source: trunk/module-cccam.c@ 4024

Last change on this file since 4024 was 4024, checked in by cogsi, 10 years ago

cccam: fixed cc_crypt on secondary cipher

  • Property svn:mime-type set to text/plain
File size: 95.8 KB
Line 
1#include <string.h>
2#include <stdlib.h>
3#include "globals.h"
4#include "module-cccam.h"
5#include <time.h>
6#include "reader-common.h"
7#include <poll.h>
8
9extern int pthread_mutexattr_settype(pthread_mutexattr_t *__attr, int __kind); //Needs extern defined???
10
11//Mode names for CMD_05 command:
12const char *cmd05_mode_name[] = { "UNKNOWN", "PLAIN", "AES", "CC_CRYPT", "RC4",
13 "LEN=0" };
14
15//Mode names for CMD_0C command:
16const char *cmd0c_mode_name[] = { "NONE", "RC6", "RC4", "CC_CRYPT", "AES", "IDEA" };
17
18static uint8 cc_node_id[8];
19
20#define getprefix() ((struct cc_data *)(cl->cc))->prefix
21
22
23void cc_init_crypt(struct cc_crypt_block *block, uint8 *key, int len) {
24 int i = 0;
25 uint8 j = 0;
26
27 for (i = 0; i < 256; i++) {
28 block->keytable[i] = i;
29 }
30
31 for (i = 0; i < 256; i++) {
32 j += key[i % len] + block->keytable[i];
33 SWAPC(&block->keytable[i], &block->keytable[j]);
34 }
35
36 block->state = *key;
37 block->counter = 0;
38 block->sum = 0;
39}
40
41void cc_crypt(struct cc_crypt_block *block, uint8 *data, int len,
42 cc_crypt_mode_t mode) {
43 int i;
44 uint8 z;
45
46 for (i = 0; i < len; i++) {
47 block->counter++;
48 block->sum += block->keytable[block->counter];
49 SWAPC(&block->keytable[block->counter], &block->keytable[block->sum]);
50 z = data[i];
51 data[i] = z ^ block->keytable[(block->keytable[block->counter]
52 + block->keytable[block->sum]) & 0xff];
53 data[i] ^= block->state;
54 if (!mode)
55 z = data[i];
56 block->state = block->state ^ z;
57 }
58}
59
60void cc_rc4_crypt(struct cc_crypt_block *block, uint8 *data, int len,
61 cc_crypt_mode_t mode) {
62 int i;
63 uint8 z;
64
65 for (i = 0; i < len; i++) {
66 block->counter++;
67 block->sum += block->keytable[block->counter];
68 SWAPC(&block->keytable[block->counter], &block->keytable[block->sum]);
69 z = data[i];
70 data[i] = z ^ block->keytable[(block->keytable[block->counter]
71 + block->keytable[block->sum]) & 0xff];
72 if (!mode)
73 z = data[i];
74 block->state = block->state ^ z;
75 }
76}
77
78void cc_xor(uint8 *buf) {
79 const char cccam[] = "CCcam";
80 uint8 i;
81
82 for (i = 0; i < 8; i++) {
83 buf[8 + i] = i * buf[i];
84 if (i <= 5) {
85 buf[i] ^= cccam[i];
86 }
87 }
88}
89
90void cc_cw_crypt(struct s_client *cl, uint8 *cws, uint32 cardid) {
91 struct cc_data *cc = cl->cc;
92 uint64 node_id;
93 uint8 tmp;
94 int i;
95
96 if (cl->typ != 'c') {
97 node_id = b2ll(8, cc->node_id);
98 } else {
99 node_id = b2ll(8, cc->peer_node_id);
100 }
101
102 for (i = 0; i < 16; i++) {
103 tmp = cws[i] ^ (node_id >> (4 * i));
104 if (i & 1)
105 tmp = ~tmp;
106 cws[i] = (cardid >> (2 * i)) ^ tmp;
107 }
108}
109
110void cc_crypt_cmd0c(struct s_client *cl, uint8 *buf, int len) {
111 struct cc_data *cc = cl->cc;
112 uint8 *out = malloc(len);
113
114 switch (cc->cmd0c_mode) {
115 case MODE_CMD_0x0C_NONE: { // none additional encryption
116 memcpy(out, buf, len);
117 break;
118 }
119 case MODE_CMD_0x0C_RC6 : { //RC6
120 //rc6_block_decrypt(buf, out, cc->cmd0c_RC6_cryptkey); // TODO RC6
121 break;
122 }
123 case MODE_CMD_0x0C_RC4: { // RC4
124 cc_rc4_crypt(&cc->cmd0c_cryptkey, buf, len, ENCRYPT);
125 memcpy(out, buf, len);
126 break;
127 }
128 case MODE_CMD_0x0C_CC_CRYPT: { // cc_crypt
129 cc_crypt(&cc->cmd0c_cryptkey, buf, len, DECRYPT);
130
131 buf[0] ^= 0xf0;
132 buf[15] ^= 0xf0;
133
134 memcpy(out, buf, len);
135 break;
136 }
137 case MODE_CMD_0x0C_AES: { // AES
138 int i;
139 for (i = 0; i<len / 16; i++)
140 AES_decrypt((unsigned char *) buf + i * 8,
141 (unsigned char *) out + i * 8, &cc->cmd0c_AES_key);
142 break;
143 }
144 case MODE_CMD_0x0C_IDEA : { //IDEA
145 int i;
146
147 idea_ecb_encrypt(buf, out, &cc->cmd0c_IDEA_dkey);
148 idea_ecb_encrypt(buf + 8, out + 8, &cc->cmd0c_IDEA_dkey);
149
150 for (i = 8; i < 16; i++)
151 out[i] ^= buf[i-8];
152
153 break;
154 }
155 }
156 memcpy(buf, out, len);
157 free(out);
158}
159
160void set_cmd0c_cryptkey(struct s_client *cl, uint8 *key, uint8 len) {
161 struct cc_data *cc = cl->cc;
162 uint8 key_buf[32];
163
164 memset(&key_buf, 0, sizeof(key_buf));
165
166 if (len > 32)
167 len = 32;
168
169 memcpy(key_buf, key, len);
170
171 switch (cc->cmd0c_mode) {
172
173 case MODE_CMD_0x0C_NONE : { //NONE
174 break;
175 }
176 case MODE_CMD_0x0C_RC6 : { //RC6
177 rc6_key_setup(key_buf, 32, cc->cmd0c_RC6_cryptkey);
178 break;
179 }
180
181 case MODE_CMD_0x0C_RC4: //RC4
182 case MODE_CMD_0x0C_CC_CRYPT: { //CC_CRYPT
183 cc_init_crypt(&cc->cmd0c_cryptkey, key_buf, 32);
184 break;
185 }
186
187 case MODE_CMD_0x0C_AES: { //AES
188 memset(&cc->cmd0c_AES_key, 0, sizeof(cc->cmd0c_AES_key));
189 AES_set_decrypt_key((unsigned char *) key_buf, 256, &cc->cmd0c_AES_key);
190 break;
191 }
192
193 case MODE_CMD_0x0C_IDEA : { //IDEA
194 IDEA_KEY_SCHEDULE ekey;
195
196 idea_set_encrypt_key(key_buf, &ekey);
197 idea_set_decrypt_key(&ekey,&cc->cmd0c_IDEA_dkey);
198 break;
199 }
200 }
201}
202
203int sid_eq(struct cc_srvid *srvid1, struct cc_srvid *srvid2) {
204 return (srvid1->sid == srvid2->sid && (srvid1->ecmlen == srvid2->ecmlen || !srvid1->ecmlen || !srvid2->ecmlen));
205}
206
207int is_sid_blocked(struct cc_card *card, struct cc_srvid *srvid_blocked) {
208 LL_ITER *it = ll_iter_create(card->badsids);
209 struct cc_srvid *srvid;
210 while ((srvid = ll_iter_next(it))) {
211 if (sid_eq(srvid, srvid_blocked)) {
212 ll_iter_release(it);
213 return 1;
214 }
215 }
216 ll_iter_release(it);
217 return 0;
218}
219
220int is_good_sid(struct cc_card *card, struct cc_srvid *srvid_good) {
221 LL_ITER *it = ll_iter_create(card->goodsids);
222 struct cc_srvid *srvid;
223 while ((srvid = ll_iter_next(it))) {
224 if (sid_eq(srvid, srvid_good)) {
225 ll_iter_release(it);
226 return 1;
227 }
228 }
229 ll_iter_release(it);
230 return 0;
231}
232
233void add_sid_block(struct s_client *cl __attribute__((unused)), struct cc_card *card,
234 struct cc_srvid *srvid_blocked) {
235 if (is_sid_blocked(card, srvid_blocked))
236 return;
237
238 struct cc_srvid *srvid = malloc(sizeof(struct cc_srvid));
239 if (srvid) {
240 *srvid = *srvid_blocked;
241 ll_append(card->badsids, srvid);
242 cs_debug_mask(D_TRACE, "%s added sid block %04X(%d) for card %08x",
243 getprefix(), srvid_blocked->sid, srvid_blocked->ecmlen,
244 card->id);
245 }
246}
247
248void remove_sid_block(struct cc_card *card, struct cc_srvid *srvid_blocked) {
249 LL_ITER *it = ll_iter_create(card->badsids);
250 struct cc_srvid *srvid;
251 while ((srvid = ll_iter_next(it)))
252 if (sid_eq(srvid, srvid_blocked))
253 ll_iter_remove_data(it);
254 ll_iter_release(it);
255}
256
257void remove_good_sid(struct cc_card *card, struct cc_srvid *srvid_good) {
258 LL_ITER *it = ll_iter_create(card->goodsids);
259 struct cc_srvid *srvid;
260 while ((srvid = ll_iter_next(it)))
261 if (sid_eq(srvid, srvid_good))
262 ll_iter_remove_data(it);
263 ll_iter_release(it);
264}
265
266void add_good_sid(struct s_client *cl __attribute__((unused)), struct cc_card *card,
267 struct cc_srvid *srvid_good) {
268 if (is_good_sid(card, srvid_good))
269 return;
270
271 remove_sid_block(card, srvid_good);
272 struct cc_srvid *srvid = malloc(sizeof(struct cc_srvid));
273 if (srvid) {
274 memcpy(srvid, srvid_good, sizeof(struct cc_srvid));
275 ll_append(card->goodsids, srvid);
276 cs_debug_mask(D_TRACE, "%s added good sid %04X(%d) for card %08x",
277 getprefix(), srvid_good->sid, srvid_good->ecmlen, card->id);
278 }
279}
280
281void free_current_cards(LLIST *current_cards) {
282 LL_ITER *it = ll_iter_create(current_cards);
283 struct cc_current_card *c;
284 while ((c = ll_iter_next(it)))
285 c = ll_iter_remove(it);
286 ll_iter_release(it);
287}
288
289/**
290 * reader
291 * clears and frees values for reinit
292 */
293void cc_cli_close(struct s_client *cl, int call_conclose) {
294 cs_debug_mask(D_FUT, "cc_cli_close in");
295 struct s_reader *rdr = cl->reader;
296 struct cc_data *cc = cl->cc;
297 if (!rdr || !cc)
298 return;
299
300 rdr->tcp_connected = 0;
301 rdr->card_status = NO_CARD;
302 rdr->available = 0;
303 rdr->card_system = 0;
304 rdr->ncd_msgid = 0;
305 rdr->last_s = rdr->last_g = 0;
306
307 if (cc->mode == CCCAM_MODE_NORMAL && call_conclose)
308 network_tcp_connection_close(cl, cl->udp_fd);
309 else {
310 if (cl->udp_fd)
311 close(cl->udp_fd);
312 cl->udp_fd = 0;
313 cl->pfd = 0;
314 }
315
316 cc->just_logged_in = 0;
317 free_current_cards(cc->current_cards);
318 cs_debug_mask(D_FUT, "cc_cli_close out");
319}
320
321struct cc_extended_ecm_idx *add_extended_ecm_idx(struct s_client *cl,
322 uint8 send_idx, ushort ecm_idx, struct cc_card *card,
323 struct cc_srvid srvid) {
324 struct cc_data *cc = cl->cc;
325 struct cc_extended_ecm_idx *eei =
326 malloc(sizeof(struct cc_extended_ecm_idx));
327 eei->send_idx = send_idx;
328 eei->ecm_idx = ecm_idx;
329 eei->card = card;
330 eei->srvid = srvid;
331 ll_append(cc->extended_ecm_idx, eei);
332 //cs_debug_mask(D_TRACE, "%s add extended ecm-idx: %d:%d", getprefix(), send_idx, ecm_idx);
333 return eei;
334}
335
336struct cc_extended_ecm_idx *get_extended_ecm_idx(struct s_client *cl,
337 uint8 send_idx, int remove) {
338 struct cc_data *cc = cl->cc;
339 struct cc_extended_ecm_idx *eei;
340 LL_ITER *it = ll_iter_create(cc->extended_ecm_idx);
341 while ((eei = ll_iter_next(it))) {
342 if (eei->send_idx == send_idx) {
343 if (remove)
344 ll_iter_remove(it);
345 //cs_debug_mask(D_TRACE, "%s get by send-idx: %d FOUND: %d",
346 // getprefix(), send_idx, eei->ecm_idx);
347 ll_iter_release(it);
348 return eei;
349 }
350 }
351 ll_iter_release(it);
352 cs_debug_mask(D_TRACE, "%s get by send-idx: %d NOT FOUND", getprefix(),
353 send_idx);
354 return NULL;
355}
356
357struct cc_extended_ecm_idx *get_extended_ecm_idx_by_idx(struct s_client *cl,
358 ushort ecm_idx, int remove) {
359 struct cc_data *cc = cl->cc;
360 struct cc_extended_ecm_idx *eei;
361 LL_ITER *it = ll_iter_create(cc->extended_ecm_idx);
362 while ((eei = ll_iter_next(it))) {
363 if (eei->ecm_idx == ecm_idx) {
364 if (remove)
365 ll_iter_remove(it);
366 //cs_debug_mask(D_TRACE, "%s get by ecm-idx: %d FOUND: %d",
367 // getprefix(), ecm_idx, eei->send_idx);
368 ll_iter_release(it);
369 return eei;
370 }
371 }
372 ll_iter_release(it);
373 cs_debug_mask(D_TRACE, "%s get by ecm-idx: %d NOT FOUND", getprefix(),
374 ecm_idx);
375 return NULL;
376}
377
378void cc_reset_pending(struct s_client *cl, int ecm_idx) {
379 int i = 0;
380 for (i = 0; i < CS_MAXPENDING; i++) {
381 if (cl->ecmtask[i].idx == ecm_idx && cl->ecmtask[i].rc == 101)
382 cl->ecmtask[i].rc = 100; //Mark unused
383 }
384}
385
386void free_extended_ecm_idx_by_card(struct s_client *cl, struct cc_card *card) {
387 struct cc_data *cc = cl->cc;
388 struct cc_extended_ecm_idx *eei;
389 LL_ITER *it = ll_iter_create(cc->extended_ecm_idx);
390 while ((eei = ll_iter_next(it))) {
391 if (eei->card == card) {
392 cc_reset_pending(cl, eei->ecm_idx);
393 ll_iter_remove_data(it);
394 }
395 }
396 ll_iter_release(it);
397}
398
399void free_extended_ecm_idx(struct cc_data *cc) {
400 struct cc_extended_ecm_idx *eei;
401 LL_ITER *it = ll_iter_create(cc->extended_ecm_idx);
402 while ((eei = ll_iter_next(it)))
403 ll_iter_remove_data(it);
404 ll_iter_release(it);
405}
406
407/**
408 * reader
409 * closes the connection and reopens it.
410 */
411//static void cc_cycle_connection() {
412// cc_cli_close();
413// cc_cli_init();
414//}
415
416/**
417 * reader+server:
418 * receive a message
419 */
420int cc_msg_recv(struct s_client *cl, uint8 *buf) {
421 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
422
423 int len;
424 uint8 netbuf[CC_MAXMSGSIZE + 4];
425 struct cc_data *cc = cl->cc;
426
427 int handle = cl->udp_fd;
428
429 if (handle <= 0)
430 return -1;
431
432 len = recv(handle, netbuf, 4, MSG_WAITALL);
433 if (cl->typ != 'c')
434 rdr->last_g = time(NULL);
435
436 if (len != 4) { // invalid header length read
437 if (len <= 0)
438 cs_log("%s disconnected by remote server", getprefix());
439 else
440 cs_log("%s invalid header length (expected 4, read %d)", getprefix(), len);
441 return -1;
442 }
443
444 cc_crypt(&cc->block[DECRYPT], netbuf, 4, DECRYPT);
445 //cs_ddump(netbuf, 4, "cccam: decrypted header:");
446
447 cc->g_flag = netbuf[0];
448
449 int size = (netbuf[2] << 8) | netbuf[3];
450 if (size) { // check if any data is expected in msg
451 if (size > CC_MAXMSGSIZE - 2) {
452 cs_log("%s message too big (size=%d)", getprefix(), size);
453 return 0;
454 }
455
456 len = recv(handle, netbuf + 4, size, MSG_WAITALL); // read rest of msg
457 if (cl->typ != 'c')
458 rdr->last_g = time(NULL);
459
460 if (len != size) {
461 if (len <= 0)
462 cs_log("%s disconnected by remote", getprefix());
463 else
464 cs_log("%s invalid message length read (expected %d, read %d)",
465 getprefix(), size, len);
466 return -1;
467 }
468
469 cc_crypt(&cc->block[DECRYPT], netbuf + 4, len, DECRYPT);
470 len += 4;
471 }
472
473 cs_ddump(netbuf, len, "cccam: full decrypted msg, len=%d:", len);
474
475 memcpy(buf, netbuf, len);
476 return len;
477}
478
479/**
480 * reader+server
481 * send a message
482 */
483int cc_cmd_send(struct s_client *cl, uint8 *buf, int len, cc_msg_type_t cmd) {
484 if (!cl->udp_fd) //disconnected
485 return -1;
486
487 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
488
489 int n;
490 uint8 netbuf[len + 4];
491 struct cc_data *cc = cl->cc;
492
493 memset(netbuf, 0, len + 4);
494
495 if (cmd == MSG_NO_HEADER) {
496 memcpy(netbuf, buf, len);
497 } else {
498 // build command message
499 netbuf[0] = cc->g_flag; // flags??
