Changeset 11571
- Timestamp:
- 12/05/19 23:09:43 (4 years ago)
- Location:
- trunk
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/globals.h
r11547 r11571 1747 1747 uint8_t ins2e06[0x04 + 1]; 1748 1748 int8_t ins7e11_fast_reset; 1749 uint8_t k1_generic[0x10 + 1]; // k1 for generic pairing mode 1750 uint8_t k1_unique[0x10 + 1]; // k1 for unique pairing mode 1749 1751 uint8_t sc8in1_dtrrts_patch; // fix for kernel commit 6a1a82df91fa0eb1cc76069a9efe5714d087eccd 1750 1752 -
trunk/module-webif.c
r11552 r11571 2521 2521 { 2522 2522 for(i = 0; i < 4 ; i++) { tpl_printf(vars, TPLAPPEND, "INS2E06", "%02X", rdr->ins2e06[i]); } 2523 } 2524 2525 // k1 for generic pairing mode 2526 if(rdr->k1_generic[0x10]) 2527 { 2528 for(i = 0; i < rdr->k1_generic[0x10] ; i++) { tpl_printf(vars, TPLAPPEND, "K1_GENERIC", "%02X", rdr->k1_generic[i]); } 2529 } 2530 2531 // k1 for unique pairing mode 2532 if(rdr->k1_unique[0x10]) 2533 { 2534 for(i = 0; i < rdr->k1_unique[0x10] ; i++) { tpl_printf(vars, TPLAPPEND, "K1_UNIQUE", "%02X", rdr->k1_unique[i]); } 2523 2535 } 2524 2536 -
trunk/oscam-config-reader.c
r11547 r11571 629 629 char tmp[var_size * 2 + 1]; 630 630 fprintf_conf(f, token, "%s\n", cs_hexdump(0, var, var_size, tmp, sizeof(tmp))); 631 } 632 else if(cfg.http_full_cfg) 633 { fprintf_conf(f, token, "\n"); } 634 } 635 636 static void des_and_3des_key_fn(const char *token, char *value, void *setting, FILE *f) 637 { 638 uint8_t *var = setting; 639 if(value) 640 { 641 int32_t len = strlen(value); 642 if(((len != 16) && (len != 32)) || (key_atob_l(value, var, len))) 643 { 644 if(len > 0) 645 { fprintf(stderr, "reader %s parse error, %s=%s\n", token, token, value); } 646 memset(var, 0, 17); 647 } 648 else 649 { 650 var[16] = len/2; 651 } 652 return; 653 } 654 if(var[16]) 655 { 656 char tmp[var[16] * 2 + 1]; 657 fprintf_conf(f, token, "%s\n", cs_hexdump(0, var, var[16], tmp, sizeof(tmp))); 631 658 } 632 659 else if(cfg.http_full_cfg) … … 1129 1156 DEF_OPT_FUNC_X("ins7e11" , OFS(ins7E11), ins7E_fn, SIZEOF(ins7E11)), 1130 1157 DEF_OPT_FUNC_X("ins2e06" , OFS(ins2e06), ins7E_fn, SIZEOF(ins2e06)), 1158 DEF_OPT_FUNC("k1_generic" , OFS(k1_generic), des_and_3des_key_fn), 1159 DEF_OPT_FUNC("k1_unique" , OFS(k1_unique), des_and_3des_key_fn), 1131 1160 DEF_OPT_INT8("fix07" , OFS(fix_07), 1), 1132 1161 DEF_OPT_INT8("fix9993" , OFS(fix_9993), 0), … … 1232 1261 { 1233 1262 "readnano", "resetcycle", "smargopatch", "autospeed", "sc8in1_dtrrts_patch", "boxid","fix07", 1234 "fix9993", "rsakey", "deskey", "ins7e", "ins7e11", "ins2e06", " force_irdeto", "needsemmfirst", "boxkey",1263 "fix9993", "rsakey", "deskey", "ins7e", "ins7e11", "ins2e06", "k1_generic", "k1_unique", "force_irdeto", "needsemmfirst", "boxkey", 1235 1264 "atr", "detect", "nagra_read", "mhz", "cardmhz", "readtiers", "read_old_classes", "use_gpio", "needsglobalfirst", 1236 1265 #ifdef READER_NAGRA_MERLIN -
trunk/reader-videoguard-common.c
r11478 r11571 797 797 cmd2[4] = 1; 798 798 799 uint8_t rxbuff[8]; 800 memcpy(rxbuff, cmd2, 5); 801 799 802 // some card reply with L 91 00 (L being the command length). 800 803 if(!write_cmd_vg(cmd2, NULL) || !status_ok(cta_res + 1) || cta_res[0] == 0) … … 810 813 cmd[1], cmd[2], cta_res[0], cta_res[1]); 811 814 } 815 816 memcpy(rxbuff + 5, cta_res, 3); 817 cCamCryptVG_PostProcess_Decrypt(reader, rxbuff); 818 812 819 return -1; 813 820 } 821 822 memcpy(rxbuff + 5, cta_res, 3); 823 cCamCryptVG_PostProcess_Decrypt(reader, rxbuff); 824 814 825 return cta_res[0]; 815 826 } -
