Changeset 1049

Timestamp:

01/03/10 17:33:54 (13 years ago)

Author:

rorothetroll

Message:

resync with trunk

Location:

branches/smartreader

Files:

• csctapi/protocol_t1.c (modified) (1 diff)
• module-newcamd.c (modified) (3 diffs)
• oscam-config.c (modified) (3 diffs)
• reader-nagra.c (modified) (12 diffs)

branches/smartreader/csctapi/protocol_t1.c

@@ -177 +177 @@
   int ret;
   bool more;
+  if (APDU_Cmd_Ins(cmd) == T1_BLOCK_S_IFS_REQ)
+    {
+      BYTE inf = APDU_Cmd_P2(cmd);
+
+      /* Create an IFS request S-Block */
+      block = T1_Block_NewSBlock (T1_BLOCK_S_IFS_REQ, 1, &inf);
+
+#ifdef DEBUG_PROTOCOL
+      printf ("Protocol: Sending block S(IFS request, %d)\n", inf);
+#endif
+      /* Send IFSD request */
+      ret = Protocol_T1_SendBlock (t1, block);
+
+      /* Delete block */
+      T1_Block_Delete (block);
+
+      /* Receive a block */
+      ret = Protocol_T1_ReceiveBlock (t1, &block);
+
+      if (ret == PROTOCOL_T1_OK)
+        {
+          rsp_type = T1_Block_GetType (block);
+
+          /* Positive IFS Response S-Block received */
+          if (rsp_type == T1_BLOCK_S_IFS_RES)
+            {
+              /* Update IFSD value */
+              inf = (*T1_Block_GetInf (block));
+              t1->ifsd = inf;
+#ifdef DEBUG_PROTOCOL
+              printf ("Protocol: Received block S(IFS response, %d)\n", inf);
+#endif
+            }
+        }
+
+      return ret;
+    }
 
   /* Calculate the number of bytes to send */

branches/smartreader/module-newcamd.c

@@ -64 +64 @@
         break;
     case COMMTYPE_SERVER:
-      if( *netMsgId == 0xFFFE ) *netMsgId = 0; // ��� 0xFFFF ?
+      if( *netMsgId == 0xFFFE ) *netMsgId = 0; // ??? 0xFFFF ?
       break;
     }
@@ -715 +715 @@
             {
             if (cfg->ncd_ptab.ports[client[cs_idx].port_idx].ftab.filts[0].caid != reader[au].caid[0]
-                &&  cfg->ncd_ptab.ports[client[cs_idx].port_idx].ftab.filts[0].caid != reader[au].ftab.filts[0].caid) 
+                &&  cfg->ncd_ptab.ports[client[cs_idx].port_idx].ftab.filts[0].caid != reader[au].ftab.filts[0].caid)
                 {
                 cs_log("AU wont be used on this port -> disable AU");
@@ -851 +851 @@
                     mbuf[12] = reader[au].hexserial[3];
                     mbuf[13] = reader[au].hexserial[4];
+                    }
+                else if ((pufilt->caid >> 8) == 0x18) 
+                    {
+                    mbuf[8] = 0x00;
+                    mbuf[9] = 0x00;
+                    mbuf[10] = reader[au].hexserial[0];
+                    mbuf[11] = reader[au].hexserial[1];
+                    mbuf[12] = reader[au].hexserial[2];
+                    mbuf[13] = reader[au].hexserial[3];
                     }
                 else

branches/smartreader/oscam-config.c

@@ -68 +68 @@
 #endif
 
-static void chk_iprange(char *value, struct s_ip **base)
-{
-  //int i;
+void chk_iprange(char *value, struct s_ip **base)
+{
+  int i = 0;
   char *ptr1, *ptr2;
   struct s_ip *lip, *cip;
@@ -89 +89 @@
   for (ptr1=strtok(value, ","); ptr1; ptr1=strtok(NULL, ","))
   {
+    if (i == 0) ++i;
+    else {
+        if (!(cip=malloc(sizeof(struct s_ip)))){
+            fprintf(stderr, "Error allocating memory (errno=%d)\n", errno);
+            exit(1);
+        }
+        lip->next = cip;
+        memset(cip, 0, sizeof(struct s_ip));
+    }
     if( (ptr2=strchr(trim(ptr1), '-')) )
     {
@@ -97 +106 @@
     else
       cip->ip[0]=cip->ip[1]=cs_inet_addr(ptr1);
+    lip = cip;
   }
 }

branches/smartreader/reader-nagra.c

@@ -4 +4 @@
 #include <termios.h>
 #include <unistd.h>
-#ifdef OS_LINUX
-#include <linux/serial.h>
-#endif
 
