search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[gbx] - fix ccc->gbox reshare
[oscam.git] / module-cccam.c
blobf9468535fae4a244840dd10e3ada844fa1b90cff
1 #define MODULE_LOG_PREFIX "cccam"
2
3 #include "globals.h"
4
5 #ifdef MODULE_CCCAM
6
7 #include "cscrypt/md5.h"
8 #include "cscrypt/sha1.h"
9 #include "module-cacheex.h"
10 #include "module-cccam.h"
11 #include "module-cccam-data.h"
12 #include "module-cccam-cacheex.h"
13 #include "module-cccshare.h"
14 #include "oscam-chk.h"
15 #include "oscam-cache.h"
16 #include "oscam-client.h"
17 #include "oscam-ecm.h"
18 #include "oscam-emm.h"
19 #include "oscam-failban.h"
20 #include "oscam-garbage.h"
21 #include "oscam-lock.h"
22 #include "oscam-net.h"
23 #include "oscam-reader.h"
24 #include "oscam-string.h"
25 #include "oscam-time.h"
26 #include "oscam-work.h"
27
28 // Mode names for CMD_05 command
29 static const char *cmd05_mode_name[] = { "UNKNOWN", "PLAIN", "AES", "CC_CRYPT", "RC4", "LEN=0" };
30
31 // Mode names for CMD_0C command
32 static const char *cmd0c_mode_name[] = { "NONE", "RC6", "RC4", "CC_CRYPT", "AES", "IDEA" };
33
34 uint8_t cc_node_id[8];
35
36 int32_t cc_cli_connect(struct s_client *cl);
37 int32_t cc_send_pending_emms(struct s_client *cl);
38
39 #define getprefix() (!cl ? "" : (!cl->cc ? "" : (((struct cc_data *)(cl->cc))->prefix)))
40
41 void cc_init_crypt(struct cc_crypt_block *block, uint8_t *key, int32_t len)
42 {
43 int32_t i = 0;
44 uint8_t j = 0;
45
46 for(i = 0; i < 256; i++)
47 {
48 block->keytable[i] = i;
49 }
50
51 for(i = 0; i < 256; i++)
52 {
53 j += key[i % len] + block->keytable[i];
54 SWAPC(&block->keytable[i], &block->keytable[j]);
55 }
56
57 block->state = *key;
58 block->counter = 0;
59 block->sum = 0;
60 }
61
62 void cc_crypt(struct cc_crypt_block *block, uint8_t *data, int32_t len, cc_crypt_mode_t mode)
63 {
64 int32_t i;
65 uint8_t z;
66
67 for(i = 0; i < len; i++)
68 {
69 block->counter++;
70 block->sum += block->keytable[block->counter];
71 SWAPC(&block->keytable[block->counter], &block->keytable[block->sum]);
72
73 z = data[i];
74 data[i] = z ^ block->keytable[(block->keytable[block->counter] + block->keytable[block->sum]) & 0xff];
75 data[i] ^= block->state;
76
77 if(!mode)
78 {
79 z = data[i];
80 }
81
82 block->state = block->state ^ z;
83 }
84 }
85
86 void cc_rc4_crypt(struct cc_crypt_block *block, uint8_t *data, int32_t len, cc_crypt_mode_t mode)
87 {
88 int32_t i;
89 uint8_t z;
90
91 for(i = 0; i < len; i++)
92 {
93 block->counter++;
94 block->sum += block->keytable[block->counter];
95 SWAPC(&block->keytable[block->counter], &block->keytable[block->sum]);
96
97 z = data[i];
98 data[i] = z ^ block->keytable[(block->keytable[block->counter] + block->keytable[block->sum]) & 0xff];
99
100 if(!mode)
101 {
102 z = data[i];
103 }
104
105 block->state = block->state ^ z;
106 }
107 }
108
109 void cc_xor(uint8_t *buf)
110 {
111 const char cccam[] = "CCcam";
112 uint8_t i;
113
114 for(i = 0; i < 8; i++)
115 {
116 buf[8 + i] = i * buf[i];
117
118 if(i <= 5)
119 {
120 buf[i] ^= cccam[i];
121 }
122 }
123 }
124
125 void cc_cw_crypt(struct s_client *cl, uint8_t *cws, uint32_t cardid)
126 {
127 struct cc_data *cc = cl->cc;
128 uint64_t node_id;
129 uint8_t tmp;
130 int32_t i;
131
132 if(cl->typ != 'c')
133 {
134 node_id = b2ll(8, cc->node_id);
135 }
136 else
137 {
138 node_id = b2ll(8, cc->peer_node_id);
139 }
140
141 for(i = 0; i < 16; i++)
142 {
143 tmp = cws[i] ^(node_id >> (4 * i));
144
145 if(i & 1)
146 {
147 tmp = ~tmp;
148 }
149
150 cws[i] = (cardid >> (2 * i)) ^ tmp;
151 }
152 }
153
154 /** swap endianness (int) */
155 static void SwapLBi(uint8_t *buff, int32_t len)
156 {
157 #if __BYTE_ORDER != __BIG_ENDIAN
158 return;
159 #endif
160
161 int32_t i;
162 uint8_t swap[4];
163
164 for(i = 0; i < len / 4; i++)
165 {
166 memcpy(swap, buff, 4);
167 buff[0] = swap[3];
168 buff[1] = swap[2];
169 buff[2] = swap[1];
170 buff[3] = swap[0];
171 buff += 4;
172 }
173 }
174
175 void cc_crypt_cmd0c(struct s_client *cl, uint8_t *buf, int32_t len)
176 {
177 struct cc_data *cc = cl->cc;
178 uint8_t *out;
179
180 if(!cs_malloc(&out, len))
181 {
182 return;
183 }
184
185 switch(cc->cmd0c_mode)
186 {
187 case MODE_CMD_0x0C_NONE: // none additional encryption
188 {
189 memcpy(out, buf, len);
190 break;
191 }
192
193 case MODE_CMD_0x0C_RC6: // RC6
194 {
195 // buf may be unaligned,
196 // so we use malloc() memory for the uint32_t* cast
197 uint8_t *tmp;
198 int32_t i;
199
200 if(!cs_malloc(&tmp, len))
201 {
202 return;
203 }
204
205 memcpy(tmp, buf, len);
206 SwapLBi(tmp, len);
207
208 for(i = 0; i < len / 16; i++)
209 {
210 rc6_block_decrypt((uint32_t *)(tmp + i * 16), (uint32_t *)(out + i * 16), 1, cc->cmd0c_RC6_cryptkey);
211 }
212
213 SwapLBi(out, len);
214 NULLFREE(tmp);
215 break;
216 }
217
218 case MODE_CMD_0x0C_RC4: // RC4
219 {
220 cc_rc4_crypt(&cc->cmd0c_cryptkey, buf, len, ENCRYPT);
221 memcpy(out, buf, len);
222 break;
223 }
224
225 case MODE_CMD_0x0C_CC_CRYPT: // cc_crypt
226 {
227 cc_crypt(&cc->cmd0c_cryptkey, buf, len, DECRYPT);
228 memcpy(out, buf, len);
229 break;
230 }
231
232 case MODE_CMD_0x0C_AES: // AES
233 {
234 int32_t i;
235 for(i = 0; i < len / 16; i++)
236 {
237 AES_decrypt((uint8_t *)buf + i * 16, (uint8_t *)out + i * 16, &cc->cmd0c_AES_key);
238 }
239 break;
240 }
241
242 case MODE_CMD_0x0C_IDEA: // IDEA
243 {
244 int32_t i = 0;
245 int32_t j;
246
247 while(i < len)
248 {
249 idea_ecb_encrypt(buf + i, out + i, &cc->cmd0c_IDEA_dkey);
250 i += 8;
251 }
252
253 i = 8;
254 while(i < len)
255 {
256 for(j = 0; j < 8; j++)
257 {
258 out[j + i] ^= buf[j + i - 8];
259 }
260 i += 8;
261 }
262
263 break;
264 }
265 }
266 memcpy(buf, out, len);
267 NULLFREE(out);
268 }
269
270 void set_cmd0c_cryptkey(struct s_client *cl, uint8_t *key, uint8_t len)
271 {
272 struct cc_data *cc = cl->cc;
273 uint8_t key_buf[32];
274
275 memset(&key_buf, 0, sizeof(key_buf));
276
277 if(len > 32)
278 {
279 len = 32;
280 }
281
282 memcpy(key_buf, key, len);
283
284 switch(cc->cmd0c_mode)
285 {
286 case MODE_CMD_0x0C_NONE: // NONE
287 {
288 break;
289 }
290
291 case MODE_CMD_0x0C_RC6: // RC6
292 {
293 rc6_key_setup(key_buf, 32, cc->cmd0c_RC6_cryptkey);
294 break;
295 }
296
297 case MODE_CMD_0x0C_RC4: // RC4
298 case MODE_CMD_0x0C_CC_CRYPT: // CC_CRYPT
299 {
300 cc_init_crypt(&cc->cmd0c_cryptkey, key_buf, 32);
301 break;
302 }
303
304 case MODE_CMD_0x0C_AES: // AES
305 {
306 memset(&cc->cmd0c_AES_key, 0, sizeof(cc->cmd0c_AES_key));
307 AES_set_decrypt_key((uint8_t *)key_buf, 256, &cc->cmd0c_AES_key);
308 break;
309 }
310
311 case MODE_CMD_0x0C_IDEA: // IDEA
312 {
313 uint8_t key_buf_idea[16];
314 memcpy(key_buf_idea, key_buf, 16);
315 IDEA_KEY_SCHEDULE ekey;
316
317 idea_set_encrypt_key(key_buf_idea, &ekey);
318 idea_set_decrypt_key(&ekey, &cc->cmd0c_IDEA_dkey);
319 break;
320 }
321 }
322 }
323
324 int32_t sid_eq(struct cc_srvid *srvid1, struct cc_srvid *srvid2)
325 {
326 return (srvid1->sid == srvid2->sid && (srvid1->chid == srvid2->chid || !srvid1->chid || !srvid2->chid)
327 && (srvid1->ecmlen == srvid2->ecmlen || !srvid1->ecmlen || !srvid2->ecmlen));
328 }
329
330 int32_t sid_eq_nb(struct cc_srvid *srvid1, struct cc_srvid_block *srvid2)
331 {
332 return sid_eq(srvid1, (struct cc_srvid *)srvid2);
333 }
334
335 int32_t sid_eq_bb(struct cc_srvid_block *srvid1, struct cc_srvid_block *srvid2)
336 {
337 return (srvid1->sid == srvid2->sid && (srvid1->chid == srvid2->chid || !srvid1->chid || !srvid2->chid)
338 && (srvid1->ecmlen == srvid2->ecmlen || !srvid1->ecmlen || !srvid2->ecmlen)
339 && (srvid1->blocked_till == srvid2->blocked_till || !srvid1->blocked_till || !srvid2->blocked_till));
340 }
341
342 struct cc_srvid_block *is_sid_blocked(struct cc_card *card, struct cc_srvid *srvid_blocked)
343 {
344 LL_ITER it = ll_iter_create(card->badsids);
345 struct cc_srvid_block *srvid;
346
347 while((srvid = ll_iter_next(&it)))
348 {
349 if(sid_eq_nb(srvid_blocked, srvid))
350 {
351 break;
352 }
353 }
354 return srvid;
355 }
356
357 uint32_t has_perm_blocked_sid(struct cc_card *card)
358 {
359 LL_ITER it = ll_iter_create(card->badsids);
360 struct cc_srvid_block *srvid;
361
362 while((srvid = ll_iter_next(&it)))
363 {
364 if(srvid->blocked_till == 0)
365 {
366 break;
367 }
368 }
369 return srvid != NULL;
370 }
371
372 struct cc_srvid *is_good_sid(struct cc_card *card, struct cc_srvid *srvid_good)
373 {
374 LL_ITER it = ll_iter_create(card->goodsids);
375 struct cc_srvid *srvid;
376
377 while((srvid = ll_iter_next(&it)))
378 {
379 if(sid_eq(srvid, srvid_good))
380 {
381 break;
382 }
383 }
384 return srvid;
385 }
386
387 #define BLOCKING_SECONDS 10
388
389 void add_sid_block(struct cc_card *card, struct cc_srvid *srvid_blocked, bool temporary)
390 {
391 if(is_sid_blocked(card, srvid_blocked))
392 {
393 return;
394 }
395
396 struct cc_srvid_block *srvid;
397 if(!cs_malloc(&srvid, sizeof(struct cc_srvid_block)))
398 {
399 return;
400 }
401 memcpy(srvid, srvid_blocked, sizeof(struct cc_srvid));
402
403 if(temporary)
404 {
405 srvid->blocked_till = time(NULL) + BLOCKING_SECONDS;
406 }
407
408 ll_append(card->badsids, srvid);
409 cs_log_dbg(D_READER, "added sid block %04X(CHID %04X, length %d) for card %08x",
410 srvid_blocked->sid, srvid_blocked->chid, srvid_blocked->ecmlen, card->id);
411 }
412
413 void remove_sid_block(struct cc_card *card, struct cc_srvid *srvid_blocked)
414 {
415 LL_ITER it = ll_iter_create(card->badsids);
416 struct cc_srvid_block *srvid;
417
418 while((srvid = ll_iter_next(&it)))
419 {
420 if(sid_eq_nb(srvid_blocked, srvid))
421 {
422 ll_iter_remove_data(&it);
423 }
424 }
425
426 cs_log_dbg(D_READER, "removed sid block %04X(CHID %04X, length %d) for card %08x",
427 srvid_blocked->sid, srvid_blocked->chid, srvid_blocked->ecmlen, card->id);
428 }
429
430 void add_good_sid(struct cc_card *card, struct cc_srvid *srvid_good)
431 {
432 if(is_good_sid(card, srvid_good))
433 {
434 return;
435 }
436
437 remove_sid_block(card, srvid_good);
438 struct cc_srvid *srvid;
439
440 if(!cs_malloc(&srvid, sizeof(struct cc_srvid)))
441 {
442 return;
443 }
444
445 memcpy(srvid, srvid_good, sizeof(struct cc_srvid));
446 ll_append(card->goodsids, srvid);
447
448 cs_log_dbg(D_READER, "added good sid %04X(%d) for card %08x",
449 srvid_good->sid, srvid_good->ecmlen, card->id);
450 }
451
452 void remove_good_sid(struct cc_card *card, struct cc_srvid *srvid_good)
453 {
454 LL_ITER it = ll_iter_create(card->goodsids);
455 struct cc_srvid *srvid;
456
457 while((srvid = ll_iter_next(&it)))
458 {
459 if(sid_eq(srvid, srvid_good))
460 {
461 ll_iter_remove_data(&it);
462 }
463 }
464
465 cs_log_dbg(D_READER, "removed good sid %04X(%d) for card %08x",
466 srvid_good->sid, srvid_good->ecmlen, card->id);
467 }
468
469 /**
470 * reader
471 * clears and frees values for reinit
472 */
473 void cc_cli_close(struct s_client *cl, int32_t call_conclose)
474 {
475 struct s_reader *rdr = cl->reader;
476 struct cc_data *cc = cl->cc;
477
478 if(!rdr || !cc)
479 {
480 return;
481 }
482
483 if(rdr)
484 {
485 rdr->tcp_connected = 0;
486 }
487
488 if(rdr)
489 {
490 rdr->card_status = NO_CARD;
491 }
492
493 if(rdr)
494 {
495 rdr->last_s = rdr->last_g = 0;
496 }
497
498 if(cl)
499 {
500 cl->last = 0;
501 }
502
503 if(call_conclose) // clears also pending ecms!
504 {
505 network_tcp_connection_close(rdr, "close");
506 }
507 else
508 {
509 if(cl->udp_fd)
510 {
511 close(cl->udp_fd);
512 cl->udp_fd = 0;
513 cl->pfd = 0;
514 }
515 }
516
517 cc->ecm_busy = 0;
518 cc->just_logged_in = 0;
519 }
520
521 struct cc_extended_ecm_idx *add_extended_ecm_idx(struct s_client *cl, uint8_t send_idx, uint16_t ecm_idx,
522 struct cc_card *card, struct cc_srvid srvid, int8_t free_card)
523 {
524 struct cc_data *cc = cl->cc;
525 struct cc_extended_ecm_idx *eei;
526
527 if(!cs_malloc(&eei, sizeof(struct cc_extended_ecm_idx)))
528 {
529 return NULL;
530 }
531
532 eei->send_idx = send_idx;
533 eei->ecm_idx = ecm_idx;
534 eei->card = card;
535 eei->cccam_id = card->id;
536 eei->srvid = srvid;
537 eei->free_card = free_card;
538 cs_ftime(&eei->tps);
539 ll_append(cc->extended_ecm_idx, eei);
540 //cs_log_dbg(D_TRACE, "%s add extended ecm-idx: %d:%d", getprefix(), send_idx, ecm_idx);
541 return eei;
542 }
543
544 struct cc_extended_ecm_idx *get_extended_ecm_idx(struct s_client *cl, uint8_t send_idx, int32_t remove_item)
545 {
546 struct cc_data *cc = cl->cc;
547 struct cc_extended_ecm_idx *eei;
548 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
549
550 while((eei = ll_iter_next(&it)))
551 {
552 if(eei->send_idx == send_idx)
553 {
554 if(remove_item)
555 {
556 ll_iter_remove(&it);
557 }
558
559 //cs_log_dbg(D_TRACE, "%s get by send-idx: %d FOUND: %d", getprefix(), send_idx, eei->ecm_idx);
560 return eei;
561 }
562 }
563
564 #ifdef WITH_DEBUG
565 if(remove_item)
566 {
567 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s get by send-idx: %d NOT FOUND", getprefix(), send_idx);
568 }
569 #endif
570
571 return NULL;
572 }
573
574 struct cc_extended_ecm_idx *get_extended_ecm_idx_by_idx(struct s_client *cl, uint16_t ecm_idx, int32_t remove_item)
575 {
576 struct cc_data *cc = cl->cc;
577 struct cc_extended_ecm_idx *eei;
578 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
579
580 while((eei = ll_iter_next(&it)))
581 {
582 if(eei->ecm_idx == ecm_idx)
583 {
584 if(remove_item)
585 {
586 ll_iter_remove(&it);
587 }
588
589 //cs_log_dbg(D_TRACE, "%s get by ecm-idx: %d FOUND: %d", getprefix(), ecm_idx, eei->send_idx);
590 return eei;
591 }
592 }
593
594 #ifdef WITH_DEBUG
595 if(remove_item)
596 {
597 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s get by ecm-idx: %d NOT FOUND", getprefix(), ecm_idx);
598 }
599 #endif
600
601 return NULL;
602 }
603
604 void cc_reset_pending(struct s_client *cl, int32_t ecm_idx)
605 {
606 int32_t i = 0;
607
608 for(i = 0; i < cfg.max_pending; i++)
609 {
610 if(cl->ecmtask[i].idx == ecm_idx && cl->ecmtask[i].rc == E_ALREADY_SENT)
611 {
612 cl->ecmtask[i].rc = E_UNHANDLED; // Mark unused
613 }
614 }
615 }
616
617 void free_extended_ecm_idx_by_card(struct s_client *cl, struct cc_card *card, int8_t null_only)
618 {
619 struct cc_data *cc = cl->cc;
620 struct cc_extended_ecm_idx *eei;
621 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
622
623 while((eei = ll_iter_next(&it)))
624 {
625 if(eei->card == card)
626 {
627 if(null_only)
628 {
629 cc_reset_pending(cl, eei->ecm_idx);
630 if(eei->free_card)
631 {
632 NULLFREE(eei->card);
633 }
634 ll_iter_remove_data(&it);
635 }
636 else
637 {
638 if(eei->free_card)
639 {
640 NULLFREE(eei->card);
641 }
642 eei->card = NULL;
643 }
644 }
645 }
646 }
647
648 void free_extended_ecm_idx(struct cc_data *cc)
649 {
650 struct cc_extended_ecm_idx *eei;
651 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
652
653 while((eei = ll_iter_next(&it)))
654 {
655 if(eei->free_card)
656 {
657 NULLFREE(eei->card);
658 }
659 ll_iter_remove_data(&it);
660 }
661 }
662
663 int32_t cc_recv_to(struct s_client *cl, uint8_t *buf, int32_t len)
664 {
665 int32_t rc;
666 struct pollfd pfd;
667
668 while(1)
669 {
670 pfd.fd = cl->udp_fd;
671 pfd.events = POLLIN | POLLPRI;
672
673 rc = poll(&pfd, 1, cfg.cc_recv_timeout);
674
675 if(rc < 0)
676 {
677 if(errno == EINTR)
678 {
679 continue;
680 }
681
682 return -1; // error!!
