1 #define MODULE_LOG_PREFIX "camd35"
4 #if defined MODULE_CAMD35 || defined MODULE_CAMD35_TCP
6 #include "cscrypt/md5.h"
7 #include "module-cacheex.h"
8 #include "module-camd35.h"
9 #include "module-camd35-cacheex.h"
10 #include "oscam-aes.h"
11 #include "oscam-chk.h"
12 #include "oscam-cache.h"
13 #include "oscam-client.h"
14 #include "oscam-ecm.h"
15 #include "oscam-emm.h"
16 #include "oscam-net.h"
17 #include "oscam-string.h"
18 #include "oscam-reader.h"
20 //CMD00 - ECM (request)
21 //CMD01 - ECM (response)
22 //CMD02 - EMM (in clientmode - set EMM, in server mode - EMM data) - obsolete
23 //CMD03 - ECM (cascading request)
24 //CMD04 - ECM (cascading response)
25 //CMD05 - EMM (emm request) send cardata/cardinfo to client
26 //CMD06 - EMM (incomming EMM in server mode)
27 //CMD19 - EMM (incomming EMM in server mode) only seen with caid 0x1830
28 //CMD08 - Stop sending requests to the server for current srvid, prvid, caid
29 //CMD44 - MPCS/OScam internal error notification
30 //CMD55 - connect_on_init/keepalive
32 //CMD0x3c - CACHEEX Cache-push filter request
33 //CMD0x3d - CACHEEX Cache-push id request
34 //CMD0x3e - CACHEEX Cache-push id answer
35 //CMD0x3f - CACHEEX cache-push
37 //used variable ncd_skey for storing remote node id: ncd_skey[0..7] : 8
38 //bytes node id ncd_skey[8] : 1=valid node id received
40 #define REQ_SIZE 20 + MAX_ECM_SIZE + 0x34
42 static int32_t __camd35_send(struct s_client
*cl
, uint8_t *buf
, int32_t buflen
, int answer_awaited
)
45 uint8_t rbuf
[4 + REQ_SIZE
+ 15];
46 uint8_t *sbuf
= rbuf
+ 4;
48 if(!cl
->udp_fd
|| !cl
->crypted
)
50 return -1; // exit if no fd or aes key not set
56 buflen
= (buf
[0] == 0) ? (((buf
[21] & 0x0F) << 8) | buf
[22]) + 3 : buf
[1];
58 l
= 20 + (((buf
[0] == 3) || (buf
[0] == 4)) ? 0x34 : 0) + buflen
;
60 memcpy(rbuf
, cl
->ucrc
, 4);
62 memset(sbuf
+ l
, 0xFF, 15); // set unused space to 0xFF for newer camd3's
63 i2b_buf(4, crc32(0L, sbuf
+ 20, buflen
), sbuf
+ 4);
66 cs_log_dump_dbg(cl
->typ
== 'c' ? D_CLIENT
: D_READER
, sbuf
, l
, "send %d bytes to %s", l
, username(cl
));
68 aes_encrypt_idx(cl
->aes_keys
, sbuf
, l
);
72 status
= sendto(cl
->udp_fd
, rbuf
, l
+ 4, 0, (struct sockaddr
*)&cl
->udp_sa
, cl
->udp_sa_len
);
75 set_null_ip(&SIN_GET_ADDR(cl
->udp_sa
));
80 status
= send(cl
->udp_fd
, rbuf
, l
+ 4, 0);
82 if(cl
->typ
== 'p' && cl
->reader
)
86 network_tcp_connection_close(cl
->reader
, "can't send");
89 else if(cl
->typ
== 'c')
93 cs_disconnect_client(cl
);
100 if(cl
->reader
&& answer_awaited
)
102 cl
->reader
->last_s
= time(NULL
);
105 if(cl
->reader
&& !answer_awaited
)
