 0xD8, 0xF0, 0xAE, 0xD4, 0x2B,
29 0x1D, 0xA0, 0x99, 0x8A, 0x15, 0x00, 0xAF, 0x2D,
30 0x09, 0xA8, 0xF5, 0x6C, 0xA1, 0x63, 0x67, 0x51,
31 0x3C, 0xB2, 0xC0, 0xED, 0x94, 0x03, 0x6F, 0xBA,
32 0x3F, 0x4E, 0x62, 0x92, 0x85, 0xDD, 0xAB, 0xFE,
33 0x10, 0x2E, 0x68, 0x65, 0xE7, 0x04, 0xF6, 0x0C,
34 0x20, 0x1C, 0xA9, 0x53, 0x40, 0x77, 0x2F, 0xA4,
35 0xFA, 0x6D, 0x73, 0x28, 0xE2, 0xCD, 0x79, 0xC8,
36 0x97, 0x66, 0x8E, 0x82, 0x74, 0x06, 0xC7, 0x88,
37 0x1A, 0x4A, 0x6B, 0xCC, 0x41, 0xE9, 0x9D, 0xB8,
38 0x23, 0x9F, 0x3D, 0xBF, 0x8D, 0x95, 0xC5, 0x13,
39 0xB9, 0x24, 0x5A, 0xDC, 0x64, 0x18, 0x38, 0x91,
40 0x7F, 0x5B, 0x70, 0x54, 0x07, 0xB6, 0x4B, 0x0E,
41 0x36, 0xAC, 0x31, 0xE6, 0xD6, 0x48, 0xAA, 0xB4
45 sc_CamKey
[] = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 },
46 sc_GetCountryCode
[] = { 0x02, 0x02, 0x03, 0x00, 0x00 },
47 sc_GetASCIISerial
[] = { 0x02, 0x00, 0x03, 0x00, 0x00 },
48 sc_GetHEXSerial
[] = { 0x02, 0x01, 0x00, 0x00, 0x00 },
49 sc_GetProvider
[] = { 0x02, 0x03, 0x03, 0x00, 0x00 },
50 sc_GetCardFile
[] = { 0x02, 0x0E, 0x02, 0x00, 0x00 },
51 sc_GetCountryCode2
[]= { 0x02, 0x0B, 0x00, 0x00, 0x00 },
52 sc_GetChanelIds
[] = { 0x02, 0x04, 0x00, 0x00, 0x01, 0x00 },
53 sc_GetCamKey384CZ
[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
54 0x18, 0xD7, 0x55, 0x14, 0xC0, 0x83, 0xF1, 0x38,
55 0x39, 0x6F, 0xF2, 0xEC, 0x4F, 0xE3, 0xF1, 0x85,
56 0x01, 0x46, 0x06, 0xCE, 0x7D, 0x08, 0x2C, 0x74,
57 0x46, 0x8F, 0x72, 0xC4, 0xEA, 0xD7, 0x9C, 0xE0,
58 0xE1, 0xFF, 0x58, 0xE7, 0x70, 0x0C, 0x92, 0x45,
59 0x26, 0x18, 0x4F, 0xA0, 0xE2, 0xF5, 0x9E, 0x46,
60 0x6F, 0xAE, 0x95, 0x35, 0xB0, 0x49, 0xB2, 0x0E,
61 0xA4, 0x1F, 0x8E, 0x47, 0xD0, 0x24, 0x11, 0xD0 },
62 sc_GetCamKey384DZ
[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
63 0x27, 0xF2, 0xD6, 0xCD, 0xE6, 0x88, 0x62, 0x46,
64 0x81, 0xB0, 0xF5, 0x3E, 0x6F, 0x13, 0x4D, 0xCC,
65 0xFE, 0xD0, 0x67, 0xB1, 0x93, 0xDD, 0xF4, 0xDE,
66 0xEF, 0xF5, 0x3B, 0x04, 0x1D, 0xE5, 0xC3, 0xB2,
67 0x54, 0x38, 0x57, 0x7E, 0xC8, 0x39, 0x07, 0x2E,
68 0xD2, 0xF4, 0x05, 0xAA, 0x15, 0xB5, 0x55, 0x24,
69 0x90, 0xBB, 0x9B, 0x00, 0x96, 0xF0, 0xCB, 0xF1,
70 0x8A, 0x08, 0x7F, 0x0B, 0xB8, 0x79, 0xC3, 0x5D },
71 sc_GetCamKey384FZ
[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
72 0x62, 0xFE, 0xD8, 0x4F, 0x44, 0x86, 0x2C, 0x21,
73 0x50, 0x9A, 0xBE, 0x27, 0x15, 0x9E, 0xC4, 0x48,
74 0xF3, 0x73, 0x5C, 0xBD, 0x08, 0x64, 0x6D, 0x13,
75 0x64, 0x90, 0x14, 0xDB, 0xFF, 0xC3, 0xFE, 0x03,
76 0x97, 0xFA, 0x75, 0x08, 0x12, 0xF9, 0x8F, 0x84,
77 0x83, 0x17, 0xAA, 0x6F, 0xEF, 0x2C, 0x10, 0x1B,