trunk/reader-videoguard2.c
r11478 r11571 2 2 #ifdef READER_VIDEOGUARD 3 3 #include "cscrypt/md5.h" 4 #include "cscrypt/des.h" 4 5 #include "oscam-work.h" 5 6 #include "reader-common.h" … … 247 248 static void vg2_read_tiers(struct s_reader *reader) 248 249 { 249 def_resp;250 uint8_t cta_res[CTA_RES_LEN]; 250 251 struct videoguard_data *csystem_data = reader->csystem_data; 251 252 … … 349 350 // check if ins2a is in command table before running it 350 351 351 static const uint8_t ins2a[5] = { 0xD 0, 0x2a, 0x00, 0x00, 0x00 };352 static const uint8_t ins2a[5] = { 0xD1, 0x2a, 0x00, 0x00, 0x00 }; 352 353 if(cmd_exists(reader, ins2a)) 353 354 { … … 355 356 if(l < 0 || !status_ok(cta_res + l)) 356 357 { 357 rdr_log(reader, "classD 0ins2a: failed");358 rdr_log(reader, "classD1 ins2a: failed"); 358 359 return; 359 360 } 360 361 } 361 362 362 static const uint8_t ins76007f[5] = { 0xD0, 0x76, 0x00, 0x7f, 0x02 }; 363 if(!write_cmd_vg(ins76007f, NULL) || !status_ok(cta_res + 2)) 364 { 365 rdr_log(reader, "classD0 ins76007f: failed"); 363 static const uint8_t ins76007f[5] = { 0xD1, 0x76, 0x00, 0x7f, 0x02 }; 364 l = do_cmd(reader, ins76007f, NULL, NULL, cta_res); 365 if(l < 0 || !status_ok(cta_res + 2)) 366 { 367 rdr_log(reader, "classD1 ins76007f: failed"); 366 368 return; 367 369 } … … 369 371 370 372 int32_t i; 371 uint8_t ins76[5] = { 0xD 0, 0x76, 0x00, 0x00, 0x00 };373 uint8_t ins76[5] = { 0xD1, 0x76, 0x00, 0x00, 0x00 }; 372 374 373 375 // some cards start real tiers info in middle of tier info … … 513 515 514 516 reader->VgFuse = cta_res[2]; 515 static const uint8_t ins7403 [5] = { 0xD0, 0x74, 0x03, 0x00, 0x00 };516 517 if((do_cmd(reader, ins7403 , NULL, NULL, cta_res) < 0))518 { 519 rdr_log(reader, "classD 0 ins7403: failed");517 static const uint8_t ins7403a[5] = { 0xD1, 0x74, 0x03, 0x00, 0x00 }; 518 519 if((do_cmd(reader, ins7403a, NULL, NULL, cta_res) < 0)) 520 { 521 rdr_log(reader, "classD1 ins7403a: failed"); 520 522 } 521 523 else … … 877 879 uint8_t ins4C[5] = { 0xD0, 0x4C, 0x00, 0x00, 0x09 }; 878 880 uint8_t len4c = 0, mode = 0; 879 uint8_t payload4C[0xF] = { 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x 04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };881 uint8_t payload4C[0xF] = { 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; 880 882 881 883 if(cmd_table_get_info(reader, ins4C, &len4c, &mode)) … … 884 886 if(len4c > 9) 885 887 { 886 payload4C[8] = 0x44; // value taken from v14 boot log 887 rdr_log(reader, "Extended 4C detected"); 888 } 889 } 890 888 rdr_log_dbg(reader, D_READER, "extended ins4C detected"); 889 } 890 } 891 891 memcpy(payload4C, boxID, 4); 892 892 if(!write_cmd_vg(ins4C, payload4C)) … … 1072 1072 } 1073 1073 1074 static const uint8_t ins741C[5] = { 0xD1, 0x74, 0x1C, 0x00, 0x00 }; 1075 if(do_cmd(reader, ins741C, NULL, NULL, cta_res) < 0) 1076 { 1077 rdr_log(reader, "classD1 ins741C: failed"); 1078 } 1079 1074 1080 static const uint8_t ins4Ca[5] = { 0xD1, 0x4C, 0x00, 0x00, 0x00 }; 1075 uint8_t ins741C[5] = { 0xD1, 0x74, 0x1C, 0x00, 0x00 }; 1076 if(len4c > 9) 1077 { 1078 if((l = read_cmd_len(reader, ins741C)) < 0) // We need to know the exact len 1079 { 1080 return ERROR; 1081 } 1082 1083 ins741C[4] = l; 1084 if(do_cmd(reader, ins741C, NULL, NULL, cta_res) < 0) // from log this payload is copied on 4c 1085 { 1086 rdr_log(reader, "classD1 