107 cl
->reader
->last_s
= cl
->reader
->last_g
= time(NULL
);
110 cl
->last
= time(NULL
);
116 int32_t camd35_send(struct s_client
*cl
, uint8_t *buf
, int32_t buflen
)
118 // send command and set sending time because we await response
119 return __camd35_send(cl
, buf
, buflen
, 1);
122 int32_t camd35_send_without_timeout(struct s_client
*cl
, uint8_t *buf
, int32_t buflen
)
124 // send command and do NOT set sending time because we DON'T await response
125 return __camd35_send(cl
, buf
, buflen
, 0);
128 static int32_t camd35_auth_client(struct s_client
*cl
, uint8_t *ucrc
)
130 int32_t rc
= 1, no_delay
= 1;
132 struct s_auth
*account
;
133 uint8_t md5tmp
[MD5_DIGEST_LENGTH
];
137 return memcmp(cl
->ucrc
, ucrc
, 4) ? 1 : 0;
142 crc
= ((ucrc
[0] << 24) | (ucrc
[1] << 16) | (ucrc
[2] << 8) | ucrc
[3]) & 0xffffffffL
;
144 for(account
= cfg
.account
; account
&& (!cl
->upwd
[0]); account
= account
->next
)
146 if(crc
== crc32(0L, MD5((uint8_t *)account
->usr
, strlen(account
->usr
), md5tmp
), MD5_DIGEST_LENGTH
))
148 rc
= cs_auth_client(cl
, account
, NULL
);
151 memcpy(cl
->ucrc
, ucrc
, 4);
152 cs_strncpy((char *)cl
->upwd
, account
->pwd
, sizeof(cl
->upwd
));
153 if(!aes_set_key_alloc(&cl
->aes_keys
, (char *) MD5(cl
->upwd
, strlen((char *)cl
->upwd
), md5tmp
)))
159 if(cl
->account
->cacheex
.mode
< 2)
161 if(!cl
->is_udp
&& cl
->tcp_nodelay
== 0)
163 setsockopt(cl
->udp_fd
, IPPROTO_TCP
, TCP_NODELAY
, (void *)&no_delay
, sizeof(no_delay
));
175 static int32_t camd35_recv(struct s_client
*client
, uint8_t *buf
, int32_t l
)
177 int32_t rc
, s
, rs
, n
= 0, buflen
= 0, len
= 0;
179 for(rc
= rs
= s
= 0; !rc
; s
++)
190 if(client
->is_udp
&& client
->typ
== 'c')
192 rs
= recv_from_udpipe(buf
);
196 // read minimum packet size (4 byte ucrc + 32 byte data)
197 // to detect packet size (tcp only)
199 //rs = cs_recv(client->udp_fd, buf, client->is_udp ? l : 36, 0);
205 rs
= cs_recv(client
->udp_fd
, buf
, l
, 0);
210 continue; // try again in case of interrupt
215 continue; // EAGAIN needs select procedure again
218 cs_log_dbg(client
->typ
== 'c' ? D_CLIENT
: D_READER
, "ERROR: %s (errno=%d %s)",
219 __func__
, errno
, strerror(errno
));
230 int32_t tot
= 36, readed
= 0;
235 readed
= cs_recv(client
->udp_fd
, buf
+ rs
, tot
, 0);
240 continue; // try again in case of interrupt
245 continue; // EAGAIN needs select procedure again
248 cs_log_dbg(client
->typ
== 'c' ? D_CLIENT
: D_READER
, "ERROR: %s (errno=%d %s)",
249 __func__
, errno
, strerror(errno
));
253 if(readed
== 0) // nothing to read left!
259 if(readed
> 0) // received something, add it!
