Context Navigation

source: trunk/reader-cryptoworks.c@ 4149

Last change on this file since 4149 was 4141, checked in by dingo35, 13 years ago
all: simplify debug system, add D_DVBAPI = -d128, eliminate cs_ptyp which complicates stuff unnecc
File size: 21.0 KB

Line
1	#include "globals.h"
2	#include "reader-common.h"
3
4	#define CMD_LEN 5
5
6	static void RotateBytes1(unsigned char out, unsigned char in, int n)
7	{
8	// loop is executed atleast once, so it's not a good idea to
9	// call with n=0 !!
10	out+=n;
11	do { (--out)=(in++); } while(--n);
12	}
13
14	static void RotateBytes2(unsigned char *in, int n)
15	{
16	// loop is executed atleast once, so it's not a good idea to
17	// call with n=0 !!
18	unsigned char *e=in+n-1;
19	do
20	{
21	unsigned char temp=*in;
22	in++=e;
23	*e-- =temp;
24	} while(in<e);
25	}
26
27	static int Input(BIGNUM d, unsigned char in, int n, int LE)
28	{
29	if (LE)
30	{
31	unsigned char tmp[n];
32	RotateBytes1(tmp,in,n);
33	return(BN_bin2bn(tmp,n,d)!=0);
34	}
35	else
36	return(BN_bin2bn(in,n,d)!=0);
37	}
38
39	static int Output(unsigned char out, int n, BIGNUM r, int LE)
40	{
41	int s=BN_num_bytes(r);
42	if (s>n)
43	{
44	unsigned char buff[s];
45	cs_debug_mask(D_READER, "[cryptoworks-reader] rsa: RSA len %d > %d, truncating", s, n);
46	BN_bn2bin(r,buff);
47	memcpy(out,buff+s-n,n);
48	}
49	else if (s<n)
50	{
51	int l=n-s;
52	cs_debug_mask(D_READER, "[cryptoworks-reader] rsa: RSA len %d < %d, padding", s, n);
53	memset(out,0,l);
54	BN_bn2bin(r,out+l);
55	}
56	else
57	BN_bn2bin(r,out);
58	if (LE)
59	RotateBytes2(out,n);
60	return(s);
61	}
62
63	static int cw_RSA(unsigned char out, unsigned char in, int n, BIGNUM exp, BIGNUM mod, int LE)
64	{
65	int rc=0;
66	BN_CTX *ctx;
67	BIGNUM r, d;
68	ctx=BN_CTX_new();
69	r=BN_new();
70	d=BN_new();
71	if (Input(d,in,n,LE))
72	{
73	if(BN_mod_exp(r,d,exp,mod,ctx))
74	rc=Output(out,n,r,LE);
75	else
76	cs_log("[cryptoworks-reader] rsa: mod-exp failed");
77	}
78	BN_CTX_free(ctx);
79	BN_free(d);
80	BN_free(r);
81	return(rc);
82	}
83
84	static char chid_date(uchar ptr, char *buf, int l)
85	{
86	if (buf)
87	{
88	snprintf(buf, l, "%04d/%02d/%02d",
89	1990+(ptr[0]>>1), ((ptr[0]&1)<<3)\|(ptr[1]>>5), ptr[1]&0x1f);
90	}
91	return(buf);
92	}
93
94	static int select_file(struct s_reader * reader, uchar f1, uchar f2, uchar * cta_res, ushort * p_cta_lr)
95	{
96	ushort cta_lr;
97	uchar insA4[] = {0xA4, 0xA4, 0x00, 0x00, 0x02, 0x00, 0x00};
98	insA4[5]=f1;
99	insA4[6]=f2;
100	write_cmd(insA4, insA4+5); // select file
101	*p_cta_lr = cta_lr;
102	return((cta_res[0]==0x9f)&&(cta_res[1]==0x11));
103	}
104
105	static int read_record(struct s_reader * reader, uchar rec, uchar * cta_res)
106	{
107	ushort cta_lr;
108	uchar insA2[] = {0xA4, 0xA2, 0x00, 0x00, 0x01, 0x00};
