1 | #include "globals.h"
|
---|
2 | #include "reader-common.h"
|
---|
3 | #include <stdlib.h>
|
---|
4 |
|
---|
5 | extern uchar cta_res[];
|
---|
6 | extern ushort cta_lr;
|
---|
7 |
|
---|
8 | #define write_cmd(cmd, data) \
|
---|
9 | { \
|
---|
10 | if (card_write(cmd, data)) return ERROR; \
|
---|
11 | }
|
---|
12 |
|
---|
13 | #define read_cmd(cmd, data) \
|
---|
14 | { \
|
---|
15 | if (card_write(cmd, NULL)) return ERROR; \
|
---|
16 | }
|
---|
17 |
|
---|
18 | static int set_provider_info(int i)
|
---|
19 | {
|
---|
20 | static uchar ins12[] = { 0xc1, 0x12, 0x00, 0x00, 0x19 }; // get provider info
|
---|
21 | int year, month, day;
|
---|
22 | struct tm *lt;
|
---|
23 | time_t t;
|
---|
24 | int valid=0;//0=false, 1=true
|
---|
25 | char l_name[16+8+1]=", name: ";
|
---|
26 |
|
---|
27 | ins12[2]=i;//select provider
|
---|
28 | read_cmd(ins12, NULL); // show provider properties
|
---|
29 |
|
---|
30 | if ((cta_res[25] != 0x90) || (cta_res[26] != 0x00)) return ERROR;
|
---|
31 | reader[ridx].prid[i][0]=0;
|
---|
32 | reader[ridx].prid[i][1]=0;//blanken high byte provider code
|
---|
33 | memcpy(&reader[ridx].prid[i][2], cta_res, 2);
|
---|
34 |
|
---|
35 | year = (cta_res[22]>>1) + 1990;
|
---|
36 | month = ((cta_res[22]&0x1)<< 3) | (cta_res[23] >>5);
|
---|
37 | day = (cta_res[23]&0x1f);
|
---|
38 | t=time(NULL);
|
---|
39 | lt=localtime(&t);
|
---|
40 | if (lt->tm_year + 1900 != year)
|
---|
41 | valid = (lt->tm_year + 1900 < year);
|
---|
42 | else if (lt->tm_mon + 1 != month)
|
---|
43 | valid = (lt->tm_mon + 1 < month);
|
---|
44 | else if (lt->tm_mday != day)
|
---|
45 | valid = (lt->tm_mday < day);
|
---|
46 |
|
---|
47 | memcpy(l_name+8, cta_res+2, 16);
|
---|
48 | l_name[sizeof(l_name)-1]=0;
|
---|
49 | trim(l_name+8);
|
---|
50 | l_name[0]=(l_name[8]) ? ',' : 0;
|
---|
51 | reader[ridx].availkeys[i][0]=valid; //misusing availkeys to register validity of provider
|
---|
52 | cs_ri_log("[seca-reader] provider: %d, valid: %i%s, expiry date: %4d/%02d/%02d",
|
---|
53 | i+1, valid,l_name, year, month, day);
|
---|
54 | memcpy(&reader[ridx].sa[i][0], cta_res+18, 4);
|
---|
55 | if (valid==1) //if not expired
|
---|
56 | cs_ri_log("[seca-reader] SA: %s", cs_hexdump(0, cta_res+18, 4));
|
---|
57 | return OK;
|
---|
58 | }
|
---|
59 |
|
---|
60 | int seca_card_init(ATR newatr)
|
---|
61 | {
|
---|
62 | get_atr;
|
---|
63 | char *card;
|
---|
64 | static unsigned short pmap=0; // provider-maptable
|
---|
65 | unsigned long long serial ;
|
---|
66 | uchar buf[256];
|
---|
67 | static uchar ins0e[] = { 0xc1, 0x0e, 0x00, 0x00, 0x08 }; // get serial number (UA)
|
---|
68 | static uchar ins16[] = { 0xc1, 0x16, 0x00, 0x00, 0x07 }; // get nr. of prividers
|
---|
69 | int i;
|
---|
70 |
|
---|
71 | // Unlock parental control
|
---|
72 | // c1 30 00 01 09
|
---|
73 | // 00 00 00 00 00 00 00 00 ff
|
---|
74 | static uchar ins30[] = { 0xc1, 0x30, 0x00, 0x01, 0x09 };
|
---|
75 | static uchar ins30data[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff };
|
---|
76 |
|
---|
77 | buf[0]=0x00;
|
---|
78 | if ((atr[10]!=0x0e) || (atr[11]!=0x6c) || (atr[12]!=0xb6) || (atr[13]!=0xd6)) return ERROR;
|
---|
79 | switch(atr[7]<<8|atr[8])
|
---|
80 | {
|
---|
81 | case 0x5084: card="Generic"; break;
|
---|
82 | case 0x5384: card="Philips"; break;
|
---|
83 | case 0x5130:
|
---|
84 | case 0x5430:
|