500 netbuf[1] = cmd & 0xff;
501 netbuf[2] = len >> 8;
502 netbuf[3] = len & 0xff;
503 if (buf)
504 memcpy(netbuf + 4, buf, len);
505 len += 4;
506 }
507
508 cs_ddump(netbuf, len, "cccam: send:");
509 cc_crypt(&cc->block[ENCRYPT], netbuf, len, ENCRYPT);
510
511 n = send(cl->udp_fd, netbuf, len, 0);
512 if (rdr)
513 rdr->last_s = time(NULL);
514
515 if (n != len) {
516 if (rdr)
517 cc_cli_close(cl, TRUE);
518 }
519
520 return n;
521}
522
523#define CC_DEFAULT_VERSION 1
524char *version[] = { "2.0.11", "2.1.1", "2.1.2", "2.1.3", "2.1.4", "2.2.0", "2.2.1", "" };
525char *build[] = { "2892", "2971", "3094", "3165", "3191", "3290", "3316", "" };
526
527/**
528 * reader+server
529 * checks the cccam-version in the configuration
530 */
531void cc_check_version(char *cc_version, char *cc_build) {
532 int i;
533 for (i = 0; strlen(version[i]); i++) {
534 if (!memcmp(cc_version, version[i], strlen(version[i]))) {
535 memcpy(cc_build, build[i], strlen(build[i]) + 1);
536 cs_debug("cccam: auto build set for version: %s build: %s",
537 cc_version, cc_build);
538 return;
539 }
540 }
541 memcpy(cc_version, version[CC_DEFAULT_VERSION], strlen(
542 version[CC_DEFAULT_VERSION]));
543 memcpy(cc_build, build[CC_DEFAULT_VERSION], strlen(
544 build[CC_DEFAULT_VERSION]));
545
546 cs_debug("cccam: auto version set: %s build: %s", cc_version, cc_build);
547}
548
549/**
550 * reader
551 * sends own version information to the CCCam server
552 */
553int cc_send_cli_data(struct s_client *cl) {
554 struct s_reader *rdr = cl->reader;
555
556 int i;
557 struct cc_data *cc = cl->cc;
558
559 cs_debug("cccam: send client data");
560
561 memcpy(cc->node_id, cc_node_id, sizeof(cc_node_id));
562
563 uint8 buf[CC_MAXMSGSIZE];
564 memset(buf, 0, CC_MAXMSGSIZE);
565
566 memcpy(buf, rdr->r_usr, sizeof(rdr->r_usr));
567 memcpy(buf + 20, cc->node_id, 8);
568 buf[28] = rdr->cc_want_emu; // <-- Client want to have EMUs, 0 - NO; 1 - YES
569 memcpy(buf + 29, rdr->cc_version, sizeof(rdr->cc_version)); // cccam version (ascii)
570 memcpy(buf + 61, rdr->cc_build, sizeof(rdr->cc_build)); // build number (ascii)
571
572 cs_log("%s sending own version: %s, build: %s", getprefix(),
573 rdr->cc_version, rdr->cc_build);
574
575 i = cc_cmd_send(cl, buf, 20 + 8 + 6 + 26 + 4 + 28 + 1, MSG_CLI_DATA);
576
577 return i;
578}
579
580/**
581 * server
582 * sends version information to the client
583 */
584int cc_send_srv_data(struct s_client *cl) {
585 struct cc_data *cc = cl->cc;
586
587 cs_debug("cccam: send server data");
588
589 memcpy(cc->node_id, cc_node_id, sizeof(cc_node_id));
590
591 uint8 buf[CC_MAXMSGSIZE];
592 memset(buf, 0, CC_MAXMSGSIZE);
593
594 memcpy(buf, cc->node_id, 8);
595 char cc_build[7];
596 cc_check_version((char *) cfg->cc_version, cc_build);
597 memcpy(buf + 8, cfg->cc_version, sizeof(cfg->cc_version)); // cccam version (ascii)
598 memcpy(buf + 40, cc_build, sizeof(cc_build)); // build number (ascii)
599
600 cs_log("%s version: %s, build: %s nodeid: %s", getprefix(),
601 cfg->cc_version, cc_build, cs_hexdump(0, cc->peer_node_id, 8));
602
603 return cc_cmd_send(cl, buf, 0x48, MSG_SRV_DATA);
604}
605
606/**
607 * reader
608 * retrieves the next waiting ecm request
609 */
610int cc_get_nxt_ecm(struct s_client *cl) {
611 int n, i;
612 time_t t;
613
614 t = time(NULL);
615 n = -1;
616 for (i = 0; i < CS_MAXPENDING; i++) {
617 if ((t - (ulong) cl->ecmtask[i].tps.time > ((cfg->ctimeout + 500)
618 / 1000) + 1) && (cl->ecmtask[i].rc >= 10)) // drop timeouts
619 {
620 cl->ecmtask[i].rc = 0;
621 }
622
623 if (cl->ecmtask[i].rc >= 10 && cl->ecmtask[i].rc != 101) { // stil active and waiting
624 // search for the ecm with the lowest time, this should be the next to go
625 if (n < 0 || cl->ecmtask[n].tps.time - cl->ecmtask[i].tps.time < 0) {
626
627 //check for already pending:
628 if (((struct cc_data*)cl->cc)->extended_mode) {
629 int j,found;
630 for (found=j=0;j<CS_MAXPENDING;j++) {
631 if (i!=j && cl->ecmtask[j].rc == 101 &&
632 cl->ecmtask[i].caid==cl->ecmtask[j].caid &&
633 cl->ecmtask[i].ecmd5==cl->ecmtask[j].ecmd5) {
634 found=1;
635 break;
636 }
637 }
638 if (!found)
639 n = i;
640 }
641 else
642 n = i;
643 }
644 }
645 }
646 return n;
647}
648
649/**
650 * sends the secret cmd05 answer to the server
651 */
652int send_cmd05_answer(struct s_client *cl) {
653 struct s_reader *rdr = cl->reader;
654 struct cc_data *cc = cl->cc;
655 if (!cc->cmd05_active || !rdr->available) //exit if not in cmd05 or waiting for ECM answer
656 return 0;
657
658 cc->cmd05_active--;
659 if (cc->cmd05_active)
660 return 0;
661
662 uint8 *data = cc->cmd05_data;
663 cc_cmd05_mode cmd05_mode = MODE_UNKNOWN;
664
665 // by Project:Keynation
666 switch (cc->cmd05_data_len) {
667 case 0: { //payload 0, return with payload 0!
668 cc_cmd_send(cl, NULL, 0, MSG_CMD_05);
669 cmd05_mode = MODE_LEN0;
670 break;
671 }
672 case 256: {
673 cmd05_mode = cc->cmd05_mode;
674 switch (cmd05_mode) {
675 case MODE_PLAIN: { //Send plain unencrypted back
676 cc_cmd_send(cl, data, 256, MSG_CMD_05);
677 break;
678 }
679 case MODE_AES: { //encrypt with received aes128 key:
680 AES_KEY key;
681 uint8 aeskey[16];
682 uint8 out[256];
683
684 memcpy(aeskey, cc->cmd05_aeskey, 16);
685 memset(&key, 0, sizeof(key));
686
687 AES_set_encrypt_key((unsigned char *) &aeskey, 128, &key);
688 int i;
689 for (i = 0; i < 256; i += 16)
690 AES_encrypt((unsigned char *) data + i, (unsigned char *) &out
691 + i, &key);
692
693 cc_cmd_send(cl, out, 256, MSG_CMD_05);
694 break;
695 }
696 case MODE_CC_CRYPT: { //encrypt with cc_crypt:
697 cc_crypt(&cc->cmd05_cryptkey, data, 256, ENCRYPT);
698 cc_cmd_send(cl, data, 256, MSG_CMD_05);
699 break;
700 }
701 case MODE_RC4_CRYPT: {//special xor crypt:
702 cc_rc4_crypt(&cc->cmd05_cryptkey, data, 256, DECRYPT);
703 cc_cmd_send(cl, data, 256, MSG_CMD_05);
704 break;
705 }
706 default:
707 cmd05_mode = MODE_UNKNOWN;
708 }
709 break;
710 }
711 default:
712 cmd05_mode = MODE_UNKNOWN;
713 }
714
715 //unhandled types always needs cycle connection after 50 ECMs!!
716 if (cmd05_mode == MODE_UNKNOWN) {
717 cc_cmd_send(cl, NULL, 0, MSG_CMD_05);
718 if (!cc->max_ecms) { //max_ecms already set?
719 cc->max_ecms = 50;
720 cc->ecm_counter = 0;
721 }
722 }
723 cs_debug_mask(D_TRACE, "%s sending CMD_05 back! MODE: %s len=%d",
724 getprefix(), cmd05_mode_name[cmd05_mode], cc->cmd05_data_len);
725
726 cc->cmd05NOK = 1;
727 return 1;
728}
729
730struct cc_current_card *cc_find_current_card(struct cc_data *cc,
731 struct cc_card *card) {
732 LL_ITER *it = ll_iter_create(cc->current_cards);
733 struct cc_current_card *c;
734 while ((c = ll_iter_next(it)))
735 if (c->card == card) {
736 ll_iter_release(it);
737 return c;
738 }
739 ll_iter_release(it);
740 return NULL;
741}
742
743struct cc_current_card *cc_find_current_card_by_srvid(struct cc_data *cc,
744 ushort caid, ulong prov, struct cc_srvid *srvid) {
745 LL_ITER *it = ll_iter_create(cc->current_cards);
746 struct cc_current_card *c;
747 while ((c = ll_iter_next(it)))
748 if (c->card->caid == caid && c->prov == prov
749 && sid_eq(&c->srvid, srvid)) {
750 ll_iter_release(it);
751 return c;
752 }
753 ll_iter_release(it);
754 return NULL;
755}
756
757void cc_remove_current_card(struct cc_data *cc,
758 struct cc_current_card *current_card) {
759 LL_ITER *it = ll_iter_create(cc->current_cards);
760 struct cc_current_card *c;
761 while ((c = ll_iter_next(it)))
762 if (c == current_card)
763 ll_iter_remove_data(it);
764 ll_iter_release(it);
765}
766
767int get_UA_len(uint16 caid) {
768 int len = 0;
769 switch (caid >> 8) {
770 case 0x0D://CRYPTOWORKS:
771 len = 5;
772 break;
773 case 0x0B: //CONAX:
774 len = 6;
775 break;
776 case 0x06:
777 case 0x17: //IRDETO:
778 len = 8;
779 break;
780 case 0x4B: //TONGFANG:
781 len = 4;
782 break;
783 case 0x09: //VIDEOGUARD:
784 len = 4;
785 break;
786 case 0x18: //NAGRA:
787 len = 4;
788 break;
789 case 0x05: //VIACCESS:
790 len = 5;
791 break;
792 case 0x4A: //DRE:
793 len = 6;
794 break;
795 case 0x01: //SECA:
796 len = 6;
797 break;
798 default:
799 len = 8;
800 break;
801 }
802 return len;
803}
804
805int get_UA_ofs(uint16 caid) {
806 int ofs = 0;
807 switch (caid >> 8) {
808 case 0x4B: //TONGFANG:
809 ofs = 2;
810 break;
811 case 0x09: //VIDEOGUARD:
812 ofs = 2;
813 break;
814 case 0x18: //NAGRA:
815 ofs = 2;
816 break;
817 case 0x4A: //DRE:
818 ofs = 2;
819 break;
820 }
821 return ofs;
822}
823
824void cc_UA_oscam2cccam(uint8 *in, uint8 *out, uint16 caid) {
825 int len = get_UA_len(caid);
826 int ofs = get_UA_ofs(caid);
827 memset(out, 0, 8);
828 memcpy(out+8-len, in+ofs, len); //set UA trailing/leading zeros
829}
830
831void cc_UA_cccam2oscam(uint8 *in, uint8 *out, uint16 caid) {
832 int len = get_UA_len(caid);
833 int ofs_oscam = get_UA_ofs(caid);
834 int ofs_cccam = 0;
835 int i;
836 for (i=0;i<(8-len);i++) {
837 if (!in[ofs_cccam]) //ignore leading "00"
838 ofs_cccam++;
839 else
840 break;
841 }
842 memset(out, 0, 8);
843 memcpy(out+ofs_oscam, in+ofs_cccam, len);
844}
845
846void cc_SA_oscam2cccam(uint8 *in, uint8 *out) {
847 // out[0] = in[3];
848 // out[1] = in[2];
849 // out[2] = in[1];
850 // out[3] = in[0];
851 memcpy(out, in, 4);
852}
853
854void cc_SA_cccam2oscam(uint8 *in, uint8 *out) {
855 // out[0] = in[3];
856 // out[1] = in[2];
857 // out[2] = in[1];
858 // out[3] = in[0];
859 memcpy(out, in, 4);
860}
861
862int cc_UA_valid(uint8 *ua) {
863 int i;
864 for (i = 0; i < 8; i++)
865 if (ua[i])
866 return 1;
867 return 0;
868}
869
870/**
871 * Updates AU Data: UA (Unique ID / Hexserial) und SA (Shared ID - Provider)
872 */
873void set_au_data(struct s_client *cl __attribute__((unused)), struct s_reader *rdr, struct cc_card *card, ECM_REQUEST *cur_er) {
874 if (rdr->audisabled || !cc_UA_valid(card->hexserial))
875 return;
876
877 rdr->card_system = get_cardsystem(card->caid);
878 cc_UA_cccam2oscam(card->hexserial, rdr->hexserial, rdr->caid[0]);
879
880 cs_debug_mask(D_EMM,
881 "%s au info: caid %04X card system: %d UA: %s",
882 getprefix(), card->caid, rdr->card_system, cs_hexdump(0,
883 rdr->hexserial, 8));
884
885 rdr->nprov = 0;
886 LL_ITER *it2 = ll_iter_create(card->providers);
887 struct cc_provider *provider;
888 int p = 0;
889 while ((provider = ll_iter_next(it2))) {
890 if (!cur_er || provider->prov == cur_er->prid) {
891 memcpy(&rdr->prid[p], &provider->prov, sizeof(provider->prov));
892 cc_SA_cccam2oscam(provider->sa, rdr->sa[p]);
893
894 cs_debug_mask(D_EMM, "%s au info: provider: %06lX:%02X%02X%02X%02X", getprefix(),
895 provider->prov,
896 provider->sa[0], provider->sa[1], provider->sa[2],
897 provider->sa[3]);
898
899 p++;
900 rdr->nprov = p;
901 if (p >= CS_MAXPROV) break;
902 }
903 }
904 ll_iter_release(it2);
905}
906
907/**
908 * reader
909 * sends a ecm request to the connected CCCam Server
910 */
911int cc_send_ecm(struct s_client *cl, ECM_REQUEST *er, uchar *buf) {
912 cs_debug_mask(D_FUT, "cc_send_ecm in");
913 struct s_reader *rdr = cl->reader;
914
915 //cs_debug_mask(D_TRACE, "%s cc_send_ecm", getprefix());
916 if (!rdr->tcp_connected)
917 cc_cli_connect(cl);
918
919 int n, h = -1;
920 struct cc_data *cc = cl->cc;
921 struct cc_card *card;
922 struct cc_current_card *current_card;
923 LL_ITER *it;
924 ECM_REQUEST *cur_er;
925 struct timeb cur_time;
926 cs_ftime(&cur_time);
927
928 if (!cc || (cl->pfd < 1) || !rdr->tcp_connected) {
929 if (er) {
930 er->rc = 0;
931 er->rcEx = 0x27;
932 cs_debug_mask(D_TRACE, "%s server not init! ccinit=%d pfd=%d",
933 rdr->label, cc ? 1 : 0, cl->pfd);
934 write_ecm_answer(rdr, er);
935 }
936 //cc_cli_close(cl);
937 cs_debug_mask(D_FUT, "cc_send_ecm out");
938 return 0;
939 }
940
941 if (rdr->tcp_connected != 2) {
942 cs_debug_mask(D_TRACE, "%s Waiting for CARDS", getprefix());
943 return 0;
944 }
945
946 //No Card? Waiting for shares
947 if (!ll_count(cc->cards)) {
948 rdr->fd_error++;
949 cs_debug_mask(D_TRACE, "%s NO CARDS!", getprefix());
950 return 0;
951 }
952
953 cc->just_logged_in = 0;
954
955 if (!cc->extended_mode) {
956 //Without extended mode, only one ecm at a time could be send
957 //this is a limitation of "O" CCCam
958 if (pthread_mutex_trylock(&cc->ecm_busy) == EBUSY) { //Unlock by NOK or ECM ACK
959 cs_debug_mask(D_TRACE,
960 "%s ecm trylock: ecm busy, retrying later after msg-receive",
961 getprefix());
962
963 struct timeb timeout;
964 timeout = cc->ecm_time;
965 unsigned int tt = cfg->ctimeout * 4;
966 timeout.time += tt / 1000;
967 timeout.millitm += tt % 1000;
968
969 if (comp_timeb(&cur_time, &timeout) < 0) { //TODO: Configuration?
970 return 0; //pending send...