109	uchar insB2[] = {0xA4, 0xB2, 0x00, 0x00, 0x00};
110
111	insA2[5]=rec;
112	write_cmd(insA2, insA2+5); // select record
113	if (cta_res[0]!=0x9f)
114	return(-1);
115	insB2[4]=cta_res[1]; // get len
116	write_cmd(insB2, NULL); // read record
117	if ((cta_res[cta_lr-2]!=0x90) \|\| (cta_res[cta_lr-1]))
118	return(-1);
119	return(cta_lr-2);
120	}
121
122	/*
123	int cryptoworks_send_pin(struct s_reader * reader)
124	{
125	unsigned char insPIN[] = { 0xA4, 0x20, 0x00, 0x00, 0x04, 0x00,0x00,0x00,0x00 }; //Verify PIN
126
127	if(reader->pincode[0] && (reader->pincode[0]&0xF0)==0x30)
128	{
129	memcpy(insPIN+5,reader->pincode,4);
130
131	write_cmd(insPIN, insPIN+5);
132	cs_ri_log (reader, "sending pincode to card");
133	if((cta_res[0]==0x98)&&(cta_res[1]==0x04)) cs_ri_log (reader, "bad pincode");
134
135	return OK;
136	}
137
138	return(0);
139	}
140	*/
141
142	static int cryptoworks_disable_pin(struct s_reader * reader)
143	{
144	def_resp;
145	unsigned char insPIN[] = { 0xA4, 0x26, 0x00, 0x00, 0x04, 0x00,0x00,0x00,0x00 }; //disable PIN
146
147	if(reader->pincode[0] && (reader->pincode[0]&0xF0)==0x30)
148	{
149	memcpy(insPIN+5,reader->pincode,4);
150
151	write_cmd(insPIN, insPIN+5);
152	cs_ri_log (reader, "disable pincode to card");
153	if((cta_res[0]==0x98)&&(cta_res[1]==0x04)) cs_ri_log (reader, "bad pincode");
154	return ERROR;
155	}
156	return OK;
157	}
158
159	static int cryptoworks_card_init(struct s_reader * reader, ATR newatr)
160	{
161	get_atr;
162	def_resp;
163	int i;
164	unsigned int mfid=0x3F20;
165	static const uchar cwexp[] = { 1, 0 , 1};
166	uchar insA4C[]= {0xA4, 0xC0, 0x00, 0x00, 0x11};
167	uchar insB8[] = {0xA4, 0xB8, 0x00, 0x00, 0x0c};
168	uchar issuerid=0;
169	char issuer[20]={0};
170	char unknown="unknown", pin=unknown, ptxt[CS_MAXPROV<<2]={0};
171
172	if ((atr[6]!=0xC4) \|\| (atr[9]!=0x8F) \|\| (atr[10]!=0xF1)) return ERROR;
173
174	cs_log("[cryptoworks-reader] card detected");
175	cs_log("[cryptoworks-reader] type: CryptoWorks");
176
177	reader->caid[0]=0xD00;
178	reader->nprov=0;
179	reader->ucpk_valid = 0;
180	memset(reader->prid, 0, sizeof(reader->prid));
181
182	write_cmd(insA4C, NULL); // read masterfile-ID
183	if ((cta_res[0]==0xDF) && (cta_res[1]>=6))
184	mfid=(cta_res[6]<<8)\|cta_res[7];
185
186	select_file(reader, 0x3f, 0x20, cta_res, &cta_lr);
187	insB8[2]=insB8[3]=0; // first
188	for(cta_res[0]=0xdf; cta_res[0]==0xdf;)
189	{
190	write_cmd(insB8, NULL); // read provider id's
191	if (cta_res[0]!=0xdf) break;
192	if (((cta_res[4]&0x1f)==0x1f) && (reader->nprov<CS_MAXPROV))
193	{
194	sprintf(ptxt+strlen(ptxt), ",%02X", cta_res[5]);
195	reader->prid[reader->nprov++][3]=cta_res[5];
196	}
197	insB8[2]=insB8[3]=0xff; // next
198	}
199	for (i=reader->nprov; i<CS_MAXPROV; i++)