78 0xBF, 0x31, 0x41, 0xC3, 0x54, 0x2F, 0x65, 0x50,
79 0x95, 0xA9, 0x64, 0x22, 0x5E, 0xA4, 0xAF, 0xA9 },
80 sc_GetCamKey383C
[] = { 0x02, 0x09, 0x03, 0x00, 0x40,
81 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
82 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
83 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
84 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
85 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
86 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
87 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
88 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
90 static void XRotateLeft8Byte(uchar
*buf
)
99 buf
[k
]=(buf
[k
]<<1)|(t2
>>7);
103 static void ReverseSessionKeyCrypt(const uchar
*camkey
, uchar
*key
)
105 uchar localkey
[8], tmp1
, tmp2
;
108 memcpy(localkey
, camkey
, 8) ;
109 for(idx1
=0; idx1
<8; idx1
++)
111 for(idx2
=0; idx2
<8; idx2
++)
113 tmp1
= CryptTable
[key
[7] ^ localkey
[idx2
] ^ idx1
] ;
120 key
[5] = key
[6] ^ tmp1
;
122 key
[7] = tmp1
^ tmp2
;
124 XRotateLeft8Byte(localkey
);
128 static time_t chid_date(ulong date
, char *buf
, int l
)
130 // Irdeto date starts 01.08.1997 which is
131 // 870393600 seconds in unix calendar time
132 time_t ut
=870393600L+date
*(24*3600);
137 snprintf(buf
, l
, "%04d/%02d/%02d", t
->tm_year
+1900, t
->tm_mon
+1, t
->tm_mday
);
142 static int irdeto_do_cmd(uchar
*buf
, ushort good
)
145 if( (rc
=reader_cmd2icc(buf
, buf
[4]+5)) )
146 return(rc
); // result may be 0 (success) or negative
148 return(0x7F7F); // this should never happen
149 return(good
!=b2i(2, cta_res
+cta_lr
-2));
152 #define reader_chk_cmd(cmd, l) \
154 if (reader_cmd2icc(cmd, sizeof(cmd))) return(0); \
155 if (l && (cta_lr!=l)) return(0); }
157 int irdeto_card_init(uchar
*atr
, int atrlen
)
159 int i
, p
, camkey
=0, cs_ptyp_orig
=cs_ptyp
;
161 uchar sc_GetROM
[] = { 0xA0, 0xCA, 0x00, 0x00, 3, 0x10, 0, 0x11};
163 if (memcmp(atr
+4, "IRDETO", 6))
170 if ((!reader_cmd2icc(sc_GetROM
, sizeof(sc_GetROM
))) && (cta_res
[cta_lr
-2]==0x90))
173 if (cta_res
[0]==0x90)
176 cta_res
[cta_res
[1]+4]='\0';
177 if( (ptr
=strstr(cta_res
+2, "ASP")) )
179 sprintf(buf
, ", rom=%c.%c%c", ptr
[3], ptr
[4], ptr
[5]);
180 if( (ptr
=strstr(cta_res
+2, "Rev")) )
181 sprintf(buf
+10, "(%c%c%c)", ptr
[3], ptr
[4], ptr
[5]);
189 reader_chk_cmd(sc_GetCountryCode
, 18);
190 reader
[ridx
].acs
=(cta_res
[0]<<8)|cta_res
[1];
191 reader
[ridx
].caid
[0]=(cta_res
[5]<<8)|cta_res
[6];
192 cs_ri_log("type: %s, caid: %04X, acs: %x.%02x%s",