971 } else {
972 cs_debug_mask(D_TRACE,
973 "%s unlocked-cycleconnection! timeout %ds",
974 getprefix(), tt / 1000);
975 //cc_cycle_connection();
976 cc_cli_close(cl, TRUE);
977 cs_debug_mask(D_FUT, "cc_send_ecm out");
978 return 0;
979 }
980 }
981 cs_debug("cccam: ecm trylock: got lock");
982 }
983 cc->ecm_time = cur_time;
984 rdr->available = cc->extended_mode;
985
986 //Search next ECM to send:
987 if ((n = cc_get_nxt_ecm(cl)) < 0) {
988 if (!cc->extended_mode) {
989 rdr->available = 1;
990 pthread_mutex_unlock(&cc->ecm_busy);
991 }
992 cs_debug("%s no ecm pending!", getprefix());
993 if (!cc_send_pending_emms(cl))
994 send_cmd05_answer(cl);
995 cs_debug_mask(D_FUT, "cc_send_ecm out");
996 return 0; // no queued ecms
997 }
998 cur_er = &cl->ecmtask[n];
999 cur_er->rc = 101; //mark ECM as already send
1000 cs_debug("cccam: ecm-task %d", cur_er->idx);
1001
1002 if (buf)
1003 memcpy(buf, cur_er->ecm, cur_er->l);
1004
1005 struct cc_srvid cur_srvid;
1006 cur_srvid.sid = cur_er->srvid;
1007 cur_srvid.ecmlen = cur_er->l;
1008
1009 pthread_mutex_lock(&cc->cards_busy);
1010 //search cache:
1011 current_card = cc_find_current_card_by_srvid(cc, cur_er->caid,
1012 cur_er->prid, &cur_srvid);
1013 if (current_card) {
1014 if (!current_card->card || is_sid_blocked(current_card->card,
1015 &cur_srvid)) {
1016 cc_remove_current_card(cc, current_card);
1017 current_card = NULL;
1018 }
1019 }
1020 if (current_card)
1021 card = current_card->card;
1022 else
1023 card = NULL;
1024
1025 //then check all other cards
1026 if (!card) {
1027 it = ll_iter_create(cc->cards);
1028 struct cc_card *ncard;
1029 while ((ncard = ll_iter_next(it))) {
1030 if (ncard->caid == cur_er->caid) { // caid matches
1031 if (is_sid_blocked(ncard, &cur_srvid))
1032 continue;
1033
1034 if (!ncard->providers || !ncard->providers->initial) { //card has no providers:
1035 if (h < 0 || ncard->hop < h || (ncard->hop == h
1036 && cc_UA_valid(ncard->hexserial))) {
1037 // ncard is closer
1038 card = ncard;
1039 h = ncard->hop; // ncard has been matched
1040 }
1041
1042 }
1043 else { //card has providers
1044 LL_ITER *it2 = ll_iter_create(ncard->providers);
1045 struct cc_provider *provider;
1046 while ((provider = ll_iter_next(it2))) {
1047 if (!cur_er->prid || !provider->prov || provider->prov
1048 == cur_er->prid) { // provid matches
1049 if (h < 0 || ncard->hop < h || (ncard->hop == h
1050 && cc_UA_valid(ncard->hexserial))) {
1051 // ncard is closer
1052 card = ncard;
1053 h = ncard->hop; // ncard has been matched
1054 }
1055 }
1056 }
1057 ll_iter_release(it2);
1058 }
1059 }
1060 }
1061 ll_iter_release(it);
1062 }
1063
1064 if (card) {
1065 if (!current_card) {
1066 current_card = malloc(sizeof(struct cc_current_card));
1067 current_card->card = card;
1068 current_card->prov = cur_er->prid;
1069 current_card->srvid = cur_srvid;
1070 ll_insert_at(cc->current_cards, current_card, 0);
1071 }
1072
1073 card->time = time((time_t) 0);
1074 uint8 ecmbuf[CC_MAXMSGSIZE];
1075 memset(ecmbuf, 0, CC_MAXMSGSIZE);
1076
1077 // build ecm message
1078 ecmbuf[0] = card->caid >> 8;
1079 ecmbuf[1] = card->caid & 0xff;
1080 ecmbuf[2] = cur_er->prid >> 24;
1081 ecmbuf[3] = cur_er->prid >> 16;
1082 ecmbuf[4] = cur_er->prid >> 8;
1083 ecmbuf[5] = cur_er->prid & 0xff;
1084 ecmbuf[6] = card->id >> 24;
1085 ecmbuf[7] = card->id >> 16;
1086 ecmbuf[8] = card->id >> 8;
1087 ecmbuf[9] = card->id & 0xff;
1088 ecmbuf[10] = cur_er->srvid >> 8;
1089 ecmbuf[11] = cur_er->srvid & 0xff;
1090 ecmbuf[12] = cur_er->l & 0xff;
1091 memcpy(ecmbuf + 13, cur_er->ecm, cur_er->l);
1092
1093 uint8 send_idx = 1;
1094 if (cc->extended_mode) {
1095 cc->server_ecm_idx++;
1096 if (cc->server_ecm_idx >= 256)
1097 cc->server_ecm_idx = 1;
1098 cc->g_flag = cc->server_ecm_idx; //Flag is used as index!
1099 send_idx = cc->g_flag;
1100 }
1101
1102 add_extended_ecm_idx(cl, send_idx, cur_er->idx, card, cur_srvid);
1103
1104 rdr->cc_currenthops = card->hop;
1105
1106 cs_log(
1107 "%s sending ecm for sid %04X(%d) to card %08x, hop %d, ecmtask %d",
1108 getprefix(), cur_er->srvid, cur_er->l, card->id, card->hop,
1109 cur_er->idx);
1110 cc_cmd_send(cl, ecmbuf, cur_er->l + 13, MSG_CW_ECM); // send ecm
1111
1112 //For EMM
1113 set_au_data(cl, rdr, card, cur_er);
1114 pthread_mutex_unlock(&cc->cards_busy);
1115 cs_debug_mask(D_FUT, "cc_send_ecm out");
1116 return 0;
1117 } else {
1118 //When connecting, it could happen than ecm requests come before all cards are received.
1119 //So if the last Message was a MSG_NEW_CARD, this "card receiving" is not already done
1120 //if this happens, we do not autoblock it and do not set rc status
1121 //So fallback could resolve it
1122 if (cc->last_msg != MSG_NEW_CARD && cc->last_msg != MSG_NEW_CARD_SIDINFO && !cc->just_logged_in) {
1123 cs_log("%s no suitable card on server", getprefix());
1124
1125 cur_er->rc = 0;
1126 cur_er->rcEx = 0x27;
1127 write_ecm_answer(rdr, cur_er);
1128 //cur_er->rc = 1;
1129 //cur_er->rcEx = 0;
1130 //cs_sleepms(300);
1131 rdr->last_s = rdr->last_g;
1132
1133 //reopen all blocked sids for this srvid:
1134 it = ll_iter_create(cc->cards);
1135 while ((card = ll_iter_next(it))) {
1136 if (card->caid == cur_er->caid) { // caid matches
1137 LL_ITER *it2 = ll_iter_create(card->badsids);
1138 struct cc_srvid *srvid;
1139 while ((srvid = ll_iter_next(it2)))
1140 if (sid_eq(srvid, &cur_srvid))
1141 ll_iter_remove_data(it2);
1142 ll_iter_release(it2);
1143 }
1144 }
1145 ll_iter_release(it);
1146 }
1147 }
1148 pthread_mutex_unlock(&cc->cards_busy);
1149 if (!cc->extended_mode) {
1150 rdr->available = 1;
1151 pthread_mutex_unlock(&cc->ecm_busy);
1152 }
1153 cs_debug_mask(D_FUT, "cc_send_ecm out");
1154 return -1;
1155}
1156
1157/*
1158 int cc_abort_user_ecms(){
1159 int n, i;
1160 time_t t;//, tls;
1161 struct cc_data *cc = rdr->cc;
1162
1163 t=time((time_t *)0);
1164 for (i=1,n=1; i<CS_MAXPENDING; i++)
1165 {
1166 if ((t-cl->ecmtask[i].tps.time > ((cfg->ctimeout + 500) / 1000) + 1) &&
1167 (cl->ecmtask[i].rc>=10)) // drop timeouts
1168 {
1169 cl->ecmtask[i].rc=0;
1170 }
1171 int td=abs(1000*(ecmtask[i].tps.time-cc->found->tps.time)+ecmtask[i].tps.millitm-cc->found->tps.millitm);
1172 if (ecmtask[i].rc>=10 && ecmtask[i].cidx==cc->found->cidx && &ecmtask[i]!=cc->found){
1173 cs_log("aborting idx:%d caid:%04x client:%d timedelta:%d",ecmtask[i].idx,ecmtask[i].caid,ecmtask[i].cidx,td);
1174 ecmtask[i].rc=0;
1175 ecmtask[i].rcEx=7;
1176 write_ecm_answer(rdr, fd_c2m, &ecmtask[i]);
1177 }
1178 }
1179 return n;
1180
1181 }
1182 */
1183
1184int cc_send_pending_emms(struct s_client *cl) {
1185 cs_debug_mask(D_FUT, "cc_send_pending_emms in");
1186 struct s_reader *rdr = cl->reader;
1187 struct cc_data *cc = cl->cc;
1188
1189 LL_ITER *it = ll_iter_create(cc->pending_emms);
1190 uint8 *emmbuf;
1191 int size = 0;
1192 if ((emmbuf = ll_iter_next(it))) {
1193 if (!cc->extended_mode) {
1194 if (pthread_mutex_trylock(&cc->ecm_busy) == EBUSY) { //Unlock by NOK or ECM ACK
1195 ll_iter_release(it);
1196 return 0; //send later with cc_send_ecm
1197 }
1198 rdr->available = 0;
1199 }
1200 size = emmbuf[11] + 12;
1201
1202 cc->just_logged_in = 0;
1203 cs_ftime(&cc->ecm_time);
1204
1205 cs_debug_mask(D_EMM, "%s emm send for card %08X", getprefix(), b2i(4,
1206 emmbuf + 7));
1207
1208 cc_cmd_send(cl, emmbuf, size, MSG_EMM_ACK); // send emm
1209
1210 ll_iter_remove_data(it);
1211 }
1212 ll_iter_release(it);
1213
1214 cs_debug_mask(D_FUT, "cc_send_pending_emms out");
1215 return size;
1216}
1217
1218/**
1219 * READER only:
1220 * find card by hexserial
1221 * */
1222struct cc_card *get_card_by_hexserial(struct s_client *cl, uint8 *hexserial,
1223 uint16 caid) {
1224 struct cc_data *cc = cl->cc;
1225 LL_ITER *it = ll_iter_create(cc->cards);
1226 struct cc_card *card;
1227 while ((card = ll_iter_next(it)))
1228 if (card->caid == caid && memcmp(card->hexserial, hexserial, 8) == 0) { //found it!
1229 break;
1230 }
1231 ll_iter_release(it);
1232 return card;
1233}
1234
1235/**
1236 * EMM Procession
1237 * Copied from http://85.17.209.13:6100/file/8ec3c0c5d257/systems/cardclient/cccam2.c
1238 * ProcessEmm
1239 * */
1240int cc_send_emm(EMM_PACKET *ep) {
1241 cs_debug_mask(D_FUT, "cc_send_emm in");
1242 struct s_client *cl = cur_client();
1243 struct s_reader *rdr = cl->reader;
1244
1245 if (!rdr->tcp_connected)
1246 cc_cli_connect(cl);
1247
1248 struct cc_data *cc = cl->cc;
1249
1250 if (!cc || (cl->pfd < 1) || !rdr->tcp_connected) {
1251 cs_log("%s server not init! ccinit=%d pfd=%d", getprefix(), cc ? 1 : 0,
1252 cl->pfd);
1253 return 0;
1254 }
1255 if (rdr->audisabled) {
1256 cs_log("%s au is disabled", getprefix());
1257 return 0;
1258 }
1259
1260 ushort caid = b2i(2, ep->caid);
1261
1262 //Last used card is first card of current_cards:
1263 pthread_mutex_lock(&cc->cards_busy);
1264 LL_ITER *it = ll_iter_create(cc->current_cards);
1265 struct cc_current_card *current_card;
1266 while ((current_card = ll_iter_next(it)))
1267 if (current_card->card->caid == caid && cc_UA_valid(current_card->card->hexserial))
1268 break; //found it
1269 ll_iter_release(it);
1270
1271 struct cc_card *emm_card = (current_card != NULL) ? current_card->card
1272 : NULL;
1273
1274 if (!emm_card) {
1275 uint8 hs[8];
1276 cc_UA_oscam2cccam(ep->hexserial, hs, caid);
1277 emm_card = get_card_by_hexserial(cl, hs, caid);
1278 }
1279
1280 if (!emm_card) { //Card for emm not found!
1281 cs_log("%s emm for client %8X not possible, no card found!",
1282 getprefix(), ep->client->thread);
1283 pthread_mutex_unlock(&cc->cards_busy);
1284 return 0;
1285 }
1286
1287 cs_debug_mask(D_EMM,
1288 "%s emm received for client %8X caid %04X for card %08X",
1289 getprefix(), ep->client->thread, caid, emm_card->id);
1290
1291 int size = ep->l + 12;
1292 uint8 *emmbuf = malloc(size);
1293 memset(emmbuf, 0, size);
1294
1295 // build ecm message
1296 emmbuf[0] = ep->caid[0];
1297 emmbuf[1] = ep->caid[1];
1298 emmbuf[2] = 0;
1299 emmbuf[3] = ep->provid[0];
1300 emmbuf[4] = ep->provid[1];
1301 emmbuf[5] = ep->provid[2];
1302 emmbuf[6] = ep->provid[3];
1303 emmbuf[7] = emm_card->id >> 24;
1304 emmbuf[8] = emm_card->id >> 16;
1305 emmbuf[9] = emm_card->id >> 8;
1306 emmbuf[10] = emm_card->id & 0xff;
1307 emmbuf[11] = ep->l;
1308 memcpy(emmbuf + 12, ep->emm, ep->l);
1309
1310 pthread_mutex_unlock(&cc->cards_busy);
1311
1312 ll_append(cc->pending_emms, emmbuf);
1313 cc_send_pending_emms(cl);
1314
1315 cs_debug_mask(D_FUT, "cc_send_emm out");
1316 return 1;
1317}
1318
1319void cc_free_card(struct cc_card *card) {
1320 if (!card)
1321 return;
1322
1323 ll_destroy_data(card->providers);
1324 ll_destroy_data(card->badsids);
1325 ll_destroy_data(card->goodsids);
1326 ll_destroy_data(card->remote_nodes);
1327
1328 free(card);
1329}
1330
1331/**
1332 * Server:
1333 * Adds a cccam-carddata buffer to the list of reported carddatas
1334 */
1335void cc_add_reported_carddata(LLIST *reported_carddatas, struct cc_card *card) {
1336 ll_append(reported_carddatas, card);
1337}
1338
1339int cc_clear_reported_carddata(struct s_client *cl, LLIST *reported_carddatas, LLIST *except,
1340 int send_removed) {
1341 int i=0;
1342 LL_ITER *it = ll_iter_create(reported_carddatas);
1343 struct cc_card *card;
1344 while ((card = ll_iter_next(it))) {
1345 struct cc_card *card2 = NULL;
1346 if (except) {
1347 LL_ITER *it2 = ll_iter_create(except);
1348 while ((card2 = ll_iter_next(it2))) {
1349 if (card == card2)
1350 break;
1351 }
1352 ll_iter_release(it2);
1353 }
1354
1355 if (!card2) {
1356 if (send_removed) {
1357 uint8 buf[4];
1358 buf[0] = card->id >>24;
1359 buf[1] = card->id >>16;
1360 buf[2] = card->id >>8;
1361 buf[3] = card->id & 0xFF;
1362 cc_cmd_send(cl, buf, 4, MSG_CARD_REMOVED);
1363 }
1364 cc_free_card(card);
1365 i++;
1366 }
1367 ll_iter_remove(it);
1368 }
1369 ll_iter_release(it);
1370 return i;
1371}
1372
1373int cc_free_reported_carddata(struct s_client *cl, LLIST *reported_carddatas, LLIST *except,
1374 int send_removed) {
1375 int i=0;
1376 if (reported_carddatas) {
1377 i = cc_clear_reported_carddata(cl, reported_carddatas, except, send_removed);
1378 ll_destroy(reported_carddatas);
1379 }
1380 return i;
1381}
1382
1383void cc_free_cardlist(LLIST *card_list, int destroy_list) {
1384 if (card_list) {
1385 LL_ITER *it = ll_iter_create(card_list);
1386 struct cc_card *card;
1387 while ((card = ll_iter_next(it))) {
1388 cc_free_card(card);
1389 ll_iter_remove(it);
1390 }
1391 ll_iter_release(it);
1392 if (destroy_list)
1393 ll_destroy_data(card_list);
1394 }
1395}
1396
1397/**
1398 * Clears and free the cc datas
1399 */
1400void cc_free(struct s_client *cl) {
1401 struct cc_data *cc = cl->cc;
1402 if (!cc)
1403 return;
1404
1405 cs_debug_mask(D_FUT, "cc_free in");
1406 cc_free_cardlist(cc->cards, TRUE);
1407 cc_free_reported_carddata(cl, cc->reported_carddatas, NULL, FALSE);
1408 ll_destroy_data(cc->pending_emms);
1409 free_current_cards(cc->current_cards);
1410 ll_destroy(cc->current_cards);
1411 if (cc->extended_ecm_idx)
1412 free_extended_ecm_idx(cc);
1413 pthread_mutex_destroy(&cc->lock);
1414 pthread_mutex_destroy(&cc->ecm_busy);
1415 pthread_mutex_destroy(&cc->cards_busy);
1416 free(cc->prefix);
1417 free(cc);
1418 cl->cc=NULL;
1419 cs_debug_mask(D_FUT, "cc_free out");
1420}
1421
1422int is_null_dcw(uint8 *dcw) {
1423 int i;
1424 for (i = 0; i < 15; i++)
1425 if (dcw[i])
1426 return 0;
1427 return 1;
1428}
1429
1430/*int is_dcw_corrupted(uchar *dcw)
1431 {
1432 int i;
1433 int c, cs;
1434
1435 for (i=0; i<16; i+=4)
1436 {
1437 c = (dcw[i] + dcw[i+1] + dcw[i+2]) & 0xFF;
1438 cs = dcw[i+3];
1439 if (cs!=c) return (1);
1440 }
1441 return 0;
1442 }
1443*/
1444
1445int check_extended_mode(struct s_client *cl, char *msg) {
1446 //Extended mode: if PARTNER String is ending with [PARAM], extended mode is activated
1447 //For future compatibilty the syntax should be compatible with
1448 //[PARAM1,PARAM2...PARAMn]
1449 //
1450 // EXT: Extended ECM Mode: Multiple ECMs could be send and received
1451 // ECMs are numbered, Flag (byte[0] is the index
1452 //
1453 // SID: Exchange of good sids/bad sids activated (like cccam 2.2.x)
1454 // card exchange command MSG_NEW_CARD_SIDINFO instead MSG_NEW_CARD is used
1455 //
1456
1457 struct cc_data *cc = cl->cc;
1458 int has_param = 0;
1459 char *p = strtok(msg, "[");
1460 while (p) {
1461 p = strtok(NULL, ",]");
1462 if (p && strncmp(p, "EXT", 3) == 0) {
1463 cc->extended_mode = 1;
1464 cs_log("%s extended ECM mode", getprefix());
1465 has_param = 1;
1466 }
1467 else if (p && strncmp(p, "SID", 3)==0) {
1468 cc->cccam220 = 1;
1469 cs_log("%s extra SID mode", getprefix());
1470 has_param = 1;
1471 }
1472 }
1473 return has_param;
1474}
1475
1476void cc_idle() {
1477 cs_debug_mask(D_FUT, "cc_idle in");
1478 struct s_client *cl = cur_client();
1479 struct s_reader *rdr = cl->reader;
1480 struct cc_data *cc = cl->cc;
1481 if (!rdr || !rdr->tcp_connected || !cl || !cc)
1482 return;
1483
1484 if (rdr->cc_keepalive) {
1485 if (cc->answer_on_keepalive + 55 <= time(NULL)) {
1486 cc_cmd_send(cl, NULL, 0, MSG_KEEPALIVE);
1487 cs_debug("cccam: keepalive");
1488 cc->answer_on_keepalive = time(NULL);
1489 }
1490 }
1491 else
1492 {
1493 int rto = abs(rdr->last_s - rdr->last_g);
1494 if (rto >= (rdr->tcp_rto*60))
1495 network_tcp_connection_close(cl, cl->udp_fd);
1496 }
1497 cs_debug_mask(D_FUT, "cc_idle out");
1498}
1499
1500struct cc_card *read_card(uint8 *buf, int ext) {
1501 struct cc_card *card = malloc(sizeof(struct cc_card));
1502 memset(card, 0, sizeof(struct cc_card));
1503
1504 int nprov, nassign = 0, nreject = 0, offset = 21;
1505
1506 card->providers = ll_create();
1507 card->badsids = ll_create();
1508 card->goodsids = ll_create();
1509 card->remote_nodes = ll_create();
1510 card->id = b2i(4, buf);
1511 card->remote_id = b2i(4, buf + 4);
1512 card->caid = b2i(2, buf + 8);
1513 card->hop = buf[10];
1514 card->maxdown = buf[11];
1515 memcpy(card->hexserial, buf + 12, 8); //HEXSERIAL!!
