source: trunk/reader-seca.c@ 8

Last change on this file since 8 was 8, checked in by smurzch2, 12 years ago

Start repository for OSCam (Open Source Cam)

The start is from the MpCS source code. Thanks a lot to the authors for this
great sources.

File size: 11.8 KB
Line 
1#include "globals.h"
2#include "reader-common.h"
3
4extern uchar cta_cmd[], cta_res[];
5extern ushort cta_lr;
6static unsigned short pmap=0; // provider-maptable
7
8#define CMD_LEN 5
9
10static int card_write(uchar *cmd, uchar *data, int wflag)
11{
12 int l;
13 uchar buf[256];
14 memcpy(buf, cmd, CMD_LEN);
15 l=wflag ? cmd[4] : 0;
16 if (l && data) memcpy(buf+CMD_LEN, data, l);
17 l=reader_cmd2icc(buf, CMD_LEN+l);
18 return(l);
19}
20
21#define write_cmd(cmd, data) \
22{ \
23 if (card_write(cmd, data, 1)) return(0); \
24}
25
26#define read_cmd(cmd, data) \
27{ \
28 if (card_write(cmd, data, 0)) return(0); \
29}
30
31int set_provider_info(int i)
32{
33 static uchar ins12[] = { 0xc1, 0x12, 0x00, 0x00, 0x19 }; // get provider info
34 int year, month, day;
35 struct tm *lt;
36 time_t t;
37 int valid=0;//0=false, 1=true
38 char l_name[16+8+1]=", name: ";
39
40 ins12[2]=i;//select provider
41 read_cmd(ins12, NULL); // show provider properties
42 cs_debug("hexdump:%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x.",cta_res[0],cta_res[1],cta_res[2],cta_res[3],cta_res[4],cta_res[5],cta_res[6],cta_res[7],cta_res[8],cta_res[9],cta_res[10],cta_res[11],cta_res[12],cta_res[13],cta_res[14],cta_res[15],cta_res[16],cta_res[17],cta_res[18],cta_res[19],cta_res[20],cta_res[21],cta_res[22],cta_res[23],cta_res[24],cta_res[25],cta_res[26]);
43
44 if ((cta_res[25] != 0x90) || (cta_res[26] != 0x00)) return (0);
45 reader[ridx].prid[i][0]=0;
46 reader[ridx].prid[i][1]=0;//blanken high byte provider code
47 memcpy(&reader[ridx].prid[i][2], cta_res, 2);
48// sprintf(buf+strlen(buf), ",%06X", b2i(3, &reader[ridx].prid[i][1]));
49
50 year = (cta_res[22]>>1) + 1990;
51 month = ((cta_res[22]&0x1)*256 + (cta_res[23]&0xe0))>>5;
52 day = (cta_res[23]&0x1f);
53 t=time(NULL);
54 lt=localtime(&t);
55 if (lt->tm_year+1900 != year)
56 if (lt->tm_year+1900 < year)
57 valid=1;
58 else
59 valid=0;
60 else
61 if (lt->tm_mon+1 != month)
62 if (lt->tm_mon+1 < month)
63 valid=1;
64 else
65 valid=0;
66 else
67 if (lt->tm_mday != day)
68 if (lt->tm_mday < day)
69 valid=1;
70 else
71 valid=0;
72 memcpy(l_name+8, cta_res+2, 16);
73 l_name[sizeof(l_name)]=0;
74 trim(l_name+8);
75 l_name[0]=(l_name[8]) ? ',' : 0;
76 reader[ridx].availkeys[i][0]=valid; //misusing availkeys to register validity of provider
77 cs_log("provider: %d, valid: %i, expiry date:%4d/%02d/%02d%s",
78 i+1, valid, year, month, day, l_name);
79 memcpy(&reader[ridx].sa[i][0], cta_res+18, 4);
80 if (valid==1) //if not expired
81 cs_log("SA: %s", cs_hexdump(0, cta_res+18, 4));
82// cs_log("SA:%02X%02X%02X%02X.",cta_res[18],cta_res[19],cta_res[20],cta_res[21]);
83 return(1);
84}
85
86int seca_card_init(uchar *atr, int atrsize)
87{
88 uchar buf[256];
89 char *card;
90 static uchar ins0e[] = { 0xc1, 0x0e, 0x00, 0x00, 0x08 }; // get serial number (UA)
91 static uchar ins16[] = { 0xc1, 0x16, 0x00, 0x00, 0x07 }; // get nr. of prividers
92 int i;
93
94 buf[0]=0x00;
95 if ((atr[10]!=0x0e) || (atr[11]!=0x6c) || (atr[12]!=0xb6) || (atr[13]!=0xd6)) return(0);
