1 | #include "globals.h"
|
---|
2 | #ifdef READER_IRDETO
|
---|
3 | #include "oscam-time.h"
|
---|
4 | #include "reader-common.h"
|
---|
5 | #include "reader-irdeto.h"
|
---|
6 |
|
---|
7 | static const uint8_t CryptTable[256] =
|
---|
8 | {
|
---|
9 | 0xDA, 0x26, 0xE8, 0x72, 0x11, 0x52, 0x3E, 0x46,
|
---|
10 | 0x32, 0xFF, 0x8C, 0x1E, 0xA7, 0xBE, 0x2C, 0x29,
|
---|
11 | 0x5F, 0x86, 0x7E, 0x75, 0x0A, 0x08, 0xA5, 0x21,
|
---|
12 | 0x61, 0xFB, 0x7A, 0x58, 0x60, 0xF7, 0x81, 0x4F,
|
---|
13 | 0xE4, 0xFC, 0xDF, 0xB1, 0xBB, 0x6A, 0x02, 0xB3,
|
---|
14 | 0x0B, 0x6E, 0x5D, 0x5C, 0xD5, 0xCF, 0xCA, 0x2A,
|
---|
15 | 0x14, 0xB7, 0x90, 0xF3, 0xD9, 0x37, 0x3A, 0x59,
|
---|
16 | 0x44, 0x69, 0xC9, 0x78, 0x30, 0x16, 0x39, 0x9A,
|
---|
17 | 0x0D, 0x05, 0x1F, 0x8B, 0x5E, 0xEE, 0x1B, 0xC4,
|
---|
18 | 0x76, 0x43, 0xBD, 0xEB, 0x42, 0xEF, 0xF9, 0xD0,
|
---|
19 | 0x4D, 0xE3, 0xF4, 0x57, 0x56, 0xA3, 0x0F, 0xA6,
|
---|
20 | 0x50, 0xFD, 0xDE, 0xD2, 0x80, 0x4C, 0xD3, 0xCB,
|
---|
21 | 0xF8, 0x49, 0x8F, 0x22, 0x71, 0x84, 0x33, 0xE0,
|
---|
22 | 0x47, 0xC2, 0x93, 0xBC, 0x7C, 0x3B, 0x9C, 0x7D,
|
---|
23 | 0xEC, 0xC3, 0xF1, 0x89, 0xCE, 0x98, 0xA2, 0xE1,
|
---|
24 | 0xC1, 0xF2, 0x27, 0x12, 0x01, 0xEA, 0xE5, 0x9B,
|
---|
25 | 0x25, 0x87, 0x96, 0x7B, 0x34, 0x45, 0xAD, 0xD1,
|
---|
26 | 0xB5, 0xDB, 0x83, 0x55, 0xB0, 0x9E, 0x19, 0xD7,
|
---|
27 | 0x17, 0xC6, 0x35, 0xD8, 0xF0, 0xAE, 0xD4, 0x2B,
|
---|
28 | 0x1D, 0xA0, 0x99, 0x8A, 0x15, 0x00, 0xAF, 0x2D,
|
---|
29 | 0x09, 0xA8, 0xF5, 0x6C, 0xA1, 0x63, 0x67, 0x51,
|
---|
30 | 0x3C, 0xB2, 0xC0, 0xED, 0x94, 0x03, 0x6F, 0xBA,
|
---|
31 | 0x3F, 0x4E, 0x62, 0x92, 0x85, 0xDD, 0xAB, 0xFE,
|
---|
32 | 0x10, 0x2E, 0x68, 0x65, 0xE7, 0x04, 0xF6, 0x0C,
|
---|
33 | 0x20, 0x1C, 0xA9, 0x53, 0x40, 0x77, 0x2F, 0xA4,
|
---|
34 | 0xFA, 0x6D, 0x73, 0x28, 0xE2, 0xCD, 0x79, 0xC8,
|
---|
35 | 0x97, 0x66, 0x8E, 0x82, 0x74, 0x06, 0xC7, 0x88,
|
---|
36 | 0x1A, 0x4A, 0x6B, 0xCC, 0x41, 0xE9, 0x9D, 0xB8,
|
---|
37 | 0x23, 0x9F, 0x3D, 0xBF, 0x8D, 0x95, 0xC5, 0x13,
|
---|
38 | 0xB9, 0x24, 0x5A, 0xDC, 0x64, 0x18, 0x38, 0x91,
|
---|
39 | 0x7F, 0x5B, 0x70, 0x54, 0x07, 0xB6, 0x4B, 0x0E,
|
---|
40 | 0x36, 0xAC, 0x31, 0xE6, 0xD6, 0x48, 0xAA, 0xB4
|
---|
41 | };
|
---|
42 |
|
---|
43 | static const uint8_t sc_GetCountryCode[] = { 0x02, 0x02, 0x03, 0x00, 0x00 };
|
---|
44 | static const uint8_t sc_GetCountryCode2[] = { 0x02, 0x0B, 0x00, 0x00, 0x00 };
|
---|
45 |
|
---|
46 | static const uint8_t sc_GetCamKey384CZ[] =
|
---|
47 | {
|
---|
48 | 0x02, 0x09, 0x03, 0x00, 0x40,
|
---|
49 | 0x18, 0xD7, 0x55, 0x14, 0xC0, 0x83, 0xF1, 0x38,
|
---|
50 | 0x39, 0x6F, 0xF2, 0xEC, 0x4F, 0xE3, 0xF1, 0x85,
|
---|
51 | 0x01, 0x46, 0x06, 0xCE, 0x7D, 0x08, 0x2C, 0x74,
|
---|
52 | 0x46, 0x8F, 0x72, 0xC4, 0xEA, 0xD7, 0x9C, 0xE0,
|
---|
53 | 0xE1, 0xFF, 0x58, 0xE7, 0x70, 0x0C, 0x92, 0x45,
|
---|
54 | 0x26, 0x18, 0x4F, 0xA0, 0xE2, 0xF5, 0x9E, 0x46,
|
---|
55 | 0x6F, 0xAE, 0x95, 0x35, 0xB0, 0x49, 0xB2, 0x0E,
|
---|
56 | 0xA4, 0x1F, 0x8E, 0x47, 0xD0, 0x24, 0x11, 0xD0
|
---|
57 | };
|
---|
58 |
|
---|
59 | static const uint8_t sc_GetCamKey384DZ[] =
|
---|
60 | {
|
---|
61 | 0x02, 0x09, 0x03, 0x00, 0x40,
|
---|
62 | 0x27, 0xF2, 0xD6, 0xCD, 0xE6, 0x88, 0x62, 0x46,
|
---|
63 | 0x81, 0xB0, 0xF5, 0x3E, 0x6F, 0x13, 0x4D, 0xCC,
|
---|
64 | 0xFE, 0xD0, 0x67, 0xB1, 0x93, 0xDD, 0xF4, 0xDE,
|
---|
65 | 0xEF, 0xF5, 0x3B, 0x04, 0x1D, 0xE5, 0xC3, 0xB2,
|
---|
66 | 0x54, 0x38, 0x57, 0x7E, 0xC8, 0x39, 0x07, 0x2E,
|
---|
67 | 0xD2, 0xF4, 0x05, 0xAA, 0x15, 0xB5, 0x55, 0x24,
|
---|
68 | 0x90, 0xBB, 0x9B, 0x00, 0x96, 0xF0, 0xCB, 0xF1,
|
---|
69 | 0x8A, 0x08, 0x7F, 0x0B, 0xB8, 0x79, 0xC3, 0x5D
|
---|
70 | };
|
---|
71 |
|
---|
72 | static const uint8_t sc_GetCamKey384FZ[] =
|
---|
73 | {
|
---|
74 | 0x02, 0x09, 0x03, 0x00, 0x40,
|
---|
75 | 0x62, 0xFE, 0xD8, 0x4F, 0x44, 0x86, 0x2C, 0x21,
|
---|
76 | 0x50, 0x9A, 0xBE, 0x27, 0x15, 0x9E, 0xC4, 0x48,
|
---|
77 | 0xF3, 0x73, 0x5C, 0xBD, 0x08, 0x64, 0x6D, 0x13,
|
---|
78 | 0x64, 0x90, 0x14, 0xDB, 0xFF, 0xC3, 0xFE, 0x03,
|
---|
79 | 0x97, 0xFA, 0x75, 0x08, 0x12, 0xF9, 0x8F, 0x84,
|
---|
80 | 0x83, 0x17, 0xAA, 0x6F, 0xEF, 0x2C, 0x10, 0x1B,
|
---|
81 | 0xBF, 0x31, 0x41, 0xC3, 0x54, 0x2F, 0x65, 0x50,
|
---|
82 | 0x95, 0xA9, 0x64, 0x22, 0x5E, 0xA4, 0xAF, 0xA9
|
---|
83 | };
|
---|
84 |
|
---|
85 | /* some variables for acs57 (Dahlia for ITA dvb-t) */
|
---|
86 | #define ACS57EMM 0xD1
|
---|
87 | #define ACS57ECM 0xD5
|
---|
88 | #define ACS57GET 0xD2
|
---|
89 | /* end define */
|
---|
90 |
|
---|
91 | typedef struct chid_base_date
|
---|
92 | {
|
---|
93 | uint16_t caid;
|
---|
94 | uint16_t acs;
|
---|
95 | char c_code[4];
|
---|
96 | uint32_t base;
|
---|
97 | } CHID_BASE_DATE;
|
---|
98 |
|
---|
99 | struct irdeto_data
|
---|
100 | {
|
---|
101 | int32_t acs57; // A flag for the ACS57 ITA DVB-T
|
---|
102 | uint16_t acs;
|
---|
103 | char country_code[3]; // irdeto country code.