1516
1517 //cs_debug("cccam: card %08x added, caid %04X, hop %d, key %s, count %d",
1518 // card->id, card->caid, card->hop, cs_hexdump(0, card->hexserial, 8),
1519 // ll_count(cc->cards));
1520
1521 nprov = buf[20];
1522
1523 if (ext) {
1524 nassign = buf[21];
1525 nreject = buf[22];
1526
1527 offset += 2;
1528 }
1529
1530 int i;
1531 for (i = 0; i < nprov; i++) { // providers
1532 struct cc_provider *prov = malloc(sizeof(struct cc_provider));
1533 prov->prov = b2i(3, buf + offset);
1534 memcpy(prov->sa, buf + offset + 3, 4);
1535 cs_debug(" prov %d, %06x, sa %08x", i + 1, prov->prov, b2i(4,
1536 prov->sa));
1537
1538 ll_append(card->providers, prov);
1539 offset+=7;
1540 }
1541
1542 uint8 *ptr = buf + offset;
1543
1544 if (ext) {
1545 for (i = 0; i < nassign; i++) {
1546 uint16_t sid = b2i(2, ptr);
1547 cs_debug(" assigned sid = %04X, added to good sid list", sid);
1548
1549 struct cc_srvid *srvid = malloc(sizeof(struct cc_srvid));
1550 srvid->sid = sid;
1551 srvid->ecmlen = 0;
1552 ll_append(card->goodsids, srvid);
1553 ptr+=2;
1554 }
1555
1556 for (i = 0; i < nreject; i++) {
1557 uint16_t sid = b2i(2, ptr);
1558 cs_debug(" rejected sid = %04X, added to sid block list", sid);
1559
1560 struct cc_srvid *srvid = malloc(sizeof(struct cc_srvid));
1561 srvid->sid = sid;
1562 srvid->ecmlen = 0;
1563 ll_append(card->badsids, srvid);
1564 ptr+=2;
1565 }
1566 }
1567
1568 int remote_count = ptr[0];
1569 ptr++;
1570 for (i = 0; i < remote_count; i++) {
1571 uint8 *remote_node = malloc(8);
1572 memcpy(remote_node, ptr, 8);
1573 ll_append(card->remote_nodes, remote_node);
1574 ptr+=8;
1575 }
1576 return card;
1577}
1578
1579#define READ_CARD_TIMEOUT 100
1580
1581int write_card(struct cc_data *cc, uint8 *buf, struct cc_card *card, int add_own, int ext) {
1582 memset(buf, 0, CC_MAXMSGSIZE);
1583 buf[0] = card->id >> 24;
1584 buf[1] = card->id >> 16;
1585 buf[2] = card->id >> 8;
1586 buf[3] = card->id & 0xff;
1587 buf[4] = card->remote_id >> 24;
1588 buf[5] = card->remote_id >> 16;
1589 buf[6] = card->remote_id >> 8;
1590 buf[7] = card->remote_id & 0xFF;
1591 buf[8] = card->caid >> 8;
1592 buf[9] = card->caid & 0xff;
1593 buf[10] = card->hop;
1594 buf[11] = card->maxdown;
1595 memcpy(buf + 12, card->hexserial, 8);
1596
1597 //with cccam 2.2.0 we have assigned and rejected sids:
1598 int ofs = ext?23:21;
1599
1600 //write providers:
1601 LL_ITER *it = ll_iter_create(card->providers);
1602 struct cc_provider *prov;
1603 while ((prov = ll_iter_next(it))) {
1604 ulong prid = prov->prov;
1605 buf[ofs+0] = prid >> 16;
1606 buf[ofs+1] = prid >> 8;
1607 buf[ofs+2] = prid & 0xFF;
1608 memcpy(buf + ofs + 3, prov->sa, 4);
1609 buf[20]++;
1610 ofs+=7;
1611 }
1612 ll_iter_release(it);
1613
1614 //write sids only if cccam 2.2.0:
1615 if (ext) {
1616 //assigned sids:
1617 it = ll_iter_create(card->goodsids);
1618 struct cc_srvid *srvid;
1619 while ((srvid = ll_iter_next(it))) {
1620 buf[ofs+0] = srvid->sid >> 8;
1621 buf[ofs+1] = srvid->sid & 0xFF;
1622 ofs+=2;
1623 buf[21]++; //nassign
1624 }
1625 ll_iter_release(it);
1626
1627 //reject sids:
1628 it = ll_iter_create(card->badsids);
1629 while ((srvid = ll_iter_next(it))) {
1630 buf[ofs+0] = srvid->sid >> 8;
1631 buf[ofs+1] = srvid->sid & 0xFF;
1632 ofs+=2;
1633 buf[22]++; //nreject
1634 }
1635 ll_iter_release(it);
1636 }
1637
1638 //write remote nodes
1639 int nremote_ofs = ofs;
1640 ofs++;
1641 it = ll_iter_create(card->remote_nodes);
1642 uint8 *remote_node;
1643 while ((remote_node = ll_iter_next(it))) {
1644 memcpy(buf+ofs, remote_node, 8);
1645 ofs+=8;
1646 buf[nremote_ofs]++;
1647 }
1648 ll_iter_release(it);
1649 if (add_own) {
1650 memcpy(buf+ofs, cc->node_id, 8);
1651 ofs+=8;
1652 buf[nremote_ofs]++;
1653 }
1654 return ofs;
1655}
1656
1657void cc_card_removed(struct s_client *cl, uint32 shareid) {
1658 struct cc_data *cc = cl->cc;
1659 struct cc_card *card;
1660 pthread_mutex_lock(&cc->cards_busy);
1661 LL_ITER *it = ll_iter_create(cc->cards);
1662
1663 while ((card = ll_iter_next(it))) {
1664 if (card->id == shareid) {// && card->sub_id == b2i (3, buf + 9)) {
1665 //cs_debug("cccam: card %08x removed, caid %04X, count %d",
1666 // card->id, card->caid, ll_count(cc->cards));
1667 struct cc_card *next_card = ll_iter_peek(it, 0);
1668 ll_iter_remove(it);
1669 struct cc_current_card *current_card;
1670 while ((current_card = cc_find_current_card(cc, card))) {
1671 cs_debug_mask(D_TRACE, "%s current card %08x removed!",
1672 getprefix(), card->id);
1673 cc_remove_current_card(cc, current_card);
1674 }
1675 free_extended_ecm_idx_by_card(cl, card);
1676 cc_free_card(card);
1677 card = next_card;
1678 cc->cards_modified++;
1679 //break;
1680 }
1681 }
1682 ll_iter_release(it);
1683 pthread_mutex_unlock(&cc->cards_busy);
1684}
1685
1686void move_card_to_end(struct s_client * cl, struct cc_card *card_to_move) {
1687
1688 struct cc_data *cc = cl->cc;
1689
1690 LL_ITER *it = ll_iter_create(cc->cards);
1691 struct cc_card *card;
1692 while ((card = ll_iter_next(it))) {
1693 if (card == card_to_move) {
1694 ll_iter_remove(it);
1695 break;
1696 }
1697 }
1698 ll_iter_release(it);
1699 if (card) {
1700 cs_debug_mask(D_TRACE, "%s CMD05: Moving card %08X to the end...", getprefix(), card_to_move->id);
1701 //cleaning current cards:
1702 it = ll_iter_create(cc->cards);
1703 struct cc_current_card *current_card;
1704 while ((current_card = cc_find_current_card(cc, card))) {
1705 cc_remove_current_card(cc, current_card);
1706 }
1707 ll_iter_release(it);
1708 free_extended_ecm_idx_by_card(cl, card);
1709
1710 ll_append(cc->cards, card_to_move);
1711 }
1712}
1713
1714int same_first_node(struct cc_card *card1, struct cc_card *card2) {
1715 uint8 * node1 = card1->remote_nodes->obj;
1716 uint8 * node2 = card2->remote_nodes->obj;
1717
1718 if (!node1 && !node2) return 1; //both NULL, same!
1719
1720 if (!node1 || !node2) return 0; //one NULL, not same!
1721
1722 return !memcmp(node1, node2, 8); //same?
1723}
1724
1725int same_card(struct cc_card *card1, struct cc_card *card2) {
1726 return (card1->caid == card2->caid &&
1727 card1->remote_id == card2->remote_id &&
1728 same_first_node(card1, card2) &&
1729 memcmp(card1->hexserial, card2->hexserial, sizeof(card1->hexserial))==0);
1730}
1731
1732
1733void check_peer_changed(struct cc_data *cc, uint8 *node_id, uint8 *version) {
1734 if (memcmp(cc->peer_node_id, node_id, 8) != 0 || memcmp(cc->peer_version, version, 8) != 0) {
1735 //Remote Id has changed, clear cached data:
1736 cc_free_cardlist(cc->cards, FALSE);
1737 free_current_cards(cc->current_cards);
1738 }
1739}
1740
1741/**
1742 * if idents defined on an cccam reader, the cards caid+provider are checked.
1743 * return 1 a) if no ident defined b) card is in identlist
1744 * 0 if card is not in identlist
1745 *
1746 * a card is in the identlist, if the cards caid is matching and mininum a provider is matching
1747 **/
1748int chk_ident(FTAB *ftab, struct cc_card *card) {
1749
1750 int j, k;
1751 int res = 1;
1752
1753 if (ftab && ftab->filts) {
1754 for (j = 0; j < ftab->nfilts; j++) {
1755 if (ftab->filts[j].caid) {
1756 res = 0;
1757 if (ftab->filts[j].caid==card->caid) { //caid matches!
1758
1759 int nprids = ftab->filts[j].nprids;
1760 if (!nprids) // No Provider ->Ok
1761 return 1;
1762
1763
1764 LL_ITER *it = ll_iter_create(card->providers);
1765 struct cc_provider *prov;
1766
1767 while ((prov = ll_iter_next(it))) {
1768 for (k = 0; k < nprids; k++) {
1769 ulong prid = ftab->filts[j].prids[k];
1770 if (prid == prov->prov) { //Provider matches
1771 ll_iter_release(it);
1772 return 1;
1773 }
1774 }
1775 }
1776 ll_iter_release(it);
1777 }
1778 }
1779 }
1780 }
1781 return res;
1782}
1783
1784
1785/*void fix_dcw(uchar *dcw)
1786{
1787 int i;
1788 for (i=0; i<16; i+=4)
1789 {
1790 dcw[i+3] = (dcw[i] + dcw[i+1] + dcw[i+2]) & 0xFF;
1791 }
1792}*/
1793
1794void addParam(char *param, char *value)
1795{
1796 if (strlen(param) < 4)
1797 strcat(param, value);
1798 else {
1799 strcat(param, ",");
1800 strcat(param, value);
1801 }
1802}
1803
1804int cc_parse_msg(struct s_client *cl, uint8 *buf, int l) {
1805 cs_debug_mask(D_FUT, "cc_parse_msg in %d", buf[1]);
1806 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
1807
1808 int ret = buf[1];
1809 struct cc_data *cc = cl->cc;
1810
1811 cs_debug("%s parse_msg=%d", getprefix(), buf[1]);
1812
1813 uint8 *data = buf + 4;
1814 memcpy(&cc->receive_buffer, data, l - 4);
1815 cc->last_msg = buf[1];
1816 switch (buf[1]) {
1817 case MSG_CLI_DATA:
1818 cs_debug("cccam: client data ack");
1819 break;
1820 case MSG_SRV_DATA:
1821 l -= 4;
1822 cs_log("%s MSG_SRV_DATA (payload=%d, hex=%02X)", getprefix(), l, l);
1823 data = (uint8*) &cc->receive_buffer;
1824
1825 if (l == 0x48) { //72 bytes: normal server data
1826 check_peer_changed(cc, data, data+8);
1827
1828 memcpy(cc->peer_node_id, data, 8);
1829 memcpy(cc->peer_version, data + 8, 8);
1830
1831 memcpy(cc->cmd0b_aeskey, cc->peer_node_id, 8);
1832 memcpy(cc->cmd0b_aeskey + 8, cc->peer_version, 8);
1833
1834 strncpy(cc->remote_version, (char*)data+8, sizeof(cc->remote_version)-1);
1835 strncpy(cc->remote_build, (char*)data+40, sizeof(cc->remote_build)-1);
1836
1837 cs_log("%s srv %s running v%s (%s)", getprefix(), cs_hexdump(0,
1838 cc->peer_node_id, 8), cc->remote_version, cc->remote_build);
1839
1840 if (!cc->is_oscam_cccam) {//Allready discovered oscam-cccam:
1841 uint16 sum = 0x1234;
1842 uint16 recv_sum = (cc->peer_node_id[6] << 8)
1843 | cc->peer_node_id[7];
1844 int i;
1845 for (i = 0; i < 6; i++) {
1846 sum += cc->peer_node_id[i];
1847 }
1848 //Create special data to detect oscam-cccam:
1849 cc->is_oscam_cccam = sum == recv_sum;
1850 }
1851 //Trick: when discovered partner is an Oscam Client, then we send him our version string:
1852 if (cc->is_oscam_cccam) {
1853 sprintf((char*) buf,
1854 "PARTNER: OSCam v%s, build #%s (%s) [EXT,SID]", CS_VERSION,
1855 CS_SVN_VERSION, CS_OSTYPE);
1856 cc_cmd_send(cl, buf, strlen((char*) buf) + 1, MSG_CW_NOK1);
1857 }
1858
1859 cc->cmd05_mode = MODE_PLAIN;
1860 //
1861 //Keyoffset is payload-size:
1862 //
1863 } else if (l >= 0x00 && l <= 0x0F) {
1864 cc->cmd05_offset = l;
1865 //
1866 //16..43 bytes: RC4 encryption:
1867 //
1868 } else if ((l >= 0x10 && l <= 0x1f) || (l >= 0x24 && l <= 0x2b)) {
1869 cc_init_crypt(&cc->cmd05_cryptkey, data, l);
1870 cc->cmd05_mode = MODE_RC4_CRYPT;
1871 //
1872 //32 bytes: set AES128 key for CMD_05, Key=16 bytes offset keyoffset
1873 //
1874 } else if (l == 0x20) {
1875 memcpy(cc->cmd05_aeskey, data + cc->cmd05_offset, 16);
1876 cc->cmd05_mode = MODE_AES;
1877 //
1878 //33 bytes: xor-algo mit payload-bytes, offset keyoffset
1879 //
1880 } else if (l == 0x21) {
1881 cc_init_crypt(&cc->cmd05_cryptkey, data + cc->cmd05_offset, l);
1882 cc->cmd05_mode = MODE_CC_CRYPT;
1883 //
1884 //34 bytes: cmd_05 plain back
1885 //
1886 } else if (l == 0x22) {
1887 cc->cmd05_mode = MODE_PLAIN;
1888 //
1889 //35 bytes: Unknown!! 2 256 byte keys exchange
1890 //
1891 } else if (l == 0x23) {
1892 cc->cmd05_mode = MODE_UNKNOWN;
1893 //cycle_connection(); //Absolute unknown handling!
1894 cc_cli_close(cl, TRUE);
1895 //
1896 //44 bytes: set aes128 key, Key=16 bytes [Offset=len(password)]
1897 //
1898 } else if (l == 0x2c) {
1899 memcpy(cc->cmd05_aeskey, data + strlen(rdr->r_pwd), 16);
1900 cc->cmd05_mode = MODE_AES;
1901 //
1902 //45 bytes: set aes128 key, Key=16 bytes [Offset=len(username)]
1903 //
1904 } else if (l == 0x2d) {
1905 memcpy(cc->cmd05_aeskey, data + strlen(rdr->r_usr), 16);
1906 cc->cmd05_mode = MODE_AES;
1907 //
1908 //Unknown!!
1909 //
1910 } else {
1911 cs_log(
1912 "%s received improper MSG_SRV_DATA! No change to current mode, mode=%d",
1913 getprefix(), cc->cmd05_mode);
1914 break;
1915 }
1916 cs_debug_mask(D_TRACE, "%s MSG_SRV_DATA MODE=%s, len=%d", getprefix(),
1917 cmd05_mode_name[cc->cmd05_mode], l);
1918
1919 break;
1920 case MSG_NEW_CARD_SIDINFO:
1921 case MSG_NEW_CARD: {
1922 if (buf[14] >= rdr->cc_maxhop)
1923 break;
1924
1925 if (!chk_ctab(b2i(2, buf + 12), &rdr->ctab))
1926 break;
1927
1928 rdr->tcp_connected = 2; //we have card
1929 rdr->card_status = CARD_INSERTED;
1930
1931 pthread_mutex_lock(&cc->cards_busy);
1932
1933 struct cc_card *card = read_card(data, buf[1]==MSG_NEW_CARD_SIDINFO);
1934
1935 //Check if this card is from us:
1936 LL_ITER *it = ll_iter_create(card->remote_nodes);
1937 uint8 *remote_id;
1938 while ((remote_id = ll_iter_next(it))) {
1939 if (memcmp(remote_id, cc_node_id, sizeof(cc_node_id)) == 0) { //this card is from us!
