source: trunk/reader-cryptoworks.c@ 8293

Last change on this file since 8293 was 8293, checked in by gf, 9 years ago

Add get_config_filename() function.

Use this function when we need to create full path to file that
should be in the config directory.

  • Property svn:eol-style set to LF
File size: 22.5 KB
Line 
1#include "globals.h"
2#ifdef READER_CRYPTOWORKS
3#include "oscam-config.h"
4#include "reader-common.h"
5
6#define CMD_LEN 5
7
8static const char *cs_cert = "oscam.cert";
9
10static int search_boxkey(uint16_t caid, char *key)
11{
12 int i, rc = 0;
13 FILE *fp;
14 char c_caid[512];
15
16 fp = fopen(get_config_filename(c_caid, sizeof(c_caid), cs_cert), "r");
17 if (fp) {
18 for (; (!rc) && fgets(c_caid, sizeof(c_caid), fp);) {
19 char *c_provid, *c_key;
20
21 c_provid = strchr(c_caid, '#');
22 if (c_provid)
23 *c_provid = '\0';
24 if (!(c_provid = strchr(c_caid, ':')))
25 continue;
26 *c_provid++ ='\0';
27 if (!(c_key = strchr(c_provid, ':')))
28 continue;
29 *c_key++ ='\0';
30 if (word_atob(trim(c_caid))!=caid)
31 continue;
32 if ((i=(strlen(trim(c_key))>>1)) > 256)
33 continue;
34 if (cs_atob((uchar *)key, c_key, i) < 0) {
35 cs_log("wrong key in \"%s\"", cs_cert);
36 continue;
37 }
38 rc = 1;
39 }
40 fclose(fp);
41 }
42 return rc;
43}
44
45static void RotateBytes1(unsigned char *out, unsigned char *in, int32_t n)
46{
47 // loop is executed atleast once, so it's not a good idea to
48 // call with n=0 !!
49 out+=n;
50 do { *(--out)=*(in++); } while(--n);
51}
52
53static void RotateBytes2(unsigned char *in, int32_t n)
54{
55 // loop is executed atleast once, so it's not a good idea to
56 // call with n=0 !!
57 unsigned char *e=in+n-1;
58 do
59 {
60 unsigned char temp=*in;
61 *in++=*e;
62 *e-- =temp;
63 } while(in<e);
64}
65
66static int32_t Input(BIGNUM *d, unsigned char *in, int32_t n, int32_t LE)
67{
68 if (LE)
69 {
70 unsigned char tmp[n];
71 RotateBytes1(tmp,in,n);
72 return(BN_bin2bn(tmp,n,d)!=0);
73 }
74 else
75 return(BN_bin2bn(in,n,d)!=0);
76}
77
78static int32_t Output(struct s_reader * reader, unsigned char *out, int32_t n, BIGNUM *r, int32_t LE)
79{
80 int32_t s=BN_num_bytes(r);
81 if (s>n)
82 {
83 unsigned char buff[s];
84 rdr_debug_mask(reader, D_READER, "rsa: RSA len %d > %d, truncating", s, n);
85 BN_bn2bin(r,buff);
86 memcpy(out,buff+s-n,n);
87 }
88 else if (s<n)
89 {
90 int32_t l=n-s;
91 rdr_debug_mask(reader, D_READER, "rsa: RSA len %d < %d, padding", s, n);
92 memset(out,0,l);
93 BN_bn2bin(r,out+l);
94 }
95 else
96 BN_bn2bin(r,out);
97 if (LE)
98 RotateBytes2(out,n);
99 return(s);
100}
101
102static int32_t cw_RSA(struct s_reader * reader, unsigned char *out, unsigned char *in, int32_t n, BIGNUM *exp, BIGNUM *mod, int32_t LE)
103{
104 int32_t rc=0;
105 BN_CTX *ctx;
106 BIGNUM *r, *d;
107 ctx=BN_CTX_new();
108 r=BN_new();
109 d=BN_new();
110 if (Input(d,in,n,LE))
111 {
112 if(BN_mod_exp(r,d,exp,mod,ctx))
113 rc=Output(reader, out,n,r,LE);
114 else
115 rdr_log(reader, "rsa: mod-exp failed");
116 }
