1 #define MODULE_LOG_PREFIX "cccam"
7 #include "cscrypt/md5.h"
8 #include "cscrypt/sha1.h"
9 #include "module-cacheex.h"
10 #include "module-cccam.h"
11 #include "module-cccam-data.h"
12 #include "module-cccam-cacheex.h"
13 #include "module-cccshare.h"
14 #include "oscam-chk.h"
15 #include "oscam-cache.h"
16 #include "oscam-client.h"
17 #include "oscam-ecm.h"
18 #include "oscam-emm.h"
19 #include "oscam-failban.h"
20 #include "oscam-garbage.h"
21 #include "oscam-lock.h"
22 #include "oscam-net.h"
23 #include "oscam-reader.h"
24 #include "oscam-string.h"
25 #include "oscam-time.h"
26 #include "oscam-work.h"
28 // Mode names for CMD_05 command
29 static const char *cmd05_mode_name
[] = { "UNKNOWN", "PLAIN", "AES", "CC_CRYPT", "RC4", "LEN=0" };
31 // Mode names for CMD_0C command
32 static const char *cmd0c_mode_name
[] = { "NONE", "RC6", "RC4", "CC_CRYPT", "AES", "IDEA" };
34 uint8_t cc_node_id
[8];
36 int32_t cc_cli_connect(struct s_client
*cl
);
37 int32_t cc_send_pending_emms(struct s_client
*cl
);
39 #define getprefix() (!cl ? "" : (!cl->cc ? "" : (((struct cc_data *)(cl->cc))->prefix)))
41 void cc_init_crypt(struct cc_crypt_block
*block
, uint8_t *key
, int32_t len
)
46 for(i
= 0; i
< 256; i
++)
48 block
->keytable
[i
] = i
;
51 for(i
= 0; i
< 256; i
++)
53 j
+= key
[i
% len
] + block
->keytable
[i
];
54 SWAPC(&block
->keytable
[i
], &block
->keytable
[j
]);
62 void cc_crypt(struct cc_crypt_block
*block
, uint8_t *data
, int32_t len
, cc_crypt_mode_t mode
)
67 for(i
= 0; i
< len
; i
++)
70 block
->sum
+= block
->keytable
[block
->counter
];
71 SWAPC(&block
->keytable
[block
->counter
], &block
->keytable
[block
->sum
]);
74 data
[i
] = z
^ block
->keytable
[(block
->keytable
[block
->counter
] + block
->keytable
[block
->sum
]) & 0xff];
75 data
[i
] ^= block
->state
;
82 block
->state
= block
->state
^ z
;
86 void cc_rc4_crypt(struct cc_crypt_block
*block
, uint8_t *data
, int32_t len
, cc_crypt_mode_t mode
)
91 for(i
= 0; i
< len
; i
++)
94 block
->sum
+= block
->keytable
[block
->counter
];
95 SWAPC(&block
->keytable
[block
->counter
], &block
->keytable
[block
->sum
]);
98 data
[i
] = z
^ block
->keytable
[(block
->keytable
[block
->counter
] + block
->keytable
[block
->sum
]) & 0xff];
105 block
->state
= block
->state
^ z
;
109 void cc_xor(uint8_t *buf
)
111 const char cccam
[] = "CCcam";
114 for(i
= 0; i
< 8; i
++)
116 buf
[8 + i
] = i
* buf
[i
];
125 void cc_cw_crypt(struct s_client
*cl
, uint8_t *cws
, uint32_t cardid
)
127 struct cc_data
*cc
= cl
->cc
;
134 node_id
= b2ll(8, cc
->node_id
);
138 node_id
= b2ll(8, cc
->peer_node_id
);
141 for(i
= 0; i
< 16; i
++)
143 tmp
= cws
[i
] ^(node_id
>> (4 * i
));
150 cws
[i
] = (cardid
>> (2 * i
)) ^ tmp
;
154 /** swap endianness (int) */
155 static void SwapLBi(uint8_t *buff
, int32_t len
)
157 #if __BYTE_ORDER != __BIG_ENDIAN
164 for(i
= 0; i
< len
/ 4; i
++)
166 memcpy(swap
, buff
, 4);
175 void cc_crypt_cmd0c(struct s_client
*cl
, uint8_t *buf
, int32_t len
)
177 struct cc_data
*cc
= cl
->cc
;
180 if(!cs_malloc(&out
, len
))
185 switch(cc
->cmd0c_mode
)
187 case MODE_CMD_0x0C_NONE
: // none additional encryption
189 memcpy(out
, buf
, len
);
193 case MODE_CMD_0x0C_RC6
: // RC6
195 // buf may be unaligned,
196 // so we use malloc() memory for the uint32_t* cast
200 if(!cs_malloc(&tmp
, len
))
205 memcpy(tmp
, buf
, len
);
208 for(i
= 0; i
< len
/ 16; i
++)
210 rc6_block_decrypt((uint32_t *)(tmp
+ i
* 16), (uint32_t *)(out
+ i
* 16), 1, cc
->cmd0c_RC6_cryptkey
);
218 case MODE_CMD_0x0C_RC4
: // RC4
220 cc_rc4_crypt(&cc
->cmd0c_cryptkey
, buf
, len
, ENCRYPT
);
221 memcpy(out
, buf
, len
);
225 case MODE_CMD_0x0C_CC_CRYPT
: // cc_crypt
227 cc_crypt(&cc
->cmd0c_cryptkey
, buf
, len
, DECRYPT
);
228 memcpy(out
, buf
, len
);
232 case MODE_CMD_0x0C_AES
: // AES
235 for(i
= 0; i
< len
/ 16; i
++)
237 AES_decrypt((uint8_t *)buf
+ i
* 16, (uint8_t *)out
+ i
* 16, &cc
->cmd0c_AES_key
);
242 case MODE_CMD_0x0C_IDEA
: // IDEA
249 idea_ecb_encrypt(buf
+ i
, out
+ i
, &cc
->cmd0c_IDEA_dkey
);
256 for(j
= 0; j
< 8; j
++)
258 out
[j
+ i
] ^= buf
[j
+ i
- 8];
266 memcpy(buf
, out
, len
);
270 void set_cmd0c_cryptkey(struct s_client
*cl
, uint8_t *key
, uint8_t len
)
272 struct cc_data
*cc
= cl
->cc
;
275 memset(&key_buf
, 0, sizeof(key_buf
));
282 memcpy(key_buf
, key
, len
);
284 switch(cc
->cmd0c_mode
)
286 case MODE_CMD_0x0C_NONE
: // NONE
291 case MODE_CMD_0x0C_RC6
: // RC6
293 rc6_key_setup(key_buf
, 32, cc
->cmd0c_RC6_cryptkey
);
297 case MODE_CMD_0x0C_RC4
: // RC4
298 case MODE_CMD_0x0C_CC_CRYPT
: // CC_CRYPT
300 cc_init_crypt(&cc
->cmd0c_cryptkey
, key_buf
, 32);
304 case MODE_CMD_0x0C_AES
: // AES
306 memset(&cc
->cmd0c_AES_key
, 0, sizeof(cc
->cmd0c_AES_key
));
307 AES_set_decrypt_key((uint8_t *)key_buf
, 256, &cc
->cmd0c_AES_key
);
311 case MODE_CMD_0x0C_IDEA
: // IDEA
313 uint8_t key_buf_idea
[16];
314 memcpy(key_buf_idea
, key_buf
, 16);
315 IDEA_KEY_SCHEDULE ekey
;
317 idea_set_encrypt_key(key_buf_idea
, &ekey
);
318 idea_set_decrypt_key(&ekey
, &cc
->cmd0c_IDEA_dkey
);
324 int32_t sid_eq(struct cc_srvid
*srvid1
, struct cc_srvid
*srvid2
)
326 return (srvid1
->sid
== srvid2
->sid
&& (srvid1
->chid
== srvid2
->chid
|| !srvid1
->chid
|| !srvid2
->chid
)
327 && (srvid1
->ecmlen
== srvid2
->ecmlen
|| !srvid1
->ecmlen
|| !srvid2
->ecmlen
));
330 int32_t sid_eq_nb(struct cc_srvid
*srvid1
, struct cc_srvid_block
*srvid2
)
332 return sid_eq(srvid1
, (struct cc_srvid
*)srvid2
);
335 int32_t sid_eq_bb(struct cc_srvid_block
*srvid1
, struct cc_srvid_block
*srvid2
)
337 return (srvid1
->sid
== srvid2
->sid
&& (srvid1
->chid
== srvid2
->chid
|| !srvid1
->chid
|| !srvid2
->chid
)
338 && (srvid1
->ecmlen
== srvid2
->ecmlen
|| !srvid1
->ecmlen
|| !srvid2
->ecmlen
)
339 && (srvid1
->blocked_till
== srvid2
->blocked_till
|| !srvid1
->blocked_till
|| !srvid2
->blocked_till
));
342 struct cc_srvid_block
*is_sid_blocked(struct cc_card
*card
, struct cc_srvid
*srvid_blocked
)
344 LL_ITER it
= ll_iter_create(card
->badsids
);
345 struct cc_srvid_block
*srvid
;
347 while((srvid
= ll_iter_next(&it
)))
349 if(sid_eq_nb(srvid_blocked
, srvid
))
357 uint32_t has_perm_blocked_sid(struct cc_card
*card
)
359 LL_ITER it
= ll_iter_create(card
->badsids
);
360 struct cc_srvid_block
*srvid
;
362 while((srvid
= ll_iter_next(&it
)))
364 if(srvid
->blocked_till
== 0)
369 return srvid
!= NULL
;
372 struct cc_srvid
*is_good_sid(struct cc_card
*card
, struct cc_srvid
*srvid_good
)
374 LL_ITER it
= ll_iter_create(card
->goodsids
);
375 struct cc_srvid
*srvid
;
377 while((srvid
= ll_iter_next(&it
)))
379 if(sid_eq(srvid
, srvid_good
))
387 #define BLOCKING_SECONDS 10
389 void add_sid_block(struct cc_card
*card
, struct cc_srvid
*srvid_blocked
, bool temporary
)
391 if(is_sid_blocked(card
, srvid_blocked
))
396 struct cc_srvid_block
*srvid
;
397 if(!cs_malloc(&srvid
, sizeof(struct cc_srvid_block
)))
401 memcpy(srvid
, srvid_blocked
, sizeof(struct cc_srvid
));
405 srvid
->blocked_till
= time(NULL
) + BLOCKING_SECONDS
;
408 ll_append(card
->badsids
, srvid
);
409 cs_log_dbg(D_READER
, "added sid block %04X(CHID %04X, length %d) for card %08x",
410 srvid_blocked
->sid
, srvid_blocked
->chid
, srvid_blocked
->ecmlen
, card
->id
);
413 void remove_sid_block(struct cc_card
*card
, struct cc_srvid
*srvid_blocked
)
415 LL_ITER it
= ll_iter_create(card
->badsids
);
416 struct cc_srvid_block
*srvid
;
418 while((srvid
= ll_iter_next(&it
)))
420 if(sid_eq_nb(srvid_blocked
, srvid
))
422 ll_iter_remove_data(&it
);
426 cs_log_dbg(D_READER
, "removed sid block %04X(CHID %04X, length %d) for card %08x",
427 srvid_blocked
->sid
, srvid_blocked
->chid
, srvid_blocked
->ecmlen
, card
->id
);
430 void add_good_sid(struct cc_card
*card
, struct cc_srvid
*srvid_good
)
432 if(is_good_sid(card
, srvid_good
))
437 remove_sid_block(card
, srvid_good
);
438 struct cc_srvid
*srvid
;
440 if(!cs_malloc(&srvid
, sizeof(struct cc_srvid
)))
445 memcpy(srvid
, srvid_good
, sizeof(struct cc_srvid
));
446 ll_append(card
->goodsids
, srvid
);
448 cs_log_dbg(D_READER
, "added good sid %04X(%d) for card %08x",
449 srvid_good
->sid
, srvid_good
->ecmlen
, card
->id
);
452 void remove_good_sid(struct cc_card
*card
, struct cc_srvid
*srvid_good
)
454 LL_ITER it
= ll_iter_create(card
->goodsids
);
455 struct cc_srvid
*srvid
;
457 while((srvid
= ll_iter_next(&it
)))
459 if(sid_eq(srvid
, srvid_good
))
461 ll_iter_remove_data(&it
);
465 cs_log_dbg(D_READER
, "removed good sid %04X(%d) for card %08x",
466 srvid_good
->sid
, srvid_good
->ecmlen
, card
->id
);
471 * clears and frees values for reinit
473 void cc_cli_close(struct s_client
*cl
, int32_t call_conclose
)
475 struct s_reader
*rdr
= cl
->reader
;
476 struct cc_data
*cc
= cl
->cc
;
485 rdr
->tcp_connected
= 0;
490 rdr
->card_status
= NO_CARD
;
495 rdr
->last_s
= rdr
->last_g
= 0;
503 if(call_conclose
) // clears also pending ecms!
505 network_tcp_connection_close(rdr
, "close");
518 cc
->just_logged_in
= 0;
521 struct cc_extended_ecm_idx
*add_extended_ecm_idx(struct s_client
*cl
, uint8_t send_idx
, uint16_t ecm_idx
,
522 struct cc_card
*card
, struct cc_srvid srvid
, int8_t free_card
)
524 struct cc_data
*cc
= cl
->cc
;
525 struct cc_extended_ecm_idx
*eei
;
527 if(!cs_malloc(&eei
, sizeof(struct cc_extended_ecm_idx
)))
532 eei
->send_idx
= send_idx
;
533 eei
->ecm_idx
= ecm_idx
;
535 eei
->cccam_id
= card
->id
;
537 eei
->free_card
= free_card
;
539 ll_append(cc
->extended_ecm_idx
, eei
);
540 //cs_log_dbg(D_TRACE, "%s add extended ecm-idx: %d:%d", getprefix(), send_idx, ecm_idx);
544 struct cc_extended_ecm_idx
*get_extended_ecm_idx(struct s_client
*cl
, uint8_t send_idx
, int32_t remove_item
)
546 struct cc_data
*cc
= cl
->cc
;
547 struct cc_extended_ecm_idx
*eei
;
548 LL_ITER it
= ll_iter_create(cc
->extended_ecm_idx
);
550 while((eei
= ll_iter_next(&it
)))
552 if(eei
->send_idx
== send_idx
)
559 //cs_log_dbg(D_TRACE, "%s get by send-idx: %d FOUND: %d", getprefix(), send_idx, eei->ecm_idx);
567 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s get by send-idx: %d NOT FOUND", getprefix(), send_idx
);
574 struct cc_extended_ecm_idx
*get_extended_ecm_idx_by_idx(struct s_client
*cl
, uint16_t ecm_idx
, int32_t remove_item
)
576 struct cc_data
*cc
= cl
->cc
;
577 struct cc_extended_ecm_idx
*eei
;
578 LL_ITER it
= ll_iter_create(cc
->extended_ecm_idx
);
580 while((eei
= ll_iter_next(&it
)))
582 if(eei
->ecm_idx
== ecm_idx
)
589 //cs_log_dbg(D_TRACE, "%s get by ecm-idx: %d FOUND: %d", getprefix(), ecm_idx, eei->send_idx);
597 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s get by ecm-idx: %d NOT FOUND", getprefix(), ecm_idx
);
604 void cc_reset_pending(struct s_client
*cl
, int32_t ecm_idx
)
608 for(i
= 0; i
< cfg
.max_pending
; i
++)
610 if(cl
->ecmtask
[i
].idx
== ecm_idx
&& cl
->ecmtask
[i
].rc
== E_ALREADY_SENT
)
612 cl
->ecmtask
[i
].rc
= E_UNHANDLED
; // Mark unused
617 void free_extended_ecm_idx_by_card(struct s_client
*cl
, struct cc_card
*card
, int8_t null_only
)
619 struct cc_data
*cc
= cl
->cc
;
620 struct cc_extended_ecm_idx
*eei
;
621 LL_ITER it
= ll_iter_create(cc
->extended_ecm_idx
);
623 while((eei
= ll_iter_next(&it
)))
625 if(eei
->card
== card
)
629 cc_reset_pending(cl
, eei
->ecm_idx
);
634 ll_iter_remove_data(&it
);
648 void free_extended_ecm_idx(struct cc_data
*cc
)
650 struct cc_extended_ecm_idx
*eei
;
651 LL_ITER it
= ll_iter_create(cc
->extended_ecm_idx
);
653 while((eei
= ll_iter_next(&it
)))
659 ll_iter_remove_data(&it
);
663 int32_t cc_recv_to(struct s_client
*cl
, uint8_t *buf
, int32_t len
)
671 pfd
.events
= POLLIN
| POLLPRI
;
673 rc
= poll(&pfd
, 1, cfg
.cc_recv_timeout
);
682 return -1; // error!!