683 }
684
685 if(rc == 1)
686 {
687 if(pfd.revents & POLLHUP)
688 {
689 return -1; // hangup = error!!
690 }
691 else
692 {
693 break;
694 }
695 }
696 else
697 {
698 return -2; // timeout!!
699 }
700 }
701 return cs_recv(cl->udp_fd, buf, len, MSG_WAITALL);
702 }
703
704 /**
705 * reader
706 * closes the connection and reopens it.
707 */
708 static int8_t cc_cycle_connection(struct s_client *cl)
709 {
710 if(!cl || cl->kill)
711 {
712 return 0;
713 }
714
715 cs_log_dbg(D_TRACE, "%s unlocked-cycleconnection! timeout %d ms", getprefix(), cl->reader->cc_reconnect);
716
717 cc_cli_close(cl, 0);
718 cs_sleepms(50);
719 cc_cli_connect(cl);
720
721 return cl->reader->tcp_connected;
722 }
723
724 /**
725 * reader + server:
726 * receive a message
727 */
728 int32_t cc_msg_recv(struct s_client *cl, uint8_t *buf, int32_t maxlen)
729 {
730 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
731
732 int32_t len;
733 struct cc_data *cc = cl->cc;
734 int32_t handle = cl->udp_fd;
735
736 if(handle <= 0 || maxlen < 4)
737 {
738 return -1;
739 }
740
741 if(!cl->cc)
742 {
743 return -1;
744 }
745
746 cs_writelock(__func__, &cc->lockcmd);
747
748 if(!cl->cc)
749 {
750 cs_writeunlock(__func__, &cc->lockcmd);
751 return -1;
752 }
753
754 len = cs_recv(handle, buf, 4, MSG_WAITALL);
755
756 if(len != 4) // invalid header length read
757 {
758 if(len <= 0)
759 {
760 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s disconnected by remote server", getprefix());
761 }
762 else
763 {
764 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s invalid header length (expected 4, read %d)",
765 getprefix(), len);
766 }
767
768 cs_writeunlock(__func__, &cc->lockcmd);
769 return -1;
770 }
771
772 cc_crypt(&cc->block[DECRYPT], buf, 4, DECRYPT);
773 //cs_log_dump_dbg(D_CLIENT, buf, 4, "cccam: decrypted header:");
774
775 cc->g_flag = buf[0];
776
777 int32_t size = (buf[2] << 8) | buf[3];
778 if(size) // check if any data is expected in msg
779 {
780 if(size > maxlen)
781 {
782 cs_writeunlock(__func__, &cc->lockcmd);
783 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s message too big (size=%d max=%d)",
784 getprefix(), size, maxlen);
785 return 0;
786 }
787
788 len = cs_recv(handle, buf + 4, size, MSG_WAITALL);
789
790 if(rdr && buf[1] == MSG_CW_ECM)
791 {
792 rdr->last_g = time(NULL);
793 }
794
795 if(len != size)
796 {
797 cs_writeunlock(__func__, &cc->lockcmd);
798
799 if(len <= 0)
800 {
801 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s disconnected by remote", getprefix());
802 }
803 else
804 {
805 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s invalid message length read (expected %d, read %d)",
806 getprefix(), size, len);
807 }
808 return -1;
809 }
810
811 cc_crypt(&cc->block[DECRYPT], buf + 4, len, DECRYPT);
812 len += 4;
813 }
814
815 cs_writeunlock(__func__, &cc->lockcmd);
816
817 //cs_log_dump_dbg(cl->typ=='c'?D_CLIENT:D_READER, buf, len, "cccam: full decrypted msg, len=%d:", len);
818
819 return len;
820 }
821
822 /**
823 * reader + server
824 * send a message
825 */
826 int32_t cc_cmd_send(struct s_client *cl, uint8_t *buf, int32_t len, cc_msg_type_t cmd)
827 {
828 if(!cl->udp_fd) // disconnected
829 {
830 return -1;
831 }
832
833 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
834
835 int32_t n;
836 struct cc_data *cc = cl->cc;
837
838 if(!cl->cc || cl->kill)
839 {
840 return -1;
841 }
842
843 cs_writelock(__func__, &cc->lockcmd);
844
845 if(!cl->cc || cl->kill)
846 {
847 cs_writeunlock(__func__, &cc->lockcmd);
848 return -1;
849 }
850
851 uint8_t *netbuf;
852 if(!cs_malloc(&netbuf, len + 4))
853 {
854 return -1;
855 }
856
857 if(cmd == MSG_NO_HEADER)
858 {
859 memcpy(netbuf, buf, len);
860 }
861 else
862 {
863 // build command message
864 netbuf[0] = cc->g_flag; // flags?
865 netbuf[1] = cmd & 0xff;
866 netbuf[2] = len >> 8;
867 netbuf[3] = len & 0xff;
868
869 if(buf)
870 {
871 memcpy(netbuf + 4, buf, len);
872 }
873 len += 4;
874 }
875
876 cs_log_dump_dbg(D_CLIENT, netbuf, len, "cccam: send:");
877 cc_crypt(&cc->block[ENCRYPT], netbuf, len, ENCRYPT);
878
879 n = send(cl->udp_fd, netbuf, len, 0);
880
881 cs_writeunlock(__func__, &cc->lockcmd);
882
883 NULLFREE(netbuf);
884
885 if(n != len)
886 {
887 if(rdr)
888 {
889 cc_cli_close(cl, 1);
890 }
891 else
892 {
893 cs_writeunlock(__func__, &cc->cards_busy);
894 cs_disconnect_client(cl);
895 }
896 n = -1;
897 }
898
899 return n;
900 }
901
902 #define CC_DEFAULT_VERSION 9
903 #define CC_VERSIONS 10
904 static char *version[CC_VERSIONS] = { "2.0.11", "2.1.1", "2.1.2", "2.1.3", "2.1.4", "2.2.0", "2.2.1", "2.3.0", "2.3.1", "2.3.2"};
905 static char *build[CC_VERSIONS] = { "2892", "2971", "3094", "3165", "3191", "3290", "3316", "3367", "9d508a", "4000"};
906 static char extcompat[CC_VERSIONS] = { 0, 0, 0, 0, 0, 1, 1, 1, 1, 1}; // Supporting new card format starting with 2.2.0
907
908 /**
909 * reader + server
910 * checks the cccam-version in the configuration
911 */
912 void cc_check_version(char *cc_version, char *cc_build)
913 {
914 int32_t i;
915 for(i = 0; i < CC_VERSIONS; i++)
916 {
917 if(!memcmp(cc_version, version[i], strlen(version[i])))
918 {
919 memcpy(cc_build, build[i], strlen(build[i]) + 1);
920 cs_log_dbg(D_CLIENT, "cccam: auto build set for version: %s build: %s", cc_version, cc_build);
921 return;
922 }
923 }
924
925 memcpy(cc_version, version[CC_DEFAULT_VERSION], strlen(version[CC_DEFAULT_VERSION]));
926 memcpy(cc_build, build[CC_DEFAULT_VERSION], strlen(build[CC_DEFAULT_VERSION]));
927
928 cs_log_dbg(D_CLIENT, "cccam: auto version set: %s build: %s", cc_version, cc_build);
929
930 return;
931 }
932
933 int32_t check_cccam_compat(struct cc_data *cc)
934 {
935 int32_t res = 0;
936 int32_t i = 0;
937 for(i = 0; i < CC_VERSIONS; i++)
938 {
939 if(!strcmp(cfg.cc_version, version[i]))
940 {
941 res += extcompat[i];
942 break;
943 }
944 }
945
946 if(!res)
947 {
948 return 0;
949 }
950
951 for(i = 0; i < CC_VERSIONS; i++)
952 {
953 if(!strcmp(cc->remote_version, version[i]))
954 {
955 res += extcompat[i];
956 break;
957 }
958 }
959
960 return res == 2;
961 }
962
963 /**
964 * reader
965 * sends own version information to the CCCam server
966 */
967 int32_t cc_send_cli_data(struct s_client *cl)
968 {
969 struct s_reader *rdr = cl->reader;
970 struct cc_data *cc = cl->cc;
971 const int32_t size = 20 + 8 + 6 + 26 + 4 + 28 + 1;
972 uint8_t buf[size];
973
974 cs_log_dbg(D_READER, "cccam: send client data");
975
976 memcpy(cc->node_id, cc_node_id, sizeof(cc_node_id));
977
978 memcpy(buf, rdr->r_usr, sizeof(rdr->r_usr));
979 memcpy(buf + 20, cc->node_id, 8);
980 buf[28] = rdr->cc_want_emu; // <-- Client wants to have EMUs, 0 - NO; 1 - YES
981 memcpy(buf + 29, rdr->cc_version, sizeof(rdr->cc_version)); // cccam version (ascii)
982 memcpy(buf + 61, rdr->cc_build, sizeof(rdr->cc_build)); // build number (ascii)
983
984 // multics seed already detected, now send multics 'WHO' for getting and confirming multics server
985 if(cc->multics_mode == 1)
986 {
987 memcpy(buf + 57, "W", 1);
988 memcpy(buf + 58, "H", 1);
989 memcpy(buf + 59, "O", 1);
990 }
991
992 cs_log_dbg(D_READER, "%s sending own version: %s, build: %s", getprefix(), rdr->cc_version, rdr->cc_build);
993
994 return cc_cmd_send(cl, buf, size, MSG_CLI_DATA);
995 }
996
997 /**
998 * server
999 * sends version information to the client
1000 */
1001 int32_t cc_send_srv_data(struct s_client *cl)
1002 {
1003 struct cc_data *cc = cl->cc;
1004
1005 cs_log_dbg(D_CLIENT, "cccam: send server data");
1006
1007 memcpy(cc->node_id, cc_node_id, sizeof(cc_node_id));
1008
1009 uint8_t buf[0x48];
1010 memset(buf, 0, 0x48);
1011
1012 int32_t stealth = cl->account->cccstealth;
1013 if(stealth == -1)
1014 {
1015 stealth = cfg.cc_stealth;
1016 }
1017
1018 if(stealth)
1019 {
1020 cc->node_id[7]++;
1021 }
1022
1023 memcpy(buf, cc->node_id, 8);
1024
1025 char cc_build[7], tmp_dbg[17];
1026 memset(cc_build, 0, sizeof(cc_build));
1027 cc_check_version((char *) cfg.cc_version, cc_build);
1028 memcpy(buf + 8, cfg.cc_version, sizeof(cfg.cc_version)); // cccam version (ascii)
1029 memcpy(buf + 40, cc_build, sizeof(cc_build)); // build number (ascii)
1030
1031 cs_log_dbg(D_CLIENT, "%s version: %s, build: %s nodeid: %s", getprefix(),
1032 cfg.cc_version, cc_build, cs_hexdump(0, cc->peer_node_id, 8, tmp_dbg, sizeof(tmp_dbg)));
1033
1034 return cc_cmd_send(cl, buf, 0x48, MSG_SRV_DATA);
1035 }
1036
1037 int32_t loop_check(uint8_t *myid, struct s_client *cl)
1038 {
1039 if(!cl)
1040 {
1041 return 0;
1042 }
1043
1044 struct cc_data *cc = cl->cc;
1045 if(!cc)
1046 {
1047 return 0;
1048 }
1049
1050 return !memcmp(myid, cc->peer_node_id, sizeof(cc->peer_node_id)); // same nodeid? ignore
1051 }
1052
1053 /**
1054 * reader
1055 * retrieves the next waiting ecm request
1056 */
1057 int32_t cc_get_nxt_ecm(struct s_client *cl)
1058 {
1059 struct cc_data *cc = cl->cc;
1060 ECM_REQUEST *er, *ern = NULL;
1061 int32_t n, i, pending = 0;
1062 struct timeb t;
1063
1064 cs_ftime(&t);
1065 int32_t diff = (int32_t)cfg.ctimeout + 500;
1066
1067 n = -1;
1068 for(i = 0; i < cfg.max_pending; i++)
1069 {
1070 er = &cl->ecmtask[i];
1071 if((comp_timeb(&t, &er->tps) >= diff) && (er->rc >= E_NOCARD)) // drop timeouts
1072 {
1073 write_ecm_answer(cl->reader, er, E_TIMEOUT, 0, NULL, NULL, 0, NULL);
1074 }
1075
1076 else if(er->rc >= E_NOCARD && er->rc <= E_UNHANDLED) // stil active and waiting
1077 {
1078 pending++;
1079 if(loop_check(cc->peer_node_id, er->client))
1080 {
1081 cs_log_dbg(D_READER, "%s ecm loop detected! client %s (%8lX)",
1082 getprefix(), er->client->account->usr, (unsigned long)er->client->thread);
1083 write_ecm_answer(cl->reader, er, E_NOTFOUND, E2_CCCAM_LOOP, NULL, NULL, 0, NULL);
1084 }
1085 else
1086 {
1087 // search for the ecm with the lowest time, this should be the next to go
1088 if(n < 0 || (ern->tps.time - er->tps.time < 0))
1089 {
1090 // check for already pending:
1091 if(cc && cc->extended_mode)
1092 {
1093 int32_t j, found;
1094 ECM_REQUEST *erx;
1095
1096 for(found = j = 0; j < cfg.max_pending; j++)
1097 {
1098 erx = &cl->ecmtask[j];
1099 if(i != j && erx->rc == E_ALREADY_SENT
1100 && er->caid == erx->caid && er->ecmd5 == erx->ecmd5)
1101 {
1102 found = 1;
1103 break;
1104 }
1105 }
1106
1107 if(!found)
1108 {
1109 n = i;
1110 ern = er;
1111 }
1112 }
1113 else
1114 {
1115 n = i;
1116 ern = er;
1117 }
1118 }
1119 }
1120 }
1121 }
1122
1123 cl->pending = pending;
1124 return n;
1125 }
1126
1127 /**
1128 * sends the secret cmd05 answer to the server
1129 */
1130 int32_t send_cmd05_answer(struct s_client *cl)
1131 {
1132 struct cc_data *cc = cl->cc;
1133 if(!cc->cmd05_active || cc->ecm_busy) // exit if not in cmd05 or waiting for ECM answer
1134 {
1135 return 0;
1136 }
1137
1138 cc->cmd05_active--;
1139 if(cc->cmd05_active)
1140 {
1141 return 0;
1142 }
1143
1144 uint8_t *data = cc->cmd05_data;
1145 cc_cmd05_mode cmd05_mode = MODE_UNKNOWN;
1146
1147 // by Project: Keynation
1148 switch(cc->cmd05_data_len)
1149 {
1150 case 0: // payload 0, return with payload 0!
1151 {
1152 cc_cmd_send(cl, NULL, 0, MSG_CMD_05);
1153 cmd05_mode = MODE_LEN0;
1154 break;
1155 }
1156
1157 case 256:
1158 {
1159 cmd05_mode = cc->cmd05_mode;
1160 switch(cmd05_mode)
1161 {
1162 case MODE_PLAIN: // send plain unencrypted back
1163 {
1164 cc_cmd_send(cl, data, 256, MSG_CMD_05);
1165 break;
1166 }
1167
1168 case MODE_AES: // encrypt with received aes128 key
1169 {
1170 AES_KEY key;
1171 uint8_t aeskey[16];
1172 uint8_t out[256];
1173
1174 memcpy(aeskey, cc->cmd05_aeskey, 16);
1175 memset(&key, 0, sizeof(key));
1176
1177 AES_set_encrypt_key((uint8_t *) &aeskey, 128, &key);
1178 int32_t i;
1179
1180 for(i = 0; i < 256; i += 16)
1181 {
1182 AES_encrypt((uint8_t *)data + i, (uint8_t *) &out + i, &key);
1183 }
1184
1185 cc_cmd_send(cl, out, 256, MSG_CMD_05);
1186 break;
1187 }
1188
1189 case MODE_CC_CRYPT: // encrypt with cc_crypt
1190 {
1191 cc_crypt(&cc->cmd05_cryptkey, data, 256, ENCRYPT);
1192 cc_cmd_send(cl, data, 256, MSG_CMD_05);
1193 break;
1194 }
1195
1196 case MODE_RC4_CRYPT: // special xor crypt
1197 {
1198 cc_rc4_crypt(&cc->cmd05_cryptkey, data, 256, DECRYPT);
1199 cc_cmd_send(cl, data, 256, MSG_CMD_05);
1200 break;
1201 }
1202
1203 default:
1204 cmd05_mode = MODE_UNKNOWN;
1205 }
1206 break;
1207 }
1208
1209 default:
1210 cmd05_mode = MODE_UNKNOWN;
1211 }
1212
1213 // unhandled types always needs cycle connection after 50 ECMs!
1214 if(cmd05_mode == MODE_UNKNOWN)
1215 {
1216 cc_cmd_send(cl, NULL, 0, MSG_CMD_05);
1217 if(!cc->max_ecms) // max_ecms already set?
1218 {
1219 cc->max_ecms = 50;
1220 cc->ecm_counter = 0;
1221 }
1222 }
1223
1224 cs_log_dbg(D_READER, "%s sending CMD_05 back! MODE: %s len=%d",
1225 getprefix(), cmd05_mode_name[cmd05_mode], cc->cmd05_data_len);
1226
1227 cc->cmd05NOK = 1;
1228 return 1;
1229 }
1230
1231 int32_t get_UA_ofs(uint16_t caid)
1232 {
1233 int32_t ofs = 0;
1234 switch(caid >> 8)
1235 {
1236 case 0x05: // VIACCESS
1237 case 0x0D: // CRYPTOWORKS
1238 //ofs = 1;
1239 //break;
1240 case 0x4B: // TONGFANG
1241 case 0x09: // VIDEOGUARD
1242 case 0x0B: // CONAX
1243 case 0x18: // NAGRA
1244 case 0x01: // SECA
1245 case 0x00: // SECAMANAGMENT
1246 case 0x17: // BETACRYPT
1247 case 0x06: // IRDETO
1248 ofs = 2;
1249 break;
1250 }
1251
1252 return ofs;
1253 }
1254
1255 int32_t UA_len(uint8_t *ua)
1256 {
1257 int32_t i, len = 0;
1258
1259 for(i = 0; i < 8; i++)
1260 {
1261 if(ua[i])
1262 {
1263 len++;
1264 }
1265 }
1266 return len;
1267 }
1268 void UA_left(uint8_t *in, uint8_t *out, int32_t ofs)
1269 {
1270 memset(out, 0, 8);
1271 memcpy(out, in + ofs, 8 - ofs);
1272 }
1273
1274 void UA_right(uint8_t *in, uint8_t *out, int32_t len)
1275 {
1276 int32_t ofs = 0;
1277
1278 while(len)
1279 {
1280 memcpy(out + ofs, in, len);
1281 len--;
1282
1283 if(out[len])
1284 {
1285 break;
1286 }
1287 ofs++;
1288 out[0] = 0;
1289 }
1290 }
1291
1292 /**
1293 * cccam uses UA right justified
1294 **/
1295 void cc_UA_oscam2cccam(uint8_t *in, uint8_t *out, uint16_t caid)
1296 {
1297 uint8_t tmp[8];
1298 memset(out, 0, 8);
1299 memset(tmp, 0, 8);
1300
1301 //switch(caid >> 8)
1302 //{
1303 // case 0x17: //IRDETO/Betacrypt:
1304 // //oscam: AA BB CC DD 00 00 00 00
1305 // //cccam: 00 00 00 00 DD AA BB CC
1306 // out[4] = in[3]; //Hexbase
1307 // out[5] = in[0];
1308 // out[6] = in[1];
1309 // out[7] = in[2];
1310 // return;
1311 //
1312 // //Place here your own adjustments!
1313 //}
1314
1315 if(caid_is_bulcrypt(caid))
1316 {
1317 out[4] = in[0];
1318 out[5] = in[1];
1319 out[6] = in[2];
1320 out[7] = in[3];
1321 return;
1322 }
1323
1324 hexserial_to_newcamd(in, tmp + 2, caid);
1325 UA_right(tmp, out, 8);
1326 }
1327
1328 /**
1329 * oscam has a special format, depends on offset or type:
1330 **/
1331 void cc_UA_cccam2oscam(uint8_t *in, uint8_t *out, uint16_t caid)
1332 {
1333 uint8_t tmp[8];
1334 memset(out, 0, 8);
1335 memset(tmp, 0, 8);
1336
1337 //switch(caid >> 8)
1338 //{
1339 // case 0x17: //IRDETO/Betacrypt:
1340 // //cccam: 00 00 00 00 DD AA BB CC
1341 // //oscam: AA BB CC DD 00 00 00 00
1342 // out[0] = in[5];
1343 // out[1] = in[6];
1344 // out[2] = in[7];
1345 // out[3] = in[4]; //Hexbase
1346 // return;
1347
1348 // //Place here your own adjustments!