96 switch(atr[7]<<8|atr[8])
97 {
98 case 0x5084: card="Generic"; break;
99 case 0x5384: card="Philips"; break;
100 case 0x5130:
101 case 0x5430:
102 case 0x5760: card="Thompson"; break;
103 case 0x5284:
104 case 0x5842:
105 case 0x6060: card="Siemens"; break;
106 case 0x7070: card="Canal+ NL"; break;
107 default: card="Unknown"; break;
108 }
109 reader[ridx].caid[0]=0x0100;
110 memset(reader[ridx].prid, 0xff, sizeof(reader[ridx].prid));
111 read_cmd(ins0e, NULL); // read unique id
112 memcpy(reader[ridx].hexserial, cta_res+2, 6);
113 cs_ri_log("type: seca, caid: %04X, serial: %llu, card: %s v%d.%d",
114 reader[ridx].caid[0], b2ll(5, cta_res+3), card, atr[9]&0x0F, atr[9]>>4);
115 read_cmd(ins16, NULL); // read nr of providers
116 pmap=cta_res[2]<<8|cta_res[3];
117 for (reader[ridx].nprov=0, i=pmap; i; i>>=1)
118 reader[ridx].nprov+=i&1;
119// i=cta_res[2]*256+cta_res[3];
120// do { n+=i&1; i>>=1; } while(i);
121// reader[ridx].nprov=n;
122
123 for (i=0; i<16; i++)
124 if (pmap&(1<<i))
125 {
126 if (!set_provider_info(i))
127 return(0);
128 else
129 sprintf(buf+strlen(buf), ",%04X", b2i(2, &reader[ridx].prid[i][2]));
130 }
131
132 cs_ri_log("providers: %d (%s)", reader[ridx].nprov, buf+1);
133 cs_log("ready for requests");
134 return(1);
135}
136
137// static int get_prov_index (uchar providhigh, uchar providlow)//returns provider id or -1 if not found
138static int get_prov_index(char *provid) //returns provider id or -1 if not found
139{
140 int prov;
141 for (prov=0; prov<reader[ridx].nprov; prov++) //search for provider index
142 if (!memcmp(provid, &reader[ridx].prid[prov][2], 2))
143 return(prov);
144// for (prov=0; prov<reader[ridx].nprov; prov++) //search for provider index
145// if ( (providhigh == reader[ridx].prid[prov][2]) &&
146// (providlow == reader[ridx].prid[prov][3]) )
147// {
148// return(prov);
149// }
150 return(-1);
151}
152
153
154int seca_do_ecm(ECM_REQUEST *er)
155{
156 static unsigned char ins3c[] = { 0xc1,0x3c,0x00,0x00,0x00 }; // coding cw
157 static unsigned char ins3a[] = { 0xc1,0x3a,0x00,0x00,0x10 }; // decoding cw
158 uchar ins3cdata[256];
159 int i;
160
161// i=get_prov_index(er->ecm[3],er->ecm[4]);
162 i=get_prov_index(er->ecm+3);
163 if ((i == -1) || (reader[ridx].availkeys[i][0] == 0)) //if provider not found or expired
164 return (0);
165 ins3c[2]=i;
166 ins3c[3]=er->ecm[7]; //key nr
167 ins3c[4]=(((er->ecm[1]&0x0f)*256)+er->ecm[2])-0x05;
168
169 memcpy(ins3cdata,er->ecm+8,256-8);
170 cs_debug("do_ecm:ins3c=%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x.",ins3c[0],ins3c[1],ins3c[2],ins3c[3],ins3c[4],ins3cdata[0],ins3cdata[1],ins3cdata[2],ins3cdata[3],ins3cdata[4],ins3cdata[5],ins3cdata[6],ins3cdata[7],ins3cdata[8],ins3cdata[9]);
171 write_cmd(ins3c, ins3cdata); //ecm request
172 if ((cta_res[0] != 0x90) || (cta_res[1] != 0x00)) return (0);
173 read_cmd(ins3a, NULL); //get cw's
174 cs_debug("cwdump:%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x.",cta_res[0],cta_res[1],cta_res[2],cta_res[3],cta_res[4],cta_res[5],cta_res[6],cta_res[7],cta_res[8],cta_res[9],cta_res[10],cta_res[11],cta_res[12],cta_res[13],cta_res[14],cta_res[15],cta_res[16],cta_res[17]);
175 if ((cta_res[16] != 0x90) || (cta_res[17] != 0x00)) return (0);//exit if response is not 90 00 //TODO: if response is 9027 ppv mode is possible!