284 switch(camd35_auth_client(client
, buf
))
291 break; // unknown user
295 break; // error's from cs_auth()
298 memmove(buf
, buf
+ 4, rs
-= 4);
304 aes_decrypt(client
->aes_keys
, buf
, rs
);
306 if(rs
!= boundary(4, rs
))
308 cs_log_dbg(client
->typ
== 'c' ? D_CLIENT
: D_READER
,
309 "WARNING: packet size has wrong decryption boundary");
312 n
= (buf
[0] == 3) ? 0x34 : 0;
314 // Fix for ECM request size > 255 (use ecm length field)
317 buflen
= (((buf
[21] & 0x0F) << 8) | buf
[22]) + 3;
319 else if(buf
[0] == 0x3D || buf
[0] == 0x3E || buf
[0] == 0x3F) // cacheex-push
321 buflen
= buf
[1] | (buf
[2] << 8);
328 n
= boundary(4, n
+ 20 + buflen
);
330 if(!(client
->is_udp
&& client
->typ
== 'c') && (rs
< n
) && ((n
- 32) > 0))
332 //len = cs_recv(client->udp_fd, buf+32, n-32, 0); // read the rest of the packet
334 int32_t tot
= n
- 32;
340 readed
= cs_recv(client
->udp_fd
, buf
+ 32 + len
, tot
, 0); // read the rest of the packet
345 continue; // try again in case of interrupt
350 continue; // EAGAIN needs select procedure again
353 cs_log_dbg(client
->typ
== 'c' ? D_CLIENT
: D_READER
, "ERROR: %s (errno=%d %s)",
354 __func__
, errno
, strerror(errno
));
358 if(readed
== 0) // nothing to read left
363 if(readed
> 0) // received something, add it
375 aes_decrypt(client
->aes_keys
, buf
+ 32, len
);
385 cs_log_dump_dbg(client
->typ
== 'c' ? D_CLIENT
: D_READER
, buf
, rs
, "received %d bytes from %s",
390 cs_log_dbg(client
->typ
== 'c' ? D_CLIENT
: D_READER
, "ignoring %d bytes of garbage", rs
- n
);
402 if(crc32(0L, buf
+ 20, buflen
) != b2i(4, buf
+ 4))
418 if((rs
> 0) && ((rc
== -1) || (rc
== -2)))
420 cs_log_dump_dbg(client
->typ
== 'c' ? D_CLIENT
: D_READER
, buf
, rs
,
421 "received %d bytes from %s (native)", rs
, remote_txt());
426 client
->last
= time(NULL
); // last client action is now
435 cs_log("packet is too small (received %d bytes, expected %d bytes)", rs
, l
);
439 if(cs_auth_client(client
, 0, "unknown user"))
441 cs_disconnect_client(client
);
446 cs_log("incomplete request!");
450 cs_log("checksum error (wrong password?)");
454 cs_log_dbg(client
->typ
== 'c' ? D_CLIENT
: D_READER
, "connection closed");
458 // cs_log_dbg(D_TRACE, "camd35_recv returns rc=%d", rc);
469 static void camd35_request_emm(ECM_REQUEST
*er
)
474 struct s_client
*cl
= cur_client();
475 struct s_reader
*aureader
= NULL
, *rdr
= NULL
;
477 if(er
->selected_reader
&& !er
->selected_reader
->audisabled
478 && ll_contains(cl
->aureader_list
, er
->selected_reader
))
480 aureader
= er
->selected_reader
;
483 if(!aureader
&& cl
->aureader_list
)
485 LL_ITER itr
= ll_iter_create(cl
->aureader_list
);
487 while((rdr
= ll_iter_next(&itr
)))
489 if(emm_reader_match(rdr
, er
->caid
, er
->prid
))
502 uint16_t au_caid
= aureader
->caid
;
504 // Bulcrypt has two caids and aureader->caid can't be used.
505 // Use ECM_REQUEST caid for AU.