117 BN_CTX_free(ctx);
118 BN_free(d);
119 BN_free(r);
120 return(rc);
121}
122
123static time_t chid_date(uchar *ptr, char *buf, int32_t l)
124{
125 time_t rc = 0;
126 struct tm timeinfo;
127 memset(&timeinfo, 0, sizeof(struct tm));
128 if (buf) {
129 timeinfo.tm_year = 90 + (ptr[0]>>1);
130 timeinfo.tm_mon = (((ptr[0]&1)<<3)|(ptr[1]>>5)) - 1;
131 timeinfo.tm_mday = ptr[1]&0x1f;
132 rc = mktime(&timeinfo);
133 strftime(buf, l, "%Y/%m/%d", &timeinfo);
134 }
135 return(rc);
136}
137
138
139static int32_t select_file(struct s_reader * reader, uchar f1, uchar f2, uchar * cta_res, uint16_t * p_cta_lr)
140{
141 uint16_t cta_lr;
142 uchar insA4[] = {0xA4, 0xA4, 0x00, 0x00, 0x02, 0x00, 0x00};
143 insA4[5]=f1;
144 insA4[6]=f2;
145 write_cmd(insA4, insA4+5); // select file
146 *p_cta_lr = cta_lr;
147 return((cta_res[0]==0x9f)&&(cta_res[1]==0x11));
148}
149
150static int32_t read_record(struct s_reader * reader, uchar rec, uchar * cta_res)
151{
152 uint16_t cta_lr;
153 uchar insA2[] = {0xA4, 0xA2, 0x00, 0x00, 0x01, 0x00};
154 uchar insB2[] = {0xA4, 0xB2, 0x00, 0x00, 0x00};
155
156 insA2[5]=rec;
157 write_cmd(insA2, insA2+5); // select record
158 if (cta_res[0]!=0x9f)
159 return(-1);
160 insB2[4]=cta_res[1]; // get len
161 write_cmd(insB2, NULL); // read record
162 if ((cta_res[cta_lr-2]!=0x90) || (cta_res[cta_lr-1]))
163 return(-1);
164 return(cta_lr-2);
165}
166
167/*
168int32_t cryptoworks_send_pin(struct s_reader * reader)
169{
170 unsigned char insPIN[] = { 0xA4, 0x20, 0x00, 0x00, 0x04, 0x00,0x00,0x00,0x00 }; //Verify PIN
171
172 if(reader->pincode[0] && (reader->pincode[0]&0xF0)==0x30)
173 {
174 memcpy(insPIN+5,reader->pincode,4);
175
176 write_cmd(insPIN, insPIN+5);
177 rdr_debug_mask(reader, D_READER, "Sent pincode to card.");
178 if((cta_res[0]==0x98)&&(cta_res[1]==0x04)) rdr_log(reader, "bad pincode");
179
180 return OK;
181 }
182
183 return(0);
184}
185*/
186
187static int32_t cryptoworks_disable_pin(struct s_reader * reader)
188{
189 def_resp;
190 unsigned char insPIN[] = { 0xA4, 0x26, 0x00, 0x00, 0x04, 0x00,0x00,0x00,0x00 }; //disable PIN
191
192 if(reader->pincode[0] && (reader->pincode[0]&0xF0)==0x30)
193 {
194 memcpy(insPIN+5,reader->pincode,4);
195
196 write_cmd(insPIN, insPIN+5);
197 rdr_log (reader, "disable pincode to card");
198 if((cta_res[0]==0x98)&&(cta_res[1]==0x04)) rdr_log (reader, "bad pincode");
199 return ERROR;
200 }
201 return OK;
202}
203
204static int32_t cryptoworks_card_init(struct s_reader * reader, ATR *newatr)
205{
206 get_atr;
207 def_resp;
208 int32_t i;
209 uint32_t mfid=0x3F20;
210 static const uchar cwexp[] = { 1, 0 , 1};
211 uchar insA4C[]= {0xA4, 0xC0, 0x00, 0x00, 0x11};
212 uchar insB8[] = {0xA4, 0xB8, 0x00, 0x00, 0x0c};
213 uchar issuerid=0;
214 char issuer[20]={0}, tmp[11];
215 char *unknown="unknown", *pin=unknown, ptxt[CS_MAXPROV<<2]={0};
216
217 if ((atr[6]!=0xC4) || (atr[9]!=0x8F) || (atr[10]!=0xF1)) return ERROR;
218
219 rdr_log(reader, "card detected");
220 rdr_log(reader, "type: CryptoWorks");
