Changeset 1162


Ignore:
Timestamp:
01/10/10 13:48:41 (12 years ago)
Author:
nightmann
Message:

1.Fix some timming issues
2.remove some debug output
3.some changes in emm handling.
4.we dont care about providerID. Now you can also use 000000 as providerid in newcamd connection.
5.tivusat idea is not longer needed in oscam.server, we go an other way to check if rsa is ok. This should be a good compromise from the hint of neoen.
6.remove some not needed global vars

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/reader-nagra.c

    r1125 r1162  
    1111int is_tiger=0;
    1212int has_dt08=0;
     13int swapCW=0;
    1314unsigned char rom[15];
    1415unsigned char plainDT08RSA[64];
    1516unsigned char IdeaCamKey[16];
    1617unsigned char irdId[] = {0xff,0xff,0xff,0xff};
    17 unsigned char camid[] = {0xff,0xff,0xff,0xff};
    1818unsigned char sessi[16];
    1919unsigned char signature[8];
    2020unsigned char cam_state[3];
    21 unsigned char static_dt08[73];
    22 unsigned char prv0401[] = {0x00, 0x00, 0x04, 0x01};
    23 unsigned char prv3411[] = {0x00, 0x00, 0x34, 0x11};
    2421
    2522// Card Status checks
     
    9491        if(!reader_cmd2icc(msg,msglen))
    9592    {
    96         //cs_sleepms(15);
     93        cs_sleepms(10);
    9794        if(cta_res[0]!=res)
    9895            {
     
    186183}
    187184
    188 void getCamID(void)
    189 {
    190     /*
    191     Hack:
    192     Get camid. For provider 0401/3411 camid is 0xff,0xff,0xff,0xff.
    193     for other provider we will take them from hexserial
    194     */
    195     if ((memcmp(prv3411,&reader[ridx].prid[0],4)==0) || (memcmp(prv0401,&reader[ridx].prid[0],4)==0))
    196     {
    197         memset(camid,0xff,4);
    198     }
    199     else
    200     {
    201         memcpy(camid,reader[ridx].hexserial+2,4);
    202     }
    203 }
    204 
    205185int NegotiateSessionKey_Tiger(void)
    206186{
     
    216196    unsigned char tmp[104];
    217197    unsigned char tmp1[8];
     198    unsigned char idea_sig[16];
    218199    unsigned char random[88] = {0x51,0xd0,0xcc,0x4a,0x51,0xbc,0x4f,0xa4,0x7d,0x44,0xa9,0xa8,0x97,0x13,0x01,0x63,
    219200                0x8f,0xaf,0x86,0x60,0x7c,0xe3,0xee,0x29,0xca,0x13,0x09,0x44,0x83,0x48,0x17,0x8b,
     
    228209        return 0;
    229210    }
    230 
    231 //  cs_debug("[nagra-reader] crypted parte_fija: %s", cs_hexdump (1, &cta_res[90], 32));
    232 //  cs_debug("[nagra-reader] crypted parte_fija: %s", cs_hexdump (1, &cta_res[122], 32));
    233 //  cs_debug("[nagra-reader] crypted parte_fija: %s", cs_hexdump (1, &cta_res[154], 32));
    234 //  cs_debug("[nagra-reader] crypted parte_fija: %s", cs_hexdump (1, &cta_res[186], 24));
    235211   
    236212    BN_CTX *ctx = BN_CTX_new();
     
    248224    BN_CTX_free (ctx);
    249225   
    250 //  cs_debug("[nagra-reader] decrypted parte_fija: %s", cs_hexdump (1, parte_fija, 32));
    251 //  cs_debug("[nagra-reader] decrypted parte_fija: %s", cs_hexdump (1, &parte_fija[32], 32));
    252 //  cs_debug("[nagra-reader] decrypted parte_fija: %s", cs_hexdump (1, &parte_fija[64], 32));
    253 //  cs_debug("[nagra-reader] decrypted parte_fija: %s", cs_hexdump (1, &parte_fija[96], 24));
    254    
    255226    cs_debug("[nagra-reader] ---------- SIG CHECK ---------------------");
    256227    memset(tmp,0, 104);
    257228    memcpy(tmp+4, parte_fija+11, 100);
    258     Signature(sign1, reader[ridx].nagra_boxkey, tmp, 104);
    259 //  cs_debug("[nagra-reader] foo: %s", cs_hexdump (0, tmp, 32));
    260 //  cs_debug("[nagra-reader] foo: %s", cs_hexdump (0, &tmp[32], 32));
    261 //  cs_debug("[nagra-reader] foo: %s", cs_hexdump (0, &tmp[64], 32));
    262 //  cs_debug("[nagra-reader] foo: %s", cs_hexdump (0, &tmp[96], 8));
     229    memset(idea_sig, 0x37, 16);
     230    Signature(sign1, idea_sig, tmp, 104);
    263231    cs_debug("[nagra-reader] sign1: %s", cs_hexdump (0, sign1, 8));
    264232    cs_debug("[nagra-reader] sign2: %s", cs_hexdump (0, parte_fija+111, 8));
     