1349 //}
1350
1351 if(caid_is_bulcrypt(caid))
1352 {
1353 out[0] = in[4];
1354 out[1] = in[5];
1355 out[2] = in[6];
1356 out[3] = in[7];
1357 return;
1358 }
1359
1360 int32_t ofs = get_UA_ofs(caid);
1361 UA_left(in, tmp, ofs);
1362 newcamd_to_hexserial(tmp, out, caid);
1363 }
1364
1365 void cc_SA_oscam2cccam(uint8_t *in, uint8_t *out)
1366 {
1367 memcpy(out, in, 4);
1368 }
1369
1370 void cc_SA_cccam2oscam(uint8_t *in, uint8_t *out)
1371 {
1372 memcpy(out, in, 4);
1373 }
1374
1375 int32_t cc_UA_valid(uint8_t *ua)
1376 {
1377 int32_t i;
1378
1379 for(i = 0; i < 8; i++)
1380 {
1381 if(ua[i])
1382 {
1383 return 1;
1384 }
1385 }
1386
1387 return 0;
1388 }
1389
1390 /**
1391 * Updates AU Data: UA (Unique ID / Hexserial) und SA (Shared ID - Provider)
1392 */
1393 void set_au_data(struct s_client *cl, struct s_reader *rdr, struct cc_card *card, ECM_REQUEST *cur_er)
1394 {
1395 if(rdr->audisabled || !cc_UA_valid(card->hexserial))
1396 {
1397 return;
1398 }
1399
1400 struct cc_data *cc = cl->cc;
1401 char tmp_dbg[17];
1402 cc->last_emm_card = card;
1403
1404 cc_UA_cccam2oscam(card->hexserial, rdr->hexserial, rdr->caid);
1405
1406 cs_log_dbg(D_EMM, "%s au info: caid %04X UA: %s", getprefix(), card->caid,
1407 cs_hexdump(0, rdr->hexserial, 8, tmp_dbg, sizeof(tmp_dbg)));
1408
1409 rdr->nprov = 0;
1410 LL_ITER it2 = ll_iter_create(card->providers);
1411 struct cc_provider *provider;
1412 int32_t p = 0;
1413
1414 while((provider = ll_iter_next(&it2)))
1415 {
1416 if(!cur_er || provider->prov == cur_er->prid || !provider->prov || !cur_er->prid)
1417 {
1418 rdr->prid[p][0] = provider->prov >> 24;
1419 rdr->prid[p][1] = provider->prov >> 16;
1420 rdr->prid[p][2] = provider->prov >> 8;
1421 rdr->prid[p][3] = provider->prov & 0xFF;
1422 cc_SA_cccam2oscam(provider->sa, rdr->sa[p]);
1423
1424 cs_log_dbg(D_EMM, "%s au info: provider: %06X:%02X%02X%02X%02X", getprefix(),
1425 provider->prov, provider->sa[0], provider->sa[1], provider->sa[2], provider->sa[3]);
1426
1427 p++;
1428 rdr->nprov = p;
1429 if(p >= CS_MAXPROV)
1430 {
1431 break;
1432 }
1433 }
1434 }
1435
1436 if(!rdr->nprov) // No Providers? Add null-provider
1437 {
1438 memset(rdr->prid[0], 0, sizeof(rdr->prid[0]));
1439 rdr->nprov = 1;
1440 }
1441
1442 rdr->caid = card->caid;
1443 if(cur_er)
1444 {
1445 rdr->auprovid = cur_er->prid;
1446 }
1447 }
1448
1449 int32_t same_first_node(struct cc_card *card1, struct cc_card *card2)
1450 {
1451 uint8_t *node1 = ll_has_elements(card1->remote_nodes);
1452 uint8_t *node2 = ll_has_elements(card2->remote_nodes);
1453
1454 if(!node1 && !node2)
1455 {
1456 return 1; // both NULL, same!
1457 }
1458
1459 if(!node1 || !node2)
1460 {
1461 return 0; // one NULL, not same!
1462 }
1463
1464 return !memcmp(node1, node2, 8); // same?
1465 }
1466
1467 int32_t same_card2(struct cc_card *card1, struct cc_card *card2, int8_t compare_grp)
1468 {
1469 return (card1->caid == card2->caid &&
1470 card1->card_type == card2->card_type &&
1471 card1->sidtab == card2->sidtab &&
1472 (!compare_grp || card1->grp == card2->grp) &&
1473 !memcmp(card1->hexserial, card2->hexserial, sizeof(card1->hexserial)));
1474 }
1475
1476 int32_t same_card(struct cc_card *card1, struct cc_card *card2)
1477 {
1478 return (card1->remote_id == card2->remote_id &&
1479 same_card2(card1, card2, 1) &&
1480 same_first_node(card1, card2));
1481 }
1482
1483 struct cc_card *get_matching_card(struct s_client *cl, ECM_REQUEST *cur_er, int8_t chk_only)
1484 {
1485 struct cc_data *cc = cl->cc;
1486 struct s_reader *rdr = cl->reader;
1487
1488 if(cl->kill || !rdr || !cc)
1489 {
1490 return NULL;
1491 }
1492
1493 struct cc_srvid cur_srvid;
1494 cur_srvid.sid = cur_er->srvid;
1495 cur_srvid.chid = cur_er->chid;
1496 cur_srvid.ecmlen = cur_er->ecmlen;
1497
1498 int32_t best_rating = MIN_RATING - 1, rating;
1499
1500 LL_ITER it = ll_iter_create(cc->cards);
1501 struct cc_card *card = NULL, *ncard, *xcard = NULL;
1502
1503 while((ncard = ll_iter_next(&it)))
1504 {
1505 int lb_match = 0;
1506 if(config_enabled(WITH_LB))
1507 {
1508 // accept beta card when beta-tunnel is on
1509 lb_match = chk_only && cfg.lb_mode && cfg.lb_auto_betatunnel &&
1510 ((caid_is_nagra(cur_er->caid) && caid_is_betacrypt(ncard->caid) && cfg.lb_auto_betatunnel_mode <= 3) ||
1511 (caid_is_betacrypt(cur_er->caid) && caid_is_nagra(ncard->caid) && cfg.lb_auto_betatunnel_mode >= 1));
1512 }
1513
1514 if((ncard->caid == cur_er->caid // caid matches
1515 || (rdr->cc_want_emu && (ncard->caid == (cur_er->caid & 0xFF00))))
1516 || lb_match) // or system matches if caid ends with 00 (needed for wantemu)
1517 {
1518 int32_t goodSidCount = ll_count(ncard->goodsids);
1519 int32_t badSidCount = ll_count(ncard->badsids);
1520 struct cc_srvid *good_sid;
1521 struct cc_srvid_block *blocked_sid;
1522
1523 if(goodSidCount && !badSidCount) // only good sids -> check if sid is good
1524 {
1525 good_sid = is_good_sid(ncard, &cur_srvid);
1526 if(!good_sid)
1527 {
1528 continue;
1529 }
1530 }
1531 else if(!goodSidCount && badSidCount) // only bad sids -> check if sid is bad
1532 {
1533 blocked_sid = is_sid_blocked(ncard, &cur_srvid);
1534 if(blocked_sid && (!chk_only || blocked_sid->blocked_till == 0))
1535 {
1536 continue;
1537 }
1538 }
1539 else if(goodSidCount && badSidCount) // bad and good sids -> check not blocked and good
1540 {
1541 blocked_sid = is_sid_blocked(ncard, &cur_srvid);
1542 good_sid = is_good_sid(ncard, &cur_srvid);
1543
1544 if(blocked_sid && (!chk_only || blocked_sid->blocked_till == 0))
1545 {
1546 continue;
1547 }
1548
1549 if(!good_sid)
1550 {
1551 continue;
1552 }
1553 }
1554
1555 if(!(rdr->cc_want_emu) && caid_is_nagra(ncard->caid) && (!xcard || ncard->hop < xcard->hop))
1556 {
1557 xcard = ncard; // remember card (D+ / 1810 fix) if request has no provider, but card has
1558 }
1559
1560 rating = ncard->rating - ncard->hop * HOP_RATING;
1561 if(rating < MIN_RATING)
1562 {
1563 rating = MIN_RATING;
1564 }
1565 else if(rating > MAX_RATING)
1566 {
1567 rating = MAX_RATING;
1568 }
1569
1570 if(!ll_count(ncard->providers)) // card has no providers:
1571 {
1572 if(rating > best_rating)
1573 {
1574 // ncard is closer
1575 card = ncard;
1576 best_rating = rating; // ncard has been matched
1577 }
1578
1579 }
1580 else // card has providers
1581 {
1582 LL_ITER it2 = ll_iter_create(ncard->providers);
1583 struct cc_provider *provider;
1584
1585 while((provider = ll_iter_next(&it2)))
1586 {
1587 if(!cur_er->prid || (provider->prov == cur_er->prid)) // provid matches
1588 {
1589 if(rating > best_rating)
1590 {
1591 // ncard is closer
1592 card = ncard;
1593 best_rating = rating; // ncard has been matched
1594 }
1595 }
1596 }
1597 }
1598 }
1599 }
1600
1601 if(!card)
1602 {
1603 card = xcard; // 18xx: if request has no provider and we have no card, we try this card
1604 }
1605
1606 return card;
1607 }
1608
1609 // reopen all blocked sids for this srvid
1610 static void reopen_sids(struct cc_data *cc, int8_t ignore_time, ECM_REQUEST *cur_er, struct cc_srvid *cur_srvid)
1611 {
1612 time_t utime = time(NULL);
1613 struct cc_card *card;
1614 LL_ITER it = ll_iter_create(cc->cards);
1615
1616 while((card = ll_iter_next(&it)))
1617 {
1618 if(card->caid == cur_er->caid) // caid matches
1619 {
1620 LL_ITER it2 = ll_iter_create(card->badsids);
1621 struct cc_srvid_block *srvid;
1622
1623 while((srvid = ll_iter_next(&it2)))
1624 {
1625 if(srvid->blocked_till > 0 && sid_eq((struct cc_srvid *)srvid, cur_srvid))
1626 {
1627 if(ignore_time || srvid->blocked_till <= utime)
1628 {
1629 ll_iter_remove_data(&it2);
1630 }
1631 }
1632 }
1633 }
1634 }
1635 }
1636
1637 static int8_t cc_request_timeout(struct s_client *cl)
1638 {
1639 struct s_reader *rdr = cl->reader;
1640 struct cc_data *cc = cl->cc;
1641 struct timeb timeout;
1642 struct timeb cur_time;
1643
1644 if(!cc || !cc->ecm_busy)
1645 {
1646 return 0;
1647 }
1648
1649 cs_ftime(&cur_time);
1650
1651 timeout = cc->ecm_time;
1652 int32_t tt = rdr->cc_reconnect;
1653
1654 if(tt <= 0)
1655 {
1656 tt = DEFAULT_CC_RECONNECT;
1657 }
1658
1659 add_ms_to_timeb(&timeout, tt);
1660
1661 return (comp_timeb(&cur_time, &timeout) >= 0);
1662 }
1663
1664 /**
1665 * reader
1666 * sends a ecm request to the connected CCCam Server
1667 */
1668 int32_t cc_send_ecm(struct s_client *cl, ECM_REQUEST *er)
1669 {
1670 struct s_reader *rdr = cl->reader;
1671
1672 //cs_log_dbg(D_TRACE, "%s cc_send_ecm", getprefix());
1673 if(!rdr->tcp_connected)
1674 {
1675 cc_cli_connect(cl);
1676 }
1677
1678 int32_t n;
1679 struct cc_data *cc = cl->cc;
1680 struct cc_card *card = NULL;
1681 LL_ITER it;
1682 ECM_REQUEST *cur_er;
1683 struct timeb cur_time;
1684 cs_ftime(&cur_time);
1685
1686 if(!cc || (cl->pfd < 1) || !rdr->tcp_connected)
1687 {
1688 if(er)
1689 {
1690 cs_log_dbg(D_READER, "%s server not init! ccinit=%d pfd=%d", rdr->label, cc ? 1 : 0, cl->pfd);
1691 write_ecm_answer(rdr, er, E_NOTFOUND, E2_CCCAM_NOCARD, NULL, NULL, 0, NULL);
1692 }
1693 //cc_cli_close(cl);
1694 return 0;
1695 }
1696
1697 if(rdr->tcp_connected != 2)
1698 {
1699 cs_log_dbg(D_READER, "%s Waiting for CARDS", getprefix());
1700 return 0;
1701 }
1702
1703 // No Card? Waiting for shares
1704 if(!ll_has_elements(cc->cards))
1705 {
1706 cs_log_dbg(D_READER, "%s NO CARDS!", getprefix());
1707 return 0;
1708 }
1709
1710 cc->just_logged_in = 0;
1711
1712 if(!cc->extended_mode)
1713 {
1714 // Without extended mode, only one ecm at a time could be send
1715 // this is a limitation of "O" CCCam
1716 if(cc->ecm_busy > 0) // Unlock by NOK or ECM ACK
1717 {
1718 cs_log_dbg(D_READER, "%s ecm trylock: ecm busy, retrying later after msg-receive", getprefix());
1719
1720 if(!cc_request_timeout(cl))
1721 {
1722 return 0; // pending send...
1723 }
1724
1725 if(!cc_cycle_connection(cl))
1726 {
1727 return 0;
1728 }
1729 }
1730
1731 cc->ecm_busy = 1;
1732 cs_log_dbg(D_READER, "cccam: ecm trylock: got lock");
1733 }
1734
1735 int32_t processed_ecms = 0;
1736
1737 do
1738 {
1739 cc->ecm_time = cur_time;
1740
1741 // Search next ECM to send
1742 if((n = cc_get_nxt_ecm(cl)) < 0)
1743 {
1744 if(!cc->extended_mode)
1745 {
1746 cc->ecm_busy = 0;
1747 }
1748
1749 cs_log_dbg(D_READER, "%s no ecm pending!", getprefix());
1750
1751 if(!cc_send_pending_emms(cl))
1752 {
1753 send_cmd05_answer(cl);
1754 }
1755
1756 return 0; // no queued ecms
1757 }
1758
1759 cur_er = &cl->ecmtask[n];
1760 cur_er->rc = E_ALREADY_SENT; // mark ECM as already send
1761 cs_log_dbg(D_READER, "cccam: ecm-task %d", cur_er->idx);
1762
1763 // sleepsend support
1764 static const char *typtext[] = { "ok", "invalid", "sleeping" };
1765
1766 if(cc->sleepsend && cl->stopped)
1767 {
1768 if(cur_er->srvid == cl->lastsrvid && cur_er->caid == cl->lastcaid && cur_er->pid == cl->lastpid)
1769 {
1770 cs_log("%s is stopped - requested by server (%s)", cl->reader->label, typtext[cl->stopped]);
1771
1772 if(!cc->extended_mode)
1773 {
1774 cc->ecm_busy = 0;
1775 }
1776
1777 write_ecm_answer(rdr, cur_er, E_STOPPED, 0, NULL, NULL, 0, NULL);
1778 return 0;
1779 }
1780 else
1781 {
1782 cl->stopped = 0;
1783 }
1784 }
1785
1786 cl->lastsrvid = cur_er->srvid;
1787 cl->lastcaid = cur_er->caid;
1788 cl->lastpid = cur_er->pid;
1789 // sleepsend support end
1790
1791 struct cc_srvid cur_srvid;
1792 cur_srvid.sid = cur_er->srvid;
1793 cur_srvid.chid = cur_er->chid;
1794 cur_srvid.ecmlen = cur_er->ecmlen;
1795
1796 cs_readlock(__func__, &cc->cards_busy);
1797
1798 // forward_origin
1799 if(cfg.cc_forward_origin_card && cur_er->origin_reader == rdr && cur_er->origin_card)
1800 {
1801 it = ll_iter_create(cc->cards);
1802 struct cc_card *ncard;
1803
1804 while((ncard = ll_iter_next(&it)))
1805 {
1806 if(ncard == cur_er->origin_card) // Search the origin card
1807 {
1808 card = ncard; // found it, use it!
1809 break;
1810 }
1811 }
1812 }
1813
1814 if(!card)
1815 {
1816 reopen_sids(cc, 0, cur_er, &cur_srvid);
1817 card = get_matching_card(cl, cur_er, 0);
1818 }
1819
1820 if(!card && has_srvid(rdr->client, cur_er))
1821 {
1822 reopen_sids(cc, 1, cur_er, &cur_srvid);
1823 card = get_matching_card(cl, cur_er, 0);
1824 }
1825
1826 if(card)
1827 {
1828 uint8_t *ecmbuf;
1829 if(!cs_malloc(&ecmbuf, cur_er->ecmlen + 13))
1830 {
1831 break;
1832 }
1833
1834 // build ecm message
1835 ecmbuf[0] = cur_er->caid >> 8;
1836 ecmbuf[1] = cur_er->caid & 0xff;
1837 ecmbuf[2] = cur_er->prid >> 24;
1838 ecmbuf[3] = cur_er->prid >> 16;
1839 ecmbuf[4] = cur_er->prid >> 8;
1840 ecmbuf[5] = cur_er->prid & 0xff;
1841 ecmbuf[6] = card->id >> 24;
1842 ecmbuf[7] = card->id >> 16;
1843 ecmbuf[8] = card->id >> 8;
1844 ecmbuf[9] = card->id & 0xff;
1845 ecmbuf[10] = cur_er->srvid >> 8;
1846 ecmbuf[11] = cur_er->srvid & 0xff;
1847 ecmbuf[12] = cur_er->ecmlen & 0xff;
1848 memcpy(ecmbuf + 13, cur_er->ecm, cur_er->ecmlen);
1849
1850 uint8_t send_idx = 1;
1851 if(cc->extended_mode)
1852 {
1853 cc->server_ecm_idx++;
1854
1855 if(cc->server_ecm_idx >= 256)
1856 {
1857 cc->server_ecm_idx = 1;
1858 }
1859
1860 cc->g_flag = cc->server_ecm_idx; // Flag is used as index!
1861 send_idx = cc->g_flag;
1862 }
1863
1864 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx(cl, send_idx, 0);
1865 if(eei)
1866 {
1867 eei->ecm_idx = cur_er->idx;
1868 eei->card = card;
1869 eei->cccam_id = card->id;
1870 eei->srvid = cur_srvid;
1871 }
1872 else
1873 {
1874 eei = add_extended_ecm_idx(cl, send_idx, cur_er->idx, card, cur_srvid, 0);
1875 if(!eei)
1876 {
1877 NULLFREE(ecmbuf);
1878 cs_readunlock(__func__, &cc->cards_busy);
1879 break;
1880 }
1881 }
1882 eei->tps = cur_er->tps;
1883
1884 rdr->currenthops = card->hop;
1885 rdr->card_status = CARD_INSERTED;
1886
1887 cs_log_dbg( D_READER, "%s sending ecm for sid %04X(%d) to card %08x, hop %d, ecmtask %d",
1888 getprefix(), cur_er->srvid, cur_er->ecmlen, card->id, card->hop, cur_er->idx);
1889
1890 cl->reader->last_s = time(NULL);
1891 cc_cmd_send(cl, ecmbuf, cur_er->ecmlen + 13, MSG_CW_ECM); // send ecm
1892
1893 NULLFREE(ecmbuf);
1894
1895 // For EMM
1896 set_au_data(cl, rdr, card, cur_er);
1897 cs_readunlock(__func__, &cc->cards_busy);
1898
1899 processed_ecms++;
1900 if(cc->extended_mode)
1901 {
1902 continue; // process next pending ecm!
1903 }
1904
1905 return 0;
1906 }
1907 else
1908 {
1909 // When connecting, it could happen than ecm requests come before all cards are received.
1910 // So if the last Message was a MSG_NEW_CARD, this "card receiving" is not already done
1911 // if this happens, we do not autoblock it and do not set rc status
1912 // So fallback could resolve it
1913 if(cc->last_msg != MSG_NEW_CARD && cc->last_msg != MSG_NEW_CARD_SIDINFO
1914 && cc->last_msg != MSG_CARD_REMOVED && !cc->just_logged_in)
1915 {
1916 cs_log_dbg(D_READER, "%s no suitable card on server", getprefix());
1917
1918 write_ecm_answer(rdr, cur_er, E_NOTFOUND, E2_CCCAM_NOCARD, NULL, NULL, 0, NULL);
1919
1920 //cur_er->rc = 1;
1921 //cur_er->rcEx = 0;
1922 //cs_sleepms(300);
1923 rdr->last_s = rdr->last_g;
1924
1925 reopen_sids(cc, 0, cur_er, &cur_srvid);
1926 }
1927 else
1928 {
1929 // We didn't find a card and the last message was MSG_CARD_REMOVED,
1930 // so we wait for a new card and process die ecm later
1931 cur_er->rc = E_WAITING; // mark as waiting
1932 }
1933 }
1934 cs_readunlock(__func__, &cc->cards_busy);
1935
1936 // process next pending ecm!