221
222 reader->caid=0xD00;
223 reader->nprov=0;
224 reader->ucpk_valid = 0;
225 memset(reader->prid, 0, sizeof(reader->prid));
226
227 write_cmd(insA4C, NULL); // read masterfile-ID
228 if ((cta_res[0]==0xDF) && (cta_res[1]>=6))
229 mfid=(cta_res[6]<<8)|cta_res[7];
230
231 select_file(reader, 0x3f, 0x20, cta_res, &cta_lr);
232 insB8[2]=insB8[3]=0; // first
233 for(cta_res[0]=0xdf; cta_res[0]==0xdf;)
234 {
235 write_cmd(insB8, NULL); // read provider id's
236 if (cta_res[0]!=0xdf) break;
237 if (((cta_res[4]&0x1f)==0x1f) && (reader->nprov<CS_MAXPROV))
238 {
239 snprintf(ptxt+strlen(ptxt), sizeof(ptxt)-strlen(ptxt), ",%02X", cta_res[5]);
240 reader->prid[reader->nprov++][3]=cta_res[5];
241 }
242 insB8[2]=insB8[3]=0xff; // next
243 }
244 for (i=reader->nprov; i<CS_MAXPROV; i++)
245 memset(&reader->prid[i][0], 0xff, 4);
246
247 select_file(reader, 0x2f, 0x01, cta_res, &cta_lr); // read caid
248 if (read_record(reader, 0xD1, cta_res)>=4)
249 reader->caid=(cta_res[2]<<8)|cta_res[3];
250
251 if (read_record(reader, 0x80, cta_res)>=7) // read serial
252 memcpy(reader->hexserial, cta_res+2, 5);
253 rdr_log_sensitive(reader, "type: CryptoWorks, caid: %04X, ascii serial: {%llu}, hex serial: {%s}",
254 reader->caid, (unsigned long long) b2ll(5, reader->hexserial),cs_hexdump(0, reader->hexserial, 5, tmp, sizeof(tmp)));
255
256 if (read_record(reader, 0x9E, cta_res)>=66) // read ISK
257 {
258 uchar keybuf[256];
259 BIGNUM *ipk;
260 if (search_boxkey(reader->caid, (char *)keybuf))
261 {
262 ipk=BN_new();
263 BN_bin2bn(cwexp, sizeof(cwexp), &reader->exp);
264 BN_bin2bn(keybuf, 64, ipk);
265 cw_RSA(reader, cta_res+2, cta_res+2, 0x40, &reader->exp, ipk, 0);
266 BN_free(ipk);
267 reader->ucpk_valid =(cta_res[2]==((mfid & 0xFF)>>1));
268 if (reader->ucpk_valid)
269 {
270 cta_res[2]|=0x80;
271 BN_bin2bn(cta_res+2, 0x40, &reader->ucpk);
272 rdr_ddump_mask(reader, D_READER, cta_res+2, 0x40, "IPK available -> session-key:");
273 }
274 else
275 {
276 reader->ucpk_valid =(keybuf[0]==(((mfid & 0xFF)>>1)|0x80));
277 if (reader->ucpk_valid)
278 {
279 BN_bin2bn(keybuf, 0x40, &reader->ucpk);
280 rdr_ddump_mask(reader, D_READER, keybuf, 0x40, "session-key found:");
281 }
282 else
283 rdr_log(reader, "invalid IPK or session-key for CAID %04X !", reader->caid);
284 }
285 }
286 }
287 if (read_record(reader, 0x9F, cta_res)>=3)
288 issuerid=cta_res[2];
289 if (read_record(reader, 0xC0, cta_res)>=16)
290 {
291 cs_strncpy(issuer, (const char *)cta_res+2, sizeof(issuer));
292 trim(issuer);
293 }
294 else
295 cs_strncpy(issuer, unknown, sizeof(issuer));
296
297 select_file(reader, 0x3f, 0x20, cta_res, &cta_lr);
298 select_file(reader, 0x2f, 0x11, cta_res, &cta_lr); // read pin
299 if (read_record(reader, atr[8], cta_res)>=7)
300 {
301 cta_res[6]=0;
302 pin=(char *)cta_res+2;
303 }
304 rdr_log (reader, "issuer: %s, id: %02X, bios: v%d, pin: %s, mfid: %04X", issuer, issuerid, atr[7], pin, mfid);
305 rdr_log (reader, "providers: %d (%s)", reader->nprov, ptxt+1);