1940 cs_debug_mask(D_TRACE, "filtered card because of recursive nodeid: id=%08X, caid=%04X", card->id, card->caid);
1941 cc_free_card(card);
1942 card=NULL;
1943 break;
1944 }
1945 }
1946 ll_iter_release(it);
1947
1948 //Check Ident filter:
1949 if (card) {
1950 if (!chk_ident(&rdr->ftab, card)) {
1951 cc_free_card(card);
1952 card=NULL;
1953 }
1954 }
1955
1956 if (card) {
1957 //Check if we already have this card:
1958 it = ll_iter_create(cc->cards);
1959 struct cc_card *old_card;
1960 while ((old_card = ll_iter_next(it))) {
1961 if (old_card->id == card->id || //we aready have this card, delete it
1962 same_card(old_card, card)) {
1963 cc_free_card(card);
1964 card = old_card;
1965 break;
1966 }
1967 }
1968 ll_iter_release(it);
1969
1970 card->time = time((time_t) 0);
1971 if (!old_card) {
1972 card->hop++; //inkrementing hop
1973 ll_append(cc->cards, card);
1974 set_au_data(cl, rdr, card, NULL);
1975 cc->cards_modified++;
1976 }
1977 }
1978
1979 pthread_mutex_unlock(&cc->cards_busy);
1980
1981 break;
1982 }
1983
1984 case MSG_CARD_REMOVED: {
1985 cc_card_removed(cl, b2i(4, buf + 4));
1986 break;
1987 }
1988
1989 case MSG_CW_NOK1:
1990 case MSG_CW_NOK2:
1991 if (l > 4) {
1992 //Received NOK with payload:
1993 char *msg = (char*) buf + 4;
1994 cs_log("%s %s", getprefix(), msg);
1995
1996 //Check for PARTNER connection:
1997 if (!cc->is_oscam_cccam && strncmp(msg, "PARTNER:", 8) == 0) {
1998 //When Data starts with "PARTNER:" we have an Oscam-cccam-compatible client/server!
1999 cc->is_oscam_cccam = 1;
2000 strncpy(cc->remote_oscam, msg+9, sizeof(cc->remote_oscam)-1);
2001
2002 int has_param = check_extended_mode(cl, msg);
2003
2004 //send params back. At the moment there is only "EXT"
2005 char param[14];
2006 if (!has_param)
2007 param[0] = 0;
2008 else {
2009 strcpy(param, " [");
2010 if (cc->extended_mode)
2011 addParam(param, "EXT");
2012 if (cc->cccam220)
2013 addParam(param, "SID");
2014 strcat(param, "]");
2015 }
2016
2017 sprintf((char*) buf, "PARTNER: OSCam v%s, build #%s (%s)%s",
2018 CS_VERSION, CS_SVN_VERSION, CS_OSTYPE, param);
2019 cc_cmd_send(cl, buf, strlen((char*) buf) + 1, MSG_CW_NOK1);
2020 } else if (cc->is_oscam_cccam)
2021 check_extended_mode(cl, msg);
2022 cs_debug_mask(D_FUT, "cc_parse_msg out");
2023 return ret;
2024 }
2025
2026 if (cl->typ == 'c') //for reader only
2027 return ret;
2028
2029 if (cc->just_logged_in)
2030 return -1; // reader restart needed
2031
2032 pthread_mutex_lock(&cc->cards_busy);
2033 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx(cl,
2034 cc->extended_mode ? cc->g_flag : 1, TRUE);
2035 if (!eei) {
2036 cs_log("%s received extended ecm NOK id %d but not found!",
2037 getprefix(), cc->g_flag);
2038 }
2039 else
2040 {
2041 ushort ecm_idx = eei->ecm_idx;
2042 struct cc_card *card = eei->card;
2043 struct cc_srvid srvid = eei->srvid;
2044 free(eei);
2045
2046 if (card) {
2047 if (buf[1] == MSG_CW_NOK1) //MSG_CW_NOK1: share no more available
2048 cc_card_removed(cl, card->id);
2049 else if (cc->cmd05NOK) {
2050 move_card_to_end(cl, card);
2051 add_sid_block(cl, card, &srvid);
2052 }
2053 else if (!is_good_sid(card, &srvid)) //MSG_CW_NOK2: can't decode
2054 add_sid_block(cl, card, &srvid);
2055 else
2056 remove_good_sid(card, &srvid);
2057
2058 //retry ecm:
2059 int i = 0;
2060 for (i = 0; i < CS_MAXPENDING; i++) {
2061 if (cl->ecmtask[i].idx == ecm_idx && cl->ecmtask[i].rc == 101)
2062 cl->ecmtask[i].rc = 100; //Mark unused
2063 }
2064 } else
2065 cs_log("%S NOK: NO CARD!", getprefix());
2066 }
2067 cc->cmd05NOK = 0;
2068 pthread_mutex_unlock(&cc->cards_busy);
2069
2070 if (!cc->extended_mode) {
2071 rdr->available = 1;
2072 pthread_mutex_unlock(&cc->ecm_busy);
2073 }
2074
2075 cc_send_ecm(cl, NULL, NULL);
2076 break;
2077
2078 case MSG_CW_ECM:
2079 cc->just_logged_in = 0;
2080 if (cl->typ == 'c') { //SERVER:
2081 ECM_REQUEST *er;
2082
2083 struct cc_card *server_card = malloc(sizeof(struct cc_card));
2084 memset(server_card, 0, sizeof(struct cc_card));
2085 server_card->id = buf[10] << 24 | buf[11] << 16 | buf[12] << 8
2086 | buf[13];
2087 server_card->caid = b2i(2, data);
2088
2089 if ((er = get_ecmtask())) {
2090 er->caid = b2i(2, buf + 4);
2091 er->srvid = b2i(2, buf + 14);
2092 er->l = buf[16];
2093 memcpy(er->ecm, buf + 17, er->l);
2094 er->prid = b2i(4, buf + 6);
2095 cc->server_ecm_pending++;
2096 er->idx = ++cc->server_ecm_idx;
2097
2098 cs_debug_mask(
2099 D_TRACE,
2100 "%s ECM request from client: caid %04x srvid %04x(%d) prid %06x",
2101 getprefix(), er->caid, er->srvid, er->l, er->prid);
2102
2103 struct cc_srvid srvid;
2104 srvid.sid = er->srvid;
2105 srvid.ecmlen = er->l;
2106 add_extended_ecm_idx(cl, cc->extended_mode ? cc->g_flag : 1,
2107 er->idx, server_card, srvid);
2108
2109 get_cw(cl, er);
2110
2111 } else {
2112 cs_debug_mask(D_TRACE, "%s NO ECMTASK!!!!", getprefix());
2113 free(server_card);
2114 }
2115
2116 } else { //READER:
2117 pthread_mutex_lock(&cc->cards_busy);
2118
2119 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx(cl,
2120 cc->extended_mode ? cc->g_flag : 1, TRUE);
2121 if (eei == NULL) {
2122 cs_log("%s received extended ecm id %d but not found!",
2123 getprefix(), cc->g_flag);
2124 }
2125 else
2126 {
2127 ushort ecm_idx = eei->ecm_idx;
2128 struct cc_card *card = eei->card;
2129 struct cc_srvid srvid = eei->srvid;
2130 free(eei);
2131
2132 if (card) {
2133
2134 if (!cc->extended_mode) {
2135 cc_cw_crypt(cl, buf + 4, card->id);
2136 cc_crypt_cmd0c(cl, buf + 4, 16);
2137 }
2138
2139 memcpy(cc->dcw, buf + 4, 16);
2140 //fix_dcw(cc->dcw);
2141 if (!cc->extended_mode)
2142 cc_crypt(&cc->block[DECRYPT], buf + 4, l - 4, ENCRYPT); // additional crypto step
2143
2144 if (is_null_dcw(cc->dcw)) {
2145 cs_log("%s null dcw received! sid=%04X(%d)", getprefix(),
2146 srvid.sid, srvid.ecmlen);
2147 add_sid_block(cl, card, &srvid);
2148 //ecm retry:
2149 int i = 0;
2150 for (i = 0; i < CS_MAXPENDING; i++) {
2151 if (cl->ecmtask[i].idx == ecm_idx && cl->ecmtask[i].rc==101)
2152 cl->ecmtask[i].rc = 100; //Mark unused
2153 }
2154
2155 buf[1] = MSG_CW_NOK2; //So it's really handled like a nok!
2156 } else {
2157 cc->recv_ecmtask = ecm_idx;
2158 cs_debug_mask(D_TRACE, "%s cws: %d %s", getprefix(),
2159 ecm_idx, cs_hexdump(0, cc->dcw, 16));
2160 add_good_sid(cl, card, &srvid);
2161
2162 //check response time, if > fallbacktime, switch cards!
2163 struct timeb tpe;
2164 cs_ftime(&tpe);
2165 ulong cwlastresptime = 1000*(tpe.time-cc->ecm_time.time)+tpe.millitm-cc->ecm_time.millitm;
2166 if (cwlastresptime > cfg->ftimeout) {
2167 cs_log("%s card %04X is too slow, moving to the end...", getprefix(), card->id);
2168 move_card_to_end(cl, card);
2169 }
2170
2171 }
2172 } else {
2173 cs_log(
2174 "%s warning: ECM-CWS respond by CCCam server without current card!",
2175 getprefix());
2176 }
2177 }
2178 pthread_mutex_unlock(&cc->cards_busy);
2179
2180 if (!cc->extended_mode) {
2181 rdr->available = 1;
2182 pthread_mutex_unlock(&cc->ecm_busy);
2183 }
2184
2185 //cc_abort_user_ecms();
2186
2187 cc_send_ecm(cl, NULL, NULL);
2188
2189 if (cc->max_ecms)
2190 cc->ecm_counter++;
2191 }
2192 break;
2193
2194 case MSG_KEEPALIVE:
2195 cc->just_logged_in = 0;
2196 if (cl->typ != 'c') {
2197 cs_debug("cccam: keepalive ack");
2198 } else {
2199 //Checking if last answer is one minute ago:
2200 if (cc->answer_on_keepalive + 55 <= time(NULL)) {
2201 cc_cmd_send(cl, NULL, 0, MSG_KEEPALIVE);
2202 cs_debug("cccam: keepalive");
2203 cc->answer_on_keepalive = time(NULL);
2204 }
2205 }
2206 break;
2207
2208 case MSG_CMD_05:
2209 if (cl->typ != 'c') {
2210 cc->just_logged_in = 0;
2211 l = l - 4;//Header Length=4 Byte
2212
2213 cs_log("%s MSG_CMD_05 recvd, payload length=%d mode=%d",
2214 getprefix(), l, cc->cmd05_mode);
2215 cc->cmd05_active = 1;
2216 cc->cmd05_data_len = l;
2217 memcpy(&cc->cmd05_data, buf + 4, l);
2218 if (rdr->available && ll_count(cc->cards))
2219 send_cmd05_answer(cl);
2220 }
2221 break;
2222 case MSG_CMD_0B: {
2223 // by Project:Keynation
2224 /*cs_log("%s MSG_CMD_0B received, cycle connection (payload=%d)!", getprefix(), l-4);*/
2225 cs_debug_mask(D_TRACE, "%s MSG_CMD_0B received (payload=%d)!",
2226 getprefix(), l - 4);
2227 cs_ddump(buf, l, "%s content: len=%d", getprefix(), l);
2228
2229 AES_KEY key;
2230 uint8 aeskey[16];
2231 uint8 out[16];
2232
2233 memcpy(aeskey, cc->cmd0b_aeskey, 16);
2234 memset(&key, 0, sizeof(key));
2235
2236 cs_ddump(aeskey, 16, "%s CMD_0B AES key:", getprefix());
2237 cs_ddump(data, 16, "%s CMD_0B received data:", getprefix());
2238
2239 AES_set_encrypt_key((unsigned char *) &aeskey, 128, &key);
2240 AES_encrypt((unsigned char *) data, (unsigned char *) &out, &key);
2241
2242 cs_debug_mask(D_TRACE, "%s sending CMD_0B! ", getprefix());
2243 cs_ddump(out, 16, "%s CMD_0B out:", getprefix());
2244 cc_cmd_send(cl, out, 16, MSG_CMD_0B);
2245
2246 break;
2247 }
2248
2249 case MSG_CMD_0C: { //New CCCAM 2.2.0 Server/Client fake check!
2250 int len = l-4;
2251
2252 if (cl->typ == 'c') { //Only im comming from "client"
2253 cs_debug_mask(D_TRACE, "%s MSG_CMD_0C received (payload=%d)!", getprefix(), len);
2254 cs_ddump(buf, l, "%s content: len=%d", getprefix(), l);
2255
2256 uint8 bytes[0x20];
2257 if (len < 0x20) //if less then 0x20 bytes, clear others:
2258 memset(data+len, 0, 0x20-len);
2259
2260 //change first 0x10 bytes to the second:
2261 memcpy(bytes, data+0x10, 0x10);
2262 memcpy(bytes+0x10, data, 0x10);
2263
2264 //xor data:
2265 int i;
2266 for (i=0;i<0x20;i++)
2267 bytes[i] ^= (data[i] & 0x7F);
2268
2269 //key is now the 16bit hash of md5:
2270 uint8 md5hash[0x10];
2271 MD5(data, 0x20, md5hash);
2272 memcpy(bytes, md5hash, 0x10);
2273
2274 cs_debug_mask(D_TRACE, "%s sending CMD_0C! ", getprefix());
2275 cs_ddump(bytes, 0x20, "%s CMD_0C out:", getprefix());
2276 cc_cmd_send(cl, bytes, 0x20, MSG_CMD_0C);
2277 }
2278 else //reader
2279 {
2280 // by Project:Keynation + Oscam team
2281 cc_crypt_cmd0c(cl, data, len);
2282
2283 uint8 CMD_0x0C_Command = data[0];
2284
2285 if (CMD_0x0C_Command > 4) {
2286 cc->cmd0c_mode = MODE_CMD_0x0C_NONE;
2287 break;
2288 }
2289
2290 switch (CMD_0x0C_Command) {
2291
2292 case 0 : { //RC6
2293 cc->cmd0c_mode = MODE_CMD_0x0C_RC6;
2294 break;
2295 }
2296
2297 case 1: { //RC4
2298 cc->cmd0c_mode = MODE_CMD_0x0C_RC4;
2299 break;
2300 }
2301
2302 case 2: { //CC_CRYPT
2303 cc->cmd0c_mode = MODE_CMD_0x0C_CC_CRYPT;
2304 break;
2305 }
2306
2307 case 3: { //AES
2308 cc->cmd0c_mode = MODE_CMD_0x0C_AES;
2309 break;
2310 }
2311
2312 case 4 : { //IDEA
2313 cc->cmd0c_mode = MODE_CMD_0x0C_IDEA;
2314 break;
2315 }
2316 }
2317
2318 cs_log("%s received MSG_CMD_0C from server! CMD_0x0C_CMD=%d, MODE=%s! Message data: %s",
2319 getprefix(), CMD_0x0C_Command, cmd0c_mode_name[cc->cmd0c_mode], cs_hexdump(0, data, len));
2320
2321 set_cmd0c_cryptkey(cl, data, len);
2322 }
2323 break;
2324 }
2325
2326 case MSG_CMD_0D: { //key update for the active cmd0x0c algo
2327 int len = l-4;
2328 if (cc->cmd0c_mode == MODE_CMD_0x0C_NONE)
2329 break;
2330
2331 set_cmd0c_cryptkey(cl, data, len);
2332
2333 cs_log("%s received MSG_CMD_0D from server! MODE=%s! Message data: %s",
2334 getprefix(), cmd0c_mode_name[cc->cmd0c_mode], cs_hexdump(0, data, len));
2335 break;
2336 }
2337
2338 case MSG_CMD_0E: {
2339 cs_log("cccam 2.2.0 commands not implemented");
2340 //Unkwon commands...need workout algo
2341 if (cl->typ == 'c') //client connection
2342 {
2343 //switching to an oder version and then disconnect...
2344 strcpy(cfg->cc_version, version[0]);
2345 ret = -1;
2346 }
2347 else //reader connection
2348 {
2349 strcpy(cl->reader->cc_version, version[0]);
2350 strcpy(cl->reader->cc_build, build[0]);
2351 cc_cli_close(cl, TRUE);
2352 }
2353 break;
2354 }
2355
2356 case MSG_EMM_ACK: {
2357 cc->just_logged_in = 0;
2358 if (cl->typ == 'c') { //EMM Request received
2359 cc_cmd_send(cl, NULL, 0, MSG_EMM_ACK); //Send back ACK
2360 if (l > 4) {
2361 cs_debug_mask(D_EMM, "%s EMM Request received!", getprefix());
2362
2363 if (!cl->aureader) {
2364 cs_debug_mask(
2365 D_EMM,
2366 "%s EMM Request discarded because au is not assigned to an reader!",
2367 getprefix());
2368 return MSG_EMM_ACK;
2369 }
2370
2371 EMM_PACKET *emm = malloc(sizeof(EMM_PACKET));
2372 memset(emm, 0, sizeof(EMM_PACKET));
2373 emm->caid[0] = buf[4];
2374 emm->caid[1] = buf[5];
2375 emm->provid[0] = buf[7];
2376 emm->provid[1] = buf[8];
2377 emm->provid[2] = buf[9];
2378 emm->provid[3] = buf[10];
2379 //emm->hexserial[0] = buf[11];
2380 //emm->hexserial[1] = buf[12];
2381 //emm->hexserial[2] = buf[13];
2382 //emm->hexserial[3] = buf[14];
2383 emm->l = buf[15];
2384 memcpy(emm->emm, buf + 16, emm->l);
2385 //emm->type = UNKNOWN;
2386 //emm->cidx = cs_idx;
2387 do_emm(cl, emm);
2388 free(emm);
2389 }
2390 } else { //Our EMM Request Ack!