1937 }
1938 while(cc->extended_mode || processed_ecms == 0);
1939
1940 // Now mark all waiting as unprocessed
1941 int8_t i;
1942 for(i = 0; i < cfg.max_pending; i++)
1943 {
1944 er = &cl->ecmtask[i];
1945 if(er->rc == E_WAITING)
1946 {
1947 er->rc = E_UNHANDLED;
1948 }
1949 }
1950
1951 if(!cc->extended_mode)
1952 {
1953 cc->ecm_busy = 0;
1954 }
1955
1956 return 0;
1957 }
1958
1959 /*int32_t cc_abort_user_ecms()
1960 {
1961 int32_t n, i;
1962 time_t t;//, tls;
1963 struct cc_data *cc = rdr->cc;
1964
1965 t = time((time_t *)0);
1966 for(i = 1, n = 1; i < cfg.max_pending; i++)
1967 {
1968 if((t-cl->ecmtask[i].tps.time > ((cfg.ctimeout + 500) / 1000) + 1) && (cl->ecmtask[i].rc >= 10)) // drop timeouts
1969 {
1970 cl->ecmtask[i].rc=0;
1971 }
1972
1973 int32_t td = abs(comp_timeb(&ecmtask[i].tps, &cc->found->tps);
1974 if(ecmtask[i].rc >= 10 && ecmtask[i].cidx == cc->found->cidx && &ecmtask[i] != cc->found)
1975 {
1976 cs_log("aborting idx:%d caid:%04x client:%d timedelta:%d",ecmtask[i].idx,ecmtask[i].caid,ecmtask[i].cidx,td);
1977 ecmtask[i].rc = 0;
1978 ecmtask[i].rcEx = 7;
1979 write_ecm_answer(rdr, fd_c2m, &ecmtask[i], 0, NULL);
1980 }
1981 }
1982 return n;
1983 }*/
1984
1985 int32_t cc_send_pending_emms(struct s_client *cl)
1986 {
1987 struct cc_data *cc = cl->cc;
1988 if(!cc)
1989 {
1990 return 0;
1991 }
1992
1993 LL_ITER it = ll_iter_create(cc->pending_emms);
1994 uint8_t *emmbuf;
1995 int32_t size = 0;
1996
1997 if((emmbuf = ll_iter_next(&it)))
1998 {
1999 if(!cc->extended_mode)
2000 {
2001 if(cc->ecm_busy > 0) // Unlock by NOK or ECM ACK
2002 {
2003 return 0; // send later with cc_send_ecm
2004 }
2005 cc->ecm_busy = 1;
2006 }
2007
2008 // Support for emmsize > 256 bytes
2009 size = (emmbuf[11] | (emmbuf[2] << 8)) + 12;
2010 emmbuf[2] = 0;
2011
2012 cc->just_logged_in = 0;
2013 cs_ftime(&cc->ecm_time);
2014
2015 cs_log_dbg(D_EMM, "%s emm send for card %08X", getprefix(), b2i(4, emmbuf + 7));
2016
2017 cc_cmd_send(cl, emmbuf, size, MSG_EMM_ACK); // send emm
2018 cl->last = time(NULL);
2019 cl->reader->last_g = time(NULL);
2020 cl->reader->last_s = time(NULL);
2021
2022 ll_iter_remove_data(&it);
2023 }
2024
2025 return size;
2026 }
2027
2028 /**
2029 * READER only:
2030 * find card by hexserial
2031 */
2032 struct cc_card *get_card_by_hexserial(struct s_client *cl, uint8_t *hexserial, uint16_t caid)
2033 {
2034 struct cc_data *cc = cl->cc;
2035 LL_ITER it = ll_iter_create(cc->cards);
2036 struct cc_card *card;
2037
2038 while((card = ll_iter_next(&it)))
2039 {
2040 if(card->caid == caid && memcmp(card->hexserial, hexserial, 8) == 0) // found it!
2041 {
2042 break;
2043 }
2044 }
2045
2046 return card;
2047 }
2048
2049 /**
2050 * EMM Procession
2051 * Copied from http://85.17.209.13:6100/file/8ec3c0c5d257/systems/cardclient/cccam2.c
2052 * ProcessEmm
2053 */
2054 int32_t cc_send_emm(EMM_PACKET *ep)
2055 {
2056 struct s_client *cl = cur_client();
2057 struct s_reader *rdr = cl->reader;
2058
2059 if(!rdr->tcp_connected)
2060 {
2061 cc_cli_connect(cl);
2062 }
2063
2064 struct cc_data *cc = cl->cc;
2065
2066 if(!cc || (cl->pfd < 1) || !rdr->tcp_connected)
2067 {
2068 cs_log_dbg(D_READER, "%s server not init! ccinit=%d pfd=%d", getprefix(), cc ? 1 : 0, cl->pfd);
2069 return 0;
2070 }
2071
2072 if(rdr->audisabled)
2073 {
2074 cs_log_dbg(D_READER, "%s au is disabled", getprefix());
2075 return 0;
2076 }
2077
2078 uint16_t caid = b2i(2, ep->caid);
2079
2080 // Last used card is first card of current_cards
2081 cs_readlock(__func__, &cc->cards_busy);
2082
2083 struct cc_card *emm_card = cc->last_emm_card;
2084
2085 if(!emm_card)
2086 {
2087 uint8_t hs[8];
2088 char tmp_dbg[17];
2089
2090 cc_UA_oscam2cccam(ep->hexserial, hs, caid);
2091
2092 cs_log_dbg(D_EMM, "%s au info: searching card for caid %04X oscam-UA: %s",
2093 getprefix(), b2i(2, ep->caid), cs_hexdump(0, ep->hexserial, 8, tmp_dbg, sizeof(tmp_dbg)));
2094
2095 cs_log_dbg(D_EMM, "%s au info: searching card for caid %04X cccam-UA: %s",
2096 getprefix(), b2i(2, ep->caid), cs_hexdump(0, hs, 8, tmp_dbg, sizeof(tmp_dbg)));
2097
2098 emm_card = get_card_by_hexserial(cl, hs, caid);
2099 }
2100
2101 if(!emm_card) // Card for emm not found!
2102 {
2103 cs_log_dbg(D_EMM, "%s emm for client %8lX not possible, no card found!",
2104 getprefix(), (unsigned long)ep->client->thread);
2105
2106 cs_readunlock(__func__, &cc->cards_busy);
2107 return 0;
2108 }
2109
2110 cs_log_dbg(D_EMM, "%s emm received for client %8lX caid %04X for card %08X",
2111 getprefix(), (unsigned long)ep->client->thread, caid, emm_card->id);
2112
2113 int32_t size = ep->emmlen + 12;
2114 uint8_t *emmbuf;
2115
2116 if(!cs_malloc(&emmbuf, size))
2117 {
2118 return 0;
2119 }
2120
2121 // build ecm message
2122 emmbuf[0] = ep->caid[0];
2123 emmbuf[1] = ep->caid[1];
2124 emmbuf[2] = ep->emmlen >> 8; // Support for emm len > 256 bytes
2125 emmbuf[3] = ep->provid[0];
2126 emmbuf[4] = ep->provid[1];
2127 emmbuf[5] = ep->provid[2];
2128 emmbuf[6] = ep->provid[3];
2129 emmbuf[7] = emm_card->id >> 24;
2130 emmbuf[8] = emm_card->id >> 16;
2131 emmbuf[9] = emm_card->id >> 8;
2132 emmbuf[10] = emm_card->id & 0xff;
2133 emmbuf[11] = ep->emmlen & 0xff;
2134 memcpy(emmbuf + 12, ep->emm, ep->emmlen);
2135
2136 cs_readunlock(__func__, &cc->cards_busy);
2137
2138 ll_append(cc->pending_emms, emmbuf);
2139 cc_send_pending_emms(cl);
2140
2141 return 1;
2142 }
2143
2144 void cc_free_card(struct cc_card *card)
2145 {
2146 if(!card)
2147 {
2148 return;
2149 }
2150
2151 ll_destroy_data(&card->providers);
2152 ll_destroy_data(&card->badsids);
2153 ll_destroy_data(&card->goodsids);
2154 ll_destroy_data(&card->remote_nodes);
2155
2156 add_garbage(card);
2157 }
2158
2159 struct cc_card *cc_get_card_by_id(uint32_t card_id, LLIST *cards)
2160 {
2161 if(!cards)
2162 {
2163 return NULL;
2164 }
2165
2166 LL_ITER it = ll_iter_create(cards);
2167 struct cc_card *card;
2168
2169 while((card = ll_iter_next(&it)))
2170 {
2171 if(card->id == card_id)
2172 {
2173 break;
2174 }
2175 }
2176
2177 return card;
2178 }
2179
2180 void cc_free_cardlist(LLIST *card_list, int32_t destroy_list)
2181 {
2182 if(card_list)
2183 {
2184 LL_ITER it = ll_iter_create(card_list);
2185 struct cc_card *card;
2186
2187 while((card = ll_iter_next_remove(&it)))
2188 {
2189 cc_free_card(card);
2190 }
2191
2192 if(destroy_list)
2193 {
2194 ll_destroy(&card_list);
2195 }
2196 }
2197 }
2198
2199 /**
2200 * Clears and free the cc datas
2201 */
2202 void cc_free(struct s_client *cl)
2203 {
2204 struct cc_data *cc = cl->cc;
2205 if(!cc)
2206 {
2207 return;
2208 }
2209
2210 cl->cc = NULL;
2211
2212 cs_writelock(__func__, &cc->lockcmd);
2213
2214 cs_log_dbg(D_TRACE, "exit cccam1/3");
2215 cc_free_cardlist(cc->cards, 1);
2216 ll_destroy_data(&cc->pending_emms);
2217 free_extended_ecm_idx(cc);
2218 ll_destroy_data(&cc->extended_ecm_idx);
2219
2220 cs_writeunlock(__func__, &cc->lockcmd);
2221
2222 cs_log_dbg(D_TRACE, "exit cccam2/3");
2223
2224 add_garbage(cc->prefix);
2225 add_garbage(cc);
2226
2227 cs_log_dbg(D_TRACE, "exit cccam3/3");
2228 }
2229
2230 int32_t is_null_dcw(uint8_t *dcw)
2231 {
2232 int32_t i;
2233 for(i = 0; i < 15; i++)
2234 if(dcw[i])
2235 { return 0; }
2236 return 1;
2237 }
2238
2239 /*int32_t is_dcw_corrupted(uint8_t *dcw)
2240 {
2241 int32_t i;
2242 int32_t c, cs;
2243
2244 for(i = 0; i < 16; i += 4)
2245 {
2246 c = (dcw[i] + dcw[i + 1] + dcw[i + 2]) & 0xFF;
2247 cs = dcw[i + 3];
2248
2249 if(cs != c)
2250 {
2251 return (1);
2252 }
2253 }
2254 return 0;
2255 }*/
2256
2257 int32_t check_extended_mode(struct s_client *cl, char *msg)
2258 {
2259 // Extended mode: if PARTNER String is ending with [PARAM], extended mode is activated
2260 // For future compatibilty the syntax should be compatible with
2261 // [PARAM1,PARAM2...PARAMn]
2262 //
2263 // EXT: Extended ECM Mode: Multiple ECMs could be send and received
2264 // ECMs are numbered, Flag (byte[0] is the index
2265 //
2266 // SID: Exchange of good sids/bad sids activated (like cccam 2.2.x)
2267 // card exchange command MSG_NEW_CARD_SIDINFO instead MSG_NEW_CARD is used
2268 //
2269 // SLP: Sleepsend supported, like camd35
2270 //
2271
2272 struct cc_data *cc = cl->cc;
2273 char *saveptr1 = NULL;
2274 int32_t has_param = 0;
2275 char *p = strtok_r(msg, "[", &saveptr1);
2276
2277 while(p)
2278 {
2279 p = strtok_r(NULL, ",]", &saveptr1);
2280 if(p && strncmp(p, "EXT", 3) == 0)
2281 {
2282 cc->extended_mode = 1;
2283 cs_log_dbg(D_CLIENT, "%s extended ECM mode", getprefix());
2284 has_param = 1;
2285 }
2286 else if(p && strncmp(p, "SID", 3) == 0)
2287 {
2288 cc->cccam220 = 1;
2289 cs_log_dbg(D_CLIENT, "%s extra SID mode", getprefix());
2290 has_param = 1;
2291 }
2292 else if(p && strncmp(p, "SLP", 3) == 0)
2293 {
2294 cc->sleepsend = 1;
2295 cs_log_dbg(D_CLIENT, "%s sleepsend", getprefix());
2296 has_param = 1;
2297 }
2298 }
2299 return has_param;
2300 }
2301
2302 void cc_idle(void)
2303 {
2304 struct s_client *cl = cur_client();
2305 struct s_reader *rdr = cl->reader;
2306 struct cc_data *cc = cl->cc;
2307
2308 if(!cl->udp_fd)
2309 {
2310 cc_cli_close(cl, 0);
2311 }
2312
2313 if(rdr && !rdr->tcp_connected && (rdr->cc_keepalive || (rdr->tcp_ito == -1 && (rdr->last_s != 0 || rdr->last_g != 0))))
2314 {
2315 cc_cli_connect(cl);
2316 }
2317
2318 if(!rdr || !rdr->tcp_connected || !cl || !cc)
2319 {
2320 return;
2321 }
2322
2323 time_t now = time(NULL);
2324
2325 if(rdr->cc_keepalive)
2326 {
2327 if(cc_cmd_send(cl, NULL, 0, MSG_KEEPALIVE) > 0)
2328 {
2329 cs_log_dbg(D_READER, "cccam: keepalive");
2330
2331 if(cl)
2332 {
2333 cl->last = now;
2334 }
2335
2336 if(cl->reader)
2337 {
2338 cl->reader->last_s = now;
2339 cl->reader->last_g = now;
2340 }
2341 }
2342 return;
2343 }
2344 else
2345 {
2346 //cs_log("last_s - now = %d, last_g - now = %d, tcp_ito=%d",
2347 // abs(rdr->last_s - now), abs(rdr->last_g - now), rdr->tcp_ito);
2348
2349 // check inactivity timeout
2350 if(rdr->tcp_ito > 0)
2351 {
2352 // inactivity timeout is entered in seconds in webif!
2353 if((llabs(rdr->last_s - now) > rdr->tcp_ito) && (llabs(rdr->last_g - now) > rdr->tcp_ito))
2354 {
2355 rdr_log_dbg(rdr, D_READER, "inactive_timeout, close connection (fd=%d)", rdr->client->pfd);
2356 network_tcp_connection_close(rdr, "inactivity");
2357 return;
2358 }
2359 }
2360
2361 // check read timeout
2362 int32_t rto = llabs(rdr->last_g - now);
2363 //cs_log("last_g - now = %d, rto=%d", rto, rdr->tcp_rto);
2364
2365 // this is also entered in seconds, actually its an receive timeout!
2366 if(rto > (rdr->tcp_rto) && (rdr->last_g != 0 || rdr->last_s != 0) && rdr->last_s != rdr->last_g)
2367 {
2368 rdr_log_dbg(rdr, D_READER, "read timeout, close connection (fd=%d)", rdr->client->pfd);
2369 network_tcp_connection_close(rdr, "rto");
2370 return;
2371 }
2372 }
2373 }
2374
2375 struct cc_card *read_card(uint8_t *buf, int32_t buflen, int32_t ext)
2376 {
2377 struct cc_card *card;
2378 int16_t nprov, nassign = 0, nreject = 0;
2379 int32_t offset = 21;
2380
2381 if(buflen < 21)
2382 {
2383 return NULL;
2384 }
2385
2386 if(!cs_malloc(&card, sizeof(struct cc_card)))
2387 {
2388 return NULL;
2389 }
2390
2391 card->providers = ll_create("providers");
2392 card->badsids = ll_create("badsids");
2393 card->goodsids = ll_create("goodsids");
2394 card->remote_nodes = ll_create("remote_nodes");
2395 card->id = b2i(4, buf);
2396 card->remote_id = b2i(4, buf + 4);
2397 card->caid = b2i(2, buf + 8);
2398 card->hop = buf[10];
2399 card->reshare = buf[11];
2400 card->is_ext = ext;
2401 card->card_type = CT_REMOTECARD;
2402 memcpy(card->hexserial, buf + 12, 8); // HEXSERIAL!!