|
---|
104 | };
|
---|
105 |
|
---|
106 | static void XRotateLeft8Byte(uint8_t *buf)
|
---|
107 | {
|
---|
108 | int32_t k;
|
---|
109 | uint8_t t1 = buf[7];
|
---|
110 | uint8_t t2 = 0;
|
---|
111 |
|
---|
112 | for(k = 0; k <= 7; k++)
|
---|
113 | {
|
---|
114 | t2 = t1;
|
---|
115 | t1 = buf[k];
|
---|
116 | buf[k] = (buf[k] << 1) | (t2 >> 7);
|
---|
117 | }
|
---|
118 | }
|
---|
119 |
|
---|
120 | static void ReverseSessionKeyCrypt(const uint8_t *camkey, uint8_t *key)
|
---|
121 | {
|
---|
122 | uint8_t localkey[8], tmp1, tmp2;
|
---|
123 | int32_t idx1, idx2;
|
---|
124 |
|
---|
125 | memcpy(localkey, camkey, 8);
|
---|
126 |
|
---|
127 | for(idx1 = 0; idx1 < 8; idx1++)
|
---|
128 | {
|
---|
129 | for(idx2 = 0; idx2 < 8; idx2++)
|
---|
130 | {
|
---|
131 | tmp1 = CryptTable[key[7] ^ localkey[idx2] ^ idx1];
|
---|
132 | tmp2 = key[0];
|
---|
133 | key[0] = key[1];
|
---|
134 | key[1] = key[2];
|
---|
135 | key[2] = key[3];
|
---|
136 | key[3] = key[4];
|
---|
137 | key[4] = key[5];
|
---|
138 | key[5] = key[6] ^ tmp1;
|
---|
139 | key[6] = key[7];
|
---|
140 | key[7] = tmp1 ^ tmp2;
|
---|
141 | }
|
---|
142 | XRotateLeft8Byte(localkey);
|
---|
143 | }
|
---|
144 | }
|
---|
145 |
|
---|
146 | static uint8_t XorSum(const uint8_t *mem, int len)
|
---|
147 | {
|
---|
148 | uint8_t cs = 0;
|
---|
149 | while(len > 0)
|
---|
150 | {
|
---|
151 | cs ^= *mem++;
|
---|
152 | len--;
|
---|
153 | }
|
---|
154 | return cs;
|
---|
155 | }
|
---|
156 |
|
---|
157 | static time_t chid_date(struct s_reader *reader, uint32_t date, char *buf, int32_t l)
|
---|
158 | {
|
---|
159 | // Irdeto date starts 01.08.1997 which is
|
---|
160 | // 870393600 seconds in unix calendar time
|
---|
161 | //
|
---|
162 | // The above might not be true for all Irdeto card
|
---|
163 | // we need to find a way to identify cards to set the base date
|
---|
164 | // like we did for NDS
|
---|
165 | //
|
---|
166 | // this is the known default value.
|
---|
167 |
|
---|
168 | uint32_t date_base;
|
---|
169 |
|
---|
170 | if((reader->caid >> 8) == 0x06)
|
---|
171 | {
|
---|
172 | date_base = 946598400L; // this is actually 31.12.1999, 00:00 default for irdeto card
|
---|
173 | }
|
---|
174 | else
|
---|
175 | {
|
---|
176 | date_base = 870393600L; // this is actually 01.08.1997, 00:00 default for betacrypt cards
|
---|
177 | }
|
---|
178 |
|
---|
179 | // CAID, ACS, Country, base date D. M. Y, h : m
|
---|
180 | CHID_BASE_DATE table[] = {
|
---|
181 | {0x0662, 0x0608, "ITA", 944110500L}, // 01.12.1999, 23.55
|
---|
182 | {0x0616, 0x0608, "ITA", 944110500L}, // 01.12.1999, 23.55 //nitegate
|
---|
183 | {0x0647, 0x0005, "ITA", 946598400L}, // 31.12.1999, 00:00 //Redlight irdeto
|
---|
184 | {0x0664, 0x0608, "TUR", 946598400L}, // 31.12.1999, 00:00
|
---|
185 | {0x0624, 0x0006, "CZE", 946598400L}, // 30.12.1999, 16:00 //skyklink irdeto
|
---|
186 | {0x0624, 0x0006, "SVK", 946598400L}, // 30.12.1999, 16:00 //skyklink irdeto
|
---|
187 | {0x0666, 0x0006, "SVK", 946598400L}, // 30.12.1999, 16:00 //cslink irdeto
|
---|
188 | {0x0668, 0x0006, "SVK", 946598400L}, // 30.12.1999, 00:00 //Towercom Irdeto
|
---|
189 | {0x0666, 0x0006, "CZE", 946598400L}, // 30.12.1999, 16:00 //cslink irdeto
|
---|
190 | {0x0653, 0x0608, "HUN", 946598400L}, // 31.12.1999, 00:00 //upc ice irdeto
|
---|
191 | {0x0653, 0x0005, "HUN", 946598400L}, // 31.12.1999, 00:00 //upc ice irdeto
|
---|
192 | {0x0650, 0x0608, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf P410 irdeto
|
---|
193 | {0x0650, 0x0005, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf P410 irdeto
|
---|
194 | {0x0648, 0x0608, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf ice irdeto
|
---|
195 | {0x0648, 0x0005, "AUT", 946598400L}, // 31.12.1999, 00:00 //orf ice irdeto
|
---|
196 | {0x0627, 0x0608, "EGY", 946598400L}, // 30.12.1999, 16:00
|
---|
197 | {0x0602, 0x0606, "NLD", 946598400L}, // 31.12.1999, 08:00 //Ziggo irdeto caid: 0602, acs: 6.06
|
---|
198 | {0x0602, 0x0505, "NLD", 946598400L}, // 31.12.1999, 00:00 //Ziggo irdeto caid: 0602, acs: 5.05
|
---|
199 | {0x0606, 0x0005, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 0.05
|
---|
200 | {0x0606, 0x0605, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 6.05
|
---|
201 | {0x0606, 0x0606, "NLD", 946598400L}, // 31.12.1999, 00:00 //Caiway irdeto card caid: 0606, acs: 6.06
|
---|
202 | {0x0606, 0x0006, "ZAF", 946598400L}, // 31.12.1999, 00:00 //dstv irdeto
|
---|
203 | {0x0604, 0x1541, "GRC", 977817600L}, // 26.12.2000, 00:00
|
---|
204 | {0x0604, 0x1542, "GRC", 977817600L}, // 26.12.2000, 00:00
|
---|
205 | {0x0604, 0x1543, "GRC", 977817600L}, // 26.12.2000, 00:00
|
---|
206 | {0x0604, 0x1544, "GRC", 977817600L}, // 26.12.2000, 17:00
|
---|
207 | {0x0604, 0x0608, "EGY", 999993600L}, // 08.09.2001, 17:00
|
---|
208 | {0x0604, 0x0606, "EGY", 1003276800L}, // 16.10.2001, 17:00
|
---|
209 | {0x0604, 0x0605, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
|
---|
210 | {0x0604, 0x0606, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
|
---|
211 | {0x0604, 0x0607, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
|
---|
212 | {0x0604, 0x0608, "GRC", 1011052800L}, // 15.01.2002, 00:00 //nova irdeto
|
---|
213 | {0x0604, 0x0005, "GRC", 1011052800L}, // 15.01.2002, 00:00 //mova irdeto
|
---|
214 | {0x0604, 0x0606, "NLD", 1066089600L}, // 14.10.2003, 00:00
|
---|
215 | {0x0610, 0x0608, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0610, acs: 6.08
|
---|
216 | {0x0604, 0x0608, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 6.08
|
---|
217 | {0x0604, 0x0605, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 6.05
|
---|
218 | {0x0604, 0x0005, "NLD", 1066089600L}, // 14.10.2003, 00:00 //Ziggo irdeto caid: 0604, acs: 0.05
|
---|
219 | {0x0628, 0x0606, "MCR", 1159574400L}, // 29.09.2006, 00:00
|
---|
220 | {0x0652, 0x0005, "MCR", 1206662400L}, // 28.03.2008, 00:00 //Raduga caid:0652, acs: 0.05
|
---|
221 | {0x0652, 0x0608, "MCR", 1206662400L}, // 28.03.2008, 00:00 //Raduga caid:0652, acs: 6.08
|
---|
222 | {0x0, 0x0, "", 0L}
|
---|
223 | };
|
---|
224 |
|
---|
225 | // now check for specific providers base date
|
---|
226 | int32_t i = 0;
|
---|
227 | struct irdeto_data *csystem_data = reader->csystem_data;
|
---|
228 |
|
---|
229 | while(table[i].caid)
|
---|
230 | {
|
---|
231 | if((reader->caid == table[i].caid) && (csystem_data->acs == table[i].acs)
|
---|
232 | && (!memcmp(csystem_data->country_code, table[i].c_code, 3)))
|
---|
233 | {
|
---|
234 | date_base = table[i].base;
|
---|
235 | break;
|
---|
236 | }
|
---|
237 | i++;
|
---|
238 | }
|
---|
239 |
|
---|
240 | time_t ut = date_base + date * (24 * 3600);
|
---|
241 | if(buf)
|
---|
242 | {
|
---|
243 | struct tm t;
|
---|
244 | cs_gmtime_r(&ut, &t);
|
---|
245 | l = 27;
|
---|
246 | snprintf(buf, l, "%04d/%02d/%02d", t.tm_year + 1900, t.tm_mon + 1, t.tm_mday);
|
---|
247 | }
|
---|
248 | return (ut);
|
---|
249 | }
|
---|
250 |
|
---|
251 | static int32_t irdeto_do_cmd(struct s_reader *reader, uint8_t *buf, uint16_t good, uint8_t *cta_res, uint16_t *p_cta_lr)
|
---|
252 | {
|
---|
253 | int32_t rc;
|
---|
254 | if((rc = reader_cmd2icc(reader, buf, buf[4] + 5, cta_res, p_cta_lr)))
|
---|
255 | {
|
---|
256 | return (rc); // result may be 0 (success) or negative
|
---|
257 | }
|
---|
258 |
|
---|
259 | if(*p_cta_lr < 2)
|
---|
260 | {
|
---|
261 | return (0x7F7F); // this should never happen
|
---|
262 | }
|
---|
263 |
|
---|
264 | return (good != b2i(2, cta_res + *p_cta_lr - 2));
|
---|
265 | }
|
---|
266 |
|
---|
267 | #define reader_chk_cmd(cmd, l) { if (reader_cmd2icc(reader, cmd, sizeof(cmd), cta_res, &cta_lr)) return ERROR; if (l && (cta_lr!=l)) return ERROR; }