306
307 cryptoworks_disable_pin(reader);
308
309 return OK;
310}
311
312static int32_t cryptoworks_do_ecm(struct s_reader * reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)
313{
314 def_resp;
315 int32_t r=0;
316 unsigned char ins4C[] = { 0xA4,0x4C,0x00,0x00,0x00 };
317 unsigned char insC0[] = { 0xA4,0xC0,0x00,0x00,0x1C };
318 unsigned char nanoD4[10];
319 int32_t secLen=check_sct_len(er->ecm,-5+(reader->ucpk_valid ? sizeof(nanoD4):0));
320
321 if(secLen>5)
322 {
323 int32_t i;
324 const uchar *ecm=er->ecm;
325 uchar buff[MAX_LEN];
326
327 if(reader->ucpk_valid)
328 {
329 memcpy(buff,er->ecm,secLen);
330 nanoD4[0]=0xD4;
331 nanoD4[1]=0x08;
332 for (i=2; i<(int)sizeof(nanoD4); i++)
333 nanoD4[i]=rand();
334 memcpy(&buff[secLen], nanoD4, sizeof(nanoD4));
335 ecm=buff;
336 secLen+=sizeof(nanoD4);
337 }
338
339 ins4C[3]=reader->ucpk_valid ? 2 : 0;
340 ins4C[4]=secLen-5;
341 write_cmd(ins4C, ecm+5);
342 if (cta_res[cta_lr-2]==0x9f)
343 {
344 insC0[4]=cta_res[cta_lr-1];
345 write_cmd(insC0, NULL);
346 for(i=0; i<secLen && r<2; )
347 {
348 int32_t n=cta_res[i+1];
349 switch(cta_res[i])
350 {
351 case 0x80:
352 rdr_debug_mask(reader, D_READER, "nano 80 (serial)");
353 break;
354 case 0xD4:
355 rdr_debug_mask(reader, D_READER, "nano D4 (rand)");
356 if(n<8 || memcmp(&cta_res[i],nanoD4,sizeof(nanoD4))){
357 rdr_debug_mask(reader, D_READER, "random data check failed after decrypt");
358 }
359 break;
360 case 0xDB: // CW
361 rdr_debug_mask(reader, D_READER, "nano DB (cw)");
362 if(n==0x10)
363 {
364 memcpy(ea->cw, &cta_res[i+2], 16);
365 r|=1;
366 }
367 break;
368 case 0xDF: // signature
369 rdr_debug_mask(reader, D_READER, "nano DF %02x (sig)", n);
370 if (n==0x08)
371 {
372 if((cta_res[i+2]&0x50)==0x50 && !(cta_res[i+3]&0x01) && (cta_res[i+5]&0x80))
373 r|=2;
374 }
375 else if (n==0x40) // camcrypt
376 {
377 if(reader->ucpk_valid)
378 {
379 cw_RSA(reader, &cta_res[i+2],&cta_res[i+2], n, &reader->exp, &reader->ucpk, 0);
380 rdr_debug_mask(reader, D_READER, "after camcrypt");
381 r=0; secLen=n-4; n=4;
382 }
383 else
384 {
385 rdr_log(reader, "valid UCPK needed for camcrypt!");
386 return ERROR;
387 }
388 }
389 break;
390 default:
391 rdr_debug_mask(reader, D_READER, "nano %02x (unhandled)", cta_res[i]);
392 break;
393 }
394 i+=n+2;
395 }
396 }
397
398/*
399#ifdef LALL
400 if ((cta_res[cta_lr-2]==0x9f)&&(cta_res[cta_lr-1]==0x1c))
401 {
402 write_cmd(insC0, NULL);
403 if ((cta_lr>26)&&(cta_res[cta_lr-2]==0x90)&&(cta_res[cta_lr-1]==0))
404 {
405 if (rc=(((cta_res[20]&0x50)==0x50) &&
406 (!(cta_res[21]&0x01)) &&
407 (cta_res[23]&0x80)))
408 memcpy(ea->cw, cta_res+2, 16);
409 }
410 }
411#endif
412*/
413 }
414 //return(rc ? 1 : 0);
415 return((r==3) ? 1 : 0);
416}
417
418static uint32_t cryptoworks_get_emm_provid(unsigned char *buffer, int32_t len);
419
420static int32_t cryptoworks_get_emm_type(EMM_PACKET *ep, struct s_reader * rdr)
421{
422 char dumprdrserial[16], dumpemmserial[16];
423