2403
2404 //cs_log_dbg(D_CLIENT, "cccam: card %08x added, caid %04X, hop %d, key %s, count %d", card->id, card->caid,
2405 // card->hop, cs_hexdump(0, card->hexserial, 8, tmp_dbg, sizeof(tmp_dbg)), ll_count(cc->cards));
2406
2407 nprov = buf[20];
2408
2409 if(ext)
2410 {
2411 if(buflen < 23)
2412 {
2413 cc_free_card(card);
2414 return NULL;
2415 }
2416
2417 nassign = buf[21];
2418 nreject = buf[22];
2419
2420 offset += 2;
2421 }
2422
2423 if(buflen < (offset + (nprov * 7)))
2424 {
2425 cc_free_card(card);
2426 return NULL;
2427 }
2428
2429 int16_t i;
2430 for(i = 0; i < nprov; i++) // providers
2431 {
2432 struct cc_provider *prov;
2433 if(!cs_malloc(&prov, sizeof(struct cc_provider)))
2434 {
2435 break;
2436 }
2437
2438 prov->prov = b2i(3, buf + offset);
2439 if(prov->prov == 0xFFFFFF && caid_is_betacrypt(card->caid))
2440 {
2441 prov->prov = i;
2442 }
2443
2444 memcpy(prov->sa, buf + offset + 3, 4);
2445 //cs_log_dbg(D_CLIENT, " prov %d, %06x, sa %08x", i + 1, prov->prov, b2i(4, prov->sa));
2446
2447 ll_append(card->providers, prov);
2448 offset += 7;
2449 }
2450
2451 if(ext)
2452 {
2453 if(buflen < (offset + (nassign * 2) + (nreject * 2)))
2454 {
2455 cc_free_card(card);
2456 return NULL;
2457 }
2458
2459 for(i = 0; i < nassign; i++)
2460 {
2461 uint16_t sid = b2i(2, buf + offset);
2462 //cs_log_dbg(D_CLIENT, " assigned sid = %04X, added to good sid list", sid);
2463
2464 struct cc_srvid *srvid;
2465 if(!cs_malloc(&srvid, sizeof(struct cc_srvid)))
2466 {
2467 break;
2468 }
2469
2470 srvid->sid = sid;
2471 srvid->chid = 0;
2472 srvid->ecmlen = 0;
2473 ll_append(card->goodsids, srvid);
2474 offset += 2;
2475 }
2476
2477 for(i = 0; i < nreject; i++)
2478 {
2479 uint16_t sid = b2i(2, buf + offset);
2480 //cs_log_dbg(D_CLIENT, " rejected sid = %04X, added to sid block list", sid);
2481
2482 struct cc_srvid_block *srvid;
2483 if(!cs_malloc(&srvid, sizeof(struct cc_srvid_block)))
2484 {
2485 break;
2486 }
2487
2488 srvid->sid = sid;
2489 srvid->chid = 0;
2490 srvid->ecmlen = 0;
2491 srvid->blocked_till = 0;
2492 ll_append(card->badsids, srvid);
2493 offset += 2;
2494 }
2495 }
2496
2497 if(buflen < (offset + 1))
2498 {
2499 return card;
2500 }
2501
2502 int16_t remote_count = buf[offset];
2503 offset++;
2504
2505 if(buflen < (offset + (remote_count * 8)))
2506 {
2507 cc_free_card(card);
2508 return NULL;
2509 }
2510
2511 for(i = 0; i < remote_count; i++)
2512 {
2513 uint8_t *remote_node;
2514 if(!cs_malloc(&remote_node, 8))
2515 {
2516 break;
2517 }
2518
2519 memcpy(remote_node, buf + offset, 8);
2520 ll_append(card->remote_nodes, remote_node);
2521 offset += 8;
2522 }
2523
2524 return card;
2525 }
2526
2527 void cc_card_removed(struct s_client *cl, uint32_t shareid)
2528 {
2529 struct cc_data *cc = cl->cc;
2530 struct cc_card *card;
2531 LL_ITER it = ll_iter_create(cc->cards);
2532
2533 while((card = ll_iter_next(&it)))
2534 {
2535 if(card->id == shareid) // && card->sub_id == b2i (3, buf + 9)) {
2536 {
2537 //cs_log_dbg(D_CLIENT, "cccam: card %08x removed, caid %04X, count %d",
2538 // card->id, card->caid, ll_count(cc->cards));
2539
2540 ll_iter_remove(&it);
2541 if(cc->last_emm_card == card)
2542 {
2543 cc->last_emm_card = NULL;
2544 cs_log_dbg(D_READER, "%s current card %08x removed!", getprefix(), card->id);
2545 }
2546
2547 free_extended_ecm_idx_by_card(cl, card, 1);
2548
2549 if(card->hop == 1)
2550 {
2551 cc->num_hop1--;
2552 }
2553 else if(card->hop == 2)
2554 {
2555 cc->num_hop2--;
2556 }
2557 else
2558 {
2559 cc->num_hopx--;
2560 }
2561
2562 if(card->reshare == 0)
2563 {
2564 cc->num_reshare0--;
2565 }
2566 else if(card->reshare == 1)
2567 {
2568 cc->num_reshare1--;
2569 }
2570 else if(card->reshare == 2)
2571 {
2572 cc->num_reshare2--;
2573 }
2574 else
2575 {
2576 cc->num_resharex--;
2577 }
2578
2579 cs_log_dbg(D_TRACE, "%s card removed: id %8X remoteid %8X caid %4X hop %d reshare %d originid %8X cardtype %d",
2580 getprefix(), card->id, card->remote_id, card->caid, card->hop, card->reshare, card->origin_id, card->card_type);
2581
2582 cc_free_card(card);
2583 cc->card_removed_count++;
2584 //break;
2585 }
2586 }
2587 }
2588
2589 void move_card_to_end(struct s_client *cl, struct cc_card *card_to_move)
2590 {
2591 struct cc_data *cc = cl->cc;
2592 LL_ITER it = ll_iter_create(cc->cards);
2593 struct cc_card *card;
2594
2595 while((card = ll_iter_next(&it)))
2596 {
2597 if(card == card_to_move)
2598 {
2599 ll_iter_remove(&it);
2600 break;
2601 }
2602 }
2603
2604 if(card)
2605 {
2606 cs_log_dbg(D_READER, "%s Moving card %08X to the end...", getprefix(), card_to_move->id);
2607 free_extended_ecm_idx_by_card(cl, card, 0);
2608 ll_append(cc->cards, card_to_move);
2609 }
2610 }
2611
2612 /*void fix_dcw(uint8_t *dcw)
2613 {
2614 int32_t i;
2615
2616 for(i = 0; i < 16; i += 4)
2617 {
2618 dcw[i + 3] = (dcw[i] + dcw[i + 1] + dcw[i + 2]) & 0xFF;
2619 }
2620 }*/
2621
2622 void addParam(char *param, char *value)
2623 {
2624 if(strlen(param) < 4)
2625 {
2626 strcat(param, value);
2627 }
2628 else
2629 {
2630 strcat(param, ",");
2631 strcat(param, value);
2632 }
2633 }
2634
2635 static void chk_peer_node_for_oscam(struct cc_data *cc)
2636 {
2637 if(!cc->is_oscam_cccam) // Allready discovered oscam-cccam
2638 {
2639 uint16_t sum = 0x1234;
2640 uint16_t recv_sum = (cc->peer_node_id[6] << 8) | cc->peer_node_id[7];
2641 int32_t i;
2642
2643 for(i = 0; i < 6; i++)
2644 {
2645 sum += cc->peer_node_id[i];
2646 }
2647
2648 // Create special data to detect oscam-cccam
2649 cc->is_oscam_cccam = sum == recv_sum;
2650 }
2651 }
2652
2653 #ifdef MODULE_CCCSHARE
2654 static void cc_s_idle(struct s_client *cl)
2655 {
2656 cs_log_dbg(D_TRACE, "ccc idle %s", username(cl));
2657 if(cfg.cc_keep_connected)
2658 {
2659 cc_cmd_send(cl, NULL, 0, MSG_KEEPALIVE);
2660 cl->last = time(NULL);
2661 }
2662 else
2663 {
2664 cs_log_dbg(D_CLIENT, "%s keepalive after maxidle is reached", getprefix());
2665 cs_disconnect_client(cl);
2666 }
2667 }
2668 #endif
2669
2670 int32_t cc_parse_msg(struct s_client *cl, uint8_t *buf, int32_t l)
2671 {
2672 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
2673 int32_t ret = buf[1];
2674 struct cc_data *cc = cl->cc;
2675 char tmp_dbg[33];
2676
2677 if(!cc || cl->kill)
2678 {
2679 return -1;
2680 }
2681
2682 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s parse_msg=%d", getprefix(), buf[1]);
2683
2684 uint8_t *data = buf + 4;
2685
2686 if(l < 4)
2687 {
2688 return -1;
2689 }
2690
2691 memcpy(&cc->receive_buffer, data, l - 4);
2692 cc->last_msg = buf[1];
2693
2694 switch(buf[1])
2695 {
2696 case MSG_CLI_DATA:
2697 {
2698 cs_log_dbg(D_CLIENT, "cccam: client data ack");
2699 break;
2700 }
2701
2702 case MSG_SRV_DATA:
2703 {
2704 l -= 4;
2705 cs_log_dbg(D_READER, "%s MSG_SRV_DATA (payload=%d, hex=%02X)", getprefix(), l, l);
2706 data = cc->receive_buffer;
2707
2708 if(l == 0x48) // 72 bytes: normal server data
2709 {
2710 cs_writelock(__func__, &cc->cards_busy);
2711 cc_free_cardlist(cc->cards, 0);
2712 free_extended_ecm_idx(cc);
2713 cc->last_emm_card = NULL;
2714 cc->num_hop1 = 0;
2715 cc->num_hop2 = 0;
2716 cc->num_hopx = 0;
2717 cc->num_reshare0 = 0;
2718 cc->num_reshare1 = 0;
2719 cc->num_reshare2 = 0;
2720 cc->num_resharex = 0;
2721 cs_writeunlock(__func__, &cc->cards_busy);
2722
2723 memcpy(cc->peer_node_id, data, 8);
2724 memcpy(cc->peer_version, data + 8, 8);
2725
2726 memcpy(cc->cmd0b_aeskey, cc->peer_node_id, 8);
2727 memcpy(cc->cmd0b_aeskey + 8, cc->peer_version, 8);
2728
2729 cs_strncpy(cc->remote_version, (char *)data + 8, sizeof(cc->remote_version));
2730 cs_strncpy(cc->remote_build, (char *)data + 40, sizeof(cc->remote_build));
2731 cc->remote_build_nr = atoi(cc->remote_build);
2732
2733 // multics server response
2734 if(data[33] == 'M' && data[34] == 'C' && data[35] == 'S')
2735 {
2736 cc->multics_mode = 2; // multics server finaly confirmed.
2737 cc->multics_version[0] = data[37];
2738 cc->multics_version[1] = data[38];
2739 cs_log_dbg(D_READER, "multics detected: %s!", getprefix());
2740 }
2741
2742 cs_log_dbg(D_READER, "%s remote server %s running v%s (%s)", getprefix(), cs_hexdump(0,
2743 cc->peer_node_id, 8, tmp_dbg, sizeof(tmp_dbg)), cc->remote_version, cc->remote_build);
2744
2745 chk_peer_node_for_oscam(cc);
2746 // Trick: when discovered partner is an Oscam Client, then we send him our version string:
2747 if(cc->is_oscam_cccam)
2748 {
2749 uint8_t token[256];
2750 snprintf((char *)token, sizeof(token), "PARTNER: OSCam v%s, build r%s (%s) [EXT,SID,SLP]",
2751 CS_VERSION, CS_SVN_VERSION, CS_TARGET);
2752
2753 cc_cmd_send(cl, token, strlen((char *)token) + 1, MSG_CW_NOK1);
2754 }
2755
2756 cc->cmd05_mode = MODE_PLAIN;
2757 //
2758 // Keyoffset is payload-size:
2759 //
2760 }
2761 else if(l >= 0x00 && l <= 0x0F)
2762 {
2763 cc->cmd05_offset = l;
2764 //
2765 // 16..43 bytes: RC4 encryption
2766 //
2767 }
2768 else if((l >= 0x10 && l <= 0x1f) || (l >= 0x24 && l <= 0x2b))
2769 {
2770 cc_init_crypt(&cc->cmd05_cryptkey, data, l);
2771 cc->cmd05_mode = MODE_RC4_CRYPT;
2772 //
2773 // 32 bytes: set AES128 key for CMD_05, Key=16 bytes offset keyoffset
2774 //
2775 }
2776 else if(l == 0x20)
2777 {
2778 memcpy(cc->cmd05_aeskey, data + cc->cmd05_offset, 16);
2779 cc->cmd05_mode = MODE_AES;
2780 //
2781 // 33 bytes: xor-algo mit payload-bytes, offset keyoffset
2782 //
2783 }
2784 else if(l == 0x21)
2785 {
2786 cc_init_crypt(&cc->cmd05_cryptkey, data + cc->cmd05_offset, l);
2787 cc->cmd05_mode = MODE_CC_CRYPT;
2788 //
2789 // 34 bytes: cmd_05 plain back
2790 //
2791 }
2792 else if(l == 0x22)
2793 {
2794 cc->cmd05_mode = MODE_PLAIN;
2795 //
2796 // 35 bytes: Unknown!! 2 256 byte keys exchange
2797 //
2798 }
2799 else if(l == 0x23)
2800 {
2801 cc->cmd05_mode = MODE_UNKNOWN;
2802 cc_cycle_connection(cl);
2803 //
2804 // 44 bytes: set aes128 key, Key=16 bytes [Offset=len(password)]
2805 //
2806 }
2807 else if(l == 0x2c)
2808 {
2809 memcpy(cc->cmd05_aeskey, data + strlen(rdr->r_pwd), 16);
2810 cc->cmd05_mode = MODE_AES;
2811 //
2812 // 45 bytes: set aes128 key, Key=16 bytes [Offset=len(username)]
2813 //
2814 }
2815 else if(l == 0x2d)
2816 {
2817 memcpy(cc->cmd05_aeskey, data + strlen(rdr->r_usr), 16);
2818 cc->cmd05_mode = MODE_AES;
2819 //
2820 //Unknown!!
2821 //
2822 }
2823 else
2824 {
2825 cs_log_dbg(D_READER, "%s received improper MSG_SRV_DATA! No change to current mode, mode=%d",
2826 getprefix(), cc->cmd05_mode);
2827 break;
2828 }
2829
2830 cs_log_dbg(D_READER, "%s MSG_SRV_DATA MODE=%s, len=%d", getprefix(), cmd05_mode_name[cc->cmd05_mode], l);
2831 break;
2832 }
2833
2834 case MSG_NEW_CARD_SIDINFO:
2835 case MSG_NEW_CARD:
2836 {
2837 if(l < 16)
2838 {
2839 break;
2840 }
2841
2842 uint16_t caid = b2i(2, buf + 12);
2843
2844 // filter caid == 0 and maxhop
2845 if(!caid || buf[14] >= rdr->cc_maxhops + 1)
2846 {
2847 break;
2848 }
2849
2850 // filter mindown
2851 if(buf[15] < rdr->cc_mindown)
2852 {
2853 break;
2854 }
2855
2856 // caid check
2857 if(!chk_ctab(caid, &rdr->ctab))
2858 {
2859 break;
2860 }
2861
2862 rdr->tcp_connected = 2; // we have card
2863 rdr->card_status = CARD_INSERTED;
2864
2865 cs_writelock(__func__, &cc->cards_busy);
2866 struct cc_card *card = read_card(data, l - 4, buf[1] == MSG_NEW_CARD_SIDINFO);
2867
2868 if(!card)
2869 {
2870 cs_writeunlock(__func__, &cc->cards_busy);
2871 break;
2872 }
2873
2874 card->origin_reader = rdr;
2875 card->origin_id = card->id;
2876 card->grp = rdr->grp;
2877 card->rdr_reshare = rdr->cc_reshare > -1 ? rdr->cc_reshare : cfg.cc_reshare;
2878
2879 // Check if this card is from us
2880 LL_ITER it = ll_iter_create(card->remote_nodes);
2881 uint8_t *node_id;
2882
2883 while((node_id = ll_iter_next(&it)))
2884 {
2885 if(memcmp(node_id, cc_node_id, sizeof(cc_node_id)) == 0) // this card is from us!
2886 {
2887 cs_log_dbg(D_READER, "filtered card because of recursive nodeid: id=%08X, caid=%04X", card->id, card->caid);
2888 cc_free_card(card);
2889 card = NULL;
2890 break;
2891 }
2892 }
2893
2894 #ifdef MODULE_CCCSHARE
2895 // Check Ident filter
2896 if(card)
2897 {
2898 if(!chk_ident(&rdr->ftab, card))
2899 {
2900 cc_free_card(card);
2901 card = NULL;
2902 }
2903 }
2904 #endif
2905 if(card)
2906 {
2907 // Check if we already have this card
2908 it = ll_iter_create(cc->cards);
2909 struct cc_card *old_card;
2910
2911 while((old_card = ll_iter_next(&it)))
2912 {
2913 // We already have this card, delete it
2914 if(old_card->id == card->id || same_card(old_card, card))
2915 {
2916 cc_free_card(card);
2917 card = old_card;
2918 break;
2919 }
2920 }
2921
2922 if(!old_card)
2923 {
2924 card->card_type = CT_REMOTECARD;
2925 ll_append(cc->cards, card);
2926 set_au_data(cl, rdr, card, NULL);
2927 cc->card_added_count++;
2928 card->hop++;
2929
2930 if(card->hop == 1)
2931 {
2932 cc->num_hop1++;
2933 }
2934 else if(card->hop == 2)
2935 {
2936 cc->num_hop2++;
2937 }
2938 else
2939 {
2940 cc->num_hopx++;
2941 }
2942
2943 if(card->reshare == 0)
2944 {
2945 cc->num_reshare0++;
2946 }
2947 else if(card->reshare == 1)
2948 {
2949 cc->num_reshare1++;
2950 }
2951 else if(card->reshare == 2)
2952 {
2953 cc->num_reshare2++;
2954 }
2955 else
2956 {
2957 cc->num_resharex++;
2958 }
2959
2960 cs_log_dbg(D_TRACE, "%s card added: id %8X remoteid %8X caid %4X hop %d reshare %d originid %8X cardtype %d",
2961 getprefix(), card->id, card->remote_id, card->caid, card->hop, card->reshare, card->origin_id, card->card_type);
2962 }
2963 }
2964
2965 cs_writeunlock(__func__, &cc->cards_busy);
2966
2967 #ifdef MODULE_CCCSHARE
2968 cccam_refresh_share();
2969 #endif
2970 break;
2971 }
2972
2973 case MSG_CARD_REMOVED:
2974 {
2975 if(l < 8)
2976 {
2977 break;
2978 }
2979
2980 cs_writelock(__func__, &cc->cards_busy);
2981 cc_card_removed(cl, b2i(4, buf + 4));
2982 cs_writeunlock(__func__, &cc->cards_busy);
2983 break;
2984 }
2985
2986 case MSG_SLEEPSEND:
2987 {
2988 // Server sends SLEEPSEND
2989 if(l < 5)
2990 {
2991 break;
2992 }
2993
2994 if(!cfg.c35_suppresscmd08)
2995 {
2996 if(buf[4] == 0xFF)
2997 {
2998 cl->stopped = 2; // server says sleep
2999 //rdr->card_status = NO_CARD;
3000 }
3001 else
3002 {
3003 if(config_enabled(WITH_LB) && !cfg.lb_mode)
3004 {
3005 cl->stopped = 1; // server says invalid
3006 rdr->card_status = CARD_FAILURE;
3007 }
3008 }
3009 }
3010 } /* fallthrough */ // NO BREAK!! NOK Handling needed!
3011
3012 case MSG_CW_NOK1:
3013 case MSG_CW_NOK2:
3014 {
3015 if(l < 2)
3016 {
3017 break;
3018 }
3019
3020 if(l > 5)
3021 {
3022 // Received NOK with payload
3023 char *msg = (char *) buf + 4;
3024
3025 // Check for PARTNER connection
3026 if((l >= (4 + 8)) && strncmp(msg, "PARTNER:", 8) == 0)
3027 {
3028 // When Data starts with "PARTNER:" we have an Oscam-cccam-compatible client/server!
3029
3030 cs_strncpy(cc->remote_oscam, msg + 9, sizeof(cc->remote_oscam));
3031 int32_t has_param = check_extended_mode(cl, msg);
3032
3033 if(!cc->is_oscam_cccam)
3034 {
3035 cc->is_oscam_cccam = 1;
3036
3037 // send params back. At the moment there is only "EXT"
3038 char param[20];
3039 if(!has_param)
3040 {
3041 param[0] = 0;
3042 }
3043 else
3044 {
3045 cs_strncpy(param, " [", sizeof(param));
3046
3047 if(cc->extended_mode)
3048 {
3049 addParam(param, "EXT");
3050 }
3051
3052 if(cc->cccam220)
3053 {
3054 addParam(param, "SID");
3055 }
3056
3057 if(cc->sleepsend)
3058 {
3059 addParam(param, "SLP");
3060 }
3061
3062 strcat(param, "]");
3063 }
3064
3065 uint8_t token[256];
3066 snprintf((char *)token, sizeof(token), "PARTNER: OSCam v%s, build r%s (%s)%s",
3067 CS_VERSION, CS_SVN_VERSION, CS_TARGET, param);
3068
3069 cc_cmd_send(cl, token, strlen((char *)token) + 1, MSG_CW_NOK1);
3070 }
3071 }
3072 else
3073 {
3074 size_t msg_size = l - 4;
3075 char last_char = msg[msg_size - 1];
3076
3077 if(last_char == 0) // verify if the payload is a null terminated string
3078 {
3079 if(cs_realloc(&cc->nok_message, msg_size))
3080 {
3081 memcpy(cc->nok_message, msg, msg_size);
3082 }
3083 }
3084 else
3085 {
3086 NULLFREE(cc->nok_message);
3087 }
3088 }
3089
3090 return ret;
3091 }
3092
3093 if(cl->typ == 'c')
3094 {
3095 return ret;
3096 }
3097
3098 // for reader only
3099
3100 cc->recv_ecmtask = -1;
3101
3102 if(cc->just_logged_in) // reader restart needed
3103 {
3104 return -1;
3105 }
3106
3107 cs_readlock(__func__, &cc->cards_busy);
3108
3109 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx(cl, cc->extended_mode ? cc->g_flag : 1, 1);
3110 if(!eei)
3111 {
3112 cs_log_dbg(D_READER, "%s received extended ecm NOK id %d but not found!", getprefix(), cc->g_flag);
3113 }
3114 else
3115 {
3116 uint16_t ecm_idx = eei->ecm_idx;
3117 cc->recv_ecmtask = ecm_idx;
3118 struct cc_card *card = eei->card;
3119 //uint32_t cccam_id = eei->cccam_id;
3120 struct cc_srvid srvid = eei->srvid;
3121 int8_t retry = 1;
3122 struct timeb tpe;
3123 cs_ftime(&tpe);
3124 int64_t cwlastresptime = comp_timeb(&tpe, &eei->tps);
3125
3126 add_garbage(eei);
3127
3128 if(card)
3129 {
3130 if(buf[1] == MSG_CW_NOK1) // MSG_CW_NOK1: share no more available
3131 {
3132 cs_log_dbg(D_TRACE, "NOK1: share temporarily not available %d %04X ecm %d %d!",
3133 card->id, card->caid, eei->send_idx, eei->ecm_idx);
3134
3135 int j;
3136 for(j = 0; j < cfg.max_pending; j++)
3137 {
3138 if(cl->ecmtask[j].idx == ecm_idx && cl->ecmtask[j].rc == E_ALREADY_SENT)
3139 {
3140 ECM_REQUEST *er = &cl->ecmtask[j];
3141 cl->pending--;
3142
3143 write_ecm_answer(rdr, er, E_NOTFOUND, 0, NULL, NULL, 0, NULL);
3144 break;
3145 }
3146 }
3147 }
3148 else if(cc->cmd05NOK) // else MSG_CW_NOK2: can't decode
3149 {
3150 move_card_to_end(cl, card);
3151 if(cwlastresptime < 5000)
3152 {
3153 add_sid_block(card, &srvid, true);
3154 }
3155 else
3156 {
3157 if(card->rating <= MIN_RATING)
3158 {
3159 add_sid_block(card, &srvid, true);
3160 }
3161 else
3162 {
3163 card->rating--;
3164 }
3165 }
3166 }
3167 else if(cacheex_get_rdr_mode(rdr) != 1)
3168 {
3169 if(!is_good_sid(card, &srvid))
3170 {
3171 move_card_to_end(cl, card);
3172 if(cwlastresptime < 5000)
3173 {
3174 add_sid_block(card, &srvid, true);
3175 }
3176 else
3177 {
3178 if(card->rating <= MIN_RATING)
3179 {
3180 add_sid_block(card, &srvid, true);
3181 }
3182 else
3183 {
3184 card->rating--;
3185 }
3186 }
3187 }
3188 else
3189 {
3190 move_card_to_end(cl, card);
3191 add_sid_block(card, &srvid, true);
3192 }
3193
3194 if(card->rating < MIN_RATING)
3195 {
3196 card->rating = MIN_RATING;
3197 }
3198
3199 if(cfg.cc_forward_origin_card && card->origin_reader == rdr)
3200 {
3201 // this card is from us but it can't decode this ecm
3202 // also origin card is only set on cccam clients
3203 // so wie send back the nok to the client
3204 cs_log_dbg(D_TRACE, "%s forward card: %s", getprefix(), (buf[1] == MSG_CW_NOK1) ? "NOK1" : "NOK2");
3205 retry = 0;
3206 }
3207 }
3208 }
3209 else
3210 {
3211 cs_log_dbg(D_READER, "%s NOK: NO CARD!", getprefix());
3212 // try next card...