2391 cs_debug_mask(D_EMM, "%s EMM ACK!", getprefix());
2392 if (!cc->extended_mode) {
2393 rdr->available = 1;
2394 pthread_mutex_unlock(&cc->ecm_busy);
2395 }
2396 cc_send_ecm(cl, NULL, NULL);
2397 }
2398 break;
2399 }
2400 default:
2401 cs_ddump(buf, l, "%s unhandled msg: %d len=%d", getprefix(), buf[1], l);
2402 break;
2403 }
2404
2405 if (cc->max_ecms && (cc->ecm_counter > cc->max_ecms)) {
2406 cs_log("%s max ecms (%d) reached, cycle connection!", getprefix(),
2407 cc->max_ecms);
2408 //cc_cycle_connection();
2409 cc_cli_close(cl, TRUE);
2410 //cc_send_ecm(NULL, NULL);
2411 }
2412 cs_debug_mask(D_FUT, "cc_parse_msg out");
2413 return ret;
2414}
2415
2416/**
2417 * Reader: write dcw to receive
2418 */
2419int cc_recv_chk(struct s_client *cl, uchar *dcw, int *rc, uchar *buf, int UNUSED(n)) {
2420 cs_debug_mask(D_FUT, "cc_recv_chk in");
2421 struct cc_data *cc = cl->cc;
2422
2423 if (buf[1] == MSG_CW_ECM) {
2424 memcpy(dcw, cc->dcw, 16);
2425 cs_debug("cccam: recv chk - MSG_CW %d - %s", cc->recv_ecmtask,
2426 cs_hexdump(0, dcw, 16));
2427 *rc = 1;
2428 cs_debug_mask(D_FUT, "cc_recv_chk out");
2429 return (cc->recv_ecmtask);
2430 } else if ((buf[1] == (MSG_CW_NOK1)) || (buf[1] == (MSG_CW_NOK2))) {
2431 cs_debug_mask(D_FUT, "cc_recv_chk out");
2432 return -1;
2433 }
2434
2435 cs_debug_mask(D_FUT, "cc_recv_chk out");
2436 return (-1);
2437}
2438
2439//int is_softfail(int rc)
2440//{
2441// //see oscam.c send_dcw() for a full list
2442// switch(rc)
2443// {
2444// case 5: // 5 = timeout
2445// case 6: // 6 = sleeping
2446// case 7: // 7 = fake
2447// case 10:// 10= no card
2448// case 11:// 11= expdate
2449// case 12:// 12= disabled
2450// case 13:// 13= stopped
2451// case 14:// 100= unhandled
2452// return TRUE;
2453// }
2454// return FALSE;
2455//}
2456
2457
2458
2459/**
2460 * Server: send DCW to client
2461 */
2462void cc_send_dcw(struct s_client *cl, ECM_REQUEST *er) {
2463 cs_debug_mask(D_FUT, "cc_send_dcw in");
2464 uchar buf[16];
2465 struct cc_data *cc = cl->cc;
2466
2467 memset(buf, 0, sizeof(buf));
2468
2469 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx_by_idx(cl, er->idx,
2470 TRUE);
2471
2472 if (er->rc <= 3 && eei && eei->card) {
2473 memcpy(buf, er->cw, sizeof(buf));
2474 //fix_dcw(buf);
2475 cs_debug_mask(D_TRACE, "%s send cw: %s cpti: %d", getprefix(),
2476 cs_hexdump(0, buf, 16), er->cpti);
2477 if (!cc->extended_mode)
2478 cc_cw_crypt(cl, buf, eei->card->id);
2479 else
2480 cc->g_flag = eei->send_idx;
2481 cc_cmd_send(cl, buf, 16, MSG_CW_ECM);
2482 if (!cc->extended_mode)
2483 cc_crypt(&cc->block[ENCRYPT], buf, 16, ENCRYPT); // additional crypto step
2484 free(eei->card);
2485 } else {
2486 cs_debug_mask(D_TRACE, "%s send cw: NOK cpti: %d", getprefix(),
2487 er->cpti);
2488
2489 if (eei && cc->extended_mode)
2490 cc->g_flag = eei->send_idx;
2491
2492 int nok;
2493 if (!eei || !eei->card)
2494 nok = MSG_CW_NOK1; //share no more available
2495 else
2496 nok = MSG_CW_NOK2; //can't decode
2497 cc_cmd_send(cl, NULL, 0, nok);
2498 }
2499 cc->server_ecm_pending--;
2500 free(eei);
2501 cs_debug_mask(D_FUT, "cc_send_dcw out");
2502}
2503
2504int cc_recv(struct s_client *cl, uchar *buf, int l) {
2505 int n;
2506 uchar *cbuf;
2507 struct cc_data *cc = cl->cc;
2508
2509 if (buf == NULL || l <= 0)
2510 return -1;
2511 cbuf = malloc(l);
2512 memcpy(cbuf, buf, l); // make a copy of buf
2513
2514 pthread_mutex_lock(&cc->lock);
2515
2516 n = cc_msg_recv(cl, cbuf); // recv and decrypt msg
2517
2518 //cs_ddump(cbuf, n, "cccam: received %d bytes from %s", n, remote_txt());
2519 cl->last = time((time_t *) 0);
2520
2521 if (n <= 0) {
2522 cs_log("%s connection closed by %s", getprefix(), remote_txt());
2523 n = -1;
2524 } else if (n < 4) {
2525 cs_log("%s packet to small (%d bytes)", getprefix(), n);
2526 n = -1;
2527 } else {
2528 // parse it and write it back, if we have received something of value
2529 n = cc_parse_msg(cl, cbuf, n);
2530 memcpy(buf, cbuf, l);
2531 }
2532
2533 pthread_mutex_unlock(&cc->lock);
2534
2535 NULLFREE(cbuf);
2536
2537 if (n == -1) {
2538 if (cl->typ != 'c')
2539 cc_cli_close(cl, TRUE);
2540 }
2541
2542 return n;
2543}
2544
2545struct s_auth *get_account(char *usr) {
2546 struct s_auth *account;
2547 for (account = cfg->account; account; account = account->next) {
2548 if (strcmp(usr, account->usr) == 0) {
2549 return account;
2550 }
2551 }
2552 return NULL;
2553}
2554
2555/**
2556 * This function checks for hexserial changes on cards.
2557 * We update the share-list if a card has changed
2558 */
2559ulong get_reader_hexserial_crc(struct s_client *cl) {
2560 if (!cl->aureader)
2561 return 0;
2562
2563 ulong crc = 0;
2564 struct s_reader *rdr;
2565 for (rdr = first_reader; rdr; rdr = rdr->next) {
2566 if (rdr->enable && !rdr->deleted && rdr->client && !rdr->audisabled)
2567 crc += crc32(0, rdr->hexserial, 8);
2568 }
2569 return crc;
2570}
2571
2572ulong get_reader_prid(struct s_reader *rdr, int j) {
2573 ulong prid;
2574 if (!(rdr->typ & R_IS_CASCADING)) { // Read cardreaders have 4-byte Providers
2575 prid = (rdr->prid[j][0] << 24) | (rdr->prid[j][1] << 16)
2576 | (rdr->prid[j][2] << 8) | (rdr->prid[j][3] & 0xFF);
2577 } else { // Cascading/Network-reader 3-bytes Providers
2578 prid = (rdr->prid[j][0] << 16) | (rdr->prid[j][1] << 8)
2579 | (rdr->prid[j][2] & 0xFF);
2580 }
2581 return prid;
2582}
2583
2584void copy_sids(LLIST *dst, LLIST *src) {
2585 LL_ITER *it_src = ll_iter_create(src);
2586 LL_ITER *it_dst = ll_iter_create(dst);
2587 struct cc_srvid *srvid_src;
2588 struct cc_srvid *srvid_dst;
2589 while ((srvid_src=ll_iter_next(it_src))) {
2590 ll_iter_reset(it_dst);
2591 while ((srvid_dst=ll_iter_next(it_dst))) {
2592 if (sid_eq(srvid_src, srvid_dst))
2593 break;
2594 }
2595 if (!srvid_dst) {
2596 srvid_dst = malloc(sizeof(struct cc_srvid));
2597 memcpy(srvid_dst, srvid_src, sizeof(struct cc_srvid));
2598 ll_append(dst, srvid_dst);
2599 }
2600 }
2601 ll_iter_release(it_dst);
2602 ll_iter_release(it_src);
2603}
2604
2605int add_card_providers(struct cc_card *dest_card, struct cc_card *card,
2606 int copy_remote_nodes) {
2607 int modified = 0;
2608
2609 //1. Copy nonexisting providers, ignore double:
2610 struct cc_provider *prov_info;
2611 LL_ITER *it_dst, *it_src = ll_iter_create(card->providers);
2612 struct cc_provider *provider;
2613 while ((provider = ll_iter_next(it_src))) {
2614 it_dst = ll_iter_create(dest_card->providers);
2615 while ((prov_info = ll_iter_next(it_dst))) {
2616 if (prov_info->prov == provider->prov)
2617 break;
2618 }
2619 ll_iter_release(it_dst);
2620 if (!prov_info) {
2621 struct cc_provider *prov_new = malloc(sizeof(struct cc_provider));
2622 memcpy(prov_new, provider, sizeof(struct cc_provider));
2623 ll_append(dest_card->providers, prov_new);
2624 modified = 1;
2625 }
2626 }
2627 ll_iter_release(it_src);
2628
2629 if (copy_remote_nodes) {
2630 //2. Copy nonexisting remote_nodes, ignoring existing:
2631 it_src = ll_iter_create(card->remote_nodes);
2632 uint8 *remote_node;
2633 uint8 *remote_node2;
2634 while ((remote_node = ll_iter_next(it_src))) {
2635 it_dst = ll_iter_create(dest_card->remote_nodes);
2636 while ((remote_node2 = ll_iter_next(it_dst))) {
2637 if (memcmp(remote_node, remote_node2, 8) == 0)
2638 break;
2639 }
2640 ll_iter_release(it_dst);
2641 if (!remote_node2) {
2642 uint8* remote_node_new = malloc(8);
2643 memcpy(remote_node_new, remote_node, 8);
2644 ll_append(dest_card->remote_nodes, remote_node_new);
2645 modified = 1;
2646 }
2647 }
2648 ll_iter_release(it_src);
2649 }
2650 return modified;
2651}
2652
2653struct cc_card *create_card(struct cc_card *card) {
2654 struct cc_card *card2 = malloc(sizeof(struct cc_card));
2655 if (card)
2656 memcpy(card2, card, sizeof(struct cc_card));
2657 else
2658 memset(card2, 0, sizeof(struct cc_card));
2659 card2->providers = ll_create();
2660 card2->badsids = ll_create();
2661 card2->goodsids = ll_create();
2662 card2->remote_nodes = ll_create();
2663
2664 if (card) {
2665 copy_sids(card2->goodsids, card->goodsids);
2666 copy_sids(card2->badsids, card->badsids);
2667 }
2668
2669 return card2;
2670}
2671
2672struct cc_card *create_card2(struct s_reader *rdr, int j, uint16 caid, uint8 hop, uint8 reshare) {
2673
2674 struct cc_card *card = create_card(NULL);
2675 uint8 rid[4];
2676 rid[3] = rdr->cc_id >> 24;
2677 rid[2] = rdr->cc_id >> 16;
2678 rid[1] = j >> 8;
2679 rid[0] = j & 0xFF;
2680 memcpy(&card->remote_id, rid, 4);
2681 card->caid = caid;
2682 card->hop = hop;
2683 card->maxdown = reshare;
2684 return card;
2685}
2686
2687/**
2688 * Adds a new card to a cardlist.
2689 */
2690int add_card_to_serverlist(struct s_reader *rdr, struct s_client *cl, LLIST *cardlist, struct cc_card *card, int reshare) {
2691
2692 if (!chk_ident(&cl->ftab, card))
2693 return 0;
2694 if (rdr && !chk_ident(&rdr->client->ftab, card))
2695 return 0;
2696
2697 struct cc_data *cc = cl->cc;
2698 int modified = 0;
2699 LL_ITER *it = ll_iter_create(cardlist);
2700 struct cc_card *card2;
2701
2702 //Minimize all, transmit just CAID
2703 if (cfg->cc_minimize_cards == MINIMIZE_CAID) {
2704 while ((card2 = ll_iter_next(it)))
2705 if (card2->caid == card->caid)
2706 break;
2707 if (!card2) {
2708 card2 = create_card(card);
2709 card2->hop = card->hop;
2710 card2->remote_id = card->remote_id;
2711 card2->maxdown = reshare;
2712 ll_clear_data(card2->badsids);
2713 ll_append(cardlist, card2);
2714 modified = 1;
2715
2716 //Null-Provider for all Providers!
2717 struct cc_provider *prov_new = malloc(sizeof(struct cc_provider));
2718 memset(prov_new, 0, sizeof(struct cc_provider));
2719 ll_append(card2->providers, prov_new);
2720 } else {
2721 if (card->hop < card2->hop) {
2722 card2->hop = card->hop;
2723 modified = 1;
2724 }
2725 else cc->card_dup_count++;
2726 }
2727
2728 } else if (cfg->cc_minimize_cards == MINIMIZE_HOPS) {
2729 while ((card2 = ll_iter_next(it))) {
2730 if (card2->caid == card->caid && ll_count(card2->providers)
2731 < CS_MAXPROV)
2732 break;
2733 }
2734 if (!card2) {
2735 card2 = create_card(card);
2736 card2->hop = card->hop;
2737 card2->remote_id = card->remote_id;
2738 card2->maxdown = reshare;
2739 ll_clear_data(card2->badsids);
2740 ll_append(cardlist, card2);
2741 modified = 1;
2742 } else {
2743 if (card->hop < card2->hop) {
2744 card2->hop = card->hop;
2745 modified = 1;
2746 }
2747 else cc->card_dup_count++;
2748
2749 }
2750 if (add_card_providers(card2, card, 0))
2751 modified = 1;
2752 } else { //just remove duplicate cards
2753 while ((card2 = ll_iter_next(it))) {
2754 if (same_card(card, card2))
2755 break;
2756 }
2757 if (card2 && card2->hop > card->hop) {
2758 cc_free_card(card2);
2759 ll_iter_remove(it);
2760 card2 = NULL;
2761 cc->card_dup_count++;
2762 }
2763 if (!card2) {
2764 card2 = create_card(card);
2765 card2->hop = card->hop;
2766 card2->remote_id = card->remote_id;
2767 card2->maxdown = reshare;
2768 ll_append(cardlist, card2);
2769 modified = 1;
2770 if (add_card_providers(card2, card, 1))
2771 modified = 1;
2772 }
2773 else cc->card_dup_count++;
2774 }
2775 ll_iter_release(it);
2776 return modified;
2777}
2778
2779int find_reported_card(struct s_client * cl, struct cc_card *card1)
2780{
2781 struct cc_data *cc = cl->cc;
2782
2783 LL_ITER *it = ll_iter_create(cc->reported_carddatas);
2784 struct cc_card *card2;
2785 while ((card2 = ll_iter_next(it))) {
2786 if (same_card(card1, card2)) {
2787 card1->id = card2->id; //Set old id !!
2788 cc_free_card(card2);
2789 ll_iter_remove(it);
2790 ll_iter_release(it);
2791 return 1; //Old card and new card are equal!