424 rdr_debug_mask(rdr, D_EMM, "Entered cryptoworks_get_emm_type ep->emm[0]=%02x",ep->emm[0]);
425 switch (ep->emm[0]) {
426 case 0x82:
427 if(ep->emm[3]==0xA9 && ep->emm[4]==0xFF && ep->emm[13]==0x80 && ep->emm[14]==0x05) {
428 ep->type = UNIQUE;
429 memset(ep->hexserial, 0, 8);
430 memcpy(ep->hexserial, ep->emm + 5, 5);
431 cs_hexdump(1, rdr->hexserial, 5, dumprdrserial, sizeof(dumprdrserial));
432 cs_hexdump(1, ep->hexserial, 5, dumpemmserial, sizeof(dumpemmserial));
433 i2b_buf(4, cryptoworks_get_emm_provid(ep->emm+12, ep->emmlen-12), ep->provid);
434 rdr_debug_mask_sensitive(rdr, D_EMM, "UNIQUE, ep = {%s} rdr = {%s}", dumpemmserial, dumprdrserial);
435 return (!memcmp(ep->emm + 5, rdr->hexserial, 5)); // check for serial
436 }
437 break;
438 case 0x84:
439 if(ep->emm[3]==0xA9 && ep->emm[4]==0xFF && ep->emm[12]==0x80 && ep->emm[13]==0x04) {
440 ep->type = SHARED;
441 memset(ep->hexserial, 0, 8);
442 memcpy(ep->hexserial, ep->emm + 5, 4);
443 cs_hexdump(1, rdr->hexserial, 4, dumprdrserial, sizeof(dumprdrserial));
444 cs_hexdump(1, ep->hexserial, 4, dumpemmserial, sizeof(dumpemmserial));
445 i2b_buf(4, cryptoworks_get_emm_provid(ep->emm+12, ep->emmlen-12), ep->provid);
446 rdr_debug_mask_sensitive(rdr, D_EMM, "SHARED, ep = {%s} rdr = {%s}", dumpemmserial, dumprdrserial);
447 return (!memcmp(ep->emm + 5, rdr->hexserial, 4)); // check for SA
448 }
449 break;
450 case 0x86:
451 if(ep->emm[3]==0xA9 && ep->emm[4]==0xFF && ep->emm[5]==0x83
452 && ep->emm[6]==0x01 && ep->emm[8]==0x85) {
453 rdr_debug_mask(rdr, D_EMM, "SHARED (Header)");
454 ep->type = SHARED;
455 i2b_buf(4, cryptoworks_get_emm_provid(ep->emm+8, ep->emmlen-8), ep->provid);
456 return 0;
457 }
458 break;
459 case 0x88:
460 case 0x89:
461 if(ep->emm[3]==0xA9 && ep->emm[4]==0xFF && ep->emm[8]==0x83 && ep->emm[9]==0x01) {
462 rdr_debug_mask(rdr, D_EMM, "GLOBAL");
463 ep->type = GLOBAL;
464 i2b_buf(4, cryptoworks_get_emm_provid(ep->emm+8, ep->emmlen-8), ep->provid);
465 return 1;
466 }
467 break;
468 case 0x8F:
469 ep->type = UNKNOWN;
470 rdr_debug_mask(rdr, D_EMM, "0x8F via camd3");
471
472 switch(ep->emm[4]) {
473 case 0x44:
474 i2b_buf(4, cryptoworks_get_emm_provid(ep->emm+8, ep->emmlen-8), ep->provid);
475 ep->type = GLOBAL; break;
476 case 0x48:
477 i2b_buf(4, cryptoworks_get_emm_provid(ep->emm+12, ep->emmlen-12), ep->provid);
478 ep->type = SHARED; break;
479 case 0x42:
480 i2b_buf(4, cryptoworks_get_emm_provid(ep->emm+12, ep->emmlen-12), ep->provid);
481 ep->type = UNIQUE; break;
482 }
483 return 1;
484
485 /* FIXME: Seems to be that all other EMM types are rejected by the card */
486 default:
487 ep->type = UNKNOWN;
488 rdr_debug_mask(rdr, D_EMM, "UNKNOWN");
489 return 0; // skip emm
490 }
491
492 rdr_debug_mask(rdr, D_EMM, "invaild");
493 return 0;
494}
495
496static void cryptoworks_get_emm_filter(struct s_reader * rdr, uchar *filter)
497{
498 int32_t idx = 2;
499
500 filter[0]=0xFF;
501 filter[1]=0;
502
503 filter[idx++]=EMM_GLOBAL;
504 filter[idx++]=0;
505 filter[idx+0] = 0x88;