193 (nagra
) ? "aladin" : "irdeto",
194 reader
[ridx
].caid
[0], cta_res
[0], cta_res
[1], buf
);
199 reader_chk_cmd(sc_GetASCIISerial
, 22);
200 memcpy(buf
, cta_res
, 10);
202 reader_chk_cmd(sc_GetHEXSerial
, 18);
203 memcpy(reader
[ridx
].hexserial
, cta_res
+12, 8);
204 reader
[ridx
].nprov
=cta_res
[10];
205 cs_ri_log("ascii serial: %s, hex serial: %02X%02X%02X, hex base: %02X",
206 buf
, cta_res
[12], cta_res
[13], cta_res
[14], cta_res
[15]);
211 for (sc_GetCardFile
[2]=2;sc_GetCardFile
[2]<4;sc_GetCardFile
[2]++)
212 reader_chk_cmd(sc_GetCardFile
, 0);
217 if ((atr
[14]==0x03) && (atr
[15]==0x84) && (atr
[16]==0x55))
219 switch (reader
[ridx
].caid
[0])
221 case 0x1702: camkey
=1; break;
222 case 0x1722: camkey
=2; break;
223 case 0x1762: camkey
=3; break;
224 default : camkey
=4; break;
228 if ((reader
[ridx
].caid
[0] >= 0x1700) && (reader
[ridx
].caid
[0] <= 0x1799)) // Betacrypt
230 memset(reader
[ridx
].prid
, 0xff, sizeof(reader
[ridx
].prid
));
231 for (i
=0; i
<reader
[ridx
].nprov
; i
++)
233 //values are needed for AU to work for Nagravision/Aladin/Betacrypt
234 reader
[ridx
].prid
[i
][0]=0;
235 reader
[ridx
].prid
[i
][1]=0;
236 reader
[ridx
].prid
[i
][2]=0;
237 reader
[ridx
].prid
[i
][3]=i
;
238 //reader[ridx].prid[i][4]=0; //not sure what to do with this one
240 //since shared address is not filled, we fill it here
241 reader
[ridx
].sa
[i
][0]=0x00;
242 reader
[ridx
].sa
[i
][1]=0xFF;
243 reader
[ridx
].sa
[i
][2]=0xFF;
244 reader
[ridx
].sa
[i
][3]=0xFF;
249 cs_debug("set camkey for type=%d", camkey
);
250 cs_ptyp
=cs_ptyp_orig
;
255 reader_chk_cmd(sc_GetCamKey384CZ
, 10);
258 reader_chk_cmd(sc_GetCamKey384DZ
, 10);
261 reader_chk_cmd(sc_GetCamKey384FZ
, 10);
264 reader_chk_cmd(sc_GetCamKey383C
, 0);
268 cs_log("ready for requests");
272 int irdeto_do_ecm(ECM_REQUEST
*er
)
274 static const uchar sc_EcmCmd
[] = { 0x05, 0x00, 0x00, 0x02, 0x00 };
276 memcpy(cta_cmd
, sc_EcmCmd
, sizeof(sc_EcmCmd
));
277 cta_cmd
[4]=(er
->ecm
[2])-3;
278 memcpy(cta_cmd
+sizeof(sc_EcmCmd
), &er
->ecm
[6], cta_cmd
[4]);
279 if (irdeto_do_cmd(cta_cmd
, 0x9D00)) return(0);
280 if (cta_lr
<24) return(0);
281 ReverseSessionKeyCrypt(sc_CamKey
, cta_res
+6);
282 ReverseSessionKeyCrypt(sc_CamKey
, cta_res
+14);
283 memcpy(er
->cw
, cta_res
+6, 16);
287 int irdeto_do_emm(EMM_PACKET
*ep
)
289 static const uchar sc_EmmCmd
[] = { 0x01,0x00,0x00,0x00,0x00 };
291 int i
, l
=(ep
->emm
[3]&0x07), ok
=0;
292 int mode
=(ep
->emm
[3]>>3);
295 if (mode
&0x10) // Hex addressed
296 ok
=(mode
==reader
[ridx