ins741C: failed"); 1087 } 1088 else 1089 { 1090 if(l > 8) // if payload4c is length 0xF, we can't copy over more than 8 bytes in the next memcopy 1091 { 1092 l = 8; 1093 } 1094 memcpy(payload4C + 8, cta_res, l); 1095 } 1096 } 1081 1082 payload4C[4] = 0x83; 1097 1083 1098 1084 l = do_cmd(reader, ins4Ca, payload4C, NULL, cta_res); … … 1332 1318 { 1333 1319 rdr_log(reader, "classD3 ins54: no cw --> Card needs pairing/extra data"); 1320 if((reader->caid == 0x98C || reader->caid == 0x98D) && (buff_0F[5] == 0)){ //case 0f_0x xx 10 xx xx xx 00 1321 rdr_log(reader, "classD3 ins54: no cw --> unassigned Boxid"); 1322 } 1334 1323 test_0F = 0; 1335 1324 } … … 1352 1341 test_0F = 0; 1353 1342 } 1354 } 1355 1356 // Only for Sky Germany 'V14/V15' Card 1357 if(reader->caid == 0x98C || reader->caid == 0x98D) 1358 { 1359 // case 0f_0x xx xx xx xx xx 08 > 0x08 = binary xxxx1xx0 1360 if((~buff_0F[5] & 1) && ((buff_0F[5] >> 3) & 1)) 1361 { 1362 rdr_log(reader, "classD3 ins54: no cw --> Card is paired! (Debug-ECM-Info: 0F_06 %02X %02X %02X %02X %02X %02X)", 1363 buff_0F[0], buff_0F[1], buff_0F[2], buff_0F[3], buff_0F[4], buff_0F[5]); 1364 } 1365 1366 // case 0f_0x xx xx xx xx xx 00 > 0x00 = binary xxxx0xx0 1367 if((~buff_0F[5] & 1) && (~(buff_0F[5] >> 3) & 1)) 1368 { 1369 rdr_log(reader, "classD3 ins54: no cw --> Card is prepaired / Card is paired, but the pairing is deactivated (Debug-ECM-Info: 0F_06 %02X %02X %02X %02X %02X %02X)", 1370 buff_0F[0], buff_0F[1], buff_0F[2], buff_0F[3], buff_0F[4], buff_0F[5]); 1371 } 1372 1373 // case 0f_0x xx xx xx xx xx 01 > 0x01 = binary xxxxxxx1 1374 if(buff_0F[5] & 1) 1375 { 1376 rdr_log(reader, "classD3 ins54: no cw --> Card is not paired (Debug-ECM-Info: 0F_06 %02X %02X %02X %02X %02X %02X)", 1377 buff_0F[0], buff_0F[1], buff_0F[2], buff_0F[3], buff_0F[4], buff_0F[5]); 1343 1344 if((reader->caid == 0x98C || reader->caid == 0x98D) && ((buff_0F[5] >> 3) & 1)) //case 0f_0x xx xx xx xx xx XX = binary xxxx1xxx 1345 { 1346 rdr_log(reader, "classD3 ins54: no cw --> CW-overcrypt%s is required! (Debug-ECM-Info: 0F_06 %02X %02X %02X %02X %02X %02X)", 1347 (((buff_0F[5] >> 1) & 1) ? " (and assignment)" : ""), buff_0F[0], buff_0F[1], buff_0F[2], buff_0F[3], buff_0F[4], buff_0F[5]); //case 0f_0x xx xx xx xx xx XX = binary xxxx1x?x 1378 1348 } 1379 1349 } … … 1390 1360 memcpy(ea->cw + 0, rbuff + 5, 8); 1391 1361 1392 // case 55_01 xx where bit0==1 1362 // case 55_01 xx where bit0==1, CW is crypted 1393 1363 if(buff_55[0] & 1) 1394 1364 { 1395 rdr_log(reader, "classD3 ins54: CW is crypted, pairing active, bad cw"); 1396 return ERROR; 1365 if((buff_55[0] >> 3) & 1) //case 55_01 xx where bit3==1, CW-Overcrypt may not required 1366 { 1367 rdr_log_dbg(reader, D_READER, "classD3 ins54: Tag55_01 = %02X, CW-overcrypt may not required", buff_55[0]); 1368 } 1369 if(~((buff_55[0] >> 2) & 1)) //case 55_01 xx where bit2==0, no AES overcrypt 1370 { 1371 if((buff_55[0] >> 1) & 1) //case 55_01 xx where bit1==1, unique Pairing 1372 { 1373 rdr_log_dbg(reader, D_READER, "classD3 ins54: CW is crypted, trying to decrypt unique pairing mode 0x%02X", buff_55[0]); 1374 if(er->ecm[0] & 1){ //log crypted CW 1375 rdr_log_dbg(reader, D_READER, "crypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1376 } else { 1377 rdr_log_dbg(reader, D_READER, "crypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1378 } 1379 if((reader->k1_unique[16] == 0x08) || (reader->k1_unique[16] == 