506 filter[idx+0+16] = 0xFE;
507 filter[idx+1] = 0xA9;
508 filter[idx+1+16] = 0xFF;
509 filter[idx+2] = 0xFF;
510 filter[idx+2+16] = 0xFF;
511 filter[1]++;
512 idx += 32;
513
514 filter[idx++]=EMM_SHARED;
515 filter[idx++]=0;
516 filter[idx+0] = 0x86;
517 filter[idx+16] = 0xFF;
518 filter[idx+1] = 0xA9;
519 filter[idx+1+16] = 0xFF;
520 filter[idx+2] = 0xFF;
521 filter[idx+2+16] = 0xFF;
522 filter[1]++;
523 idx += 32;
524
525 filter[idx++]=EMM_SHARED;
526 filter[idx++]=0;
527 filter[idx+0] = 0x84;
528 filter[idx+0+16] = 0xFF;
529 filter[idx+1] = 0xA9;
530 filter[idx+1+16] = 0xFF;
531 filter[idx+2] = 0xFF;
532 filter[idx+2+16] = 0xFF;
533 memcpy(filter+idx+3, rdr->hexserial, 4);
534 memset(filter+idx+3+16, 0xFF, 4);
535 filter[1]++;
536 idx += 32;
537
538 filter[idx++]=EMM_UNIQUE;
539 filter[idx++]=0;
540 filter[idx+0] = 0x82;
541 filter[idx+0+16] = 0xFF;
542 filter[idx+1] = 0xA9;
543 filter[idx+1+16] = 0xFF;
544 filter[idx+2] = 0xFF;
545 filter[idx+2+16] = 0xFF;
546 memcpy(filter+idx+3, rdr->hexserial, 5);
547 memset(filter+idx+3+16, 0xFF, 5);
548 filter[1]++;
549
550 return;
551}
552
553static int32_t cryptoworks_do_emm(struct s_reader * reader, EMM_PACKET *ep)
554{
555 def_resp;
556 uchar insEMM_GA[] = {0xA4, 0x44, 0x00, 0x00, 0x00};
557 uchar insEMM_SA[] = {0xA4, 0x48, 0x00, 0x00, 0x00};
558 uchar insEMM_UA[] = {0xA4, 0x42, 0x00, 0x00, 0x00};
559 int32_t rc=0;
560 uchar *emm=ep->emm;
561
562 if(emm[0]==0x8f && emm[3]==0xA4) {
563 //camd3 emm
564 write_cmd(emm+3, emm+3+CMD_LEN);
565 rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
566 return(rc);
567 }
568
569
570 switch(ep->type)
571 {
572 //GA
573 case GLOBAL:
574 insEMM_GA[4]=ep->emm[2]-2;
575 if(emm[7]==insEMM_GA[4]-3)
576 {
577 write_cmd(insEMM_GA, emm+5);
578 rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
579 }
580 break;
581
582 //SA
583 case SHARED:
584 insEMM_SA[4]=ep->emm[2]-6;
585 //if(emm[11]==insEMM_SA[4]-3)
586 //{
587 write_cmd(insEMM_SA, emm+9);
588 rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
589 //}
590 break;
591
592 //UA
593 case UNIQUE:
594 insEMM_UA[4]=ep->emm[2]-7;
595 if(emm[12]==insEMM_UA[4]-3)
596 {
597 //cryptoworks_send_pin(); //?? may be
598 write_cmd(insEMM_UA, emm+10);
599 rc=((cta_res[0]==0x90)&&(cta_res[1]==0x00));
600 }
601 break;
602 }
603
604 if (!rc)
605 rdr_debug_mask(reader, D_EMM, "%s(): type %d - %02X %02X", __func__, ep->type, cta_res[0], cta_res[1]);
606
607 return(rc);
608}
609
610static int32_t cryptoworks_card_info(struct s_reader * reader)
611{
612 def_resp;
613 int32_t i;
614 uchar insA21[]= {0xA4, 0xA2, 0x01, 0x00, 0x05, 0x8C, 0x00, 0x00, 0x00, 0x00};
615 uchar insB2[] = {0xA4, 0xB2, 0x00, 0x00, 0x00};
616 char l_name[20+8]=", name: ";
617
618 cs_clear_entitlement(reader); // reset the entitlements
619
620 for (i=0; i<reader->nprov; i++)
621 {
622 l_name[8]=0;
623 select_file(reader, 0x1f, reader->prid[i][3], cta_res, &cta_lr); // select provider
624 select_file(reader, 0x0e, 0x11, cta_res, &cta_lr); // read provider name
