3 #include "oscam-time.h"
4 #include "reader-common.h"
5 #include "reader-irdeto.h"
7 static const uint8_t CryptTable
[256] =
9 0xDA, 0x26, 0xE8, 0x72, 0x11, 0x52, 0x3E, 0x46,
10 0x32, 0xFF, 0x8C, 0x1E, 0xA7, 0xBE, 0x2C, 0x29,
11 0x5F, 0x86, 0x7E, 0x75, 0x0A, 0x08, 0xA5, 0x21,
12 0x61, 0xFB, 0x7A, 0x58, 0x60, 0xF7, 0x81, 0x4F,
13 0xE4, 0xFC, 0xDF, 0xB1, 0xBB, 0x6A, 0x02, 0xB3,
14 0x0B, 0x6E, 0x5D, 0x5C, 0xD5, 0xCF, 0xCA, 0x2A,
15 0x14, 0xB7, 0x90, 0xF3, 0xD9, 0x37, 0x3A, 0x59,
16 0x44, 0x69, 0xC9, 0x78, 0x30, 0x16, 0x39, 0x9A,
17 0x0D, 0x05, 0x1F, 0x8B, 0x5E, 0xEE, 0x1B, 0xC4,
18 0x76, 0x43, 0xBD, 0xEB, 0x42, 0xEF, 0xF9, 0xD0,
19 0x4D, 0xE3, 0xF4, 0x57, 0x56, 0xA3, 0x0F, 0xA6,
20 0x50, 0xFD, 0xDE, 0xD2, 0x80, 0x4C, 0xD3, 0xCB,
21 0xF8, 0x49, 0x8F, 0x22, 0x71, 0x84, 0x33, 0xE0,
22 0x47, 0xC2, 0x93, 0xBC, 0x7C, 0x3B, 0x9C, 0x7D,
23 0xEC, 0xC3, 0xF1, 0x89, 0xCE, 0x98, 0xA2, 0xE1,
24 0xC1, 0xF2, 0x27, 0x12, 0x01, 0xEA, 0xE5, 0x9B,
25 0x25, 0x87, 0x96, 0x7B, 0x34, 0x45, 0xAD, 0xD1,
26 0xB5, 0xDB, 0x83, 0x55, 0xB0, 0x9E, 0x19, 0xD7,
27 0x17, 0xC6, 0x35, 0xD8, 0xF0, 0xAE, 0xD4, 0x2B,
28 0x1D, 0xA0, 0x99, 0x8A, 0x15, 0x00, 0xAF, 0x2D,
29 0x09, 0xA8, 0xF5, 0x6C, 0xA1, 0x63, 0x67, 0x51,
30 0x3C, 0xB2, 0xC0, 0xED, 0x94, 0x03, 0x6F, 0xBA,
31 0x3F, 0x4E, 0x62, 0x92, 0x85, 0xDD, 0xAB, 0xFE,
32 0x10, 0x2E, 0x68, 0x65, 0xE7, 0x04, 0xF6, 0x0C,
33 0x20, 0x1C, 0xA9, 0x53, 0x40, 0x77, 0x2F, 0xA4,
34 0xFA, 0x6D, 0x73, 0x28, 0xE2, 0xCD, 0x79, 0xC8,
35 0x97, 0x66, 0x8E, 0x82, 0x74, 0x06, 0xC7, 0x88,
36 0x1A, 0x4A, 0x6B, 0xCC, 0x41, 0xE9, 0x9D, 0xB8,
37 0x23, 0x9F, 0x3D, 0xBF, 0x8D, 0x95, 0xC5, 0x13,
38 0xB9, 0x24, 0x5A, 0xDC, 0x64, 0x18, 0x38, 0x91,
39 0x7F, 0x5B, 0x70, 0x54, 0x07, 0xB6, 0x4B, 0x0E,
40 0x36, 0xAC, 0x31, 0xE6, 0xD6, 0x48, 0xAA, 0xB4
43 static const uint8_t sc_GetCountryCode
[] = { 0x02, 0x02, 0x03, 0x00, 0x00 };
44 static const uint8_t sc_GetCountryCode2
[] = { 0x02, 0x0B, 0x00, 0x00, 0x00 };
46 static const uint8_t sc_GetCamKey384CZ
[] =
48 0x02, 0x09, 0x03, 0x00, 0x40,
49 0x18, 0xD7, 0x55, 0x14, 0xC0, 0x83, 0xF1, 0x38,
50 0x39, 0x6F, 0xF2, 0xEC, 0x4F, 0xE3, 0xF1, 0x85,
51 0x01, 0x46, 0x06, 0xCE, 0x7D, 0x08, 0x2C, 0x74,
52 0x46, 0x8F, 0x72, 0xC4, 0xEA, 0xD7, 0x9C, 0xE0,
53 0xE1, 0xFF, 0x58, 0xE7, 0x70, 0x0C, 0x92, 0x45,
54 0x26, 0x18, 0x4F, 0xA0, 0xE2, 0xF5, 0x9E, 0x46,
55 0x6F, 0xAE, 0x95, 0x35, 0xB0, 0x49, 0xB2, 0x0E,
56 0xA4, 0x1F, 0x8E, 0x47, 0xD0, 0x24, 0x11, 0xD0
59 static const uint8_t sc_GetCamKey384DZ
[] =
61 0x02, 0x09, 0x03, 0x00, 0x40,
62 0x27, 0xF2, 0xD6, 0xCD, 0xE6, 0x88, 0x62, 0x46,
63 0x81, 0xB0, 0xF5, 0x3E, 0x6F, 0x13, 0x4D, 0xCC,
64 0xFE, 0xD0, 0x67, 0xB1, 0x93, 0xDD, 0xF4, 0xDE,
65 0xEF, 0xF5, 0x3B, 0x04, 0x1D, 0xE5, 0xC3, 0xB2,
66 0x54, 0x38, 0x57, 0x7E, 0xC8, 0x39, 0x07, 0x2E,
67 0xD2, 0xF4, 0x05, 0xAA, 0x15, 0xB5, 0x55, 0x24,
68 0x90, 0xBB, 0x9B, 0x00, 0x96, 0xF0, 0xCB, 0xF1,
69 0x8A, 0x08, 0x7F, 0x0B, 0xB8, 0x79, 0xC3, 0x5D
72 static const uint8_t sc_GetCamKey384FZ
[] =
74 0x02, 0x09, 0x03, 0x00, 0x40,
75 0x62, 0xFE, 0xD8, 0x4F, 0x44, 0x86, 0x2C, 0x21,
76 0x50, 0x9A, 0xBE, 0x27, 0x15, 0x9E, 0xC4, 0x48,
77 0xF3, 0x73, 0x5C, 0xBD, 0x08, 0x64, 0x6D, 0x13,
78 0x64, 0x90, 0x14, 0xDB, 0xFF, 0xC3, 0xFE, 0x03,
79 0x97, 0xFA, 0x75, 0x08, 0x12, 0xF9, 0x8F, 0x84,
80 0x83, 0x17, 0xAA, 0x6F, 0xEF, 0x2C, 0x10, 0x1B,
81 0xBF, 0x31, 0x41, 0xC3, 0x54, 0x2F, 0x65, 0x50,
82 0x95, 0xA9, 0x64, 0x22, 0x5E, 0xA4, 0xAF, 0xA9
85 /* some variables for acs57 (Dahlia for ITA dvb-t) */
91 typedef struct chid_base_date
101 int32_t acs57
; // A flag for the ACS57 ITA DVB-T
103 char country_code
[3]; // irdeto country code.