200	memset(&reader->prid[i][0], 0xff, 4);
201
202	select_file(reader, 0x2f, 0x01, cta_res, &cta_lr); // read caid
203	if (read_record(reader, 0xD1, cta_res)>=4)
204	reader->caid[0]=(cta_res[2]<<8)\|cta_res[3];
205
206	if (read_record(reader, 0x80, cta_res)>=7) // read serial
207	memcpy(reader->hexserial, cta_res+2, 5);
208	cs_ri_log (reader, "type: CryptoWorks, caid: %04X, ascii serial: %llu, hex serial: %s",
209	reader->caid[0], b2ll(5, reader->hexserial),cs_hexdump(0, reader->hexserial, 5));
210
211	if (read_record(reader, 0x9E, cta_res)>=66) // read ISK
212	{
213	uchar keybuf[256];
214	BIGNUM *ipk;
215	if (search_boxkey(reader->caid[0], (char *)keybuf))
216	{
217	ipk=BN_new();
218	BN_bin2bn(cwexp, sizeof(cwexp), &reader->exp);
219	BN_bin2bn(keybuf, 64, ipk);
220	cw_RSA(cta_res+2, cta_res+2, 0x40, &reader->exp, ipk, 0);
221	BN_free(ipk);
222	reader->ucpk_valid =(cta_res[2]==((mfid & 0xFF)>>1));
223	if (reader->ucpk_valid)
224	{
225	cta_res[2]\|=0x80;
226	BN_bin2bn(cta_res+2, 0x40, &reader->ucpk);
227	cs_ddump_mask(D_READER, cta_res+2, 0x40, "IPK available -> session-key:");
228	}
229	else
230	{
231	reader->ucpk_valid =(keybuf[0]==(((mfid & 0xFF)>>1)\|0x80));
232	if (reader->ucpk_valid)
233	{
234	BN_bin2bn(keybuf, 0x40, &reader->ucpk);
235	cs_ddump_mask(D_READER, keybuf, 0x40, "session-key found:");
236	}
237	else
238	cs_log("[cryptoworks-reader] invalid IPK or session-key for CAID %04X !", reader->caid[0]);
239	}
240	}
241	}
242	if (read_record(reader, 0x9F, cta_res)>=3)
243	issuerid=cta_res[2];
244	if (read_record(reader, 0xC0, cta_res)>=16)
245	{
246	cs_strncpy(issuer, (const char *)cta_res+2, sizeof(issuer));
247	trim(issuer);
248	}
249	else
250	strcpy(issuer, unknown);
251
252	select_file(reader, 0x3f, 0x20, cta_res, &cta_lr);
253	select_file(reader, 0x2f, 0x11, cta_res, &cta_lr); // read pin
254	if (read_record(reader, atr[8], cta_res)>=7)
255	{
256	cta_res[6]=0;
257	pin=(char *)cta_res+2;
258	}
259	cs_ri_log (reader, "issuer: %s, id: %02X, bios: v%d, pin: %s, mfid: %04X", issuer, issuerid, atr[7], pin, mfid);
260	cs_ri_log (reader, "providers: %d (%s)", reader->nprov, ptxt+1);
261
262	cryptoworks_disable_pin(reader);
263
264	return OK;
265	}
266
267	static int cryptoworks_do_ecm(struct s_reader * reader, ECM_REQUEST *er)
268	{
269	def_resp;
270	int r=0;
271	unsigned char ins4C[] = { 0xA4,0x4C,0x00,0x00,0x00 };
272	unsigned char insC0[] = { 0xA4,0xC0,0x00,0x00,0x1C };
273	unsigned char nanoD4[10];
274	int secLen=check_sct_len(er->ecm,-5+(reader->ucpk_valid ? sizeof(nanoD4):0));
275
276	if(secLen>5)
277	{
278	int i;
279	uchar *ecm=er->ecm;
280	uchar buff[MAX_LEN];
281
282	if(reader->ucpk_valid)
283	{
284	memcpy(buff,er->ecm,secLen);
285	nanoD4[0]=0xD4;