687 if(pfd
.revents
& POLLHUP
)
689 return -1; // hangup = error!!
698 return -2; // timeout!!
701 return cs_recv(cl
->udp_fd
, buf
, len
, MSG_WAITALL
);
706 * closes the connection and reopens it.
708 static int8_t cc_cycle_connection(struct s_client
*cl
)
715 cs_log_dbg(D_TRACE
, "%s unlocked-cycleconnection! timeout %d ms", getprefix(), cl
->reader
->cc_reconnect
);
721 return cl
->reader
->tcp_connected
;
728 int32_t cc_msg_recv(struct s_client
*cl
, uint8_t *buf
, int32_t maxlen
)
730 struct s_reader
*rdr
= (cl
->typ
== 'c') ? NULL
: cl
->reader
;
733 struct cc_data
*cc
= cl
->cc
;
734 int32_t handle
= cl
->udp_fd
;
736 if(handle
<= 0 || maxlen
< 4)
746 cs_writelock(__func__
, &cc
->lockcmd
);
750 cs_writeunlock(__func__
, &cc
->lockcmd
);
754 len
= cs_recv(handle
, buf
, 4, MSG_WAITALL
);
756 if(len
!= 4) // invalid header length read
760 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s disconnected by remote server", getprefix());
764 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s invalid header length (expected 4, read %d)",
768 cs_writeunlock(__func__
, &cc
->lockcmd
);
772 cc_crypt(&cc
->block
[DECRYPT
], buf
, 4, DECRYPT
);
773 //cs_log_dump_dbg(D_CLIENT, buf, 4, "cccam: decrypted header:");
777 int32_t size
= (buf
[2] << 8) | buf
[3];
778 if(size
) // check if any data is expected in msg
782 cs_writeunlock(__func__
, &cc
->lockcmd
);
783 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s message too big (size=%d max=%d)",
784 getprefix(), size
, maxlen
);
788 len
= cs_recv(handle
, buf
+ 4, size
, MSG_WAITALL
);
790 if(rdr
&& buf
[1] == MSG_CW_ECM
)
792 rdr
->last_g
= time(NULL
);
797 cs_writeunlock(__func__
, &cc
->lockcmd
);
801 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s disconnected by remote", getprefix());
805 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s invalid message length read (expected %d, read %d)",
806 getprefix(), size
, len
);
811 cc_crypt(&cc
->block
[DECRYPT
], buf
+ 4, len
, DECRYPT
);
815 cs_writeunlock(__func__
, &cc
->lockcmd
);
817 //cs_log_dump_dbg(cl->typ=='c'?D_CLIENT:D_READER, buf, len, "cccam: full decrypted msg, len=%d:", len);
826 int32_t cc_cmd_send(struct s_client
*cl
, uint8_t *buf
, int32_t len
, cc_msg_type_t cmd
)
828 if(!cl
->udp_fd
) // disconnected
833 struct s_reader
*rdr
= (cl
->typ
== 'c') ? NULL
: cl
->reader
;
836 struct cc_data
*cc
= cl
->cc
;
838 if(!cl
->cc
|| cl
->kill
)
843 cs_writelock(__func__
, &cc
->lockcmd
);
845 if(!cl
->cc
|| cl
->kill
)
847 cs_writeunlock(__func__
, &cc
->lockcmd
);
852 if(!cs_malloc(&netbuf
, len
+ 4))
857 if(cmd
== MSG_NO_HEADER
)
859 memcpy(netbuf
, buf
, len
);
863 // build command message
864 netbuf
[0] = cc
->g_flag
; // flags?
865 netbuf
[1] = cmd
& 0xff;
866 netbuf
[2] = len
>> 8;
867 netbuf
[3] = len
& 0xff;
871 memcpy(netbuf
+ 4, buf
, len
);
876 cs_log_dump_dbg(D_CLIENT
, netbuf
, len
, "cccam: send:");
877 cc_crypt(&cc
->block
[ENCRYPT
], netbuf
, len
, ENCRYPT
);
879 n
= send(cl
->udp_fd
, netbuf
, len
, 0);
881 cs_writeunlock(__func__
, &cc
->lockcmd
);
893 cs_writeunlock(__func__
, &cc
->cards_busy
);
894 cs_disconnect_client(cl
);
902 #define CC_DEFAULT_VERSION 9
903 #define CC_VERSIONS 10
904 static char *version
[CC_VERSIONS
] = { "2.0.11", "2.1.1", "2.1.2", "2.1.3", "2.1.4", "2.2.0", "2.2.1", "2.3.0", "2.3.1", "2.3.2"};
905 static char *build
[CC_VERSIONS
] = { "2892", "2971", "3094", "3165", "3191", "3290", "3316", "3367", "9d508a", "4000"};
906 static char extcompat
[CC_VERSIONS
] = { 0, 0, 0, 0, 0, 1, 1, 1, 1, 1}; // Supporting new card format starting with 2.2.0
910 * checks the cccam-version in the configuration
912 void cc_check_version(char *cc_version
, char *cc_build
)
915 for(i
= 0; i
< CC_VERSIONS
; i
++)
917 if(!memcmp(cc_version
, version
[i
], strlen(version
[i
])))
919 memcpy(cc_build
, build
[i
], strlen(build
[i
]) + 1);
920 cs_log_dbg(D_CLIENT
, "cccam: auto build set for version: %s build: %s", cc_version
, cc_build
);
925 memcpy(cc_version
, version
[CC_DEFAULT_VERSION
], strlen(version
[CC_DEFAULT_VERSION
]));
926 memcpy(cc_build
, build
[CC_DEFAULT_VERSION
], strlen(build
[CC_DEFAULT_VERSION
]));
928 cs_log_dbg(D_CLIENT
, "cccam: auto version set: %s build: %s", cc_version
, cc_build
);
933 int32_t check_cccam_compat(struct cc_data
*cc
)
937 for(i
= 0; i
< CC_VERSIONS
; i
++)
939 if(!strcmp(cfg
.cc_version
, version
[i
]))
951 for(i
= 0; i
< CC_VERSIONS
; i
++)
953 if(!strcmp(cc
->remote_version
, version
[i
]))
965 * sends own version information to the CCCam server
967 int32_t cc_send_cli_data(struct s_client
*cl
)
969 struct s_reader
*rdr
= cl
->reader
;
970 struct cc_data
*cc
= cl
->cc
;
971 const int32_t size
= 20 + 8 + 6 + 26 + 4 + 28 + 1;
974 cs_log_dbg(D_READER
, "cccam: send client data");
976 memcpy(cc
->node_id
, cc_node_id
, sizeof(cc_node_id
));
978 memcpy(buf
, rdr
->r_usr
, sizeof(rdr
->r_usr
));
979 memcpy(buf
+ 20, cc
->node_id
, 8);
980 buf
[28] = rdr
->cc_want_emu
; // <-- Client wants to have EMUs, 0 - NO; 1 - YES
981 memcpy(buf
+ 29, rdr
->cc_version
, sizeof(rdr
->cc_version
)); // cccam version (ascii)
982 memcpy(buf
+ 61, rdr
->cc_build
, sizeof(rdr
->cc_build
)); // build number (ascii)
984 // multics seed already detected, now send multics 'WHO' for getting and confirming multics server
985 if(cc
->multics_mode
== 1)
987 memcpy(buf
+ 57, "W", 1);
988 memcpy(buf
+ 58, "H", 1);
989 memcpy(buf
+ 59, "O", 1);
992 cs_log_dbg(D_READER
, "%s sending own version: %s, build: %s", getprefix(), rdr
->cc_version
, rdr
->cc_build
);
994 return cc_cmd_send(cl
, buf
, size
, MSG_CLI_DATA
);
999 * sends version information to the client
1001 int32_t cc_send_srv_data(struct s_client
*cl
)
1003 struct cc_data
*cc
= cl
->cc
;
1005 cs_log_dbg(D_CLIENT
, "cccam: send server data");
1007 memcpy(cc
->node_id
, cc_node_id
, sizeof(cc_node_id
));
1010 memset(buf
, 0, 0x48);
1012 int32_t stealth
= cl
->account
->cccstealth
;
1015 stealth
= cfg
.cc_stealth
;
1023 memcpy(buf
, cc
->node_id
, 8);
1025 char cc_build
[7], tmp_dbg
[17];
1026 memset(cc_build
, 0, sizeof(cc_build
));
1027 cc_check_version((char *) cfg
.cc_version
, cc_build
);
1028 memcpy(buf
+ 8, cfg
.cc_version
, sizeof(cfg
.cc_version
)); // cccam version (ascii)
1029 memcpy(buf
+ 40, cc_build
, sizeof(cc_build
)); // build number (ascii)
1031 cs_log_dbg(D_CLIENT
, "%s version: %s, build: %s nodeid: %s", getprefix(),
1032 cfg
.cc_version
, cc_build
, cs_hexdump(0, cc
->peer_node_id
, 8, tmp_dbg
, sizeof(tmp_dbg
)));
1034 return cc_cmd_send(cl
, buf
, 0x48, MSG_SRV_DATA
);
1037 int32_t loop_check(uint8_t *myid
, struct s_client
*cl
)
1044 struct cc_data
*cc
= cl
->cc
;
1050 return !memcmp(myid
, cc
->peer_node_id
, sizeof(cc
->peer_node_id
)); // same nodeid? ignore
1055 * retrieves the next waiting ecm request
1057 int32_t cc_get_nxt_ecm(struct s_client
*cl
)
1059 struct cc_data
*cc
= cl
->cc
;
1060 ECM_REQUEST
*er
, *ern
= NULL
;
1061 int32_t n
, i
, pending
= 0;
1065 int32_t diff
= (int32_t)cfg
.ctimeout
+ 500;
1068 for(i
= 0; i
< cfg
.max_pending
; i
++)
1070 er
= &cl
->ecmtask
[i
];
1071 if((comp_timeb(&t
, &er
->tps
) >= diff
) && (er
->rc
>= E_NOCARD
)) // drop timeouts
1073 write_ecm_answer(cl
->reader
, er
, E_TIMEOUT
, 0, NULL
, NULL
, 0, NULL
);
1076 else if(er
->rc
>= E_NOCARD
&& er
->rc
<= E_UNHANDLED
) // stil active and waiting
1079 if(loop_check(cc
->peer_node_id
, er
->client
))
1081 cs_log_dbg(D_READER
, "%s ecm loop detected! client %s (%8lX)",
1082 getprefix(), er
->client
->account
->usr
, (unsigned long)er
->client
->thread
);
1083 write_ecm_answer(cl
->reader
, er
, E_NOTFOUND
, E2_CCCAM_LOOP
, NULL
, NULL
, 0, NULL
);
1087 // search for the ecm with the lowest time, this should be the next to go
1088 if(n
< 0 || (ern
->tps
.time
- er
->tps
.time
< 0))
1090 // check for already pending:
1091 if(cc
&& cc
->extended_mode
)
1096 for(found
= j
= 0; j
< cfg
.max_pending
; j
++)
1098 erx
= &cl
->ecmtask
[j
];
1099 if(i
!= j
&& erx
->rc
== E_ALREADY_SENT
1100 && er
->caid
== erx
->caid
&& er
->ecmd5
== erx
->ecmd5
)
1123 cl
->pending
= pending
;
1128 * sends the secret cmd05 answer to the server
1130 int32_t send_cmd05_answer(struct s_client
*cl
)
1132 struct cc_data
*cc
= cl
->cc
;
1133 if(!cc
->cmd05_active
|| cc
->ecm_busy
) // exit if not in cmd05 or waiting for ECM answer
1139 if(cc
->cmd05_active
)
1144 uint8_t *data
= cc
->cmd05_data
;
1145 cc_cmd05_mode cmd05_mode
= MODE_UNKNOWN
;
1147 // by Project: Keynation
1148 switch(cc
->cmd05_data_len
)
1150 case 0: // payload 0, return with payload 0!
1152 cc_cmd_send(cl
, NULL
, 0, MSG_CMD_05
);
1153 cmd05_mode
= MODE_LEN0
;
1159 cmd05_mode
= cc
->cmd05_mode
;
1162 case MODE_PLAIN
: // send plain unencrypted back
1164 cc_cmd_send(cl
, data
, 256, MSG_CMD_05
);
1168 case MODE_AES
: // encrypt with received aes128 key
1174 memcpy(aeskey
, cc
->cmd05_aeskey
, 16);
1175 memset(&key
, 0, sizeof(key
));
1177 AES_set_encrypt_key((uint8_t *) &aeskey
, 128, &key
);
1180 for(i
= 0; i
< 256; i
+= 16)
1182 AES_encrypt((uint8_t *)data
+ i
, (uint8_t *) &out
+ i
, &key
);
1185 cc_cmd_send(cl
, out
, 256, MSG_CMD_05
);
1189 case MODE_CC_CRYPT
: // encrypt with cc_crypt
1191 cc_crypt(&cc
->cmd05_cryptkey
, data
, 256, ENCRYPT
);
1192 cc_cmd_send(cl
, data
, 256, MSG_CMD_05
);
1196 case MODE_RC4_CRYPT
: // special xor crypt
1198 cc_rc4_crypt(&cc
->cmd05_cryptkey
, data
, 256, DECRYPT
);
1199 cc_cmd_send(cl
, data
, 256, MSG_CMD_05
);
1204 cmd05_mode
= MODE_UNKNOWN
;
1210 cmd05_mode
= MODE_UNKNOWN
;
1213 // unhandled types always needs cycle connection after 50 ECMs!
1214 if(cmd05_mode
== MODE_UNKNOWN
)
1216 cc_cmd_send(cl
, NULL
, 0, MSG_CMD_05
);
1217 if(!cc
->max_ecms
) // max_ecms already set?
1220 cc
->ecm_counter
= 0;
1224 cs_log_dbg(D_READER
, "%s sending CMD_05 back! MODE: %s len=%d",
1225 getprefix(), cmd05_mode_name
[cmd05_mode
], cc
->cmd05_data_len
);
1231 int32_t get_UA_ofs(uint16_t caid
)
1236 case 0x05: // VIACCESS
1237 case 0x0D: // CRYPTOWORKS
1240 case 0x4B: // TONGFANG
1241 case 0x09: // VIDEOGUARD
1245 case 0x00: // SECAMANAGMENT
1246 case 0x17: // BETACRYPT
1247 case 0x06: // IRDETO
1255 int32_t UA_len(uint8_t *ua
)
1259 for(i
= 0; i
< 8; i
++)
1268 void UA_left(uint8_t *in
, uint8_t *out
, int32_t ofs
)
1271 memcpy(out
, in
+ ofs
, 8 - ofs
);
1274 void UA_right(uint8_t *in
, uint8_t *out
, int32_t len
)
1280 memcpy(out
+ ofs
, in
, len
);
1293 * cccam uses UA right justified
1295 void cc_UA_oscam2cccam(uint8_t *in
, uint8_t *out
, uint16_t caid
)
1303 // case 0x17: //IRDETO/Betacrypt:
1304 // //oscam: AA BB CC DD 00 00 00 00
1305 // //cccam: 00 00 00 00 DD AA BB CC
1306 // out[4] = in[3]; //Hexbase
1312 // //Place here your own adjustments!
1315 if(caid_is_bulcrypt(caid
))
1324 hexserial_to_newcamd(in
, tmp
+ 2, caid
);
1325 UA_right(tmp
, out
, 8);
1329 * oscam has a special format, depends on offset or type:
1331 void cc_UA_cccam2oscam(uint8_t *in
, uint8_t *out
, uint16_t caid
)
1339 // case 0x17: //IRDETO/Betacrypt:
1340 // //cccam: 00 00 00 00 DD AA BB CC
1341 // //oscam: AA BB CC DD 00 00 00 00
1345 // out[3] = in[4]; //Hexbase
1348 // //Place here your own adjustments!