625 if (read_record(reader, 0xD6, cta_res)>=16)
626 {
627 cs_strncpy(l_name+8, (const char *)cta_res+2, sizeof(l_name)-9);
628 l_name[sizeof(l_name)-1]=0;
629 trim(l_name+8);
630 }
631 l_name[0]=(l_name[8]) ? ',' : 0;
632 rdr_log (reader, "provider: %d, id: %02X%s", i+1, reader->prid[i][3], l_name);
633 select_file(reader, 0x0f, 0x20, cta_res, &cta_lr); // select provider class
634 write_cmd(insA21, insA21+5);
635 if (cta_res[0]==0x9f)
636 {
637 insB2[4]=cta_res[1];
638 for(insB2[3]=0; (cta_res[0]!=0x94)||(cta_res[1]!=0x2); insB2[3]=1)
639 {
640 write_cmd(insB2, NULL); // read chid
641 if (cta_res[0]!=0x94)
642 {
643 char ds[16], de[16];
644
645 // todo: add entitlements to list but produces a warning related to date variable
646 cs_add_entitlement(reader, reader->caid, reader->prid[i][3], b2i(2, cta_res + 7), 0,
647 chid_date(cta_res+28, ds, sizeof(ds)-1),
648 chid_date(cta_res+30, de, sizeof(de)-1), 3);
649
650 rdr_log (reader, "chid: %02X%02X, date: %s - %s, name: %s",
651 cta_res[6], cta_res[7], ds, de, trim((char *) cta_res+10));
652 }
653 }
654 }
655
656 select_file(reader, 0x0f, 0x00, cta_res, &cta_lr); // select provider channel
657 write_cmd(insA21, insA21+5);
658 if (cta_res[0]==0x9f)
659 {
660 insB2[4]=cta_res[1];
661 for(insB2[3]=0; (cta_res[0]!=0x94)||(cta_res[1]!=0x2); insB2[3]=1)
662 {
663 write_cmd(insB2, NULL); // read chid
664 if (cta_res[0]!=0x94)
665 {
666 char ds[16], de[16];
667
668 // todo: add entitlements to list but produces a warning related to date variable
669 cs_add_entitlement(reader, reader->caid, reader->prid[i][3], b2i(2, cta_res + 6), 0,
670 chid_date(cta_res+28, ds, sizeof(ds)-1),
671 chid_date(cta_res+30, de, sizeof(de)-1), 3);
672
673 cta_res[27]=0;
674 rdr_log (reader, "chid: %02X%02X, date: %s - %s, name: %s",
675 cta_res[6], cta_res[7], ds, de, trim((char *)cta_res+10));
676 }
677 }
678 }
679 }
680 rdr_log(reader, "ready for requests");
681 return OK;
682}
683
684static uint32_t cryptoworks_get_emm_provid(unsigned char *buffer, int32_t len)
685{
686 uint32_t provid=0;
687 int32_t i=0;
688
689 for(i=0; i<len;) {
690 switch (buffer[i]) {
691 case 0x83:
692 provid=buffer[i+2] & 0xfc;
693 return provid;
694 break;
695 default:
696 i+=buffer[i+1]+2;
697 break;
698 }
699
700 }
701 return provid;
702}
703
704#ifdef HAVE_DVBAPI
705void dvbapi_sort_nanos(unsigned char *dest, const unsigned char *src, int32_t len);
706
707int32_t cryptoworks_reassemble_emm(uchar *buffer, uint32_t *len) {
708 static uchar emm_global[512]; // function only called from dvbapi thread, no need to be threadsafe
709 static int32_t emm_global_len = 0;
710 int32_t emm_len = 0;
711
712 // Cryptoworks
713 // Cryptoworks EMM-S have to be assembled by the client from an EMM-SH with table
714 // id 0x84 and a corresponding EMM-SB (body) with table id 0x86. A pseudo EMM-S
715 // with table id 0x84 has to be build containing all nano commands from both the
716 // original EMM-SH and EMM-SB in ascending order.