---|
85 | case 0x5760: card="Thompson"; break;
|
---|
86 | case 0x5284:
|
---|
87 | case 0x5842:
|
---|
88 | case 0x6060: card="Siemens"; break;
|
---|
89 | case 0x7070: card="Canal+ NL"; break;
|
---|
90 | default: card="Unknown"; break;
|
---|
91 | }
|
---|
92 | reader[ridx].caid[0]=0x0100;
|
---|
93 | memset(reader[ridx].prid, 0xff, sizeof(reader[ridx].prid));
|
---|
94 | read_cmd(ins0e, NULL); // read unique id
|
---|
95 | memcpy(reader[ridx].hexserial, cta_res+2, 6);
|
---|
96 | serial = b2ll(5, cta_res+3) ;
|
---|
97 | cs_ri_log("type: SECA, caid: %04X, serial: %llu, card: %s v%d.%d",
|
---|
98 | reader[ridx].caid[0], serial, card, atr[9]&0x0F, atr[9]>>4);
|
---|
99 | read_cmd(ins16, NULL); // read nr of providers
|
---|
100 | pmap=cta_res[2]<<8|cta_res[3];
|
---|
101 | for (reader[ridx].nprov=0, i=pmap; i; i>>=1)
|
---|
102 | reader[ridx].nprov+=i&1;
|
---|
103 |
|
---|
104 | for (i=0; i<16; i++)
|
---|
105 | if (pmap&(1<<i))
|
---|
106 | {
|
---|
107 | if (set_provider_info(i) == ERROR)
|
---|
108 | return ERROR;
|
---|
109 | else
|
---|
110 | sprintf((char *) buf+strlen((char *)buf), ",%04lX", b2i(2, &reader[ridx].prid[i][2]));
|
---|
111 | }
|
---|
112 |
|
---|
113 | cs_ri_log("providers: %d (%s)", reader[ridx].nprov, buf+1);
|
---|
114 | // Unlock parental control
|
---|
115 | if( cfg->ulparent != 0 ){
|
---|
116 | write_cmd(ins30, ins30data);
|
---|
117 | cs_ri_log("[seca-reader] ins30_answer: %02x%02x",cta_res[0], cta_res[1]);
|
---|
118 | }else {
|
---|
119 | cs_ri_log("[seca-reader] parental locked");
|
---|
120 | }
|
---|
121 | cs_log("[seca-reader] ready for requests");
|
---|
122 | return OK;
|
---|
123 | }
|
---|
124 |
|
---|
125 | static int get_prov_index(struct s_reader * rdr, char *provid) //returns provider id or -1 if not found
|
---|
126 | {
|
---|
127 | int prov;
|
---|
128 | for (prov=0; prov<rdr->nprov; prov++) //search for provider index
|
---|
129 | if (!memcmp(provid, &rdr->prid[prov][2], 2))
|
---|
130 | return(prov);
|
---|
131 | return(-1);
|
---|
132 | }
|
---|
133 |
|
---|
134 |
|
---|
135 | int seca_do_ecm(ECM_REQUEST *er)
|
---|
136 | {
|
---|
137 | unsigned char ins3c[] = { 0xc1,0x3c,0x00,0x00,0x00 }; // coding cw
|
---|
138 | unsigned char ins3a[] = { 0xc1,0x3a,0x00,0x00,0x10 }; // decoding cw
|
---|
139 | int i;
|
---|
140 | i=get_prov_index(&reader[ridx], (char *) er->ecm+3);
|
---|
141 | if ((i == -1) || (reader[ridx].availkeys[i][0] == 0)) //if provider not found or expired
|
---|
142 | return ERROR;
|
---|
143 | ins3c[2]=i;
|
---|
144 | ins3c[3]=er->ecm[7]; //key nr
|
---|
145 | ins3c[4]=(((er->ecm[1]&0x0f) << 8) | er->ecm[2])-0x05;
|
---|
146 | write_cmd(ins3c, er->ecm+8); //ecm request
|
---|
147 | unsigned char ins30[] = { 0xC1, 0x30, 0x00, 0x02, 0x09 };
|
---|
148 | unsigned char ins30data[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF };
|
---|
149 | /* We need to use a token */
|
---|
150 | if (cta_res[0] == 0x90 && cta_res[1] == 0x1a) {
|
---|
151 | write_cmd(ins30, ins30data);
|
---|
152 | write_cmd(ins3c, er->ecm+8); //ecm request
|
---|
153 | }
|
---|
154 | if ((cta_res[0] != 0x90) || (cta_res[1] != 0x00)) return ERROR;
|
---|
155 | read_cmd(ins3a, NULL); //get cw's
|
---|
156 | if ((cta_res[16] != 0x90) || (cta_res[17] != 0x00)) return ERROR;//exit if response is not 90 00 //TODO: if response is 9027 ppv mode is possible!
|
---|
157 | memcpy(er->cw,cta_res,16);
|
---|
158 | return OK;
|
---|
159 | }
|
---|
160 |
|
---|
161 | int seca_get_emm_type(EMM_PACKET *ep, struct s_reader * rdr) //returns TRUE if shared emm matches SA, unique emm matches serial, or global or unknown
|
---|
162 | {
|
---|
163 | cs_debug_mask(D_EMM, "Entered seca_get_emm_type ep->emm[0]=%i",ep->emm[0]);
|
---|
164 | int i;
|
---|
165 | switch (ep->emm[0]) {
|
---|
166 | case 0x82:
|
---|
167 | ep->type = UNIQUE;
|
---|
168 | memset(ep->hexserial,0,8);
|
---|
169 | memcpy(ep->hexserial, ep->emm + 3, 6);
|
---|
170 | cs_debug_mask(D_EMM, "SECA EMM: UNIQUE, ep->hexserial = %s", cs_hexdump(1, ep->hexserial, 6));
|
---|
171 | cs_debug_mask(D_EMM, "SECA EMM: UNIQUE, rdr->hexserial = %s", cs_hexdump(1, rdr->hexserial, 6));
|
---|
172 | return (!memcmp (rdr->hexserial, ep->hexserial, 6));
|
---|
173 | case 0x84:
|
---|
174 | ep->type = SHARED;
|
---|
175 | memset(ep->hexserial,0,8);
|
---|
176 | memcpy(ep->hexserial, ep->emm + 5, 3); //dont include custom byte; this way the network also knows SA
|
---|
177 | i=get_prov_index(rdr, (char *) ep->emm+3);
|
---|
178 | cs_debug_mask(D_EMM, "SECA EMM: SHARED, ep->hexserial = %s", cs_hexdump(1, ep->hexserial, 3));
|
---|
179 | if (i== -1) //provider not found on this card
|
---|
180 | return FALSE; //do not pass this EMM
|
---|
181 | cs_debug_mask(D_EMM, "SECA EMM: SHARED, rdr->sa[%i] = %s", i, cs_hexdump(1, rdr->sa[i], 3));
|
---|
182 | return (!memcmp (rdr->sa[i], ep->hexserial, 3));
|
---|
183 | default:
|
---|
184 | ep->type = UNKNOWN;
|
---|
185 | return TRUE;
|
---|
186 | }
|
---|
187 | }
|
---|
188 |
|
---|
189 | int seca_do_emm(EMM_PACKET *ep)
|
---|
190 | {
|
---|
191 | unsigned char ins40[] = { 0xc1,0x40,0x00,0x00,0x00 };
|
---|
192 | int i,ins40data_offset;
|
---|
193 | int emm_length = ((ep->emm[1] & 0x0f) << 8) + ep->emm[2];
|
---|
194 |
|
---|
195 | cs_ddump_mask (D_EMM, ep->emm, emm_length + 3, "EMM:");
|
---|
196 | switch (ep->type) {
|
---|
197 | case SHARED:
|
---|
198 | ins40[3]=ep->emm[9];
|
---|
199 | ins40[4]= emm_length - 0x07;
|
---|
200 | ins40data_offset = 10;
|
---|
201 | break;
|
---|
202 | case UNIQUE:
|
---|
203 | ins40[3]=ep->emm[12];
|
---|
204 | ins40[4]= emm_length - 0x0A;
|
---|
205 | ins40data_offset = 13;
|
---|
206 | break;
|
---|
207 | case 0x83: //new unknown EMM
|
---|
208 | /*
|
---|
209 | EMM:
|
---|
210 | tp len shared-- cust
|
---|
211 | 83 00 74 00 00 00 00 00 38 84C745CB7BFADA4E08F5FB8D0B6A26FA533682D83E6E594F778585F55F4784EF70495B3458C104D3D3F55FEA0F3BD47EC29265E8B2AAC83EBAA396A3890EA87154F41ED16DA6AB46C28E8935B55E4EFAB8215792A1BF61657BDEFAD02050E27F21E62AE29519F4815AB062340B7 */
|
---|
212 | case 0x88: //GA???