176 memcpy(er->cw,cta_res,16);
177 return(1);
178
179}
180
181int seca_do_emm(EMM_PACKET *ep)
182{
183 static unsigned char ins40[] = { 0xc1,0x40,0x00,0x00,0x00 };
184 uchar ins40data[256];
185 int i;
186 cs_debug("EMM:%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x.",ep->emm[0],ep->emm[1],ep->emm[2],ep->emm[3],ep->emm[4],ep->emm[5],ep->emm[6],ep->emm[7],ep->emm[8],ep->emm[9],ep->emm[10],ep->emm[11],ep->emm[12],ep->emm[13],ep->emm[14],ep->emm[15],ep->emm[16],ep->emm[17],ep->emm[18],ep->emm[19],ep->emm[20],ep->emm[21],ep->emm[22],ep->emm[23],ep->emm[24],ep->emm[25],ep->emm[26]);
187 if (ep->emm[0] == 0x84) { //shared EMM
188 //to test if SA matches
189 //first find out prov id
190// i=get_prov_index(ep->emm[3],ep->emm[4]);
191 i=get_prov_index(ep->emm+3);
192 if (i == -1)
193 return(0);
194 else //prov id found, now test for SA (only first 3 bytes, custom byte does not count)
195 if ((ep->emm[5] != reader[ridx].sa[i][0]) ||
196 (ep->emm[6] != reader[ridx].sa[i][1]) ||
197 (ep->emm[7] != reader[ridx].sa[i][2])) {
198 cs_log("EMM: Shared update did not match; EMM SA:%02X%02X%02X, Reader SA:%02X,%02X,%02X.",ep->emm[5],ep->emm[6],ep->emm[7],reader[ridx].sa[i][0],reader[ridx].sa[i][1],reader[ridx].sa[i][2]);
199 return(0);
200 }
201 else {
202 cs_log("EMM: Shared update matched for EMM SA %02X%02X%02X.",ep->emm[5],ep->emm[6],ep->emm[7]);
203 ins40[3]=ep->emm[9];
204 ins40[4]=(ep->emm[1]&0x0f)*256+ep->emm[2]-0x07;
205 memcpy(ins40data,ep->emm+10,256-10);
206 }
207
208 }//end shared EMM
209 else
210 if (ep->emm[0] == 0x82) { //unique EMM
211 //first test if UA matches
212 if ((reader[ridx].hexserial[0] != ep->emm[3]) ||
213 (reader[ridx].hexserial[1] != ep->emm[4]) ||
214 (reader[ridx].hexserial[2] != ep->emm[5]) ||
215 (reader[ridx].hexserial[3] != ep->emm[6]) ||
216 (reader[ridx].hexserial[4] != ep->emm[7]) ||
217 (reader[ridx].hexserial[5] != ep->emm[8])) {
218 cs_log("EMM: Unique update did not match; EMM Serial:%02X%02X%02X%02X, Reader Serial:%02X%02X%02X%02X.",ep->emm[4], ep->emm[5], ep->emm[6], ep->emm[7], ep->emm[8], reader[ridx].hexserial[1], reader[ridx].hexserial[2], reader[ridx].hexserial[3], reader[ridx].hexserial[4], reader[ridx].hexserial[5]);
219 return(0);
220 }
221 else {
222 cs_log("EMM: Unique update matched EMM Serial:%02X%02X%02X%02X.",ep->emm[4], ep->emm[5], ep->emm[6], ep->emm[7], ep->emm[8]);
223 //first find out prov id
224// i=get_prov_index(ep->emm[9],ep->emm[10]);
225 i=get_prov_index(ep->emm+9);
226 if (i==-1)
227 return(0);
228 ins40[3]=ep->emm[12];
229 ins40[4]=(ep->emm[1]&0x0f)*256+ep->emm[2]-0x0A;
230 memcpy(ins40data,ep->emm+13,256-13);
231 }
232 } //end unique EMM
233 else
234 return(0); //geen 0x84 en geen 0x82
235
236 ins40[2]=i;
237// length = ((er->ecm[1]<<8 || er->ecm[2])&0x0fff);
238 cs_debug("do_emm:ins40=%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x.",ins40[0],ins40[1],ins40[2],ins40[3],ins40[4],ins40data[0],ins40data[1],ins40data[2],ins40data[3],ins40data[4],ins40data[5],ins40data[6],ins40data[7],ins40data[8],ins40data[9]);
239 write_cmd(ins40, ins40data); //emm request
240 cs_debug("emmdump:%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x.",cta_res[0],cta_res[1],cta_res[2],cta_res[3],cta_res[4],cta_res[5],cta_res[6],cta_res[7],cta_res[8],cta_res[9],cta_res[10],cta_res[11],cta_res[12],cta_res[13],cta_res[14],cta_res[15],cta_res[16],cta_res[17]);
241//TODO if ((cta_res[16] != 0x90) || (cta_res[17] != 0x00)) return (0);
242// if ((cta_res[16] != 0x90) || (cta_res[17] != 0x19))
243// seca_card_init(); //if return code = 90 19 then PPUA changed. //untested!!