106 static void XRotateLeft8Byte(uint8_t *buf
)
112 for(k
= 0; k
<= 7; k
++)
116 buf
[k
] = (buf
[k
] << 1) | (t2
>> 7);
120 static void ReverseSessionKeyCrypt(const uint8_t *camkey
, uint8_t *key
)
122 uint8_t localkey
[8], tmp1
, tmp2
;
125 memcpy(localkey
, camkey
, 8);
127 for(idx1
= 0; idx1
< 8; idx1
++)
129 for(idx2
= 0; idx2
< 8; idx2
++)
131 tmp1
= CryptTable
[key
[7] ^ localkey
[idx2
] ^ idx1
];
138 key
[5] = key
[6] ^ tmp1
;
140 key
[7] = tmp1
^ tmp2
;
142 XRotateLeft8Byte(localkey
);
146 static uint8_t XorSum(const uint8_t *mem
, int len
)
157 static time_t chid_date(struct s_reader
*reader
, uint32_t date
, char *buf
, int32_t l
)
159 // Irdeto date starts 01.08.1997 which is
160 // 870393600 seconds in unix calendar time
162 // The above might not be true for all Irdeto card
163 // we need to find a way to identify cards to set the base date
164 // like we did for NDS
166 // this is the known default value.
170 if((reader
->caid
>> 8) == 0x06)
172 date_base
= 946598400L; // this is actually 31.12.1999, 00:00 default for irdeto card
176 date_base
= 870393600L; // this is actually 01.08.1997, 00:00 default for betacrypt cards
179 // CAID, ACS, Country, base date D. M. Y, h : m
180 CHID_BASE_DATE table
[] = {
181 {0x0662, 0x0608, "ITA", 944110500L}, // 01.12.1999, 23.55
182 {0x0616, 0x0608, "ITA", 944110500L}, // 01.12.1999, 23.55 //nitegate
183 {0x0647, 0x0005, "ITA", 946598400L}, // 31.12.1999, 00:00 //Redlight irdeto
184 {0x0664, 0x0608, "TUR", 946598400L}, // 31.12.1999, 00:00
185 {0x0624, 0x0006, "CZE", 946598400L}, // 30.12.1999, 16:00 //skyklink irdeto
186 {0x0624, 0x0006, "SVK", 946598400L}, // 30.12.1999, 16:00 //skyklink irdeto
187 {0x0666, 0x0006, "SVK", 946598400L}, // 30.12.1999, 16:00 //cslink irdeto
188 {0x0668, 0x0006, "SVK", 946598400L}, // 30.12.1999, 00:00 //Towercom Irdeto
189 {0x0666, 0x0006, "CZE", 946598400L}, // 30.12.1999, 16:00 //cslink irdeto
190 {0x0653, 0x0608, "HUN", 946598400L}, // 31.12.1999, 00:00 //upc ice irdeto
191 {0x0653, 0x0005, "HUN", 946598400L}, // 31.12.1999, 00:00 //upc ice irdeto
192 {0x0650, 0x0608, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf P410 irdeto
193 {0x0650, 0x0005, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf P410 irdeto
194 {0x0648, 0x0608, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf ice irdeto
195 {0x0648, 0x0005, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf ice irdeto
196 {0x0627, 0x0608, "EGY", 946598400L}, // 30.12.1999, 16:00
197 {0x0602, 0x0606, "NLD", 946598400L}, // 31.12.1999, 08:00 //Ziggo irdeto caid: 0602, acs: 6.06
198 {0x0602, 0x0505, "NLD", 946598400L}, // 31.12.1999, 00:00 //Ziggo irdeto caid: 0602, acs: 5.05
199 {0x0606, 0x0005, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 0.05
200 {0x0606, 0x0605, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 6.05
201 {0x0606, 0x0606, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 6.06
202 {0x0606, 0x0006, "ZAF", 946598400L}, // 31.12.1999, 00:00 //dstv irdeto
203 {0x0604, 0x1541, "GRC", 977817600L}, // 26.12.2000, 00:00
204 {0x0604, 0x1542, "GRC", 977817600L}, // 26.12.2000, 00:00
205 {0x0604, 0x1543, "GRC", 977817600L}, // 26.12.2000, 00:00
206 {0x0604, 0x1544, "GRC", 977817600L}, // 26.12.2000, 17:00
207 {0x0604, 0x0608, "EGY", 999993600L}, // 08.09.2001, 17:00
208 {0x0604, 0x0606, "EGY", 1003276800L}, // 16.10.2001, 17:00
209 {0x0604, 0x0605, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
210 {0x0604, 0x0606, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
211 {0x0604, 0x0607, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
212 {0x0604, 0x0608, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
213 {0x0604, 0x0005, "GRC", 1011052800L}, // 15.01.2002, 00:00 //mova irdeto
214 {0x0604, 0x0606, "NLD", 1066089600L}, // 14.10.2003, 00:00
215 {0x0610, 0x0608, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0610, acs: 6.08
216 {0x0604, 0x0608, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 6.08
217 {0x0604, 0x0605, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 6.05
218 {0x0604, 0x0005, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 0.05
219 {0x0628, 0x0606, "MCR", 1159574400L}, // 29.09.2006, 00:00
220 {0x0652, 0x0005, "MCR", 1206662400L}, // 28.03.2008, 00:00 //Raduga caid:0652, acs: 0.05
221 {0x0652, 0x0608, "MCR", 1206662400L}, // 28.03.2008, 00:00 //Raduga caid:0652, acs: 6.08
225 // now check for specific providers base date
227 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
231 if((reader
->caid
== table
[i
].caid
) && (csystem_data
->acs
== table
[i
].acs
)
232 && (!memcmp(csystem_data
->country_code
, table
[i
].c_code
, 3)))
234 date_base
= table
[i
].base
;
240 time_t ut
= date_base
+ date
* (24 * 3600);
244 cs_gmtime_r(&ut
, &t
);
246 snprintf(buf
, l
, "%04d/%02d/%02d", t
.tm_year
+ 1900, t
.tm_mon
+ 1, t
.tm_mday
);
251 static int32_t irdeto_do_cmd(struct s_reader