|
---|
268 |
|
---|
269 | static int32_t irdeto_card_init_provider(struct s_reader *reader)
|
---|
270 | {
|
---|
271 | def_resp;
|
---|
272 | int32_t i, p;
|
---|
273 | uint8_t buf[256] = {0};
|
---|
274 | struct irdeto_data *csystem_data = reader->csystem_data;
|
---|
275 |
|
---|
276 | uint8_t sc_GetProvider[] = { 0x02, 0x03, 0x03, 0x00, 0x00 };
|
---|
277 | uint8_t sc_Acs57Prov[] = { 0xD2, 0x06, 0x03, 0x00, 0x01, 0x3C };
|
---|
278 | uint8_t sc_Acs57_Cmd[] = { ACS57GET, 0xFE, 0x00, 0x00, 0x00 };
|
---|
279 |
|
---|
280 | /*
|
---|
281 | * Provider
|
---|
282 | */
|
---|
283 | memset(reader->prid, 0xff, sizeof(reader->prid));
|
---|
284 |
|
---|
285 | for(buf[0] = i = p = 0; i < reader->nprov; i++)
|
---|
286 | {
|
---|
287 | int32_t acspadd = 0;
|
---|
288 | if(csystem_data->acs57 == 1)
|
---|
289 | {
|
---|
290 | acspadd = 8;
|
---|
291 | sc_Acs57Prov[3] = i;
|
---|
292 | irdeto_do_cmd(reader, sc_Acs57Prov, 0x9021, cta_res, &cta_lr);
|
---|
293 | int32_t acslength = cta_res[cta_lr - 1];
|
---|
294 | sc_Acs57_Cmd[4] = acslength;
|
---|
295 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
296 | sc_Acs57Prov[5]++;
|
---|
297 | sc_Acs57_Cmd[3]++;
|
---|
298 | }
|
---|
299 | else
|
---|
300 | {
|
---|
301 | sc_GetProvider[3] = i;
|
---|
302 | reader_chk_cmd(sc_GetProvider, 0);
|
---|
303 | }
|
---|
304 |
|
---|
305 | if(((cta_lr == 26) && ((!(i & 1)) || (cta_res[0] != 0xf))) || (csystem_data->acs57 == 1))
|
---|
306 | {
|
---|
307 | reader->prid[i][4] = p++;
|
---|
308 |
|
---|
309 | // maps the provider id for Betacrypt from FFFFFF to 000000,
|
---|
310 | // fixes problems with cascading CCcam and OSCam
|
---|
311 | if(caid_is_betacrypt(reader->caid))
|
---|
312 | {
|
---|
313 | memset(&reader->prid[i][0], 0, 4);
|
---|
314 | }
|
---|
315 | else
|
---|
316 | {
|
---|
317 | memcpy(&reader->prid[i][0], cta_res + acspadd, 4);
|
---|
318 | }
|
---|
319 |
|
---|
320 | if(!memcmp(cta_res + acspadd + 1, &reader->hexserial, 3))
|
---|
321 | {
|
---|
322 | reader->prid[i][3] = 0xFF;
|
---|
323 | }
|
---|
324 |
|
---|
325 | snprintf((char *) buf + cs_strlen((char *)buf), sizeof(buf) - cs_strlen((char *)buf), ",%06x", b2i(3, &reader->prid[i][1]));
|
---|
326 | }
|
---|
327 | else
|
---|
328 | {
|
---|
329 | reader->prid[i][0] = 0xf;
|
---|
330 | }
|
---|
331 | }
|
---|
332 |
|
---|
333 | if(p)
|
---|
334 | {
|
---|
335 | rdr_log(reader, "active providers: %d (%s)", p, buf + 1);
|
---|
336 | }
|
---|
337 |
|
---|
338 | return OK;
|
---|
339 | }
|
---|
340 |
|
---|
341 | static int32_t irdeto_card_init(struct s_reader *reader, ATR *newatr)
|
---|
342 | {
|
---|
343 | def_resp;
|
---|
344 | get_atr;
|
---|
345 | int32_t camkey = 0;
|
---|
346 | uint8_t buf[256] = { 0 };
|
---|
347 | uint8_t sc_GetCamKey383C[] = {
|
---|
348 | 0x02, 0x09, 0x03, 0x00, 0x40,
|
---|
349 | 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
|
---|
350 | 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
|
---|
351 | 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88,
|
---|
352 | 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF,
|
---|
353 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
---|
354 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
---|
355 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
|
---|
356 | 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
|
---|
357 |
|
---|
358 | uint8_t sc_GetASCIISerial[] = { 0x02, 0x00, 0x03, 0x00, 0x00 };
|
---|
359 | uint8_t sc_GetHEXSerial[] = { 0x02, 0x01, 0x00, 0x00, 0x00 };
|
---|
360 | uint8_t sc_GetSCDetails[] = { 0x02, 0x1E, 0x00, 0x00, 0x00 };
|
---|
361 | uint8_t sc_GetCardFile[] = { 0x02, 0x0E, 0x02, 0x00, 0x00 };
|
---|
362 |
|
---|
363 | uint8_t sc_Acs57CamKey[70] = { 0xD2, 0x12, 0x03, 0x00, 0x41};
|
---|
364 | uint8_t sc_Acs57Country[] = { 0xD2, 0x04, 0x00, 0x00, 0x01, 0x3E };
|
---|
365 | uint8_t sc_Acs57Ascii[] = { 0xD2, 0x00, 0x03, 0x00, 0x01, 0x3F };
|
---|
366 | uint8_t sc_Acs57Hex[] = { 0xD2, 0x02, 0x03, 0x00, 0x01, 0x3E };
|
---|
367 | uint8_t sc_Acs57CFile[] = { 0xD2, 0x1C, 0x02, 0x00, 0x01, 0x30 };
|
---|
368 | uint8_t sc_Acs57_Cmd[] = { ACS57GET, 0xFE, 0x00, 0x00, 0x00 };
|
---|
369 |
|
---|
370 | int32_t acspadd = 0;
|
---|
371 | int32_t acs57 = 0;
|
---|
372 |
|
---|
373 | if(!memcmp(atr + 4, "IRDETO", 6))
|
---|
374 | {
|
---|
375 | acs57 = 0;
|
---|
376 | }
|
---|
377 | else
|
---|
378 | {
|
---|
379 | if((!memcmp(atr + 5, "IRDETO", 6)) || (((atr[6] == 0xC4) && (atr[9] == 0x8F) && (atr[10] == 0xF1)) && reader->force_irdeto))
|
---|
380 | {
|
---|
381 | acs57 = 1;
|
---|
382 | acspadd = 8;
|
---|
383 | rdr_log(reader, "Hist. Bytes: %s", atr + 5);
|
---|
384 | }
|
---|
385 | else
|
---|
386 | {
|
---|
387 | return ERROR;
|
---|
388 | }
|
---|
389 | }
|
---|
390 |
|
---|
391 | if(!cs_malloc(&reader->csystem_data, sizeof(struct irdeto_data)))
|
---|
392 | {
|
---|
393 | return ERROR;
|
---|
394 | }
|
---|
395 | struct irdeto_data *csystem_data = reader->csystem_data;
|
---|
396 | csystem_data->acs57 = acs57;
|
---|
397 |
|
---|
398 | rdr_log(reader, "detect irdeto card");
|
---|
399 | if((array_has_nonzero_byte(reader->rsa_mod, 64) > 0) && (!reader->force_irdeto || csystem_data->acs57)) // we use rsa from config as camkey
|
---|
400 | {
|
---|
401 | char tmp_dbg[65];
|
---|
402 | rdr_log_dbg(reader, D_READER, "using camkey data from config");
|
---|
403 | rdr_log_dbg(reader, D_READER, " camkey: %s", cs_hexdump(0, reader->boxkey, sizeof(reader->boxkey), tmp_dbg, sizeof(tmp_dbg)));
|
---|
404 | if(csystem_data->acs57 == 1)
|
---|
405 | {
|
---|
406 | memcpy(&sc_Acs57CamKey[5], reader->rsa_mod, 0x40);
|
---|
407 | rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_Acs57CamKey[5], 32, tmp_dbg, sizeof(tmp_dbg)));
|
---|
408 | rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_Acs57CamKey[37], 32, tmp_dbg, sizeof(tmp_dbg)));
|
---|
409 | }
|
---|
410 | else
|
---|
411 | {
|
---|
412 | memcpy(&sc_GetCamKey383C[5], reader->rsa_mod, 0x40);
|
---|
413 | rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_GetCamKey383C[5], 32, tmp_dbg, sizeof(tmp_dbg)));
|
---|
414 | rdr_log_dbg(reader, D_READER, "camkey-data: %s", cs_hexdump(0, &sc_GetCamKey383C[37], 32, tmp_dbg, sizeof(tmp_dbg)));
|
---|
415 | }
|
---|
416 | }
|
---|
417 | else
|
---|
418 | {
|
---|
419 | if(csystem_data->acs57 == 1)
|
---|
420 | {
|
---|
421 | rdr_log(reader, "WARNING: ACS57 card can require the CamKey from config");
|
---|
422 | }
|
---|
423 | else
|
---|
424 | {
|
---|
425 | memcpy(reader->boxkey, "\x11\x22\x33\x44\x55\x66\x77\x88", 8);
|
---|
426 | }
|
---|
427 | }
|
---|
428 |
|
---|
429 | /*
|
---|
430 | * Get Irdeto Smartcard Details - version - patch level etc
|
---|
431 | */
|
---|
432 | if(csystem_data->acs57 == 0)
|
---|
433 | {
|
---|
434 | if(!irdeto_do_cmd(reader, sc_GetSCDetails, 0, cta_res, &cta_lr))
|
---|
435 | {
|
---|
436 | rdr_log(reader, "Irdeto SC %0x version %0x revision %0x, patch level %0x", cta_res[0 + acspadd], cta_res[1 + acspadd], cta_res[2 + acspadd], cta_res[5 + acspadd]);
|
---|
437 | }
|
---|
438 | }
|
---|
439 |
|
---|
440 | /*
|
---|
441 | * CountryCode
|
---|
442 | */
|
---|
443 | if(csystem_data->acs57 == 1)
|
---|
444 | {
|
---|
445 | irdeto_do_cmd(reader, sc_Acs57Country, 0x9019, cta_res, &cta_lr);
|
---|
446 | int32_t acslength = cta_res[cta_lr - 1];
|
---|
447 | sc_Acs57_Cmd[4] = acslength;
|
---|
448 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
449 | }
|
---|
450 | else
|
---|
451 | {
|
---|
452 | reader_chk_cmd(sc_GetCountryCode, 18);
|
---|
453 | }
|
---|
454 | csystem_data->acs = (cta_res[0 + acspadd] << 8) | cta_res[1 + acspadd];
|
---|
455 | reader->caid = (cta_res[5 + acspadd] << 8) | cta_res[6 + acspadd];