].hexserial
[3] &&
297 (!l
|| !memcmp(&emm
[4], reader
[ridx
].hexserial
, l
)));
298 else // Provider addressed
299 for(i
=0; i
<reader
[ridx
].nprov
; i
++)
300 if (ok
=(mode
==reader
[ridx
].prid
[i
][0] &&
301 (!l
|| !memcmp(&emm
[4], &reader
[ridx
].prid
[i
][1], l
))))
308 const int dataLen
=SCT_LEN(emm
)-5-l
; // sizeof of emm bytes (nanos)
310 memcpy(ptr
, sc_EmmCmd
, sizeof(sc_EmmCmd
)); // copy card command
311 ptr
[4]=dataLen
+ADDRLEN
; // set card command emm size
312 ptr
+=sizeof(sc_EmmCmd
); emm
+=3;
313 memset(ptr
, 0, ADDRLEN
); // clear addr range
314 memcpy(ptr
, emm
, l
); // copy addr bytes
315 ptr
+=ADDRLEN
; emm
+=l
;
316 memcpy(ptr
, &emm
[2], dataLen
); // copy emm bytes
317 return(irdeto_do_cmd(cta_cmd
, 0) ? 0 : 1);
320 cs_log("addrlen %d > %d", l
, ADDRLEN
);
325 int irdeto_card_info(void)
329 uchar sc_GetChid
[] = { 0xA0, 0xCA, 0x00, 0x00, 4, 0x22, 1, 5, 0x20};
333 for (sc_GetChid
[7]=5;;sc_GetChid
[7]|=0x80)
337 reader_chk_cmd(sc_GetChid
, 0);
338 if ((cta_lr
>33) && (chid
=b2i(2, cta_res
+11)))
340 chid_date(b2i(2, cta_res
+20)-0x7f7, ds
, 15);
341 chid_date(b2i(2, cta_res
+13)-0x7f7, de
, 15);
342 cs_ri_log("chid: %04X, date: %s - %s", chid
, ds
, de
);
353 memset(reader
[ridx
].prid
, 0xff, sizeof(reader
[ridx
].prid
));
354 for (buf
[0]=i
=p
=0; i
<reader
[ridx
].nprov
; i
++)
357 reader_chk_cmd(sc_GetProvider
, 0);
358 // if ((cta_lr==26) && (cta_res[0]!=0xf))
359 if ((cta_lr
==26) && ((!(i
&1)) || (cta_res
[0]!=0xf)))
361 reader
[ridx
].prid
[i
][4]=p
++;
362 memcpy(&reader
[ridx
].prid
[i
][0], cta_res
, 4);
363 sprintf(buf
+strlen(buf
), ",%06X", b2i(3, &reader
[ridx
].prid
[i
][1]));
366 reader
[ridx
].prid
[i
][0]=0xf;
369 cs_ri_log("providers: %d (%s)", p
, buf
+1);
374 reader_chk_cmd(sc_GetCountryCode2
, 0);
375 if ((cta_lr
>9) && !(cta_res
[cta_lr
-2]|cta_res
[cta_lr
-1]))
377 cs_debug("max chids: %d, %d, %d, %d", cta_res
[6], cta_res
[7], cta_res
[8], cta_res
[9]);
382 for (i
=p
=0; i
<reader
[ridx
].nprov
; i
++)
384 int j
, k
, chid
, first
=1;
386 if (reader
[ridx
].prid
[i
][4]!=0xff)
389 sc_GetChanelIds
[3]=i
;
392 sc_GetChanelIds
[5]=j
;
393 reader_chk_cmd(sc_GetChanelIds
, 0);
394 if (cta_lr
<61) break;
395 for(k
=0; k
<cta_lr
; k
+=6)
397 chid
=b2i(2, cta_res
+k
);
398 if (chid
&& chid
!=0xFFFF)
401 chid_date(date
=b2i(2, cta_res
+k
+2), t
, 16);
402 chid_date(date
+cta_res
[k
+4], t
+16, 16);
405 cs_ri_log("provider: %d, id: %06X", p
, b2i(3, &reader
[ridx
].prid
[i
][1]));
408 cs_ri_log("chid: %04X, date: %s - %s", chid
, t
, t
+16);