*reader
, uint8_t *buf
, uint16_t good
, uint8_t *cta_res
, uint16_t *p_cta_lr
)
254 if((rc
= reader_cmd2icc(reader
, buf
, buf
[4] + 5, cta_res
, p_cta_lr
)))
256 return (rc
); // result may be 0 (success) or negative
261 return (0x7F7F); // this should never happen
264 return (good
!= b2i(2, cta_res
+ *p_cta_lr
- 2));
267 #define reader_chk_cmd(cmd, l) { if (reader_cmd2icc(reader, cmd, sizeof(cmd), cta_res, &cta_lr)) return ERROR; if (l && (cta_lr!=l)) return ERROR; }
269 static int32_t irdeto_card_init_provider(struct s_reader
*reader
)
273 uint8_t buf
[256] = {0};
274 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
276 uint8_t sc_GetProvider
[] = { 0x02, 0x03, 0x03, 0x00, 0x00 };
277 uint8_t sc_Acs57Prov
[] = { 0xD2, 0x06, 0x03, 0x00, 0x01, 0x3C };
278 uint8_t sc_Acs57_Cmd
[] = { ACS57GET
, 0xFE, 0x00, 0x00, 0x00 };
283 memset(reader
->prid
, 0xff, sizeof(reader
->prid
));
285 for(buf
[0] = i
= p
= 0; i
< reader
->nprov
; i
++)
288 if(csystem_data
->acs57
== 1)
292 irdeto_do_cmd(reader
, sc_Acs57Prov
, 0x9021, cta_res
, &cta_lr
);
293 int32_t acslength
= cta_res
[cta_lr
- 1];
294 sc_Acs57_Cmd
[4] = acslength
;
295 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
301 sc_GetProvider
[3] = i
;
302 reader_chk_cmd(sc_GetProvider
, 0);
305 if(((cta_lr
== 26) && ((!(i
& 1)) || (cta_res
[0] != 0xf))) || (csystem_data
->acs57
== 1))
307 reader
->prid
[i
][4] = p
++;
309 // maps the provider id for Betacrypt from FFFFFF to 000000,
310 // fixes problems with cascading CCcam and OSCam
311 if(caid_is_betacrypt(reader
->caid
))
313 memset(&reader
->prid
[i
][0], 0, 4);
317 memcpy(&reader
->prid
[i
][0], cta_res
+ acspadd
, 4);
320 if(!memcmp(cta_res
+ acspadd
+ 1, &reader
->hexserial
, 3))
322 reader
->prid
[i
][3] = 0xFF;
325 snprintf((char *) buf
+ strlen((char *)buf
), sizeof(buf
) - strlen((char *)buf
), ",%06x", b2i(3, &reader
->prid
[i
][1]));
329 reader
->prid
[i
][0] = 0xf;
335 rdr_log(reader
, "active providers: %d (%s)", p
, buf
+ 1);
341 static int32_t irdeto_card_init(struct s_reader
*reader
, ATR
*newatr
)
346 uint8_t buf
[256] = { 0 };
347 uint8_t sc_GetCamKey383C
[] = {
348 0x02, 0x09, 0x03, 0x00, 0x40,
349 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
350 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
351 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
352 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
353 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
356 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
358 uint8_t sc_GetASCIISerial
[] = { 0x02, 0x00, 0x03, 0x00, 0x00 };
359 uint8_t sc_GetHEXSerial
[] = { 0x02, 0x01, 0x00, 0x00, 0x00 };
360 uint8_t sc_GetSCDetails
[] = { 0x02, 0x1E, 0x00, 0x00, 0x00 };
361 uint8_t sc_GetCardFile
[] = { 0x02, 0x0E, 0x02, 0x00, 0x00 };
363 uint8_t sc_Acs57CamKey
[70] = { 0xD2, 0x12, 0x03, 0x00, 0x41};
364 uint8_t sc_Acs57Country
[] = { 0xD2, 0x04, 0x00, 0x00, 0x01, 0x3E };
365 uint8_t sc_Acs57Ascii
[] = { 0xD2, 0x00, 0x03, 0x00, 0x01, 0x3F };
366 uint8_t sc_Acs57Hex
[] = { 0xD2, 0x02, 0x03, 0x00, 0x01, 0x3E };
367 uint8_t sc_Acs57CFile
[] = { 0xD2, 0x1C, 0x02, 0x00, 0x01, 0x30 };
368 uint8_t sc_Acs57_Cmd
[] = { ACS57GET
, 0xFE, 0x00, 0x00, 0x00 };
373 if(!memcmp(atr
+ 4, "IRDETO", 6))
379 if((!memcmp(atr
+ 5, "IRDETO", 6)) || (((atr
[6] == 0xC4) && (atr
[9] == 0x8F) && (atr
[10] == 0xF1)) && reader
->force_irdeto
))
383 rdr_log(reader
, "Hist. Bytes: %s", atr
+ 5);
391 if(!cs_malloc(&reader
->csystem_data
, sizeof(struct irdeto_data
)))
395 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
396 csystem_data
->acs57
= acs57
;
398 rdr_log(reader
, "detect irdeto card");
399 if((array_has_nonzero_byte(reader
->rsa_mod
, 64) > 0) && (!reader
->force_irdeto
|| csystem_data
->acs57
)) // we use rsa from config as camkey
402 rdr_log_dbg(reader
, D_READER
, "using camkey data from config");
403 rdr_log_dbg(reader
, D_READER
, " camkey: %s", cs_hexdump(0, reader
->boxkey
, sizeof(reader
->boxkey
), tmp_dbg
, sizeof(tmp_dbg
)));
404 if(csystem_data
->acs57
== 1)
406 memcpy(&sc_Acs57CamKey
[5], reader
->rsa_mod
, 0x40);
407 rdr_log_dbg(reader
, D_READER
, "camkey-data: %s", cs_hexdump(0, &sc_Acs57CamKey
[5], 32, tmp_dbg
, sizeof(tmp_dbg
)));
408 rdr_log_dbg(reader
, D_READER
, "camkey-data: %s", cs_hexdump(0, &sc_Acs57CamKey
[37], 32, tmp_dbg
, sizeof(tmp_dbg
)));
412 memcpy(&sc_GetCamKey383C
[5], reader
->rsa_mod
, 0x40);
413 rdr_log_dbg(reader
, D_READER
, "camkey-data: %s", cs_hexdump(0, &sc_GetCamKey383C
[5], 32, tmp_dbg
, sizeof(tmp_dbg
)));
414 rdr_log_dbg(reader
, D_READER
, "camkey-data: %s", cs_hexdump(0, &sc_GetCamKey383C
[37], 32, tmp_dbg
, sizeof(tmp_dbg
)));
419 if(csystem_data
->acs57
== 1)
421 rdr_log(reader
, "WARNING: ACS57 card can require the CamKey from config");
425 memcpy(reader
->boxkey
, "\x11\x22\x33\x44\x55\x66\x77\x88", 8);