286	nanoD4[1]=0x08;
287	for (i=2; i<(int)sizeof(nanoD4); i++)
288	nanoD4[i]=rand();
289	memcpy(&buff[secLen], nanoD4, sizeof(nanoD4));
290	ecm=buff;
291	secLen+=sizeof(nanoD4);
292	}
293
294	ins4C[3]=reader->ucpk_valid ? 2 : 0;
295	ins4C[4]=secLen-5;
296	write_cmd(ins4C, ecm+5);
297	if (cta_res[cta_lr-2]==0x9f)
298	{
299	insC0[4]=cta_res[cta_lr-1];
300	write_cmd(insC0, NULL);
301	for(i=0; i<secLen && r<2; )
302	{
303	int n=cta_res[i+1];
304	switch(cta_res[i])
305	{
306	case 0x80:
307	cs_debug_mask(D_READER, "[cryptoworks-reader] nano 80 (serial)");
308	break;
309	case 0xD4:
310	cs_debug_mask(D_READER, "[cryptoworks-reader] nano D4 (rand)");
311	if(n<8 \|\| memcmp(&cta_res[i],nanoD4,sizeof(nanoD4))){
312	cs_debug_mask(D_READER, "[cryptoworks-reader] random data check failed after decrypt");
313	}
314	break;
315	case 0xDB: // CW
316	cs_debug_mask(D_READER, "[cryptoworks-reader] nano DB (cw)");
317	if(n==0x10)
318	{
319	memcpy(er->cw, &cta_res[i+2], 16);
320	r\|=1;
321	}
322	break;
323	case 0xDF: // signature
324	cs_debug_mask(D_READER, "[cryptoworks-reader] nano DF %02x (sig)", n);
325	if (n==0x08)
326	{
327	if((cta_res[i+2]&0x50)==0x50 && !(cta_res[i+3]&0x01) && (cta_res[i+5]&0x80))
328	r\|=2;
329	}
330	else if (n==0x40) // camcrypt
331	{
332	if(reader->ucpk_valid)
333	{
334	cw_RSA(&cta_res[i+2],&cta_res[i+2], n, &reader->exp, &reader->ucpk, 0);
335	cs_debug_mask(D_READER, "[cryptoworks-reader] after camcrypt ");
336	r=0; secLen=n-4; n=4;
337	}
338	else
339	{
340	cs_log("[cryptoworks-reader] valid UCPK needed for camcrypt!");
341	return ERROR;
342	}
343	}
344	break;
345	default:
346	cs_debug_mask(D_READER, "[cryptoworks-reader] nano %02x (unhandled)",cta_res[i]);
347	break;
348	}
349	i+=n+2;
350	}
351	}
352
353	/*
354	#ifdef LALL
355	if ((cta_res[cta_lr-2]==0x9f)&&(cta_res[cta_lr-1]==0x1c))
356	{
357	write_cmd(insC0, NULL);
358	if ((cta_lr>26)&&(cta_res[cta_lr-2]==0x90)&&(cta_res[cta_lr-1]==0))
359	{
360	if (rc=(((cta_res[20]&0x50)==0x50) &&
361	(!(cta_res[21]&0x01)) &&
362	(cta_res[23]&0x80)))
363	memcpy(er->cw, cta_res+2, 16);
364	}
365	}
366	#endif
367	*/
368	}
369	//return(rc ? 1 : 0);
370	return((r==3) ? 1 : 0);
371	}
372
373	static unsigned long cryptoworks_get_emm_provid(unsigned char *buffer, int len);
374
375	static int cryptoworks_get_emm_type(EMM_PACKET ep, struct s_reader rdr)
376	{
377	char dumprdrserial[18];
378
379	cs_debug_mask(D_EMM, "Entered cryptoworks_get_emm_type ep->emm[0]=%02x",ep->emm[0]);
380	switch (ep->emm[0]) {
381	case 0x82:
382	if(ep->emm[3]==0xA9 && ep->emm[4]==0xFF && ep->emm[13]==0x80 && ep->emm[14]==0x05) {
383	ep->type = UNIQUE;
384	memset(ep->hexserial, 0, 8);
385	memcpy(ep->hexserial, ep->emm + 5, 5);
386	strcpy(dumprdrserial, cs_hexdump(1, rdr->hexserial, 5));