|
---|
456 | memcpy(csystem_data->country_code, cta_res + 13 + acspadd, 3);
|
---|
457 | rdr_log(reader, "caid: %04X, acs: %x.%02x, country code: %c%c%c",
|
---|
458 | reader->caid, cta_res[0 + acspadd], cta_res[1 + acspadd], cta_res[13 + acspadd], cta_res[14 + acspadd], cta_res[15 + acspadd]);
|
---|
459 |
|
---|
460 | /*
|
---|
461 | * Ascii/Hex-Serial
|
---|
462 | */
|
---|
463 | if(csystem_data->acs57 == 1)
|
---|
464 | {
|
---|
465 | irdeto_do_cmd(reader, sc_Acs57Ascii, 0x901D, cta_res, &cta_lr);
|
---|
466 | int32_t acslength = cta_res[cta_lr - 1];
|
---|
467 | sc_Acs57_Cmd[4] = acslength;
|
---|
468 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
469 | }
|
---|
470 | else
|
---|
471 | {
|
---|
472 | reader_chk_cmd(sc_GetASCIISerial, 22);
|
---|
473 | }
|
---|
474 | memcpy(buf, cta_res + acspadd, 10);
|
---|
475 | buf[10] = 0;
|
---|
476 | if(csystem_data->acs57 == 1)
|
---|
477 | {
|
---|
478 | irdeto_do_cmd(reader, sc_Acs57Hex, 0x903E, cta_res, &cta_lr);
|
---|
479 | int32_t acslength = cta_res[cta_lr - 1];
|
---|
480 | sc_Acs57_Cmd[4] = acslength;
|
---|
481 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
482 | }
|
---|
483 | else
|
---|
484 | {
|
---|
485 | reader_chk_cmd(sc_GetHEXSerial, 18);
|
---|
486 | }
|
---|
487 | reader->nprov = cta_res[10 + acspadd];
|
---|
488 | memcpy(reader->hexserial, cta_res + 12 + acspadd, 4);
|
---|
489 |
|
---|
490 | rdr_log_sensitive(reader, "providers: %d, ascii serial: {%s}, hex serial: {%02X%02X%02X}, hex base: {%02X}",
|
---|
491 | reader->nprov, buf, reader->hexserial[0], reader->hexserial[1], reader->hexserial[2], reader->hexserial[3]);
|
---|
492 |
|
---|
493 | /*
|
---|
494 | * CardFile
|
---|
495 | */
|
---|
496 | if(csystem_data->acs57 == 1)
|
---|
497 | {
|
---|
498 | irdeto_do_cmd(reader, sc_Acs57CFile, 0x9049, cta_res, &cta_lr);
|
---|
499 | int32_t acslength = cta_res[cta_lr - 1];
|
---|
500 | sc_Acs57_Cmd[4] = acslength;
|
---|
501 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
502 | sc_Acs57CFile[2] = 0x03;
|
---|
503 | sc_Acs57CFile[5]++;
|
---|
504 | irdeto_do_cmd(reader, sc_Acs57CFile, 0x9049, cta_res, &cta_lr);
|
---|
505 | acslength = cta_res[cta_lr - 1];
|
---|
506 | sc_Acs57_Cmd[4] = acslength;
|
---|
507 | sc_Acs57_Cmd[2] = 0x03;
|
---|
508 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
509 | sc_Acs57_Cmd[2] = 0x00;
|
---|
510 | }
|
---|
511 | else
|
---|
512 | {
|
---|
513 | for(sc_GetCardFile[2] = 2; sc_GetCardFile[2] < 4; sc_GetCardFile[2]++)
|
---|
514 | {
|
---|
515 | reader_chk_cmd(sc_GetCardFile, 0);
|
---|
516 | }
|
---|
517 | }
|
---|
518 |
|
---|
519 | /*
|
---|
520 | * CamKey
|
---|
521 | */
|
---|
522 | if(((atr[14] == 0x03) && (atr[15] == 0x84) && (atr[16] == 0x55)) || (((atr[14] == 0x53) && (atr[15] == 0x20) && (atr[16] == 0x56))))
|
---|
523 | {
|
---|
524 | switch(reader->caid)
|
---|
525 | {
|
---|
526 | case 0x1702:
|
---|
527 | camkey = 1;
|
---|
528 | break;
|
---|
529 |
|
---|
530 | case 0x1722:
|
---|
531 | camkey = 2;
|
---|
532 | break;
|
---|
533 |
|
---|
534 | case 0x1762:
|
---|
535 | camkey = 3;
|
---|
536 | break;
|
---|
537 |
|
---|
538 | // case 0x0624: camkey = 4; break; //ice 0D96/0624 has short ATR
|
---|
539 | default:
|
---|
540 | camkey = 5;
|
---|
541 | break;
|
---|
542 | }
|
---|
543 | }
|
---|
544 |
|
---|
545 | if(((reader->caid == 0x0624) && (csystem_data->acs57 == 1)) || (reader->caid == 0x0648) || (reader->caid == 0x0650) || (reader->caid == 0x0653) || (reader->caid == 0x0666)) // acs 6.08 and ice 0D96/0624 and 0D97/0653
|
---|
546 | {
|
---|
547 | camkey = 4;
|
---|
548 | sc_Acs57CamKey[2] = 0;
|
---|
549 | }
|
---|
550 |
|
---|
551 | // Dirthy hack for Ziggo will be removed when optimum values are find on these T14 cards for v2 and triple
|
---|
552 | // There are also other readers suffering from simmilar issue for those cards.
|
---|
553 | if(((reader->caid == 0x0604) || (reader->caid == 0x1722)) && (reader->typ == R_SMART) && (reader->smart_type >= 2))
|
---|
554 | {
|
---|
555 | // Quick and dirty containment for the SmargoV2,Triple and Ziggo irdeto caid: 0604 using smartreader protocol
|
---|
556 | camkey = 999;
|
---|
557 | }
|
---|
558 | // end dirthy hack
|
---|
559 |
|
---|
560 | rdr_log_dbg(reader, D_READER, "set camkey for type=%d", camkey);
|
---|
561 |
|
---|
562 | switch(camkey)
|
---|
563 | {
|
---|
564 | case 1:
|
---|
565 | reader_chk_cmd(sc_GetCamKey384CZ, 10);
|
---|
566 | break;
|
---|
567 |
|
---|
568 | case 2:
|
---|
569 | reader_chk_cmd(sc_GetCamKey384DZ, 10);
|
---|
570 | break;
|
---|
571 |
|
---|
572 | case 3:
|
---|
573 | reader_chk_cmd(sc_GetCamKey384FZ, 10);
|
---|
574 | break;
|
---|
575 |
|
---|
576 | case 4:
|
---|
577 | {
|
---|
578 | int32_t i, crc = 61;
|
---|
579 | crc ^= 0x01, crc ^= 0x02, crc ^= 0x09;
|
---|
580 | crc ^= sc_Acs57CamKey[2], crc ^= sc_Acs57CamKey[3], crc ^= (sc_Acs57CamKey[4] + 1);
|
---|
581 |
|
---|
582 | for(i = 5; i < (int)sizeof(sc_Acs57CamKey) - 1; i++)
|
---|
583 | {
|
---|
584 | crc ^= sc_Acs57CamKey[i];
|
---|
585 | }
|
---|
586 | sc_Acs57CamKey[69] = crc;
|
---|
587 |
|
---|
588 | if(((reader->caid == 0x0624) && (csystem_data->acs57 == 1)) || (reader->caid == 0x0648) || (reader->caid == 0x0650) || (reader->caid == 0x0653) || (reader->caid == 0x0666))
|
---|
589 | {
|
---|
590 | sc_Acs57CamKey[69] = XorSum(sc_Acs57CamKey, 69) ^ 0x3f ^(sc_Acs57CamKey[0] & 0xf0) ^ 0x1b;
|
---|
591 | if(irdeto_do_cmd(reader, sc_Acs57CamKey, 0x9011, cta_res, &cta_lr))
|
---|
592 | {
|
---|
593 | rdr_log(reader, "You have a bad Cam Key set");
|
---|
594 | return ERROR;
|
---|
595 | }
|
---|
596 | }
|
---|
597 | else
|
---|
598 | {
|
---|
599 | irdeto_do_cmd(reader, sc_Acs57CamKey, 0x9012, cta_res, &cta_lr);
|
---|
600 | }
|
---|
601 |
|
---|
602 | int32_t acslength = cta_res[cta_lr - 1];
|
---|
603 | sc_Acs57_Cmd[4] = acslength;
|
---|
604 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
605 | } break;
|
---|
606 |
|
---|
607 | // dirthy hack ziggo nl card smartredaer v2 and triple will be removed after findings optimum T14 values for v2 and triple
|
---|
608 | case 999:
|
---|
609 | {
|
---|
610 | // For some reason only 4 to 5 bytes are received, while 8 bytes are expected.
|
---|
611 | int32_t rc;
|
---|
612 | rc = reader_cmd2icc(reader, sc_GetCamKey383C, sizeof(sc_GetCamKey383C), cta_res, &cta_lr);
|
---|
613 | rdr_log_dbg(reader, D_READER, "SmargoV2 camkey exchange containment: Ignoring returncode (%d), should have been 0.", rc);
|
---|
614 | rdr_log_dbg(reader, D_READER, "In case cardinit NOK and/or no entitlements, retry by restarting oscam.");
|
---|
615 | } break; // end dirthy hack
|
---|
616 |
|
---|
617 | default:
|
---|
618 | if(csystem_data->acs57 == 1)
|
---|
619 | {
|
---|
620 | int32_t i, crc = 0x76;
|
---|
621 |
|
---|
622 | for(i = 6; i < (int)sizeof(sc_Acs57CamKey) - 1; i++)
|
---|
623 | {
|
---|
624 | crc ^= sc_Acs57CamKey[i];
|
---|
625 | }
|
---|
626 |
|
---|
627 | sc_Acs57CamKey[69] = crc;
|
---|
628 | irdeto_do_cmd(reader, sc_Acs57CamKey, 0x9012, cta_res, &cta_lr);
|
---|
629 | int32_t acslength = cta_res[cta_lr - 1];
|
---|
630 | sc_Acs57_Cmd[4] = acslength;
|
---|
631 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
632 | }
|
---|
633 | else
|
---|
634 | {
|
---|
635 | reader_chk_cmd(sc_GetCamKey383C, 0);
|
---|
636 | } break;
|
---|
637 | }
|
---|
638 |
|
---|
639 | if(((reader->cardmhz != 600) && (reader->typ != R_INTERNAL)) || ((reader->typ == R_INTERNAL) && ((reader->mhz < 510) || (reader->cardmhz > 690))))
|
---|
640 | {
|
---|
641 | rdr_log(reader, "WARNING: For Irdeto cards you will have to set '%s= 600' in oscam.server", (reader->typ == R_INTERNAL ? "mhz" : "cardmhz") );
|
---|
642 | }