 IDEA_KEY_SCHEDULE ksSession;
@@ -91 +88 @@
             return 0;
         }
-        if (is_pure_nagra==1) msg[4]+=1;
-        if (is_tiger)
+        if (is_pure_nagra==1)
         {
-            msg[4]--;
-            msg[6]--;
+            msg[4]+=1;
         }
         if(!reader_cmd2icc(msg,msglen))
     {
-        cs_sleepms(10);
+        cs_sleepms(20);
         if(cta_res[0]!=res) 
             {
@@ -128 +123 @@
     cs_debug("[nagra-reader] IFS cmd: %s", cs_hexdump (1, buf, 5));
     ret = reader_cmd2api(buf, 5);
-    cs_debug("[nagra-reader] IFS response: %s", cs_hexdump (1, cta_res, cta_lr));
-    if ((cta_lr!=5) || (ret!=OK)) 
+    if (ret < 0)
     {
             cs_debug("[nagra-reader] setting IFS to %02x failed", size);
@@ -190 +184 @@
 {
     do_cmd(0xC8,0x02,0xB8,0x06,NULL);
-    
-    /*
-    [sci0] <- 21 00 08 a0 ca 00 00 02 c8 00 06 8f 
-    [sci0] -> 12 00 08 
-    [sci0] -> b8 04 19 90 7b f4 90 00 
-    */
 }
 
@@ -213 +201 @@
         memcpy(camid,reader[ridx].hexserial,4);
     }
+}
+
+int NegotiateSessionKey_Tiger(void)
+{
+    unsigned char rsa_modulo[120];
+    unsigned char idea_sig[16];
+    unsigned char vFixed[] = {0,1,2,3,0x11};
+    unsigned char parte_fija[120];
+    unsigned char parte_variable[88];
+    unsigned char d1_rsa_modulo[88];
+    unsigned char rand[88];
+    unsigned char d2_data[88];
+    unsigned char sign1[8];
+    unsigned char sessi1[8];
+    unsigned char sessi2[8];
+    unsigned char tmp[104];
+    unsigned char tmp1[8];
+                     
+    if(!do_cmd(0xd1,0x02,0x51,0xd2,NULL))
+    {
+        cs_debug("[nagra-reader] CMD$D1 failed");
+        return 0;
+    }
+
+    ReverseMem(rsa_modulo, 120);
+    ReverseMem(&cta_res[90], 120);
+    
+    cs_debug("[nagra-reader] crypted parte_fija: %s", cs_hexdump (0, &cta_res[90], 32));
+    cs_debug("[nagra-reader] crypted parte_fija: %s", cs_hexdump (0, &cta_res[122], 32));
+    cs_debug("[nagra-reader] crypted parte_fija: %s", cs_hexdump (0, &cta_res[154], 32));
+    cs_debug("[nagra-reader] crypted parte_fija: %s", cs_hexdump (0, &cta_res[186], 24));
+    
+    BN_CTX *ctx = BN_CTX_new();
+    BIGNUM *bnN = BN_CTX_get(ctx);
+    BIGNUM *bnE = BN_CTX_get(ctx);
+    BIGNUM *bnCT = BN_CTX_get(ctx);
+    BIGNUM *bnPT = BN_CTX_get(ctx);
+    BN_bin2bn(rsa_modulo, 120, bnN);
+    BN_bin2bn(vFixed+4, 1, bnE);
+    BN_bin2bn(&cta_res[90], 120, bnCT);
+    BN_mod_exp(bnPT, bnCT, bnE, bnN, ctx);
+    memset(parte_fija, 0, 120);
+    BN_bn2bin(bnPT, parte_fija + (120-BN_num_bytes(bnPT)));
+    BN_CTX_end(ctx);
+    BN_CTX_free (ctx);
+    
+    ReverseMem(parte_fija, 120);
+    cs_debug("[nagra-reader] decrypted parte_fija: %s", cs_hexdump (0, parte_fija, 32));
+    cs_debug("[nagra-reader] decrypted parte_fija: %s", cs_hexdump (0, &parte_fija[32], 32));
+    cs_debug("[nagra-reader] decrypted parte_fija: %s", cs_hexdump (0, &parte_fija[64], 32));
+    cs_debug("[nagra-reader] decrypted parte_fija: %s", cs_hexdump (0, &parte_fija[96], 24));
+    
+    cs_debug("[nagra-reader] ---------- SIG CHECK ---------------------");
+    memset(tmp,0, 104);
+    memcpy(tmp+4, parte_fija+11, 100); //104
+    Signature(sign1, idea_sig, tmp, 112);
+    cs_debug("[nagra-reader] foo: %s", cs_hexdump (0, tmp, 32));
+    cs_debug("[nagra-reader] foo: %s", cs_hexdump (0, &tmp[32], 32));
+    cs_debug("[nagra-reader] foo: %s", cs_hexdump (0, &tmp[64], 32));
+    cs_debug("[nagra-reader] foo: %s", cs_hexdump (0, &tmp[96], 8));
+    cs_debug("[nagra-reader] sign1: %s", cs_hexdump (0, sign1, 8));
+    cs_debug("[nagra-reader] sign2: %s", cs_hexdump (0, parte_fija+111, 8));
+    if (!memcmp (parte_fija+111, sign1, 8)==0)
+    {
+        cs_debug("[nagra-reader] signature check nok");
+        return 0;
+    }
+    cs_debug("[nagra-reader] ------------------------------------------");
+    cs_debug("[nagra-reader] signature check ok");
+    cs_debug("[nagra-reader] part2 of algo not implemented yet.");
+    
+    /*
+    A lot of todo here.
+    Second part of algo removed due it fails
+    */
+
+    if(!do_cmd(0xd2,0x5a,0x52,0x03, d2_data)) 
+    {
+        cs_debug("[nagra-reader] CMD$D2 failed");
+        return 0;
+    }
+    if (cta_res+2 == 0x00)
+    {
+        memcpy(sessi,sessi1,8); memcpy(sessi+8,sessi2,8);
+        cs_ri_log("[nagra-reader] session key: %s", cs_hexdump(1, sessi, 16));
+        return 1;
+    }
+    cs_ri_log("Negotiate sessionkey was not successfull! Please check rsa key and boxkey");
+    return 0;
+        
 }
 
