changement cryptage canal sat général
- Auteur de la discussion constance
- Date de début
- Statut
Il existe un module pcmcia canal Ready pour la TNT TERRESTRE mais uniquement avec les téléviseurs Sumsung avec la norme CI+, la carte est différente.
La carte 39 ne fonctionne pas sur ce pcmcia mais sur les déco labelisé TNTSAT "Canal Ready".
camfrancia
DZSatien Accro
- Inscrit
- 11/2/12
- Messages
- 752
bas si que sa a voir lol la nano est utilisé dans le cube de Csat avec la carte 018, c'est le même procédé qu'ils veulent faire dans les déco canal ready, il possède déjà un dump de mon déco mais il lui faut encore 2 autre dump car malheuresement j'ai pas envoyer ma carte car mon abo avez pris fin le 31 juillet et en attendant de rendre le déco je lui avez envoyer
Le même procédé mais pas la même nano.
sur les 018 c'est la nano 01 qui est injectée et non la e0.
Le dump du Canal ready et crypté et signé par viaccess selon le cahier des charges et donc a mon avis, c'est loin d'être facile.
A+
constance
DZSatien Accro
- Inscrit
- 15/12/08
- Messages
- 775
il est bien plus facile de hacker du viaccess que du seca . de plus les décodeur cube on certaine protections et de plus ces louer a canal .perso j éviterais de bouger ou de souder sur ce décodeur .
&actuellement pour le viaccess ces ceci avec des modif qui date de 4 semaine
[TR]
[TH]175[/TH]
[TD] for (j=0; (!rc) && (j<16); j++)[/TD]
[/TR]
[TR]
[TH]176[/TH]
[TD] if (reader->availkeys[j]==keynr)[/TD]
[/TR]
[TR]
[TH]177[/TH]
[TD] rc=1;[/TD]
[/TR]
[TR]
[TH]178[/TH]
[TD] return(rc);[/TD]
[/TR]
[TR]
[TH]179[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]180[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]181[/TH]
[TD]static int32_t unlock_parental(struct s_reader * reader)[/TD]
[/TR]
[TR]
[TH]182[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]183[/TH]
[TD] /* disabling parental lock. assuming pin "0000" if no pin code is provided in the config */[/TD]
[/TR]
[TR]
[TH]184[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]185[/TH]
[TD] static const uchar inDPL[] = {0xca, 0x24, 0x02, 0x00, 0x09};[/TD]
[/TR]
[TR]
[TH]186[/TH]
[TD] uchar cmDPL[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F};[/TD]
[/TR]
[TR]
[TH]187[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]188[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]189[/TH]
[TD] if (strcmp(reader->pincode, "none")) {[/TD]
[/TR]
[TR]
[TH]190[/TH]
[TD] rdr_log(reader, "Using PIN %s",reader->pincode);[/TD]
[/TR]
[TR]
[TH]191[/TH]
[TD] // the pin need to be coded in bcd, so we need to convert from ascii to bcd, so '1234' -> 0x12 0x34[/TD]
[/TR]
[TR]
[TH]192[/TH]
[TD] cmDPL[6]=((reader->pincode[0]-0x30)<<4) | ((reader->pincode[1]-0x30) & 0x0f);[/TD]
[/TR]
[TR]
[TH]193[/TH]
[TD] cmDPL[7]=((reader->pincode[2]-0x30)<<4) | ((reader->pincode[3]-0x30) & 0x0f);[/TD]
[/TR]
[TR]
[TH]194[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]195[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]196[/TH]
[TD] rdr_log(reader, "Using PIN 0000!");[/TD]
[/TR]
[TR]
[TH]197[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]198[/TH]
[TD] write_cmd(inDPL,cmDPL);[/TD]
[/TR]
[TR]
[TH]199[/TH]
[TD] if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) ) {[/TD]
[/TR]
[TR]
[TH]200[/TH]
[TD] if (strcmp(reader->pincode, "none")) {[/TD]
[/TR]
[TR]
[TH]201[/TH]
[TD] rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used %s!",reader->pincode);[/TD]
[/TR]
[TR]
[TH]202[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]203[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]204[/TH]
[TD] rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used 0000!");[/TD]
[/TR]
[TR]
[TH]205[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]206[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]207[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]208[/TH]
[TD] rdr_log(reader, "Parental lock disabled");[/TD]
[/TR]
[TR]
[TH]209[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]210[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]211[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]212[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]213[/TH]
[TD]static int32_t viaccess_card_init(struct s_reader * reader, ATR *newatr)[/TD]
[/TR]
[TR]
[TH]214[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]215[/TH]
[TD] get_atr;[/TD]
[/TR]
[TR]
[TH]216[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]217[/TH]
[TD] int32_t i;[/TD]
[/TR]
[TR]
[TH]218[/TH]
[TD] uchar buf[256];[/TD]
[/TR]
[TR]
[TH]219[/TH]
[TD] uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data[/TD]
[/TR]
[TR]
[TH]220[/TH]
[TD] uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data[/TD]
[/TR]
[TR]
[TH]221[/TH]
[TD] uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer[/TD]
[/TR]
[TR]
[TH]222[/TH]
[TD] uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item[/TD]
[/TR]
[TR]
[TH]223[/TH]
[TD] static const uchar insFAC[] = { 0x87, 0x02, 0x00, 0x00, 0x03 }; // init FAC[/TD]
[/TR]
[TR]
[TH]224[/TH]
[TD] static const uchar FacDat[] = { 0x00, 0x00, 0x28 };[/TD]
[/TR]
[TR]
[TH]225[/TH]
[TD] static unsigned char ins8702_data[] = { 0x00, 0x00, 0x11};[/TD]
[/TR]
[TR]
[TH]226[/TH]
[TD] static unsigned char ins8704[] = { 0x87, 0x04, 0x00, 0x00, 0x07 };[/TD]
[/TR]
[TR]
[TH]227[/TH]
[TD] static unsigned char ins8706[] = { 0x87, 0x06, 0x00, 0x00, 0x04 };[/TD]
[/TR]
[TR]
[TH]228[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]229[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]230[/TH]
[TD] if ((atr[1]!=0x77) || ((atr[2]!=0x18) && (atr[2]!=0x11) && (atr[2]!=0x19)) || ((atr[9]!=0x68) && (atr[9]!=0x6C)))[/TD]
[/TR]
[TR]
[TH]231[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]232[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]233[/TH]
[TD] write_cmd(insFAC, FacDat);[/TD]
[/TR]
[TR]
[TH]234[/TH]
[TD] if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]235[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]236[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]237[/TH]
[TD] memset(&reader->last_geo, 0, sizeof(reader->last_geo));[/TD]
[/TR]
[TR]
[TH]238[/TH]
[TD] write_cmd(insFAC, ins8702_data);[/TD]
[/TR]
[TR]
[TH]239[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]240[/TH]
[TD] write_cmd(ins8704, NULL);[/TD]
[/TR]
[TR]
[TH]241[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]242[/TH]
[TD] write_cmd(ins8706, NULL);[/TD]
[/TR]
[TR]
[TH]243[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]244[/TH]
[TD] reader->last_geo.number_ecm =(cta_res[2]<<8) | (cta_res[3]);[/TD]
[/TR]
[TR]
[TH]245[/TH]
[TD] rdr_log(reader, "using ecm #%x for long viaccess ecm",reader->last_geo.number_ecm);[/TD]
[/TR]
[TR]
[TH]246[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]247[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]248[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]249[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]250[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]251[/TH]
[TD] // switch((atr[atrsize-4]<<8)|atr[atrsize-3])[/TD]
[/TR]
[TR]
[TH]252[/TH]
[TD] // {[/TD]
[/TR]
[TR]
[TH]253[/TH]
[TD] // case 0x6268: ver="2.3"; break;[/TD]
[/TR]
[TR]
[TH]254[/TH]
[TD] // case 0x6668: ver="2.4(?)"; break;[/TD]
[/TR]
[TR]
[TH]255[/TH]
[TD] // case 0xa268:[/TD]
[/TR]
[TR]
[TH]256[/TH]
[TD] // default: ver="unknown"; break;[/TD]
[/TR]
[TR]
[TH]257[/TH]
[TD] // }[/TD]
[/TR]
[TR]
[TH]258[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]259[/TH]
[TD] reader->caid=0x500;[/TD]
[/TR]
[TR]
[TH]260[/TH]
[TD] memset(reader->prid, 0xff, sizeof(reader->prid));[/TD]
[/TR]
[TR]
[TH]261[/TH]
[TD] insac[2]=0xa4; write_cmd(insac, NULL); // request unique id[/TD]
[/TR]
[TR]
[TH]262[/TH]
[TD] insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id[/TD]
[/TR]
[TR]
[TH]263[/TH]
[TD] memcpy(reader->hexserial, cta_res+2, 5);[/TD]
[/TR]
[TR]
[TH]264[/TH]
[TD] // rdr_log(reader, "[viaccess-reader] type: Viaccess, ver: %s serial: %llu", ver, b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]265[/TH]
[TD] rdr_log_sensitive(reader, "type: Viaccess (%sstandard atr), caid: %04X, serial: {%llu}",[/TD]
[/TR]
[TR]
[TH]266[/TH]
[TD] atr[9]==0x68?"":"non-",reader->caid, (unsigned long long) b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]267[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]268[/TH]
[TD] i=0;[/TD]
[/TR]
[TR]
[TH]269[/TH]
[TD] insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0[/TD]
[/TR]
[TR]
[TH]270[/TH]
[TD] buf[0]=0;[/TD]
[/TR]
[TR]
[TH]271[/TH]
[TD] while((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0))[/TD]
[/TR]
[TR]
[TH]272[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]273[/TH]
[TD] insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties[/TD]
[/TR]
[TR]
[TH]274[/TH]
[TD] cta_res[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]275[/TH]
[TD] reader->prid[0]=0;[/TD]
[/TR]
[TR]
[TH]276[/TH]
[TD] memcpy(&reader->prid[1], cta_res, 3);[/TD]
[/TR]
[TR]
[TH]277[/TH]
[TD] memcpy(&reader->availkeys[0], cta_res+10, 16);[/TD]
[/TR]
[TR]
[TH]278[/TH]
[TD] snprintf((char *)buf+strlen((char *)buf), sizeof(buf)-strlen((char *)buf), ",%06X", b2i(3, &reader->prid[1]));[/TD]
[/TR]
[TR]
[TH]279[/TH]
[TD] //rdr_log(reader, "[viaccess-reader] buf: %s", buf);[/TD]
[/TR]
[TR]
[TH]280[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]281[/TH]
[TD] insac[2]=0xa5; write_cmd(insac, NULL); // request sa[/TD]
[/TR]
[TR]
[TH]282[/TH]
[TD] insb8[4]=0x06; write_cmd(insb8, NULL); // read sa[/TD]
[/TR]
[TR]
[TH]283[/TH]
[TD] memcpy(&reader->sa[0], cta_res+2, 4);[/TD]
[/TR]
[TR]
[TH]284[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]285[/TH]
[TD] /*[/TD]
[/TR]
[TR]
[TH]286[/TH]
[TD] insac[2]=0xa7; write_cmd(insac, NULL); // request name[/TD]
[/TR]
[TR]
[TH]287[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len[/TD]
[/TR]
[TR]
[TH]288[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]289[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read name[/TD]
[/TR]
[TR]
[TH]290[/TH]
[TD] cta_res[l]=0;[/TD]
[/TR]
[TR]
[TH]291[/TH]
[TD] rdr_log(reader, "[viaccess-reader] name: %s", cta_res);[/TD]
[/TR]
[TR]
[TH]292[/TH]
[TD] */[/TD]
[/TR]
[TR]
[TH]293[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]294[/TH]
[TD] insa4[2]=0x02;[/TD]
[/TR]
[TR]
[TH]295[/TH]
[TD] write_cmd(insa4, NULL); // select next issuer[/TD]
[/TR]
[TR]
[TH]296[/TH]
[TD] i++;[/TD]
[/TR]
[TR]
[TH]297[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]298[/TH]
[TD] reader->nprov=i;[/TD]
[/TR]
[TR]
[TH]299[/TH]
[TD] rdr_log(reader, "providers: %d (%s)", reader->nprov, buf+1);[/TD]
[/TR]
[TR]
[TH]300[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]301[/TH]
[TD] if (cfg.ulparent)[/TD]
[/TR]
[TR]
[TH]302[/TH]
[TD] unlock_parental(reader);[/TD]
[/TR]
[TR]
[TH]303[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]304[/TH]
[TD] rdr_log(reader, "ready for requests");[/TD]
[/TR]
[TR]
[TH]305[/TH]
[TD] return OK;[/TD]
[/TR]
[TR]
[TH]306[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]307[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]308[/TH]
[TD]bool dcw_crc(uchar *dw){[/TD]
[/TR]
[TR]
[TH]309[/TH]
[TD] int8_t i;[/TD]
[/TR]
[TR]
[TH]310[/TH]
[TD] for(i=0;i<16;i+=4) if(dw[i+3]!=((dw+dw[i+1]+dw[i+2])& 0xFF))return 0;[/TD]
[/TR]
[TR]
[TH]311[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]312[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]313[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]314[/TH]
[TD]static int32_t viaccess_do_ecm(struct s_reader * reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)[/TD]
[/TR]
[TR]
[TH]315[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]316[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]317[/TH]
[TD] static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id[/TD]
[/TR]
[TR]
[TH]318[/TH]
[TD] unsigned char ins88[] = { 0xca,0x88,0x00,0x00,0x00 }; // set ecm[/TD]
[/TR]
[TR]
[TH]319[/TH]
[TD] unsigned char insf8[] = { 0xca,0xf8,0x00,0x00,0x00 }; // set geographic info[/TD]
[/TR]
[TR]
[TH]320[/TH]
[TD] static const unsigned char insc0[] = { 0xca,0xc0,0x00,0x00,0x12 }; // read dcw[/TD]
[/TR]
[TR]
[TH]321[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]322[/TH]
[TD] // //XXX what is the 4th byte for ??[/TD]
[/TR]
[TR]
[TH]323[/TH]
[TD] int32_t ecm88Len = MIN(MAX_ECM_SIZE-4, SCT_LEN(er->ecm)-4);[/TD]
[/TR]
[TR]
[TH]324[/TH]
[TD] if(ecm88Len < 1){[/TD]
[/TR]
[TR]
[TH]325[/TH]
[TD] rdr_log(reader, "ECM: Size of ECM couldn't be correctly calculated.");[/TD]
[/TR]
[TR]
[TH]326[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]327[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]328[/TH]
[TD] uchar ecmData[ecm88Len];[/TD]
[/TR]
[TR]
[TH]329[/TH]
[TD] memset(ecmData, 0, ecm88Len);[/TD]
[/TR]
[TR]
[TH]330[/TH]
[TD] memcpy(ecmData, er->ecm+4, ecm88Len);[/TD]
[/TR]
[TR]
[TH]331[/TH]
[TD] uchar *ecm88Data = &ecmData[0];[/TD]
[/TR]
[TR]
[TH]332[/TH]
[TD] uint32_t provid=0;[/TD]
[/TR]
[TR]
[TH]333[/TH]
[TD] int32_t rc=0;[/TD]
[/TR]
[TR]
[TH]334[/TH]
[TD] int32_t hasD2 = 0;[/TD]
[/TR]
[TR]
[TH]335[/TH]
[TD] int32_t curEcm88len=0;[/TD]
[/TR]
[TR]
[TH]336[/TH]
[TD] int32_t nanoLen=0;[/TD]
[/TR]
[TR]
[TH]337[/TH]
[TD] uchar *nextEcm;[/TD]
[/TR]
[TR]
[TH]338[/TH]
[TD] uchar DE04[256];[/TD]
[/TR]
[TR]
[TH]339[/TH]
[TD] int32_t D2KeyID=0;[/TD]
[/TR]
[TR]
[TH]340[/TH]
[TD] int32_t curnumber_ecm=0;[/TD]
[/TR]
[TR]
[TH]341[/TH]
[TD] //nanoD2 d2 02 0d 02 -> D2 nano, len 2[/TD]
[/TR]
[TR]
[TH]342[/TH]
[TD] // 0d -> post AES decrypt CW[/TD]
[/TR]
[TR]
[TH]343[/TH]
[TD] // 0b -> pre AES decrypt CW[/TD]
[/TR]
[TR]
[TH]344[/TH]
[TD] int32_t nanoD2 = 0; // 0x0b = 1 0x0d = 2[/TD]
[/TR]
[TR]
[TH]345[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]346[/TH]
[TD] memset(DE04, 0, sizeof(DE04)); //fix dorcel de04 bug[/TD]
[/TR]
[TR]
[TH]347[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]348[/TH]
[TD] nextEcm=ecm88Data;[/TD]
[/TR]
[TR]
[TH]349[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]350[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]351[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]352[/TH]
[TD] while (ecm88Len>0 && !rc) {[/TD]
[/TR]
[TR]
[TH]353[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]354[/TH]
[TD] if(ecm88Data[0] ==0x00 && ecm88Data[1] == 0x00) {[/TD]
[/TR]
[TR]
[TH]355[/TH]
[TD] // nano 0x00 and len 0x00 aren't valid ... something is obviously wrong with this ecm.[/TD]
[/TR]
[TR]
[TH]356[/TH]
[TD] rdr_log(reader, "ECM: Invalid ECM structure. Rejecting");[/TD]
[/TR]
[TR]
[TH]357[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]358[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]359[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]360[/TH]
[TD] // 80 33 nano 80 (ecm) + len (33)[/TD]
[/TR]
[TR]
[TH]361[/TH]
[TD] if(ecm88Data[0]==0x80) { // nano 80, give ecm len[/TD]
[/TR]
[TR]
[TH]362[/TH]
[TD] curEcm88len=ecm88Data[1];[/TD]
[/TR]
[TR]
[TH]363[/TH]
[TD] nextEcm=ecm88Data+curEcm88len+2;[/TD]
[/TR]
[TR]
[TH]364[/TH]
[TD] ecm88Data += 2;[/TD]
[/TR]
[TR]
[TH]365[/TH]
[TD] ecm88Len -= 2;[/TD]
[/TR]
[TR]
[TH]366[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]367[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]368[/TH]
[TD] if(!curEcm88len) { //there was no nano 80 -> simple ecm[/TD]
[/TR]
[TR]
[TH]369[/TH]
[TD] curEcm88len=ecm88Len;[/TD]
[/TR]
[TR]
[TH]370[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]371[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]372[/TH]
[TD] // d2 02 0d 02 -> D2 nano, len 2, select the AES key to be used[/TD]
[/TR]
[TR]
[TH]373[/TH]
[TD] if(ecm88Data[0]==0xd2) {[/TD]
[/TR]
[TR]
[TH]374[/TH]
[TD] // test if need post or pre AES decrypt[/TD]
[/TR]
[TR]
[TH]375[/TH]
[TD] if(ecm88Data[2]==0x0b)[/TD]
[/TR]
[TR]
[TH]376[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]377[/TH]
[TD] nanoD2 = 1;[/TD]
[/TR]
[TR]
[TH]378[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0b");[/TD]
[/TR]
[TR]
[TH]379[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]380[/TH]
[TD] if(ecm88Data[2]==0x0d)[/TD]
[/TR]
[TR]
[TH]381[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]382[/TH]
[TD] nanoD2 = 2;[/TD]
[/TR]
[TR]
[TH]383[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0d");[/TD]
[/TR]
[TR]
[TH]384[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]385[/TH]
[TD] // use the d2 arguments to get the key # to be used[/TD]
[/TR]
[TR]
[TH]386[/TH]
[TD] int32_t len = ecm88Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]387[/TH]
[TD] D2KeyID=ecm88Data[3];[/TD]
[/TR]
[TR]
[TH]388[/TH]
[TD] ecm88Data += len;[/TD]
[/TR]
[TR]
[TH]389[/TH]
[TD] ecm88Len -= len;[/TD]
[/TR]
[TR]
[TH]390[/TH]
[TD] curEcm88len -=len;[/TD]
[/TR]
[TR]
[TH]391[/TH]
[TD] hasD2 = 1;[/TD]
[/TR]
[TR]
[TH]392[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]393[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]394[/TH]
[TD] hasD2 = 0;[/TD]
[/TR]
[TR]
[TH]395[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]396[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]397[/TH]
[TD] // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here[/TD]
[/TR]
[TR]
[TH]398[/TH]
[TD] // 09 -> use key #9[/TD]
[/TR]
[TR]
[TH]399[/TH]
[TD] // 05 67 00[/TD]
[/TR]
[TR]
[TH]400[/TH]
[TD] if ((ecm88Data[0]==0x90 || ecm88Data[0]==0x40) && (ecm88Data[1]==0x03 || ecm88Data[1]==0x07 ) )[/TD]
[/TR]
[TR]
[TH]401[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]402[/TH]
[TD] uchar ident[3], keynr;[/TD]
[/TR]
[TR]
[TH]403[/TH]
[TD] uchar *ecmf8Data=0;[/TD]
[/TR]
[TR]
[TH]404[/TH]
[TD] int32_t ecmf8Len=0;[/TD]
[/TR]
[TR]
[TH]405[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]406[/TH]
[TD] nanoLen=ecm88Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]407[/TH]
[TD] keynr=ecm88Data[4]&0x0F;[/TD]
[/TR]
[TR]
[TH]408[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]409[/TH]
[TD] // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here[/TD]
[/TR]
[TR]
[TH]410[/TH]
[TD] // 09 -> use key #9[/TD]
[/TR]
[TR]
[TH]411[/TH]
[TD] if(nanoLen>5) {[/TD]
[/TR]
[TR]
[TH]412[/TH]
[TD] curnumber_ecm =(ecm88Data[6]<<8) | (ecm88Data[7]);[/TD]
[/TR]
[TR]
[TH]413[/TH]
[TD] rdr_debug_mask(reader, D_READER, "checking if the ecm number (%x) match the card one (%x)",curnumber_ecm,reader->last_geo.number_ecm);[/TD]
[/TR]
[TR]
[TH]414[/TH]
[TD] // if we have an ecm number we check it.[/TD]
[/TR]
[TR]
[TH]415[/TH]
[TD] // we can't assume that if the nano len is 5 or more we have an ecm number[/TD]
[/TR]
[TR]
[TH]416[/TH]
[TD] // as some card don't support this[/TD]
[/TR]
[TR]
[TH]417[/TH]
[TD] if( reader->last_geo.number_ecm > 0 ) {[/TD]
[/TR]
[TR]
[TH]418[/TH]
[TD] if (reader->last_geo.number_ecm == curnumber_ecm && !( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )) {[/TD]
[/TR]
[TR]
[TH]419[/TH]
[TD] keynr=ecm88Data[5];[/TD]
[/TR]
[TR]
[TH]420[/TH]
[TD] rdr_debug_mask(reader, D_READER, "keyToUse = %02x, ECM ending with %02x",ecm88Data[5], ecm88Data[nanoLen-1]);[/TD]
[/TR]
[TR]
[TH]421[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]422[/TH]
[TD] if( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )[/TD]
[/TR]
[TR]
[TH]423[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]424[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x) for provider %02x%02x%02x",ecm88Data[nanoLen-1], curnumber_ecm, ecm88Data[2], ecm88Data[3], ecm88Data[4]);[/TD]
[/TR]
[TR]
[TH]425[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]426[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x)",ecm88Data[nanoLen-1], curnumber_ecm);[/TD]
[/TR]
[TR]
[TH]427[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]428[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]429[/TH]
[TD] continue; //loop to next ecm[/TD]
[/TR]
[TR]
[TH]430[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]431[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]432[/TH]
[TD] else { // long ecm but we don't have an ecm number so we have to try them all.[/TD]
[/TR]
[TR]
[TH]433[/TH]
[TD] keynr=ecm88Data[5];[/TD]
[/TR]
[TR]
[TH]434[/TH]
[TD] rdr_debug_mask(reader, D_READER, "keyToUse = %02x",ecm88Data[5]);[/TD]
[/TR]
[TR]
[TH]435[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]436[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]437[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]438[/TH]
[TD] memcpy (ident, &ecm88Data[2], sizeof(ident));[/TD]
[/TR]
[TR]
[TH]439[/TH]
[TD] provid = b2i(3, ident);[/TD]
[/TR]
[TR]
[TH]440[/TH]
[TD] ident[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]441[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]442[/TH]
[TD] if(hasD2 && reader->aes_list) {[/TD]
[/TR]
[TR]
[TH]443[/TH]
[TD] // check that we have the AES key to decode the CW[/TD]
[/TR]
[TR]
[TH]444[/TH]
[TD] // if not there is no need to send the ecm to the card[/TD]
[/TR]
[TR]
[TH]445[/TH]
[TD] if(!aes_present(reader->aes_list, 0x500, (uint32_t) (provid & 0xFFFFF0) , D2KeyID))[/TD]
[/TR]
[TR]
[TH]446[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]447[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]448[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]449[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]450[/TH]
[TD] if (!chk_prov(reader, ident, keynr))[/TD]
[/TR]
[TR]
[TH]451[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]452[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: provider or key not found on card");[/TD]
[/TR]
[TR]
[TH]453[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "provider(%02x%02x%02x) or key(%d) not found on card", ident[0],ident[1],ident[2], keynr );[/TD]
[/TR]
[TR]
[TH]454[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]455[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]456[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]457[/TH]
[TD] ecm88Data+=nanoLen;[/TD]
[/TR]
[TR]
[TH]458[/TH]
[TD] ecm88Len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]459[/TH]
[TD] curEcm88len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]460[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]461[/TH]
[TD] // DE04[/TD]
[/TR]
[TR]
[TH]462[/TH]
[TD] if (ecm88Data[0]==0xDE && ecm88Data[1]==0x04)[/TD]
[/TR]
[TR]
[TH]463[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]464[/TH]
[TD] memcpy (DE04, &ecm88Data[0], 6);[/TD]
[/TR]
[TR]
[TH]465[/TH]
[TD] ecm88Data+=6;[/TD]
[/TR]
[TR]
[TH]466[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]467[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]468[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]469[/TH]
[TD] if( reader->last_geo.provid != provid )[/TD]
[/TR]
[TR]
[TH]470[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]471[/TH]
[TD] reader->last_geo.provid = provid;[/TD]
[/TR]
[TR]
[TH]472[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]473[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]474[/TH]
[TD] write_cmd(insa4, ident); // set provider[/TD]
[/TR]
[TR]
[TH]475[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]476[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]477[/TH]
[TD] //Nano D2 0x0b Pre AES decrypt CW[/TD]
[/TR]
[TR]
[TH]478[/TH]
[TD] if ( hasD2 && nanoD2 == 1)[/TD]
[/TR]
[TR]
[TH]479[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]480[/TH]
[TD] uchar *ecm88DataCW = ecm88Data;[/TD]
[/TR]
[TR]
[TH]481[/TH]
[TD] int32_t cwStart = 0;[/TD]
[/TR]
[TR]
[TH]482[/TH]
[TD] //int32_t cwStartRes = 0;[/TD]
[/TR]
[TR]
[TH]483[/TH]
[TD] int32_t exit = 0;[/TD]
[/TR]
[TR]
[TH]484[/TH]
[TD] // find CW start[/TD]
[/TR]
[TR]
[TH]485[/TH]
[TD] while(cwStart < curEcm88len -1 && !exit)[/TD]
[/TR]
[TR]
[TH]486[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]487[/TH]
[TD] if(ecm88Data[cwStart] == 0xEA && ecm88Data[cwStart+1] == 0x10)[/TD]
[/TR]
[TR]
[TH]488[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]489[/TH]
[TD] ecm88DataCW = ecm88DataCW + cwStart + 2;[/TD]
[/TR]
[TR]
[TH]490[/TH]
[TD] exit = 1;[/TD]
[/TR]
[TR]
[TH]491[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]492[/TH]
[TD] cwStart++;[/TD]
[/TR]
[TR]
[TH]493[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]494[/TH]
[TD] // use AES from list to decrypt CW[/TD]
[/TR]
[TR]
[TH]495[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));[/TD]
[/TR]
[TR]
[TH]496[/TH]
[TD] if (aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID, &ecm88DataCW[0], 16) == 0)[/TD]
[/TR]
[TR]
[TH]497[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );[/TD]
[/TR]
[TR]
[TH]498[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]499[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]500[/TH]
[TD] while(ecm88Len>1 && ecm88Data[0]<0xA0)[/TD]
[/TR]
[TR]
[TH]501[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]502[/TH]
[TD] int32_t nanoLen=ecm88Data[1]+2;[/TD]
[/TR]
[TR]
[TH]503[/TH]
[TD] if (!ecmf8Data)[/TD]
[/TR]
[TR]
[TH]504[/TH]
[TD] ecmf8Data=(uchar *)ecm88Data;[/TD]
[/TR]
[TR]
[TH]505[/TH]
[TD] ecmf8Len+=nanoLen;[/TD]
[/TR]
[TR]
[TH]506[/TH]
[TD] ecm88Len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]507[/TH]
[TD] curEcm88len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]508[/TH]
[TD] ecm88Data+=nanoLen;[/TD]
[/TR]
[TR]
[TH]509[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]510[/TH]
[TD] if(ecmf8Len)[/TD]
[/TR]
[TR]
[TH]511[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]512[/TH]
[TD] if( reader->last_geo.geo_len!=ecmf8Len ||[/TD]
[/TR]
[TR]
[TH]513[/TH]
[TD] memcmp(reader->last_geo.geo, ecmf8Data, reader->last_geo.geo_len))[/TD]
[/TR]
[TR]
[TH]514[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]515[/TH]
[TD] memcpy(reader->last_geo.geo, ecmf8Data, ecmf8Len);[/TD]
[/TR]
[TR]
[TH]516[/TH]
[TD] reader->last_geo.geo_len= ecmf8Len;[/TD]
[/TR]
[TR]
[TH]517[/TH]
[TD] insf8[3]=keynr;[/TD]
[/TR]
[TR]
[TH]518[/TH]
[TD] insf8[4]=ecmf8Len;[/TD]
[/TR]
[TR]
[TH]519[/TH]
[TD] write_cmd(insf8, ecmf8Data);[/TD]
[/TR]
[TR]
[TH]520[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]521[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]522[/TH]
[TD] ins88[2]=ecmf8Len?1:0;[/TD]
[/TR]
[TR]
[TH]523[/TH]
[TD] ins88[3]=keynr;[/TD]
[/TR]
[TR]
[TH]524[/TH]
[TD] ins88[4]= curEcm88len;[/TD]
[/TR]
[TR]
[TH]525[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]526[/TH]
[TD] // we should check the nano to make sure the ecm is valid[/TD]
[/TR]
[TR]
[TH]527[/TH]
[TD] // we should look for at least 1 E3 nano, 1 EA nano and the F0 signature nano[/TD]
[/TR]
[TR]
[TH]528[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]529[/TH]
[TD] // DE04[/TD]
[/TR]
[TR]
[TH]530[/TH]
[TD] if (DE04[0]==0xDE)[/TD]
[/TR]
[TR]
[TH]531[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]532[/TH]
[TD] uint32_t l = curEcm88len-6;[/TD]
[/TR]
[TR]
[TH]533[/TH]
[TD] if (l > 256 || curEcm88len <= 6) { //don't known if this is ok...[/TD]
[/TR]
[TR]
[TH]534[/TH]
[TD] rdr_log(reader, "ecm invalid/too long! len=%d", curEcm88len);[/TD]
[/TR]
[TR]
[TH]535[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]536[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]537[/TH]
[TD] memcpy(DE04+6, (uchar *)ecm88Data, l);[/TD]
[/TR]
[TR]
[TH]538[/TH]
[TD] write_cmd(ins88, DE04); // request dcw[/TD]
[/TR]
[TR]
[TH]539[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]540[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]541[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]542[/TH]
[TD] write_cmd(ins88, (uchar *)ecm88Data); // request dcw[/TD]
[/TR]
[TR]
[TH]543[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]544[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]545[/TH]
[TD] write_cmd(insc0, NULL); // read dcw[/TD]
[/TR]
[TR]
[TH]546[/TH]
[TD] switch(cta_res[0])[/TD]
[/TR]
[TR]
[TH]547[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]548[/TH]
[TD] case 0xe8: // even[/TD]
[/TR]
[TR]
[TH]549[/TH]
[TD] if(cta_res[1]==8) { memcpy(ea->cw,cta_res+2,8); rc=1; }[/TD]
[/TR]
[TR]
[TH]550[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]551[/TH]
[TD] case 0xe9: // odd[/TD]
[/TR]
[TR]
[TH]552[/TH]
[TD] if(cta_res[1]==8) { memcpy(ea->cw+8,cta_res+2,8); rc=1; }[/TD]
[/TR]
[TR]
[TH]553[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]554[/TH]
[TD] case 0xea: // complete[/TD]
[/TR]
[TR]
[TH]555[/TH]
[TD] if(cta_res[1]==16) { memcpy(ea->cw,cta_res+2,16); rc=1; }[/TD]
[/TR]
[TR]
[TH]556[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]557[/TH]
[TD] default :[/TD]
[/TR]
[TR]
[TH]558[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]559[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]560[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: key to use is not the current one, trying next ECM");[/TD]
[/TR]
[TR]
[TH]561[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "key to use is not the current one, trying next ECM" );[/TD]
[/TR]
[TR]
[TH]562[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]563[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]564[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]565[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]566[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]567[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: Unknown ECM type");[/TD]
[/TR]
[TR]
[TH]568[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "Unknown ECM type" );[/TD]
[/TR]
[TR]
[TH]569[/TH]
[TD] return ERROR; /*Lets interupt the loop and exit, because we don't know this ECM type.*/[/TD]
[/TR]
[TR]
[TH]570[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]571[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]572[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]573[/TH]
[TD] if ( hasD2 && !dcw_crc(ea->cw) && nanoD2 == 2) {[/TD]
[/TR]
[TR]
[TH]574[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));[/TD]
[/TR]
[TR]
[TH]575[/TH]
[TD] rc=aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID,ea->cw, 16);[/TD]
[/TR]
[TR]
[TH]576[/TH]
[TD] if( rc == 0 )[/TD]
[/TR]
[TR]
[TH]577[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );[/TD]
[/TR]
[TR]
[TH]578[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]579[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]580[/TH]
[TD] return(rc?OK:ERROR);[/TD]
[/TR]
[TR]
[TH]581[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]582[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]583[/TH]
[TD]static int32_t viaccess_get_emm_type(EMM_PACKET *ep, struct s_reader * rdr)[/TD]
[/TR]
[TR]
[TH]584[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]585[/TH]
[TD] uint32_t provid=0;[/TD]
[/TR]
[TR]
[TH]586[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "Entered viaccess_get_emm_type ep->emm[0]=%02x",ep->emm[0]);[/TD]
[/TR]
[TR]
[TH]587[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]588[/TH]
[TD] if (ep->emm[3] == 0x90 && ep->emm[4] == 0x03) {[/TD]
[/TR]
[TR]
[TH]589[/TH]
[TD] provid = ep->emm[5] << 16 | ep->emm[6] << 8 | (ep->emm[7] & 0xFE);[/TD]
[/TR]
[TR]
[TH]590[/TH]
[TD] i2b_buf(4, provid, ep->provid);[/TD]
[/TR]
[TR]
[TH]591[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]592[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]593[/TH]
[TD] switch (ep->emm[0]) {[/TD]
[/TR]
[TR]
[TH]594[/TH]
[TD]case 0x88:[/TD]
[/TR]
[TR]
[TH]595[/TH]
[TD] ep->type=UNIQUE;[/TD]
[/TR]
[TR]
[TH]596[/TH]
[TD] memset(ep->hexserial, 0, 8);[/TD]
[/TR]
[TR]
[TH]597[/TH]
[TD] memcpy(ep->hexserial, ep->emm + 4, 4);[/TD]
[/TR]
[TR]
[TH]598[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "UNIQUE");[/TD]
[/TR]
[TR]
[TH]599[/TH]
[TD] return(!memcmp(rdr->hexserial + 1, ep->hexserial, 4));[/TD]
[/TR]
[TR]
[TH]600[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]601[/TH]
[TD]case 0x8A:[/TD]
[/TR]
[TR]
[TH]602[/TH]
[TD]case 0x8B:[/TD]
[/TR]
[TR]
[TH]603[/TH]
[TD] ep->type=GLOBAL;[/TD]
[/TR]
[TR]
[TH]604[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "GLOBAL");[/TD]
[/TR]
[TR]
[TH]605[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]606[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]607[/TH]
[TD]case 0x8C:[/TD]
[/TR]
[TR]
[TH]608[/TH]
[TD]case 0x8D:[/TD]
[/TR]
[TR]
[TH]609[/TH]
[TD] ep->type=SHARED;[/TD]
[/TR]
[TR]
[TH]610[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "SHARED (part)");[/TD]
[/TR]
[TR]
[TH]611[/TH]
[TD] return FALSE;[/TD]
[/TR]
[TR]
[TH]612[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]613[/TH]
[TD]case 0x8E:[/TD]
[/TR]
[TR]
[TH]614[/TH]
[TD] ep->type=SHARED;[/TD]
[/TR]
[TR]
[TH]615[/TH]
[TD] memset(ep->hexserial, 0, 8);[/TD]
[/TR]
[TR]
[TH]616[/TH]
[TD] memcpy(ep->hexserial, ep->emm + 3, 3);[/TD]
[/TR]
[TR]
[TH]617[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "SHARED");[/TD]
[/TR]
[TR]
[TH]618[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]619[/TH]
[TD] //check for provider as serial (cccam only?)[/TD]
[/TR]
[TR]
[TH]620[/TH]
[TD] int8_t i;[/TD]
[/TR]
[TR]
[TH]621[/TH]
[TD] for (i=0;i<rdr->nprov;i++) {[/TD]
[/TR]
[TR]
[TH]622[/TH]
[TD] if (!memcmp(&rdr->prid[1], ep->hexserial, 3))[/TD]
[/TR]
[TR]
[TH]623[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]624[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]625[/TH]
[TD] return(!memcmp(&rdr->sa[0][0], ep->hexserial, 3));[/TD]
[/TR]
[TR]
[TH]626[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]627[/TH]
[TD]default:[/TD]
[/TR]
[TR]
[TH]628[/TH]
[TD] ep->type = UNKNOWN;[/TD]
[/TR]
[TR]
[TH]629[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "UNKNOWN");[/TD]
[/TR]
[TR]
[TH]630[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]631[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]632[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]633[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]634[/TH]
[TD]static void viaccess_get_emm_filter(struct s_reader * rdr, uchar *filter)[/TD]
[/TR]
[TR]
[TH]635[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]636[/TH]
[TD] int32_t idx = 2;[/TD]
[/TR]
[TR]
[TH]637[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]638[/TH]
[TD] filter[0]=0xFF;[/TD]
[/TR]
[TR]
[TH]639[/TH]
[TD] filter[1]=0;[/TD]
[/TR]
[TR]
[TH]640[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]641[/TH]
[TD] filter[idx++]=EMM_GLOBAL;[/TD]
[/TR]
[TR]
[TH]642[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]643[/TH]
[TD] filter[idx+0] = 0x8D;[/TD]
[/TR]
[TR]
[TH]644[/TH]
[TD] filter[idx+0+16] = 0xFE;[/TD]
[/TR]
[TR]
[TH]645[/TH]
[TD] //filter[idx+6] = 0xA0; // FIXME: dummy, flood client with EMM's[/TD]
[/TR]
[TR]
[TH]646[/TH]
[TD] //filter[idx+6+16] = 0xF0;[/TD]
[/TR]
[TR]
[TH]647[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]648[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]649[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]650[/TH]
[TD] filter[idx++]=EMM_SHARED;[/TD]
[/TR]
[TR]
[TH]651[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]652[/TH]
[TD] filter[idx+0] = 0x8E;[/TD]
[/TR]
[TR]
[TH]653[/TH]
[TD] filter[idx+0+16] = 0xFF;[/TD]
[/TR]
[TR]
[TH]654[/TH]
[TD] memcpy(filter+idx+1, &rdr->sa[0][0], 3);[/TD]
[/TR]
[TR]
[TH]655[/TH]
[TD] memset(filter+idx+1+16, 0xFF, 3);[/TD]
[/TR]
[TR]
[TH]656[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]657[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]658[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]659[/TH]
[TD] filter[idx++]=EMM_UNIQUE;[/TD]
[/TR]
[TR]
[TH]660[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]661[/TH]
[TD] filter[idx+0] = 0x88;[/TD]
[/TR]
[TR]
[TH]662[/TH]
[TD] filter[idx+0+16] = 0xFF;[/TD]
[/TR]
[TR]
[TH]663[/TH]
[TD] memcpy(filter+idx+1, rdr->hexserial + 1, 4);[/TD]
[/TR]
[TR]
[TH]664[/TH]
[TD] memset(filter+idx+1+16, 0xFF, 4);[/TD]
[/TR]
[TR]
[TH]665[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]666[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]667[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]668[/TH]
[TD] return;[/TD]
[/TR]
[TR]
[TH]669[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]670[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]671[/TH]
[TD]static int32_t viaccess_do_emm(struct s_reader * reader, EMM_PACKET *ep)[/TD]
[/TR]
[TR]
[TH]672[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]673[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]674[/TH]
[TD] static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id[/TD]
[/TR]
[TR]
[TH]675[/TH]
[TD] unsigned char insf0[] = { 0xca,0xf0,0x00,0x01,0x22 }; // set adf[/TD]
[/TR]
[TR]
[TH]676[/TH]
[TD] unsigned char insf4[] = { 0xca,0xf4,0x00,0x01,0x00 }; // set adf, encrypted[/TD]
[/TR]
[TR]
[TH]677[/TH]
[TD] unsigned char ins18[] = { 0xca,0x18,0x01,0x01,0x00 }; // set subscription[/TD]
[/TR]
[TR]
[TH]678[/TH]
[TD] unsigned char ins1c[] = { 0xca,0x1c,0x01,0x01,0x00 }; // set subscription, encrypted[/TD]
[/TR]
[TR]
[TH]679[/TH]
[TD] static const unsigned char insc8[] = { 0xca,0xc8,0x00,0x00,0x02 }; // read extended status[/TD]
[/TR]
[TR]
[TH]680[/TH]
[TD] // static const unsigned char insc8Data[] = { 0x00,0x00 }; // data for read extended status[/TD]
[/TR]
[TR]
[TH]681[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]682[/TH]
[TD] int32_t emmdatastart=7;[/TD]
[/TR]
[TR]
[TH]683[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]684[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]685[/TH]
[TD] if (ep->type == UNIQUE) emmdatastart++;[/TD]
[/TR]
[TR]
[TH]686[/TH]
[TD] int32_t emmLen=SCT_LEN(ep->emm)-emmdatastart;[/TD]
[/TR]
[TR]
[TH]687[/TH]
[TD] int32_t rc=0;[/TD]
[/TR]
[TR]
[TH]688[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]689[/TH]
[TD] ///cs_dump(ep->emm, emmLen+emmdatastart, "RECEIVED EMM VIACCESS");[/TD]
[/TR]
[TR]
[TH]690[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]691[/TH]
[TD] int32_t emmUpToEnd;[/TD]
[/TR]
[TR]
[TH]692[/TH]
[TD] uchar *emmParsed = ep->emm+emmdatastart;[/TD]
[/TR]
[TR]
[TH]693[/TH]
[TD] int32_t provider_ok = 0;[/TD]
[/TR]
[TR]
[TH]694[/TH]
[TD] uint32_t emm_provid;[/TD]
[/TR]
[TR]
[TH]695[/TH]
[TD] uchar keynr = 0;[/TD]
[/TR]
[TR]
[TH]696[/TH]
[TD] int32_t ins18Len = 0;[/TD]
[/TR]
[TR]
[TH]697[/TH]
[TD] uchar ins18Data[512];[/TD]
[/TR]
[TR]
[TH]698[/TH]
[TD] uchar insData[512];[/TD]
[/TR]
[TR]
[TH]699[/TH]
[TD] uchar *nano81Data = 0;[/TD]
[/TR]
[TR]
[TH]700[/TH]
[TD] uchar *nano91Data = 0;[/TD]
[/TR]
[TR]
[TH]701[/TH]
[TD] uchar *nano92Data = 0;[/TD]
[/TR]
[TR]
[TH]702[/TH]
[TD] uchar *nano9EData = 0;[/TD]
[/TR]
[TR]
[TH]703[/TH]
[TD] uchar *nanoF0Data = 0;[/TD]
[/TR]
[TR]
[TH]704[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]705[/TH]
[TD] for (emmUpToEnd=emmLen; (emmParsed[1] != 0) && (emmUpToEnd > 0); emmUpToEnd -= (2 + emmParsed[1]), emmParsed += (2 + emmParsed[1])) {[/TD]
[/TR]
[TR]
[TH]706[/TH]
[TD] ///cs_dump (emmParsed, emmParsed[1] + 2, "NANO");[/TD]
[/TR]
[TR]
[TH]707[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]708[/TH]
[TD] if (emmParsed[0]==0x90 && emmParsed[1]==0x03) {[/TD]
[/TR]
[TR]
[TH]709[/TH]
[TD] /* identification of the service operator */[/TD]
[/TR]
[TR]
[TH]710[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]711[/TH]
[TD] uchar soid[3], ident[3], i;[/TD]
[/TR]
[TR]
[TH]712[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]713[/TH]
[TD] for (i=0; i<3; i++) {[/TD]
[/TR]
[TR]
[TH]714[/TH]
[TD] soid=ident=emmParsed[2+i];[/TD]
[/TR]
[TR]
[TH]715[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]716[/TH]
[TD] ident[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]717[/TH]
[TD] emm_provid=b2i(3, ident);[/TD]
[/TR]
[TR]
[TH]718[/TH]
[TD] keynr=soid[2]&0x0F;[/TD]
[/TR]
[TR]
[TH]719[/TH]
[TD] if (chk_prov(reader, ident, keynr)) {[/TD]
[/TR]
[TR]
[TH]720[/TH]
[TD] provider_ok = 1;[/TD]
[/TR]
[TR]
[TH]721[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]722[/TH]
[TD] rdr_log(reader, "EMM: provider or key not found on card (%x, %x)", emm_provid, keynr);[/TD]
[/TR]
[TR]
[TH]723[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]724[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]725[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]726[/TH]
[TD] // check if the provider changes. If yes, set the new one. If not, don't .. card will return an error if we do.[/TD]
[/TR]
[TR]
[TH]727[/TH]
[TD] if( reader->last_geo.provid != emm_provid ) {[/TD]
[/TR]
[TR]
[TH]728[/TH]
[TD] write_cmd(insa4, ident);[/TD]
[/TR]
[TR]
[TH]729[/TH]
[TD] if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]730[/TH]
[TD] cs_dump(insa4, 5, "set provider cmd:");[/TD]
[/TR]
[TR]
[TH]731[/TH]
[TD] cs_dump(soid, 3, "set provider data:");[/TD]
[/TR]
[TR]
[TH]732[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]733[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]734[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]735[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]736[/TH]
[TD] // as we are maybe changing the used provider, clear the cache, so the next ecm will re-select the correct one[/TD]
[/TR]
[TR]
[TH]737[/TH]
[TD] reader->last_geo.provid = 0;[/TD]
[/TR]
[TR]
[TH]738[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]739[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]740[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]741[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]742[/TH]
[TD] else if (emmParsed[0]==0x9e && emmParsed[1]==0x20) {[/TD]
[/TR]
[TR]
[TH]743[/TH]
[TD] /* adf */[/TD]
[/TR]
[TR]
[TH]744[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]745[/TH]
[TD] if (!nano91Data) {[/TD]
[/TR]
[TR]
[TH]746[/TH]
[TD] /* adf is not crypted, so test it */[/TD]
[/TR]
[TR]
[TH]747[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]748[/TH]
[TD] uchar custwp;[/TD]
[/TR]
[TR]
[TH]749[/TH]
[TD] uchar *afd;[/TD]
[/TR]
[TR]
[TH]750[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]751[/TH]
[TD] custwp=reader->sa[0][3];[/TD]
[/TR]
[TR]
[TH]752[/TH]
[TD] afd=(uchar*)emmParsed+2;[/TD]
[/TR]
[TR]
[TH]753[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]754[/TH]
[TD] if( afd[31-custwp/8] & (1 << (custwp & 7)) )[/TD]
[/TR]
[TR]
[TH]755[/TH]
[TD] rdr_debug_mask(reader, D_READER, "emm for our card %08X", b2i(4, &reader->sa[0][0]));[/TD]
[/TR]
[TR]
[TH]756[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]757[/TH]
[TD] return SKIPPED;[/TD]
[/TR]
[TR]
[TH]758[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]759[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]760[/TH]
[TD] // memorize[/TD]
[/TR]
[TR]
[TH]761[/TH]
[TD] nano9EData = emmParsed;[/TD]
[/TR]
[TR]
[TH]762[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]763[/TH]
[TD] } else if (emmParsed[0]==0x81) {[/TD]
[/TR]
[TR]
[TH]764[/TH]
[TD] nano81Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]765[/TH]
[TD] } else if (emmParsed[0]==0x91 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]766[/TH]
[TD] nano91Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]767[/TH]
[TD] } else if (emmParsed[0]==0x92 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]768[/TH]
[TD] nano92Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]769[/TH]
[TD] } else if (emmParsed[0]==0xF0 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]770[/TH]
[TD] nanoF0Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]771[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]772[/TH]
[TD] /* other nanos */[/TD]
[/TR]
[TR]
[TH]773[/TH]
[TD] show_subs(reader, emmParsed);[/TD]
[/TR]
[TR]
[TH]774[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]775[/TH]
[TD] memcpy(ins18Data+ins18Len, emmParsed, emmParsed[1] + 2);[/TD]
[/TR]
[TR]
[TH]776[/TH]
[TD] ins18Len += emmParsed [1] + 2;[/TD]
[/TR]
[TR]
[TH]777[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]778[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]779[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]780[/TH]
[TD] if (!provider_ok) {[/TD]
[/TR]
[TR]
[TH]781[/TH]
[TD] rdr_debug_mask(reader, D_READER, "provider not found in emm, continue anyway");[/TD]
[/TR]
[TR]
[TH]782[/TH]
[TD] // force key to 1...[/TD]
[/TR]
[TR]
[TH]783[/TH]
[TD] keynr = 1;[/TD]
[/TR]
[TR]
[TH]784[/TH]
[TD] ///return ERROR;[/TD]
[/TR]
[TR]
[TH]785[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]786[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]787[/TH]
[TD] if (!nanoF0Data) {[/TD]
[/TR]
[TR]
[TH]788[/TH]
[TD] cs_dump(ep->emm, ep->l, "can't find 0xf0 in emm...");[/TD]
[/TR]
[TR]
[TH]789[/TH]
[TD] return ERROR; // error[/TD]
[/TR]
[TR]
[TH]790[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]791[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]792[/TH]
[TD] if (nano9EData) {[/TD]
[/TR]
[TR]
[TH]793[/TH]
[TD] if (!nano91Data) {[/TD]
[/TR]
[TR]
[TH]794[/TH]
[TD] // set adf[/TD]
[/TR]
[TR]
[TH]795[/TH]
[TD] insf0[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]796[/TH]
[TD] insf0[4] = nano9EData[1] + 2;[/TD]
[/TR]
[TR]
[TH]797[/TH]
[TD] write_cmd(insf0, nano9EData);[/TD]
[/TR]
[TR]
[TH]798[/TH]
[TD] if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]799[/TH]
[TD] cs_dump(insf0, 5, "set adf cmd:");[/TD]
[/TR]
[TR]
[TH]800[/TH]
[TD] cs_dump(nano9EData, insf0[4] , "set adf data:");[/TD]
[/TR]
[TR]
[TH]801[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]802[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]803[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]804[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]805[/TH]
[TD] // set adf crypte[/TD]
[/TR]
[TR]
[TH]806[/TH]
[TD] insf4[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]807[/TH]
[TD] insf4[4] = nano91Data[1] + 2 + nano9EData[1] + 2;[/TD]
[/TR]
[TR]
[TH]808[/TH]
[TD] memcpy (insData, nano91Data, nano91Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]809[/TH]
[TD] memcpy (insData + nano91Data[1] + 2, nano9EData, nano9EData[1] + 2);[/TD]
[/TR]
[TR]
[TH]810[/TH]
[TD] write_cmd(insf4, insData);[/TD]
[/TR]
[TR]
[TH]811[/TH]
[TD] if(( cta_res[cta_lr-2]!=0x90 && cta_res[cta_lr-2]!=0x91) || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]812[/TH]
[TD] cs_dump(insf4, 5, "set adf encrypted cmd:");[/TD]
[/TR]
[TR]
[TH]813[/TH]
[TD] cs_dump(insData, insf4[4], "set adf encrypted data:");[/TD]
[/TR]
[TR]
[TH]814[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]815[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]816[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]817[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]818[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]819[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]820[/TH]
[TD] if (!nano92Data) {[/TD]
[/TR]
[TR]
[TH]821[/TH]
[TD] // send subscription[/TD]
[/TR]
[TR]
[TH]822[/TH]
[TD] ins18[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?[/TD]
[/TR]
[TR]
[TH]823[/TH]
[TD] ins18[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]824[/TH]
[TD] ins18[4] = ins18Len + nanoF0Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]825[/TH]
[TD] memcpy (insData, ins18Data, ins18Len);[/TD]
[/TR]
[TR]
[TH]826[/TH]
[TD] memcpy (insData + ins18Len, nanoF0Data, nanoF0Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]827[/TH]
[TD] write_cmd(ins18, insData);[/TD]
[/TR]
[TR]
[TH]828[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 || cta_res[cta_lr-2]==0x91) && cta_res[cta_lr-1]==0x00 ) {[/TD]
[/TR]
[TR]
[TH]829[/TH]
[TD] rdr_debug_mask(reader, D_READER, "update successfully written");[/TD]
[/TR]
[TR]
[TH]830[/TH]
[TD] rc=1; // written[/TD]
[/TR]
[TR]
[TH]831[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]832[/TH]
[TD] cs_dump(ins18, 5, "set subscription cmd:");[/TD]
[/TR]
[TR]
[TH]833[/TH]
[TD] cs_dump(insData, ins18[4], "set subscription data:");[/TD]
[/TR]
[TR]
[TH]834[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]835[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]836[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]837[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]838[/TH]
[TD] // send subscription encrypted[/TD]
[/TR]
[TR]
[TH]839[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]840[/TH]
[TD] if (!nano81Data) {[/TD]
[/TR]
[TR]
[TH]841[/TH]
[TD] cs_dump(ep->emm, ep->l, "0x92 found, but can't find 0x81 in emm...");[/TD]
[/TR]
[TR]
[TH]842[/TH]
[TD] return ERROR; // error[/TD]
[/TR]
[TR]
[TH]843[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]844[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]845[/TH]
[TD] ins1c[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?[/TD]
[/TR]
[TR]
[TH]846[/TH]
[TD] if (ep->type == UNIQUE) ins1c[2] = 0x02;[/TD]
[/TR]
[TR]
[TH]847[/TH]
[TD] ins1c[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]848[/TH]
[TD] ins1c[4] = nano92Data[1] + 2 + nano81Data[1] + 2 + nanoF0Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]849[/TH]
[TD] memcpy (insData, nano92Data, nano92Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]850[/TH]
[TD] memcpy (insData + nano92Data[1] + 2, nano81Data, nano81Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]851[/TH]
[TD] memcpy (insData + nano92Data[1] + 2 + nano81Data[1] + 2, nanoF0Data, nanoF0Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]852[/TH]
[TD] write_cmd(ins1c, insData);[/TD]
[/TR]
[TR]
[TH]853[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]854[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {[/TD]
[/TR]
[TR]
[TH]855[/TH]
[TD] rdr_log(reader, "update successfully written");[/TD]
[/TR]
[TR]
[TH]856[/TH]
[TD] rc=1; // written[/TD]
[/TR]
[TR]
[TH]857[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]858[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]859[/TH]
[TD] if( cta_res[cta_lr-2]&0x1 )[/TD]
[/TR]
[TR]
[TH]860[/TH]
[TD] rdr_log(reader, "update not written. Data already exists or unknown address");[/TD]
[/TR]
[TR]
[TH]861[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]862[/TH]
[TD] //if( cta_res[cta_lr-2]&0x8 ) {[/TD]
[/TR]
[TR]
[TH]863[/TH]
[TD] write_cmd(insc8, NULL);[/TD]
[/TR]
[TR]
[TH]864[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {[/TD]
[/TR]
[TR]
[TH]865[/TH]
[TD] rdr_log(reader, "extended status %02X %02X", cta_res[0], cta_res[1]);[/TD]
[/TR]
[TR]
[TH]866[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]867[/TH]
[TD] //}[/TD]
[/TR]
[TR]
[TH]868[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]869[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]870[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]871[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]872[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]873[/TH]
[TD] /*[/TD]
[/TR]
[TR]
[TH]874[/TH]
[TD] Sub Main()[/TD]
[/TR]
[TR]
[TH]875[/TH]
[TD] Sc.Write("CA A4 04 00 03")[/TD]
[/TR]
[TR]
[TH]876[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]877[/TH]
[TD] Sc.Write("02 07 11")[/TD]
[/TR]
[TR]
[TH]878[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]879[/TH]
[TD] Sc.Write("CA F0 00 01 22")[/TD]
[/TR]
[TR]
[TH]880[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]881[/TH]
[TD] Sc.Write("9E 20")[/TD]
[/TR]
[TR]
[TH]882[/TH]
[TD] Sc.Write("10 10 08 8A 80 00 04 00 10 10 26 E8 54 80 1E 80")[/TD]
[/TR]
[TR]
[TH]883[/TH]
[TD] Sc.Write("00 01 00 00 00 00 00 50 00 00 80 02 22 00 08 50")[/TD]
[/TR]
[TR]
[TH]884[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]885[/TH]
[TD] Sc.Write("CA 18 01 01 11")[/TD]
[/TR]
[TR]
[TH]886[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]887[/TH]
[TD] Sc.Write("A9 05 34 DE 34 FF 80")[/TD]
[/TR]
[TR]
[TH]888[/TH]
[TD] Sc.Write("F0 08 1A 3E AF B5 2B EE E3 3B")[/TD]
[/TR]
[TR]
[TH]889[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]890[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]891[/TH]
[TD] End Sub[/TD]
[/TR]
[TR]
[TH]892[/TH]
[TD] */[/TD]
[/TR]
[TR]
[TH]893[/TH]
[TD] return rc;[/TD]
[/TR]
[TR]
[TH]894[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]895[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]896[/TH]
[TD]static int32_t viaccess_card_info(struct s_reader * reader)[/TD]
[/TR]
[TR]
[TH]897[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]898[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]899[/TH]
[TD] int32_t i, l;[/TD]
[/TR]
[TR]
[TH]900[/TH]
[TD] uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data[/TD]
[/TR]
[TR]
[TH]901[/TH]
[TD] uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data[/TD]
[/TR]
[TR]
[TH]902[/TH]
[TD] uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer[/TD]
[/TR]
[TR]
[TH]903[/TH]
[TD] uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item[/TD]
[/TR]
[TR]
[TH]904[/TH]
[TD] static const uchar ins24[] = { 0xca, 0x24, 0x00, 0x00, 0x09 }; // set pin[/TD]
[/TR]
[TR]
[TH]905[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]906[/TH]
[TD] static const uchar cls[] = { 0x00, 0x21, 0xff, 0x9f};[/TD]
[/TR]
[TR]
[TH]907[/TH]
[TD] static const uchar pin[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04};[/TD]
[/TR]
[TR]
[TH]908[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]909[/TH]
[TD] reader->last_geo.provid = 0;[/TD]
[/TR]
[TR]
[TH]910[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]911[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]912[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]913[/TH]
[TD] rdr_log(reader, "card detected");[/TD]
[/TR]
[TR]
[TH]914[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]915[/TH]
[TD] cs_clear_entitlement(reader); //reset the entitlements[/TD]
[/TR]
[TR]
[TH]916[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]917[/TH]
[TD] // set pin[/TD]
[/TR]
[TR]
[TH]918[/TH]
[TD] write_cmd(ins24, pin);[/TD]
[/TR]
[TR]
[TH]919[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]920[/TH]
[TD] insac[2]=0xa4; write_cmd(insac, NULL); // request unique id[/TD]
[/TR]
[TR]
[TH]921[/TH]
[TD] insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id[/TD]
[/TR]
[TR]
[TH]922[/TH]
[TD] rdr_log_sensitive(reader, "serial: {%llu}", (unsigned long long) b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]923[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]924[/TH]
[TD] insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0[/TD]
[/TR]
[TR]
[TH]925[/TH]
[TD] for (i=1; (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0); i++)[/TD]
[/TR]
[TR]
[TH]926[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]927[/TH]
[TD] uint32_t l_provid, l_sa;[/TD]
[/TR]
[TR]
[TH]928[/TH]
[TD] uchar l_name[64];[/TD]
[/TR]
[TR]
[TH]929[/TH]
[TD] insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties[/TD]
[/TR]
[TR]
[TH]930[/TH]
[TD] cta_res[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]931[/TH]
[TD] l_provid=b2i(3, cta_res);[/TD]
[/TR]
[TR]
[TH]932[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]933[/TH]
[TD] insac[2]=0xa5; write_cmd(insac, NULL); // request sa[/TD]
[/TR]
[TR]
[TH]934[/TH]
[TD] insb8[4]=0x06; write_cmd(insb8, NULL); // read sa[/TD]
[/TR]
[TR]
[TH]935[/TH]
[TD] l_sa=b2i(4, cta_res+2);[/TD]
[/TR]
[TR]
[TH]936[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]937[/TH]
[TD] insac[2]=0xa7; write_cmd(insac, NULL); // request name[/TD]
[/TR]
[TR]
[TH]938[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len[/TD]
[/TR]
[TR]
[TH]939[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]940[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read name[/TD]
[/TR]
[TR]
[TH]941[/TH]
[TD] cta_res[l]=0;[/TD]
[/TR]
[TR]
[TH]942[/TH]
[TD] trim((char *)cta_res);[/TD]
[/TR]
[TR]
[TH]943[/TH]
[TD] if (cta_res[0])[/TD]
[/TR]
[TR]
[TH]944[/TH]
[TD] snprintf((char *)l_name, sizeof(l_name), ", name: %s", cta_res);[/TD]
[/TR]
[TR]
[TH]945[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]946[/TH]
[TD] l_name[0]=0;[/TD]
[/TR]
[TR]
[TH]947[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]948[/TH]
[TD] // read GEO[/TD]
[/TR]
[TR]
[TH]949[/TH]
[TD] insac[2]=0xa6; write_cmd(insac, NULL); // request GEO[/TD]
[/TR]
[TR]
[TH]950[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read GEO nano + len[/TD]
[/TR]
[TR]
[TH]951[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]952[/TH]
[TD] char tmp[l*3+1];[/TD]
[/TR]
[TR]
[TH]953[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read geo[/TD]
[/TR]
[TR]
[TH]954[/TH]
[TD] rdr_log_sensitive(reader, "provider: %d, id: {%06X%s}, sa: {%08X}, geo: %s",[/TD]
[/TR]
[TR]
[TH]955[/TH]
[TD] i, l_provid, l_name, l_sa, (l<4) ? "empty" : cs_hexdump(1, cta_res, l, tmp, sizeof(tmp)));[/TD]
[/TR]
[TR]
[TH]956[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]957[/TH]
[TD] // read classes subscription[/TD]
[/TR]
[TR]
[TH]958[/TH]
[TD] insac[2]=0xa9; insac[4]=4;[/TD]
[/TR]
[TR]
[TH]959[/TH]
[TD] write_cmd(insac, cls); // request class subs[/TD]
[/TR]
[TR]
[TH]960[/TH]
[TD] while( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]961[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]962[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read class subs nano + len[/TD]
[/TR]
[TR]
[TH]963[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]964[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]965[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]966[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read class subs[/TD]
[/TR]
[TR]
[TH]967[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90) &&[/TD]
[/TR]
[TR]
[TH]968[/TH]
[TD] (cta_res[cta_lr-1]==0x00 || cta_res[cta_lr-1]==0x08) )[/TD]
[/TR]
[TR]
[TH]969[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]970[/TH]
[TD] show_class(reader, NULL, l_provid, cta_res, cta_lr-2);[/TD]
[/TR]
[TR]
[TH]971[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]972[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]973[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]974[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]975[/TH]
[TD] insac[4]=0;[/TD]
[/TR]
[TR]
[TH]976[/TH]
[TD] insa4[2]=0x02;[/TD]
[/TR]
[TR]
[TH]977[/TH]
[TD] write_cmd(insa4, NULL); // select next provider[/TD]
[/TR]
[TR]
[TH]978[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]979[/TH]
[TD] //return ERROR;[/TD]
[/TR]
[TR]
[TH]980[/TH]
[TD] return OK;[/TD]
[/TR]
[TR]
[TH]981[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]982[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]983[/TH]
[TD]#ifdef HAVE_DVBAPI[/TD]
[/TR]
[TR]
[TH]984[/TH]
[TD]void dvbapi_sort_nanos(unsigned char *dest, const unsigned char *src, int32_t len);[/TD]
[/TR]
[TR]
[TH]985[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]986[/TH]
[TD]int32_t viaccess_reassemble_emm(uchar *buffer, uint32_t *len) {[/TD]
[/TR]
[TR]
[TH]987[/TH]
[TD] static uchar emm_global[512];[/TD]
[/TR]
[TR]
[TH]988[/TH]
[TD] static int32_t emm_global_len = 0;[/TD]
[/TR]
[TR]
[TH]989[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]990[/TH]
[TD] int32_t pos=0, i;[/TD]
[/TR]
[TR]
[TH]991[/TH]
[TD] uint32_t k;[/TD]
[/TR]
[TR]
[TH]992[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]993[/TH]
[TD] // Viaccess[/TD]
[/TR]
[TR]
[TH]994[/TH]
[TD] if (*len>500) return 0;[/TD]
[/TR]
[TR]
[TH]995[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]996[/TH]
[TD] switch(buffer[0]) {[/TD]
[/TR]
[TR]
[TH]997[/TH]
[TD] case 0x8c:[/TD]
[/TR]
[TR]
[TH]998[/TH]
[TD] case 0x8d:[/TD]
[/TR]
[TR]
[TH]999[/TH]
[TD] // emm-s part 1[/TD]
[/TR]
[TR]
[TH]1000[/TH]
[TD] if (!memcmp(emm_global, buffer, *len))[/TD]
[/TR]
[TR]
[TH]1001[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]1002[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1003[/TH]
[TD] // copy first part of the emm-s[/TD]
[/TR]
[TR]
[TH]1004[/TH]
[TD] memcpy(emm_global, buffer, *len);[/TD]
[/TR]
[TR]
[TH]1005[/TH]
[TD] emm_global_len=*len;[/TD]
[/TR]
[TR]
[TH]1006[/TH]
[TD] //cs_ddump_mask(D_READER, buffer, len, "viaccess global emm:");[/TD]
[/TR]
[TR]
[TH]1007[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]1008[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1009[/TH]
[TD] case 0x8e:[/TD]
[/TR]
[TR]
[TH]1010[/TH]
[TD] // emm-s part 2[/TD]
[/TR]
[TR]
[TH]1011[/TH]
[TD] if (!emm_global_len) return 0;[/TD]
[/TR]
[TR]
[TH]1012[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1013[/TH]
[TD] //extract nanos from emm-gh and emm-s[/TD]
[/TR]
[TR]
[TH]1014[/TH]
[TD] uchar emmbuf[512];[/TD]
[/TR]
[TR]
[TH]1015[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1016[/TH]
[TD] cs_debug_mask(D_DVBAPI, "[viaccess] %s: start extracting nanos", __func__);[/TD]
[/TR]
[TR]
[TH]1017[/TH]
[TD] //extract from emm-gh[/TD]
[/TR]
[TR]
[TH]1018[/TH]
[TD] for (i=3; i<emm_global_len; i+=emm_global[i+1]+2) {[/TD]
[/TR]
[TR]
[TH]1019[/TH]
[TD] //copy nano (length determined by i+1)[/TD]
[/TR]
[TR]
[TH]1020[/TH]
[TD] memcpy(emmbuf+pos, emm_global+i, emm_global[i+1]+2);[/TD]
[/TR]
[TR]
[TH]1021[/TH]
[TD] pos+=emm_global[i+1]+2;[/TD]
[/TR]
[TR]
[TH]1022[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1023[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1024[/TH]
[TD] if (buffer[2]==0x2c) {[/TD]
[/TR]
[TR]
[TH]1025[/TH]
[TD] //add 9E 20 nano + first 32 bytes of emm content[/TD]
[/TR]
[TR]
[TH]1026[/TH]
[TD] memcpy(emmbuf+pos, "\x9E\x20", 2);[/TD]
[/TR]
[TR]
[TH]1027[/TH]
[TD] memcpy(emmbuf+pos+2, buffer+7, 32);[/TD]
[/TR]
[TR]
[TH]1028[/TH]
[TD] pos+=34;[/TD]
[/TR]
[TR]
[TH]1029[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1030[/TH]
[TD] //add F0 08 nano + 8 subsequent bytes of emm content[/TD]
[/TR]
[TR]
[TH]1031[/TH]
[TD] memcpy(emmbuf+pos, "\xF0\x08", 2);[/TD]
[/TR]
[TR]
[TH]1032[/TH]
[TD] memcpy(emmbuf+pos+2, buffer+39, 8);[/TD]
[/TR]
[TR]
[TH]1033[/TH]
[TD] pos+=10;[/TD]
[/TR]
[TR]
[TH]1034[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]1035[/TH]
[TD] //extract from variable emm-s[/TD]
[/TR]
[TR]
[TH]1036[/TH]
[TD] for (k=7; k<(*len); k+=buffer[k+1]+2) {[/TD]
[/TR]
[TR]
[TH]1037[/TH]
[TD] //copy nano (length determined by k+1)[/TD]
[/TR]
[TR]
[TH]1038[/TH]
[TD] memcpy(emmbuf+pos, buffer+k, buffer[k+1]+2);[/TD]
[/TR]
[TR]
[TH]1039[/TH]
[TD] pos+=buffer[k+1]+2;[/TD]
[/TR]
[TR]
[TH]1040[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1041[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1042[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1043[/TH]
[TD] cs_ddump_mask(D_DVBAPI, buffer, *len, "[viaccess] %s: %s emm-s", __func__, (buffer[2]==0x2c) ? "fixed" : "variable");[/TD]
[/TR]
[TR]
[TH]1044[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1045[/TH]
[TD] dvbapi_sort_nanos(buffer+7, emmbuf, pos);[/TD]
[/TR]
[TR]
[TH]1046[/TH]
[TD] pos+=7;[/TD]
[/TR]
[TR]
[TH]1047[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1048[/TH]
[TD] //calculate emm length and set it on position 2[/TD]
[/TR]
[TR]
[TH]1049[/TH]
[TD] buffer[2]=pos-3;[/TD]
[/TR]
[TR]
[TH]1050[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1051[/TH]
[TD] cs_ddump_mask(D_DVBAPI, emm_global, emm_global_len, "[viaccess] %s: emm-gh", __func__);[/TD]
[/TR]
[TR]
[TH]1052[/TH]
[TD] cs_ddump_mask(D_DVBAPI, buffer, pos, "[viaccess] %s: assembled emm", __func__);[/TD]
[/TR]
[TR]
[TH]1053[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1054[/TH]
[TD] *len=pos;[/TD]
[/TR]
[TR]
[TH]1055[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]1056[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1057[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]1058[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]1059[/TH]
[TD]#endif[/TD]
[/TR]
[TR]
[TH]1060[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1061[/TH]
[TD]void reader_viaccess(struct s_cardsystem *ph)[/TD]
[/TR]
[TR]
[TH]1062[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]1063[/TH]
[TD] ph->do_emm=viaccess_do_emm;[/TD]
[/TR]
[TR]
[TH]1064[/TH]
[TD] ph->do_ecm=viaccess_do_ecm;[/TD]
[/TR]
[TR]
[TH]1065[/TH]
[TD] ph->card_info=viaccess_card_info;[/TD]
[/TR]
[TR]
[TH]1066[/TH]
[TD] ph->card_init=viaccess_card_init;[/TD]
[/TR]
[TR]
[TH]1067[/TH]
[TD] ph->get_emm_type=viaccess_get_emm_type;[/TD]
[/TR]
[TR]
[TH]1068[/TH]
[TD] ph->get_emm_filter=viaccess_get_emm_filter;[/TD]
[/TR]
[TR]
[TH]1069[/TH]
[TD] ph->caids[0]=0x05;[/TD]
[/TR]
[TR]
[TH]1070[/TH]
[TD] ph->desc="viaccess";[/TD]
[/TR]
[TR]
[TH]1071[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]1072[/TH]
[TD]#endif[/TD]
[/TR]
&actuellement pour le viaccess ces ceci avec des modif qui date de 4 semaine
| #include "globals.h" | |
| 2 | #ifdef READER_VIACCESS |
|---|---|
| 3 | #include "reader-common.h" |
| 4 | |
| 5 | struct via_date { |
| 6 | uint16_t day_s : 5; |
| 7 | uint16_t month_s : 4; |
| 8 | uint16_t year_s : 7; |
| 9 | |
| 10 | uint16_t day_e : 5; |
| 11 | uint16_t month_e : 4; |
| 12 | uint16_t year_e : 7; |
| 13 | }; |
| 14 | |
| 15 | static void parse_via_date(const uchar *buf, struct via_date *vd, int32_t fend) |
| 16 | { |
| 17 | uint16_t date; |
| 18 | |
| 19 | date = (buf[0]<<8) | buf[1]; |
| 20 | vd->day_s = date & 0x1f; |
| 21 | vd->month_s = (date>>5) & 0x0f; |
| 22 | vd->year_s = (date>>9) & 0x7f; |
| 23 | |
| 24 | if( fend ) |
| 25 | { |
| 26 | date = (buf[2]<<8) | buf[3]; |
| 27 | vd->day_e = date & 0x1f; |
| 28 | vd->month_e = (date>>5) & 0x0f; |
| 29 | vd->year_e = (date>>9) & 0x7f; |