0x10)) //check k1 for unique pairing mode is DES(8 bytes) or 3DES(16 bytes) long 1380 { 1381 if(reader->k1_unique[16] == 0x08){ 1382 rdr_log_dbg(reader, D_READER, "use k1(DES) for CW decryption in unique pairing mode"); 1383 des_ecb_decrypt(ea->cw, reader->k1_unique, 0x08); 1384 } 1385 else 1386 { 1387 rdr_log_dbg(reader, D_READER, "use k1(3DES) for CW decryption in unique pairing mode"); 1388 des_ecb3_decrypt(ea->cw, reader->k1_unique); 1389 } 1390 if(er->ecm[0] & 1){ //log decrypted CW 1391 rdr_log_dbg(reader, D_READER, "decrypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1392 } else { 1393 rdr_log_dbg(reader, D_READER, "decrypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1394 } 1395 } 1396 else 1397 { 1398 rdr_log_dbg(reader, D_READER, "k1 for unique pairing mode is not set"); 1399 return ERROR; 1400 } 1401 } 1402 else //case 55_01 xx where bit1==0, generic Pairing 1403 { 1404 rdr_log_dbg(reader, D_READER, "classD3 ins54: CW is crypted, trying to decrypt generic pairing mode 0x%02X", buff_55[0]); 1405 if(er->ecm[0] & 1){ //log crypted CW 1406 rdr_log_dbg(reader, D_READER, "crypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1407 } else { 1408 rdr_log_dbg(reader, D_READER, "crypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1409 } 1410 if((reader->k1_generic[16] == 0x08) || (reader->k1_generic[16] == 0x10)) //check k1 for generic pairing mode is DES(8 bytes) or 3DES(16 bytes) long 1411 { 1412 if(reader->k1_generic[16] == 0x08){ 1413 rdr_log_dbg(reader, D_READER, "use k1(DES) for CW decryption in generic pairing mode"); 1414 des_ecb_decrypt(ea->cw, reader->k1_generic, 0x08); 1415 } 1416 else 1417 { 1418 rdr_log_dbg(reader, D_READER, "use k1(3DES) for CW decryption in generic pairing mode"); 1419 des_ecb3_decrypt(ea->cw, reader->k1_generic); 1420 } 1421 if(er->ecm[0] & 1){ //log decrypted CW 1422 rdr_log_dbg(reader, D_READER, "decrypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1423 } else { 1424 rdr_log_dbg(reader, D_READER, "decrypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1425 } 1426 } 1427 else 1428 { 1429 rdr_log_dbg(reader, D_READER, "k1 for generic pairing mode is not set"); 1430 return ERROR; 1431 } 1432 } 1433 } 1434 else //unkown pairing mode or AES overcrypt 1435 { 1436 rdr_log_dbg(reader, D_READER, "classD3 ins54: CW is crypted, unknown pairing mode 0x%02X, AES overcrypt?", buff_55[0]); 1437 if(er->ecm[0] & 1){ //log crypted CW 1438 rdr_log_dbg(reader, D_READER, "crypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1439 } else { 1440 rdr_log_dbg(reader, D_READER, "crypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1441 } 1442 return ERROR; 1443 } 1397 1444 } 1398 1445 -
trunk/webif/readerconfig/readerconfig_hwreader_videoguard.html
r11483 r11571 25 25 <TR><TD><A>ins2E06 payload (4 bytes):</A></TD><TD><input name="ins2e06" class="medium" type="text" maxlength="8" value="##INS2E06##"></TD></TR> 26 26 <TR><TD><A>ins7E payload (26 bytes):</A></TD><TD><input name="ins7e" type="text" maxlength="56" value="##INS7E##"></TD></TR> 27 <TR><TD><A>k1 for generic pairing mode (8 or 16 bytes):</A></TD><TD><input name="k1_generic" type="text" maxlength="32" value="##K1_GENERIC##"></TD></TR> 28 <TR><TD><A>k1 for unique pairing mode (8 or 16 bytes):</A></TD><TD><input name="k1_unique" type="text" maxlength="32" value="##K1_UNIQUE##"></TD></TR>
Note:
See TracChangeset
for help on using the changeset viewer.