2792 }
2793 }
2794 ll_iter_release(it);
2795 return 0; //Card not found
2796}
2797
2798int report_card(struct s_client *cl, struct cc_card *card, LLIST *new_reported_carddatas)
2799{
2800 int res = 0;
2801 struct cc_data *cc = cl->cc;
2802 int ext = cc->cccam220;
2803 if (!find_reported_card(cl, card)) { //Add new card:
2804 uint8 buf[CC_MAXMSGSIZE];
2805 if (!cc->report_carddata_id)
2806 cc->report_carddata_id = 0x64;
2807 card->id = cc->report_carddata_id;
2808 cc->report_carddata_id++;
2809
2810 int len = write_card(cc, buf, card, TRUE, ext);
2811 res = cc_cmd_send(cl, buf, len, ext?MSG_NEW_CARD_SIDINFO:MSG_NEW_CARD);
2812 cc->card_added_count++;
2813 }
2814 cc_add_reported_carddata(new_reported_carddatas, card);
2815 return res;
2816}
2817
2818/**
2819 * Server:
2820 * Reports all caid/providers to the connected clients
2821 * returns 1=ok, 0=error
2822 */
2823int cc_srv_report_cards(struct s_client *cl) {
2824 int j;
2825 uint k;
2826 uint8 hop = 0;
2827 int reshare, usr_reshare, reader_reshare, maxhops, flt = 0;
2828
2829 struct cc_data *cc = cl->cc;
2830
2831 struct s_auth *account = get_account(cl->usr);
2832 if (account) {
2833 maxhops = account->cccmaxhops;
2834 usr_reshare = account->cccreshare;
2835 } else {
2836 maxhops = 10;
2837 usr_reshare = cfg->cc_reshare;
2838 }
2839
2840 LLIST *server_cards = ll_create();
2841 if (!cc->reported_carddatas)
2842 cc->reported_carddatas = ll_create();
2843 LLIST *new_reported_carddatas = ll_create();
2844
2845 cc->card_added_count = 0;
2846 cc->card_removed_count = 0;
2847 cc->card_dup_count = 0;
2848
2849 int isau = (cl->aureader)?1:0;
2850
2851 struct s_reader *rdr;
2852 for (rdr = first_reader; rdr; rdr = rdr->next) {
2853 if (!rdr->fd || !rdr->enable || rdr->deleted)
2854 continue;
2855 if (!(rdr->grp & cl->grp))
2856 continue;
2857 reader_reshare = rdr->cc_reshare;
2858
2859 reshare = (reader_reshare < usr_reshare) ? reader_reshare : usr_reshare;
2860 if (reshare < 0)
2861 continue;
2862
2863 if (!rdr->cc_id) {
2864 int r = get_ridx(rdr) + 0x64;
2865 rdr->cc_id = r << 24 | r << 16 | fast_rnd() << 8 | fast_rnd();
2866 }
2867
2868 int au_allowed = !rdr->audisabled && isau;
2869
2870 flt = 0;
2871 if (rdr->typ != R_CCCAM && rdr->ftab.filts) {
2872 for (j = 0; j < CS_MAXFILTERS; j++) {
2873 if (rdr->ftab.filts[j].caid &&
2874 chk_ctab(rdr->ftab.filts[j].caid, &cl->ctab)) {
2875 int ignore = 0;
2876 ushort caid = rdr->ftab.filts[j].caid;
2877 struct cc_card *card = create_card2(rdr, j, caid, hop, reshare);
2878 //Setting UA: (Unique Address):
2879 if (au_allowed)
2880 cc_UA_oscam2cccam(rdr->hexserial, card->hexserial, caid);
2881 //cs_log("Ident CCcam card report caid: %04X readr %s subid: %06X", rdr->ftab.filts[j].caid, rdr->label, rdr->cc_id);
2882 for (k = 0; k < rdr->ftab.filts[j].nprids; k++) {
2883 struct cc_provider *prov = malloc(sizeof(struct cc_provider));
2884 memset(prov, 0, sizeof(struct cc_provider));
2885 prov->prov = rdr->ftab.filts[j].prids[k];
2886 if (!chk_srvid_by_caid_prov(cl, caid, prov->prov, 0)) {
2887 ignore = 1;
2888 }
2889 //cs_log("Ident CCcam card report provider: %02X%02X%02X", buf[21 + (k*7)]<<16, buf[22 + (k*7)], buf[23 + (k*7)]);
2890 if (au_allowed) {
2891 int l;
2892 for (l = 0; l < rdr->nprov; l++) {
2893 ulong rprid = get_reader_prid(rdr, l);
2894 if (rprid == prov->prov)
2895 cc_SA_oscam2cccam(&rdr->sa[l][0], prov->sa);
2896 }
2897 }
2898 ll_append(card->providers, prov);
2899 }
2900
2901 if (!ignore) add_card_to_serverlist(rdr, cl, server_cards, card, reshare);
2902 else cc_free_card(card);
2903 flt = 1;
2904 }
2905 }
2906 }
2907
2908 if (rdr->typ != R_CCCAM && !rdr->caid[0] && !flt) {
2909 flt = 0;
2910 for (j = 0; j < CS_MAXCAIDTAB; j++) {
2911 //cs_log("CAID map CCcam card report caid: %04X cmap: %04X", rdr->ctab.caid[j], rdr->ctab.cmap[j]);
2912 ushort lcaid = rdr->ctab.caid[j];
2913
2914 if (!lcaid || (lcaid == 0xFFFF))
2915 lcaid = rdr->ctab.cmap[j];
2916
2917 if (lcaid && (lcaid != 0xFFFF)) {
2918 struct cc_card *card = create_card2(rdr, j, lcaid, hop, reshare);
2919 if (au_allowed)
2920 cc_UA_oscam2cccam(rdr->hexserial, card->hexserial, lcaid);
2921
2922 if (chk_ctab(lcaid, &cl->ctab))
2923 add_card_to_serverlist(rdr, cl, server_cards, card, reshare);
2924 else
2925 cc_free_card(card);
2926 flt = 1;
2927 }
2928 }
2929 }
2930
2931 if (rdr->typ != R_CCCAM && rdr->caid[0] && !flt && chk_ctab(rdr->caid[0], &cl->ctab)) {
2932 //cs_log("tcp_connected: %d card_status: %d ", rdr->tcp_connected, rdr->card_status);
2933 ushort caid = rdr->caid[0];
2934 struct cc_card *card = create_card2(rdr, 0, caid, hop, reshare);
2935 if (au_allowed)
2936 cc_UA_oscam2cccam(rdr->hexserial, card->hexserial, caid);
2937 for (j = 0; j < rdr->nprov; j++) {
2938 ulong prid = get_reader_prid(rdr, j);
2939 struct cc_provider *prov = malloc(sizeof(struct cc_provider));
2940 memset(prov, 0, sizeof(struct cc_provider));
2941 prov->prov = prid;
2942 //cs_log("Ident CCcam card report provider: %02X%02X%02X", buf[21 + (k*7)]<<16, buf[22 + (k*7)], buf[23 + (k*7)]);
2943 if (au_allowed) {
2944 int l; //Setting SA (Shared Addresses):
2945 for (l = 0; l < rdr->nprov; l++) {
2946 ulong rprid = get_reader_prid(rdr, l);
2947 if (rprid == prid)
2948 cc_SA_oscam2cccam(&rdr->sa[l][0], prov->sa);
2949 }
2950 }
2951 ll_append(card->providers, prov);
2952 //cs_log("Main CCcam card report provider: %02X%02X%02X%02X", buf[21+(j*7)], buf[22+(j*7)], buf[23+(j*7)], buf[24+(j*7)]);
2953 }
2954 if ((rdr->tcp_connected || rdr->card_status == CARD_INSERTED) /*&& !rdr->cc_id*/) {
2955 //rdr->cc_id = b2i(3, buf + 5);
2956 add_card_to_serverlist(rdr, cl, server_cards, card, reshare);
2957 }
2958 else
2959 cc_free_card(card);
2960 }
2961
2962 if (rdr->typ == R_CCCAM && !flt) {
2963
2964 cs_debug_mask(D_TRACE, "%s asking reader %s for cards...",
2965 getprefix(), rdr->label);
2966
2967 struct cc_card *card;
2968 struct s_client *rc = rdr->client;
2969 struct cc_data *rcc = rc->cc;
2970
2971 int count = 0;
2972 if (rcc && rcc->cards) {
2973 pthread_mutex_lock(&rcc->cards_busy);
2974
2975 LL_ITER *it = ll_iter_create(rcc->cards);
2976 while ((card = ll_iter_next(it))) {
2977 if (card->hop <= maxhops && chk_ctab(card->caid, &cl->ctab)
2978 && chk_ctab(card->caid, &rdr->ctab)) {
2979
2980 if ((cfg->cc_ignore_reshare || card->maxdown > 0)) {
2981 int ignore = 0;
2982
2983 LL_ITER *it2 = ll_iter_create(card->providers);
2984 struct cc_provider *prov;
2985 while ((prov = ll_iter_next(it2))) {
2986 ulong prid = prov->prov;
2987 if (!chk_srvid_by_caid_prov(cl, card->caid,
2988 prid, 0) || !chk_srvid_by_caid_prov(
2989 rdr->client, card->caid, prid, 0)) {
2990 ignore = 1;
2991 break;
2992 }
2993 }
2994 ll_iter_release(it2);
2995
2996 if (!ignore) { //Filtered by service
2997 int new_reshare =
2998 cfg->cc_ignore_reshare ? reshare
2999 : (card->maxdown - 1);
3000 if (new_reshare > reshare)
3001 new_reshare = reshare;
3002 add_card_to_serverlist(rdr, cl, server_cards, card,
3003 new_reshare);
3004 count++;
3005 }
3006 }
3007 }
3008 }
3009 ll_iter_release(it);
3010 pthread_mutex_unlock(&rcc->cards_busy);
3011 }
3012 cs_debug_mask(D_TRACE, "%s got %d cards from %s", getprefix(),
3013 count, rdr->label);
3014 }
3015 }
3016
3017 int ok = TRUE;
3018 //report reshare cards:
3019 //cs_debug_mask(D_TRACE, "%s reporting %d cards", getprefix(), ll_count(server_cards));
3020 LL_ITER *it = ll_iter_create(server_cards);
3021 struct cc_card *card;
3022 while (ok && (card = ll_iter_next(it))) {
3023 //cs_debug_mask(D_TRACE, "%s card %d caid %04X hop %d", getprefix(), card->id, card->caid, card->hop);
3024
3025 ok =report_card(cl, card, new_reported_carddatas) >= 0;
3026 ll_iter_remove(it);
3027 }
3028 ll_iter_release(it);
3029 cc_free_cardlist(server_cards, TRUE);
3030
3031 //remove unsed, remaining cards:
3032 cc->card_removed_count += cc_free_reported_carddata(cl, cc->reported_carddatas, new_reported_carddatas, ok);
3033 cc->reported_carddatas = new_reported_carddatas;
3034
3035 cs_log("%s reported/updated +%d/-%d/dup %d of %d cards to client", getprefix(),
3036 cc->card_added_count, cc->card_removed_count, cc->card_dup_count, ll_count(cc->reported_carddatas));
3037 return ok;
3038}
3039
3040void cc_init_cc(struct cc_data *cc) {
3041 pthread_mutexattr_t mta;
3042 pthread_mutexattr_init(&mta);
3043#if defined(OS_CYGWIN32) || defined(OS_HPUX) || defined(OS_FREEBSD) || defined(OS_MACOSX)
3044 pthread_mutexattr_settype(&mta, PTHREAD_MUTEX_RECURSIVE);
3045#else
3046 pthread_mutexattr_settype(&mta, PTHREAD_MUTEX_RECURSIVE_NP);
3047#endif
3048 pthread_mutex_init(&cc->lock, NULL); //No recursive lock
3049 pthread_mutex_init(&cc->ecm_busy, NULL); //No recusive lock
3050 pthread_mutex_init(&cc->cards_busy, &mta); //Recursive lock
3051}
3052
3053/**
3054 * Starting readers to get cards:
3055 **/
3056int cc_srv_wakeup_readers(struct s_client *cl) {
3057 int wakeup = 0;
3058 struct s_reader *rdr;
3059 for (rdr = first_reader; rdr; rdr = rdr->next) {
3060 if (rdr->typ != R_CCCAM)
3061 continue;
3062 if (!rdr->fd || !rdr->enable || rdr->deleted || rdr->tcp_connected == 2)
3063 continue;
3064 if (!(rdr->grp & cl->grp))
3065 continue;
3066 if (rdr->cc_keepalive) //if reader has keepalive but is NOT connected, reader can't connect. so don't ask him
3067 continue;
3068
3069 //This wakeups the reader:
3070 uchar dummy;
3071 write_to_pipe(rdr->fd, PIP_ID_CIN, &dummy, sizeof(dummy));
3072 wakeup++;
3073 }
3074 return wakeup;
3075}
3076
3077int cc_cards_modified() {
3078 int modified = 0;
3079 struct s_reader *rdr;
3080 for (rdr = first_reader; rdr; rdr = rdr->next) {
3081 if (rdr->typ == R_CCCAM && rdr->fd && rdr->enable && !rdr->deleted) {
3082 struct s_client *clr = rdr->client;
3083 if (clr->cc) {
3084 struct cc_data *ccr = clr->cc;
3085 modified += ccr->cards_modified;
3086 }
3087 }
3088 }
3089 return modified;
3090}
3091
3092int check_cccam_compat(struct cc_data *cc) {
3093 int res = 0;
3094 if (strcmp(cfg->cc_version, "2.2.0") == 0 || strcmp(cfg->cc_version, "2.2.1") == 0) {
3095
3096 if (strcmp(cc->remote_version, "2.2.0") == 0 || strcmp(cc->remote_version, "2.2.1") == 0) {
3097 res = 1;
3098 }
3099 }
3100 return res;
3101}
3102
3103int cc_srv_connect(struct s_client *cl) {
3104 cs_debug_mask(D_FUT, "cc_srv_connect in");
3105 int i, wait_for_keepalive;
3106 ulong cmi;
3107 uint8 buf[CC_MAXMSGSIZE];
3108 uint8 data[16];
3109 char usr[21], pwd[21];
3110 struct s_auth *account;
3111 struct cc_data *cc = cl->cc;
3112 uchar mbuf[1024];
3113
3114 memset(usr, 0, sizeof(usr));
3115 memset(pwd, 0, sizeof(pwd));
3116
3117 //SS: Use last cc data for faster reconnects:
3118 if (!cc) {
3119 // init internals data struct
3120 cc = malloc(sizeof(struct cc_data));
3121 if (cc == NULL) {
3122 cs_log("cannot allocate memory");
3123 return -1;
3124 }
3125
3126 cl->cc = cc;
3127 memset(cl->cc, 0, sizeof(struct cc_data));
3128 cc->extended_ecm_idx = ll_create();
3129
3130 cc_init_cc(cc);
3131 }
3132 cc->server_ecm_pending = 0;
3133 cc->extended_mode = 0;
3134 cc->cmd0c_mode = MODE_CMD_0x0C_NONE;
3135
3136 //Create checksum for "O" cccam:
3137 for (i = 0; i < 12; i++) {
3138 data[i] = fast_rnd();
3139 }
3140 for (i = 0; i < 4; i++) {
3141 data[12 + i] = (data[i] + data[4 + i] + data[8 + i]) & 0xff;
3142 }
3143
3144 send(cl->udp_fd, data, 16, 0);
3145
3146 cc_xor(data); // XOR init bytes with 'CCcam'
3147
3148 SHA_CTX ctx;
3149 SHA1_Init(&ctx);
3150 SHA1_Update(&ctx, data, 16);
3151 SHA1_Final(buf, &ctx);
3152
3153 cc_init_crypt(&cc->block[ENCRYPT], buf, 20);
3154 cc_crypt(&cc->block[ENCRYPT], data, 16, DECRYPT);
3155 cc_init_crypt(&cc->block[DECRYPT], data, 16);
3156 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
3157
3158 if ((i = recv(cl->pfd, buf, 20, MSG_WAITALL)) == 20) {
3159 cs_ddump(buf, 20, "cccam: recv:");
3160 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
3161 cs_ddump(buf, 20, "cccam: hash:");
3162 } else
3163 return -1;
3164
3165 // receive username
3166 if ((i = recv(cl->pfd, buf, 20, MSG_WAITALL)) == 20) {
3167 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
3168
3169 strncpy(usr, (char *) buf, sizeof(usr));
3170
3171 //test for nonprintable characters:
3172 for (i = 0; i < 20; i++) {
3173 if (usr[i] > 0 && usr[i] < 0x20) { //found nonprintable char
3174 cs_debug("illegal username received");
3175 return -1;
3176 }
3177 }
3178 cs_ddump(buf, 20, "cccam: username '%s':", usr);
3179 } else
3180 return -1;
3181
3182 cl->crypted = 1;
3183
3184 for (account = cfg->account; account; account = account->next) {
3185 if (strcmp(usr, account->usr) == 0) {
3186 strncpy(pwd, account->pwd, sizeof(pwd));
3187 break;
3188 }
3189 }
3190
3191 if (cs_auth_client(cl, account, NULL)) { //cs_auth_client returns 0 if account is valid/active/accessible
3192 cs_log("account '%s' not found!", usr);
3193 return -1;
3194 }
3195
3196 if (!cc->prefix)
3197 cc->prefix = malloc(strlen(cl->usr)+20);
3198 sprintf(cc->prefix, "cccam(s) %s: ", cl->usr);
3199
3200 // receive passwd / 'CCcam'
3201 cc_crypt(&cc->block[DECRYPT], (uint8 *) pwd, strlen(pwd), ENCRYPT);
3202 if ((i = recv(cl->pfd, buf, 6, MSG_WAITALL)) == 6) {
3203 cc_crypt(&cc->block[DECRYPT], buf, 6, DECRYPT);
3204 //cs_ddump(buf, 6, "cccam: pwd check '%s':", buf); //illegal buf-bytes could kill the logger!
3205 if (memcmp(buf, "CCcam\0", 6) != 0) {
3206 cs_log("account '%s' wrong password!", usr);
3207 cs_add_violation((uint)cl->ip);
3208 return -1;
3209 }
3210 } else
3211 return -1;
3212
3213 //Starting readers to get cards:
3214 int wakeup = cc_srv_wakeup_readers(cl);
3215
3216 // send passwd ack
3217 memset(buf, 0, 20);
3218 memcpy(buf, "CCcam\0", 6);
3219 cs_ddump(buf, 20, "cccam: send ack:");
3220 cc_crypt(&cc->block[ENCRYPT], buf, 20, ENCRYPT);
3221 send(cl->pfd, buf, 20, 0);
3222
3223 // recv cli data
3224 memset(buf, 0, sizeof(buf));
3225 i = cc_msg_recv(cl, buf);
3226 if (i < 0)
3227 return -1;
3228 cs_ddump(buf, i, "cccam: cli data:");
3229 memcpy(cc->peer_node_id, buf + 24, 8);
3230
3231 strncpy(cc->remote_version, (char*)buf+33, sizeof(cc->remote_version)-1);
3232 strncpy(cc->remote_build, (char*)buf+65, sizeof(cc->remote_build)-1);
3233
3234 cs_log("%s client '%s' (%s) running v%s (%s)", getprefix(), buf + 4,
3235 cs_hexdump(0, cc->peer_node_id, 8), cc->remote_version, cc->remote_build);
3236
3237 // send cli data ack
3238 cc_cmd_send(cl, NULL, 0, MSG_CLI_DATA);
3239
3240 if (cc_send_srv_data(cl) < 0)
3241 return -1;
3242
3243 cc->cccam220 = check_cccam_compat(cc);
3244
3245 // report cards
3246 ulong hexserial_crc = get_reader_hexserial_crc(cl);
3247
3248 if (wakeup > 0) //give readers time to get cards:
3249 cs_sleepms(500);
3250
3251 if (!cc_srv_report_cards(cl))
3252 return -1;
3253 cs_ftime(&cc->ecm_time);
3254
3255 cmi = 0;
3256 wait_for_keepalive = 0;
3257 // check for client timeout, if timeout occurs try to send keepalive
3258 while (cl->pfd)
3259 {
3260 i = process_input(mbuf, sizeof(mbuf), 10); //cfg->cmaxidle);
3261 if (i == -9) {
3262 cmi += 10;
3263 if (cfg->cmaxidle && cmi >= cfg->cmaxidle) {
3264 cmi = 0;
3265 if (!cl->ncd_keepalive && !cfg->cc_keep_connected) {
3266 cs_debug_mask(D_TRACE, "%s keepalive after maxidle is reached",
3267 getprefix());
3268 break; //Disconnect client
3269 }
3270 else if (cc->extended_mode) //special handling for "oscam"-cccam clients:
3271 {
3272 if (cc_cmd_send(cl, NULL, 0, MSG_KEEPALIVE) < 0)
3273 break;
3274 cs_debug("cccam: keepalive");
3275 cc->answer_on_keepalive = time(NULL);
3276 wait_for_keepalive = 1;
3277 continue;
3278 }
3279 }
3280 if (wait_for_keepalive)
3281 break; //got no answer -> disconnect
3282
3283 } else if (i <= 0)
3284 break; //Disconnected by client
3285 else { //data is parsed!