506 if(!au_caid
&& caid_is_bulcrypt(er
->caid
))
513 if(!memcmp(cl
->lastserial
, aureader
->hexserial
, 8))
515 if(llabs(now
- cl
->last
) < 180)
521 memcpy(cl
->lastserial
, aureader
->hexserial
, 8);
526 cl
->disable_counter
= 0;
528 cs_log("%s emm-request sent (reader=%s, caid=%04X, auprovid=%06X)", username(cur_client()),
529 aureader
->label
, au_caid
, aureader
->auprovid
? aureader
->auprovid
: b2i(4, aureader
->prid
[0]));
531 else if(cl
->disable_counter
> 2)
537 cl
->disable_counter
++;
540 memset(mbuf
, 0, sizeof(mbuf
));
541 mbuf
[2] = mbuf
[3] = 0xFF; // must not be zero
542 i2b_buf(2, er
->srvid
, mbuf
+ 8);
544 // override request provid with auprovid if set in CMD05
545 if(aureader
->auprovid
)
547 if(aureader
->auprovid
!= er
->prid
)
549 i2b_buf(4, aureader
->auprovid
, mbuf
+ 12);
553 i2b_buf(4, er
->prid
, mbuf
+ 12);
558 i2b_buf(4, er
->prid
, mbuf
+ 12);
561 i2b_buf(2, er
->pid
, mbuf
+ 16);
567 mbuf
[39] = 1; // no. caids
568 mbuf
[20] = au_caid
>> 8; // caid's (max 8)
569 mbuf
[21] = au_caid
& 0xFF;
570 memcpy(mbuf
+ 40, aureader
->hexserial
, 6); // serial now 6 bytes
571 mbuf
[47] = aureader
->nprov
;
573 for(i
= 0; i
< aureader
->nprov
; i
++)
575 if(caid_is_betacrypt(au_caid
) || caid_is_irdeto(au_caid
))
577 mbuf
[48 + (i
* 5)] = aureader
->prid
[i
][0];
578 memcpy(&mbuf
[50 + (i
* 5)], &aureader
->prid
[i
][1], 3);
582 mbuf
[48 + (i
* 5)] = aureader
->prid
[i
][2];
583 mbuf
[49 + (i
* 5)] = aureader
->prid
[i
][3];
584 memcpy(&mbuf
[50 + (i
* 5)], &aureader
->sa
[i
][0], 4); // for conax we need at least 4 bytes
588 // we think client/server protocols should deliver
589 // all information, and only readers should discard EMM
590 mbuf
[128] = (aureader
->blockemm
& EMM_GLOBAL
&& !(aureader
->saveemm
& EMM_GLOBAL
)) ? 0 : 1;
591 mbuf
[129] = (aureader
->blockemm
& EMM_SHARED
&& !(aureader
->saveemm
& EMM_SHARED
)) ? 0 : 1;
592 mbuf
[130] = (aureader
->blockemm
& EMM_UNIQUE
&& !(aureader
->saveemm
& EMM_UNIQUE
)) ? 0 : 1;
593 mbuf
[127] = (aureader
->blockemm
& EMM_UNKNOWN
&& !(aureader
->saveemm
& EMM_UNKNOWN
)) ? 0 : 1;
597 mbuf
[20] = mbuf
[39] = mbuf
[40] = mbuf
[47] = mbuf
[49] = 1;
600 memcpy(mbuf
+ 10, mbuf
+ 20, 2);
601 camd35_send(cl
, mbuf
, 0); // send with data-len 111 for camd3 > 3.890
603 camd35_send(cl
, mbuf
, 0); // send with data-len 112 for camd3 < 3.890
606 static void camd35_send_dcw(struct s_client
*client
, ECM_REQUEST
*er
)
609 buf
= er
->src_data
; // get orig request
613 rdr_log(client
->reader
, "ERROR: src_data missing");
617 if(er
->rc
== E_INVALID
&& !client
->c35_suppresscmd08
) // send normal CMD08
621 memset(buf
+ 20, 0, buf
[1]);
622 buf
[22] = er
->rc
; // put rc in byte 22 - hopefully don't break legacy camd3