3213 }
3214
3215 // A "NOK" in extended mode means, NOTHING found,
3216 // regardless of the requested card. So do not retry
3217 if(cc->extended_mode)
3218 {
3219 cl->pending--;
3220 retry = 0;
3221 }
3222
3223 if(retry)
3224 {
3225 cc_reset_pending(cl, ecm_idx);
3226 }
3227 else
3228 {
3229 int32_t i = 0;
3230 for(i = 0; i < cfg.max_pending; i++)
3231 {
3232 if(cl->ecmtask[i].idx == ecm_idx && cl->ecmtask[i].rc == E_ALREADY_SENT)
3233 {
3234 cs_log_dbg(D_TRACE, "%s ext NOK %s", getprefix(), (buf[1] == MSG_CW_NOK1) ? "NOK1" : "NOK2");
3235 ECM_REQUEST *er = &cl->ecmtask[i];
3236 cl->pending--;
3237
3238 write_ecm_answer(rdr, er, E_NOTFOUND, 0, NULL, NULL, 0, NULL);
3239 break;
3240 }
3241 }
3242 }
3243 }
3244 cc->cmd05NOK = 0;
3245 cs_readunlock(__func__, &cc->cards_busy);
3246
3247 if(!cc->extended_mode)
3248 {
3249 cc->ecm_busy = 0;
3250 }
3251
3252 cc_send_ecm(cl, NULL);
3253 break;
3254 }
3255
3256 case MSG_CACHE_PUSH:
3257 {
3258 if((l - 4) >= 18)
3259 {
3260 cc_cacheex_push_in(cl, data);
3261 }
3262 break;
3263 }
3264
3265 case MSG_CACHE_FILTER:
3266 {
3267 if((l - 4) >= 482)
3268 {
3269 cc_cacheex_filter_in(cl, data);
3270 }
3271 break;
3272 }
3273
3274 case MSG_CW_ECM:
3275 {
3276 cc->just_logged_in = 0;
3277 if(cl->typ == 'c') // SERVER:
3278 {
3279 #define CCMSG_HEADER_LEN 17
3280 ECM_REQUEST *er;
3281 struct cc_card *server_card;
3282
3283 if(l < CCMSG_HEADER_LEN)
3284 {
3285 break;
3286 }
3287
3288 if(!cs_malloc(&server_card, sizeof(struct cc_card)))
3289 {
3290 break;
3291 }
3292
3293 server_card->id = buf[10] << 24 | buf[11] << 16 | buf[12] << 8 | buf[13];
3294 server_card->caid = b2i(2, data);
3295
3296 if((er = get_ecmtask()) && l > CCMSG_HEADER_LEN && MAX_ECM_SIZE > l - CCMSG_HEADER_LEN)
3297 {
3298 er->caid = b2i(2, buf + 4);
3299 er->prid = b2i(4, buf + 6);
3300 er->srvid = b2i(2, buf + 14);
3301 er->ecmlen = l - CCMSG_HEADER_LEN;
3302 memcpy(er->ecm, buf + CCMSG_HEADER_LEN, er->ecmlen);
3303 cc->server_ecm_pending++;
3304 er->idx = ++cc->server_ecm_idx;
3305
3306 #ifdef MODULE_CCCSHARE
3307 if(cfg.cc_forward_origin_card) // search my shares for this card:
3308 {
3309 cs_log_dbg(D_TRACE, "%s forward card: %04X:%04x search share %d", getprefix(),
3310 er->caid, er->srvid, server_card->id);
3311
3312 LLIST **sharelist = get_and_lock_sharelist();
3313 LL_ITER itr = ll_iter_create(get_cardlist(er->caid, sharelist));
3314 struct cc_card *card;
3315 struct cc_card *rcard = NULL;
3316
3317 while((card = ll_iter_next(&itr)))
3318 {
3319 if(card->id == server_card->id) // found it
3320 {
3321 break;
3322 }
3323 }
3324
3325 cs_log_dbg(D_TRACE, "%s forward card: share %d found: %d", getprefix(), server_card->id, card ? 1 : 0);
3326
3327 struct s_reader *ordr = NULL;
3328
3329 if(card && card->origin_reader) // found own card, now search reader card
3330 {
3331 // Search reader in list, because it is maybe offline?
3332 for(ordr = first_active_reader; ordr; ordr = ordr->next)
3333 {
3334 if(ordr == card->origin_reader)
3335 {
3336 break;
3337 }
3338 }
3339
3340 if(!ordr)
3341 {
3342 cs_log_dbg(D_TRACE, "%s origin reader not found!", getprefix());
3343 }
3344 else
3345 {
3346 cs_log_dbg(D_TRACE, "%s forward card: share %d origin reader %s origin id %d",
3347 getprefix(), card->id, ordr->label, card->origin_id);
3348
3349 struct s_client *cl2 = ordr->client;
3350 if(card->origin_id && cl2 && cl2->cc) // only if we have a origin from a cccam reader
3351 {
3352 struct cc_data *rcc = cl2->cc;
3353
3354 if(rcc)
3355 {
3356 itr = ll_iter_create(rcc->cards);
3357 while((rcard = ll_iter_next(&itr)))
3358 {
3359 if(rcard->id == card->origin_id) // found it!
3360 {
3361 break;
3362 }
3363 }
3364 }
3365 }
3366 else
3367 {
3368 rcard = card;
3369 }
3370 }
3371 er->origin_reader = ordr;
3372 }
3373
3374 er->origin_card = rcard;
3375 if(!rcard || !ordr)
3376 {
3377 cs_log_dbg(D_TRACE, "%s forward card: share %d not found!", getprefix(), server_card->id);
3378 er->rc = E_NOTFOUND;
3379 er->rcEx = E2_CCCAM_NOK1; // share not found!
3380 }
3381 else
3382 {
3383 cs_log_dbg(D_TRACE, "%s forward card: share %d forwarded to %s origin as id %d",
3384 getprefix(), card->id, ordr->label, rcard->id);
3385 }
3386 unlock_sharelist();
3387 }
3388 #endif
3389 cs_log_dbg(D_CLIENT, "%s ECM request from client: caid %04x srvid %04x(%d) prid %06x",
3390 getprefix(), er->caid, er->srvid, er->ecmlen, er->prid);
3391
3392 struct cc_srvid srvid;
3393 srvid.sid = er->srvid;
3394 srvid.chid = er->chid;
3395 srvid.ecmlen = er->ecmlen;
3396 add_extended_ecm_idx(cl, cc->extended_mode ? cc->g_flag : 1, er->idx, server_card, srvid, 1);
3397
3398 get_cw(cl, er);
3399
3400 }
3401 else
3402 {
3403 cs_log_dbg(D_CLIENT, "%s NO ECMTASK!!!! l=%d", getprefix(), l);
3404 NULLFREE(server_card);
3405 }
3406
3407 }
3408 else // READER
3409 {
3410 if(l < 20)
3411 {
3412 break;
3413 }
3414
3415 cs_readlock(__func__, &cc->cards_busy);
3416 cc->recv_ecmtask = -1;
3417
3418 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx(cl, cc->extended_mode ? cc->g_flag : 1, 1);
3419 if(!eei)
3420 {
3421 cs_log_dbg(D_READER, "%s received extended ecm id %d but not found!", getprefix(), cc->g_flag);
3422
3423 if(!cc->extended_mode)
3424 {
3425 cc_cli_close(cl, 0);
3426 }
3427 }
3428 else
3429 {
3430 uint16_t ecm_idx = eei->ecm_idx;
3431 cc->recv_ecmtask = ecm_idx;
3432 struct cc_card *card = eei->card;
3433 uint32_t cccam_id = eei->cccam_id;
3434 struct cc_srvid srvid = eei->srvid;
3435 NULLFREE(eei);
3436
3437 if(card)
3438 {
3439 if(!cc->extended_mode)
3440 {
3441 cc_cw_crypt(cl, buf + 4, card->id);
3442 cc_crypt_cmd0c(cl, buf + 4, 16);
3443 }
3444
3445 memcpy(cc->dcw, buf + 4, 16);
3446 //fix_dcw(cc->dcw);
3447
3448 if(!cc->extended_mode) // additional crypto step
3449 {
3450 cc_crypt(&cc->block[DECRYPT], buf + 4, l - 4, ENCRYPT);
3451 }
3452
3453 if(is_null_dcw(cc->dcw))
3454 {
3455 cs_log_dbg(D_READER, "%s null dcw received! sid=%04X(%d)", getprefix(), srvid.sid, srvid.ecmlen);
3456 move_card_to_end(cl, card);
3457 add_sid_block(card, &srvid, true);
3458 // ecm retry
3459 cc_reset_pending(cl, ecm_idx);
3460 buf[1] = MSG_CW_NOK2; // So it's really handled like a nok!
3461 }
3462 else
3463 {
3464 cs_log_dbg(D_READER, "%s cws: %d %s", getprefix(), ecm_idx,
3465 cs_hexdump(0, cc->dcw, 16, tmp_dbg, sizeof(tmp_dbg)));
3466
3467 // check response time, if > fallbacktime, switch cards!
3468 struct timeb tpe;
3469 cs_ftime(&tpe);
3470 int64_t cwlastresptime = comp_timeb(&tpe, &cc->ecm_time);
3471
3472 if(cwlastresptime > get_fallbacktimeout(card->caid) && !cc->extended_mode)
3473 {
3474 cs_log_dbg(D_READER, "%s card %04X is too slow, moving to the end...", getprefix(), card->id);
3475 move_card_to_end(cl, card);
3476
3477 card->rating--;
3478 if(card->rating < MIN_RATING)
3479 {
3480 card->rating = MIN_RATING;
3481 }
3482 }
3483 else
3484 {
3485 card->rating++;
3486 if(card->rating > MAX_RATING)
3487 {
3488 card->rating = MAX_RATING;
3489 }
3490 }
3491 }
3492 }
3493 else
3494 {
3495 // Card removed...
3496 cs_log_dbg(D_READER, "%s warning: ECM-CWS respond by CCCam server without current card!", getprefix());
3497
3498 if(!cc->extended_mode)
3499 {
3500 cc_cw_crypt(cl, buf + 4, cccam_id);
3501 cc_crypt_cmd0c(cl, buf + 4, 16);
3502 }
3503 memcpy(cc->dcw, buf + 4, 16);
3504 //fix_dcw(cc->dcw);
3505
3506 if(!cc->extended_mode) // additional crypto step
3507 {
3508 cc_crypt(&cc->block[DECRYPT], buf + 4, l - 4, ENCRYPT);
3509 }
3510
3511 cs_log_dbg(D_READER, "%s cws: %d %s", getprefix(), ecm_idx,
3512 cs_hexdump(0, cc->dcw, 16, tmp_dbg, sizeof(tmp_dbg)));
3513 }
3514 }
3515 cs_readunlock(__func__, &cc->cards_busy);
3516
3517 if(!cc->extended_mode)
3518 {
3519 cc->ecm_busy = 0;
3520 }
3521
3522 //cc_abort_user_ecms();
3523
3524 cc_send_ecm(cl, NULL);
3525
3526 if(cc->max_ecms)
3527 {
3528 cc->ecm_counter++;
3529 }
3530 }
3531 break;
3532 }
3533
3534 case MSG_KEEPALIVE:
3535 {
3536 if(cl)
3537 {
3538 cl->last = time(NULL);
3539 }
3540
3541 if(rdr && rdr->cc_keepalive)
3542 {
3543 rdr->last_g = time(NULL);
3544 rdr->last_s = time(NULL);
3545 rdr_log_dbg(rdr, D_READER, "%s: receive keepalive", __func__);
3546 }
3547
3548 cc->just_logged_in = 0;
3549 break;
3550 }
3551
3552 case MSG_CMD_05:
3553 {
3554 if(cl->typ != 'c')
3555 {
3556 cc->just_logged_in = 0;
3557 l = l - 4; // Header Length = 4 bytes
3558 if(l < 0)
3559 {
3560 break;
3561 }
3562
3563 cs_log_dbg(D_READER, "%s MSG_CMD_05 recvd, payload length=%d mode=%d",
3564 getprefix(), l, cc->cmd05_mode);
3565
3566 cc->cmd05_active = 1;
3567 cc->cmd05_data_len = l;
3568 memcpy(&cc->cmd05_data, buf + 4, l);
3569
3570 if(!cc->ecm_busy && ll_has_elements(cc->cards))
3571 {
3572 send_cmd05_answer(cl);
3573 }
3574 }
3575 break;
3576 }
3577
3578 case MSG_CMD_0B:
3579 {
3580 if(l < 20)
3581 {
3582 break;
3583 }
3584
3585 // by Project: Keynation
3586 cs_log_dbg(D_READER, "%s MSG_CMD_0B received (payload=%d)!", getprefix(), l - 4);
3587
3588 AES_KEY key;
3589 uint8_t aeskey[16];
3590 uint8_t out[16];
3591
3592 memcpy(aeskey, cc->cmd0b_aeskey, 16);
3593 memset(&key, 0, sizeof(key));
3594
3595 //cs_log_dump_dbg(D_READER, aeskey, 16, "%s CMD_0B AES key:", getprefix());
3596 //cs_log_dump_dbg(D_READER, data, 16, "%s CMD_0B received data:", getprefix());
3597
3598 AES_set_encrypt_key((uint8_t *)&aeskey, 128, &key);
3599 AES_encrypt((uint8_t *)data, (uint8_t *)&out, &key);
3600
3601 cs_log_dbg(D_TRACE, "%s sending CMD_0B! ", getprefix());
3602 //cs_log_dump_dbg(D_READER, out, 16, "%s CMD_0B out:", getprefix());
3603 cc_cmd_send(cl, out, 16, MSG_CMD_0B);
3604 break;
3605 }
3606
3607 case MSG_CMD_0C: // New CCCAM 2.2.0 Server/Client fake check!
3608 {
3609 int32_t len = l - 4;
3610 if(len < 0)
3611 {
3612 break;
3613 }
3614
3615 if(cl->typ == 'c') // Only im comming from "client"
3616 {
3617 cs_log_dbg(D_CLIENT, "%s MSG_CMD_0C received (payload=%d)!", getprefix(), len);
3618
3619 uint8_t bytes[0x20];
3620 if(len < 0x20) // if less then 0x20 bytes, clear others
3621 {
3622 memset(data + len, 0, 0x20 - len);
3623 }
3624
3625 // change first 0x10 bytes to the second
3626 memcpy(bytes, data + 0x10, 0x10);
3627 memcpy(bytes + 0x10, data, 0x10);
3628
3629 // xor data:
3630 int32_t i;
3631 for(i = 0; i < 0x20; i++)
3632 {
3633 bytes[i] ^= (data[i] & 0x7F);
3634 }
3635
3636 // key is now the 16bit hash of md5
3637 uint8_t md5hash[0x10];
3638 MD5(data, 0x20, md5hash);
3639 memcpy(bytes, md5hash, 0x10);
3640
3641 cs_log_dbg(D_CLIENT, "%s sending CMD_0C! ", getprefix());
3642 //cs_log_dump_dbg(D_CLIENT, bytes, 0x20, "%s CMD_0C out:", getprefix());
3643 cc_cmd_send(cl, bytes, 0x20, MSG_CMD_0C);
3644 }
3645 else // reader
3646 {
3647 // by Project: Keynation + Oscam team
3648 cc_crypt_cmd0c(cl, data, len);
3649
3650 uint8_t CMD_0x0C_Command = data[0];
3651
3652 switch(CMD_0x0C_Command)
3653 {
3654 case 0: // RC6
3655 {
3656 cc->cmd0c_mode = MODE_CMD_0x0C_RC6;
3657 break;
3658 }
3659
3660 case 1: // RC4
3661 {
3662 cc->cmd0c_mode = MODE_CMD_0x0C_RC4;
3663 break;
3664 }
3665
3666 case 2: // CC_CRYPT
3667 {
3668 cc->cmd0c_mode = MODE_CMD_0x0C_CC_CRYPT;
3669 break;
3670 }
3671
3672 case 3: // AES
3673 {
3674 cc->cmd0c_mode = MODE_CMD_0x0C_AES;
3675 break;
3676 }
3677
3678 case 4: // IDEA
3679 {
3680 cc->cmd0c_mode = MODE_CMD_0x0C_IDEA;
3681 break;
3682 }
3683
3684 default:
3685 {
3686 cc->cmd0c_mode = MODE_CMD_0x0C_NONE;
3687 }
3688 }
3689
3690 set_cmd0c_cryptkey(cl, data, len);
3691
3692 cs_log_dbg(D_READER, "%s received MSG_CMD_0C from server! CMD_0x0C_CMD=%d, MODE=%s",
3693 getprefix(), CMD_0x0C_Command, cmd0c_mode_name[cc->cmd0c_mode]);
3694 }
3695 break;
3696 }
3697
3698 case MSG_CMD_0D: // key update for the active cmd0x0c algo
3699 {
3700 int32_t len = l - 4;
3701 if(len < 0)
3702 {
3703 break;
3704 }
3705
3706 if(cc->cmd0c_mode == MODE_CMD_0x0C_NONE)
3707 {
3708 break;
3709 }
3710
3711 cc_crypt_cmd0c(cl, data, len);
3712 set_cmd0c_cryptkey(cl, data, len);
3713
3714 cs_log_dbg(D_READER, "%s received MSG_CMD_0D from server! MODE=%s",
3715 getprefix(), cmd0c_mode_name[cc->cmd0c_mode]);
3716 break;
3717 }
3718
3719 case MSG_CMD_0E:
3720 {
3721 if(l < 2)
3722 {
3723 break;
3724 }
3725
3726 cs_log_dbg(D_READER, "cccam 2.2.x commands not implemented: 0x%02X", buf[1]);
3727
3728 // Unkwon commands... need workout algo
3729 if(cl->typ == 'c') // client connection
3730 {
3731 //switching to an oder version and then disconnect...
3732 cs_strncpy(cfg.cc_version, version[0], sizeof(cfg.cc_version));
3733 ret = -1;
3734 }
3735 else // reader connection
3736 {
3737 cs_strncpy(cl->reader->cc_version, version[0], sizeof(cl->reader->cc_version));
3738 cs_strncpy(cl->reader->cc_build, build[0], sizeof(cl->reader->cc_build));
3739 cc_cycle_connection(cl);
3740 }
3741 break;
3742 }
3743
3744 case MSG_EMM_ACK:
3745 {
3746 cc->just_logged_in = 0;
3747 if(cl->typ == 'c') // EMM Request received
3748 {
3749 cc_cmd_send(cl, NULL, 0, MSG_EMM_ACK); // Send back ACK
3750
3751 if(l < 16)
3752 {
3753 break;
3754 }
3755
3756 cs_log_dbg(D_EMM, "%s EMM Request received!", getprefix());
3757
3758 if(!ll_count(cl->aureader_list))
3759 {
3760 cs_log_dbg( D_EMM, "%s EMM Request discarded because au is not assigned to an reader!", getprefix());
3761 return MSG_EMM_ACK;
3762 }
3763
3764 EMM_PACKET *emm;
3765 if(!cs_malloc(&emm, sizeof(EMM_PACKET)))
3766 {
3767 break;
3768 }
3769
3770 emm->caid[0] = buf[4];
3771 emm->caid[1] = buf[5];
3772 emm->provid[0] = buf[7];
3773 emm->provid[1] = buf[8];
3774 emm->provid[2] = buf[9];
3775 emm->provid[3] = buf[10];
3776 //emm->hexserial[0] = buf[11];
3777 //emm->hexserial[1] = buf[12];
3778 //emm->hexserial[2] = buf[13];
3779 //emm->hexserial[3] = buf[14];
3780
3781 if(l <= 0xFF)
3782 {
3783 emm->emmlen = buf[15];
3784 }
3785 else
3786 {
3787 emm->emmlen = MIN(l - 16, (int32_t)sizeof(emm->emm));
3788 }
3789
3790 if(emm->emmlen < 0 || emm->emmlen > MAX_EMM_SIZE || emm->emmlen + 16 > l)
3791 {
3792 NULLFREE(emm);
3793 break;
3794 }
3795
3796 memcpy(emm->emm, buf + 16, emm->emmlen);
3797 //emm->type = UNKNOWN;
3798 //emm->cidx = cs_idx;
3799 do_emm(cl, emm);
3800 NULLFREE(emm);
3801 }
3802 else // Our EMM Request Ack!