430 * Get Irdeto Smartcard Details - version - patch level etc
432 if(csystem_data
->acs57
== 0)
434 if(!irdeto_do_cmd(reader
, sc_GetSCDetails
, 0, cta_res
, &cta_lr
))
436 rdr_log(reader
, "Irdeto SC %0x version %0x revision %0x, patch level %0x", cta_res
[0 + acspadd
], cta_res
[1 + acspadd
], cta_res
[2 + acspadd
], cta_res
[5 + acspadd
]);
443 if(csystem_data
->acs57
== 1)
445 irdeto_do_cmd(reader
, sc_Acs57Country
, 0x9019, cta_res
, &cta_lr
);
446 int32_t acslength
= cta_res
[cta_lr
- 1];
447 sc_Acs57_Cmd
[4] = acslength
;
448 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
452 reader_chk_cmd(sc_GetCountryCode
, 18);
454 csystem_data
->acs
= (cta_res
[0 + acspadd
] << 8) | cta_res
[1 + acspadd
];
455 reader
->caid
= (cta_res
[5 + acspadd
] << 8) | cta_res
[6 + acspadd
];
456 memcpy(csystem_data
->country_code
, cta_res
+ 13 + acspadd
, 3);
457 rdr_log(reader
, "caid: %04X, acs: %x.%02x, country code: %c%c%c",
458 reader
->caid
, cta_res
[0 + acspadd
], cta_res
[1 + acspadd
], cta_res
[13 + acspadd
], cta_res
[14 + acspadd
], cta_res
[15 + acspadd
]);
463 if(csystem_data
->acs57
== 1)
465 irdeto_do_cmd(reader
, sc_Acs57Ascii
, 0x901D, cta_res
, &cta_lr
);
466 int32_t acslength
= cta_res
[cta_lr
- 1];
467 sc_Acs57_Cmd
[4] = acslength
;
468 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
472 reader_chk_cmd(sc_GetASCIISerial
, 22);
474 memcpy(buf
, cta_res
+ acspadd
, 10);
476 if(csystem_data
->acs57
== 1)
478 irdeto_do_cmd(reader
, sc_Acs57Hex
, 0x903E, cta_res
, &cta_lr
);
479 int32_t acslength
= cta_res
[cta_lr
- 1];
480 sc_Acs57_Cmd
[4] = acslength
;
481 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
485 reader_chk_cmd(sc_GetHEXSerial
, 18);
487 reader
->nprov
= cta_res
[10 + acspadd
];
488 memcpy(reader
->hexserial
, cta_res
+ 12 + acspadd
, 4);
490 rdr_log_sensitive(reader
, "providers: %d, ascii serial: {%s}, hex serial: {%02X%02X%02X}, hex base: {%02X}",
491 reader
->nprov
, buf
, reader
->hexserial
[0], reader
->hexserial
[1], reader
->hexserial
[2], reader
->hexserial
[3]);
496 if(csystem_data
->acs57
== 1)
498 irdeto_do_cmd(reader
, sc_Acs57CFile
, 0x9049, cta_res
, &cta_lr
);
499 int32_t acslength
= cta_res
[cta_lr
- 1];
500 sc_Acs57_Cmd
[4] = acslength
;
501 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
502 sc_Acs57CFile
[2] = 0x03;
504 irdeto_do_cmd(reader
, sc_Acs57CFile
, 0x9049, cta_res
, &cta_lr
);
505 acslength
= cta_res
[cta_lr
- 1];
506 sc_Acs57_Cmd
[4] = acslength
;
507 sc_Acs57_Cmd
[2] = 0x03;
508 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
509 sc_Acs57_Cmd
[2] = 0x00;
513 for(sc_GetCardFile
[2] = 2; sc_GetCardFile
[2] < 4; sc_GetCardFile
[2]++)
515 reader_chk_cmd(sc_GetCardFile
, 0);
522 if(((atr
[14] == 0x03) && (atr
[15] == 0x84) && (atr
[16] == 0x55)) || (((atr
[14] == 0x53) && (atr
[15] == 0x20) && (atr
[16] == 0x56))))
538 // case 0x0624: camkey = 4; break; //ice 0D96/0624 has short ATR
545 if(((reader
->caid
== 0x0624) && (csystem_data
->acs57
== 1)) || (reader
->caid
== 0x0648) || (reader
->caid
== 0x0650) || (reader
->caid
== 0x0653) || (reader
->caid
== 0x0666)) // acs 6.08 and ice 0D96/0624 and 0D97/0653
548 sc_Acs57CamKey
[2] = 0;
551 // Dirthy hack for Ziggo will be removed when optimum values are find on these T14 cards for v2 and triple
552 // There are also other readers suffering from simmilar issue for those cards.
553 if(((reader
->caid
== 0x0604) || (reader
->caid
== 0x1722)) && (reader
->typ
== R_SMART
) && (reader
->smart_type
>= 2))
555 // Quick and dirty containment for the SmargoV2,Triple and Ziggo irdeto caid: 0604 using smartreader protocol
560 rdr_log_dbg(reader
, D_READER
, "set camkey for type=%d", camkey
);
565 reader_chk_cmd(sc_GetCamKey384CZ
, 10);
569 reader_chk_cmd(sc_GetCamKey384DZ
, 10);
573 reader_chk_cmd(sc_GetCamKey384FZ
, 10);
579 crc
^= 0x01, crc
^= 0x02, crc
^= 0x09;
580 crc
^= sc_Acs57CamKey
[2], crc
^= sc_Acs57CamKey
[3], crc
^= (sc_Acs57CamKey
[4] + 1);
582 for(i
= 5; i
< (int)sizeof(sc_Acs57CamKey
) - 1; i
++)
584 crc
^= sc_Acs57CamKey
[i
];
586 sc_Acs57CamKey
[69] = crc
;
588 if(((reader
->caid
== 0x0624) && (csystem_data
->acs57
== 1)) || (reader
->caid
== 0x0648) || (reader
->caid
== 0x0650) || (reader
->caid
== 0x0653) || (reader
->caid
== 0x0666))
590 sc_Acs57CamKey
[69] = XorSum(sc_Acs57CamKey
, 69) ^ 0x3f ^(sc_Acs57CamKey
[0] & 0xf0) ^ 0x1b;
591 if(irdeto_do_cmd(reader
, sc_Acs57CamKey
, 0x9011, cta_res
, &cta_lr
))
593 rdr_log(reader
, "You have a bad Cam Key set");
599 irdeto_do_cmd(reader
, sc_Acs57CamKey
, 0x9012, cta_res
, &cta_lr
);
602 int32_t acslength
= cta_res
[cta_lr
- 1];
603 sc_Acs57_Cmd
[4] = acslength
;
604 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
607 // dirthy hack ziggo nl card smartredaer v2 and triple will be removed after findings optimum T14 values for v2 and triple
610 // For some reason only 4 to 5 bytes are received, while 8 bytes are expected.