717 //
718 if (*len>500) return 0;
719 char dumpbuf[255];
720
721 switch (buffer[0]) {
722 case 0x82 : // emm-u
723 cs_debug_mask(D_DVBAPI, "[cryptoworks] unique emm (EMM-U): %s" , cs_hexdump(0, buffer, *len, dumpbuf, sizeof(dumpbuf)));
724 break;
725
726 case 0x84: // emm-sh
727 cs_debug_mask(D_DVBAPI, "[cryptoworks] shared emm (EMM-SH): %s" , cs_hexdump(0, buffer, *len, dumpbuf, sizeof(dumpbuf)));
728 if (!memcmp(emm_global, buffer, *len)) return 0;
729 memcpy(emm_global, buffer, *len);
730 emm_global_len=*len;
731 return 0;
732
733 case 0x86: // emm-sb
734 cs_debug_mask(D_DVBAPI, "[cryptoworks] shared emm (EMM-SB): %s" , cs_hexdump(0, buffer, *len, dumpbuf, sizeof(dumpbuf)));
735 if (!emm_global_len) return 0;
736
737 // we keep the first 12 bytes of the 0x84 emm (EMM-SH)
738 // now we need to append the payload of the 0x86 emm (EMM-SB)
739 // starting after the header (&buffer[5])
740 // then the rest of the payload from EMM-SH
741 // so we should have :
742 // EMM-SH[0:12] + EMM-SB[5:len_EMM-SB] + EMM-SH[12:EMM-SH_len]
743 // then sort the nano in ascending order
744 // update the emm len (emmBuf[1:2])
745 //
746
747 emm_len=*len-5 + emm_global_len-12;
748 unsigned char *tmp, *assembled;
749 if (!cs_malloc(&tmp, emm_len))
750 return 0;
751 if (!cs_malloc(&assembled, emm_len + 12)) {
752 free(tmp);
753 return 0;
754 }
755 unsigned char *assembled_EMM;
756 if (!cs_malloc(&assembled_EMM, emm_len + 12)) {
757 free(assembled);
758 free(tmp);
759 return 0;
760 }
761 memcpy(tmp,&buffer[5], *len-5);
762 memcpy(tmp+*len-5,&emm_global[12],emm_global_len-12);
763 memcpy(assembled_EMM,emm_global,12);
764 dvbapi_sort_nanos(assembled_EMM+12,tmp,emm_len);
765
766 assembled_EMM[1]=((emm_len+9)>>8) | 0x70;
767 assembled_EMM[2]=(emm_len+9) & 0xFF;
768 //copy back the assembled emm in the working buffer
769 memcpy(buffer, assembled_EMM, emm_len+12);
770 *len=emm_len+12;
771
772 free(tmp);
773 free(assembled);
774 free(assembled_EMM);
775
776 emm_global_len=0;
777
778 cs_debug_mask(D_DVBAPI, "[cryptoworks] shared emm (assembled): %s", cs_hexdump(0, buffer, emm_len+12, dumpbuf, sizeof(dumpbuf)));
779 if(assembled_EMM[11]!=emm_len) { // sanity check
780 // error in emm assembly
781 cs_debug_mask(D_DVBAPI, "[cryptoworks] Error assembling Cryptoworks EMM-S");
782 return 0;
783 }
784 break;
785
786 case 0x88: // emm-g
787 case 0x89: // emm-g
788 cs_debug_mask(D_DVBAPI, "[cryptoworks] global emm (EMM-G): %s", cs_hexdump(0, buffer, *len, dumpbuf, sizeof(dumpbuf)));
789 break;
790 }
791 return 1;
792}
793#endif
794
795void reader_cryptoworks(struct s_cardsystem *ph)
796{
797 ph->do_emm=cryptoworks_do_emm;
798 ph->do_ecm=cryptoworks_do_ecm;
799 ph->card_info=cryptoworks_card_info;
800 ph->card_init=cryptoworks_card_init;
801 ph->get_emm_type=cryptoworks_get_emm_type;
802 ph->get_emm_filter=cryptoworks_get_emm_filter;
803 ph->caids[0]=0x0D;
804 ph->desc="cryptoworks";
805}
806#endif
Note: See TracBrowser for help on using the repository browser.