3803 {
3804 cs_log_dbg(D_EMM, "%s EMM ACK!", getprefix());
3805 if(!cc->extended_mode)
3806 {
3807 cc->ecm_busy = 0;
3808 }
3809 cc_send_ecm(cl, NULL);
3810 }
3811 break;
3812 }
3813
3814 default:
3815 {
3816 //cs_log_dump_dbg(D_CLIENT, buf, l, "%s unhandled msg: %d len=%d", getprefix(), buf[1], l);
3817 break;
3818 }
3819 }
3820
3821 if(cc->max_ecms && (cc->ecm_counter > cc->max_ecms))
3822 {
3823 cs_log_dbg(D_READER, "%s max ecms (%d) reached, cycle connection!", getprefix(), cc->max_ecms);
3824 cc_cycle_connection(cl);
3825 }
3826 return ret;
3827 }
3828
3829 /**
3830 * Reader: write dcw to receive
3831 */
3832 int32_t cc_recv_chk(struct s_client *cl, uint8_t *dcw, int32_t *rc, uint8_t *buf, int32_t UNUSED(n))
3833 {
3834 struct cc_data *cc = cl->cc;
3835
3836 if(buf[1] == MSG_CW_ECM)
3837 {
3838 memcpy(dcw, cc->dcw, 16);
3839 //cs_log_dbg(D_CLIENT, "cccam: recv chk - MSG_CW %d - %s", cc->recv_ecmtask,
3840 // cs_hexdump(0, dcw, 16, tmp_dbg, sizeof(tmp_dbg)));
3841 *rc = 1;
3842 return (cc->recv_ecmtask);
3843 }
3844 else if((buf[1] == (MSG_CW_NOK1)) || (buf[1] == (MSG_CW_NOK2)))
3845 {
3846 *rc = 0;
3847 //if(cc->is_oscam_cccam)
3848 if(cfg.cc_forward_origin_card)
3849 {
3850 return (cc->recv_ecmtask);
3851 }
3852 else
3853 {
3854 return -1;
3855 }
3856 }
3857
3858 return (-1);
3859 }
3860
3861 //int32_t is_softfail(int32_t rc)
3862 //{
3863 // //see oscam.c send_dcw() for a full list
3864 // switch(rc)
3865 // {
3866 // case 5: // 5 = timeout
3867 // case 6: // 6 = sleeping
3868 // case 7: // 7 = fake
3869 // case 10: // 10 = no card
3870 // case 11: // 11 = expdate
3871 // case 12: // 12 = disabled
3872 // case 13: // 13 = stopped
3873 // case 14: // 100 = unhandled
3874 // return 1;
3875 // }
3876 // return 0;
3877 //}
3878
3879 /**
3880 * Server: send DCW to client
3881 */
3882 void cc_send_dcw(struct s_client *cl, ECM_REQUEST *er)
3883 {
3884 uint8_t buf[16];
3885 struct cc_data *cc = cl->cc;
3886
3887 memset(buf, 0, sizeof(buf));
3888
3889 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx_by_idx(cl, er->idx, 1);
3890
3891 if(er->rc < E_NOTFOUND && eei) // found
3892 {
3893 memcpy(buf, er->cw, sizeof(buf));
3894 //fix_dcw(buf);
3895 //cs_log_dbg(D_TRACE, "%s send cw: %s cpti: %d", getprefix(),
3896 // cs_hexdump(0, buf, 16, tmp_dbg, sizeof(tmp_dbg)), er->cpti);
3897
3898 if(!cc->extended_mode)
3899 {
3900 cc_cw_crypt(cl, buf, eei->cccam_id);
3901 }
3902 else
3903 {
3904 cc->g_flag = eei->send_idx;
3905 }
3906 cc_cmd_send(cl, buf, 16, MSG_CW_ECM);
3907
3908 if(!cc->extended_mode)
3909 {
3910 cc_crypt(&cc->block[ENCRYPT], buf, 16, ENCRYPT); // additional crypto step
3911 }
3912 }
3913 else // NOT found
3914 {
3915 //cs_log_dbg(D_TRACE, "%s send cw: NOK cpti: %d", getprefix(), er->cpti);
3916
3917 if(eei && cc->extended_mode)
3918 {
3919 cc->g_flag = eei->send_idx;
3920 }
3921
3922 int32_t nok, bufsize = 0;
3923 if(cc->sleepsend && er->rc == E_STOPPED)
3924 {
3925 buf[0] = cl->c35_sleepsend;
3926 bufsize = 1;
3927 nok = MSG_SLEEPSEND;
3928 }
3929 else if(!eei || !eei->card)
3930 {
3931 nok = MSG_CW_NOK1; // share no more available
3932 }
3933 else
3934 {
3935 if(cfg.cc_forward_origin_card && er->origin_card == eei->card)
3936 {
3937 nok = (er->rcEx == E2_CCCAM_NOK1) ? MSG_CW_NOK1 : MSG_CW_NOK2;
3938 }
3939 else
3940 {
3941 nok = MSG_CW_NOK2; // can't decode
3942 }
3943 }
3944 cc_cmd_send(cl, buf, bufsize, nok);
3945 }
3946 cc->server_ecm_pending--;
3947
3948 if(eei)
3949 {
3950 NULLFREE(eei->card);
3951 NULLFREE(eei);
3952 }
3953 }
3954
3955 int32_t cc_recv(struct s_client *cl, uint8_t *buf, int32_t l)
3956 {
3957 int32_t n;
3958 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
3959
3960 if(buf == NULL || l <= 0)
3961 {
3962 return -1;
3963 }
3964
3965 n = cc_msg_recv(cl, buf, l); // recv and decrypt msg
3966 //cs_log_dump_dbg(D_CLIENT, buf, n, "cccam: received %d bytes from %s", n, remote_txt());
3967
3968 if(n <= 0)
3969 {
3970 struct cc_data *cc = cl->cc;
3971 if(cc && cc->nok_message)
3972 {
3973 cs_log_dbg(D_CLIENT, "%s connection closed by %s. n=%d, Reason: %s",
3974 getprefix(), remote_txt(), n, cc->nok_message);
3975 }
3976 else
3977 {
3978 cs_log_dbg(D_CLIENT, "%s connection closed by %s, n=%d.", getprefix(), remote_txt(), n);
3979 if(rdr)
3980 {
3981 cc_cli_close(cl, 1);
3982 }
3983 else
3984 {
3985 //cs_writelock(__func__, &cc->cards_busy); maybe uninitialized
3986 cs_disconnect_client(cl);
3987 //cs_writeunlock(__func__, &cc->cards_busy);
3988 }
3989
3990 cs_sleepms(150);
3991 n = -1;
3992 return n;
3993 }
3994
3995 n = -1;
3996 }
3997 else if(n < 4)
3998 {
3999 cs_log("%s packet is too small (%d bytes)", getprefix(), n);
4000 n = -1;
4001 }
4002 else if(n > CC_MAXMSGSIZE)
4003 {
4004 cs_log("%s packet is too big (%d bytes, max: %d)", getprefix(), n, CC_MAXMSGSIZE);
4005 n = -1;
4006 }
4007 else
4008 {
4009 // parse it and write it back, if we have received something of value
4010 n = cc_parse_msg(cl, buf, n);
4011 if(n == MSG_CW_ECM || n == MSG_EMM_ACK)
4012 {
4013 cl->last = time(NULL); // last client action is now
4014 if(rdr)
4015 {
4016 rdr->last_g = time(NULL); // last reader receive is now
4017 }
4018 }
4019 }
4020
4021 if(n == -1)
4022 {
4023 if(cl->typ != 'c')
4024 {
4025 cc_cli_close(cl, 1);
4026 }
4027 }
4028
4029 return n;
4030 }
4031
4032 void cc_init_locks(struct cc_data *cc)
4033 {
4034 cs_lock_create(__func__, &cc->lockcmd, "lockcmd", 5000);
4035 cs_lock_create(__func__, &cc->cards_busy, "cards_busy", 10000);
4036 }
4037
4038 #ifdef MODULE_CCCSHARE
4039 /**
4040 * Starting readers to get cards
4041 **/
4042 int32_t cc_srv_wakeup_readers(struct s_client *cl)
4043 {
4044 int32_t wakeup = 0;
4045 struct s_reader *rdr;
4046 struct s_client *client;
4047 struct cc_data *cc;
4048
4049 for(rdr = first_active_reader; rdr; rdr = rdr->next)
4050 {
4051 if(rdr->typ != R_CCCAM)
4052 {
4053 continue;
4054 }
4055
4056 if(rdr->tcp_connected == 2)
4057 {
4058 continue;
4059 }
4060
4061 if(!(rdr->grp & cl->grp))
4062 {
4063 continue;
4064 }
4065
4066 // if reader has keepalive but is NOT connected,
4067 // reader can't connect. so don't ask him
4068 if(rdr->cc_keepalive)
4069 {
4070 continue;
4071 }
4072
4073 // reader is in shutdown
4074 if((client = rdr->client) == NULL || (cc = client->cc) == NULL || client->kill)
4075 {
4076 continue;
4077 }
4078
4079 // reader cannot be waked up currently because its blocked
4080 if(is_connect_blocked(rdr))
4081 {
4082 continue;
4083 }
4084
4085 // This wakeups the reader:
4086 add_job(rdr->client, ACTION_READER_CARDINFO, NULL, 0);
4087 wakeup++;
4088 }
4089
4090 return wakeup;
4091 }
4092
4093 int32_t cc_srv_connect(struct s_client *cl)
4094 {
4095 int32_t i, ccversion_pos, ccbuild_pos;
4096 int32_t no_delay = 1;
4097 uint8_t data[16];
4098 char usr[21], pwd[65], tmp_dbg[17];
4099 struct s_auth *account;
4100 struct cc_data *cc;
4101
4102 if(!cs_malloc(&cc, sizeof(struct cc_data)))
4103 {
4104 return -1;
4105 }
4106
4107 memset(usr, 0, sizeof(usr));
4108 memset(pwd, 0, sizeof(pwd));
4109
4110 // init internals data struct
4111 cl->cc = cc;
4112 cc->extended_ecm_idx = ll_create("extended_ecm_idx");
4113
4114 cc_init_locks(cc);
4115 uint8_t *buf = cc->send_buffer;
4116
4117 cc->server_ecm_pending = 0;
4118 cc->extended_mode = 0;
4119 cc->ecm_busy = 0;
4120
4121 int32_t keep_alive = 1;
4122 setsockopt(cl->udp_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&keep_alive, sizeof(keep_alive));
4123
4124 // Create checksum for "O" cccam
4125 get_random_bytes(data, 12);
4126 for(i = 0; i < 4; i++)
4127 {
4128 data[12 + i] = (data[i] + data[4 + i] + data[8 + i]) & 0xff;
4129 }
4130
4131 cs_log_dbg(D_TRACE, "send ccc checksum");
4132
4133 send(cl->udp_fd, data, 16, 0);
4134
4135 cc_xor(data); // XOR init bytes with 'CCcam'
4136
4137 SHA_CTX ctx;
4138 SHA1_Init(&ctx);
4139 SHA1_Update(&ctx, data, 16);
4140 SHA1_Final(buf, &ctx);
4141
4142 cc_init_crypt(&cc->block[ENCRYPT], buf, 20);
4143 cc_crypt(&cc->block[ENCRYPT], data, 16, DECRYPT);
4144 cc_init_crypt(&cc->block[DECRYPT], data, 16);
4145 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
4146
4147 cs_log_dbg(D_TRACE, "receive ccc checksum");
4148
4149 if((i = cc_recv_to(cl, buf, 20)) == 20)
4150 {
4151 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: recv:");
4152 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
4153 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: hash:");
4154 }
4155 else
4156 {
4157 return -1;
4158 }
4159
4160 // receive username
4161 memset(buf, 0, CC_MAXMSGSIZE);
4162 i = cc_recv_to(cl, buf, 20);
4163 if(i < 0) // errors during receive!
4164 {
4165 return -1;
4166 }
4167
4168 if(i == 20)
4169 {
4170 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
4171 cs_strncpy(usr, (char *)buf, sizeof(usr));
4172
4173 // test for non printable characters
4174 for(i = 0; i < 20; i++)
4175 {
4176 if(usr[i] > 0 && usr[i] < 0x20) // found non printable char
4177 {
4178 cs_log("illegal username received");
4179 return -3;
4180 }
4181 }
4182 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: username '%s':", usr);
4183 }
4184 else
4185 {
4186 cs_add_violation(cl, NULL);
4187 return -2;
4188 }
4189 cs_log_dbg(D_TRACE, "ccc username received %s", usr);
4190
4191 cl->crypted = 1;
4192
4193 // CCCam only supports len=20 usr/pass. So we could have
4194 // more than one user that matches the first 20 chars.
4195
4196 // receive password-CCCam encrypted Hash:
4197 i = cc_recv_to(cl, buf, 6);
4198
4199 if(i < 0) // errors during receive!
4200 {
4201 return -1;
4202 }
4203
4204 if(i != 6) // received invalid password length
4205 {
4206 cs_add_violation(cl, usr);
4207 return -2;
4208 }
4209
4210 cs_log_dbg(D_TRACE, "ccc passwdhash received %s", usr);
4211
4212 account = cfg.account;
4213 struct cc_crypt_block *save_block;
4214 if(!cs_malloc(&save_block, sizeof(struct cc_crypt_block)))
4215 {
4216 return -1;
4217 }
4218
4219 memcpy(save_block, cc->block, sizeof(struct cc_crypt_block));
4220 int32_t found = 0;
4221
4222 while(1)
4223 {
4224 while(account)
4225 {
4226 if(strncmp(usr, account->usr, 20) == 0)
4227 {
4228 memset(pwd, 0, sizeof(pwd));
4229 cs_strncpy(pwd, account->pwd, sizeof(pwd));
4230 found = 1;
4231 break;
4232 }
4233 account = account->next;
4234 }
4235
4236 if(!account)
4237 {
4238 break;
4239 }
4240
4241 // receive passwd / 'CCcam'
4242 memcpy(cc->block, save_block, sizeof(struct cc_crypt_block));
4243 cc_crypt(&cc->block[DECRYPT], (uint8_t *) pwd, strlen(pwd), ENCRYPT);
4244 cc_crypt(&cc->block[DECRYPT], buf, 6, DECRYPT);
4245
4246 // illegal buf-bytes could kill the logger!
4247 //cs_log_dump_dbg(D_CLIENT, buf, 6, "cccam: pwd check '%s':", buf);
4248
4249 if(memcmp(buf, "CCcam\0", 6) == 0) // Password Hash OK!