624 else if(er
->rc
== E_STOPPED
) // send sleep CMD08
631 cs_log("%s stop request send", client
->account
->usr
);
636 if((er
->rc
< E_NOTFOUND
) || (er
->rc
== E_FAKE
))
640 memmove(buf
+ 20 + 16, buf
+ 20 + buf
[1], 0x34);
643 buf
[0]++; // ecm response (CMD01 or CMD04)
645 camd35_cacheex_init_dcw(client
, er
);
646 memcpy(buf
+ 20, er
->cw
, buf
[1]);
650 // Send old CMD44 to prevent cascading
651 // problems with older mpcs/oscam versions
657 camd35_send(client
, buf
, 0);
658 camd35_request_emm(er
);
661 static void camd35_process_ecm(uint8_t *buf
, int buflen
)
665 if(!buf
|| buflen
< 23)
670 uint16_t ecmlen
= SCT_LEN((&buf
[20]));
672 if(ecmlen
> MAX_ECM_SIZE
|| ecmlen
+ 20 > buflen
|| ecmlen
< 4)
677 if(!(er
= get_ecmtask()))
684 if(!cs_malloc(&er
->src_data
, 0x34 + 20 + er
->ecmlen
))
690 memcpy(er
->src_data
, buf
, 0x34 + 20 + er
->ecmlen
); // save request
691 er
->srvid
= b2i(2, buf
+ 8);
692 er
->caid
= b2i(2, buf
+ 10);
693 er
->prid
= b2i(4, buf
+ 12);
694 //er->idx = b2i(2, buf + 16); // ecmtask idx (see camd35_recv_chk)
695 memcpy(er
->ecm
, buf
+ 20, er
->ecmlen
);
697 get_cw(cur_client(), er
);
700 static void camd35_process_emm(uint8_t *buf
, int buflen
, int emmlen
)
704 if(!buf
|| buflen
< 20 || emmlen
+ 20 > buflen
)
709 memset(&epg
, 0, sizeof(epg
));
712 if(epg
.emmlen
< 3 || epg
.emmlen
> MAX_EMM_SIZE
)
717 memcpy(epg
.caid
, buf
+ 10, 2);
718 memcpy(epg
.provid
, buf
+ 12 , 4);
719 memcpy(epg
.emm
, buf
+ 20, epg
.emmlen
);
721 do_emm(cur_client(), &epg
);
724 int32_t camd35_tcp_connect(struct s_client
*cl
)
726 if(cl
->is_udp
) // check for udp client
728 if(!IP_ISSET(SIN_GET_ADDR(cl
->udp_sa
))) // check ip is set
730 if(!(hostResolve(cl
->reader
))) // no ip -> try to resolve ip of client
732 network_tcp_connection_close(cl
->reader
, "no ip");
738 if(!cl
->reader
->tcp_connected
) // client not connected
741 handle
= network_tcp_connection_open(cl
->reader
); // try to connect
742 if(handle
< 0) // got no handle -> error!
744 cl
->reader
->last_s
= 0; // set last send to zero
745 cl
->reader
->last_g
= 0; // set last receive to zero
746 cl
->last
= 0; // set last client action to zero
751 cl
->reader
->tcp_connected
= 1;
752 cl
->reader
->card_status
= CARD_INSERTED
;
753 cl
->reader
->last_s
= time(NULL
); // reset last send
754 cl
->reader
->last_g
= time(NULL
); // reset last receive
755 cl
->last
= time(NULL
); // reset last client action
756 cl
->pfd
= cl
->udp_fd
= handle
;
759 if(!cl
->udp_fd
) // Check if client has no handle -> error
764 // check if client reached timeout
765 if(cl
->reader
->tcp_rto
&& (cl
->reader
->last_s
- cl
->reader
->last_g
> cl
->reader
->tcp_rto
))
767 if(!cl
->is_udp
) // tcp on timeout disconnect reader