387	memcpy(ep->provid, i2b(4, cryptoworks_get_emm_provid(ep->emm+12, ep->l-12)), 4);
388	cs_debug_mask(D_EMM, "CRYPTOWORKS EMM: UNIQUE, ep = %s rdr = %s",
389	cs_hexdump(1, ep->hexserial, 5), dumprdrserial);
390	return (!memcmp(ep->emm + 5, rdr->hexserial, 5)); // check for serial
391	}
392	break;
393	case 0x84:
394	if(ep->emm[3]==0xA9 && ep->emm[4]==0xFF && ep->emm[12]==0x80 && ep->emm[13]==0x04) {
395	ep->type = SHARED;
396	memset(ep->hexserial, 0, 8);
397	memcpy(ep->hexserial, ep->emm + 5, 4);
398	strcpy(dumprdrserial, cs_hexdump(1, rdr->hexserial, 4));
399	memcpy(ep->provid, i2b(4, cryptoworks_get_emm_provid(ep->emm+12, ep->l-12)), 4);
400	cs_debug_mask(D_EMM, "CRYPTOWORKS EMM: SHARED, ep = %s rdr = %s",
401	cs_hexdump(1, ep->hexserial, 4), dumprdrserial);
402	return (!memcmp(ep->emm + 5, rdr->hexserial, 4)); // check for SA
403	}
404	break;
405	case 0x86:
406	if(ep->emm[3]==0xA9 && ep->emm[4]==0xFF && ep->emm[5]==0x83
407	&& ep->emm[6]==0x01 && ep->emm[8]==0x85) {
408	cs_debug_mask(D_EMM, "CRYPTOWORKS EMM: GLOBAL");
409	ep->type = GLOBAL;
410	memcpy(ep->provid, i2b(4, cryptoworks_get_emm_provid(ep->emm+8, ep->l-8)), 4);
411	return TRUE;
412	}
413	break;
414	case 0x88:
415	case 0x89:
416	if(ep->emm[3]==0xA9 && ep->emm[4]==0xFF && ep->emm[8]==0x83 && ep->emm[9]==0x01) {
417	cs_debug_mask(D_EMM, "CRYPTOWORKS EMM: GLOBAL");
418	ep->type = GLOBAL;
419	memcpy(ep->provid, i2b(4, cryptoworks_get_emm_provid(ep->emm+8, ep->l-8)), 4);
420	return TRUE;
421	}
422	break;
423	case 0x8F:
424	ep->type = UNKNOWN;
425	cs_debug_mask(D_EMM, "CRYPTOWORKS EMM: 0x8F via camd3");
426
427	switch(ep->emm[4]) {
428	case 0x44:
429	memcpy(ep->provid, i2b(4, cryptoworks_get_emm_provid(ep->emm+8, ep->l-8)), 4);
430	ep->type = GLOBAL; break;
431	case 0x48:
432	memcpy(ep->provid, i2b(4, cryptoworks_get_emm_provid(ep->emm+12, ep->l-12)), 4);
433	ep->type = SHARED; break;
434	case 0x42:
435	memcpy(ep->provid, i2b(4, cryptoworks_get_emm_provid(ep->emm+12, ep->l-12)), 4);
436	ep->type = UNIQUE; break;
437	}
438	return TRUE;
439
440	/* FIXME: Seems to be that all other EMM types are rejected by the card */
441	default:
442	ep->type = UNKNOWN;
443	cs_debug_mask(D_EMM, "CRYPTOWORKS EMM: UNKNOWN");
444	return FALSE; // skip emm
445	}
446
447	cs_debug_mask(D_EMM, "CRYPTOWORKS EMM: invaild");
448	return FALSE;
449	}
450
451	static void cryptoworks_get_emm_filter(struct s_reader * rdr, uchar *filter)
452	{
453	filter[0]=0xFF;
454	filter[1]=4;
455
456	filter[2]=GLOBAL;
457	filter[3]=0;
458
459	filter[4+0] = 0x88;
460	filter[4+0+16] = 0xFE;
461	filter[4+1] = 0xA9;
462	filter[4+1+16] = 0xFF;
463	filter[4+2] = 0xFF;
464	filter[4+2+16] = 0xFF;
465
466
467	filter[36]=SHARED;
468	filter[37]=0;
469
470	filter[38+0] = 0x84;