4250 {
4251 break; // account is set
4252 }
4253
4254 account = account->next;
4255 }
4256 NULLFREE(save_block);
4257
4258 // cs_auth_client returns 0 if account is valid/active/accessible
4259 if(cs_auth_client(cl, account, NULL))
4260 {
4261 if(!found)
4262 {
4263 cs_log("account '%s' not found!", usr);
4264 }
4265 else
4266 {
4267 cs_log("password for '%s' invalid!", usr);
4268 }
4269
4270 cs_add_violation(cl, usr);
4271 return -2;
4272 }
4273
4274 if(cl->dup)
4275 {
4276 cs_log("account '%s' duplicate login, disconnect!", usr);
4277 return -3;
4278 }
4279
4280 if(cl->disabled)
4281 {
4282 cs_log("account '%s' disabled, blocking+disconnect!", usr);
4283 cs_add_violation(cl, usr);
4284 return -2;
4285 }
4286
4287 if(account->cccmaxhops < -1)
4288 {
4289 cs_log("account '%s' has cccmaxhops < -1, cccam can't handle this, disconnect!", usr);
4290 return -3;
4291 }
4292
4293 cs_log_dbg(D_TRACE, "ccc user authenticated %s", usr);
4294
4295 if(account->cccmaxhops == -1)
4296 {
4297 cs_log("account '%s' has cccmaxhops = -1: user will not see any card!", usr);
4298 }
4299
4300 if(!cs_malloc(&cc->prefix, strlen(cl->account->usr) + 20))
4301 {
4302 return -1;
4303 }
4304 snprintf(cc->prefix, strlen(cl->account->usr) + 20, "cccam(s) %s:", cl->account->usr);
4305
4306 #ifdef CS_CACHEEX
4307 if(cl->account->cacheex.mode < 2)
4308 #endif
4309 if(cl->tcp_nodelay == 0)
4310 {
4311 setsockopt(cl->udp_fd, IPPROTO_TCP, TCP_NODELAY, (void *)&no_delay, sizeof(no_delay));
4312 cl->tcp_nodelay = 1;
4313 }
4314
4315 // Starting readers to get cards
4316 cc_srv_wakeup_readers(cl);
4317
4318 // send passwd ack
4319 memset(buf, 0, 20);
4320 memcpy(buf, "CCcam\0", 6);
4321 cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: send ack:");
4322 cc_crypt(&cc->block[ENCRYPT], buf, 20, ENCRYPT);
4323 send(cl->pfd, buf, 20, 0);
4324
4325 // recv cli data
4326 memset(buf, 0, CC_MAXMSGSIZE);
4327 i = cc_msg_recv(cl, buf, CC_MAXMSGSIZE - 1);
4328
4329 if(i < 0)
4330 {
4331 return -1;
4332 }
4333 cs_log_dump_dbg(D_CLIENT, buf, i, "cccam: cli data:");
4334
4335 if(i < 66)
4336 {
4337 cs_log_dbg(D_CLIENT, "cccam: cli data too small");
4338 return -1;
4339 }
4340
4341 memcpy(cc->peer_node_id, buf + 24, 8);
4342 //chk_peer_node_for_oscam(cc);
4343
4344 ccversion_pos = 33;
4345 while(ccversion_pos + 1 < i && ccversion_pos < 33 + 5 && buf[ccversion_pos] == 0)
4346 {
4347 ccversion_pos++;
4348 }
4349
4350 ccbuild_pos = 65;
4351 while(ccbuild_pos + 1 < i && ccbuild_pos < 65 + 5 && buf[ccbuild_pos] == 0)
4352 {
4353 ccbuild_pos++;
4354 }
4355
4356 cs_strncpy(cc->remote_version, (char *)buf + ccversion_pos, sizeof(cc->remote_version));
4357 cs_strncpy(cc->remote_build, (char *)buf + ccbuild_pos, sizeof(cc->remote_build));
4358
4359 cs_log_dbg(D_CLIENT, "%s client '%s' (%s) running v%s (%s)", getprefix(), buf + 4,
4360 cs_hexdump(0, cc->peer_node_id, 8, tmp_dbg, sizeof(tmp_dbg)), cc->remote_version, cc->remote_build);
4361
4362 // send cli data ack
4363 cc_cmd_send(cl, NULL, 0, MSG_CLI_DATA);
4364
4365 cs_log_dbg(D_TRACE, "ccc send srv_data %s", usr);
4366 if(cc_send_srv_data(cl) < 0)
4367 {
4368 return -1;
4369 }
4370
4371 cc->cccam220 = check_cccam_compat(cc);
4372 cc->just_logged_in = 1;
4373
4374 // Wait for Partner detection (NOK1 with data) before reporting cards
4375 // When Partner is detected, cccam220=1 is set. then we can report extended card data
4376 i = process_input(buf, CC_MAXMSGSIZE, 1);
4377
4378 if(i <= 0 && i != -9) // disconnected
4379 {
4380 return 0;
4381 }
4382
4383 if(cc->cccam220)
4384 {
4385 cs_log_dbg(D_CLIENT, "%s extended sid mode activated", getprefix());
4386 }
4387 else
4388 {
4389 cs_log_dbg(D_CLIENT, "%s 2.1.x compatibility mode", getprefix());
4390 }
4391
4392 cs_log_dbg(D_TRACE, "ccc send cards %s", usr);
4393
4394 if(!cc_srv_report_cards(cl))
4395 {
4396 return -1;
4397 }
4398 cs_ftime(&cc->ecm_time);
4399
4400 // some clients, e.g. mgcamd, do not support keepalive. So if not answered, keep
4401 // connection check for client timeout. If timeout occurs try to send keepalive
4402 cs_log_dbg(D_TRACE, "ccc connected and waiting for data %s", usr);
4403 return 0;
4404 }
4405
4406 void cc_srv_init2(struct s_client *cl)
4407 {
4408 if(!cl->init_done && !cl->kill)
4409 {
4410 if(IP_ISSET(cl->ip))
4411 {
4412 cs_log_dbg(D_CLIENT, "cccam: new connection from %s", cs_inet_ntoa(cl->ip));
4413 }
4414
4415 cl->pfd = cl->udp_fd;
4416 int32_t ret;
4417 if((ret = cc_srv_connect(cl)) < 0)
4418 {
4419 if(errno != 0)
4420 {
4421 cs_log_dbg(D_CLIENT, "cccam: failed errno: %d (%s)", errno, strerror(errno));
4422 }
4423 else
4424 {
4425 cs_log_dbg(D_CLIENT, "cccam: failed ret: %d", ret);
4426 }
4427 cs_disconnect_client(cl);
4428 }
4429 else
4430 {
4431 cl->init_done = 1;
4432 cc_cacheex_filter_out(cl);
4433 }
4434 }
4435 return;
4436 }
4437
4438 void *cc_srv_init(struct s_client *cl, uint8_t *UNUSED(mbuf), int32_t UNUSED(len))
4439 {
4440 cc_srv_init2(cl);
4441 return NULL;
4442 }
4443 #endif
4444
4445 int32_t cc_cli_connect(struct s_client *cl)
4446 {
4447 struct s_reader *rdr = cl->reader;
4448 struct cc_data *cc = cl->cc;
4449 rdr->card_status = CARD_FAILURE;
4450 cl->stopped = 0;
4451
4452 if(!cc)
4453 {
4454 // init internals data struct
4455 if(!cs_malloc(&cc, sizeof(struct cc_data)))
4456 {
4457 return -1;
4458 }
4459
4460 cc_init_locks(cc);
4461 cc->cards = ll_create("cards");
4462 cl->cc = cc;
4463 cc->pending_emms = ll_create("pending_emms");
4464 cc->extended_ecm_idx = ll_create("extended_ecm_idx");
4465 }
4466 else
4467 {
4468 cc_free_cardlist(cc->cards, 0);
4469 free_extended_ecm_idx(cc);
4470 }
4471
4472 if(!cc->prefix)
4473 {
4474 if(!cs_malloc(&cc->prefix, strlen(cl->reader->label) + 20))
4475 {
4476 return -1;
4477 }
4478 }
4479 snprintf(cc->prefix, strlen(cl->reader->label) + 20, "cccam(r) %s:", cl->reader->label);
4480
4481 int32_t handle, n;
4482 uint8_t data[20];
4483 uint8_t hash[SHA_DIGEST_LENGTH];
4484 uint8_t *buf = cc->send_buffer;
4485 char pwd[65];
4486
4487 // check cred config
4488 if(rdr->device[0] == 0 || rdr->r_pwd[0] == 0 || rdr->r_usr[0] == 0 || rdr->r_port == 0)
4489 {
4490 cs_log("%s configuration error!", rdr->label);
4491 return -5;
4492 }
4493
4494 // connect
4495 handle = network_tcp_connection_open(rdr);
4496 if(handle <= 0)
4497 {
4498 cs_log_dbg(D_READER, "%s network connect error!", rdr->label);
4499 return -1;
4500 }
4501
4502 if(errno == EISCONN)
4503 {
4504 cc_cli_close(cl, 0);
4505 block_connect(rdr);
4506 return -1;
4507 }
4508
4509 int32_t no_delay = 1;
4510 if(cacheex_get_rdr_mode(rdr) < 2)
4511 {
4512 setsockopt(cl->udp_fd, IPPROTO_TCP, TCP_NODELAY, (void *)&no_delay, sizeof(no_delay));
4513 }
4514
4515 // get init seed
4516 if((n = cc_recv_to(cl, data, 16)) != 16)
4517 {
4518 if(n <= 0)
4519 {
4520 cs_log("init error from reader %s", rdr->label);
4521 }
4522 else
4523 {
4524 cs_log("%s server returned %d instead of 16 bytes as init seed (errno=%d %s)",
4525 rdr->label, n, errno, strerror(errno));
4526 }
4527
4528 cc_cli_close(cl, 0);
4529 block_connect(rdr);
4530 return -2;
4531 }
4532
4533 cc->ecm_counter = 0;
4534 cc->max_ecms = 0;
4535 cc->cmd05_mode = MODE_UNKNOWN;
4536 cc->cmd05_offset = 0;
4537 cc->cmd05_active = 0;
4538 cc->cmd05_data_len = 0;
4539 cc->extended_mode = 0;
4540 cc->last_emm_card = NULL;
4541 cc->num_hop1 = 0;
4542 cc->num_hop2 = 0;
4543 cc->num_hopx = 0;
4544 cc->num_reshare0 = 0;
4545 cc->num_reshare1 = 0;
4546 cc->num_reshare2 = 0;
4547 cc->num_resharex = 0;
4548 memset(&cc->cmd05_data, 0, sizeof(cc->cmd05_data));
4549 memset(&cc->receive_buffer, 0, sizeof(cc->receive_buffer));
4550 NULLFREE(cc->nok_message);
4551 cc->cmd0c_mode = MODE_CMD_0x0C_NONE;
4552
4553 cs_log_dump_dbg(D_CLIENT, data, 16, "cccam: server init seed:");
4554
4555 uint16_t sum = 0x1234;
4556 uint16_t recv_sum = (data[14] << 8) | data[15];
4557 int32_t i;
4558
4559 for(i = 0; i < 14; i++)
4560 {
4561 sum += data[i];
4562 }
4563
4564 // create special data to detect oscam-cccam
4565 cc->is_oscam_cccam = sum == recv_sum;
4566
4567 // detect multics seed
4568 uint8_t a = (data[0] ^ 'M') + data[1] + data[2];
4569 uint8_t b = data[4] + (data[5] ^ 'C') + data[6];
4570 uint8_t c = data[8] + data[9] + (data[10] ^ 'S');
4571
4572 if((a == data[3]) && (b == data[7]) && (c == data[11]))
4573 {
4574 cc->multics_mode = 1; // detected multics seed
4575 cs_log_dbg(D_READER, "multics seed detected: %s", rdr->label);
4576 }
4577
4578 cc_xor(data); // XOR init bytes with 'CCcam'
4579
4580 SHA_CTX ctx;
4581 SHA1_Init(&ctx);
4582 SHA1_Update(&ctx, data, 16);
4583 SHA1_Final(hash, &ctx);
4584
4585 cs_log_dump_dbg(D_CLIENT, hash, sizeof(hash), "cccam: sha1 hash:");
4586
4587 // initialisate crypto states
4588 cc_init_crypt(&cc->block[DECRYPT], hash, 20);
4589 cc_crypt(&cc->block[DECRYPT], data, 16, DECRYPT);
4590 cc_init_crypt(&cc->block[ENCRYPT], data, 16);
4591 cc_crypt(&cc->block[ENCRYPT], hash, 20, DECRYPT);
4592
4593 cc_cmd_send(cl, hash, 20, MSG_NO_HEADER); // send crypted hash to server
4594
4595 memset(buf, 0, CC_MAXMSGSIZE);
4596 memcpy(buf, rdr->r_usr, strlen(rdr->r_usr));
4597 cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: username '%s':", buf);
4598 cc_cmd_send(cl, buf, 20, MSG_NO_HEADER); // send usr '0' padded -> 20 bytes
4599
4600 memset(buf, 0, CC_MAXMSGSIZE);
4601 memset(pwd, 0, sizeof(pwd));
4602
4603 //cs_log_dbg(D_CLIENT, "cccam: 'CCcam' xor");
4604 memcpy(buf, "CCcam", 5);
4605 cs_strncpy(pwd, rdr->r_pwd, sizeof(pwd));
4606 cc_crypt(&cc->block[ENCRYPT], (uint8_t *)pwd, strlen(pwd), ENCRYPT);
4607 cc_cmd_send(cl, buf, 6, MSG_NO_HEADER); // send 'CCcam' xor w/ pwd
4608
4609 if((n = cc_recv_to(cl, data, 20)) != 20)
4610 {
4611 cs_log("%s login failed, usr/pwd invalid", getprefix());
4612 cc_cli_close(cl, 0);
4613 block_connect(rdr);
4614 return -2;
4615 }
4616
4617 cc_crypt(&cc->block[DECRYPT], data, 20, DECRYPT);
4618 cs_log_dump_dbg(D_CLIENT, data, 20, "cccam: login data");
4619
4620 if(memcmp(data, buf, 5)) // check server response
4621 {
4622 cs_log("%s login failed, usr/pwd invalid", getprefix());
4623 cc_cli_close(cl, 0);
4624 block_connect(rdr);
4625 return -2;
4626 }
4627 else
4628 {
4629 cs_log_dbg(D_READER, "%s login succeeded", getprefix());
4630 }
4631
4632 cs_log_dbg(D_READER, "cccam: last_s=%ld, last_g=%ld", rdr->last_s, rdr->last_g);
4633
4634 cl->pfd = cl->udp_fd;
4635 cs_log_dbg(D_READER, "cccam: pfd=%d", cl->pfd);
4636
4637 if(cc_send_cli_data(cl) <= 0)
4638 {
4639 cs_log("%s login failed, could not send client data", getprefix());
4640 cc_cli_close(cl, 0);
4641 block_connect(rdr);
4642 return -3;
4643 }
4644
4645 if(rdr->ftab.filts)
4646 {
4647 rdr->caid = rdr->ftab.filts[0].caid;
4648 rdr->nprov = rdr->ftab.filts[0].nprids;
4649
4650 for(n = 0; n < rdr->nprov; n++)
4651 {
4652 rdr->prid[n][0] = rdr->ftab.filts[0].prids[n] >> 24;
4653 rdr->prid[n][1] = rdr->ftab.filts[0].prids[n] >> 16;
4654 rdr->prid[n][2] = rdr->ftab.filts[0].prids[n] >> 8;
4655 rdr->prid[n][3] = rdr->ftab.filts[0].prids[n] & 0xff;
4656 }
4657 }
4658
4659 rdr->card_status = CARD_NEED_INIT;
4660 rdr->last_g = rdr->last_s = time((time_t *) 0);
4661 rdr->tcp_connected = 1;
4662
4663 cc->just_logged_in = 1;
4664 cl->crypted = 1;
4665 cc->ecm_busy = 0;
4666
4667 cc_cacheex_filter_out(cl);
4668
4669 return 0;
4670 }
4671
4672 int32_t cc_cli_init_int(struct s_client *cl)
4673 {
4674 struct s_reader *rdr = cl->reader;
4675
4676 if(rdr->tcp_connected)
4677 {
4678 return 1;
4679 }
4680
4681 if(rdr->tcp_ito < 15 && rdr->tcp_ito !=-1)
4682 {
4683 rdr->tcp_ito = 30;
4684 }
4685
4686 if(rdr->cc_maxhops < 0)
4687 {
4688 rdr->cc_maxhops = DEFAULT_CC_MAXHOPS;
4689 }
4690
4691 if(rdr->tcp_rto < 1) // timeout to 30s
4692 {
4693 rdr->tcp_rto = 30;
4694 }
4695
4696 cs_log_dbg(D_READER, "cccam: inactivity timeout: %d seconds, receive timeout: %d seconds",
4697 rdr->tcp_ito, rdr->tcp_rto);
4698
4699 cc_check_version(rdr->cc_version, rdr->cc_build);
4700
4701 cs_log_dbg(D_READER, "proxy reader: %s (%s:%d) cccam v%s build %s, maxhops: %d",
4702 rdr->label, rdr->device, rdr->r_port, rdr->cc_version, rdr->cc_build, rdr->cc_maxhops);
4703
4704 return 0;
4705 }
4706
4707 int32_t cc_cli_init(struct s_client *cl)
4708 {
4709 struct s_reader *reader = cl->reader;
4710 int32_t res = cc_cli_init_int(cl); // Create socket
4711
4712 if(res == 0 && reader && (reader->cc_keepalive || !cl->cc) && !reader->tcp_connected)
4713 {
4714 cc_cli_connect(cl); // connect to remote server
4715
4716 //while(!reader->tcp_connected && reader->cc_keepalive && cfg.reader_restart_seconds > 0)
4717 //{
4718 // if((cc && cc->mode == CCCAM_MODE_SHUTDOWN))
4719 // {
4720 // return -1;
4721 // }
4722 //
4723 // if(!reader->tcp_connected)
4724 // {
4725 // cc_cli_close(cl, 0);
4726 // res = cc_cli_init_int(cl);
4727 // if(res)
4728 // {
4729 // return res;
4730 // }
4731 // }
4732 //
4733 // cs_log_dbg(D_READER, "%s restarting reader in %d seconds", reader->label, cfg.reader_restart_seconds);
4734 // cs_sleepms(cfg.reader_restart_seconds*1000);
4735 // cs_log_dbg(D_READER, "%s restarting reader...", reader->label);
4736 // cc_cli_connect(cl);
4737 //}
4738 }
4739 return res;
4740 }
4741
4742 /**
4743 * return 1 if we are able to send requests:
4744 */
4745 int32_t cc_available(struct s_reader *rdr, int32_t checktype, ECM_REQUEST *er)
4746 {
4747 if(!rdr || !rdr->client)
4748 {
4749 return 0;
4750 }
4751
4752 struct s_client *cl = rdr->client;
4753 if(!cl)
4754 {
4755 return 0;
4756 }
4757
4758 struct cc_data *cc = cl->cc;
4759 if(er && cc && rdr->tcp_connected)
4760 {
4761 struct cc_card *card = get_matching_card(cl, er, 1);
4762 if(!card)
4763 {
4764 return 0;
4765 }
4766 }
4767 //cs_log_dbg(D_TRACE, "checking reader %s availibility", rdr->label);
4768
4769 if(!cc || rdr->tcp_connected != 2)
4770 {
4771 // Two cases:
4772 // 1. Keepalive ON but not connected: Do NOT send requests,
4773 // because we can't connect - problem of full running pipes
4774 // 2. Keepalive OFF but not connected: Send requests to connect
4775 // pipe won't run full, because we are reading from pipe to
4776 // get the ecm request
4777
4778 if(rdr->cc_keepalive)
4779 {
4780 return 0;
4781 }
4782 }
4783
4784 //if(er && er->ecmlen > 255 && cc && !cc->extended_mode && (cc->remote_build_nr < 3367))
4785 //{
4786 // return 0; // remote does not support large ecms!
4787 //}
4788
4789 if(checktype == AVAIL_CHECK_LOADBALANCE && cc && cc->ecm_busy)
4790 {
4791 if(cc_request_timeout(cl))
4792 {
4793 cc_cycle_connection(cl);
4794 }
4795
4796 if(!rdr->tcp_connected || cc->ecm_busy)
4797 {
4798 cs_log_dbg(D_TRACE, "checking reader %s availibility=0 (unavail)", rdr->label);
4799 return 0; // We are processing EMMs/ECMs
4800 }
4801 }
4802
4803 return 1;
4804 }
4805
4806 /**
4807 *
4808 **/
4809 void cc_card_info(void)
4810 {
4811 struct s_client *cl = cur_client();
4812 struct s_reader *rdr = cl->reader;
4813
4814 if(rdr && !rdr->tcp_connected)
4815 {
4816 cc_cli_connect(cl);
4817 }
4818 }
4819
4820 void cc_cleanup(struct s_client *cl)
4821 {
4822 if(cl->typ != 'c')
4823 {
4824 cc_cli_close(cl, 1); // we need to close open fd's
4825 }
4826 cc_free(cl);
4827 }
4828
4829 void cc_update_nodeid(void)
4830 {
4831 if(array_has_nonzero_byte(cfg.cc_fixed_nodeid, sizeof(cfg.cc_fixed_nodeid)))
4832 {
4833 memcpy(cc_node_id, cfg.cc_fixed_nodeid, 8);
4834 return;
4835 }
4836
4837 // Partner Detection
4838 uint16_t sum = 0x1234; // This is our checksum
4839 int32_t i;
4840 get_random_bytes(cc_node_id, 4);
4841
4842 for(i = 0; i < 4; i++)
4843 {
4844 sum += cc_node_id[i];
4845 }
4846
4847 // Partner ID
4848 cc_node_id[4] = 0x10; // (Oscam 0x10, vPlugServer 0x11, Hadu 0x12, ...)
4849 sum += cc_node_id[4];
4850
4851 // generate checksum for Partner ID:
4852 cc_node_id[5] = 0xAA;
4853
4854 for(i = 0; i < 5; i++)
4855 {
4856 cc_node_id[5] ^= cc_node_id[i];
4857 }
4858 sum += cc_node_id[5];
4859
4860 cc_node_id[6] = sum >> 8;
4861 cc_node_id[7] = sum & 0xff;
4862
4863 memcpy(cfg.cc_fixed_nodeid, cc_node_id, 8);
4864 }
4865
4866 bool cccam_forward_origin_card(ECM_REQUEST *er)
4867 {
4868 if(cfg.cc_forward_origin_card && er->origin_card)
4869 {
4870 struct cc_card *card = er->origin_card;
4871 struct s_ecm_answer *eab = NULL;
4872 struct s_ecm_answer *ea;
4873
4874 for(ea = er->matching_rdr; ea; ea = ea->next)
4875 {
4876 ea->status &= ~(READER_ACTIVE | READER_FALLBACK);
4877 if(card->origin_reader == ea->reader)
4878 {
4879 eab = ea;
4880 }
4881 }
4882
4883 if(eab)
4884 {
4885 cs_log_dbg(D_LB, "loadbalancer: forward card: forced by card %d to reader %s",
4886 card->id, eab->reader->label);
4887
4888 eab->status |= READER_ACTIVE;
4889 return true;
4890 }
4891 }
4892
4893 return false;
4894 }
4895
4896 bool cccam_snprintf_cards_stat(struct s_client *cl, char *emmtext, size_t emmtext_sz)
4897 {
4898 struct cc_data *rcc = cl->cc;
4899 if(rcc)
4900 {
4901 LLIST *cards = rcc->cards;
4902 if(cards)
4903 {
4904 int32_t ncards = ll_count(cards);
4905 int32_t locals = rcc->num_hop1;
4906 snprintf(emmtext, emmtext_sz, " %3d/%3d card%s", locals, ncards, ncards > 1 ? "s " : " ");
4907 return true;
4908 }
4909 }
4910 return false;
4911 }
4912
4913 bool cccam_client_extended_mode(struct s_client *cl)
4914 {
4915 return cl && cl->cc && ((struct cc_data *)cl->cc)->extended_mode;
4916 }
4917
4918 bool cccam_client_multics_mode(struct s_client *cl)
4919 {
4920 return cl && cl->cc && ((struct cc_data *)cl->cc)->multics_mode == 2;
4921 }
4922
4923 void module_cccam(struct s_module *ph)
4924 {
4925 ph->desc = "cccam";
4926 ph->type = MOD_CONN_TCP;
4927 ph->large_ecm_support = 1;
4928 ph->listenertype = LIS_CCCAM;
4929 ph->num = R_CCCAM;
4930 ph->recv = cc_recv;
4931 ph->cleanup = cc_cleanup;
4932 ph->bufsize = 2048;
4933 ph->c_init = cc_cli_init;
4934 ph->c_idle = cc_idle;
4935 ph->c_recv_chk = cc_recv_chk;
4936 ph->c_send_ecm = cc_send_ecm;
4937 ph->c_send_emm = cc_send_emm;
4938 #ifdef MODULE_CCCSHARE
4939 IP_ASSIGN(ph->s_ip, cfg.cc_srvip);
4940 ph->s_handler = cc_srv_init;
4941 ph->s_init = cc_srv_init2;
4942 ph->s_idle = cc_s_idle;
4943 ph->send_dcw = cc_send_dcw;
4944 #endif
4945 ph->c_available = cc_available;
4946 ph->c_card_info = cc_card_info;
4947 cc_cacheex_module_init(ph);
4948 cc_update_nodeid();
4949
4950 #ifdef MODULE_CCCSHARE
4951 int32_t i;
4952 for(i = 0; i < CS_MAXPORTS; i++)
4953 {
4954 if(!cfg.cc_port[i])
4955 {
4956 break;
4957 }
4958 ph->ptab.ports[i].s_port = cfg.cc_port[i];
4959 ph->ptab.nports++;
4960 }
4961
4962 if(cfg.cc_port[0])
4963 {
4964 cccam_init_share();
4965 }
4966 #endif
4967 }
4968 #endif
Open Source Conditional Access Modul