769 network_tcp_connection_close(cl
->reader
, "rto");
772 else //udp check to discover ip change on dynamic ip servers
775 IP_ASSIGN(last_ip
, cl
->ip
);
777 if(!hostResolve(cl
->reader
))
779 network_tcp_connection_close(cl
->reader
, "no ip");
783 if(!IP_EQUAL(last_ip
, cl
->ip
))
785 network_tcp_connection_close(cl
->reader
, "ip change");
798 static void camd35_send_keepalive(struct s_client
*cl
)
802 if(camd35_tcp_connect(cl
))
804 if(cacheex_get_rdr_mode(cl
->reader
) > 1)
806 camd35_cacheex_push_request_remote_id(cl
);
810 uint8_t rbuf
[32]; // minimal size
811 memset(rbuf
, 0, sizeof(rbuf
));
817 camd35_send(cl
, rbuf
, 1); // send adds +20
822 static void camd35_send_keepalive_answer(struct s_client
*cl
)
824 if(check_client(cl
) && cl
->account
)
826 uint8_t rbuf
[32]; // minimal size
827 memset(rbuf
, 0, sizeof(rbuf
));
833 camd35_send(cl
, rbuf
, 1); // send adds +20
837 static int32_t camd35_client_init(struct s_client
*cl
)
839 uint8_t md5tmp
[MD5_DIGEST_LENGTH
];
840 int32_t no_delay
= 1;
842 cs_strncpy((char *)cl
->upwd
, cl
->reader
->r_pwd
, sizeof(cl
->upwd
));
843 i2b_buf(4, crc32(0L, MD5((uint8_t *)cl
->reader
->r_usr
, strlen(cl
->reader
->r_usr
), md5tmp
), 16), cl
->ucrc
);
845 if(!aes_set_key_alloc(&cl
->aes_keys
, (char *)MD5(cl
->upwd
, strlen((char *)cl
->upwd
), md5tmp
)))
852 rdr_log(cl
->reader
, "proxy %s:%d", cl
->reader
->device
, cl
->reader
->r_port
);
854 if(!cl
->is_udp
&& cacheex_get_rdr_mode(cl
->reader
) < 2)
856 setsockopt(cl
->udp_fd
, IPPROTO_TCP
, TCP_NODELAY
, (void *)&no_delay
, sizeof(no_delay
));
859 if(cl
->reader
->keepalive
)
861 camd35_send_keepalive(cl
);
864 if(cacheex_get_rdr_mode(cl
->reader
) == 2)
866 camd35_cacheex_send_push_filter(cl
, 2);
872 static void camd35_idle(void)
874 struct s_client
*cl
= cur_client();
881 if(cl
->reader
->keepalive
)
883 camd35_send_keepalive(cl
);
885 else if(cl
->reader
->tcp_ito
> 0) // only check if user added an inactivity timeout
887 // inactivity timeout check
892 time_diff
= llabs(now
- cl
->reader
->last_s
);
894 if(time_diff
> cl
->reader
->tcp_ito
)
896 if(check_client(cl
) && cl
->reader
->tcp_connected
&& cl
->reader
->ph
.type
== MOD_CONN_TCP
)
898 rdr_log_dbg(cl
->reader
, D_READER
, "inactive_timeout, close connection (fd=%d)", cl
->pfd
);
899 network_tcp_connection_close(cl
->reader
, "inactivity");
903 cl
->reader
->last_s
= now
;
909 static void *camd35_server(struct s_client
*client
, uint8_t *mbuf
, int32_t n
)
918 client
->reader
->last_g
= time(NULL
); // last receive is now
920 if(mbuf
[0] == 6 || mbuf
[0] == 19) // check for emm command
922 // fixup: last send is now (if client is only
923 // sending emms, connection would be dropped!)