1351 if(caid_is_bulcrypt(caid
))
1360 int32_t ofs
= get_UA_ofs(caid
);
1361 UA_left(in
, tmp
, ofs
);
1362 newcamd_to_hexserial(tmp
, out
, caid
);
1365 void cc_SA_oscam2cccam(uint8_t *in
, uint8_t *out
)
1370 void cc_SA_cccam2oscam(uint8_t *in
, uint8_t *out
)
1375 int32_t cc_UA_valid(uint8_t *ua
)
1379 for(i
= 0; i
< 8; i
++)
1391 * Updates AU Data: UA (Unique ID / Hexserial) und SA (Shared ID - Provider)
1393 void set_au_data(struct s_client
*cl
, struct s_reader
*rdr
, struct cc_card
*card
, ECM_REQUEST
*cur_er
)
1395 if(rdr
->audisabled
|| !cc_UA_valid(card
->hexserial
))
1400 struct cc_data
*cc
= cl
->cc
;
1402 cc
->last_emm_card
= card
;
1404 cc_UA_cccam2oscam(card
->hexserial
, rdr
->hexserial
, rdr
->caid
);
1406 cs_log_dbg(D_EMM
, "%s au info: caid %04X UA: %s", getprefix(), card
->caid
,
1407 cs_hexdump(0, rdr
->hexserial
, 8, tmp_dbg
, sizeof(tmp_dbg
)));
1410 LL_ITER it2
= ll_iter_create(card
->providers
);
1411 struct cc_provider
*provider
;
1414 while((provider
= ll_iter_next(&it2
)))
1416 if(!cur_er
|| provider
->prov
== cur_er
->prid
|| !provider
->prov
|| !cur_er
->prid
)
1418 rdr
->prid
[p
][0] = provider
->prov
>> 24;
1419 rdr
->prid
[p
][1] = provider
->prov
>> 16;
1420 rdr
->prid
[p
][2] = provider
->prov
>> 8;
1421 rdr
->prid
[p
][3] = provider
->prov
& 0xFF;
1422 cc_SA_cccam2oscam(provider
->sa
, rdr
->sa
[p
]);
1424 cs_log_dbg(D_EMM
, "%s au info: provider: %06X:%02X%02X%02X%02X", getprefix(),
1425 provider
->prov
, provider
->sa
[0], provider
->sa
[1], provider
->sa
[2], provider
->sa
[3]);
1436 if(!rdr
->nprov
) // No Providers? Add null-provider
1438 memset(rdr
->prid
[0], 0, sizeof(rdr
->prid
[0]));
1442 rdr
->caid
= card
->caid
;
1445 rdr
->auprovid
= cur_er
->prid
;
1449 int32_t same_first_node(struct cc_card
*card1
, struct cc_card
*card2
)
1451 uint8_t *node1
= ll_has_elements(card1
->remote_nodes
);
1452 uint8_t *node2
= ll_has_elements(card2
->remote_nodes
);
1454 if(!node1
&& !node2
)
1456 return 1; // both NULL, same!
1459 if(!node1
|| !node2
)
1461 return 0; // one NULL, not same!
1464 return !memcmp(node1
, node2
, 8); // same?
1467 int32_t same_card2(struct cc_card
*card1
, struct cc_card
*card2
, int8_t compare_grp
)
1469 return (card1
->caid
== card2
->caid
&&
1470 card1
->card_type
== card2
->card_type
&&
1471 card1
->sidtab
== card2
->sidtab
&&
1472 (!compare_grp
|| card1
->grp
== card2
->grp
) &&
1473 !memcmp(card1
->hexserial
, card2
->hexserial
, sizeof(card1
->hexserial
)));
1476 int32_t same_card(struct cc_card
*card1
, struct cc_card
*card2
)
1478 return (card1
->remote_id
== card2
->remote_id
&&
1479 same_card2(card1
, card2
, 1) &&
1480 same_first_node(card1
, card2
));
1483 struct cc_card
*get_matching_card(struct s_client
*cl
, ECM_REQUEST
*cur_er
, int8_t chk_only
)
1485 struct cc_data
*cc
= cl
->cc
;
1486 struct s_reader
*rdr
= cl
->reader
;
1488 if(cl
->kill
|| !rdr
|| !cc
)
1493 struct cc_srvid cur_srvid
;
1494 cur_srvid
.sid
= cur_er
->srvid
;
1495 cur_srvid
.chid
= cur_er
->chid
;
1496 cur_srvid
.ecmlen
= cur_er
->ecmlen
;
1498 int32_t best_rating
= MIN_RATING
- 1, rating
;
1500 LL_ITER it
= ll_iter_create(cc
->cards
);
1501 struct cc_card
*card
= NULL
, *ncard
, *xcard
= NULL
;
1503 while((ncard
= ll_iter_next(&it
)))
1506 if(config_enabled(WITH_LB
))
1508 // accept beta card when beta-tunnel is on
1509 lb_match
= chk_only
&& cfg
.lb_mode
&& cfg
.lb_auto_betatunnel
&&
1510 ((caid_is_nagra(cur_er
->caid
) && caid_is_betacrypt(ncard
->caid
) && cfg
.lb_auto_betatunnel_mode
<= 3) ||
1511 (caid_is_betacrypt(cur_er
->caid
) && caid_is_nagra(ncard
->caid
) && cfg
.lb_auto_betatunnel_mode
>= 1));
1514 if((ncard
->caid
== cur_er
->caid
// caid matches
1515 || (rdr
->cc_want_emu
&& (ncard
->caid
== (cur_er
->caid
& 0xFF00))))
1516 || lb_match
) // or system matches if caid ends with 00 (needed for wantemu)
1518 int32_t goodSidCount
= ll_count(ncard
->goodsids
);
1519 int32_t badSidCount
= ll_count(ncard
->badsids
);
1520 struct cc_srvid
*good_sid
;
1521 struct cc_srvid_block
*blocked_sid
;
1523 if(goodSidCount
&& !badSidCount
) // only good sids -> check if sid is good
1525 good_sid
= is_good_sid(ncard
, &cur_srvid
);
1531 else if(!goodSidCount
&& badSidCount
) // only bad sids -> check if sid is bad
1533 blocked_sid
= is_sid_blocked(ncard
, &cur_srvid
);
1534 if(blocked_sid
&& (!chk_only
|| blocked_sid
->blocked_till
== 0))
1539 else if(goodSidCount
&& badSidCount
) // bad and good sids -> check not blocked and good
1541 blocked_sid
= is_sid_blocked(ncard
, &cur_srvid
);
1542 good_sid
= is_good_sid(ncard
, &cur_srvid
);
1544 if(blocked_sid
&& (!chk_only
|| blocked_sid
->blocked_till
== 0))
1555 if(!(rdr
->cc_want_emu
) && caid_is_nagra(ncard
->caid
) && (!xcard
|| ncard
->hop
< xcard
->hop
))
1557 xcard
= ncard
; // remember card (D+ / 1810 fix) if request has no provider, but card has
1560 rating
= ncard
->rating
- ncard
->hop
* HOP_RATING
;
1561 if(rating
< MIN_RATING
)
1563 rating
= MIN_RATING
;
1565 else if(rating
> MAX_RATING
)
1567 rating
= MAX_RATING
;
1570 if(!ll_count(ncard
->providers
)) // card has no providers:
1572 if(rating
> best_rating
)
1576 best_rating
= rating
; // ncard has been matched
1580 else // card has providers
1582 LL_ITER it2
= ll_iter_create(ncard
->providers
);
1583 struct cc_provider
*provider
;
1585 while((provider
= ll_iter_next(&it2
)))
1587 if(!cur_er
->prid
|| (provider
->prov
== cur_er
->prid
)) // provid matches
1589 if(rating
> best_rating
)
1593 best_rating
= rating
; // ncard has been matched
1603 card
= xcard
; // 18xx: if request has no provider and we have no card, we try this card
1609 // reopen all blocked sids for this srvid
1610 static void reopen_sids(struct cc_data
*cc
, int8_t ignore_time
, ECM_REQUEST
*cur_er
, struct cc_srvid
*cur_srvid
)
1612 time_t utime
= time(NULL
);
1613 struct cc_card
*card
;
1614 LL_ITER it
= ll_iter_create(cc
->cards
);
1616 while((card
= ll_iter_next(&it
)))
1618 if(card
->caid
== cur_er
->caid
) // caid matches
1620 LL_ITER it2
= ll_iter_create(card
->badsids
);
1621 struct cc_srvid_block
*srvid
;
1623 while((srvid
= ll_iter_next(&it2
)))
1625 if(srvid
->blocked_till
> 0 && sid_eq((struct cc_srvid
*)srvid
, cur_srvid
))
1627 if(ignore_time
|| srvid
->blocked_till
<= utime
)
1629 ll_iter_remove_data(&it2
);
1637 static int8_t cc_request_timeout(struct s_client
*cl
)
1639 struct s_reader
*rdr
= cl
->reader
;
1640 struct cc_data
*cc
= cl
->cc
;
1641 struct timeb timeout
;
1642 struct timeb cur_time
;
1644 if(!cc
|| !cc
->ecm_busy
)
1649 cs_ftime(&cur_time
);
1651 timeout
= cc
->ecm_time
;
1652 int32_t tt
= rdr
->cc_reconnect
;
1656 tt
= DEFAULT_CC_RECONNECT
;
1659 add_ms_to_timeb(&timeout
, tt
);
1661 return (comp_timeb(&cur_time
, &timeout
) >= 0);
1666 * sends a ecm request to the connected CCCam Server
1668 int32_t cc_send_ecm(struct s_client
*cl
, ECM_REQUEST
*er
)
1670 struct s_reader
*rdr
= cl
->reader
;
1672 //cs_log_dbg(D_TRACE, "%s cc_send_ecm", getprefix());
1673 if(!rdr
->tcp_connected
)
1679 struct cc_data
*cc
= cl
->cc
;
1680 struct cc_card
*card
= NULL
;
1682 ECM_REQUEST
*cur_er
;
1683 struct timeb cur_time
;
1684 cs_ftime(&cur_time
);
1686 if(!cc
|| (cl
->pfd
< 1) || !rdr
->tcp_connected
)
1690 cs_log_dbg(D_READER
, "%s server not init! ccinit=%d pfd=%d", rdr
->label
, cc
? 1 : 0, cl
->pfd
);
1691 write_ecm_answer(rdr
, er
, E_NOTFOUND
, E2_CCCAM_NOCARD
, NULL
, NULL
, 0, NULL
);
1697 if(rdr
->tcp_connected
!= 2)
1699 cs_log_dbg(D_READER
, "%s Waiting for CARDS", getprefix());
1703 // No Card? Waiting for shares
1704 if(!ll_has_elements(cc
->cards
))
1706 cs_log_dbg(D_READER
, "%s NO CARDS!", getprefix());
1710 cc
->just_logged_in
= 0;
1712 if(!cc
->extended_mode
)
1714 // Without extended mode, only one ecm at a time could be send
1715 // this is a limitation of "O" CCCam
1716 if(cc
->ecm_busy
> 0) // Unlock by NOK or ECM ACK
1718 cs_log_dbg(D_READER
, "%s ecm trylock: ecm busy, retrying later after msg-receive", getprefix());
1720 if(!cc_request_timeout(cl
))
1722 return 0; // pending send...
1725 if(!cc_cycle_connection(cl
))
1732 cs_log_dbg(D_READER
, "cccam: ecm trylock: got lock");
1735 int32_t processed_ecms
= 0;
1739 cc
->ecm_time
= cur_time
;
1741 // Search next ECM to send
1742 if((n
= cc_get_nxt_ecm(cl
)) < 0)
1744 if(!cc
->extended_mode
)
1749 cs_log_dbg(D_READER
, "%s no ecm pending!", getprefix());
1751 if(!cc_send_pending_emms(cl
))
1753 send_cmd05_answer(cl
);
1756 return 0; // no queued ecms
1759 cur_er
= &cl
->ecmtask
[n
];
1760 cur_er
->rc
= E_ALREADY_SENT
; // mark ECM as already send
1761 cs_log_dbg(D_READER
, "cccam: ecm-task %d", cur_er
->idx
);
1763 // sleepsend support
1764 static const char *typtext
[] = { "ok", "invalid", "sleeping" };
1766 if(cc
->sleepsend
&& cl
->stopped
)
1768 if(cur_er
->srvid
== cl
->lastsrvid
&& cur_er
->caid
== cl
->lastcaid
&& cur_er
->pid
== cl
->lastpid
)
1770 cs_log("%s is stopped - requested by server (%s)", cl
->reader
->label
, typtext
[cl
->stopped
]);
1772 if(!cc
->extended_mode
)
1777 write_ecm_answer(rdr
, cur_er
, E_STOPPED
, 0, NULL
, NULL
, 0, NULL
);
1786 cl
->lastsrvid
= cur_er
->srvid
;
1787 cl
->lastcaid
= cur_er
->caid
;
1788 cl
->lastpid
= cur_er
->pid
;
1789 // sleepsend support end
1791 struct cc_srvid cur_srvid
;
1792 cur_srvid
.sid
= cur_er
->srvid
;
1793 cur_srvid
.chid
= cur_er
->chid
;
1794 cur_srvid
.ecmlen
= cur_er
->ecmlen
;
1796 cs_readlock(__func__
, &cc
->cards_busy
);
1799 if(cfg
.cc_forward_origin_card
&& cur_er
->origin_reader
== rdr
&& cur_er
->origin_card
)
1801 it
= ll_iter_create(cc
->cards
);
1802 struct cc_card
*ncard
;
1804 while((ncard
= ll_iter_next(&it
)))
1806 if(ncard
== cur_er
->origin_card
) // Search the origin card
1808 card
= ncard
; // found it, use it!
1816 reopen_sids(cc
, 0, cur_er
, &cur_srvid
);
1817 card
= get_matching_card(cl
, cur_er
, 0);
1820 if(!card
&& has_srvid(rdr
->client
, cur_er
))
1822 reopen_sids(cc
, 1, cur_er
, &cur_srvid
);
1823 card
= get_matching_card(cl
, cur_er
, 0);
1829 if(!cs_malloc(&ecmbuf
, cur_er
->ecmlen
+ 13))
1834 // build ecm message
1835 ecmbuf
[0] = cur_er
->caid
>> 8;
1836 ecmbuf
[1] = cur_er
->caid
& 0xff;
1837 ecmbuf
[2] = cur_er
->prid
>> 24;
1838 ecmbuf
[3] = cur_er
->prid
>> 16;
1839 ecmbuf
[4] = cur_er
->prid
>> 8;
1840 ecmbuf
[5] = cur_er
->prid
& 0xff;
1841 ecmbuf
[6] = card
->id
>> 24;
1842 ecmbuf
[7] = card
->id
>> 16;
1843 ecmbuf
[8] = card
->id
>> 8;
1844 ecmbuf
[9] = card
->id
& 0xff;
1845 ecmbuf
[10] = cur_er
->srvid
>> 8;
1846 ecmbuf
[11] = cur_er
->srvid
& 0xff;
1847 ecmbuf
[12] = cur_er
->ecmlen
& 0xff;
1848 memcpy(ecmbuf
+ 13, cur_er
->ecm
, cur_er
->ecmlen
);
1850 uint8_t send_idx
= 1;
1851 if(cc
->extended_mode
)
1853 cc
->server_ecm_idx
++;
1855 if(cc
->server_ecm_idx
>= 256)
1857 cc
->server_ecm_idx
= 1;
1860 cc
->g_flag
= cc
->server_ecm_idx
; // Flag is used as index!
1861 send_idx
= cc
->g_flag
;
1864 struct cc_extended_ecm_idx
*eei
= get_extended_ecm_idx(cl
, send_idx
, 0);
1867 eei
->ecm_idx
= cur_er
->idx
;
1869 eei
->cccam_id
= card
->id
;
1870 eei
->srvid
= cur_srvid
;
1874 eei
= add_extended_ecm_idx(cl
, send_idx
, cur_er
->idx
, card
, cur_srvid
, 0);
1878 cs_readunlock(__func__
, &cc
->cards_busy
);
1882 eei
->tps
= cur_er
->tps
;
1884 rdr
->currenthops
= card
->hop
;
1885 rdr
->card_status
= CARD_INSERTED
;
1887 cs_log_dbg( D_READER
, "%s sending ecm for sid %04X(%d) to card %08x, hop %d, ecmtask %d",
1888 getprefix(), cur_er
->srvid
, cur_er
->ecmlen
, card
->id
, card
->hop
, cur_er
->idx
);
1890 cl
->reader
->last_s
= time(NULL
);
1891 cc_cmd_send(cl
, ecmbuf
, cur_er
->ecmlen
+ 13, MSG_CW_ECM
); // send ecm
1896 set_au_data(cl
, rdr
, card
, cur_er
);
1897 cs_readunlock(__func__
, &cc
->cards_busy
);
1900 if(cc
->extended_mode
)
1902 continue; // process next pending ecm!
1909 // When connecting, it could happen than ecm requests come before all cards are received.
1910 // So if the last Message was a MSG_NEW_CARD, this "card receiving" is not already done
1911 // if this happens, we do not autoblock it and do not set rc status
1912 // So fallback could resolve it
1913 if(cc
->last_msg
!= MSG_NEW_CARD
&& cc
->last_msg
!= MSG_NEW_CARD_SIDINFO
1914 && cc
->last_msg
!= MSG_CARD_REMOVED
&& !cc
->just_logged_in
)
1916 cs_log_dbg(D_READER
, "%s no suitable card on server", getprefix());
1918 write_ecm_answer(rdr
, cur_er
, E_NOTFOUND
, E2_CCCAM_NOCARD
, NULL
, NULL
, 0, NULL
);
1923 rdr
->last_s
= rdr
->last_g
;
1925 reopen_sids(cc
, 0, cur_er
, &cur_srvid
);
1929 // We didn't find a card and the last message was MSG_CARD_REMOVED,
1930 // so we wait for a new card and process die ecm later
1931 cur_er
->rc
= E_WAITING
; // mark as waiting
1934 cs_readunlock(__func__
, &cc
->cards_busy
);
1936 // process next pending ecm!