|
---|
643 |
|
---|
644 | return irdeto_card_init_provider(reader);
|
---|
645 | }
|
---|
646 |
|
---|
647 | int32_t irdeto_do_ecm(struct s_reader *reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)
|
---|
648 | {
|
---|
649 | def_resp;
|
---|
650 | cta_lr = 0; // suppress compiler error
|
---|
651 | static const uint8_t sc_EcmCmd[] = { 0x05, 0x00, 0x00, 0x02, 0x00 };
|
---|
652 | uint8_t sc_Acs57Ecm[] = { 0xD5, 0x00, 0x00, 0x02, 0x00 };
|
---|
653 | uint8_t sc_Acs57_Cmd[] = { ACS57ECM, 0xFE, 0x00, 0x00, 0x00 };
|
---|
654 | uint8_t cta_cmd[MAX_ECM_SIZE];
|
---|
655 | struct irdeto_data *csystem_data = reader->csystem_data;
|
---|
656 |
|
---|
657 | int32_t i = 0, acspadd = 0;
|
---|
658 | if(csystem_data->acs57 == 1)
|
---|
659 | {
|
---|
660 | int32_t crc = 63;
|
---|
661 | sc_Acs57Ecm[4] = er->ecm[2] - 2;
|
---|
662 | if(((reader->caid == 0x0624) && (csystem_data->acs57 == 1)) || (reader->caid == 0x0648) || (reader->caid == 0x0650) || (reader->caid == 0x0653) || (reader->caid == 0x0666)) //crc for orf, cslink, skylink, upcdirect
|
---|
663 | {
|
---|
664 | sc_Acs57Ecm[2] = 0;
|
---|
665 | crc ^= 0x01;
|
---|
666 | crc ^= 0x05;
|
---|
667 | crc ^= sc_Acs57Ecm[2];
|
---|
668 | crc ^= sc_Acs57Ecm[3];
|
---|
669 | crc ^= (sc_Acs57Ecm[4] - 1);
|
---|
670 |
|
---|
671 | for(i = 6; i < er->ecm[2] + 4; i++)
|
---|
672 | {
|
---|
673 | crc ^= er->ecm[i];
|
---|
674 | }
|
---|
675 | }
|
---|
676 | else
|
---|
677 | {
|
---|
678 | sc_Acs57Ecm[2] = er->ecm[6];
|
---|
679 | crc ^= 0x01;
|
---|
680 | crc ^= 0x05;
|
---|
681 | crc ^= sc_Acs57Ecm[2];
|
---|
682 | crc ^= sc_Acs57Ecm[3];
|
---|
683 | crc ^= (sc_Acs57Ecm[4] - 1);
|
---|
684 |
|
---|
685 | for(i = 6; i < er->ecm[3] - 5; i++)
|
---|
686 | {
|
---|
687 | crc ^= er->ecm[i];
|
---|
688 | }
|
---|
689 | }
|
---|
690 |
|
---|
691 | memcpy(cta_cmd, sc_Acs57Ecm, sizeof(sc_Acs57Ecm));
|
---|
692 | memcpy(cta_cmd + 5, er->ecm + 6, er->ecm[2] - 1);
|
---|
693 | cta_cmd[er->ecm[2] + 2] = crc;
|
---|
694 |
|
---|
695 | irdeto_do_cmd(reader, cta_cmd, 0, cta_res, &cta_lr);
|
---|
696 | int32_t acslength = cta_res[cta_lr - 1];
|
---|
697 |
|
---|
698 | // If acslength != 0x1F you don't have the entitlements or you camkey is bad
|
---|
699 | if(acslength != 0x1F)
|
---|
700 | {
|
---|
701 | switch(acslength)
|
---|
702 | {
|
---|
703 | case 0x09:
|
---|
704 | rdr_log(reader, "Maybe you don't have the entitlements for this channel");
|
---|
705 | break;
|
---|
706 |
|
---|
707 | default:
|
---|
708 | rdr_log(reader, "Maybe you have a bad Cam Key set it from config file");
|
---|
709 | break;
|
---|
710 | }
|
---|
711 | return ERROR;
|
---|
712 | }
|
---|
713 | sc_Acs57_Cmd[4] = acslength;
|
---|
714 | cta_lr = 0;
|
---|
715 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
716 | acspadd = 8;
|
---|
717 | }
|
---|
718 | else
|
---|
719 | {
|
---|
720 | memcpy(cta_cmd, sc_EcmCmd, sizeof(sc_EcmCmd));
|
---|
721 | cta_cmd[4] = (er->ecm[2]) - 3;
|
---|
722 | memcpy(cta_cmd + sizeof(sc_EcmCmd), &er->ecm[6], cta_cmd[4]);
|
---|
723 |
|
---|
724 | int32_t try = 1;
|
---|
725 | int32_t ret;
|
---|
726 | do
|
---|
727 | {
|
---|
728 | if(try > 1)
|
---|
729 | {
|
---|
730 | snprintf(ea->msglog, MSGLOGSIZE, "%.22s irdeto_do_cmd try nr %i", reader->label, try);
|
---|
731 | }
|
---|
732 |
|
---|
733 | ret = (irdeto_do_cmd(reader, cta_cmd, 0x9D00, cta_res, &cta_lr));
|
---|
734 | ret = ret || (cta_lr < 24);
|
---|
735 | if(ret)
|
---|
736 | {
|
---|
737 | switch(cta_res[cta_lr - 2])
|
---|
738 | {
|
---|
739 | case 0x26: // valid for V6 and V7 cards *26 rare case card gets locked if bad EMM being written
|
---|
740 | {
|
---|
741 | snprintf(ea->msglog, MSGLOGSIZE, "%.19s cardstatus: LOCKED", reader->label);
|
---|
742 | return E_CORRUPT;
|
---|
743 | }
|
---|
744 |
|
---|
745 | case 0x27: // valid for V6 and V7 cards Time sync EMMs
|
---|
746 | {
|
---|
747 | snprintf(ea->msglog, MSGLOGSIZE, "%.23s need global EMMs first", reader->label);
|
---|
748 | return E_CORRUPT;
|
---|
749 | }
|
---|
750 |
|
---|
751 | case 0x33: // valid for all cards *33 comes in 2 cases Either Card Requires to be init with Dynamic RSA AKA cmd28/A0 or Pairing Enabled
|
---|
752 | {
|
---|
753 | snprintf(ea->msglog, MSGLOGSIZE, "%.26s dynamic RSA init or pairing enabled", reader->label);
|
---|
754 | return ERROR;
|
---|
755 | }
|
---|
756 |
|
---|
757 | case 0x35: // valid for V6 and V7 cards Time sync EMMs
|
---|
758 | {
|
---|
759 | snprintf(ea->msglog, MSGLOGSIZE, "%.23s need global EMMs first", reader->label);
|
---|
760 | return E_CORRUPT;
|
---|
761 | }
|
---|
762 |
|
---|
763 | case 0x90: // valid for all cards
|
---|
764 | {
|
---|
765 | snprintf(ea->msglog, MSGLOGSIZE,"%.26s unsubscribed channel or chid missing", reader->label);
|
---|
766 | return ERROR;
|
---|
767 | }
|
---|
768 |
|
---|
769 | case 0x92: // valid for all cards
|
---|
770 | {
|
---|
771 | snprintf(ea->msglog, MSGLOGSIZE,"%.22s regional chid missing", reader->label);
|
---|
772 | return ERROR;
|
---|
773 | }
|
---|
774 |
|
---|
775 | case 0x9E: // valid for all cards *9E comes in 2 cases if card not fully updated OR if pairing Enabled
|
---|
776 | {
|
---|
777 | if(cta_res[cta_lr - 1] == 0x65)
|
---|
778 | {
|
---|
779 | snprintf(ea->msglog, MSGLOGSIZE,"%.24s chipset pairing enabled", reader->label);
|
---|
780 | return ERROR;
|
---|
781 | }
|
---|
782 | else
|
---|
783 | {
|
---|
784 | snprintf(ea->msglog, MSGLOGSIZE,"%.11s needs EMMs", reader->label);
|
---|
785 | return E_CORRUPT;
|
---|
786 | }
|
---|
787 | }
|
---|
788 |
|
---|
789 | case 0xA0: // valid for all cards
|
---|
790 | {
|
---|
791 | snprintf(ea->msglog, MSGLOGSIZE,"%.17s surflock enabled", reader->label);
|
---|
792 | return E_CORRUPT;
|
---|
793 | }
|
---|
794 |
|
---|
795 | default: // all other error status
|
---|
796 | {
|
---|
797 | snprintf(ea->msglog, MSGLOGSIZE, "%.16s irdeto_do_cmd [%d] %02x %02x", reader->label, cta_lr, cta_res[cta_lr - 2], cta_res[cta_lr - 1]);
|
---|
798 | break;
|
---|
799 | }
|
---|
800 | }
|
---|
801 | }
|
---|
802 | try++;
|
---|
803 | }
|
---|
804 | while((try < 3) && (ret));
|
---|
805 |
|
---|
806 | if(ret)
|
---|
807 | {
|
---|
808 | return ERROR;
|
---|
809 | }
|
---|
810 | }
|
---|
811 |
|
---|
812 | if((cta_res[5]== 0x36) || (cta_res[5]== 0x37) || (cta_res[5]== 0x24) || (cta_res[5]== 0x25))
|
---|
813 | {
|
---|
814 | snprintf(ea->msglog, MSGLOGSIZE, "cw needs tweaking");
|
---|
815 | }
|
---|
816 |
|
---|
817 | ReverseSessionKeyCrypt(reader->boxkey, cta_res + 6 + acspadd);
|
---|
818 | ReverseSessionKeyCrypt(reader->boxkey, cta_res + 14 + acspadd);
|
---|
819 | memcpy(ea->cw, cta_res + 6 + acspadd, 16);
|
---|
820 | return OK;
|
---|
821 | }
|
---|
822 |
|
---|
823 | static int32_t irdeto_get_emm_type(EMM_PACKET *ep, struct s_reader *rdr)
|
---|
824 | {
|
---|
825 | int32_t i, l = (ep->emm[3] & 0x07);
|
---|
826 | int32_t base = (ep->emm[3] >> 3);
|
---|
827 | char dumprdrserial[l * 3], dumpemmserial[l * 3];
|
---|
828 |
|
---|
829 | rdr_log_dbg(rdr, D_EMM, "Entered irdeto_get_emm_type ep->emm[3]=%02x", ep->emm[3]);
|
---|
830 |
|
---|
831 | switch(l)
|
---|
832 | {
|
---|
833 | case 0:
|
---|
834 | // global emm, 0 bytes addressed
|
---|
835 | ep->type = GLOBAL;
|
---|
836 | rdr_log_dbg(rdr, D_EMM, "GLOBAL base = %02x", base);
|
---|
837 |
|
---|
838 | if(base & 0x10) // hex serial based?
|
---|
839 | {
|
---|
840 | if(base == rdr->hexserial[3]) // does base match?
|
---|
841 | {
|
---|
842 | return 1;
|
---|
843 | }
|
---|
844 | else
|
---|
845 | {
|
---|
846 | return 0; // base doesnt match!
|
---|
847 | }
|
---|
848 | }
|
---|
849 | else
|
---|
850 | {
|
---|
851 | return 1;
|
---|
852 | } // provider based, match all!