924 client
->reader
->last_s
= time(NULL
);
927 rdr_log(client
->reader
, "SERVER last = %d, last_s = %d, last_g = %d",
928 (int) client
->last
, (int) client
->reader
->last_s
, (int) client
->reader
->last_g
);
931 client
->last
= time(NULL
); // last client action is now
936 case 3: // ECM (cascading)
937 camd35_process_ecm(mbuf
, n
);
944 camd35_process_emm(mbuf
, n
, mbuf
[1]);
949 camd35_send_keepalive_answer(client
); // keepalive msg
953 if(!camd35_cacheex_server(client
, mbuf
))
955 cs_log("unknown [cs357x/cs378x] command from %s! (%d) n=%d", username(client
), mbuf
[0], n
);
962 static int32_t camd35_send_ecm(struct s_client
*client
, ECM_REQUEST
*er
)
964 static const char *typtext
[] = { "ok", "invalid", "sleeping" };
968 if(er
->srvid
== client
->lastsrvid
&& er
->caid
== client
->lastcaid
)
970 cs_log("%s is stopped - requested by server (%s)", client
->reader
->label
, typtext
[client
->stopped
]);
979 client
->lastsrvid
= er
->srvid
;
980 client
->lastcaid
= er
->caid
;
981 client
->lastpid
= er
->pid
;
983 if(!camd35_tcp_connect(client
))
988 client
->reader
->card_status
= CARD_INSERTED
; // for udp
991 if(!cs_malloc(&buf
, 20 + er
->ecmlen
+ 15))
997 memset(buf
+ 20, 0xFF, er
->ecmlen
+ 15);
1000 i2b_buf(2, er
->srvid
, buf
+ 8);
1001 i2b_buf(2, er
->caid
, buf
+ 10);
1002 i2b_buf(4, er
->prid
, buf
+ 12);
1003 i2b_buf(2, er
->idx
, buf
+ 16);
1006 memcpy(buf
+ 20, er
->ecm
, er
->ecmlen
);
1008 int32_t rc
= (camd35_send(client
, buf
, 0) < 1) ? -1 : 0;
1014 static int32_t camd35_send_emm(EMM_PACKET
*ep
)
1017 struct s_client
*cl
= cur_client();
1019 if(!camd35_tcp_connect(cl
))
1024 cl
->reader
->card_status
= CARD_INSERTED
; // for udp
1026 if(!cs_malloc(&buf
, ep
->emmlen
+ 20 + 15))
1032 memset(buf
+ 20, 0xFF, ep
->emmlen
+ 15);
1035 buf
[1] = ep
->emmlen
;
1036 memcpy(buf
+ 10, ep
->caid
, 2);
1037 memcpy(buf
+ 12, ep
->provid
, 4);
1038 memcpy(buf
+ 20, ep
->emm
, ep
->emmlen
);
1040 int32_t rc
= (camd35_send_without_timeout(cl
, buf
, 0) < 1) ? 0 : 1;
1046 static int32_t camd35_recv_chk(struct s_client
*client
, uint8_t *dcw
, int32_t *rc
, uint8_t *buf
, int32_t rc2
__attribute__((unused
)))
1049 static const char *typtext
[] = { "ok", "invalid", "sleeping" };
1050 struct s_reader
*rdr
= client
->reader
;
1052 rdr
->last_g
= time(NULL
); // last receive is now
1054 // reading CMD05 Emm request and set serial
1055 if(buf
[0] == 0x05 && buf
[1] == 111)
1057 //cs_log("CMD05: %s", cs_hexdump(1, buf, buf[1], tmp, sizeof(tmp)));
1059 rdr
->nprov
= 0; // reset if number changes on reader change
1060 rdr
->nprov
= buf
[47];
1061 rdr
->caid
= b2i(2, buf
+ 20);
1064 for(i
= 0; i
< rdr
->nprov
; i
++)
1066 if(caid_is_betacrypt(rdr
->caid
) || caid_is_irdeto(rdr
->caid
))
1068 rdr
->prid
[i
][0] = buf
[48 + (i
* 5)];
1069 memcpy(&rdr
->prid
[i
][1], &buf
[50 + (i
* 5)], 3);
1073 rdr
->prid
[i
][2] = buf
[48 + (i
* 5)];
1074 rdr
->prid
[i
][3] = buf
[49 + (i
* 5)];