    276244    memcpy(d1_rsa_modulo,parte_fija+23,88);
    277245   
    278 //  cs_debug("[nagra-reader] d1_rsa_modulo: %s", cs_hexdump (1, d1_rsa_modulo, 22));
    279 //  cs_debug("[nagra-reader] d1_rsa_modulo: %s", cs_hexdump (1, &d1_rsa_modulo[22], 22));
    280 //  cs_debug("[nagra-reader] d1_rsa_modulo: %s", cs_hexdump (1, &d1_rsa_modulo[44], 22));
    281 //  cs_debug("[nagra-reader] d1_rsa_modulo: %s", cs_hexdump (1, &d1_rsa_modulo[66], 22));
    282246    ReverseMem(cta_res+2, 88);
    283247    BN_CTX *ctx1 = BN_CTX_new();
     
    294258    BN_CTX_end(ctx1);
    295259    BN_CTX_free (ctx1);
    296 //  cs_debug("[nagra-reader] parte_variable: %s", cs_hexdump (1, parte_variable, 22));
    297 //  cs_debug("[nagra-reader] parte_variable: %s", cs_hexdump (1, &parte_variable[22], 22));
    298 //  cs_debug("[nagra-reader] parte_variableo: %s", cs_hexdump (1, &parte_variable[44], 22));
    299 //  cs_debug("[nagra-reader] parte_variable: %s", cs_hexdump (1, &parte_variable[66], 22));
    300260   
    301261    reader[ridx].prid[0][0]=0x00;
     
    308268        cs_ri_log("[nagra-reader] ProviderID: %s",cs_hexdump (1,reader[ridx].prid[0],4));
    309269       
    310 /*     
    311     BN_CTX *ctx2 = BN_CTX_new();
    312     BIGNUM *rand0x50  = BN_CTX_get(ctx2);
    313     BIGNUM *r_big = BN_CTX_get(ctx2);
    314     BN_rand(rand0x50, 0x50, 0, 0);
    315     //BN_mod(rand0x50, rand0x50, r_big, ctx2);
    316     memset(rand, 0, 88);
    317     BN_bn2bin(rand0x50, rand + (0x50-BN_num_bytes(r_big)));
    318     rand[0] |= rand[0] & 0x80;
    319     BN_CTX_end(ctx2);
    320     BN_CTX_free (ctx2);
    321 
    322     memset(rand, 0, 88);
    323     memcpy(rand, test_d1_resp, 80);
    324    
    325     cs_debug("[nagra-reader] grandom: %s", cs_hexdump (1, rand, 22));
    326     cs_debug("[nagra-reader] grandom: %s", cs_hexdump (1, &rand[22], 22));
    327     cs_debug("[nagra-reader] grandom: %s", cs_hexdump (1, &rand[44], 22));
    328     cs_debug("[nagra-reader] grandom: %s", cs_hexdump (1, &rand[66], 22));
    329 */ 
    330270    memcpy(sessi2,&random[72], 8);
    331    
    332271    memset(tmp1,0,8);
    333272    memcpy(tmp1, random+72,8);
    334 //  cs_debug("[nagra-reader] byteflop last 8 bytes of random data: %s", cs_hexdump (1, tmp1, 8));
    335     ReverseMem(tmp1, 8); //byteflop last 8 bytes of random data
    336    
     273    ReverseMem(tmp1, 8); //byteflop last 8 bytes of random data
    337274    memcpy(random+72, tmp1,8); // insert back the byteflop data
    338 //  cs_debug("[nagra-reader] insert back the byteflop data: %s", cs_hexdump (1, random, 22));
    339 //  cs_debug("[nagra-reader] insert back the byteflop data: %s", cs_hexdump (1, &random[22], 22));
    340 //  cs_debug("[nagra-reader] insert back the byteflop data: %s", cs_hexdump (1, &random[44], 22));
    341 //  cs_debug("[nagra-reader] insert back the byteflop data: %s", cs_hexdump (1, &random[66], 22));
    342275   
    343276    memset(tmp1,0,8);
     
    360293    BN_CTX_end(ctx3);
    361294    BN_CTX_free (ctx3);
    362 //  cs_debug("[nagra-reader] d2_data: %s", cs_hexdump (1, d2_data, 22));
    363 //  cs_debug("[nagra-reader] d2_data: %s", cs_hexdump (1, &d2_data[22], 22));
    364 //  cs_debug("[nagra-reader] d2_data: %s", cs_hexdump (1, &d2_data[44], 22));
    365 //  cs_debug("[nagra-reader] d2_data: %s", cs_hexdump (1, &d2_data[66], 22));
    366295    ReverseMem(d2_data, 88);
    367296
     