1938 while(cc
->extended_mode
|| processed_ecms
== 0);
1940 // Now mark all waiting as unprocessed
1942 for(i
= 0; i
< cfg
.max_pending
; i
++)
1944 er
= &cl
->ecmtask
[i
];
1945 if(er
->rc
== E_WAITING
)
1947 er
->rc
= E_UNHANDLED
;
1951 if(!cc
->extended_mode
)
1959 /*int32_t cc_abort_user_ecms()
1963 struct cc_data *cc = rdr->cc;
1965 t = time((time_t *)0);
1966 for(i = 1, n = 1; i < cfg.max_pending; i++)
1968 if((t-cl->ecmtask[i].tps.time > ((cfg.ctimeout + 500) / 1000) + 1) && (cl->ecmtask[i].rc >= 10)) // drop timeouts
1970 cl->ecmtask[i].rc=0;
1973 int32_t td = abs(comp_timeb(&ecmtask[i].tps, &cc->found->tps);
1974 if(ecmtask[i].rc >= 10 && ecmtask[i].cidx == cc->found->cidx && &ecmtask[i] != cc->found)
1976 cs_log("aborting idx:%d caid:%04x client:%d timedelta:%d",ecmtask[i].idx,ecmtask[i].caid,ecmtask[i].cidx,td);
1978 ecmtask[i].rcEx = 7;
1979 write_ecm_answer(rdr, fd_c2m, &ecmtask[i], 0, NULL);
1985 int32_t cc_send_pending_emms(struct s_client
*cl
)
1987 struct cc_data
*cc
= cl
->cc
;
1993 LL_ITER it
= ll_iter_create(cc
->pending_emms
);
1997 if((emmbuf
= ll_iter_next(&it
)))
1999 if(!cc
->extended_mode
)
2001 if(cc
->ecm_busy
> 0) // Unlock by NOK or ECM ACK
2003 return 0; // send later with cc_send_ecm
2008 // Support for emmsize > 256 bytes
2009 size
= (emmbuf
[11] | (emmbuf
[2] << 8)) + 12;
2012 cc
->just_logged_in
= 0;
2013 cs_ftime(&cc
->ecm_time
);
2015 cs_log_dbg(D_EMM
, "%s emm send for card %08X", getprefix(), b2i(4, emmbuf
+ 7));
2017 cc_cmd_send(cl
, emmbuf
, size
, MSG_EMM_ACK
); // send emm
2018 cl
->last
= time(NULL
);
2019 cl
->reader
->last_g
= time(NULL
);
2020 cl
->reader
->last_s
= time(NULL
);
2022 ll_iter_remove_data(&it
);
2030 * find card by hexserial
2032 struct cc_card
*get_card_by_hexserial(struct s_client
*cl
, uint8_t *hexserial
, uint16_t caid
)
2034 struct cc_data
*cc
= cl
->cc
;
2035 LL_ITER it
= ll_iter_create(cc
->cards
);
2036 struct cc_card
*card
;
2038 while((card
= ll_iter_next(&it
)))
2040 if(card
->caid
== caid
&& memcmp(card
->hexserial
, hexserial
, 8) == 0) // found it!
2051 * Copied from http://85.17.209.13:6100/file/8ec3c0c5d257/systems/cardclient/cccam2.c
2054 int32_t cc_send_emm(EMM_PACKET
*ep
)
2056 struct s_client
*cl
= cur_client();
2057 struct s_reader
*rdr
= cl
->reader
;
2059 if(!rdr
->tcp_connected
)
2064 struct cc_data
*cc
= cl
->cc
;
2066 if(!cc
|| (cl
->pfd
< 1) || !rdr
->tcp_connected
)
2068 cs_log_dbg(D_READER
, "%s server not init! ccinit=%d pfd=%d", getprefix(), cc
? 1 : 0, cl
->pfd
);
2074 cs_log_dbg(D_READER
, "%s au is disabled", getprefix());
2078 uint16_t caid
= b2i(2, ep
->caid
);
2080 // Last used card is first card of current_cards
2081 cs_readlock(__func__
, &cc
->cards_busy
);
2083 struct cc_card
*emm_card
= cc
->last_emm_card
;
2090 cc_UA_oscam2cccam(ep
->hexserial
, hs
, caid
);
2092 cs_log_dbg(D_EMM
, "%s au info: searching card for caid %04X oscam-UA: %s",
2093 getprefix(), b2i(2, ep
->caid
), cs_hexdump(0, ep
->hexserial
, 8, tmp_dbg
, sizeof(tmp_dbg
)));
2095 cs_log_dbg(D_EMM
, "%s au info: searching card for caid %04X cccam-UA: %s",
2096 getprefix(), b2i(2, ep
->caid
), cs_hexdump(0, hs
, 8, tmp_dbg
, sizeof(tmp_dbg
)));
2098 emm_card
= get_card_by_hexserial(cl
, hs
, caid
);
2101 if(!emm_card
) // Card for emm not found!
2103 cs_log_dbg(D_EMM
, "%s emm for client %8lX not possible, no card found!",
2104 getprefix(), (unsigned long)ep
->client
->thread
);
2106 cs_readunlock(__func__
, &cc
->cards_busy
);
2110 cs_log_dbg(D_EMM
, "%s emm received for client %8lX caid %04X for card %08X",
2111 getprefix(), (unsigned long)ep
->client
->thread
, caid
, emm_card
->id
);
2113 int32_t size
= ep
->emmlen
+ 12;
2116 if(!cs_malloc(&emmbuf
, size
))
2121 // build ecm message
2122 emmbuf
[0] = ep
->caid
[0];
2123 emmbuf
[1] = ep
->caid
[1];
2124 emmbuf
[2] = ep
->emmlen
>> 8; // Support for emm len > 256 bytes
2125 emmbuf
[3] = ep
->provid
[0];
2126 emmbuf
[4] = ep
->provid
[1];
2127 emmbuf
[5] = ep
->provid
[2];
2128 emmbuf
[6] = ep
->provid
[3];
2129 emmbuf
[7] = emm_card
->id
>> 24;
2130 emmbuf
[8] = emm_card
->id
>> 16;
2131 emmbuf
[9] = emm_card
->id
>> 8;
2132 emmbuf
[10] = emm_card
->id
& 0xff;
2133 emmbuf
[11] = ep
->emmlen
& 0xff;
2134 memcpy(emmbuf
+ 12, ep
->emm
, ep
->emmlen
);
2136 cs_readunlock(__func__
, &cc
->cards_busy
);
2138 ll_append(cc
->pending_emms
, emmbuf
);
2139 cc_send_pending_emms(cl
);
2144 void cc_free_card(struct cc_card
*card
)
2151 ll_destroy_data(&card
->providers
);
2152 ll_destroy_data(&card
->badsids
);
2153 ll_destroy_data(&card
->goodsids
);
2154 ll_destroy_data(&card
->remote_nodes
);
2159 struct cc_card
*cc_get_card_by_id(uint32_t card_id
, LLIST
*cards
)
2166 LL_ITER it
= ll_iter_create(cards
);
2167 struct cc_card
*card
;
2169 while((card
= ll_iter_next(&it
)))
2171 if(card
->id
== card_id
)
2180 void cc_free_cardlist(LLIST
*card_list
, int32_t destroy_list
)
2184 LL_ITER it
= ll_iter_create(card_list
);
2185 struct cc_card
*card
;
2187 while((card
= ll_iter_next_remove(&it
)))
2194 ll_destroy(&card_list
);
2200 * Clears and free the cc datas
2202 void cc_free(struct s_client
*cl
)
2204 struct cc_data
*cc
= cl
->cc
;
2212 cs_writelock(__func__
, &cc
->lockcmd
);
2214 cs_log_dbg(D_TRACE
, "exit cccam1/3");
2215 cc_free_cardlist(cc
->cards
, 1);
2216 ll_destroy_data(&cc
->pending_emms
);
2217 free_extended_ecm_idx(cc
);
2218 ll_destroy_data(&cc
->extended_ecm_idx
);
2220 cs_writeunlock(__func__
, &cc
->lockcmd
);
2222 cs_log_dbg(D_TRACE
, "exit cccam2/3");
2224 add_garbage(cc
->prefix
);
2227 cs_log_dbg(D_TRACE
, "exit cccam3/3");
2230 int32_t is_null_dcw(uint8_t *dcw
)
2233 for(i
= 0; i
< 15; i
++)
2239 /*int32_t is_dcw_corrupted(uint8_t *dcw)
2244 for(i = 0; i < 16; i += 4)
2246 c = (dcw[i] + dcw[i + 1] + dcw[i + 2]) & 0xFF;
2257 int32_t check_extended_mode(struct s_client
*cl
, char *msg
)
2259 // Extended mode: if PARTNER String is ending with [PARAM], extended mode is activated
2260 // For future compatibilty the syntax should be compatible with
2261 // [PARAM1,PARAM2...PARAMn]
2263 // EXT: Extended ECM Mode: Multiple ECMs could be send and received
2264 // ECMs are numbered, Flag (byte[0] is the index
2266 // SID: Exchange of good sids/bad sids activated (like cccam 2.2.x)
2267 // card exchange command MSG_NEW_CARD_SIDINFO instead MSG_NEW_CARD is used
2269 // SLP: Sleepsend supported, like camd35
2272 struct cc_data
*cc
= cl
->cc
;
2273 char *saveptr1
= NULL
;
2274 int32_t has_param
= 0;
2275 char *p
= strtok_r(msg
, "[", &saveptr1
);
2279 p
= strtok_r(NULL
, ",]", &saveptr1
);
2280 if(p
&& strncmp(p
, "EXT", 3) == 0)
2282 cc
->extended_mode
= 1;
2283 cs_log_dbg(D_CLIENT
, "%s extended ECM mode", getprefix());
2286 else if(p
&& strncmp(p
, "SID", 3) == 0)
2289 cs_log_dbg(D_CLIENT
, "%s extra SID mode", getprefix());
2292 else if(p
&& strncmp(p
, "SLP", 3) == 0)
2295 cs_log_dbg(D_CLIENT
, "%s sleepsend", getprefix());
2304 struct s_client
*cl
= cur_client();
2305 struct s_reader
*rdr
= cl
->reader
;
2306 struct cc_data
*cc
= cl
->cc
;
2310 cc_cli_close(cl
, 0);
2313 if(rdr
&& !rdr
->tcp_connected
&& (rdr
->cc_keepalive
|| (rdr
->tcp_ito
== -1 && (rdr
->last_s
!= 0 || rdr
->last_g
!= 0))))
2318 if(!rdr
|| !rdr
->tcp_connected
|| !cl
|| !cc
)
2323 time_t now
= time(NULL
);
2325 if(rdr
->cc_keepalive
)
2327 if(cc_cmd_send(cl
, NULL
, 0, MSG_KEEPALIVE
) > 0)
2329 cs_log_dbg(D_READER
, "cccam: keepalive");
2338 cl
->reader
->last_s
= now
;
2339 cl
->reader
->last_g
= now
;
2346 //cs_log("last_s - now = %d, last_g - now = %d, tcp_ito=%d",
2347 // abs(rdr->last_s - now), abs(rdr->last_g - now), rdr->tcp_ito);
2349 // check inactivity timeout
2350 if(rdr
->tcp_ito
> 0)
2352 // inactivity timeout is entered in seconds in webif!
2353 if((llabs(rdr
->last_s
- now
) > rdr
->tcp_ito
) && (llabs(rdr
->last_g
- now
) > rdr
->tcp_ito
))
2355 rdr_log_dbg(rdr
, D_READER
, "inactive_timeout, close connection (fd=%d)", rdr
->client
->pfd
);
2356 network_tcp_connection_close(rdr
, "inactivity");
2361 // check read timeout
2362 int32_t rto
= llabs(rdr
->last_g
- now
);
2363 //cs_log("last_g - now = %d, rto=%d", rto, rdr->tcp_rto);
2365 // this is also entered in seconds, actually its an receive timeout!
2366 if(rto
> (rdr
->tcp_rto
) && (rdr
->last_g
!= 0 || rdr
->last_s
!= 0) && rdr
->last_s
!= rdr
->last_g
)
2368 rdr_log_dbg(rdr
, D_READER
, "read timeout, close connection (fd=%d)", rdr
->client
->pfd
);
2369 network_tcp_connection_close(rdr
, "rto");
2375 struct cc_card
*read_card(uint8_t *buf
, int32_t buflen
, int32_t ext
)
2377 struct cc_card
*card
;
2378 int16_t nprov
, nassign
= 0, nreject
= 0;
2379 int32_t offset
= 21;
2386 if(!cs_malloc(&card
, sizeof(struct cc_card
)))
2391 card
->providers
= ll_create("providers");
2392 card
->badsids
= ll_create("badsids");
2393 card
->goodsids
= ll_create("goodsids");
2394 card
->remote_nodes
= ll_create("remote_nodes");
2395 card
->id
= b2i(4, buf
);
2396 card
->remote_id
= b2i(4, buf
+ 4);
2397 card
->caid
= b2i(2, buf
+ 8);
2398 card
->hop
= buf
[10];
2399 card
->reshare
= buf
[11];
2401 card
->card_type
= CT_REMOTECARD
;
2402 memcpy(card
->hexserial
, buf
+ 12, 8); // HEXSERIAL!!