|
---|
853 |
|
---|
854 | case 2:
|
---|
855 | // shared emm, 2 bytes addressed
|
---|
856 | ep->type = SHARED;
|
---|
857 | memset(ep->hexserial, 0, 8);
|
---|
858 | memcpy(ep->hexserial, ep->emm + 4, l);
|
---|
859 | #ifdef WITH_DEBUG
|
---|
860 | if(cs_dblevel & D_EMM)
|
---|
861 | {
|
---|
862 | cs_hexdump(1, rdr->hexserial, l, dumprdrserial, sizeof(dumprdrserial));
|
---|
863 | cs_hexdump(1, ep->hexserial, l, dumpemmserial, sizeof(dumpemmserial));
|
---|
864 | }
|
---|
865 | #endif
|
---|
866 | rdr_log_dbg_sensitive(rdr, D_EMM, "SHARED l = %d ep = {%s} rdr = {%s} base = %02x",
|
---|
867 | l, dumpemmserial, dumprdrserial, base);
|
---|
868 |
|
---|
869 | if(base & 0x10)
|
---|
870 | {
|
---|
871 | // hex addressed
|
---|
872 | return ((base == rdr->hexserial[3]) && (!memcmp(ep->emm + 4, rdr->hexserial, l)));
|
---|
873 | }
|
---|
874 | else
|
---|
875 | {
|
---|
876 | if(!memcmp(ep->emm + 4, rdr->hexserial, l))
|
---|
877 | {
|
---|
878 | return 1;
|
---|
879 | }
|
---|
880 |
|
---|
881 | // provider addressed
|
---|
882 | for(i = 0; i < rdr->nprov; i++)
|
---|
883 | {
|
---|
884 | if((base == rdr->prid[i][0]) && (!memcmp(ep->emm + 4, &rdr->prid[i][1], l)))
|
---|
885 | {
|
---|
886 | return 1;
|
---|
887 | }
|
---|
888 | }
|
---|
889 | }
|
---|
890 | rdr_log_dbg(rdr, D_EMM, "neither hex nor provider addressed or unknown provider id");
|
---|
891 | return 0;
|
---|
892 |
|
---|
893 | case 3:
|
---|
894 | // unique emm, 3 bytes addressed
|
---|
895 | ep->type = UNIQUE;
|
---|
896 | memset(ep->hexserial, 0, 8);
|
---|
897 | memcpy(ep->hexserial, ep->emm + 4, l);
|
---|
898 |
|
---|
899 | #ifdef WITH_DEBUG
|
---|
900 | if(cs_dblevel & D_EMM)
|
---|
901 | {
|
---|
902 | cs_hexdump(1, rdr->hexserial, l, dumprdrserial, sizeof(dumprdrserial));
|
---|
903 | cs_hexdump(1, ep->hexserial, l, dumpemmserial, sizeof(dumpemmserial));
|
---|
904 | rdr_log_dbg_sensitive(rdr, D_EMM, "UNIQUE l = %d ep = {%s} rdr = {%s} base = %02x",
|
---|
905 | l, dumpemmserial, dumprdrserial, base);
|
---|
906 | }
|
---|
907 | #endif
|
---|
908 | if(base & 0x10) // unique hex addressed
|
---|
909 | {
|
---|
910 | return ((base == rdr->hexserial[3]) && (!memcmp(ep->emm + 4, rdr->hexserial, l)));
|
---|
911 | }
|
---|
912 | else
|
---|
913 | {
|
---|
914 | if(!memcmp(ep->emm + 4, rdr->hexserial, l))
|
---|
915 | {
|
---|
916 | return 1;
|
---|
917 | }
|
---|
918 |
|
---|
919 | // unique provider addressed
|
---|
920 | for(i = 0; i < rdr->nprov; i++)
|
---|
921 | {
|
---|
922 | if((base == rdr->prid[i][0]) && (!memcmp(ep->emm + 4, &rdr->prid[i][1], l)))
|
---|
923 | {
|
---|
924 | return 1;
|
---|
925 | }
|
---|
926 | }
|
---|
927 | }
|
---|
928 | rdr_log_dbg(rdr, D_EMM, "neither hex nor provider addressed or unknown provider id");
|
---|
929 | return 0;
|
---|
930 |
|
---|
931 | default:
|
---|
932 | ep->type = UNKNOWN;
|
---|
933 | rdr_log_dbg(rdr, D_EMM, "UNKNOWN");
|
---|
934 | return 1;
|
---|
935 | }
|
---|
936 | }
|
---|
937 |
|
---|
938 | static int32_t irdeto_get_emm_filter(struct s_reader *rdr, struct s_csystem_emm_filter **emm_filters, unsigned int *filter_count)
|
---|
939 | {
|
---|
940 | if(*emm_filters == NULL)
|
---|
941 | {
|
---|
942 | const unsigned int max_filter_count = 3 + (rdr->nprov * 2);
|
---|
943 | if(!cs_malloc(emm_filters, max_filter_count * sizeof(struct s_csystem_emm_filter)))
|
---|
944 | {
|
---|
945 | return ERROR;
|
---|
946 | }
|
---|
947 |
|
---|
948 | struct s_csystem_emm_filter *filters = *emm_filters;
|
---|
949 | *filter_count = 0;
|
---|
950 |
|
---|
951 | unsigned int idx = 0;
|
---|
952 |
|
---|
953 | filters[idx].type = EMM_GLOBAL;
|
---|
954 | filters[idx].enabled = 1;
|
---|
955 | filters[idx].filter[0] = 0x82;
|
---|
956 | filters[idx].mask[0] = 0xFF;
|
---|
957 | filters[idx].filter[1] = 0xF8;
|
---|
958 | filters[idx].mask[1] = 0x07;
|
---|
959 | idx++;
|
---|
960 |
|
---|
961 | filters[idx].type = EMM_UNIQUE;
|
---|
962 | filters[idx].enabled = 1;
|
---|
963 | filters[idx].filter[0] = 0x82;
|
---|
964 | filters[idx].mask[0] = 0xFF;
|
---|
965 | filters[idx].filter[1] = 0xFB;
|
---|
966 | filters[idx].mask[1] = 0x07;
|
---|
967 | memcpy(&filters[idx].filter[2], rdr->hexserial, 3);
|
---|
968 | memset(&filters[idx].mask[2], 0xFF, 3);
|
---|
969 | idx++;
|
---|
970 |
|
---|
971 | // Shared on Hex Serial only for Betacrypt
|
---|
972 | if(caid_is_betacrypt(rdr->caid))
|
---|
973 | {
|
---|
974 | filters[idx].type = EMM_SHARED;
|
---|
975 | filters[idx].enabled = 1;
|
---|
976 | filters[idx].filter[0] = 0x82;
|
---|
977 | filters[idx].mask[0] = 0xFF;
|
---|
978 | filters[idx].filter[1] = 0xFA;
|
---|
979 | filters[idx].mask[1] = 0x07;
|
---|
980 | memcpy(&filters[idx].filter[2], rdr->hexserial, 2);
|
---|
981 | memset(&filters[idx].mask[2], 0xFF, 2);
|
---|
982 | idx++;
|
---|
983 | }
|
---|
984 |
|
---|
985 | int32_t i;
|
---|
986 | for(i = 0; i < rdr->nprov; i++)
|
---|
987 | {
|
---|
988 | // 00XX00 provider is a not initialised not used provider
|
---|
989 | if((rdr->prid[i][1] == 0xFF) || ((rdr->prid[i][1] == 0x00) && (rdr->prid[i][3] == 0x00) && (rdr->caid != 0x0647)))
|
---|
990 | {
|
---|
991 | continue;
|
---|
992 | }
|
---|
993 |
|
---|
994 | filters[idx].type = EMM_UNIQUE;
|
---|
995 | filters[idx].enabled = 1;
|
---|
996 | filters[idx].filter[0] = 0x82;
|
---|
997 | filters[idx].mask[0] = 0xFF;
|
---|
998 | filters[idx].filter[1] = 0xFB;
|
---|
999 | filters[idx].mask[1] = 0x07;
|
---|
1000 | memcpy(&filters[idx].filter[2], &rdr->prid[i][1], 3);
|
---|
1001 | memset(&filters[idx].mask[2], 0xFF, 3);
|
---|
1002 | idx++;
|
---|
1003 |
|
---|
1004 | filters[idx].type = EMM_SHARED;
|
---|
1005 | filters[idx].enabled = 1;
|
---|
1006 | filters[idx].filter[0] = 0x82;
|
---|
1007 | filters[idx].mask[0] = 0xFF;
|
---|
1008 | filters[idx].filter[1] = 0xFA;
|
---|
1009 | filters[idx].mask[1] = 0x07;
|
---|
1010 | memcpy(&filters[idx].filter[2], &rdr->prid[i][1], 2);
|
---|
1011 | memset(&filters[idx].mask[2], 0xFF, 2);
|
---|
1012 | idx++;
|
---|
1013 | }
|
---|
1014 |
|
---|
1015 | *filter_count = idx;
|
---|
1016 | }
|
---|
1017 |
|
---|
1018 | return OK;
|
---|
1019 | }
|
---|
1020 |
|
---|
1021 | static int32_t irdeto_get_tunemm_filter(struct s_reader *rdr, struct s_csystem_emm_filter **emm_filters, unsigned int *filter_count)
|
---|
1022 | {
|
---|
1023 | if(*emm_filters == NULL)
|
---|
1024 | {
|
---|
1025 | const unsigned int max_filter_count = 3;
|
---|
1026 | if(!cs_malloc(emm_filters, max_filter_count * sizeof(struct s_csystem_emm_filter)))
|
---|
1027 | {
|
---|
1028 | return ERROR;
|
---|
1029 | }
|
---|
1030 |
|
---|
1031 | struct s_csystem_emm_filter *filters = *emm_filters;
|
---|
1032 | *filter_count = 0;
|
---|
1033 |
|
---|
1034 | unsigned int idx = 0;
|
---|
1035 |
|
---|
1036 | filters[idx].type = EMM_GLOBAL;
|
---|
1037 | filters[idx].enabled = 1;
|
---|
1038 | filters[idx].filter[0] = 0x82;
|
---|
1039 | filters[idx].mask[0] = 0xFF;
|
---|
1040 | idx++;
|
---|
1041 |
|
---|
1042 | filters[idx].type = EMM_SHARED;
|
---|
1043 | filters[idx].enabled = 1;
|
---|
1044 | filters[idx].filter[0] = 0x83;
|
---|
1045 | filters[idx].filter[1] = rdr->hexserial[1];
|
---|
1046 | filters[idx].filter[2] = rdr->hexserial[0];
|
---|
1047 | filters[idx].filter[3] = 0x10;
|
---|
1048 | filters[idx].filter[4] = 0x00;
|
---|
1049 | filters[idx].filter[5] = 0x10;
|
---|
1050 | memset(&filters[idx].mask[0], 0xFF, 6);
|
---|
1051 | idx++;
|
---|
1052 |
|
---|
1053 | filters[idx].type = EMM_UNIQUE;
|
---|
1054 | filters[idx].enabled = 1;
|
---|
1055 | filters[idx].filter[0] = 0x83;
|
---|
1056 | filters[idx].filter[1] = rdr->hexserial[1];
|
---|
1057 | filters[idx].filter[2] = rdr->hexserial[0];
|
---|