    494423    unsigned char buf[72];
    495424    unsigned char sign2[8];
     425    unsigned char static_dt08[73];
     426    unsigned char camid[4];
    496427    int i, n;
    497428    BN_CTX *ctx;
     
    506437    ctx= BN_CTX_new();
    507438    if (ctx == NULL) cs_debug("[nagra-reader] RSA Error in dt08 decrypt");
    508     //cs_debug("[nagra-reader]   DT08 RSA modulus: %s", cs_hexdump (1, reader[ridx].rsa_mod, 32));
    509     //cs_debug("[nagra-reader]   DT08 RSA modulus: %s", cs_hexdump (1, &reader[ridx].rsa_mod[32], 32));
    510439    ReverseMem(static_dt08+1, 64);
    511440    BN_bin2bn (reader[ridx].rsa_mod, 64, bn_mod); // rsa modulus
    512441    BN_bin2bn (vFixed+3, 1, bn_exp); // exponent
    513442    BN_bin2bn (static_dt08+1, 64, bn_data);
    514     //cs_debug("[nagra-reader]   DT08 crypted rsa: %s", cs_hexdump (1, static_dt08+1, 32));
    515     //cs_debug("[nagra-reader]   DT08 crypted rsa: %s", cs_hexdump (1, static_dt08+33, 32));
    516443    BN_mod_exp (bn_res, bn_data, bn_exp, bn_mod, ctx);
    517444    memset (static_dt08+1, 0, 64);
    518445    n = BN_bn2bin (bn_res, static_dt08+1);
     446    BN_CTX_free (ctx);
    519447    ReverseMem(static_dt08+1, n);
    520     //cs_debug("[nagra-reader] DT08 decrypted rsa: %s", cs_hexdump (1, static_dt08+1, 32));
    521     //cs_debug("[nagra-reader] DT08 decrypted rsa: %s", cs_hexdump (1, static_dt08+33, 32));
    522448   
    523449    // RSA data can never be bigger than the modulo
     
    529455    for (i = 0; i < 4; i++)
    530456            IdeaCamKey[12 + i] = ~irdId[i];
    531         //cs_debug("[nagra-reader] DT08 Plainkey: %s", cs_hexdump (1, IdeaCamKey, 16));
    532457       
    533458    // now IDEA decrypt
     
    535460    idea_set_encrypt_key(IdeaCamKey,&ks);
    536461    idea_set_decrypt_key(&ks,&ksSession);
    537     //cs_debug("[nagra-reader] dt08 idea part: %s", cs_hexdump (1, static_dt08+65, 8));
    538462    memcpy (&buf[0], static_dt08+1, 64);
    539463    memcpy (&buf[64], static_dt08+65, 8);
    540     //cs_debug("[nagra-reader] dt08 64byte rsa decrypted + 8last byte: %s", cs_hexdump (1, buf, 64));
    541     //cs_debug("[nagra-reader] dt08 64byte rsa decrypted + 8last byte: %s", cs_hexdump (1, &buf[64], 8));
    542464    memset(v,0,sizeof(v));
    543465    memset(static_dt08,0,sizeof(static_dt08));
    544466    idea_cbc_encrypt(buf,static_dt08,72,&ksSession,v,IDEA_DECRYPT);
    545     //cs_debug("[nagra-reader] dt08 72byte idea decrypted: %s", cs_hexdump (1, &static_dt08[0], 36));
    546     //cs_debug("[nagra-reader] dt08 72byte idea decrypted: %s", cs_hexdump (1, &static_dt08[35], 37));
    547467   
    548     getCamID();
    549     cs_debug("[nagra-reader] using camid %sfor dt08 calc",cs_hexdump (1,camid,4));
     468    if (swapCW==1)
     469    {
     470        memset(camid,0xff,4);
     471    }
     472    else
     473    {
     474        memcpy(camid, reader[ridx].hexserial+2,4);
     475    }
     476    cs_debug("[nagra-reader] using camid %s for dt08 calc",cs_hexdump (1,camid,4));
    550477   
    551478    // Calculate signature
     
    554481    memcpy (static_dt08 + 4, camid, 4);
    555482    Signature(sign2,IdeaCamKey,static_dt08,72);
    556 
    557     BN_CTX_free (ctx);
    558     //cs_debug("[nagra-reader] dt08 sign1: %s", cs_hexdump (0, signature, 8));
    559     //cs_debug("[nagra-reader] dt08 sign2: %s", cs_hexdump (0, sign2, 8));
    560483   
    561484    if (memcmp (signature, sign2, 8)==0)
     