612 rc
= reader_cmd2icc(reader
, sc_GetCamKey383C
, sizeof(sc_GetCamKey383C
), cta_res
, &cta_lr
);
613 rdr_log_dbg(reader
, D_READER
, "SmargoV2 camkey exchange containment: Ignoring returncode (%d), should have been 0.", rc
);
614 rdr_log_dbg(reader
, D_READER
, "In case cardinit NOK and/or no entitlements, retry by restarting oscam.");
615 } break; // end dirthy hack
618 if(csystem_data
->acs57
== 1)
620 int32_t i
, crc
= 0x76;
622 for(i
= 6; i
< (int)sizeof(sc_Acs57CamKey
) - 1; i
++)
624 crc
^= sc_Acs57CamKey
[i
];
627 sc_Acs57CamKey
[69] = crc
;
628 irdeto_do_cmd(reader
, sc_Acs57CamKey
, 0x9012, cta_res
, &cta_lr
);
629 int32_t acslength
= cta_res
[cta_lr
- 1];
630 sc_Acs57_Cmd
[4] = acslength
;
631 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
635 reader_chk_cmd(sc_GetCamKey383C
, 0);
639 if(((reader
->cardmhz
!= 600) && (reader
->typ
!= R_INTERNAL
)) || ((reader
->typ
== R_INTERNAL
) && ((reader
->mhz
< 510) || (reader
->cardmhz
> 690))))
641 rdr_log(reader
, "WARNING: For Irdeto cards you will have to set '%s= 600' in oscam.server", (reader
->typ
== R_INTERNAL
? "mhz" : "cardmhz") );
644 return irdeto_card_init_provider(reader
);
647 int32_t irdeto_do_ecm(struct s_reader
*reader
, const ECM_REQUEST
*er
, struct s_ecm_answer
*ea
)
650 cta_lr
= 0; // suppress compiler error
651 static const uint8_t sc_EcmCmd
[] = { 0x05, 0x00, 0x00, 0x02, 0x00 };
652 uint8_t sc_Acs57Ecm
[] = { 0xD5, 0x00, 0x00, 0x02, 0x00 };
653 uint8_t sc_Acs57_Cmd
[] = { ACS57ECM
, 0xFE, 0x00, 0x00, 0x00 };
654 uint8_t cta_cmd
[MAX_ECM_SIZE
];
655 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
657 int32_t i
= 0, acspadd
= 0;
658 if(csystem_data
->acs57
== 1)
661 sc_Acs57Ecm
[4] = er
->ecm
[2] - 2;
662 if(((reader
->caid
== 0x0624) && (csystem_data
->acs57
== 1)) || (reader
->caid
== 0x0648) || (reader
->caid
== 0x0650) || (reader
->caid
== 0x0653) || (reader
->caid
== 0x0666)) //crc for orf, cslink, skylink, upcdirect
667 crc
^= sc_Acs57Ecm
[2];
668 crc
^= sc_Acs57Ecm
[3];
669 crc
^= (sc_Acs57Ecm
[4] - 1);
671 for(i
= 6; i
< er
->ecm
[2] + 4; i
++)
678 sc_Acs57Ecm
[2] = er
->ecm
[6];
681 crc
^= sc_Acs57Ecm
[2];
682 crc
^= sc_Acs57Ecm
[3];
683 crc
^= (sc_Acs57Ecm
[4] - 1);
685 for(i
= 6; i
< er
->ecm
[3] - 5; i
++)
691 memcpy(cta_cmd
, sc_Acs57Ecm
, sizeof(sc_Acs57Ecm
));
692 memcpy(cta_cmd
+ 5, er
->ecm
+ 6, er
->ecm
[2] - 1);
693 cta_cmd
[er
->ecm
[2] + 2] = crc
;
695 irdeto_do_cmd(reader
, cta_cmd
, 0, cta_res
, &cta_lr
);
696 int32_t acslength
= cta_res
[cta_lr
- 1];
698 // If acslength != 0x1F you don't have the entitlements or you camkey is bad
699 if(acslength
!= 0x1F)
704 rdr_log(reader
, "Maybe you don't have the entitlements for this channel");
708 rdr_log(reader
, "Maybe you have a bad Cam Key set it from config file");
713 sc_Acs57_Cmd
[4] = acslength
;
715 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
720 memcpy(cta_cmd
, sc_EcmCmd
, sizeof(sc_EcmCmd
));
721 cta_cmd
[4] = (er
->ecm
[2]) - 3;
722 memcpy(cta_cmd
+ sizeof(sc_EcmCmd
), &er
->ecm
[6], cta_cmd
[4]);
730 snprintf(ea
->msglog
, MSGLOGSIZE
, "%.22s irdeto_do_cmd try nr %i", reader
->label
, try);
733 ret
= (irdeto_do_cmd(reader
, cta_cmd
, 0x9D00, cta_res
, &cta_lr
));
734 ret
= ret
|| (cta_lr
< 24);
737 switch(cta_res
[cta_lr
- 2])
739 case 0x26: // valid for V6 and V7 cards *26 rare case card gets locked if bad EMM being written
741 snprintf(ea
->msglog
, MSGLOGSIZE
, "%.19s cardstatus: LOCKED", reader
->label
);
745 case 0x27: // valid for V6 and V7 cards Time sync EMMs
747 snprintf(ea
->msglog
, MSGLOGSIZE
, "%.23s need global EMMs first", reader
->label
);
751 case 0x33: // valid for all cards *33 comes in 2 cases Either Card Requires to be init with Dynamic RSA AKA cmd28/A0 or Pairing Enabled
753 snprintf(ea
->msglog
, MSGLOGSIZE
, "%.26s dynamic RSA init or pairing enabled", reader
->label
);
757 case 0x35: // valid for V6 and V7 cards Time sync EMMs
759 snprintf(ea
->msglog
, MSGLOGSIZE
, "%.23s need global EMMs first", reader
->label
);
763 case 0x90: // valid for all cards
765 snprintf(ea
->msglog
, MSGLOGSIZE
,"%.26s unsubscribed channel or chid missing", reader
->label
);
769 case 0x92: // valid for all cards
771 snprintf(ea
->msglog
, MSGLOGSIZE
,"%.22s regional chid missing", reader
->label
);
775 case 0x9E: // valid for all cards *9E comes in 2 cases if card not fully updated OR if pairing Enabled
777 if(cta_res
[cta_lr
- 1] == 0x65)
779 snprintf(ea
->msglog
, MSGLOGSIZE
,"%.24s chipset pairing enabled", reader
->label
);
784 snprintf(ea
->msglog
, MSGLOGSIZE
,"%.11s needs EMMs", reader
->label
);
789 case 0xA0: // valid for all cards
791 snprintf(ea
->msglog
, MSGLOGSIZE
,"%.17s surflock enabled", reader
->label
);
795 default: // all other error status
797 snprintf(ea
->msglog
, MSGLOGSIZE
, "%.16s irdeto_do_cmd [%d] %02x %02x", reader
->label
, cta_lr
, cta_res
[cta_lr
- 2], cta_res
[cta_lr
- 1]);
804 while((try < 3) && (ret
));
812 if((cta_res
[5]== 0x36) || (cta_res
[5]== 0x37) || (cta_res
[5]== 0x24) || (cta_res
[5]== 0x25))
814 snprintf(ea
->msglog
, MSGLOGSIZE
, "cw needs tweaking");
817 ReverseSessionKeyCrypt(reader
->boxkey
, cta_res
+ 6 + acspadd
);
818 ReverseSessionKeyCrypt(reader
->boxkey
, cta_res
+ 14 + acspadd
);
819 memcpy(ea
->cw
, cta_res
+ 6 + acspadd
, 16);
823 static int32_t irdeto_get_emm_type(EMM_PACKET
*ep
, struct s_reader
*rdr
)
825 int32_t i
, l
= (ep
->emm
[3] & 0x07);
826 int32_t base
= (ep
->emm
[3] >> 3);
827 char dumprdrserial
[l
* 3], dumpemmserial
[l
* 3];
829 rdr_log_dbg(rdr
, D_EMM
, "Entered irdeto_get_emm_type ep->emm[3]=%02x", ep
->emm
[3]);
834 // global emm, 0 bytes addressed
836 rdr_log_dbg(rdr
, D_EMM
, "GLOBAL base = %02x", base
);
838 if(base
& 0x10) // hex serial based?
840 if(base
== rdr
->hexserial
[3]) // does base match?
846 return 0; // base doesnt match!
852 } // provider based, match all!