1058 | filters[idx].filter[3] = 0x10;
|
---|
1059 | filters[idx].filter[4] = rdr->hexserial[2];
|
---|
1060 | filters[idx].filter[5] = 0x00;
|
---|
1061 | memset(&filters[idx].mask[0], 0xFF, 6);
|
---|
1062 | idx++;
|
---|
1063 |
|
---|
1064 | *filter_count = idx;
|
---|
1065 | }
|
---|
1066 |
|
---|
1067 | return OK;
|
---|
1068 | }
|
---|
1069 |
|
---|
1070 | void irdeto_add_emm_header(EMM_PACKET *ep)
|
---|
1071 | {
|
---|
1072 | uint8_t bt_emm[MAX_EMM_SIZE];
|
---|
1073 | static const char *typtext[] = { "unknown", "unique", "shared", "global" };
|
---|
1074 | memset(bt_emm, 0, sizeof(bt_emm));
|
---|
1075 |
|
---|
1076 | ep->type = UNKNOWN;
|
---|
1077 | if((ep->emm[0] == 0x83) && (ep->emm[5] == 0x10))
|
---|
1078 | {
|
---|
1079 | if(ep->emm[7] == 0x00)
|
---|
1080 | {
|
---|
1081 | ep->type = UNIQUE;
|
---|
1082 | }
|
---|
1083 | else
|
---|
1084 | {
|
---|
1085 | ep->type = SHARED;
|
---|
1086 | }
|
---|
1087 | }
|
---|
1088 | else
|
---|
1089 | {
|
---|
1090 | if(ep->emm[0] == 0x82)
|
---|
1091 | {
|
---|
1092 | ep->type = GLOBAL;
|
---|
1093 | }
|
---|
1094 | }
|
---|
1095 |
|
---|
1096 | if((ep->type != UNKNOWN) && (ep->emmlen == 142))
|
---|
1097 | {
|
---|
1098 | cs_log_dbg(D_EMM, "[TUN_EMM] Type: %s - rewriting header", typtext[ep->type]);
|
---|
1099 | }
|
---|
1100 | else
|
---|
1101 | {
|
---|
1102 | return;
|
---|
1103 | }
|
---|
1104 |
|
---|
1105 | // BETACRYPT/IRDETO EMM HEADER:
|
---|
1106 | static uint8_t headerD0[6] = { 0x82, 0x70, 0x89, 0xd0, 0x01, 0x00 }; // GLOBAL
|
---|
1107 | static uint8_t headerD2[8] = { 0x82, 0x70, 0x8b, 0xd2, 0x00, 0x00, 0x01, 0x00 }; // SHARED
|
---|
1108 | static uint8_t headerD3[9] = { 0x82, 0x70, 0x8c, 0xd3, 0x00, 0x00, 0x00, 0x01, 0x00 }; // UNIQUE
|
---|
1109 |
|
---|
1110 | switch(ep->type)
|
---|
1111 | {
|
---|
1112 | case UNIQUE:
|
---|
1113 | memcpy(bt_emm, headerD3, sizeof(headerD3));
|
---|
1114 | memcpy(bt_emm + sizeof(headerD3), ep->emm + 8, ep->emmlen - 8);
|
---|
1115 | bt_emm[4] = ep->emm[4];
|
---|
1116 | bt_emm[5] = ep->emm[3];
|
---|
1117 | bt_emm[6] = ep->emm[6];
|
---|
1118 | ep->emmlen = 143;
|
---|
1119 | break;
|
---|
1120 |
|
---|
1121 | case SHARED:
|
---|
1122 | memcpy(bt_emm, headerD2, sizeof(headerD2));
|
---|
1123 | memcpy(bt_emm + sizeof(headerD2), ep->emm + 8, ep->emmlen - 8);
|
---|
1124 | bt_emm[4] = ep->emm[4];
|
---|
1125 | bt_emm[5] = ep->emm[3];
|
---|
1126 | ep->emmlen = 142;
|
---|
1127 | break;
|
---|
1128 |
|
---|
1129 | case GLOBAL:
|
---|
1130 | memcpy(bt_emm, headerD0, sizeof(headerD0));
|
---|
1131 | memcpy(bt_emm + sizeof(headerD0), ep->emm + 8, ep->emmlen - 8);
|
---|
1132 | ep->emmlen = 140;
|
---|
1133 | break;
|
---|
1134 | }
|
---|
1135 | memcpy(ep->emm, bt_emm, sizeof(bt_emm));
|
---|
1136 | }
|
---|
1137 |
|
---|
1138 | #define ADDRLEN 4 // Address length in EMM commands
|
---|
1139 |
|
---|
1140 | static int32_t irdeto_do_emm(struct s_reader *reader, EMM_PACKET *ep)
|
---|
1141 | {
|
---|
1142 | def_resp;
|
---|
1143 | static const uint8_t sc_EmmCmd[] = { 0x01, 0x00, 0x00, 0x00, 0x00 };
|
---|
1144 | static uint8_t sc_Acs57Emm[] = { 0xD1, 0x00, 0x00, 0x00, 0x00 };
|
---|
1145 | uint8_t sc_Acs57_Cmd[] = { ACS57EMM, 0xFE, 0x00, 0x00, 0x00 };
|
---|
1146 | struct irdeto_data *csystem_data = reader->csystem_data;
|
---|
1147 | uint8_t cta_cmd[272];
|
---|
1148 |
|
---|
1149 | if(ep->emm[0] != 0x82)
|
---|
1150 | {
|
---|
1151 | rdr_log_dbg(reader, D_EMM, "Invalid EMM: Has to start with 0x82, but starts with %02x!", ep->emm[0]);
|
---|
1152 | return ERROR;
|
---|
1153 | }
|
---|
1154 |
|
---|
1155 | int32_t i, l = (ep->emm[3] & 0x07), ok = 0;
|
---|
1156 | int32_t mode = (ep->emm[3] >> 3);
|
---|
1157 | uint8_t *emm = ep->emm;
|
---|
1158 |
|
---|
1159 | if(mode & 0x10)
|
---|
1160 | {
|
---|
1161 | // hex addressed
|
---|
1162 | ok = ((mode == reader->hexserial[3]) && ((!l) || (!memcmp(&emm[4], reader->hexserial, l))));
|
---|
1163 | }
|
---|
1164 | else
|
---|
1165 | {
|
---|
1166 | ok = !memcmp(&emm[4], reader->hexserial, l);
|
---|
1167 |
|
---|
1168 | // provider addressed
|
---|
1169 | for(i = 0; i < reader->nprov && !ok; i++)
|
---|
1170 | {
|
---|
1171 | ok = ((mode == reader->prid[i][0]) && ((!l) || (!memcmp(&emm[4], &reader->prid[i][1], l))));
|
---|
1172 | }
|
---|
1173 | }
|
---|
1174 |
|
---|
1175 | if(ok)
|
---|
1176 | {
|
---|
1177 | l++;
|
---|
1178 | if(l <= ADDRLEN)
|
---|
1179 | {
|
---|
1180 | if(csystem_data->acs57 == 1)
|
---|
1181 | {
|
---|
1182 | int32_t dataLen = 0;
|
---|
1183 |
|
---|
1184 | if(ep->type == UNIQUE)
|
---|
1185 | {
|
---|
1186 | dataLen = ep->emm[2] - 1;
|
---|
1187 | }
|
---|
1188 | else
|
---|
1189 | {
|
---|
1190 | dataLen = ep->emm[2];
|
---|
1191 | }
|
---|
1192 |
|
---|
1193 | if((dataLen < 7) || (dataLen > ((int32_t)sizeof(ep->emm) - 6)) || (dataLen > ((int32_t)sizeof(cta_cmd) - 9)))
|
---|
1194 | {
|
---|
1195 | rdr_log_dbg(reader, D_EMM, "dataLen %d seems wrong, faulty EMM?", dataLen);
|
---|
1196 | return ERROR;
|
---|
1197 | }
|
---|
1198 |
|
---|
1199 | if((ep->type == GLOBAL) && (((reader->caid == 0x0624) && (csystem_data->acs57 == 1)) || (reader->caid == 0x0648) || (reader->caid == 0x0650) || (reader->caid == 0x0653) || (reader->caid == 0x0666)))
|
---|
1200 | {
|
---|
1201 | dataLen += 2;
|
---|
1202 | }
|
---|
1203 |
|
---|
1204 | int32_t crc = 63;
|
---|
1205 | sc_Acs57Emm[4] = dataLen;
|
---|
1206 | memcpy(&cta_cmd, sc_Acs57Emm, sizeof(sc_Acs57Emm));
|
---|
1207 | crc ^= 0x01;
|
---|
1208 | crc ^= 0x01;
|
---|
1209 | crc ^= 0x00;
|
---|
1210 | crc ^= 0x00;
|
---|
1211 | crc ^= 0x00;
|
---|
1212 | crc ^= (dataLen - 1);
|
---|
1213 | memcpy(&cta_cmd[5], &ep->emm[3], 10);
|
---|
1214 |
|
---|
1215 | if(ep->type == UNIQUE)
|
---|
1216 | {
|
---|
1217 | memcpy(&cta_cmd[9], &ep->emm[9], dataLen - 4);
|
---|
1218 | }
|
---|
1219 | else
|
---|
1220 | {
|
---|
1221 | if((ep->type == GLOBAL) && (((reader->caid == 0x0624) && (csystem_data->acs57 == 1)) || (reader->caid == 0x0648) || (reader->caid == 0x0650) || (reader->caid == 0x0653) || (reader->caid == 0x0666)))
|
---|
1222 | {
|
---|
1223 | memcpy(&cta_cmd[9], &ep->emm[6], 1);
|
---|
1224 | memcpy(&cta_cmd[10], &ep->emm[7], dataLen - 6);
|
---|
1225 | // cta_cmd[9]=0x00;
|
---|
1226 | }
|
---|
1227 | else if(((reader->caid == 0x0624) && (csystem_data->acs57 == 1)) || (reader->caid == 0x0648) || (reader->caid == 0x0650) || (reader->caid == 0x0653) || (reader->caid == 0x0666)) //only orf, cslink, skylink, upcdirect
|
---|
1228 | {
|
---|
1229 | memcpy(&cta_cmd[9], &ep->emm[8], dataLen - 4);
|
---|
1230 | }
|
---|
1231 | else
|
---|
1232 | {
|
---|
1233 | memcpy(&cta_cmd[10], &ep->emm[9], dataLen - 6);
|
---|
1234 | }
|
---|
1235 | }
|
---|
1236 |
|
---|
1237 | for(i = 5; i < dataLen + 4; i++)
|
---|
1238 | {
|
---|
1239 | crc ^= cta_cmd[i];
|
---|
1240 | }
|
---|
1241 |
|
---|
1242 | cta_cmd[dataLen - 1 + 5] = crc;
|
---|
1243 | irdeto_do_cmd(reader, cta_cmd, 0, cta_res, &cta_lr);
|
---|
1244 | int32_t acslength = cta_res[cta_lr - 1];
|
---|
1245 | sc_Acs57_Cmd[4] = acslength;
|
---|
1246 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
1247 |
|
---|
1248 | rdr_log_dbg(reader, D_EMM,"response %02X %02X %02X %02X %02X (%s)",
|
---|
1249 | cta_res[0], cta_res[1], cta_res[2], cta_res[3], cta_res[4],
|
---|
1250 | (((cta_res[2] == 0) || (cta_res[2] == 0x7B) || (cta_res[2] == 0x7C)) ? "OK" : "ERROR"));
|
---|
1251 |
|
---|
1252 | if((cta_res[2] == 0x7B) || (cta_res[2] == 0x7C)) // chid already written or chid already up to date
|
---|
1253 | {
|
---|
1254 | return SKIPPED;
|
---|
1255 | }
|
---|
1256 |
|
---|
1257 | if(cta_res[2] == 0x00)
|
---|
1258 | {
|
---|
1259 | return OK;
|
---|
1260 | }
|
---|
1261 | return ERROR; // all other