@@ -232 +310 @@
     if (is_tiger)
     {
-        unsigned char d1[] = {0xd2};
-        if(!do_cmd(0xd1,0x03,0x51,0x42,d1))
-        {
-            cs_debug("[nagra-reader] CMD$D1 failed");
+        if (!NegotiateSessionKey_Tiger())
+        {
+            cs_debug("[nagra-reader] NegotiateSessionKey_Tiger failed");
             return 0;
         }
-    }
-    else
-    {
-        if(!do_cmd(0x2a,0x02,0xaa,0x42,NULL))
-        {
-            cs_debug("[nagra-reader] CMD$2A failed");
-            return 0;
-        }
-    }
-
-        // RSA decrypt of cmd$2a data, result is stored in "negot"
-        ReverseMem(cta_res+2, 64);
-        //cs_debug("[nagra-reader] plainDT08RSA: %s", cs_hexdump (1, plainDT08RSA, 32));
-        //cs_debug("[nagra-reader] plainDT08RSA: %s", cs_hexdump (1, &plainDT08RSA[32], 32));
-        unsigned char vFixed[] = {0,1,2,3};
-        BN_CTX *ctx = BN_CTX_new();
-        BIGNUM *bnN = BN_CTX_get(ctx);
-        BIGNUM *bnE = BN_CTX_get(ctx);
-        BIGNUM *bnCT = BN_CTX_get(ctx);
-        BIGNUM *bnPT = BN_CTX_get(ctx);
-        BN_bin2bn(plainDT08RSA, 64, bnN);
-        BN_bin2bn(vFixed+3, 1, bnE);
-        BN_bin2bn(cta_res+2, 64, bnCT);
-        BN_mod_exp(bnPT, bnCT, bnE, bnN, ctx);
-        memset(negot, 0, 64);
-        BN_bn2bin(bnPT, negot + (64-BN_num_bytes(bnPT)));
-        //cs_debug("[nagra-reader] DT08 decrypted $2a data: %s", cs_hexdump (1, negot, 32));
-        //cs_debug("[nagra-reader] DT08 decrypted $2a data: %s", cs_hexdump (1, &negot[32], 32));
-        
-        memcpy(tmp, negot, 64);
-        ReverseMem(tmp, 64);
+        return 1;
+    }
+    if(!do_cmd(0x2a,0x02,0xaa,0x42,NULL))
+    {
+        cs_debug("[nagra-reader] CMD$2A failed");
+        return 0;
+    }
+
+    // RSA decrypt of cmd$2a data, result is stored in "negot"
+    ReverseMem(cta_res+2, 64);
+    //cs_debug("[nagra-reader] plainDT08RSA: %s", cs_hexdump (1, plainDT08RSA, 32));
+    //cs_debug("[nagra-reader] plainDT08RSA: %s", cs_hexdump (1, &plainDT08RSA[32], 32));
+    unsigned char vFixed[] = {0,1,2,3};
+    BN_CTX *ctx = BN_CTX_new();
+    BIGNUM *bnN = BN_CTX_get(ctx);
+    BIGNUM *bnE = BN_CTX_get(ctx);
+    BIGNUM *bnCT = BN_CTX_get(ctx);
+    BIGNUM *bnPT = BN_CTX_get(ctx);
+    BN_bin2bn(plainDT08RSA, 64, bnN);
+    BN_bin2bn(vFixed+3, 1, bnE);
+    BN_bin2bn(cta_res+2, 64, bnCT);
+    BN_mod_exp(bnPT, bnCT, bnE, bnN, ctx);
+    memset(negot, 0, 64);
+    BN_bn2bin(bnPT, negot + (64-BN_num_bytes(bnPT)));
+    //cs_debug("[nagra-reader] DT08 decrypted $2a data: %s", cs_hexdump (1, negot, 32));
+        //cs_debug("[nagra-reader] DT08 decrypted $2a data: %s", cs_hexdump (1, &negot[32], 32));
+        
+    memcpy(tmp, negot, 64);
+    ReverseMem(tmp, 64);
+    
+    // build sessionkey
+    // first halve is IDEA Hashed in chuncs of 8 bytes using the Signature1 from dt08 calc, CamID-Inv.CamID(16 bytes key) the results are the First 8 bytes of the Session key
+    memcpy(idea1, signature, 8); 
+    memcpy(idea1+8, reader[ridx].hexserial, 4);
+    idea1[12] = ~reader[ridx].hexserial[0]; idea1[13] = ~reader[ridx].hexserial[1]; idea1[14] = ~reader[ridx].hexserial[2]; idea1[15] = ~reader[ridx].hexserial[3];
         