855 // shared emm, 2 bytes addressed
857 memset(ep
->hexserial
, 0, 8);
858 memcpy(ep
->hexserial
, ep
->emm
+ 4, l
);
859 cs_hexdump(1, rdr
->hexserial
, l
, dumprdrserial
, sizeof(dumprdrserial
));
860 cs_hexdump(1, ep
->hexserial
, l
, dumpemmserial
, sizeof(dumpemmserial
));
861 rdr_log_dbg_sensitive(rdr
, D_EMM
, "SHARED l = %d ep = {%s} rdr = {%s} base = %02x",
862 l
, dumpemmserial
, dumprdrserial
, base
);
867 return ((base
== rdr
->hexserial
[3]) && (!memcmp(ep
->emm
+ 4, rdr
->hexserial
, l
)));
871 if(!memcmp(ep
->emm
+ 4, rdr
->hexserial
, l
))
876 // provider addressed
877 for(i
= 0; i
< rdr
->nprov
; i
++)
879 if((base
== rdr
->prid
[i
][0]) && (!memcmp(ep
->emm
+ 4, &rdr
->prid
[i
][1], l
)))
885 rdr_log_dbg(rdr
, D_EMM
, "neither hex nor provider addressed or unknown provider id");
889 // unique emm, 3 bytes addressed
891 memset(ep
->hexserial
, 0, 8);
892 memcpy(ep
->hexserial
, ep
->emm
+ 4, l
);
893 cs_hexdump(1, rdr
->hexserial
, l
, dumprdrserial
, sizeof(dumprdrserial
));
894 cs_hexdump(1, ep
->hexserial
, l
, dumpemmserial
, sizeof(dumpemmserial
));
895 rdr_log_dbg_sensitive(rdr
, D_EMM
, "UNIQUE l = %d ep = {%s} rdr = {%s} base = %02x",
896 l
, dumpemmserial
, dumprdrserial
, base
);
898 if(base
& 0x10) // unique hex addressed
900 return ((base
== rdr
->hexserial
[3]) && (!memcmp(ep
->emm
+ 4, rdr
->hexserial
, l
)));
904 if(!memcmp(ep
->emm
+ 4, rdr
->hexserial
, l
))
909 // unique provider addressed
910 for(i
= 0; i
< rdr
->nprov
; i
++)
912 if((base
== rdr
->prid
[i
][0]) && (!memcmp(ep
->emm
+ 4, &rdr
->prid
[i
][1], l
)))
918 rdr_log_dbg(rdr
, D_EMM
, "neither hex nor provider addressed or unknown provider id");
923 rdr_log_dbg(rdr
, D_EMM
, "UNKNOWN");
928 static int32_t irdeto_get_emm_filter(struct s_reader
*rdr
, struct s_csystem_emm_filter
**emm_filters
, unsigned int *filter_count
)
930 if(*emm_filters
== NULL
)
932 const unsigned int max_filter_count
= 3 + (rdr
->nprov
* 2);
933 if(!cs_malloc(emm_filters
, max_filter_count
* sizeof(struct s_csystem_emm_filter
)))
938 struct s_csystem_emm_filter
*filters
= *emm_filters
;
941 unsigned int idx
= 0;
943 filters
[idx
].type
= EMM_GLOBAL
;
944 filters
[idx
].enabled
= 1;
945 filters
[idx
].filter
[0] = 0x82;
946 filters
[idx
].mask
[0] = 0xFF;
947 filters
[idx
].filter
[1] = 0xF8;
948 filters
[idx
].mask
[1] = 0x07;
951 filters
[idx
].type
= EMM_UNIQUE
;
952 filters
[idx
].enabled
= 1;
953 filters
[idx
].filter
[0] = 0x82;
954 filters
[idx
].mask
[0] = 0xFF;
955 filters
[idx
].filter
[1] = 0xFB;
956 filters
[idx
].mask
[1] = 0x07;
957 memcpy(&filters
[idx
].filter
[2], rdr
->hexserial
, 3);
958 memset(&filters
[idx
].mask
[2], 0xFF, 3);
961 // Shared on Hex Serial only for Betacrypt
962 if(caid_is_betacrypt(rdr
->caid
))
964 filters
[idx
].type
= EMM_SHARED
;
965 filters
[idx
].enabled
= 1;
966 filters
[idx
].filter
[0] = 0x82;
967 filters
[idx
].mask
[0] = 0xFF;
968 filters
[idx
].filter
[1] = 0xFA;
969 filters
[idx
].mask
[1] = 0x07;
970 memcpy(&filters
[idx
].filter
[2], rdr
->hexserial
, 2);
971 memset(&filters
[idx
].mask
[2], 0xFF, 2);
976 for(i
= 0; i
< rdr
->nprov
; i
++)
978 // 00XX00 provider is a not initialised not used provider
979 if((rdr
->prid
[i
][1] == 0xFF) || ((rdr
->prid
[i
][1] == 0x00) && (rdr
->prid
[i
][3] == 0x00) && (rdr
->caid
!= 0x0647)))
984 filters
[idx
].type
= EMM_UNIQUE
;
985 filters
[idx
].enabled
= 1;
986 filters
[idx
].filter
[0] = 0x82;
987 filters
[idx
].mask
[0] = 0xFF;
988 filters
[idx
].filter
[1] = 0xFB;
989 filters
[idx
].mask
[1] = 0x07;
990 memcpy(&filters
[idx
].filter
[2], &rdr
->prid
[i
][1], 3);
991 memset(&filters
[idx
].mask
[2], 0xFF, 3);
994 filters
[idx
].type
= EMM_SHARED
;
995 filters
[idx
].enabled
= 1;
996 filters
[idx
].filter
[0] = 0x82;
997 filters
[idx
].mask
[0] = 0xFF;
998 filters
[idx
].filter
[1] = 0xFA;
999 filters
[idx
].mask
[1] = 0x07;
1000 memcpy(&filters
[idx
].filter
[2], &rdr
->prid
[i
][1], 2);
1001 memset(&filters
[idx
].mask
[2], 0xFF, 2);
1005 *filter_count
= idx
;
1011 static int32_t irdeto_get_tunemm_filter(struct s_reader
*rdr
, struct s_csystem_emm_filter
**emm_filters
, unsigned int *filter_count
)
1013 if(*emm_filters
== NULL
)
1015 const unsigned int max_filter_count
= 3;
1016 if(!cs_malloc(emm_filters
, max_filter_count
* sizeof(struct s_csystem_emm_filter
)))
1021 struct s_csystem_emm_filter
*filters
= *emm_filters
;
1024 unsigned int idx
= 0;
1026 filters
[idx
].type
= EMM_GLOBAL
;
1027 filters
[idx
].enabled
= 1;
1028 filters
[idx
].filter
[0] = 0x82;
1029 filters
[idx
].mask
[0] = 0xFF;
1032 filters
[idx
].type
= EMM_SHARED
;
1033 filters
[idx
].enabled
= 1;
1034 filters
[idx
].filter
[0] = 0x83;
1035 filters
[idx
].filter
[1] = rdr
->hexserial
[1];
1036 filters
[idx
].filter
[2] = rdr
->hexserial
[0];
1037 filters
[idx
].filter
[3] = 0x10;
1038 filters
[idx
].filter
[4] = 0x00;
1039 filters
[idx
].filter
[5] = 0x10;
1040 memset(&filters
[idx
].mask
[0], 0xFF, 6);
1043 filters
[idx
].type
= EMM_UNIQUE
;