|
---|
1262 | }
|
---|
1263 | else // non acs57 based cards
|
---|
1264 | {
|
---|
1265 | const int32_t dataLen = SCT_LEN(emm) - 5 - l; // sizeof of emm bytes (nanos)
|
---|
1266 |
|
---|
1267 | if((dataLen < 1) || (dataLen > ((int32_t)sizeof(ep->emm) - 5 - l))
|
---|
1268 | || (dataLen > ((int32_t)sizeof(cta_cmd) - (int32_t)sizeof(sc_EmmCmd) - ADDRLEN)))
|
---|
1269 | {
|
---|
1270 | rdr_log_dbg(reader, D_EMM, "dataLen %d seems wrong, faulty EMM?", dataLen);
|
---|
1271 | return ERROR;
|
---|
1272 | }
|
---|
1273 |
|
---|
1274 | uint8_t *ptr = cta_cmd;
|
---|
1275 | memcpy(ptr, sc_EmmCmd, sizeof(sc_EmmCmd)); // copy card command
|
---|
1276 | ptr[4] = dataLen + ADDRLEN; // set card command emm size
|
---|
1277 | ptr += sizeof(sc_EmmCmd);
|
---|
1278 | emm += 3;
|
---|
1279 | memset(ptr, 0, ADDRLEN); // clear addr range
|
---|
1280 | memcpy(ptr, emm, l); // copy addr bytes
|
---|
1281 | ptr += ADDRLEN;
|
---|
1282 | emm += l;
|
---|
1283 | memcpy(ptr, &emm[2], dataLen); // copy emm bytes]
|
---|
1284 | irdeto_do_cmd(reader, cta_cmd, 0, cta_res, &cta_lr);
|
---|
1285 |
|
---|
1286 | rdr_log_dbg(reader, D_EMM,"response %02X %02X %02X %02X %02X (%s)",
|
---|
1287 | cta_res[0], cta_res[1], cta_res[2], cta_res[3], cta_res[4],
|
---|
1288 | (((cta_res[cta_lr-2] == 0) || (cta_res[cta_lr-2] == 0x7B) || (cta_res[cta_lr-2] == 0x7C)) ? "OK" : "ERROR"));
|
---|
1289 |
|
---|
1290 | if((cta_res[cta_lr-2] == 0x7B) || (cta_res[cta_lr-2] == 0x7C)) // chid already written or chid already up to date
|
---|
1291 | {
|
---|
1292 | return SKIPPED;
|
---|
1293 | }
|
---|
1294 |
|
---|
1295 | if(cta_res[cta_lr-2] == 0x00)
|
---|
1296 | {
|
---|
1297 | return OK;
|
---|
1298 | }
|
---|
1299 |
|
---|
1300 | return ERROR; // all other
|
---|
1301 | }
|
---|
1302 | }
|
---|
1303 | else
|
---|
1304 | {
|
---|
1305 | rdr_log_dbg(reader, D_EMM, "addrlen %d > %d", l, ADDRLEN);
|
---|
1306 | return ERROR;
|
---|
1307 | }
|
---|
1308 | }
|
---|
1309 | else
|
---|
1310 | {
|
---|
1311 | rdr_log_dbg(reader, D_EMM, "EMM skipped since its hexserial or base doesnt match with this card!");
|
---|
1312 | return SKIPPED;
|
---|
1313 | }
|
---|
1314 | }
|
---|
1315 |
|
---|
1316 | static int32_t irdeto_card_info(struct s_reader *reader)
|
---|
1317 | {
|
---|
1318 | def_resp;
|
---|
1319 | int32_t i, p;
|
---|
1320 | struct irdeto_data *csystem_data = reader->csystem_data;
|
---|
1321 |
|
---|
1322 | cs_clear_entitlement(reader); // reset the entitlements
|
---|
1323 |
|
---|
1324 | uint8_t sc_GetChanelIds[] = { 0x02, 0x04, 0x00, 0x00, 0x01, 0x00 };
|
---|
1325 | uint8_t sc_Acs57Code[] = { 0xD2, 0x16, 0x00, 0x00, 0x01 , 0x37 };
|
---|
1326 | uint8_t sc_Acs57Prid[] = { 0xD2, 0x08, 0x00, 0x00, 0x02, 0x00, 0x00 };
|
---|
1327 | uint8_t sc_Acs57_Cmd[] = { ACS57GET, 0xFE, 0x00, 0x00, 0x00 };
|
---|
1328 |
|
---|
1329 | /*
|
---|
1330 | * ContryCode2
|
---|
1331 | */
|
---|
1332 | int32_t acspadd = 0;
|
---|
1333 | if(csystem_data->acs57 == 1)
|
---|
1334 | {
|
---|
1335 | acspadd = 8;
|
---|
1336 | reader_chk_cmd(sc_Acs57Code, 0);
|
---|
1337 | int32_t acslength = cta_res[cta_lr - 1];
|
---|
1338 | sc_Acs57_Cmd[4] = acslength;
|
---|
1339 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
1340 | }
|
---|
1341 | else
|
---|
1342 | {
|
---|
1343 | reader_chk_cmd(sc_GetCountryCode2, 0);
|
---|
1344 | }
|
---|
1345 |
|
---|
1346 | if(((cta_lr > 9) && !(cta_res[cta_lr - 2] | cta_res[cta_lr - 1])) || (csystem_data->acs57 == 1))
|
---|
1347 | {
|
---|
1348 | rdr_log_dbg(reader, D_READER, "max chids: %d, %d, %d, %d",
|
---|
1349 | cta_res[6 + acspadd], cta_res[7 + acspadd], cta_res[8 + acspadd], cta_res[9 + acspadd]);
|
---|
1350 |
|
---|
1351 | /*
|
---|
1352 | * Provider 2
|
---|
1353 | */
|
---|
1354 | for(i = p = 0; i < reader->nprov; i++)
|
---|
1355 | {
|
---|
1356 | int32_t j, k, chid, first = 1;
|
---|
1357 | char t[32];
|
---|
1358 |
|
---|
1359 | if(reader->prid[i][4] != 0xff)
|
---|
1360 | {
|
---|
1361 | p++;
|
---|
1362 | sc_Acs57Prid[3] = i;
|
---|
1363 | sc_GetChanelIds[3] = i; // provider at index i
|
---|
1364 | j = 0;
|
---|
1365 |
|
---|
1366 | // for (j=0; j<10; j++) => why 10 .. do we know for sure the there are only 10 chids !!!
|
---|
1367 | // shouldn't it me the max chid value we read above ?!
|
---|
1368 |
|
---|
1369 | while(1) // will exit if cta_lr < 61 .. which is the correct break condition.
|
---|
1370 | {
|
---|
1371 | if(csystem_data->acs57 == 1)
|
---|
1372 | {
|
---|
1373 | int32_t crc = 63;
|
---|
1374 | sc_Acs57Prid[5] = j;
|
---|
1375 | crc ^= 0x01;
|
---|
1376 | crc ^= 0x02;
|
---|
1377 | crc ^= 0x04;
|
---|
1378 | crc ^= sc_Acs57Prid[2];
|
---|
1379 | crc ^= sc_Acs57Prid[3];
|
---|
1380 | crc ^= (sc_Acs57Prid[4] - 1);
|
---|
1381 | crc ^= sc_Acs57Prid[5];
|
---|
1382 | sc_Acs57Prid[6] = crc;
|
---|
1383 | irdeto_do_cmd(reader, sc_Acs57Prid, 0x903C, cta_res, &cta_lr);
|
---|
1384 | int32_t acslength = cta_res[cta_lr - 1];
|
---|
1385 |
|
---|
1386 | if(acslength == 0x09)
|
---|
1387 | {
|
---|
1388 | break;
|
---|
1389 | }
|
---|
1390 |
|
---|
1391 | sc_Acs57_Cmd[4] = acslength;
|
---|
1392 | reader_chk_cmd(sc_Acs57_Cmd, acslength + 2);
|
---|
1393 |
|
---|
1394 | if(cta_res[10] == 0xFF)
|
---|
1395 | {
|
---|
1396 | break;
|
---|
1397 | }
|
---|
1398 |
|
---|
1399 | cta_res[cta_lr - 3] = 0xff;
|
---|
1400 | cta_res[cta_lr - 2] = 0xff;
|
---|
1401 | cta_res[cta_lr - 1] = 0xff;
|
---|
1402 | acspadd = 8;
|
---|
1403 | }
|
---|
1404 | else
|
---|
1405 | {
|
---|
1406 | sc_GetChanelIds[5] = j; // chid at index j for provider at index i
|
---|
1407 | reader_chk_cmd(sc_GetChanelIds, 0);
|
---|
1408 | }
|
---|
1409 |
|
---|
1410 | // if (cta_lr<61) break; // why 61 (0 to 60 in steps of 6 .. is it 10*6 from the 10 in the for loop ?
|
---|
1411 | // what happen if the card only send back.. 9 chids (or less)... we don't see them
|
---|
1412 | // so we should check whether or not we have at least 6 bytes (1 chid).
|
---|
1413 | if(cta_lr < 6)
|
---|
1414 | {
|
---|
1415 | break;
|
---|
1416 | }
|
---|
1417 |
|
---|
1418 | for(k = 0 + acspadd; k < cta_lr; k += 6)
|
---|
1419 | {
|
---|
1420 | chid = b2i(2, cta_res + k);
|
---|
1421 | if(chid && chid != 0xFFFF)
|
---|
1422 | {
|
---|
1423 | time_t date, start_t, end_t;
|
---|
1424 |
|
---|
1425 | start_t = chid_date(reader, date = b2i(2, cta_res + k + 2), t, 16);
|
---|
1426 | end_t = chid_date(reader, date + cta_res[k + 4], t + 16, 16);
|
---|
1427 |
|
---|
1428 | // todo: add entitlements to list but produces a warning related to date variable
|
---|
1429 | cs_add_entitlement(reader, reader->caid, b2i(3, &reader->prid[i][1]), chid, 0, start_t, end_t, 3, 1);
|
---|
1430 |
|
---|
1431 | if(first)
|
---|
1432 | {
|
---|
1433 | rdr_log(reader, "entitlements for provider: %d, id: %06X", p, b2i(3, &reader->prid[i][1]));
|
---|
1434 | first = 0;
|
---|
1435 | }
|
---|
1436 | rdr_log(reader, "chid: %04X, date: %s - %s", chid, t, t + 16);
|
---|
1437 | }
|
---|
1438 | }
|
---|
1439 | j++;
|
---|
1440 | }
|
---|
1441 | }
|
---|
1442 | }
|
---|
1443 | }
|
---|
1444 | rdr_log(reader, "ready for requests");
|
---|
1445 | return OK;
|
---|
1446 | }
|
---|
1447 |
|
---|
1448 | const struct s_cardsystem reader_irdeto =
|
---|
1449 | {
|
---|
1450 | .desc = "irdeto",
|
---|
1451 | .caids = (uint16_t[]){ 0x06, 0x17, 0 },
|
---|
1452 | .do_emm = irdeto_do_emm,
|
---|
1453 | .do_ecm = irdeto_do_ecm,
|
---|
1454 | .card_info = irdeto_card_info,
|
---|
1455 | .card_init = irdeto_card_init,
|
---|
1456 | .get_emm_type = irdeto_get_emm_type,
|
---|
1457 | .get_emm_filter = irdeto_get_emm_filter,
|
---|
1458 | .get_tunemm_filter = irdeto_get_tunemm_filter,
|
---|
1459 | };
|
---|
1460 |
|
---|
1461 | #endif
|
---|