471	filter[38+0+16] = 0xFF;
472	filter[38+1] = 0xA9;
473	filter[38+1+16] = 0xFF;
474	filter[38+2] = 0xFF;
475	filter[38+2+16] = 0xFF;
476	memcpy(filter+38+3, rdr->hexserial, 4);
477	memset(filter+38+3+16, 0xFF, 4);
478
479
480	filter[70]=UNIQUE;
481	filter[71]=0;
482
483	filter[72+0] = 0x82;
484	filter[72+0+16] = 0xFF;
485	filter[72+1] = 0xA9;
486	filter[72+1+16] = 0xFF;
487	filter[72+2] = 0xFF;
488	filter[72+2+16] = 0xFF;
489	memcpy(filter+72+3, rdr->hexserial, 5);
490	memset(filter+72+3+16, 0xFF, 5);
491
492
493	filter[104]=GLOBAL;
494	filter[105]=0;
495
496	filter[106+0] = 0x86;
497	filter[106+16] = 0xFF;
498	filter[106+1] = 0xA9;
499	filter[106+1+16] = 0xFF;
500	filter[106+2] = 0xFF;
501	filter[106+2+16] = 0xFF;
502
503	return;
504	}
505
506	static int cryptoworks_do_emm(struct s_reader * reader, EMM_PACKET *ep)
507	{
508	def_resp;
509	uchar insEMM_GA[] = {0xA4, 0x44, 0x00, 0x00, 0x00};
510	uchar insEMM_SA[] = {0xA4, 0x48, 0x00, 0x00, 0x00};
511	uchar insEMM_UA[] = {0xA4, 0x42, 0x00, 0x00, 0x00};
512	int rc=0;
513	uchar *emm=ep->emm;
514
515	if(emm[0]==0x8f && emm[3]==0xA4) {
516	//camd3 emm
517	write_cmd(emm+3, emm+3+CMD_LEN);
518	rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
519	return(rc);
520	}
521
522
523	switch(ep->type)
524	{
525	//GA
526	case GLOBAL:
527	insEMM_GA[4]=ep->emm[2]-2;
528	if(emm[7]==insEMM_GA[4]-3)
529	{
530	write_cmd(insEMM_GA, emm+5);
531	rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
532	}
533	break;
534
535	//SA
536	case SHARED:
537	insEMM_SA[4]=ep->emm[2]-6;
538	//if(emm[11]==insEMM_SA[4]-3)
539	//{
540	write_cmd(insEMM_SA, emm+9);
541	rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
542	//}
543	break;
544
545	//UA
546	case UNIQUE:
547	insEMM_UA[4]=ep->emm[2]-7;
548	if(emm[12]==insEMM_UA[4]-3)
549	{
550	//cryptoworks_send_pin(); //?? may be
551	write_cmd(insEMM_UA, emm+10);
552	rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
553	}
554	break;
555	}
556
557	return(rc);
558	}
559
560	static int cryptoworks_card_info(struct s_reader * reader)
561	{
562	def_resp;
563	int i;
564	uchar insA21[]= {0xA4, 0xA2, 0x01, 0x00, 0x05, 0x8C, 0x00, 0x00, 0x00, 0x00};
565	uchar insB2[] = {0xA4, 0xB2, 0x00, 0x00, 0x00};
566	char l_name[20+8]=", name: ";
567
568	for (i=0; i<reader->nprov; i++)
569	{
570	l_name[8]=0;
571	select_file(reader, 0x1f, reader->prid[i][3], cta_res, &cta_lr); // select provider
572	select_file(reader, 0x0e, 0x11, cta_res, &cta_lr); // read provider name
573	if (read_record(reader, 0xD6, cta_res)>=16)
574	{
575	cs_strncpy(l_name+8, (const char *)cta_res+2, sizeof(l_name)-9);
576	l_name[sizeof(l_name)-1]=0;
577	trim(l_name+8);
578	}
579	l_name[0]=(l_name[8]) ? ',' : 0;
580	cs_ri_log (reader, "provider: %d, id: %02X%s", i+1, reader->prid[i][3], l_name);