    607530            reader[ridx].prid[0][3]=cta_res[8];
    608531            memcpy(reader[ridx].sa[0], reader[ridx].sa[0], 4);
    609             /*
     532            if ( (cta_res[7] == 0x34 && cta_res[8] == 0x11) || (cta_res[7] == 0x04 || cta_res[8] == 0x01))
     533            {
     534                swapCW=1;
     535            }
     536           
    610537            reader[ridx].prid[1][0]=0x00;
    611538            reader[ridx].prid[1][1]=0x00;
     
    614541            memcpy(reader[ridx].sa[1], reader[ridx].sa[0], 4);
    615542            reader[ridx].nprov+=1;
    616             */     
     543                   
    617544            reader[ridx].caid[0] =(SYSTEM_NAGRA|cta_res[11]);
    618545            //reader[ridx].caid[0] =0x1801;
     
    661588    memset(rom, 0, 15);
    662589    reader[ridx].nprov = 1;
    663     memset (reader[ridx].sa, 0xff, sizeof (reader[ridx].sa));
    664590    memset(reader[ridx].hexserial, 0, 8);
    665591    reader[ridx].caid[0]=SYSTEM_NAGRA;
     
    668594    {
    669595        if(SetIFS(0xFE) != 1) return 0;
    670         cs_debug("[nagra-reader] detect native nagra card T1 protocol");
     596        cs_ri_log("[nagra-reader] detect native nagra card T1 protocol");
    671597        memcpy(rom,atr+11,15);
    672598    }
     
    674600    {
    675601        if(SetIFS(0xFE) != 1) return 0;
    676         cs_debug("[nagra-reader] detect nagra tiger card");
     602        cs_ri_log("[nagra-reader] detect nagra tiger card");
    677603        memcpy(rom,atr+11,15);
    678604        is_tiger=1;
     
    680606    else if (!memcmp(atr+4, "IRDETO", 6))
    681607    {
    682         cs_debug("[nagra-reader] detect Irdeto tunneled nagra card");
     608        cs_ri_log("[nagra-reader] detect Irdeto tunneled nagra card");
    683609        if(!reader[ridx].nagra_native) return 0;
    684         cs_debug("[nagra-reader] using nagra mode");
     610        cs_ri_log("[nagra-reader] using nagra mode");
    685611        is_pure_nagra=1;
    686612        if(!do_cmd(0x10,0x02,0x90,0x11,0))
     
    703629        memcpy(reader[ridx].hexserial+2, cta_res+2, 4);
    704630        cs_debug("[nagra-reader] SER:  %s", cs_hexdump (1, reader[ridx].hexserial+2, 4));
    705         memcpy(reader[ridx].sa[0], cta_res+2, 4);
     631        //memset(reader[ridx].sa[0], 0xff, 4);
     632        //memcpy(reader[ridx].sa[0], cta_res+2, 2);
    706633       
    707634        if(!GetDataType(DT01,0x0E,MAX_REC)) return 0;
     
    782709   
    783710        }
    784         cs_sleepms(10);
     711        cs_sleepms(15);
    785712        while(!CamStateRequest() && retry < 5)
    786713        {
     
    789716                    cs_sleepms(15);
    790717        }
    791         cs_sleepms(10);
     718        cs_sleepms(15);
    792719        if (HAS_CW && do_cmd(0x1C,0x02,0x9C,0x36,NULL))
    793720        {
     
    797724            memset(v,0,sizeof(v));
    798725            idea_cbc_encrypt(&cta_res[4],er->cw+8,8,&ksSession,v,IDEA_DECRYPT);
    799             if ((memcmp(prv3411,&reader[ridx].prid[0],4)==0) || (memcmp(prv0401,&reader[ridx].prid[0],4)==0))
     726            if (swapCW==1)
    800727            {
    801728                    unsigned char tt[8];
     
    835762int nagra2_do_emm(EMM_PACKET *ep)
    836763{
     764    cs_debug("[nagra-reader] do_emm #########################################################");
     765    cs_debug("[nagra-reader] do_emm #########################################################");
     766    cs_debug("[nagra-reader] do_emm #########################################################");
     767    cs_debug("[nagra-reader] do_emm #########################################################");
     768    cs_debug("[nagra-reader] do_emm #########################################################");
    837769    if(!do_cmd(ep->emm[8],ep->emm[9]+2,0x84,0x02,ep->emm+8+2))
    838770    {
     
    840772        return (0);
    841773    }
    842     cs_sleepms(300);
     774    cs_sleepms(3000);
    843775    nagra2_post_process();
    844776    return 1;
Note: See TracChangeset for help on using the changeset viewer.