1075 memcpy(&rdr
->sa
[i
][0], &buf
[50 + (i
* 5)], 4);
1079 memcpy(rdr
->hexserial
, buf
+ 40, 6);
1080 rdr
->hexserial
[6] = 0;
1081 rdr
->hexserial
[7] = 0;
1083 if(cfg
.getblockemmauprovid
)
1086 rdr
->blockemm
|= (buf
[128] == 1) ? 0 : EMM_GLOBAL
;
1087 rdr
->blockemm
|= (buf
[129] == 1) ? 0 : EMM_SHARED
;
1088 rdr
->blockemm
|= (buf
[130] == 1) ? 0 : EMM_UNIQUE
;
1089 rdr
->blockemm
|= (buf
[127] == 1) ? 0 : EMM_UNKNOWN
;
1090 rdr
->auprovid
= b2i(4, buf
+ 12);
1093 cs_log("%s CMD05 AU request for caid: %04X auprovid: %06X",
1094 rdr
->label
, rdr
->caid
, rdr
->auprovid
);
1097 bool rc_invalid
= 0;
1099 if(buf
[0] == 0x08 && ((rdr
->ph
.type
== MOD_CONN_TCP
&& !cfg
.c35_tcp_suppresscmd08
)
1100 || (rdr
->ph
.type
== MOD_CONN_UDP
&& !cfg
.c35_udp_suppresscmd08
)))
1104 client
->stopped
= 2; // server says sleep
1105 rdr
->card_status
= NO_CARD
;
1109 if(config_enabled(WITH_LB
) && cfg
.lb_mode
)
1115 client
->stopped
= 1; // server says invalid
1116 rdr
->card_status
= CARD_FAILURE
;
1120 cs_log("%s CMD08 (%02X - %d) stop request by server (%s)",
1121 rdr
->label
, buf
[21], buf
[21], typtext
[client
->stopped
]);
1124 if(camd35_cacheex_recv_chk(client
, buf
))
1129 if(buf
[0] == 55) // keepalive answer
1134 // CMD44: old reject command introduced in mpcs
1135 // keeping this for backward compatibility
1136 if((buf
[0] != 1) && (buf
[0] != 0x44) && (buf
[0] != 0x08))
1141 idx
= b2i(2, buf
+ 16);
1142 camd35_cacheex_recv_ce1_cwc_info(client
, buf
, idx
);
1144 *rc
= ((buf
[0] != 0x44) && (buf
[0] != 0x08));
1148 *rc
= 2; // INVALID sent by CMD08
1151 memcpy(dcw
, buf
+ 20, 16);
1157 * module definitions
1159 #ifdef MODULE_CAMD35
1160 void module_camd35(struct s_module
*ph
)
1162 ph
->ptab
.nports
= 1;
1163 ph
->ptab
.ports
[0].s_port
= cfg
.c35_port
;
1165 ph
->desc
= "cs357x";
1166 ph
->type
= MOD_CONN_UDP
;
1167 ph
->large_ecm_support
= 1;
1168 ph
->listenertype
= LIS_CAMD35UDP
;
1169 IP_ASSIGN(ph
->s_ip
, cfg
.c35_srvip
);
1170 ph
->s_handler
= camd35_server
;
1171 ph
->recv
= camd35_recv
;
1172 ph
->send_dcw
= camd35_send_dcw
;
1173 ph
->c_init
= camd35_client_init
;
1174 ph
->c_recv_chk
= camd35_recv_chk
;
1175 ph
->c_send_ecm
= camd35_send_ecm
;
1176 ph
->c_send_emm
= camd35_send_emm
;
1177 ph
->c_idle
= camd35_idle
;
1178 camd35_cacheex_module_init(ph
);
1183 #ifdef MODULE_CAMD35_TCP
1184 void module_camd35_tcp(struct s_module
*ph
)
1186 ph
->desc
= "cs378x";
1187 ph
->type
= MOD_CONN_TCP
;
1188 ph
->large_ecm_support
= 1;
1189 ph
->listenertype
= LIS_CAMD35TCP
;
1190 ph
->ptab
= cfg
.c35_tcp_ptab
;
1191 IP_ASSIGN(ph
->s_ip
, cfg
.c35_tcp_srvip
);
1192 ph
->s_handler
= camd35_server
;
1193 ph
->recv
= camd35_recv
;
1194 ph
->send_dcw
= camd35_send_dcw
;
1195 ph
->c_init
= camd35_client_init
;
1196 ph
->c_recv_chk
= camd35_recv_chk
;
1197 ph
->c_send_ecm
= camd35_send_ecm
;
1198 ph
->c_send_emm
= camd35_send_emm
;
1199 ph
->c_idle
= camd35_idle
;
1200 camd35_cacheex_module_init(ph
);