2404 //cs_log_dbg(D_CLIENT, "cccam: card %08x added, caid %04X, hop %d, key %s, count %d", card->id, card->caid,
2405 // card->hop, cs_hexdump(0, card->hexserial, 8, tmp_dbg, sizeof(tmp_dbg)), ll_count(cc->cards));
2423 if(buflen
< (offset
+ (nprov
* 7)))
2430 for(i
= 0; i
< nprov
; i
++) // providers
2432 struct cc_provider
*prov
;
2433 if(!cs_malloc(&prov
, sizeof(struct cc_provider
)))
2438 prov
->prov
= b2i(3, buf
+ offset
);
2439 if(prov
->prov
== 0xFFFFFF && caid_is_betacrypt(card
->caid
))
2444 memcpy(prov
->sa
, buf
+ offset
+ 3, 4);
2445 //cs_log_dbg(D_CLIENT, " prov %d, %06x, sa %08x", i + 1, prov->prov, b2i(4, prov->sa));
2447 ll_append(card
->providers
, prov
);
2453 if(buflen
< (offset
+ (nassign
* 2) + (nreject
* 2)))
2459 for(i
= 0; i
< nassign
; i
++)
2461 uint16_t sid
= b2i(2, buf
+ offset
);
2462 //cs_log_dbg(D_CLIENT, " assigned sid = %04X, added to good sid list", sid);
2464 struct cc_srvid
*srvid
;
2465 if(!cs_malloc(&srvid
, sizeof(struct cc_srvid
)))
2473 ll_append(card
->goodsids
, srvid
);
2477 for(i
= 0; i
< nreject
; i
++)
2479 uint16_t sid
= b2i(2, buf
+ offset
);
2480 //cs_log_dbg(D_CLIENT, " rejected sid = %04X, added to sid block list", sid);
2482 struct cc_srvid_block
*srvid
;
2483 if(!cs_malloc(&srvid
, sizeof(struct cc_srvid_block
)))
2491 srvid
->blocked_till
= 0;
2492 ll_append(card
->badsids
, srvid
);
2497 if(buflen
< (offset
+ 1))
2502 int16_t remote_count
= buf
[offset
];
2505 if(buflen
< (offset
+ (remote_count
* 8)))
2511 for(i
= 0; i
< remote_count
; i
++)
2513 uint8_t *remote_node
;
2514 if(!cs_malloc(&remote_node
, 8))
2519 memcpy(remote_node
, buf
+ offset
, 8);
2520 ll_append(card
->remote_nodes
, remote_node
);
2527 void cc_card_removed(struct s_client
*cl
, uint32_t shareid
)
2529 struct cc_data
*cc
= cl
->cc
;
2530 struct cc_card
*card
;
2531 LL_ITER it
= ll_iter_create(cc
->cards
);
2533 while((card
= ll_iter_next(&it
)))
2535 if(card
->id
== shareid
) // && card->sub_id == b2i (3, buf + 9)) {
2537 //cs_log_dbg(D_CLIENT, "cccam: card %08x removed, caid %04X, count %d",
2538 // card->id, card->caid, ll_count(cc->cards));
2540 ll_iter_remove(&it
);
2541 if(cc
->last_emm_card
== card
)
2543 cc
->last_emm_card
= NULL
;
2544 cs_log_dbg(D_READER
, "%s current card %08x removed!", getprefix(), card
->id
);
2547 free_extended_ecm_idx_by_card(cl
, card
, 1);
2553 else if(card
->hop
== 2)
2562 if(card
->reshare
== 0)
2566 else if(card
->reshare
== 1)
2570 else if(card
->reshare
== 2)
2579 cs_log_dbg(D_TRACE
, "%s card removed: id %8X remoteid %8X caid %4X hop %d reshare %d originid %8X cardtype %d",
2580 getprefix(), card
->id
, card
->remote_id
, card
->caid
, card
->hop
, card
->reshare
, card
->origin_id
, card
->card_type
);
2583 cc
->card_removed_count
++;
2589 void move_card_to_end(struct s_client
*cl
, struct cc_card
*card_to_move
)
2591 struct cc_data
*cc
= cl
->cc
;
2592 LL_ITER it
= ll_iter_create(cc
->cards
);
2593 struct cc_card
*card
;
2595 while((card
= ll_iter_next(&it
)))
2597 if(card
== card_to_move
)
2599 ll_iter_remove(&it
);
2606 cs_log_dbg(D_READER
, "%s Moving card %08X to the end...", getprefix(), card_to_move
->id
);
2607 free_extended_ecm_idx_by_card(cl
, card
, 0);
2608 ll_append(cc
->cards
, card_to_move
);
2612 /*void fix_dcw(uint8_t *dcw)
2616 for(i = 0; i < 16; i += 4)
2618 dcw[i + 3] = (dcw[i] + dcw[i + 1] + dcw[i + 2]) & 0xFF;
2622 void addParam(char *param
, char *value
)
2624 if(strlen(param
) < 4)
2626 strcat(param
, value
);
2631 strcat(param
, value
);
2635 static void chk_peer_node_for_oscam(struct cc_data
*cc
)
2637 if(!cc
->is_oscam_cccam
) // Allready discovered oscam-cccam
2639 uint16_t sum
= 0x1234;
2640 uint16_t recv_sum
= (cc
->peer_node_id
[6] << 8) | cc
->peer_node_id
[7];
2643 for(i
= 0; i
< 6; i
++)
2645 sum
+= cc
->peer_node_id
[i
];
2648 // Create special data to detect oscam-cccam
2649 cc
->is_oscam_cccam
= sum
== recv_sum
;
2653 #ifdef MODULE_CCCSHARE
2654 static void cc_s_idle(struct s_client
*cl
)
2656 cs_log_dbg(D_TRACE
, "ccc idle %s", username(cl
));
2657 if(cfg
.cc_keep_connected
)
2659 cc_cmd_send(cl
, NULL
, 0, MSG_KEEPALIVE
);
2660 cl
->last
= time(NULL
);
2664 cs_log_dbg(D_CLIENT
, "%s keepalive after maxidle is reached", getprefix());
2665 cs_disconnect_client(cl
);
2670 int32_t cc_parse_msg(struct s_client
*cl
, uint8_t *buf
, int32_t l
)
2672 struct s_reader
*rdr
= (cl
->typ
== 'c') ? NULL
: cl
->reader
;
2673 int32_t ret
= buf
[1];
2674 struct cc_data
*cc
= cl
->cc
;
2682 cs_log_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, "%s parse_msg=%d", getprefix(), buf
[1]);
2684 uint8_t *data
= buf
+ 4;
2691 memcpy(&cc
->receive_buffer
, data
, l
- 4);
2692 cc
->last_msg
= buf
[1];
2698 cs_log_dbg(D_CLIENT
, "cccam: client data ack");
2705 cs_log_dbg(D_READER
, "%s MSG_SRV_DATA (payload=%d, hex=%02X)", getprefix(), l
, l
);
2706 data
= cc
->receive_buffer
;
2708 if(l
== 0x48) // 72 bytes: normal server data
2710 cs_writelock(__func__
, &cc
->cards_busy
);
2711 cc_free_cardlist(cc
->cards
, 0);
2712 free_extended_ecm_idx(cc
);
2713 cc
->last_emm_card
= NULL
;
2717 cc
->num_reshare0
= 0;
2718 cc
->num_reshare1
= 0;
2719 cc
->num_reshare2
= 0;
2720 cc
->num_resharex
= 0;
2721 cs_writeunlock(__func__
, &cc
->cards_busy
);
2723 memcpy(cc
->peer_node_id
, data
, 8);
2724 memcpy(cc
->peer_version
, data
+ 8, 8);
2726 memcpy(cc
->cmd0b_aeskey
, cc
->peer_node_id
, 8);
2727 memcpy(cc
->cmd0b_aeskey
+ 8, cc
->peer_version
, 8);
2729 cs_strncpy(cc
->remote_version
, (char *)data
+ 8, sizeof(cc
->remote_version
));
2730 cs_strncpy(cc
->remote_build
, (char *)data
+ 40, sizeof(cc
->remote_build
));
2731 cc
->remote_build_nr
= atoi(cc
->remote_build
);
2733 // multics server response
2734 if(data
[33] == 'M' && data
[34] == 'C' && data
[35] == 'S')
2736 cc
->multics_mode
= 2; // multics server finaly confirmed.
2737 cc
->multics_version
[0] = data
[37];
2738 cc
->multics_version
[1] = data
[38];
2739 cs_log_dbg(D_READER
, "multics detected: %s!", getprefix());
2742 cs_log_dbg(D_READER
, "%s remote server %s running v%s (%s)", getprefix(), cs_hexdump(0,
2743 cc
->peer_node_id
, 8, tmp_dbg
, sizeof(tmp_dbg
)), cc
->remote_version
, cc
->remote_build
);
2745 chk_peer_node_for_oscam(cc
);
2746 // Trick: when discovered partner is an Oscam Client, then we send him our version string:
2747 if(cc
->is_oscam_cccam
)
2750 snprintf((char *)token
, sizeof(token
), "PARTNER: OSCam v%s, build r%s (%s) [EXT,SID,SLP]",
2751 CS_VERSION
, CS_SVN_VERSION
, CS_TARGET
);
2753 cc_cmd_send(cl
, token
, strlen((char *)token
) + 1, MSG_CW_NOK1
);
2756 cc
->cmd05_mode
= MODE_PLAIN
;
2758 // Keyoffset is payload-size:
2761 else if(l
>= 0x00 && l
<= 0x0F)
2763 cc
->cmd05_offset
= l
;
2765 // 16..43 bytes: RC4 encryption
2768 else if((l
>= 0x10 && l
<= 0x1f) || (l
>= 0x24 && l
<= 0x2b))
2770 cc_init_crypt(&cc
->cmd05_cryptkey
, data
, l
);
2771 cc
->cmd05_mode
= MODE_RC4_CRYPT
;
2773 // 32 bytes: set AES128 key for CMD_05, Key=16 bytes offset keyoffset
2778 memcpy(cc
->cmd05_aeskey
, data
+ cc
->cmd05_offset
, 16);
2779 cc
->cmd05_mode
= MODE_AES
;
2781 // 33 bytes: xor-algo mit payload-bytes, offset keyoffset
2786 cc_init_crypt(&cc
->cmd05_cryptkey
, data
+ cc
->cmd05_offset
, l
);
2787 cc
->cmd05_mode
= MODE_CC_CRYPT
;
2789 // 34 bytes: cmd_05 plain back
2794 cc
->cmd05_mode
= MODE_PLAIN
;
2796 // 35 bytes: Unknown!! 2 256 byte keys exchange
2801 cc
->cmd05_mode
= MODE_UNKNOWN
;
2802 cc_cycle_connection(cl
);
2804 // 44 bytes: set aes128 key, Key=16 bytes [Offset=len(password)]
2809 memcpy(cc
->cmd05_aeskey
, data
+ strlen(rdr
->r_pwd
), 16);
2810 cc
->cmd05_mode
= MODE_AES
;
2812 // 45 bytes: set aes128 key, Key=16 bytes [Offset=len(username)]
2817 memcpy(cc
->cmd05_aeskey
, data
+ strlen(rdr
->r_usr
), 16);
2818 cc
->cmd05_mode
= MODE_AES
;
2825 cs_log_dbg(D_READER
, "%s received improper MSG_SRV_DATA! No change to current mode, mode=%d",
2826 getprefix(), cc
->cmd05_mode
);
2830 cs_log_dbg(D_READER
, "%s MSG_SRV_DATA MODE=%s, len=%d", getprefix(), cmd05_mode_name
[cc
->cmd05_mode
], l
);
2834 case MSG_NEW_CARD_SIDINFO
:
2842 uint16_t caid
= b2i(2, buf
+ 12);
2844 // filter caid == 0 and maxhop
2845 if(!caid
|| buf
[14] >= rdr
->cc_maxhops
+ 1)
2851 if(buf
[15] < rdr
->cc_mindown
)
2857 if(!chk_ctab(caid
, &rdr
->ctab
))
2862 rdr
->tcp_connected
= 2; // we have card
2863 rdr
->card_status
= CARD_INSERTED
;
2865 cs_writelock(__func__
, &cc
->cards_busy
);
2866 struct cc_card
*card
= read_card(data
, l
- 4, buf
[1] == MSG_NEW_CARD_SIDINFO
);
2870 cs_writeunlock(__func__
, &cc
->cards_busy
);
2874 card
->origin_reader
= rdr
;
2875 card
->origin_id
= card
->id
;
2876 card
->grp
= rdr
->grp
;
2877 card
->rdr_reshare
= rdr
->cc_reshare
> -1 ? rdr
->cc_reshare
: cfg
.cc_reshare
;
2879 // Check if this card is from us
2880 LL_ITER it
= ll_iter_create(card
->remote_nodes
);
2883 while((node_id
= ll_iter_next(&it
)))
2885 if(memcmp(node_id
, cc_node_id
, sizeof(cc_node_id
)) == 0) // this card is from us!
2887 cs_log_dbg(D_READER
, "filtered card because of recursive nodeid: id=%08X, caid=%04X", card
->id
, card
->caid
);
2894 #ifdef MODULE_CCCSHARE
2895 // Check Ident filter
2898 if(!chk_ident(&rdr
->ftab
, card
))
2907 // Check if we already have this card
2908 it
= ll_iter_create(cc
->cards
);
2909 struct cc_card
*old_card
;
2911 while((old_card
= ll_iter_next(&it
)))
2913 // We already have this card, delete it
2914 if(old_card
->id
== card
->id
|| same_card(old_card
, card
))
2924 card
->card_type
= CT_REMOTECARD
;
2925 ll_append(cc
->cards
, card
);
2926 set_au_data(cl
, rdr
, card
, NULL
);
2927 cc
->card_added_count
++;
2934 else if(card
->hop
== 2)
2943 if(card
->reshare
== 0)
2947 else if(card
->reshare
== 1)
2951 else if(card
->reshare
== 2)
2960 cs_log_dbg(D_TRACE
, "%s card added: id %8X remoteid %8X caid %4X hop %d reshare %d originid %8X cardtype %d",
2961 getprefix(), card
->id
, card
->remote_id
, card
->caid
, card
->hop
, card
->reshare
, card
->origin_id
, card
->card_type
);
2965 cs_writeunlock(__func__
, &cc
->cards_busy
);
2967 #ifdef MODULE_CCCSHARE
2968 cccam_refresh_share();
2973 case MSG_CARD_REMOVED
:
2980 cs_writelock(__func__
, &cc
->cards_busy
);
2981 cc_card_removed(cl
, b2i(4, buf
+ 4));
2982 cs_writeunlock(__func__
, &cc
->cards_busy
);
2988 // Server sends SLEEPSEND
2994 if(!cfg
.c35_suppresscmd08
)
2998 cl
->stopped
= 2; // server says sleep
2999 //rdr->card_status = NO_CARD;
3003 if(config_enabled(WITH_LB
) && !cfg
.lb_mode
)
3005 cl
->stopped
= 1; // server says invalid
3006 rdr
->card_status
= CARD_FAILURE
;
3010 } /* fallthrough */ // NO BREAK!! NOK Handling needed!
3022 // Received NOK with payload
3023 char *msg
= (char *) buf
+ 4;
3025 // Check for PARTNER connection
3026 if((l
>= (4 + 8)) && strncmp(msg
, "PARTNER:", 8) == 0)
3028 // When Data starts with "PARTNER:" we have an Oscam-cccam-compatible client/server!
3030 cs_strncpy(cc
->remote_oscam
, msg
+ 9, sizeof(cc
->remote_oscam
));
3031 int32_t has_param
= check_extended_mode(cl
, msg
);
3033 if(!cc
->is_oscam_cccam
)
3035 cc
->is_oscam_cccam
= 1;
3037 // send params back. At the moment there is only "EXT"
3045 cs_strncpy(param
, " [", sizeof(param
));
3047 if(cc
->extended_mode
)
3049 addParam(param
, "EXT");
3054 addParam(param
, "SID");
3059 addParam(param
, "SLP");
3066 snprintf((char *)token
, sizeof(token
), "PARTNER: OSCam v%s, build r%s (%s)%s",
3067 CS_VERSION
, CS_SVN_VERSION
, CS_TARGET
, param
);
3069 cc_cmd_send(cl
, token
, strlen((char *)token
) + 1, MSG_CW_NOK1
);
3074 size_t msg_size
= l
- 4;
3075 char last_char
= msg
[msg_size
- 1];
3077 if(last_char
== 0) // verify if the payload is a null terminated string
3079 if(cs_realloc(&cc
->nok_message
, msg_size
))
3081 memcpy(cc
->nok_message
, msg
, msg_size
);
3086 NULLFREE(cc
->nok_message
);
3100 cc
->recv_ecmtask
= -1;
3102 if(cc
->just_logged_in
) // reader restart needed
3107 cs_readlock(__func__
, &cc
->cards_busy
);
3109 struct cc_extended_ecm_idx
*eei
= get_extended_ecm_idx(cl
, cc
->extended_mode
? cc
->g_flag
: 1, 1);
3112 cs_log_dbg(D_READER
, "%s received extended ecm NOK id %d but not found!", getprefix(), cc
->g_flag
);
3116 uint16_t ecm_idx
= eei
->ecm_idx
;
3117 cc
->recv_ecmtask
= ecm_idx
;
3118 struct cc_card
*card
= eei
->card
;
3119 //uint32_t cccam_id = eei->cccam_id;
3120 struct cc_srvid srvid
= eei
->srvid
;
3124 int64_t cwlastresptime
= comp_timeb(&tpe
, &eei
->tps
);
3130 if(buf
[1] == MSG_CW_NOK1
) // MSG_CW_NOK1: share no more available
3132 cs_log_dbg(D_TRACE
, "NOK1: share temporarily not available %d %04X ecm %d %d!",
3133 card
->id
, card
->caid
, eei
->send_idx
, eei
->ecm_idx
);
3136 for(j
= 0; j
< cfg
.max_pending
; j
++)
3138 if(cl
->ecmtask
[j
].idx
== ecm_idx
&& cl
->ecmtask
[j
].rc
== E_ALREADY_SENT
)
3140 ECM_REQUEST
*er
= &cl
->ecmtask
[j
];
3143 write_ecm_answer(rdr
, er
, E_NOTFOUND
, 0, NULL
, NULL
, 0, NULL
);
3148 else if(cc
->cmd05NOK
) // else MSG_CW_NOK2: can't decode
3150 move_card_to_end(cl
, card
);
3151 if(cwlastresptime
< 5000)
3153 add_sid_block(card
, &srvid
, true);
3157 if(card
->rating
<= MIN_RATING
)
3159 add_sid_block(card
, &srvid
, true);
3167 else if(cacheex_get_rdr_mode(rdr
) != 1)
3169 if(!is_good_sid(card
, &srvid
))
3171 move_card_to_end(cl
, card
);
3172 if(cwlastresptime
< 5000)
3174 add_sid_block(card
, &srvid
, true);
3178 if(card
->rating
<= MIN_RATING
)
3180 add_sid_block(card
, &srvid
, true);
3190 move_card_to_end(cl
, card
);
3191 add_sid_block(card
, &srvid
, true);
3194 if(card
->rating
< MIN_RATING
)
3196 card
->rating
= MIN_RATING
;
3199 if(cfg
.cc_forward_origin_card
&& card
->origin_reader
== rdr
)
3201 // this card is from us but it can't decode this ecm
3202 // also origin card is only set on cccam clients
3203 // so wie send back the nok to the client
3204 cs_log_dbg(D_TRACE
, "%s forward card: %s", getprefix(), (buf
[1] == MSG_CW_NOK1
) ? "NOK1" : "NOK2");
3211 cs_log_dbg(D_READER
, "%s NOK: NO CARD!", getprefix());
3215 // A "NOK" in extended mode means, NOTHING found,
3216 // regardless of the requested card. So do not retry
3217 if(cc
->extended_mode
)
3225 cc_reset_pending(cl
, ecm_idx
);
3230 for(i
= 0; i
< cfg
.max_pending
; i
++)
3232 if(cl
->ecmtask
[i
].idx
== ecm_idx
&& cl
->ecmtask
[i
].rc
== E_ALREADY_SENT
)
3234 cs_log_dbg(D_TRACE
, "%s ext NOK %s", getprefix(), (buf
[1] == MSG_CW_NOK1
) ? "NOK1" : "NOK2");
3235 ECM_REQUEST
*er
= &cl
->ecmtask
[i
];
3238 write_ecm_answer(rdr
, er
, E_NOTFOUND
, 0, NULL
, NULL
, 0, NULL
);
3245 cs_readunlock(__func__
, &cc
->cards_busy
);
3247 if(!cc
->extended_mode
)
3252 cc_send_ecm(cl
, NULL
);
3256 case MSG_CACHE_PUSH
:
3260 cc_cacheex_push_in(cl
, data
);
3265 case MSG_CACHE_FILTER
:
3269 cc_cacheex_filter_in(cl
, data
);
3276 cc
->just_logged_in
= 0;
3277 if(cl
->typ
== 'c') // SERVER:
3279 #define CCMSG_HEADER_LEN 17
3281 struct cc_card
*server_card
;
3283 if(l
< CCMSG_HEADER_LEN
)
3288 if(!cs_malloc(&server_card
, sizeof(struct cc_card
)))
3293 server_card
->id
= buf
[10] << 24 | buf
[11] << 16 | buf
[12] << 8 | buf
[13];
3294 server_card
->caid
= b2i(2, data
);
3296 if((er
= get_ecmtask()) && l
> CCMSG_HEADER_LEN
&& MAX_ECM_SIZE
> l
- CCMSG_HEADER_LEN
)
3298 er
->caid
= b2i(2, buf
+ 4);
3299 er
->prid
= b2i(4, buf
+ 6);
3300 er
->srvid
= b2i(2, buf
+ 14);
3301 er
->ecmlen
= l
- CCMSG_HEADER_LEN
;
3302 memcpy(er
->ecm
, buf
+ CCMSG_HEADER_LEN
, er
->ecmlen
);
3303 cc
->server_ecm_pending
++;
3304 er
->idx
= ++cc
->server_ecm_idx
;
3306 #ifdef MODULE_CCCSHARE
3307 if(cfg
.cc_forward_origin_card
) // search my shares for this card:
3309 cs_log_dbg(D_TRACE
, "%s forward card: %04X:%04x search share %d", getprefix(),
3310 er
->caid
, er
->srvid
, server_card
->id
);
3312 LLIST
**sharelist
= get_and_lock_sharelist();
3313 LL_ITER itr
= ll_iter_create(get_cardlist(er
->caid
, sharelist
));
3314 struct cc_card
*card
;
3315 struct cc_card
*rcard
= NULL
;
3317 while((card
= ll_iter_next(&itr
)))
3319 if(card
->id
== server_card
->id
) // found it
3325 cs_log_dbg(D_TRACE
, "%s forward card: share %d found: %d", getprefix(), server_card
->id
, card
? 1 : 0);
3327 struct s_reader
*ordr
= NULL
;
3329 if(card
&& card
->origin_reader
) // found own card, now search reader card
3331 // Search reader in list, because it is maybe offline?