-        // build sessionkey
-        // first halve is IDEA Hashed in chuncs of 8 bytes using the Signature1 from dt08 calc, CamID-Inv.CamID(16 bytes key) the results are the First 8 bytes of the Session key
-        memcpy(idea1, signature, 8); 
-        memcpy(idea1+8, reader[ridx].hexserial, 4);
-        idea1[12] = ~reader[ridx].hexserial[0]; idea1[13] = ~reader[ridx].hexserial[1]; idea1[14] = ~reader[ridx].hexserial[2]; idea1[15] = ~reader[ridx].hexserial[3];
+    Signature(sign1, idea1, tmp, 32);
+    memcpy(idea2,sign1,8); memcpy(idea2+8,sign1,8); 
+    Signature(sign2, idea2, tmp, 32);
+    memcpy(sessi,sign1,8); memcpy(sessi+8,sign2,8);
         
-        Signature(sign1, idea1, tmp, 32);
-        memcpy(idea2,sign1,8); memcpy(idea2+8,sign1,8); 
-        Signature(sign2, idea2, tmp, 32);
-        memcpy(sessi,sign1,8); memcpy(sessi+8,sign2,8);
+    // prepare cmd$2b data
+    BN_bin2bn(negot, 64, bnCT);
+    BN_mod_exp(bnPT, bnCT, bnE, bnN, ctx);
+    memset(cmd2b+10, 0, 64);
+    BN_bn2bin(bnPT, cmd2b+10 + (64-BN_num_bytes(bnPT)));
+    BN_CTX_end(ctx);
+    BN_CTX_free (ctx);
+    ReverseMem(cmd2b+10, 64);
         