581	select_file(reader, 0x0f, 0x20, cta_res, &cta_lr); // select provider class
582	write_cmd(insA21, insA21+5);
583	if (cta_res[0]==0x9f)
584	{
585	insB2[4]=cta_res[1];
586	for(insB2[3]=0; (cta_res[0]!=0x94)\|\|(cta_res[1]!=0x2); insB2[3]=1)
587	{
588	write_cmd(insB2, NULL); // read chid
589	if (cta_res[0]!=0x94)
590	{
591	char ds[16], de[16];
592	chid_date(cta_res+28, ds, sizeof(ds)-1);
593	chid_date(cta_res+30, de, sizeof(de)-1);
594	cs_ri_log (reader, "chid: %02X%02X, date: %s - %s, name: %s",
595	cta_res[6], cta_res[7], ds, de, trim((char *) cta_res+10));
596	}
597	}
598	}
599
600	select_file(reader, 0x0f, 0x00, cta_res, &cta_lr); // select provider channel
601	write_cmd(insA21, insA21+5);
602	if (cta_res[0]==0x9f)
603	{
604	insB2[4]=cta_res[1];
605	for(insB2[3]=0; (cta_res[0]!=0x94)\|\|(cta_res[1]!=0x2); insB2[3]=1)
606	{
607	write_cmd(insB2, NULL); // read chid
608	if (cta_res[0]!=0x94)
609	{
610	char ds[16], de[16];
611	chid_date(cta_res+28, ds, sizeof(ds)-1);
612	chid_date(cta_res+30, de, sizeof(de)-1);
613	cta_res[27]=0;
614	cs_ri_log (reader, "chid: %02X%02X, date: %s - %s, name: %s",
615	cta_res[6], cta_res[7], ds, de, trim((char *)cta_res+10));
616	}
617	}
618	}
619	}
620	cs_log("[cryptoworks-reader] ready for requests");
621	return OK;
622	}
623
624	static unsigned long cryptoworks_get_emm_provid(unsigned char *buffer, int len)
625	{
626	unsigned long provid=0;
627	int i=0;
628
629	for(i=0; i<len;) {
630	switch (buffer[i]) {
631	case 0x83:
632	provid=buffer[i+2] & 0xfc;
633	return provid;
634	break;
635	default:
636	i+=buffer[i+1]+2;
637	break;
638	}
639
640	}
641	return provid;
642	}
643
644	#ifdef HAVE_DVBAPI
645	static void dvbapi_sort_nanos(unsigned char dest, const unsigned char src, int len)
646	{
647	int w=0, c=-1, j=0;
648	while(1) {
649	int n=0x100;
650	for(j=0; j<len;) {
651	int l=src[j+1]+2;
652	if(src[j]==c) {
653	if(w+l>len) {
654	cs_debug_mask(D_READER, "sortnanos: sanity check failed. Exceeding memory area. Probably corrupted nanos!");
655	memset(dest,0,len); // zero out everything
656	return;
657	}
658	memcpy(&dest[w],&src[j],l);
659	w+=l;
660	}
661	else if(src[j]>c && src[j]<n)
662	n=src[j];
663	j+=l;
664	}
665	if(n==0x100) break;
666	c=n;
667	}
668	}
669
670	int cryptoworks_reassemble_emm(uchar buffer, uint len) {
671	static uchar emm_global[512];
672	static int emm_global_len = 0;
673	int emm_len = 0;
674
675	// Cryptoworks
676	// Cryptoworks EMM-S have to be assembled by the client from an EMM-SH with table
677	// id 0x84 and a corresponding EMM-SB (body) with table id 0x86. A pseudo EMM-S
678	// with table id 0x84 has to be build containing all nano commands from both the
679	// original EMM-SH and EMM-SB in ascending order.