244// else
245 if (cta_res[0] == 0x97) {
246 cs_log("EMM: Update not necessary.");
247 return(1); //Update not necessary
248 }
249 if ((cta_res[0] == 0x90) && ((cta_res[1] == 0x00) || (cta_res[1] == 0x19)))
250 if (set_provider_info(i) != 0) //after successfull EMM, print new provider info
251 return(1);
252 return(0);
253
254}
255#ifdef LALL
256int seca_card_info(void)
257{
258 static uchar ins12[] = { 0xc1, 0x12, 0x00, 0x00, 0x19 }; // get provider info
259 int year, month, day;
260 struct tm *lt;
261 time_t t;
262 int valid=0;//0=false, 1=true
263 char l_name[16+8+1]=", name: ";
264
265 ins12[2]=i;//select provider
266 read_cmd(ins12, NULL); // show provider properties
267 cs_debug("hexdump:%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x,%x.",cta_res[0],cta_res[1],cta_res[2],cta_res[3],cta_res[4],cta_res[5],cta_res[6],cta_res[7],cta_res[8],cta_res[9],cta_res[10],cta_res[11],cta_res[12],cta_res[13],cta_res[14],cta_res[15],cta_res[16],cta_res[17],cta_res[18],cta_res[19],cta_res[20],cta_res[21],cta_res[22],cta_res[23],cta_res[24],cta_res[25],cta_res[26]);
268
269 if ((cta_res[25] != 0x90) || (cta_res[26] != 0x00)) return (0);
270 reader[ridx].prid[i][0]=0;
271 reader[ridx].prid[i][1]=0;//blanken high byte provider code
272 memcpy(&reader[ridx].prid[i][2], cta_res, 2);
273// sprintf(buf+strlen(buf), ",%06X", b2i(3, &reader[ridx].prid[i][1]));
274
275 year = (cta_res[22]>>1) + 1990;
276 month = ((cta_res[22]&0x1)*256 + (cta_res[23]&0xe0))>>5;
277 day = (cta_res[23]&0x1f);
278 t=time(NULL);
279 lt=localtime(&t);
280 if (lt->tm_year+1900 != year)
281 if (lt->tm_year+1900 < year)
282 valid=1;
283 else
284 valid=0;
285 else
286 if (lt->tm_mon+1 != month)
287 if (lt->tm_mon+1 < month)
288 valid=1;
289 else
290 valid=0;
291 else
292 if (lt->tm_mday != day)
293 if (lt->tm_mday < day)
294 valid=1;
295 else
296 valid=0;
297 memcpy(l_name+8, cta_res+2, 16);
298 l_name[sizeof(l_name)]=0;
299 trim(l_name+8);
300 l_name[0]=(l_name[8]) ? ',' : 0;
301 reader[ridx].availkeys[i][0]=valid; //misusing availkeys to register validity of provider
302 cs_log("provider: %d, valid: %i, expiry date:%i/%i/%i%s",i+1,valid,year,month,day,l_name);
303 memcpy(&reader[ridx].sa[i][0], cta_res+18, 4);
304 if (valid==1) //if not expired
305 cs_log("SA:%02X%02X%02X%02X.",cta_res[18],cta_res[19],cta_res[20],cta_res[21]);
306 return(1);
307}
308#endif
Note: See TracBrowser for help on using the repository browser.