3332 for(ordr
= first_active_reader
; ordr
; ordr
= ordr
->next
)
3334 if(ordr
== card
->origin_reader
)
3342 cs_log_dbg(D_TRACE
, "%s origin reader not found!", getprefix());
3346 cs_log_dbg(D_TRACE
, "%s forward card: share %d origin reader %s origin id %d",
3347 getprefix(), card
->id
, ordr
->label
, card
->origin_id
);
3349 struct s_client
*cl2
= ordr
->client
;
3350 if(card
->origin_id
&& cl2
&& cl2
->cc
) // only if we have a origin from a cccam reader
3352 struct cc_data
*rcc
= cl2
->cc
;
3356 itr
= ll_iter_create(rcc
->cards
);
3357 while((rcard
= ll_iter_next(&itr
)))
3359 if(rcard
->id
== card
->origin_id
) // found it!
3371 er
->origin_reader
= ordr
;
3374 er
->origin_card
= rcard
;
3377 cs_log_dbg(D_TRACE
, "%s forward card: share %d not found!", getprefix(), server_card
->id
);
3378 er
->rc
= E_NOTFOUND
;
3379 er
->rcEx
= E2_CCCAM_NOK1
; // share not found!
3383 cs_log_dbg(D_TRACE
, "%s forward card: share %d forwarded to %s origin as id %d",
3384 getprefix(), card
->id
, ordr
->label
, rcard
->id
);
3389 cs_log_dbg(D_CLIENT
, "%s ECM request from client: caid %04x srvid %04x(%d) prid %06x",
3390 getprefix(), er
->caid
, er
->srvid
, er
->ecmlen
, er
->prid
);
3392 struct cc_srvid srvid
;
3393 srvid
.sid
= er
->srvid
;
3394 srvid
.chid
= er
->chid
;
3395 srvid
.ecmlen
= er
->ecmlen
;
3396 add_extended_ecm_idx(cl
, cc
->extended_mode
? cc
->g_flag
: 1, er
->idx
, server_card
, srvid
, 1);
3403 cs_log_dbg(D_CLIENT
, "%s NO ECMTASK!!!! l=%d", getprefix(), l
);
3404 NULLFREE(server_card
);
3415 cs_readlock(__func__
, &cc
->cards_busy
);
3416 cc
->recv_ecmtask
= -1;
3418 struct cc_extended_ecm_idx
*eei
= get_extended_ecm_idx(cl
, cc
->extended_mode
? cc
->g_flag
: 1, 1);
3421 cs_log_dbg(D_READER
, "%s received extended ecm id %d but not found!", getprefix(), cc
->g_flag
);
3423 if(!cc
->extended_mode
)
3425 cc_cli_close(cl
, 0);
3430 uint16_t ecm_idx
= eei
->ecm_idx
;
3431 cc
->recv_ecmtask
= ecm_idx
;
3432 struct cc_card
*card
= eei
->card
;
3433 uint32_t cccam_id
= eei
->cccam_id
;
3434 struct cc_srvid srvid
= eei
->srvid
;
3439 if(!cc
->extended_mode
)
3441 cc_cw_crypt(cl
, buf
+ 4, card
->id
);
3442 cc_crypt_cmd0c(cl
, buf
+ 4, 16);
3445 memcpy(cc
->dcw
, buf
+ 4, 16);
3448 if(!cc
->extended_mode
) // additional crypto step
3450 cc_crypt(&cc
->block
[DECRYPT
], buf
+ 4, l
- 4, ENCRYPT
);
3453 if(is_null_dcw(cc
->dcw
))
3455 cs_log_dbg(D_READER
, "%s null dcw received! sid=%04X(%d)", getprefix(), srvid
.sid
, srvid
.ecmlen
);
3456 move_card_to_end(cl
, card
);
3457 add_sid_block(card
, &srvid
, true);
3459 cc_reset_pending(cl
, ecm_idx
);
3460 buf
[1] = MSG_CW_NOK2
; // So it's really handled like a nok!
3464 cs_log_dbg(D_READER
, "%s cws: %d %s", getprefix(), ecm_idx
,
3465 cs_hexdump(0, cc
->dcw
, 16, tmp_dbg
, sizeof(tmp_dbg
)));
3467 // check response time, if > fallbacktime, switch cards!
3470 int64_t cwlastresptime
= comp_timeb(&tpe
, &cc
->ecm_time
);
3472 if(cwlastresptime
> get_fallbacktimeout(card
->caid
) && !cc
->extended_mode
)
3474 cs_log_dbg(D_READER
, "%s card %04X is too slow, moving to the end...", getprefix(), card
->id
);
3475 move_card_to_end(cl
, card
);
3478 if(card
->rating
< MIN_RATING
)
3480 card
->rating
= MIN_RATING
;
3486 if(card
->rating
> MAX_RATING
)
3488 card
->rating
= MAX_RATING
;
3496 cs_log_dbg(D_READER
, "%s warning: ECM-CWS respond by CCCam server without current card!", getprefix());
3498 if(!cc
->extended_mode
)
3500 cc_cw_crypt(cl
, buf
+ 4, cccam_id
);
3501 cc_crypt_cmd0c(cl
, buf
+ 4, 16);
3503 memcpy(cc
->dcw
, buf
+ 4, 16);
3506 if(!cc
->extended_mode
) // additional crypto step
3508 cc_crypt(&cc
->block
[DECRYPT
], buf
+ 4, l
- 4, ENCRYPT
);
3511 cs_log_dbg(D_READER
, "%s cws: %d %s", getprefix(), ecm_idx
,
3512 cs_hexdump(0, cc
->dcw
, 16, tmp_dbg
, sizeof(tmp_dbg
)));
3515 cs_readunlock(__func__
, &cc
->cards_busy
);
3517 if(!cc
->extended_mode
)
3522 //cc_abort_user_ecms();
3524 cc_send_ecm(cl
, NULL
);
3538 cl
->last
= time(NULL
);
3541 if(rdr
&& rdr
->cc_keepalive
)
3543 rdr
->last_g
= time(NULL
);
3544 rdr
->last_s
= time(NULL
);
3545 rdr_log_dbg(rdr
, D_READER
, "%s: receive keepalive", __func__
);
3548 cc
->just_logged_in
= 0;
3556 cc
->just_logged_in
= 0;
3557 l
= l
- 4; // Header Length = 4 bytes
3563 cs_log_dbg(D_READER
, "%s MSG_CMD_05 recvd, payload length=%d mode=%d",
3564 getprefix(), l
, cc
->cmd05_mode
);
3566 cc
->cmd05_active
= 1;
3567 cc
->cmd05_data_len
= l
;
3568 memcpy(&cc
->cmd05_data
, buf
+ 4, l
);
3570 if(!cc
->ecm_busy
&& ll_has_elements(cc
->cards
))
3572 send_cmd05_answer(cl
);
3585 // by Project: Keynation
3586 cs_log_dbg(D_READER
, "%s MSG_CMD_0B received (payload=%d)!", getprefix(), l
- 4);
3592 memcpy(aeskey
, cc
->cmd0b_aeskey
, 16);
3593 memset(&key
, 0, sizeof(key
));
3595 //cs_log_dump_dbg(D_READER, aeskey, 16, "%s CMD_0B AES key:", getprefix());
3596 //cs_log_dump_dbg(D_READER, data, 16, "%s CMD_0B received data:", getprefix());
3598 AES_set_encrypt_key((uint8_t *)&aeskey
, 128, &key
);
3599 AES_encrypt((uint8_t *)data
, (uint8_t *)&out
, &key
);
3601 cs_log_dbg(D_TRACE
, "%s sending CMD_0B! ", getprefix());
3602 //cs_log_dump_dbg(D_READER, out, 16, "%s CMD_0B out:", getprefix());
3603 cc_cmd_send(cl
, out
, 16, MSG_CMD_0B
);
3607 case MSG_CMD_0C
: // New CCCAM 2.2.0 Server/Client fake check!
3609 int32_t len
= l
- 4;
3615 if(cl
->typ
== 'c') // Only im comming from "client"
3617 cs_log_dbg(D_CLIENT
, "%s MSG_CMD_0C received (payload=%d)!", getprefix(), len
);
3619 uint8_t bytes
[0x20];
3620 if(len
< 0x20) // if less then 0x20 bytes, clear others
3622 memset(data
+ len
, 0, 0x20 - len
);
3625 // change first 0x10 bytes to the second
3626 memcpy(bytes
, data
+ 0x10, 0x10);
3627 memcpy(bytes
+ 0x10, data
, 0x10);
3631 for(i
= 0; i
< 0x20; i
++)
3633 bytes
[i
] ^= (data
[i
] & 0x7F);
3636 // key is now the 16bit hash of md5
3637 uint8_t md5hash
[0x10];
3638 MD5(data
, 0x20, md5hash
);
3639 memcpy(bytes
, md5hash
, 0x10);
3641 cs_log_dbg(D_CLIENT
, "%s sending CMD_0C! ", getprefix());
3642 //cs_log_dump_dbg(D_CLIENT, bytes, 0x20, "%s CMD_0C out:", getprefix());
3643 cc_cmd_send(cl
, bytes
, 0x20, MSG_CMD_0C
);
3647 // by Project: Keynation + Oscam team
3648 cc_crypt_cmd0c(cl
, data
, len
);
3650 uint8_t CMD_0x0C_Command
= data
[0];
3652 switch(CMD_0x0C_Command
)
3656 cc
->cmd0c_mode
= MODE_CMD_0x0C_RC6
;
3662 cc
->cmd0c_mode
= MODE_CMD_0x0C_RC4
;
3668 cc
->cmd0c_mode
= MODE_CMD_0x0C_CC_CRYPT
;
3674 cc
->cmd0c_mode
= MODE_CMD_0x0C_AES
;
3680 cc
->cmd0c_mode
= MODE_CMD_0x0C_IDEA
;
3686 cc
->cmd0c_mode
= MODE_CMD_0x0C_NONE
;
3690 set_cmd0c_cryptkey(cl
, data
, len
);
3692 cs_log_dbg(D_READER
, "%s received MSG_CMD_0C from server! CMD_0x0C_CMD=%d, MODE=%s",
3693 getprefix(), CMD_0x0C_Command
, cmd0c_mode_name
[cc
->cmd0c_mode
]);
3698 case MSG_CMD_0D
: // key update for the active cmd0x0c algo
3700 int32_t len
= l
- 4;
3706 if(cc
->cmd0c_mode
== MODE_CMD_0x0C_NONE
)
3711 cc_crypt_cmd0c(cl
, data
, len
);
3712 set_cmd0c_cryptkey(cl
, data
, len
);
3714 cs_log_dbg(D_READER
, "%s received MSG_CMD_0D from server! MODE=%s",
3715 getprefix(), cmd0c_mode_name
[cc
->cmd0c_mode
]);
3726 cs_log_dbg(D_READER
, "cccam 2.2.x commands not implemented: 0x%02X", buf
[1]);
3728 // Unkwon commands... need workout algo
3729 if(cl
->typ
== 'c') // client connection
3731 //switching to an oder version and then disconnect...
3732 cs_strncpy(cfg
.cc_version
, version
[0], sizeof(cfg
.cc_version
));
3735 else // reader connection
3737 cs_strncpy(cl
->reader
->cc_version
, version
[0], sizeof(cl
->reader
->cc_version
));
3738 cs_strncpy(cl
->reader
->cc_build
, build
[0], sizeof(cl
->reader
->cc_build
));
3739 cc_cycle_connection(cl
);
3746 cc
->just_logged_in
= 0;
3747 if(cl
->typ
== 'c') // EMM Request received
3749 cc_cmd_send(cl
, NULL
, 0, MSG_EMM_ACK
); // Send back ACK
3756 cs_log_dbg(D_EMM
, "%s EMM Request received!", getprefix());
3758 if(!ll_count(cl
->aureader_list
))
3760 cs_log_dbg( D_EMM
, "%s EMM Request discarded because au is not assigned to an reader!", getprefix());
3765 if(!cs_malloc(&emm
, sizeof(EMM_PACKET
)))
3770 emm
->caid
[0] = buf
[4];
3771 emm
->caid
[1] = buf
[5];
3772 emm
->provid
[0] = buf
[7];
3773 emm
->provid
[1] = buf
[8];
3774 emm
->provid
[2] = buf
[9];
3775 emm
->provid
[3] = buf
[10];
3776 //emm->hexserial[0] = buf[11];
3777 //emm->hexserial[1] = buf[12];
3778 //emm->hexserial[2] = buf[13];
3779 //emm->hexserial[3] = buf[14];
3783 emm
->emmlen
= buf
[15];
3787 emm
->emmlen
= MIN(l
- 16, (int32_t)sizeof(emm
->emm
));
3790 if(emm
->emmlen
< 0 || emm
->emmlen
> MAX_EMM_SIZE
|| emm
->emmlen
+ 16 > l
)
3796 memcpy(emm
->emm
, buf
+ 16, emm
->emmlen
);
3797 //emm->type = UNKNOWN;
3798 //emm->cidx = cs_idx;
3802 else // Our EMM Request Ack!
3804 cs_log_dbg(D_EMM
, "%s EMM ACK!", getprefix());
3805 if(!cc
->extended_mode
)
3809 cc_send_ecm(cl
, NULL
);
3816 //cs_log_dump_dbg(D_CLIENT, buf, l, "%s unhandled msg: %d len=%d", getprefix(), buf[1], l);
3821 if(cc
->max_ecms
&& (cc
->ecm_counter
> cc
->max_ecms
))
3823 cs_log_dbg(D_READER
, "%s max ecms (%d) reached, cycle connection!", getprefix(), cc
->max_ecms
);
3824 cc_cycle_connection(cl
);
3830 * Reader: write dcw to receive
3832 int32_t cc_recv_chk(struct s_client
*cl
, uint8_t *dcw
, int32_t *rc
, uint8_t *buf
, int32_t UNUSED(n
))
3834 struct cc_data
*cc
= cl
->cc
;
3836 if(buf
[1] == MSG_CW_ECM
)
3838 memcpy(dcw
, cc
->dcw
, 16);
3839 //cs_log_dbg(D_CLIENT, "cccam: recv chk - MSG_CW %d - %s", cc->recv_ecmtask,
3840 // cs_hexdump(0, dcw, 16, tmp_dbg, sizeof(tmp_dbg)));
3842 return (cc
->recv_ecmtask
);
3844 else if((buf
[1] == (MSG_CW_NOK1
)) || (buf
[1] == (MSG_CW_NOK2
)))
3847 //if(cc->is_oscam_cccam)
3848 if(cfg
.cc_forward_origin_card
)
3850 return (cc
->recv_ecmtask
);
3861 //int32_t is_softfail(int32_t rc)
3863 // //see oscam.c send_dcw() for a full list
3866 // case 5: // 5 = timeout
3867 // case 6: // 6 = sleeping
3868 // case 7: // 7 = fake
3869 // case 10: // 10 = no card
3870 // case 11: // 11 = expdate
3871 // case 12: // 12 = disabled
3872 // case 13: // 13 = stopped
3873 // case 14: // 100 = unhandled
3880 * Server: send DCW to client
3882 void cc_send_dcw(struct s_client
*cl
, ECM_REQUEST
*er
)
3885 struct cc_data
*cc
= cl
->cc
;
3887 memset(buf
, 0, sizeof(buf
));
3889 struct cc_extended_ecm_idx
*eei
= get_extended_ecm_idx_by_idx(cl
, er
->idx
, 1);
3891 if(er
->rc
< E_NOTFOUND
&& eei
) // found
3893 memcpy(buf
, er
->cw
, sizeof(buf
));
3895 //cs_log_dbg(D_TRACE, "%s send cw: %s cpti: %d", getprefix(),
3896 // cs_hexdump(0, buf, 16, tmp_dbg, sizeof(tmp_dbg)), er->cpti);
3898 if(!cc
->extended_mode
)
3900 cc_cw_crypt(cl
, buf
, eei
->cccam_id
);
3904 cc
->g_flag
= eei
->send_idx
;
3906 cc_cmd_send(cl
, buf
, 16, MSG_CW_ECM
);
3908 if(!cc
->extended_mode
)
3910 cc_crypt(&cc
->block
[ENCRYPT
], buf
, 16, ENCRYPT
); // additional crypto step
3915 //cs_log_dbg(D_TRACE, "%s send cw: NOK cpti: %d", getprefix(), er->cpti);
3917 if(eei
&& cc
->extended_mode
)
3919 cc
->g_flag
= eei
->send_idx
;
3922 int32_t nok
, bufsize
= 0;
3923 if(cc
->sleepsend
&& er
->rc
== E_STOPPED
)
3925 buf
[0] = cl
->c35_sleepsend
;
3927 nok
= MSG_SLEEPSEND
;
3929 else if(!eei
|| !eei
->card
)
3931 nok
= MSG_CW_NOK1
; // share no more available
3935 if(cfg
.cc_forward_origin_card
&& er
->origin_card
== eei
->card
)
3937 nok
= (er
->rcEx
== E2_CCCAM_NOK1
) ? MSG_CW_NOK1
: MSG_CW_NOK2
;
3941 nok
= MSG_CW_NOK2
; // can't decode
3944 cc_cmd_send(cl
, buf
, bufsize
, nok
);
3946 cc
->server_ecm_pending
--;
3950 NULLFREE(eei
->card
);
3955 int32_t cc_recv(struct s_client
*cl
, uint8_t *buf
, int32_t l
)
3958 struct s_reader
*rdr
= (cl
->typ
== 'c') ? NULL
: cl
->reader
;
3960 if(buf
== NULL
|| l
<= 0)
3965 n
= cc_msg_recv(cl
, buf
, l
); // recv and decrypt msg
3966 //cs_log_dump_dbg(D_CLIENT, buf, n, "cccam: received %d bytes from %s", n, remote_txt());
3970 struct cc_data
*cc
= cl
->cc
;
3971 if(cc
&& cc
->nok_message
)
3973 cs_log_dbg(D_CLIENT
, "%s connection closed by %s. n=%d, Reason: %s",
3974 getprefix(), remote_txt(), n
, cc
->nok_message
);
3978 cs_log_dbg(D_CLIENT
, "%s connection closed by %s, n=%d.", getprefix(), remote_txt(), n
);
3981 cc_cli_close(cl
, 1);
3985 //cs_writelock(__func__, &cc->cards_busy); maybe uninitialized
3986 cs_disconnect_client(cl
);
3987 //cs_writeunlock(__func__, &cc->cards_busy);
3999 cs_log("%s packet is too small (%d bytes)", getprefix(), n
);
4002 else if(n
> CC_MAXMSGSIZE
)
4004 cs_log("%s packet is too big (%d bytes, max: %d)", getprefix(), n
, CC_MAXMSGSIZE
);
4009 // parse it and write it back, if we have received something of value
4010 n
= cc_parse_msg(cl
, buf
, n
);
4011 if(n
== MSG_CW_ECM
|| n
== MSG_EMM_ACK
)
4013 cl
->last
= time(NULL
); // last client action is now
4016 rdr
->last_g
= time(NULL
); // last reader receive is now
4025 cc_cli_close(cl
, 1);
4032 void cc_init_locks(struct cc_data
*cc
)
4034 cs_lock_create(__func__
, &cc
->lockcmd
, "lockcmd", 5000);
4035 cs_lock_create(__func__
, &cc
->cards_busy
, "cards_busy", 10000);
4038 #ifdef MODULE_CCCSHARE
4040 * Starting readers to get cards
4042 int32_t cc_srv_wakeup_readers(struct s_client
*cl
)
4045 struct s_reader
*rdr
;
4046 struct s_client
*client
;
4049 for(rdr
= first_active_reader
; rdr
; rdr
= rdr
->next
)
4051 if(rdr
->typ
!= R_CCCAM
)
4056 if(rdr
->tcp_connected
== 2)
4061 if(!(rdr
->grp
& cl
->grp
))
4066 // if reader has keepalive but is NOT connected,
4067 // reader can't connect. so don't ask him
4068 if(rdr
->cc_keepalive
)
4073 // reader is in shutdown
4074 if((client
= rdr
->client
) == NULL
|| (cc
= client
->cc
) == NULL
|| client
->kill
)
4079 // reader cannot be waked up currently because its blocked
4080 if(is_connect_blocked(rdr
))
4085 // This wakeups the reader:
4086 add_job(rdr
->client
, ACTION_READER_CARDINFO
, NULL
, 0);
4093 int32_t cc_srv_connect(struct s_client
*cl
)
4095 int32_t i
, ccversion_pos
, ccbuild_pos
;
4096 int32_t no_delay
= 1;
4098 char usr
[21], pwd
[65], tmp_dbg
[17];
4099 struct s_auth
*account
;
4102 if(!cs_malloc(&cc
, sizeof(struct cc_data
)))
4107 memset(usr
, 0, sizeof(usr
));
4108 memset(pwd
, 0, sizeof(pwd
));
4110 // init internals data struct
4112 cc
->extended_ecm_idx
= ll_create("extended_ecm_idx");
4115 uint8_t *buf
= cc
->send_buffer
;
4117 cc
->server_ecm_pending
= 0;
4118 cc
->extended_mode
= 0;
4121 int32_t keep_alive
= 1;
4122 setsockopt(cl
->udp_fd
, SOL_SOCKET
, SO_KEEPALIVE
, (void *)&keep_alive
, sizeof(keep_alive
));
4124 // Create checksum for "O" cccam
4125 get_random_bytes(data
, 12);
4126 for(i
= 0; i
< 4; i
++)
4128 data
[12 + i
] = (data
[i
] + data
[4 + i
] + data
[8 + i
]) & 0xff;
4131 cs_log_dbg(D_TRACE
, "send ccc checksum");
4133 send(cl
->udp_fd
, data
, 16, 0);
4135 cc_xor(data
); // XOR init bytes with 'CCcam'
4139 SHA1_Update(&ctx
, data
, 16);
4140 SHA1_Final(buf
, &ctx
);
4142 cc_init_crypt(&cc
->block
[ENCRYPT
], buf
, 20);
4143 cc_crypt(&cc
->block
[ENCRYPT
], data
, 16, DECRYPT
);
4144 cc_init_crypt(&cc
->block
[DECRYPT
], data
, 16);
4145 cc_crypt(&cc
->block
[DECRYPT
], buf
, 20, DECRYPT
);
4147 cs_log_dbg(D_TRACE
, "receive ccc checksum");
4149 if((i
= cc_recv_to(cl
, buf
, 20)) == 20)
4151 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: recv:");
4152 cc_crypt(&cc
->block
[DECRYPT
], buf
, 20, DECRYPT
);
4153 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: hash:");
4161 memset(buf
, 0, CC_MAXMSGSIZE
);
4162 i
= cc_recv_to(cl
, buf
, 20);
4163 if(i
< 0) // errors during receive!
4170 cc_crypt(&cc
->block
[DECRYPT
], buf
, 20, DECRYPT
);
4171 cs_strncpy(usr
, (char *)buf
, sizeof(usr
));
4173 // test for non printable characters
4174 for(i
= 0; i
< 20; i
++)
4176 if(usr
[i
] > 0 && usr
[i
] < 0x20) // found non printable char
4178 cs_log("illegal username received");
4182 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: username '%s':", usr);
4186 cs_add_violation(cl
, NULL
);
4189 cs_log_dbg(D_TRACE
, "ccc username received %s", usr
);
4193 // CCCam only supports len=20 usr/pass. So we could have
4194 // more than one user that matches the first 20 chars.
4196 // receive password-CCCam encrypted Hash:
4197 i
= cc_recv_to(cl
, buf
, 6);
4199 if(i
< 0) // errors during receive!
4204 if(i
!= 6) // received invalid password length
4206 cs_add_violation(cl
, usr
);
4210 cs_log_dbg(D_TRACE
, "ccc passwdhash received %s", usr
);
4212 account
= cfg
.account
;
4213 struct cc_crypt_block
*save_block
;
4214 if(!cs_malloc(&save_block
, sizeof(struct cc_crypt_block
)))
4219 memcpy(save_block
, cc
->block
, sizeof(struct cc_crypt_block
));
4226 if(strncmp(usr
, account
->usr
, 20) == 0)
4228 memset(pwd
, 0, sizeof(pwd
));
4229 cs_strncpy(pwd
, account
->pwd
, sizeof(pwd
));
4233 account
= account
->next
;
4241 // receive passwd / 'CCcam'
4242 memcpy(cc
->block
, save_block
, sizeof(struct cc_crypt_block
));
4243 cc_crypt(&cc
->block
[DECRYPT
], (uint8_t *) pwd
, strlen(pwd
), ENCRYPT
);
4244 cc_crypt(&cc
->block
[DECRYPT
], buf
, 6, DECRYPT
);
4246 // illegal buf-bytes could kill the logger!
4247 //cs_log_dump_dbg(D_CLIENT, buf, 6, "cccam: pwd check '%s':", buf);
4249 if(memcmp(buf
, "CCcam\0", 6) == 0) // Password Hash OK!
4251 break; // account is set
4254 account
= account
->next
;
4256 NULLFREE(save_block
);
4258 // cs_auth_client returns 0 if account is valid/active/accessible
4259 if(cs_auth_client(cl
, account
, NULL
))
4263 cs_log("account '%s' not found!", usr
);
4267 cs_log("password for '%s' invalid!", usr
);
4270 cs_add_violation(cl
, usr
);
4276 cs_log("account '%s' duplicate login, disconnect!", usr
);
4282 cs_log("account '%s' disabled, blocking+disconnect!", usr
);
4283 cs_add_violation(cl
, usr
);
4287 if(account
->cccmaxhops
< -1)
4289 cs_log("account '%s' has cccmaxhops < -1, cccam can't handle this, disconnect!", usr
);
4293 cs_log_dbg(D_TRACE
, "ccc user authenticated %s", usr
);
4295 if(account
->cccmaxhops
== -1)
4297 cs_log("account '%s' has cccmaxhops = -1: user will not see any card!", usr
);
4300 if(!cs_malloc(&cc
->prefix
, strlen(cl
->account
->usr
) + 20))
4304 snprintf(cc
->prefix
, strlen(cl
->account
->usr
) + 20, "cccam(s) %s:", cl
->account
->usr
);
4307 if(cl
->account
->cacheex
.mode
< 2)
4309 if(cl
->tcp_nodelay
== 0)
4311 setsockopt(cl
->udp_fd
, IPPROTO_TCP
, TCP_NODELAY
, (void *)&no_delay
, sizeof(no_delay
));
4312 cl
->tcp_nodelay
= 1;
4315 // Starting readers to get cards
4316 cc_srv_wakeup_readers(cl
);
4320 memcpy(buf
, "CCcam\0", 6);
4321 cs_log_dump_dbg(D_CLIENT
, buf
, 20, "cccam: send ack:");
4322 cc_crypt(&cc
->block
[ENCRYPT
], buf
, 20, ENCRYPT
);
4323 send(cl
->pfd
, buf
, 20, 0);
4326 memset(buf
, 0, CC_MAXMSGSIZE
);
4327 i
= cc_msg_recv(cl
, buf
, CC_MAXMSGSIZE
- 1);
4333 cs_log_dump_dbg(D_CLIENT
, buf
, i
, "cccam: cli data:");
4337 cs_log_dbg(D_CLIENT
, "cccam: cli data too small");
4341 memcpy(cc
->peer_node_id
, buf
+ 24, 8);
4342 //chk_peer_node_for_oscam(cc);
4345 while(ccversion_pos
+ 1 < i
&& ccversion_pos
< 33 + 5 && buf
[ccversion_pos
] == 0)
4351 while(ccbuild_pos
+ 1 < i
&& ccbuild_pos
< 65 + 5 && buf
[ccbuild_pos
] == 0)
4356 cs_strncpy(cc
->remote_version
, (char *)buf
+ ccversion_pos
, sizeof(cc
->remote_version
));
4357 cs_strncpy(cc
->remote_build
, (char *)buf
+ ccbuild_pos
, sizeof(cc
->remote_build
));
4359 cs_log_dbg(D_CLIENT
, "%s client '%s' (%s) running v%s (%s)", getprefix(), buf
+ 4,
4360 cs_hexdump(0, cc
->peer_node_id
, 8, tmp_dbg
, sizeof(tmp_dbg
)), cc
->remote_version
, cc
->remote_build
);
4362 // send cli data ack
4363 cc_cmd_send(cl
, NULL
, 0, MSG_CLI_DATA
);
4365 cs_log_dbg(D_TRACE
, "ccc send srv_data %s", usr
);
4366 if(cc_send_srv_data(cl
) < 0)
4371 cc
->cccam220
= check_cccam_compat(cc
);
4372 cc
->just_logged_in
= 1;
4374 // Wait for Partner detection (NOK1 with data) before reporting cards
4375 // When Partner is detected, cccam220=1 is set. then we can report extended card data
4376 i
= process_input(buf
, CC_MAXMSGSIZE
, 1);
4378 if(i
<= 0 && i
!= -9) // disconnected
4385 cs_log_dbg(D_CLIENT
, "%s extended sid mode activated", getprefix());
4389 cs_log_dbg(D_CLIENT
, "%s 2.1.x compatibility mode", getprefix());
4392 cs_log_dbg(D_TRACE
, "ccc send cards %s", usr
);
4394 if(!cc_srv_report_cards(cl
))
4398 cs_ftime(&cc
->ecm_time
);
4400 // some clients, e.g. mgcamd, do not support keepalive. So if not answered, keep
4401 // connection check for client timeout. If timeout occurs try to send keepalive
4402 cs_log_dbg(D_TRACE
, "ccc connected and waiting for data %s", usr
);
4406 void cc_srv_init2(struct s_client
*cl
)
4408 if(!cl
->init_done
&& !cl
->kill
)
4410 if(IP_ISSET(cl
->ip
))
4412 cs_log_dbg(D_CLIENT
, "cccam: new connection from %s", cs_inet_ntoa(cl
->ip
));
4415 cl
->pfd
= cl
->udp_fd
;
4417 if((ret
= cc_srv_connect(cl
)) < 0)
4421 cs_log_dbg(D_CLIENT
, "cccam: failed errno: %d (%s)", errno
, strerror(errno
));
4425 cs_log_dbg(D_CLIENT
, "cccam: failed ret: %d", ret
);
4427 cs_disconnect_client(cl
);
4432 cc_cacheex_filter_out(cl
);
4438 void *cc_srv_init(struct s_client
*cl
, uint8_t *UNUSED(mbuf
), int32_t UNUSED(len
))
4445 int32_t cc_cli_connect(struct s_client
*cl
)
4447 struct s_reader
*rdr
= cl
->reader
;
4448 struct cc_data
*cc
= cl
->cc
;
4449 rdr
->card_status
= CARD_FAILURE
;
4454 // init internals data struct
4455 if(!cs_malloc(&cc
, sizeof(struct cc_data
)))
4461 cc
->cards
= ll_create("cards");
4463 cc
->pending_emms
= ll_create("pending_emms");
4464 cc
->extended_ecm_idx
= ll_create("extended_ecm_idx");
4468 cc_free_cardlist(cc
->cards
, 0);
4469 free_extended_ecm_idx(cc
);
4474 if(!cs_malloc(&cc
->prefix
, strlen(cl
->reader
->label
) + 20))
4479 snprintf(cc
->prefix
, strlen(cl
->reader
->label
) + 20, "cccam(r) %s:", cl
->reader
->label
);
4483 uint8_t hash
[SHA_DIGEST_LENGTH
];
4484 uint8_t *buf
= cc
->send_buffer
;
4487 // check cred config
4488 if(rdr
->device
[0] == 0 || rdr
->r_pwd
[0] == 0 || rdr
->r_usr
[0] == 0 || rdr
->r_port
== 0)
4490 cs_log("%s configuration error!", rdr
->label
);
4495 handle
= network_tcp_connection_open(rdr
);
4498 cs_log_dbg(D_READER
, "%s network connect error!", rdr
->label
);
4502 if(errno
== EISCONN
)
4504 cc_cli_close(cl
, 0);
4509 int32_t no_delay
= 1;
4510 if(cacheex_get_rdr_mode(rdr
) < 2)
4512 setsockopt(cl
->udp_fd
, IPPROTO_TCP
, TCP_NODELAY
, (void *)&no_delay
, sizeof(no_delay
));
4516 if((n
= cc_recv_to(cl
, data
, 16)) != 16)
4520 cs_log("init error from reader %s", rdr
->label
);
4524 cs_log("%s server returned %d instead of 16 bytes as init seed (errno=%d %s)",
4525 rdr
->label
, n
, errno
, strerror(errno
));
4528 cc_cli_close(cl
, 0);
4533 cc
->ecm_counter
= 0;
4535 cc
->cmd05_mode
= MODE_UNKNOWN
;
4536 cc
->cmd05_offset
= 0;
4537 cc
->cmd05_active
= 0;
4538 cc
->cmd05_data_len
= 0;
4539 cc
->extended_mode
= 0;
4540 cc
->last_emm_card
= NULL
;
4544 cc
->num_reshare0
= 0;
4545 cc
->num_reshare1
= 0;
4546 cc
->num_reshare2
= 0;
4547 cc
->num_resharex
= 0;
4548 memset(&cc
->cmd05_data
, 0, sizeof(cc
->cmd05_data
));
4549 memset(&cc
->receive_buffer
, 0, sizeof(cc
->receive_buffer
));
4550 NULLFREE(cc
->nok_message
);
4551 cc
->cmd0c_mode
= MODE_CMD_0x0C_NONE
;
4553 cs_log_dump_dbg(D_CLIENT
, data
, 16, "cccam: server init seed:");
4555 uint16_t sum
= 0x1234;
4556 uint16_t recv_sum
= (data
[14] << 8) | data
[15];
4559 for(i
= 0; i
< 14; i
++)
4564 // create special data to detect oscam-cccam
4565 cc
->is_oscam_cccam
= sum
== recv_sum
;
4567 // detect multics seed
4568 uint8_t a
= (data
[0] ^ 'M') + data
[1] + data
[2];
4569 uint8_t b
= data
[4] + (data
[5] ^ 'C') + data
[6];
4570 uint8_t c
= data
[8] + data
[9] + (data
[10] ^ 'S');
4572 if((a
== data
[3]) && (b
== data
[7]) && (c
== data
[11]))
4574 cc
->multics_mode
= 1; // detected multics seed
4575 cs_log_dbg(D_READER
, "multics seed detected: %s", rdr
->label
);
4578 cc_xor(data
); // XOR init bytes with 'CCcam'
4582 SHA1_Update(&ctx
, data
, 16);
4583 SHA1_Final(hash
, &ctx
);
4585 cs_log_dump_dbg(D_CLIENT
, hash
, sizeof(hash
), "cccam: sha1 hash:");
4587 // initialisate crypto states
4588 cc_init_crypt(&cc
->block
[DECRYPT
], hash
, 20);
4589 cc_crypt(&cc
->block
[DECRYPT
], data
, 16, DECRYPT
);
4590 cc_init_crypt(&cc
->block
[ENCRYPT
], data
, 16);
4591 cc_crypt(&cc
->block
[ENCRYPT
], hash
, 20, DECRYPT
);
4593 cc_cmd_send(cl
, hash
, 20, MSG_NO_HEADER
); // send crypted hash to server
4595 memset(buf
, 0, CC_MAXMSGSIZE
);
4596 memcpy(buf
, rdr
->r_usr
, strlen(rdr
->r_usr
));
4597 cs_log_dump_dbg(D_CLIENT
, buf
, 20, "cccam: username '%s':", buf
);
4598 cc_cmd_send(cl
, buf
, 20, MSG_NO_HEADER
); // send usr '0' padded -> 20 bytes
4600 memset(buf
, 0, CC_MAXMSGSIZE
);
4601 memset(pwd
, 0, sizeof(pwd
));
4603 //cs_log_dbg(D_CLIENT, "cccam: 'CCcam' xor");
4604 memcpy(buf
, "CCcam", 5);
4605 cs_strncpy(pwd
, rdr
->r_pwd
, sizeof(pwd
));
4606 cc_crypt(&cc
->block
[ENCRYPT
], (uint8_t *)pwd
, strlen(pwd
), ENCRYPT
);
4607 cc_cmd_send(cl
, buf
, 6, MSG_NO_HEADER
); // send 'CCcam' xor w/ pwd
4609 if((n
= cc_recv_to(cl
, data
, 20)) != 20)
4611 cs_log("%s login failed, usr/pwd invalid", getprefix());
4612 cc_cli_close(cl
, 0);
4617 cc_crypt(&cc
->block
[DECRYPT
], data
, 20, DECRYPT
);
4618 cs_log_dump_dbg(D_CLIENT
, data
, 20, "cccam: login data");
4620 if(memcmp(data
, buf
, 5)) // check server response
4622 cs_log("%s login failed, usr/pwd invalid", getprefix());
4623 cc_cli_close(cl
, 0);
4629 cs_log_dbg(D_READER
, "%s login succeeded", getprefix());
4632 cs_log_dbg(D_READER
, "cccam: last_s=%ld, last_g=%ld", rdr
->last_s
, rdr
->last_g
);
4634 cl
->pfd
= cl
->udp_fd
;
4635 cs_log_dbg(D_READER
, "cccam: pfd=%d", cl
->pfd
);
4637 if(cc_send_cli_data(cl
) <= 0)
4639 cs_log("%s login failed, could not send client data", getprefix());
4640 cc_cli_close(cl
, 0);
4647 rdr
->caid
= rdr
->ftab
.filts
[0].caid
;
4648 rdr
->nprov
= rdr
->ftab
.filts
[0].nprids
;
4650 for(n
= 0; n
< rdr
->nprov
; n
++)
4652 rdr
->prid
[n
][0] = rdr
->ftab
.filts
[0].prids
[n
] >> 24;
4653 rdr
->prid
[n
][1] = rdr
->ftab
.filts
[0].prids
[n
] >> 16;
4654 rdr
->prid
[n
][2] = rdr
->ftab
.filts
[0].prids
[n
] >> 8;
4655 rdr
->prid
[n
][3] = rdr
->ftab
.filts
[0].prids
[n
] & 0xff;
4659 rdr
->card_status
= CARD_NEED_INIT
;
4660 rdr
->last_g
= rdr
->last_s
= time((time_t *) 0);
4661 rdr
->tcp_connected
= 1;
4663 cc
->just_logged_in
= 1;
4667 cc_cacheex_filter_out(cl
);
4672 int32_t cc_cli_init_int(struct s_client
*cl
)
4674 struct s_reader
*rdr
= cl
->reader
;
4676 if(rdr
->tcp_connected
)
4681 if(rdr
->tcp_ito
< 15 && rdr
->tcp_ito
!=-1)
4686 if(rdr
->cc_maxhops
< 0)
4688 rdr
->cc_maxhops
= DEFAULT_CC_MAXHOPS
;
4691 if(rdr
->tcp_rto
< 1) // timeout to 30s
4696 cs_log_dbg(D_READER
, "cccam: inactivity timeout: %d seconds, receive timeout: %d seconds",
4697 rdr
->tcp_ito
, rdr
->tcp_rto
);
4699 cc_check_version(rdr
->cc_version
, rdr
->cc_build
);
4701 cs_log_dbg(D_READER
, "proxy reader: %s (%s:%d) cccam v%s build %s, maxhops: %d",
4702 rdr
->label
, rdr
->device
, rdr
->r_port
, rdr
->cc_version
, rdr
->cc_build
, rdr
->cc_maxhops
);
4707 int32_t cc_cli_init(struct s_client
*cl
)
4709 struct s_reader
*reader
= cl
->reader
;
4710 int32_t res
= cc_cli_init_int(cl
); // Create socket
4712 if(res
== 0 && reader
&& (reader
->cc_keepalive
|| !cl
->cc
) && !reader
->tcp_connected
)
4714 cc_cli_connect(cl
); // connect to remote server
4716 //while(!reader->tcp_connected && reader->cc_keepalive && cfg.reader_restart_seconds > 0)
4718 // if((cc && cc->mode == CCCAM_MODE_SHUTDOWN))
4723 // if(!reader->tcp_connected)
4725 // cc_cli_close(cl, 0);
4726 // res = cc_cli_init_int(cl);
4733 // cs_log_dbg(D_READER, "%s restarting reader in %d seconds", reader->label, cfg.reader_restart_seconds);
4734 // cs_sleepms(cfg.reader_restart_seconds*1000);
4735 // cs_log_dbg(D_READER, "%s restarting reader...", reader->label);
4736 // cc_cli_connect(cl);
4743 * return 1 if we are able to send requests:
4745 int32_t cc_available(struct s_reader
*rdr
, int32_t checktype
, ECM_REQUEST
*er
)
4747 if(!rdr
|| !rdr
->client
)
4752 struct s_client
*cl
= rdr
->client
;
4758 struct cc_data
*cc
= cl
->cc
;
4759 if(er
&& cc
&& rdr
->tcp_connected
)
4761 struct cc_card
*card
= get_matching_card(cl
, er
, 1);
4767 //cs_log_dbg(D_TRACE, "checking reader %s availibility", rdr->label);
4769 if(!cc
|| rdr
->tcp_connected
!= 2)
4772 // 1. Keepalive ON but not connected: Do NOT send requests,
4773 // because we can't connect - problem of full running pipes
4774 // 2. Keepalive OFF but not connected: Send requests to connect
4775 // pipe won't run full, because we are reading from pipe to
4776 // get the ecm request
4778 if(rdr
->cc_keepalive
)
4784 //if(er && er->ecmlen > 255 && cc && !cc->extended_mode && (cc->remote_build_nr < 3367))
4786 // return 0; // remote does not support large ecms!
4789 if(checktype
== AVAIL_CHECK_LOADBALANCE
&& cc
&& cc
->ecm_busy
)
4791 if(cc_request_timeout(cl
))
4793 cc_cycle_connection(cl
);
4796 if(!rdr
->tcp_connected
|| cc
->ecm_busy
)
4798 cs_log_dbg(D_TRACE
, "checking reader %s availibility=0 (unavail)", rdr
->label
);
4799 return 0; // We are processing EMMs/ECMs
4809 void cc_card_info(void)
4811 struct s_client
*cl
= cur_client();
4812 struct s_reader
*rdr
= cl
->reader
;
4814 if(rdr
&& !rdr
->tcp_connected
)
4820 void cc_cleanup(struct s_client
*cl
)
4824 cc_cli_close(cl
, 1); // we need to close open fd's
4829 void cc_update_nodeid(void)
4831 if(array_has_nonzero_byte(cfg
.cc_fixed_nodeid
, sizeof(cfg
.cc_fixed_nodeid
)))
4833 memcpy(cc_node_id
, cfg
.cc_fixed_nodeid
, 8);
4837 // Partner Detection
4838 uint16_t sum
= 0x1234; // This is our checksum
4840 get_random_bytes(cc_node_id
, 4);
4842 for(i
= 0; i
< 4; i
++)
4844 sum
+= cc_node_id
[i
];
4848 cc_node_id
[4] = 0x10; // (Oscam 0x10, vPlugServer 0x11, Hadu 0x12, ...)
4849 sum
+= cc_node_id
[4];
4851 // generate checksum for Partner ID:
4852 cc_node_id
[5] = 0xAA;
4854 for(i
= 0; i
< 5; i
++)
4856 cc_node_id
[5] ^= cc_node_id
[i
];
4858 sum
+= cc_node_id
[5];
4860 cc_node_id
[6] = sum
>> 8;
4861 cc_node_id
[7] = sum
& 0xff;
4863 memcpy(cfg
.cc_fixed_nodeid
, cc_node_id
, 8);
4866 bool cccam_forward_origin_card(ECM_REQUEST
*er
)
4868 if(cfg
.cc_forward_origin_card
&& er
->origin_card
)
4870 struct cc_card
*card
= er
->origin_card
;
4871 struct s_ecm_answer
*eab
= NULL
;
4872 struct s_ecm_answer
*ea
;
4874 for(ea
= er
->matching_rdr
; ea
; ea
= ea
->next
)
4876 ea
->status
&= ~(READER_ACTIVE
| READER_FALLBACK
);
4877 if(card
->origin_reader
== ea
->reader
)
4885 cs_log_dbg(D_LB
, "loadbalancer: forward card: forced by card %d to reader %s",
4886 card
->id
, eab
->reader
->label
);
4888 eab
->status
|= READER_ACTIVE
;
4896 bool cccam_snprintf_cards_stat(struct s_client
*cl
, char *emmtext
, size_t emmtext_sz
)
4898 struct cc_data
*rcc
= cl
->cc
;
4901 LLIST
*cards
= rcc
->cards
;
4904 int32_t ncards
= ll_count(cards
);
4905 int32_t locals
= rcc
->num_hop1
;
4906 snprintf(emmtext
, emmtext_sz
, " %3d/%3d card%s", locals
, ncards
, ncards
> 1 ? "s " : " ");
4913 bool cccam_client_extended_mode(struct s_client
*cl
)
4915 return cl
&& cl
->cc
&& ((struct cc_data
*)cl
->cc
)->extended_mode
;
4918 bool cccam_client_multics_mode(struct s_client
*cl
)
4920 return cl
&& cl
->cc
&& ((struct cc_data
*)cl
->cc
)->multics_mode
== 2;
4923 void module_cccam(struct s_module
*ph
)
4926 ph
->type
= MOD_CONN_TCP
;
4927 ph
->large_ecm_support
= 1;
4928 ph
->listenertype
= LIS_CCCAM
;
4931 ph
->cleanup
= cc_cleanup
;
4933 ph
->c_init
= cc_cli_init
;
4934 ph
->c_idle
= cc_idle
;
4935 ph
->c_recv_chk
= cc_recv_chk
;
4936 ph
->c_send_ecm
= cc_send_ecm
;
4937 ph
->c_send_emm
= cc_send_emm
;
4938 #ifdef MODULE_CCCSHARE
4939 IP_ASSIGN(ph
->s_ip
, cfg
.cc_srvip
);
4940 ph
->s_handler
= cc_srv_init
;
4941 ph
->s_init
= cc_srv_init2
;
4942 ph
->s_idle
= cc_s_idle
;
4943 ph
->send_dcw
= cc_send_dcw
;
4945 ph
->c_available
= cc_available
;
4946 ph
->c_card_info
= cc_card_info
;
4947 cc_cacheex_module_init(ph
);
4950 #ifdef MODULE_CCCSHARE
4952 for(i
= 0; i
< CS_MAXPORTS
; i
++)
4958 ph
->ptab
.ports
[i
].s_port
= cfg
.cc_port
[i
];