680	//
681	if (*len>500) return 0;
682
683	switch (buffer[0]) {
684	case 0x82 : // emm-u
685	cs_debug_mask(D_READER, "cryptoworks unique emm (EMM-U): %s" , cs_hexdump(1, buffer, *len));
686	break;
687
688	case 0x84: // emm-sh
689	cs_debug_mask(D_READER, "cryptoworks shared emm (EMM-SH): %s" , cs_hexdump(1, buffer, *len));
690	if (!memcmp(emm_global, buffer, *len)) return 0;
691	memcpy(emm_global, buffer, *len);
692	emm_global_len=*len;
693	return 0;
694
695	case 0x86: // emm-sb
696	cs_debug_mask(D_READER, "cryptoworks shared emm (EMM-SB): %s" , cs_hexdump(1, buffer, *len));
697	if (!emm_global_len) return 0;
698
699	// we keep the first 12 bytes of the 0x84 emm (EMM-SH)
700	// now we need to append the payload of the 0x86 emm (EMM-SB)
701	// starting after the header (&buffer[5])
702	// then the rest of the payload from EMM-SH
703	// so we should have :
704	// EMM-SH[0:12] + EMM-SB[5:len_EMM-SB] + EMM-SH[12:EMM-SH_len]
705	// then sort the nano in ascending order
706	// update the emm len (emmBuf[1:2])
707	//
708
709	emm_len=*len-5 + emm_global_len-12;
710	unsigned char *tmp=malloc(emm_len);
711	unsigned char *assembled_EMM=malloc(emm_len+12);
712	memcpy(tmp,&buffer[5], *len-5);
713	memcpy(tmp+*len-5,&emm_global[12],emm_global_len-12);
714	memcpy(assembled_EMM,emm_global,12);
715	dvbapi_sort_nanos(assembled_EMM+12,tmp,emm_len);
716
717	assembled_EMM[1]=((emm_len+9)>>8) \| 0x70;
718	assembled_EMM[2]=(emm_len+9) & 0xFF;
719	//copy back the assembled emm in the working buffer
720	memcpy(buffer, assembled_EMM, emm_len+12);
721	*len=emm_len+12;
722
723	free(tmp);
724	free(assembled_EMM);
725
726	emm_global_len=0;
727
728	cs_debug_mask(D_READER, "cryptoworks shared emm (assembled): %s" , cs_hexdump(1, buffer, emm_len+12));
729	if(assembled_EMM[11]!=emm_len) { // sanity check
730	// error in emm assembly
731	cs_debug_mask(D_READER, "Error assembling Cryptoworks EMM-S");
732	return 0;
733	}
734	break;
735
736	case 0x88: // emm-g
737	case 0x89: // emm-g
738	cs_debug_mask(D_READER, "cryptoworks global emm (EMM-G): %s" , cs_hexdump(1, buffer, *len));
739	break;
740	}
741	return 1;
742	}
743	#endif
744
745	void reader_cryptoworks(struct s_cardsystem *ph)
746	{
747	ph->do_emm=cryptoworks_do_emm;
748	ph->do_ecm=cryptoworks_do_ecm;
749	ph->card_info=cryptoworks_card_info;
750	ph->card_init=cryptoworks_card_init;
751	ph->get_emm_type=cryptoworks_get_emm_type;
752	ph->get_emm_filter=cryptoworks_get_emm_filter;
753	ph->caids[0]=0x0D;
754	ph->desc="cryptoworks";
755	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: