Changeset 11716
- Timestamp:
- 12/16/22 09:09:00 (16 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/reader-videoguard2.c
r11713 r11716 3 3 #include "cscrypt/md5.h" 4 4 #include "cscrypt/des.h" 5 #include "cscrypt/aes.h" 5 6 #include "oscam-work.h" 6 7 #include "reader-common.h" … … 1273 1274 break; 1274 1275 1275 case 0x56: // tag data for a stro1276 case 0x56: // tag data for aes 1276 1277 memcpy(buff_56, t_body, 8); 1277 1278 break; … … 1364 1365 rdr_log_dbg(reader, D_READER, "classD3 ins54: Tag55_01 = %02X, CW-overcrypt may not required", buff_55[0]); 1365 1366 } 1366 if(~((buff_55[0] >> 2) & 1)) //case 55_01 xx where bit2==0 , no AES overcrypt1367 if(~((buff_55[0] >> 2) & 1)) //case 55_01 xx where bit2==0 1367 1368 { 1368 1369 if((buff_55[0] >> 1) & 1) //case 55_01 xx where bit1==1, unique Pairing 1369 1370 { 1370 1371 rdr_log_dbg(reader, D_READER, "classD3 ins54: CW is crypted, trying to decrypt unique pairing mode 0x%02X", buff_55[0]); 1371 if(er->ecm[0] & 1){ //log crypted CW 1372 rdr_log_dbg(reader, D_READER, "crypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1373 } else { 1374 rdr_log_dbg(reader, D_READER, "crypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1372 if((buff_56[0]|buff_56[1]|buff_56[2]|buff_56[3]|buff_56[4]|buff_56[5]|buff_56[6]|buff_56[7]) != 0) { //when 56_08 is non-zero use AES (mini-patch by para) 1373 rdr_log_dbg(reader, D_READER, "crypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X", 1374 ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7], 1375 buff_56[0], buff_56[1], buff_56[2], buff_56[3], buff_56[4], buff_56[5], buff_56[6], buff_56[7]); 1376 uint8_t aesbuf[0x10]; 1377 uint8_t keybuf[0x10]; 1378 AES_KEY aeskey; 1379 memcpy(aesbuf, rbuff + 5, 8); 1380 memcpy(aesbuf + 8, buff_56, 8); 1381 memcpy(keybuf, &(reader->k1_unique), 16); 1382 if(reader->k1_unique[16] == 0x10) { 1383 rdr_log_dbg(reader, D_READER, "use k1(AES) for CW decryption in unique pairing mode"); 1384 AES_set_decrypt_key(keybuf, 128, &aeskey); 1385 AES_decrypt(aesbuf, aesbuf, &aeskey); 1386 rdr_log_dbg(reader, D_READER, "decrypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X", 1387 aesbuf[0], aesbuf[1], aesbuf[2], aesbuf[3], aesbuf[4], aesbuf[5], aesbuf[6], aesbuf[7], 1388 aesbuf[8], aesbuf[9], aesbuf[10], aesbuf[11], aesbuf[12], aesbuf[13], aesbuf[14], aesbuf[15]); 1389 memcpy(ea->cw + 0, aesbuf, 8); 1390 } 1391 else { 1392 rdr_log_dbg(reader, D_READER, "k1 for unique pairing mode is not set correctly"); 1393 return ERROR; 1394 } 1375 1395 } 1376 if((reader->k1_unique[16] == 0x08) || (reader->k1_unique[16] == 0x10)) //check k1 for unique pairing mode is DES(8 bytes) or 3DES(16 bytes) long 1377 { 1378 if(reader->k1_unique[16] == 0x08){ 1379 rdr_log_dbg(reader, D_READER, "use k1(DES) for CW decryption in unique pairing mode"); 1380 des_ecb_decrypt(ea->cw, reader->k1_unique, 0x08); 1396 else { //case 56_08 is zero, DES or 3DES 1397 if(er->ecm[0] & 1){ //log crypted CW 1398 rdr_log_dbg(reader, D_READER, "crypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1399 } else { 1400 rdr_log_dbg(reader, D_READER, "crypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1401 } 1402 if((reader->k1_unique[16] == 0x08) || (reader->k1_unique[16] == 0x10)) //check k1 for unique pairing mode is DES(8 bytes) or 3DES(16 bytes) long 1403 { 1404 if(reader->k1_unique[16] == 0x08){ 1405 rdr_log_dbg(reader, D_READER, "use k1(DES) for CW decryption in unique pairing mode"); 1406 des_ecb_decrypt(ea->cw, reader->k1_unique, 0x08); 1407 } 1408 else 1409 { 1410 rdr_log_dbg(reader, D_READER, "use k1(3DES) for CW decryption in unique pairing mode"); 1411 des_ecb3_decrypt(ea->cw, reader->k1_unique); 1412 } 1413 if(er->ecm[0] & 1){ //log decrypted CW 1414 rdr_log_dbg(reader, D_READER, "decrypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1415 } else { 1416 rdr_log_dbg(reader, D_READER, "decrypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1417 } 1381 1418 } 1382 1419 else 1383 1420 { 1384 rdr_log_dbg(reader, D_READER, "use k1(3DES) for CW decryption in unique pairing mode"); 1385 des_ecb3_decrypt(ea->cw, reader->k1_unique); 1386 } 1387 if(er->ecm[0] & 1){ //log decrypted CW 1388 rdr_log_dbg(reader, D_READER, "decrypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1421 rdr_log_dbg(reader, D_READER, "k1 for unique pairing mode is not set"); 1422 return ERROR; 1423 } 1424 } 1425 } 1426 else //case 55_01 xx where bit1==0, generic Pairing 1427 { 1428 rdr_log_dbg(reader, D_READER, "classD3 ins54: CW is crypted, trying to decrypt generic pairing mode 0x%02X", buff_55[0]); 1429 if((buff_56[0]|buff_56[1]|buff_56[2]|buff_56[3]|buff_56[4]|buff_56[5]|buff_56[6]|buff_56[7]) != 0) { //when 56_08 is non-zero use AES 1430 rdr_log_dbg(reader, D_READER, "crypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X", 1431 ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7], 1432 buff_56[0], buff_56[1], buff_56[2], buff_56[3], buff_56[4], buff_56[5], buff_56[6], buff_56[7]); 1433 uint8_t aesbuf[0x10]; 1434 uint8_t keybuf[0x10]; 1435 AES_KEY aeskey; 1436 memcpy(aesbuf, rbuff + 5, 8); 1437 memcpy(aesbuf + 8, buff_56, 8); 1438 memcpy(keybuf, &(reader->k1_generic), 16); 1439 if(reader->k1_generic[16] == 0x10) { 1440 rdr_log_dbg(reader, D_READER, "use k1(AES) for CW decryption in generic pairing mode"); 1441 AES_set_decrypt_key(keybuf, 128, &aeskey); 1442 AES_decrypt(aesbuf, aesbuf, &aeskey); 1443 rdr_log_dbg(reader, D_READER, "decrypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X", 1444 aesbuf[0], aesbuf[1], aesbuf[2], aesbuf[3], aesbuf[4], aesbuf[5], aesbuf[6], aesbuf[7], 1445 aesbuf[8], aesbuf[9], aesbuf[10], aesbuf[11], aesbuf[12], aesbuf[13], aesbuf[14], aesbuf[15]); 1446 memcpy(ea->cw + 0, aesbuf, 8); 1447 } 1448 else { 1449 rdr_log_dbg(reader, D_READER, "k1 for generic pairing mode is not set"); 1450 return ERROR; 1451 } 1452 } 1453 else { // case 56_08 is zero, DES or 3DES 1454 if(er->ecm[0] & 1){ //log crypted CW 1455 rdr_log_dbg(reader, D_READER, "crypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1389 1456 } else { 1390 rdr_log_dbg(reader, D_READER, "decrypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1391 } 1392 } 1393 else 1394 { 1395 rdr_log_dbg(reader, D_READER, "k1 for unique pairing mode is not set"); 1396 return ERROR; 1397 } 1398 } 1399 else //case 55_01 xx where bit1==0, generic Pairing 1400 { 1401 rdr_log_dbg(reader, D_READER, "classD3 ins54: CW is crypted, trying to decrypt generic pairing mode 0x%02X", buff_55[0]); 1402 if(er->ecm[0] & 1){ //log crypted CW 1403 rdr_log_dbg(reader, D_READER, "crypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1404 } else { 1405 rdr_log_dbg(reader, D_READER, "crypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1406 } 1407 if((reader->k1_generic[16] == 0x08) || (reader->k1_generic[16] == 0x10)) //check k1 for generic pairing mode is DES(8 bytes) or 3DES(16 bytes) long 1408 { 1409 if(reader->k1_generic[16] == 0x08){ 1410 rdr_log_dbg(reader, D_READER, "use k1(DES) for CW decryption in generic pairing mode"); 1411 des_ecb_decrypt(ea->cw, reader->k1_generic, 0x08); 1457 rdr_log_dbg(reader, D_READER, "crypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1458 } 1459 if((reader->k1_generic[16] == 0x08) || (reader->k1_generic[16] == 0x10)) //check k1 for generic pairing mode is DES(8 bytes) or 3DES(16 bytes) long 1460 { 1461 if(reader->k1_generic[16] == 0x08){ 1462 rdr_log_dbg(reader, D_READER, "use k1(DES) for CW decryption in generic pairing mode"); 1463 des_ecb_decrypt(ea->cw, reader->k1_generic, 0x08); 1464 } 1465 else 1466 { 1467 rdr_log_dbg(reader, D_READER, "use k1(3DES) for CW decryption in generic pairing mode"); 1468 des_ecb3_decrypt(ea->cw, reader->k1_generic); 1469 } 1470 if(er->ecm[0] & 1){ //log decrypted CW 1471 rdr_log_dbg(reader, D_READER, "decrypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1472 } else { 1473 rdr_log_dbg(reader, D_READER, "decrypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1474 } 1412 1475 } 1413 1476 else 1414 1477 { 1415 rdr_log_dbg(reader, D_READER, "use k1(3DES) for CW decryption in generic pairing mode"); 1416 des_ecb3_decrypt(ea->cw, reader->k1_generic); 1417 } 1418 if(er->ecm[0] & 1){ //log decrypted CW 1419 rdr_log_dbg(reader, D_READER, "decrypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1420 } else { 1421 rdr_log_dbg(reader, D_READER, "decrypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]); 1478 rdr_log_dbg(reader, D_READER, "k1 for generic pairing mode is not set"); 1479 return ERROR; 1422 1480 } 1423 1481 } 1424 else 1425 { 1426 rdr_log_dbg(reader, D_READER, "k1 for generic pairing mode is not set"); 1427 return ERROR; 1428 } 1429 } 1430 } 1431 else //unkown pairing mode or AES overcrypt 1432 { 1433 rdr_log_dbg(reader, D_READER, "classD3 ins54: CW is crypted, unknown pairing mode 0x%02X, AES overcrypt?", buff_55[0]); 1482 } 1483 } 1484 else //unknown pairing mode 1485 { 1486 rdr_log_dbg(reader, D_READER, "classD3 ins54: CW is crypted, unknown pairing mode 0x%02X", buff_55[0]); 1434 1487 if(er->ecm[0] & 1){ //log crypted CW 1435 1488 rdr_log_dbg(reader, D_READER, "crypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]);
Note:
See TracChangeset
for help on using the changeset viewer.