3286 cmi = 0;
3287 wait_for_keepalive = 0;
3288 }
3289 if (cc->mode != CCCAM_MODE_NORMAL || cl->dup)
3290 break; //mode wrong or duplicate user -->disconect
3291
3292 if (!cc->server_ecm_pending) {
3293 struct timeb timeout;
3294 struct timeb cur_time;
3295 cs_ftime(&cur_time);
3296 timeout = cc->ecm_time;
3297 timeout.time += cfg->cc_update_interval;
3298
3299 int needs_card_updates = (cfg->cc_update_interval >= 0)
3300 && comp_timeb(&cur_time, &timeout) > 0;
3301
3302 if (needs_card_updates) {
3303 cc->ecm_time = cur_time;
3304 ulong new_hexserial_crc = get_reader_hexserial_crc(cl);
3305 int cards_modified = cc_cards_modified();
3306 if (new_hexserial_crc != hexserial_crc || cards_modified
3307 != cc->cards_modified) {
3308 cs_debug_mask(D_TRACE, "%s update share list",
3309 getprefix());
3310
3311 hexserial_crc = new_hexserial_crc;
3312 cc->cards_modified = cards_modified;
3313
3314 if (!cc_srv_report_cards(cl))
3315 return -1;
3316 }
3317 }
3318 }
3319 }
3320
3321 cs_debug_mask(D_FUT, "cc_srv_connect out");
3322 return 0;
3323}
3324
3325void * cc_srv_init(struct s_client *cl) {
3326 cl->thread = pthread_self();
3327 pthread_setspecific(getclient, cl);
3328
3329 cs_debug_mask(D_FUT, "cc_srv_init in");
3330 cl->pfd = cl->udp_fd;
3331 if (cc_srv_connect(cl) < 0)
3332 cs_log("cccam: %d failed errno: %d (%s)", __LINE__, errno, strerror(
3333 errno));
3334 cc_cleanup(cl);
3335 cs_debug_mask(D_FUT, "cc_srv_init out");
3336 cs_disconnect_client(cl);
3337 return NULL; //suppress compiler warning
3338}
3339
3340int cc_cli_connect(struct s_client *cl) {
3341 cs_debug_mask(D_FUT, "cc_cli_connect in");
3342 struct s_reader *rdr = cl->reader;
3343 struct cc_data *cc = cl->cc;
3344
3345 if (cc && cc->mode != CCCAM_MODE_NORMAL)
3346 return -99;
3347
3348 if (!cl->udp_fd) {
3349 cc_cli_init_int(cl);
3350 return -1; // cc_cli_init_int calls cc_cli_connect, so exit here!
3351 }
3352
3353 if (is_connect_blocked(rdr)) {
3354 cs_log("%s connection blocked, retrying later", rdr->label);
3355 return -1;
3356 }
3357
3358 int handle, n;
3359 uint8 data[20];
3360 uint8 hash[SHA_DIGEST_LENGTH];
3361 uint8 buf[CC_MAXMSGSIZE];
3362 char pwd[64];
3363
3364 // check cred config
3365 if (rdr->device[0] == 0 || rdr->r_pwd[0] == 0 || rdr->r_usr[0] == 0
3366 || rdr->r_port == 0) {
3367 cs_log("%s configuration error!", rdr->label);
3368 return -5;
3369 }
3370
3371 // connect
3372 handle = network_tcp_connection_open();
3373 if (handle <= 0) {
3374 cs_log("%s network connect error!", rdr->label);
3375 return -1;
3376 }
3377 if (errno == EISCONN) {
3378 cc_cli_close(cl, FALSE);
3379
3380 block_connect(rdr);
3381 return -1;
3382 }
3383
3384 // get init seed
3385 if ((n = recv(handle, data, 16, MSG_WAITALL)) != 16) {
3386 int err = errno;
3387 cs_log("%s server does not return 16 bytes (n=%d, handle=%d, udp_fd=%d, errno=%d)",
3388 rdr->label, n, handle, cl->udp_fd, err);
3389 block_connect(rdr);
3390 return -2;
3391 }
3392
3393 if (!cc) {
3394 // init internals data struct
3395 cc = malloc(sizeof(struct cc_data));
3396 if (cc == NULL) {
3397 cs_log("%s cannot allocate memory", rdr->label);
3398 return -1;
3399 }
3400 memset(cc, 0, sizeof(struct cc_data));
3401 cc->cards = ll_create();
3402 cl->cc = cc;
3403 cc->pending_emms = ll_create();
3404 cc->extended_ecm_idx = ll_create();
3405 cc->current_cards = ll_create();
3406 cc_init_cc(cc);
3407 } else {
3408 if (cc->cards) {
3409 LL_ITER *it = ll_iter_create(cc->cards);
3410 struct cc_card *card;
3411 while ((card = ll_iter_next(it))) {
3412 cc_free_card(card);
3413 ll_iter_remove(it);
3414 }
3415 ll_iter_release(it);
3416 }
3417 if (cc->current_cards)
3418 free_current_cards(cc->current_cards);
3419 if (cc->extended_ecm_idx)
3420 free_extended_ecm_idx(cc);
3421
3422 pthread_mutex_trylock(&cc->ecm_busy);
3423 pthread_mutex_unlock(&cc->ecm_busy);
3424 }
3425 if (!cc->prefix)
3426 cc->prefix = malloc(strlen(cl->reader->label)+20);
3427 sprintf(cc->prefix, "cccam(r) %s: ", cl->reader->label);
3428
3429 cc->ecm_counter = 0;
3430 cc->max_ecms = 0;
3431 cc->cmd05_mode = MODE_UNKNOWN;
3432 cc->cmd05_offset = 0;
3433 cc->cmd05_active = 0;
3434 cc->cmd05_data_len = 0;
3435 cc->answer_on_keepalive = time(NULL);
3436 cc->extended_mode = 0;
3437 memset(&cc->cmd05_data, 0, sizeof(cc->cmd05_data));
3438
3439 cs_ddump(data, 16, "cccam: server init seed:");
3440
3441 uint16 sum = 0x1234;
3442 uint16 recv_sum = (data[14] << 8) | data[15];
3443 int i;
3444 for (i = 0; i < 14; i++) {
3445 sum += data[i];
3446 }
3447 //Create special data to detect oscam-cccam:
3448 cc->is_oscam_cccam = sum == recv_sum;
3449
3450 cc_xor(data); // XOR init bytes with 'CCcam'
3451
3452 SHA_CTX ctx;
3453 SHA1_Init(&ctx);
3454 SHA1_Update(&ctx, data, 16);
3455 SHA1_Final(hash, &ctx);
3456
3457 cs_ddump(hash, sizeof(hash), "cccam: sha1 hash:");
3458
3459 //initialisate crypto states
3460 cc_init_crypt(&cc->block[DECRYPT], hash, 20);
3461 cc_crypt(&cc->block[DECRYPT], data, 16, DECRYPT);
3462 cc_init_crypt(&cc->block[ENCRYPT], data, 16);
3463 cc_crypt(&cc->block[ENCRYPT], hash, 20, DECRYPT);
3464
3465 cc_cmd_send(cl, hash, 20, MSG_NO_HEADER); // send crypted hash to server
3466
3467 memset(buf, 0, sizeof(buf));
3468 memcpy(buf, rdr->r_usr, strlen(rdr->r_usr));
3469 cs_ddump(buf, 20, "cccam: username '%s':", buf);
3470 cc_cmd_send(cl, buf, 20, MSG_NO_HEADER); // send usr '0' padded -> 20 bytes
3471
3472 memset(buf, 0, sizeof(buf));
3473 memset(pwd, 0, sizeof(pwd));
3474
3475 cs_debug("cccam: 'CCcam' xor");
3476 memcpy(buf, "CCcam", 5);
3477 strncpy(pwd, rdr->r_pwd, sizeof(pwd) - 1);
3478 cc_crypt(&cc->block[ENCRYPT], (uint8 *) pwd, strlen(pwd), ENCRYPT);
3479 cc_cmd_send(cl, buf, 6, MSG_NO_HEADER); // send 'CCcam' xor w/ pwd
3480
3481 if ((n = recv(handle, data, 20, MSG_WAITALL)) != 20) {
3482 cs_log("%s login failed, pwd ack not received (n = %d)", getprefix(), n);
3483 return -2;
3484 }
3485 cc_crypt(&cc->block[DECRYPT], data, 20, DECRYPT);
3486 cs_ddump(data, 20, "cccam: pwd ack received:");
3487
3488 if (memcmp(data, buf, 5)) { // check server response
3489 cs_log("%s login failed, usr/pwd invalid", getprefix());
3490 return -2;
3491 } else {
3492 cs_debug_mask(D_TRACE, "%s login succeeded", getprefix());
3493 }
3494
3495 cs_debug("cccam: last_s=%d, last_g=%d", rdr->last_s, rdr->last_g);
3496
3497 cl->pfd = cl->udp_fd;
3498 cs_debug("cccam: pfd=%d", cl->pfd);
3499
3500 if (cc_send_cli_data(cl) <= 0) {
3501 cs_log("%s login failed, could not send client data", getprefix());
3502 return -3;
3503 }
3504
3505 rdr->caid[0] = rdr->ftab.filts[0].caid;
3506 rdr->nprov = rdr->ftab.filts[0].nprids;
3507 for (n = 0; n < rdr->nprov; n++) {
3508 rdr->availkeys[n][0] = 1;
3509 rdr->prid[n][0] = rdr->ftab.filts[0].prids[n] >> 24;
3510 rdr->prid[n][1] = rdr->ftab.filts[0].prids[n] >> 16;
3511 rdr->prid[n][2] = rdr->ftab.filts[0].prids[n] >> 8;
3512 rdr->prid[n][3] = rdr->ftab.filts[0].prids[n] & 0xff;
3513 }
3514
3515 rdr->card_status = CARD_NEED_INIT;
3516 rdr->last_g = rdr->last_s = time((time_t *) 0);
3517 rdr->tcp_connected = 1;
3518 rdr->available = 1;
3519
3520 cc->just_logged_in = 1;
3521
3522 cs_debug_mask(D_FUT, "cc_cli_connect out");
3523 return 0;
3524}
3525
3526int cc_cli_init_int(struct s_client *cl) {
3527 cs_debug_mask(D_FUT, "cc_cli_init_int");
3528 struct s_reader *rdr = cl->reader;
3529 if (rdr->tcp_connected)
3530 return 1;
3531
3532 struct protoent *ptrp;
3533 int p_proto;
3534
3535 if (cl->pfd) {
3536 close(cl->pfd);
3537 if (cl->pfd == cl->udp_fd)
3538 cl->udp_fd = 0;
3539 cl->pfd = 0;
3540 }
3541
3542 if (cl->udp_fd) {
3543 close(cl->udp_fd);
3544 cl->udp_fd = 0;
3545 }
3546
3547 if (rdr->r_port <= 0) {
3548 cs_log("%s invalid port %d for server %s", rdr->label, rdr->r_port,
3549 rdr->device);
3550 return 1;
3551 }
3552 if ((ptrp = getprotobyname("tcp")))
3553 p_proto = ptrp->p_proto;
3554 else
3555 p_proto = 6;
3556
3557 // cl->ip = 0;
3558 // memset((char *) &loc_sa, 0, sizeof(loc_sa));
3559 // loc_sa.sin_family = AF_INET;
3560 //#ifdef LALL
3561 // if (cfg->serverip[0])
3562 // loc_sa.sin_addr.s_addr = inet_addr(cfg->serverip);
3563 // else
3564 //#endif
3565 // loc_sa.sin_addr.s_addr = INADDR_ANY;
3566 // loc_sa.sin_port = htons(rdr->l_port);
3567
3568
3569 if ((cl->udp_fd = socket(PF_INET, SOCK_STREAM, p_proto)) <= 0) {
3570 cs_log("%s Socket creation failed (errno=%d, socket=%d)", rdr->label,
3571 errno, cl->udp_fd);
3572 return 1;
3573 }
3574 //cs_log("%s 1 socket created: cs_idx=%d, fd=%d errno=%d", getprefix(), cs_idx, cl->udp_fd, errno);
3575
3576#ifdef SO_PRIORITY
3577 if (cfg->netprio)
3578 setsockopt(cl->udp_fd, SOL_SOCKET, SO_PRIORITY,
3579 (void *)&cfg->netprio, sizeof(ulong));
3580#endif
3581 rdr->tcp_ito = 1; //60sec...This now invokes ph_idle()
3582 if (rdr->cc_maxhop <= 0)
3583 rdr->cc_maxhop = 10;
3584
3585 memset((char *) &cl->udp_sa, 0, sizeof(cl->udp_sa));
3586 cl->udp_sa.sin_family = AF_INET;
3587 cl->udp_sa.sin_port = htons((u_short) rdr->r_port);
3588
3589 if (rdr->tcp_rto <= 2)
3590 rdr->tcp_rto = 2; // timeout to 120s
3591 cs_debug("cccam: timeout set to: %d", rdr->tcp_rto);
3592 cc_check_version(rdr->cc_version, rdr->cc_build);
3593 cs_log("proxy reader: %s (%s:%d) cccam v%s build %s, maxhop: %d",
3594 rdr->label, rdr->device, rdr->r_port, rdr->cc_version,
3595 rdr->cc_build, rdr->cc_maxhop);
3596
3597 cs_debug_mask(D_FUT, "cc_cli_init_int out");
3598 return 0;
3599}
3600
3601int cc_cli_init(struct s_client *cl) {
3602 struct cc_data *cc = cl->cc;
3603 struct s_reader *reader = cl->reader;
3604
3605 if ((cc && cc->mode == CCCAM_MODE_SHUTDOWN) || !cl->reader->enable || cl->reader->deleted)
3606 return -1;
3607
3608 int res = cc_cli_init_int(cl); //Create socket
3609
3610 if (res == 0 && reader && (reader->cc_keepalive || !cl->cc) && !reader->tcp_connected) {
3611
3612 cc_cli_connect(cl); //connect to remote server
3613
3614 while (!reader->tcp_connected && reader->cc_keepalive && cfg->reader_restart_seconds > 0) {
3615
3616 if ((cc && cc->mode == CCCAM_MODE_SHUTDOWN) || !cl->reader->enable || cl->reader->deleted)
3617 return -1;
3618
3619 if (!reader->tcp_connected) {
3620 cc_cli_close(cl, FALSE);
3621 res = cc_cli_init_int(cl);
3622 if (res)
3623 return res;
3624 }
3625 cs_log("%s restarting reader in %d seconds", reader->label, cfg->reader_restart_seconds);
3626 cs_sleepms(cfg->reader_restart_seconds*1000);
3627 cs_log("%s restarting reader...", reader->label);
3628 cc_cli_connect(cl);
3629 }
3630 }
3631 return res;
3632}
3633
3634/**
3635 * return 1 if we are able to send requests:
3636 *
3637 */
3638int cc_available(struct s_reader *rdr, int checktype) {
3639 struct s_client *cl = rdr->client;
3640
3641 //cs_debug_mask(D_TRACE, "checking reader %s availibility", rdr->label);
3642 if (!cl->cc || rdr->tcp_connected != 2 || rdr->card_status != CARD_INSERTED) {
3643 //Two cases:
3644 // 1. Keepalive ON but not connected: Do NOT send requests,
3645 // because we can't connect - problem of full running pipes
3646 // 2. Keepalive OFF but not connected: Send requests to connect
3647 // pipe won't run full, because we are reading from pipe to
3648 // get the ecm request
3649 return !rdr->cc_keepalive; //Not connected? Connect!
3650 }
3651
3652 if (checktype == AVAIL_CHECK_LOADBALANCE && !rdr->available) {
3653 cs_debug_mask(D_TRACE, "checking reader %s availibility=0 (unavail)",
3654 rdr->label);
3655 return 0; //We are processing EMMs/ECMs
3656 }
3657
3658 return 1;
3659}
3660
3661/**
3662 *
3663 *
3664 **/
3665void cc_card_info() {
3666 cs_debug_mask(D_FUT, "cc_card_info in");
3667 struct s_client *cl = cur_client();
3668 struct s_reader *rdr = cl->reader;
3669
3670 if (rdr && !rdr->tcp_connected)
3671 cc_cli_connect(cl);
3672 cs_debug_mask(D_FUT, "cc_card_info out");
3673}
3674
3675void cc_cleanup(struct s_client *cl) {
3676 cs_debug_mask(D_FUT, "cc_cleanup in");
3677 struct cc_data *cc = cl->cc;
3678 if (cc) cc->mode = CCCAM_MODE_SHUTDOWN;
3679
3680 if (cl->typ != 'c') {
3681 cc_cli_close(cl, FALSE); // we need to close open fd's
3682 }
3683 cc_free(cl);
3684 cs_debug_mask(D_FUT, "cc_cleanup out");
3685}
3686
3687void module_cccam(struct s_module *ph) {
3688 strcpy(ph->desc, "cccam");
3689 ph->type = MOD_CONN_TCP;
3690 ph->logtxt = ", crypted";
3691 ph->watchdog = 1;
3692 ph->recv = cc_recv;
3693 ph->cleanup = cc_cleanup;
3694 ph->c_multi = 1;
3695 ph->c_init = cc_cli_init;
3696 ph->c_idle = cc_idle;
3697 ph->c_recv_chk = cc_recv_chk;
3698 ph->c_send_ecm = cc_send_ecm;
3699 ph->c_send_emm = cc_send_emm;
3700 ph->s_ip = cfg->cc_srvip;
3701 ph->s_handler = cc_srv_init;
3702 ph->send_dcw = cc_send_dcw;
3703 ph->c_available = cc_available;
3704 ph->c_card_info = cc_card_info;
3705 static PTAB ptab; //since there is always only 1 cccam server running, this is threadsafe
3706 ptab.ports[0].s_port = cfg->cc_port;
3707 ph->ptab = &ptab;
3708 ph->ptab->nports = 1;
3709 ph->num = R_CCCAM;
3710
3711 //Partner Detection:
3712 init_rnd();
3713 uint16 sum = 0x1234; //This is our checksum
3714 int i;
3715 for (i = 0; i < 6; i++) {
3716 cc_node_id[i] = fast_rnd();
3717 sum += cc_node_id[i];
3718 }
3719 cc_node_id[6] = sum >> 8;
3720 cc_node_id[7] = sum & 0xff;
3721}
Note: See TracBrowser for help on using the repository browser.