-        // prepare cmd$2b data
-        BN_bin2bn(negot, 64, bnCT);
-        BN_mod_exp(bnPT, bnCT, bnE, bnN, ctx);
-        memset(cmd2b+10, 0, 64);
-        BN_bn2bin(bnPT, cmd2b+10 + (64-BN_num_bytes(bnPT)));
-        BN_CTX_end(ctx);
-        BN_CTX_free (ctx);
-        ReverseMem(cmd2b+10, 64);
-        
-        IDEA_KEY_SCHEDULE ks;
-        idea_set_encrypt_key(sessi,&ks);
-        idea_set_decrypt_key(&ks,&ksSession);
-    
-    if (!is_tiger)
-    {
-        if(!do_cmd(0x2b,0x42,0xab,0x02, cmd2b+10)) 
-        {
-            cs_debug("[nagra-reader] CMD$2B failed");
-            return 0;
-        }
-    }
-    else
-    {
-        if(!do_cmd(0xd2,0x42,0x52,0x03, cmd2b+10)) 
-        {
-            cs_debug("[nagra-reader] CMD$D2 failed");
-            return 0;
-        }
-    }
-    
+    IDEA_KEY_SCHEDULE ks;
+    idea_set_encrypt_key(sessi,&ks);
+    idea_set_decrypt_key(&ks,&ksSession);
+    
+    if(!do_cmd(0x2b,0x42,0xab,0x02, cmd2b+10))
+    {
+        cs_debug("[nagra-reader] CMD$2B failed");
+        return 0;
+    }
+
     cs_debug("[nagra-reader] session key: %s", cs_hexdump(1, sessi, 16));
     
-    if (!is_tiger)
-    {
-        if (!CamStateRequest())
-        {
-            cs_debug("[nagra-reader] CamStateRequest failed");
-            return 0;
-        }
-        if SENDDATETIME 
-        {
-            DateTimeCMD();
-        }
-        if RENEW_SESSIONKEY
-        {
-            cs_ri_log("Negotiate sessionkey was not successfull! Please check rsa key and boxkey");
-            return 0;
-        }
-    }
+    if (!CamStateRequest())
+    {
+        cs_debug("[nagra-reader] CamStateRequest failed");
+        return 0;
+    }
+    if SENDDATETIME 
+    {
+        DateTimeCMD();
+    }
+    if RENEW_SESSIONKEY
+    {
+        cs_ri_log("Negotiate sessionkey was not successfull! Please check rsa key and boxkey");
+        return 0;
+    }
+
     return 1;
 }
@@ -502 +564 @@
     if (memcmp(atr+11, "DNASP", 5)==0)
     {
-        //if(SetIFS(0xFE) != 1) return 0;
+        if(SetIFS(0xFE) != 1) return 0;
         cs_debug("[nagra-reader] detect native nagra card T1 protocol");
         memcpy(rom,atr+11,15);
@@ -508 +570 @@
     else if (memcmp(atr+11, "TIGER", 5)==0)
     {
-        //if(SetIFS(0xFE) != 1) return 0;
+        if(SetIFS(0xFE) != 1) return 0;
         cs_debug("[nagra-reader] detect nagra tiger card");
         memcpy(rom,atr+11,15);
@@ -594 +656 @@
 void nagra2_post_process(void)
 {
-    //Todo: Do not block!//
     CamStateRequest();
     cs_sleepms(10);
@@ -616 +677 @@
     
         }
-        cs_sleepms(5);
+        cs_sleepms(15);
         while(!CamStateRequest() && retry < 5)
         {
@@ -622 +683 @@
                     cs_sleepms(15);
         }
-        cs_sleepms(5);
+        cs_sleepms(10);
         if (HAS_CW && do_cmd(0x1C,0x02,0x9C,0x36,NULL))
         {
@@ -644 +705 @@
         if(!do_cmd(0xd3,er->ecm[4]+2,0x53,0x16, er->ecm+3+2))
         {
-            //53 14 01 00 00 00 
-            //94 8c 3e f7 49 a8 c7 23 //cw1?
-            //9a 67 e3 e1 d4 c1 c7 83 //cw0?
-            //90 0
-            unsigned char v[8];
-            memset(v,0,sizeof(v));
-            idea_cbc_encrypt(&cta_res[14],er->cw,8,&ksSession,v,IDEA_DECRYPT);
-            memset(v,0,sizeof(v));
-            idea_cbc_encrypt(&cta_res[6],er->cw+8,8,&ksSession,v,IDEA_DECRYPT);
-            return (1);
+            if(cta_res[2] == 0x01)
+            {
+                unsigned char v[8];
+                memset(v,0,sizeof(v));
+                idea_cbc_encrypt(&cta_res[14],er->cw,8,&ksSession,v,IDEA_DECRYPT);
+                memset(v,0,sizeof(v));
+                idea_cbc_encrypt(&cta_res[6],er->cw+8,8,&ksSession,v,IDEA_DECRYPT);
+                return (1);
+            }
+            cs_debug("[nagra-reader] can't decode ecm");
+            return (0);
         }
     }