1044 filters
[idx
].enabled
= 1;
1045 filters
[idx
].filter
[0] = 0x83;
1046 filters
[idx
].filter
[1] = rdr
->hexserial
[1];
1047 filters
[idx
].filter
[2] = rdr
->hexserial
[0];
1048 filters
[idx
].filter
[3] = 0x10;
1049 filters
[idx
].filter
[4] = rdr
->hexserial
[2];
1050 filters
[idx
].filter
[5] = 0x00;
1051 memset(&filters
[idx
].mask
[0], 0xFF, 6);
1054 *filter_count
= idx
;
1060 void irdeto_add_emm_header(EMM_PACKET
*ep
)
1062 uint8_t bt_emm
[MAX_EMM_SIZE
];
1063 static const char *typtext
[] = { "unknown", "unique", "shared", "global" };
1064 memset(bt_emm
, 0, sizeof(bt_emm
));
1067 if((ep
->emm
[0] == 0x83) && (ep
->emm
[5] == 0x10))
1069 if(ep
->emm
[7] == 0x00)
1080 if(ep
->emm
[0] == 0x82)
1086 if((ep
->type
!= UNKNOWN
) && (ep
->emmlen
== 142))
1088 cs_log_dbg(D_EMM
, "[TUN_EMM] Type: %s - rewriting header", typtext
[ep
->type
]);
1095 // BETACRYPT/IRDETO EMM HEADER:
1096 static uint8_t headerD0
[6] = { 0x82, 0x70, 0x89, 0xd0, 0x01, 0x00 }; // GLOBAL
1097 static uint8_t headerD2
[8] = { 0x82, 0x70, 0x8b, 0xd2, 0x00, 0x00, 0x01, 0x00 }; // SHARED
1098 static uint8_t headerD3
[9] = { 0x82, 0x70, 0x8c, 0xd3, 0x00, 0x00, 0x00, 0x01, 0x00 }; // UNIQUE
1103 memcpy(bt_emm
, headerD3
, sizeof(headerD3
));
1104 memcpy(bt_emm
+ sizeof(headerD3
), ep
->emm
+ 8, ep
->emmlen
- 8);
1105 bt_emm
[4] = ep
->emm
[4];
1106 bt_emm
[5] = ep
->emm
[3];
1107 bt_emm
[6] = ep
->emm
[6];
1112 memcpy(bt_emm
, headerD2
, sizeof(headerD2
));
1113 memcpy(bt_emm
+ sizeof(headerD2
), ep
->emm
+ 8, ep
->emmlen
- 8);
1114 bt_emm
[4] = ep
->emm
[4];
1115 bt_emm
[5] = ep
->emm
[3];
1120 memcpy(bt_emm
, headerD0
, sizeof(headerD0
));
1121 memcpy(bt_emm
+ sizeof(headerD0
), ep
->emm
+ 8, ep
->emmlen
- 8);
1125 memcpy(ep
->emm
, bt_emm
, sizeof(bt_emm
));
1128 #define ADDRLEN 4 // Address length in EMM commands
1130 static int32_t irdeto_do_emm(struct s_reader
*reader
, EMM_PACKET
*ep
)
1133 static const uint8_t sc_EmmCmd
[] = { 0x01, 0x00, 0x00, 0x00, 0x00 };
1134 static uint8_t sc_Acs57Emm
[] = { 0xD1, 0x00, 0x00, 0x00, 0x00 };
1135 uint8_t sc_Acs57_Cmd
[] = { ACS57EMM
, 0xFE, 0x00, 0x00, 0x00 };
1136 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
1137 uint8_t cta_cmd
[272];
1139 if(ep
->emm
[0] != 0x82)
1141 rdr_log_dbg(reader
, D_EMM
, "Invalid EMM: Has to start with 0x82, but starts with %02x!", ep
->emm
[0]);
1145 int32_t i
, l
= (ep
->emm
[3] & 0x07), ok
= 0;
1146 int32_t mode
= (ep
->emm
[3] >> 3);
1147 uint8_t *emm
= ep
->emm
;
1152 ok
= ((mode
== reader
->hexserial
[3]) && ((!l
) || (!memcmp(&emm
[4], reader
->hexserial
, l
))));
1156 ok
= !memcmp(&emm
[4], reader
->hexserial
, l
);
1158 // provider addressed
1159 for(i
= 0; i
< reader
->nprov
&& !ok
; i
++)
1161 ok
= ((mode
== reader
->prid
[i
][0]) && ((!l
) || (!memcmp(&emm
[4], &reader
->prid
[i
][1], l
))));
1170 if(csystem_data
->acs57
== 1)
1172 int32_t dataLen
= 0;
1174 if(ep
->type
== UNIQUE
)
1176 dataLen
= ep
->emm
[2] - 1;
1180 dataLen
= ep
->emm
[2];
1183 if((dataLen
< 7) || (dataLen
> ((int32_t)sizeof(ep
->emm
) - 6)) || (dataLen
> ((int32_t)sizeof(cta_cmd
) - 9)))
1185 rdr_log_dbg(reader
, D_EMM
, "dataLen %d seems wrong, faulty EMM?", dataLen
);
1189 if((ep
->type
== GLOBAL
) && (((reader
->caid
== 0x0624) && (csystem_data
->acs57
== 1)) || (reader
->caid
== 0x0648) || (reader
->caid
== 0x0650) || (reader
->caid
== 0x0653) || (reader
->caid
== 0x0666)))
1195 sc_Acs57Emm
[4] = dataLen
;
1196 memcpy(&cta_cmd
, sc_Acs57Emm
, sizeof(sc_Acs57Emm
));
1202 crc
^= (dataLen
- 1);
1203 memcpy(&cta_cmd
[5], &ep
->emm
[3], 10);
1205 if(ep
->type
== UNIQUE
)
1207 memcpy(&cta_cmd
[9], &ep
->emm
[9], dataLen
- 4);
1211 if((ep
->type
== GLOBAL
) && (((reader
->caid
== 0x0624) && (csystem_data
->acs57
== 1)) || (reader
->caid
== 0x0648) || (reader
->caid
== 0x0650) || (reader
->caid
== 0x0653) || (reader
->caid
== 0x0666)))
1213 memcpy(&cta_cmd
[9], &ep
->emm
[6], 1);
1214 memcpy(&cta_cmd
[10], &ep
->emm
[7], dataLen
- 6);
1217 else if(((reader
->caid
== 0x0624) && (csystem_data
->acs57
== 1)) || (reader
->caid
== 0x0648) || (reader
->caid
== 0x0650) || (reader
->caid
== 0x0653) || (reader
->caid
== 0x0666)) //only orf, cslink, skylink, upcdirect
1219 memcpy(&cta_cmd
[9], &ep
->emm
[8], dataLen
- 4);
1223 memcpy(&cta_cmd
[10], &ep
->emm
[9], dataLen
- 6);
1227 for(i
= 5; i
< dataLen
+ 4; i
++)
1232 cta_cmd
[dataLen
- 1 + 5] = crc
;
1233 irdeto_do_cmd(reader
, cta_cmd
, 0, cta_res
, &cta_lr
);
1234 int32_t acslength
= cta_res
[cta_lr
- 1];
1235 sc_Acs57_Cmd
[4] = acslength
;
1236 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
1238 rdr_log_dbg(reader
, D_EMM
,"response %02X %02X %02X %02X %02X (%s)",
1239 cta_res
[0], cta_res
[1], cta_res
[2], cta_res
[3], cta_res
[4],
1240 (((cta_res
[2] == 0) || (cta_res
[2] == 0x7B) || (cta_res
[2] == 0x7C)) ? "OK" : "ERROR"));
1242 if((cta_res
[2] == 0x7B) || (cta_res
[2] == 0x7C)) // chid already written or chid already up to date
1247 if(cta_res
[2] == 0x00)
1251 return ERROR
; // all other