|
---|
213 | case 0x89: //GA???
|
---|
214 | default:
|
---|
215 | cs_log("[seca-reader] EMM: Congratulations, you have discovered a new EMM on SECA. This has not been decoded yet, so send this output to authors:");
|
---|
216 | cs_dump (ep->emm, emm_length + 3, "EMM:");
|
---|
217 | return ERROR; //unknown, no update
|
---|
218 | } //end of switch
|
---|
219 |
|
---|
220 | i=get_prov_index(&reader[ridx], (char *) ep->emm+9);
|
---|
221 | if (i==-1)
|
---|
222 | return ERROR;
|
---|
223 | ins40[2]=i;
|
---|
224 | write_cmd(ins40, ep->emm + ins40data_offset); //emm request
|
---|
225 | if (cta_res[0] == 0x97) {
|
---|
226 | cs_log("[seca-reader] EMM: Update not necessary.");
|
---|
227 | return OK; //Update not necessary
|
---|
228 | }
|
---|
229 | if ((cta_res[0] == 0x90) && ((cta_res[1] == 0x00) || (cta_res[1] == 0x19)))
|
---|
230 | if (set_provider_info(i) == OK) //after successfull EMM, print new provider info
|
---|
231 | return OK;
|
---|
232 | return ERROR;
|
---|
233 | }
|
---|
234 |
|
---|
235 | int seca_card_info (void)
|
---|
236 | {
|
---|
237 | //SECA Package BitMap records (PBM) can be used to determine whether the channel is part of the package that the SECA card can decrypt. This module reads the PBM
|
---|
238 | //from the SECA card. It cannot be used to check the channel, because this information seems to reside in the CA-descriptor, which seems not to be passed on through servers like camd, newcamd, radegast etc.
|
---|
239 | //
|
---|
240 | //This module is therefore optical only
|
---|
241 |
|
---|
242 | static unsigned char ins34[] = { 0xc1, 0x34, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00 }; //data following is provider Package Bitmap Records
|
---|
243 | static unsigned char ins32[] = { 0xc1, 0x32, 0x00, 0x00, 0x20 }; // get PBM
|
---|
244 | int prov;
|
---|
245 |
|
---|
246 | for (prov = 0; prov < reader[ridx].nprov; prov++) {
|
---|
247 | ins32[2] = prov;
|
---|
248 | write_cmd (ins34, ins34 + 5); //prepare card for pbm request
|
---|
249 | read_cmd(ins32, NULL); //pbm request
|
---|
250 | uchar pbm[8]; //TODO should be arrayed per prov
|
---|
251 | switch (cta_res[0]) {
|
---|
252 | case 0x04:
|
---|
253 | cs_ri_log ("[seca-reader] no PBM for provider %i", prov + 1);
|
---|
254 | break;
|
---|
255 | case 0x83:
|
---|
256 | memcpy (pbm, cta_res + 1, 8);
|
---|
257 | cs_ri_log ("[seca-reader] PBM for provider %i: %s", prov + 1, cs_hexdump (0, pbm, 8));
|
---|
258 | break;
|
---|
259 | default:
|
---|
260 | cs_log ("[seca-reader] ERROR: PBM returns unknown byte %02x", cta_res[0]);
|
---|
261 | }
|
---|
262 | }
|
---|
263 | return OK;
|
---|
264 | }
|
---|
265 |
|
---|