1253 else // non acs57 based cards
1255 const int32_t dataLen
= SCT_LEN(emm
) - 5 - l
; // sizeof of emm bytes (nanos)
1257 if((dataLen
< 1) || (dataLen
> ((int32_t)sizeof(ep
->emm
) - 5 - l
))
1258 || (dataLen
> ((int32_t)sizeof(cta_cmd
) - (int32_t)sizeof(sc_EmmCmd
) - ADDRLEN
)))
1260 rdr_log_dbg(reader
, D_EMM
, "dataLen %d seems wrong, faulty EMM?", dataLen
);
1264 uint8_t *ptr
= cta_cmd
;
1265 memcpy(ptr
, sc_EmmCmd
, sizeof(sc_EmmCmd
)); // copy card command
1266 ptr
[4] = dataLen
+ ADDRLEN
; // set card command emm size
1267 ptr
+= sizeof(sc_EmmCmd
);
1269 memset(ptr
, 0, ADDRLEN
); // clear addr range
1270 memcpy(ptr
, emm
, l
); // copy addr bytes
1273 memcpy(ptr
, &emm
[2], dataLen
); // copy emm bytes]
1274 irdeto_do_cmd(reader
, cta_cmd
, 0, cta_res
, &cta_lr
);
1276 rdr_log_dbg(reader
, D_EMM
,"response %02X %02X %02X %02X %02X (%s)",
1277 cta_res
[0], cta_res
[1], cta_res
[2], cta_res
[3], cta_res
[4],
1278 (((cta_res
[cta_lr
-2] == 0) || (cta_res
[cta_lr
-2] == 0x7B) || (cta_res
[cta_lr
-2] == 0x7C)) ? "OK" : "ERROR"));
1280 if((cta_res
[cta_lr
-2] == 0x7B) || (cta_res
[cta_lr
-2] == 0x7C)) // chid already written or chid already up to date
1285 if(cta_res
[cta_lr
-2] == 0x00)
1290 return ERROR
; // all other
1295 rdr_log_dbg(reader
, D_EMM
, "addrlen %d > %d", l
, ADDRLEN
);
1301 rdr_log_dbg(reader
, D_EMM
, "EMM skipped since its hexserial or base doesnt match with this card!");
1306 static int32_t irdeto_card_info(struct s_reader
*reader
)
1310 struct irdeto_data
*csystem_data
= reader
->csystem_data
;
1312 cs_clear_entitlement(reader
); // reset the entitlements
1314 uint8_t sc_GetChanelIds
[] = { 0x02, 0x04, 0x00, 0x00, 0x01, 0x00 };
1315 uint8_t sc_Acs57Code
[] = { 0xD2, 0x16, 0x00, 0x00, 0x01 , 0x37 };
1316 uint8_t sc_Acs57Prid
[] = { 0xD2, 0x08, 0x00, 0x00, 0x02, 0x00, 0x00 };
1317 uint8_t sc_Acs57_Cmd
[] = { ACS57GET
, 0xFE, 0x00, 0x00, 0x00 };
1322 int32_t acspadd
= 0;
1323 if(csystem_data
->acs57
== 1)
1326 reader_chk_cmd(sc_Acs57Code
, 0);
1327 int32_t acslength
= cta_res
[cta_lr
- 1];
1328 sc_Acs57_Cmd
[4] = acslength
;
1329 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
1333 reader_chk_cmd(sc_GetCountryCode2
, 0);
1336 if(((cta_lr
> 9) && !(cta_res
[cta_lr
- 2] | cta_res
[cta_lr
- 1])) || (csystem_data
->acs57
== 1))
1338 rdr_log_dbg(reader
, D_READER
, "max chids: %d, %d, %d, %d",
1339 cta_res
[6 + acspadd
], cta_res
[7 + acspadd
], cta_res
[8 + acspadd
], cta_res
[9 + acspadd
]);
1344 for(i
= p
= 0; i
< reader
->nprov
; i
++)
1346 int32_t j
, k
, chid
, first
= 1;
1349 if(reader
->prid
[i
][4] != 0xff)
1352 sc_Acs57Prid
[3] = i
;
1353 sc_GetChanelIds
[3] = i
; // provider at index i
1356 // for (j=0; j<10; j++) => why 10 .. do we know for sure the there are only 10 chids !!!
1357 // shouldn't it me the max chid value we read above ?!
1359 while(1) // will exit if cta_lr < 61 .. which is the correct break condition.
1361 if(csystem_data
->acs57
== 1)
1364 sc_Acs57Prid
[5] = j
;
1368 crc
^= sc_Acs57Prid
[2];
1369 crc
^= sc_Acs57Prid
[3];
1370 crc
^= (sc_Acs57Prid
[4] - 1);
1371 crc
^= sc_Acs57Prid
[5];
1372 sc_Acs57Prid
[6] = crc
;
1373 irdeto_do_cmd(reader
, sc_Acs57Prid
, 0x903C, cta_res
, &cta_lr
);
1374 int32_t acslength
= cta_res
[cta_lr
- 1];
1376 if(acslength
== 0x09)
1381 sc_Acs57_Cmd
[4] = acslength
;
1382 reader_chk_cmd(sc_Acs57_Cmd
, acslength
+ 2);
1384 if(cta_res
[10] == 0xFF)
1389 cta_res
[cta_lr
- 3] = 0xff;
1390 cta_res
[cta_lr
- 2] = 0xff;
1391 cta_res
[cta_lr
- 1] = 0xff;
1396 sc_GetChanelIds
[5] = j
; // chid at index j for provider at index i
1397 reader_chk_cmd(sc_GetChanelIds
, 0);
1400 // if (cta_lr<61) break; // why 61 (0 to 60 in steps of 6 .. is it 10*6 from the 10 in the for loop ?
1401 // what happen if the card only send back.. 9 chids (or less)... we don't see them
1402 // so we should check whether or not we have at least 6 bytes (1 chid).
1408 for(k
= 0 + acspadd
; k
< cta_lr
; k
+= 6)
1410 chid
= b2i(2, cta_res
+ k
);
1411 if(chid
&& chid
!= 0xFFFF)
1413 time_t date
, start_t
, end_t
;
1415 start_t
= chid_date(reader
, date
= b2i(2, cta_res
+ k
+ 2), t
, 16);
1416 end_t
= chid_date(reader
, date
+ cta_res
[k
+ 4], t
+ 16, 16);
1418 // todo: add entitlements to list but produces a warning related to date variable
1419 cs_add_entitlement(reader
, reader
->caid
, b2i(3, &reader
->prid
[i
][1]), chid
, 0, start_t
, end_t
, 3, 1);
1423 rdr_log(reader
, "entitlements for provider: %d, id: %06X", p
, b2i(3, &reader
->prid
[i
][1]));
1426 rdr_log(reader
, "chid: %04X, date: %s - %s", chid
, t
, t
+ 16);
1434 rdr_log(reader
, "ready for requests");
1438 const struct s_cardsystem reader_irdeto
=
1441 .caids
= (uint16_t[]){ 0x06, 0x17, 0 },
1442 .do_emm
= irdeto_do_emm
,
1443 .do_ecm
= irdeto_do_ecm
,
1444 .card_info
= irdeto_card_info
,
1445 .card_init
= irdeto_card_init
,
1446 .get_emm_type
= irdeto_get_emm_type
,
1447 .get_emm_filter
= irdeto_get_emm_filter
,
1448 .get_tunemm_filter
= irdeto_get_tunemm_filter
,