| 30 | } |
| 31 | } |
| 32 | |
| 33 | //static void get_via_data(const uchar *b, int32_t l, time_t *start_t, time_t *end_t, uchar *cls) |
| 34 | //{ |
| 35 | // int32_t i, j; |
| 36 | // struct via_date vd; |
| 37 | // struct tm tm; |
| 38 | // memset(&vd, 0, sizeof(struct via_date)); |
| 39 | // |
| 40 | // // b -> via date (4 bytes) |
| 41 | // b+=4; |
| 42 | // l-=4; |
| 43 | // |
| 44 | // j=l-1; |
| 45 | // for (; j>=0; j--) |
| 46 | // for (i=0; i<8; i++) |
| 47 | // if (b[j] & (1 << (i&7))) |
| 48 | // { |
| 49 | // parse_via_date(b-4, &vd, 1); |
| 50 | // *cls=(l-(j+1))*8+i; |
| 51 | // } |
| 52 | // |
| 53 | // memset(&tm, 0, sizeof(struct tm)); |
| 54 | // tm.tm_year = vd.year_s + 80; //via year starts in 1980, tm_year starts in 1900 |
| 55 | // tm.tm_mon = vd.month_s - 1; // january is 0 in tm_mon |
| 56 | // tm.tm_mday = vd.day_s; |
| 57 | // *start_t = mktime(&tm); |
| 58 | // |
| 59 | // tm.tm_year = vd.year_e + 80; |
| 60 | // tm.tm_mon = vd.month_e - 1; |
| 61 | // tm.tm_mday = vd.day_e; |
| 62 | // *end_t = mktime(&tm); |
| 63 | // |
| 64 | //} |
| 65 | |
| 66 | static void show_class(struct s_reader *reader, const char *p, uint32_t provid, const uchar *b, int32_t l) |
| 67 | { |
| 68 | int32_t i, j; |
| 69 | |
| 70 | // b -> via date (4 bytes) |
| 71 | b+=4; |
| 72 | l-=4; |
| 73 | |
| 74 | j=l-1; |
| 75 | for (; j>=0; j--) |
| 76 | for (i=0; i<8; i++) |
| 77 | if (b[j] & (1 << (i&7))) |
| 78 | { |
| 79 | uchar cls; |
| 80 | struct via_date vd; |
| 81 | parse_via_date(b-4, &vd, 1); |
| 82 | cls=(l-(j+1))*8+i; |
| 83 | if (p) |
| 84 | rdr_log(reader, "%sclass: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", p, cls, |
| 85 | vd.year_s+1980, vd.month_s, vd.day_s, |
| 86 | vd.year_e+1980, vd.month_e, vd.day_e); |
| 87 | else { |
| 88 | rdr_log(reader, "class: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", cls, |
| 89 | vd.year_s+1980, vd.month_s, vd.day_s, |
| 90 | vd.year_e+1980, vd.month_e, vd.day_e); |
| 91 | |
| 92 | time_t start_t, end_t; |
| 93 | struct tm tm; |
| 94 | //convert time: |
| 95 | memset(&tm, 0, sizeof(tm)); |
| 96 | tm.tm_year = vd.year_s+80; //via year starts in 1980, tm_year starts in 1900 |
| 97 | tm.tm_mon = vd.month_s-1; // january is 0 in tm_mon |
| 98 | tm.tm_mday = vd.day_s; |
| 99 | start_t = cs_timegm(&tm); |
| 100 | |
| 101 | tm.tm_year = vd.year_e+80; //via year starts in 1980, tm_year starts in 1900 |
| 102 | tm.tm_mon = vd.month_e-1; // january is 0 in tm_mon |
| 103 | tm.tm_mday = vd.day_e; |
| 104 | end_t = cs_timegm(&tm); |
| 105 | |
| 106 | cs_add_entitlement(reader, reader->caid, provid, cls, cls, start_t, end_t, 5); |
| 107 | } |
| 108 | } |
| 109 | } |
| 110 | |
| 111 | static void show_subs(struct s_reader * reader, const uchar *emm) |
| 112 | { |
| 113 | // emm -> A9, A6, B6 |
| 114 | |
| 115 | switch( emm[0] ) |
| 116 | { |
| 117 | case 0xA9: |
| 118 | show_class(reader, "nano A9: ", 0, emm+2, emm[1]); |
| 119 | break; |
| 120 | /* |
| 121 | { |
| 122 | int32_t i, j, byts; |
| 123 | const uchar *oemm; |
| 124 | |
| 125 | oemm = emm; |
| 126 | byts = emm[1]-4; |
| 127 | emm+=6; |
| 128 | |
| 129 | j=byts-1; |
| 130 | for( ; j>=0; j-- ) |
| 131 | for( i=0; i<8; i++ ) |
| 132 | if( emm[j] & (1 << (i&7)) ) |
| 133 | { |
| 134 | uchar cls; |
| 135 | struct via_date vd; |
| 136 | parse_via_date(emm-4, &vd, 1); |
| 137 | cls=(byts-(j+1))*8+i; |
| 138 | rdr_log(reader, "%sclass %02X: expiry date: %02d/%02d/%04d - %02d/%02d/%04d", |
| 139 | fnano?"nano A9: ":"", cls, |
| 140 | vd.day_s, vd.month_s, vd.year_s+1980, |
| 141 | vd.day_e, vd.month_e, vd.year_e+1980); |
| 142 | } |
| 143 | break; |
| 144 | } |
| 145 | */ |
| 146 | case 0xA6: |
| 147 | { |
| 148 | char szGeo[256]; |
| 149 | |
| 150 | memset(szGeo, 0, 256); |
| 151 | strncpy(szGeo, (char *)emm+2, emm[1]); |
| 152 | rdr_log(reader, "nano A6: geo %s", szGeo); |
| 153 | break; |
| 154 | } |
| 155 | case 0xB6: |
| 156 | { |
| 157 | uchar m; // modexp |
| 158 | struct via_date vd; |
| 159 | |
| 160 | m=emm[emm[1]+1]; |
| 161 | parse_via_date(emm+2, &vd, 0); |
| 162 | rdr_log(reader, "nano B6: modexp %d%d%d%d%d%d: %02d/%02d/%04d", (m&0x20)?1:0, |
| 163 | (m&0x10)?1:0,(m&0x08)?1:0,(m&0x04)?1:0,(m&0x02)?1:0,(m&0x01)?1:0, |
| 164 | vd.day_s, vd.month_s, vd.year_s+1980); |
| 165 | break; |
| 166 | } |
| 167 | } |
| 168 | } |
| 169 | |
| 170 | static int32_t chk_prov(struct s_reader * reader, uchar *id, uchar keynr) |
| 171 | { |
| 172 | int32_t i, j, rc; |
| 173 | for (rc=i=0; (!rc) && (i<reader->nprov); i++) |
| 174 | if(!memcmp(&reader->prid[1], id, 3)) |
[TR]
[TH]175[/TH]
[TD] for (j=0; (!rc) && (j<16); j++)[/TD]
[/TR]
[TR]
[TH]176[/TH]
[TD] if (reader->availkeys[j]==keynr)[/TD]
[/TR]
[TR]
[TH]177[/TH]
[TD] rc=1;[/TD]
[/TR]
[TR]
[TH]178[/TH]
[TD] return(rc);[/TD]
[/TR]
[TR]
[TH]179[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]180[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]181[/TH]
[TD]static int32_t unlock_parental(struct s_reader * reader)[/TD]
[/TR]
[TR]
[TH]182[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]183[/TH]
[TD] /* disabling parental lock. assuming pin "0000" if no pin code is provided in the config */[/TD]
[/TR]
[TR]
[TH]184[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]185[/TH]
[TD] static const uchar inDPL[] = {0xca, 0x24, 0x02, 0x00, 0x09};[/TD]
[/TR]
[TR]
[TH]186[/TH]
[TD] uchar cmDPL[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F};[/TD]
[/TR]
[TR]
[TH]187[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]188[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]189[/TH]
[TD] if (strcmp(reader->pincode, "none")) {[/TD]
[/TR]
[TR]
[TH]190[/TH]
[TD] rdr_log(reader, "Using PIN %s",reader->pincode);[/TD]
[/TR]
[TR]
[TH]191[/TH]
[TD] // the pin need to be coded in bcd, so we need to convert from ascii to bcd, so '1234' -> 0x12 0x34[/TD]
[/TR]
[TR]
[TH]192[/TH]
[TD] cmDPL[6]=((reader->pincode[0]-0x30)<<4) | ((reader->pincode[1]-0x30) & 0x0f);[/TD]
[/TR]
[TR]
[TH]193[/TH]
[TD] cmDPL[7]=((reader->pincode[2]-0x30)<<4) | ((reader->pincode[3]-0x30) & 0x0f);[/TD]
[/TR]
[TR]
[TH]194[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]195[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]196[/TH]
[TD] rdr_log(reader, "Using PIN 0000!");[/TD]
[/TR]
[TR]
[TH]197[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]198[/TH]
[TD] write_cmd(inDPL,cmDPL);[/TD]
[/TR]
[TR]
[TH]199[/TH]
[TD] if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) ) {[/TD]
[/TR]
[TR]
[TH]200[/TH]
[TD] if (strcmp(reader->pincode, "none")) {[/TD]
[/TR]
[TR]
[TH]201[/TH]
[TD] rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used %s!",reader->pincode);[/TD]
[/TR]
[TR]
[TH]202[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]203[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]204[/TH]
[TD] rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used 0000!");[/TD]
[/TR]
[TR]
[TH]205[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]206[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]207[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]208[/TH]
[TD] rdr_log(reader, "Parental lock disabled");[/TD]
[/TR]
[TR]
[TH]209[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]210[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]211[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]212[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]213[/TH]
[TD]static int32_t viaccess_card_init(struct s_reader * reader, ATR *newatr)[/TD]
[/TR]
[TR]
[TH]214[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]215[/TH]
[TD] get_atr;[/TD]
[/TR]
[TR]
[TH]216[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]217[/TH]
[TD] int32_t i;[/TD]
[/TR]
[TR]
[TH]218[/TH]
[TD] uchar buf[256];[/TD]
[/TR]
[TR]
[TH]219[/TH]
[TD] uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data[/TD]
[/TR]
[TR]
[TH]220[/TH]
[TD] uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data[/TD]
[/TR]
[TR]
[TH]221[/TH]
[TD] uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer[/TD]
[/TR]
[TR]
[TH]222[/TH]
[TD] uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item[/TD]
[/TR]
[TR]
[TH]223[/TH]
[TD] static const uchar insFAC[] = { 0x87, 0x02, 0x00, 0x00, 0x03 }; // init FAC[/TD]
[/TR]
[TR]
[TH]224[/TH]
[TD] static const uchar FacDat[] = { 0x00, 0x00, 0x28 };[/TD]
[/TR]
[TR]
[TH]225[/TH]
[TD] static unsigned char ins8702_data[] = { 0x00, 0x00, 0x11};[/TD]
[/TR]
[TR]
[TH]226[/TH]
[TD] static unsigned char ins8704[] = { 0x87, 0x04, 0x00, 0x00, 0x07 };[/TD]
[/TR]
[TR]
[TH]227[/TH]
[TD] static unsigned char ins8706[] = { 0x87, 0x06, 0x00, 0x00, 0x04 };[/TD]
[/TR]
[TR]
[TH]228[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]229[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]230[/TH]
[TD] if ((atr[1]!=0x77) || ((atr[2]!=0x18) && (atr[2]!=0x11) && (atr[2]!=0x19)) || ((atr[9]!=0x68) && (atr[9]!=0x6C)))[/TD]
[/TR]
[TR]
[TH]231[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]232[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]233[/TH]
[TD] write_cmd(insFAC, FacDat);[/TD]
[/TR]
[TR]
[TH]234[/TH]
[TD] if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]235[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]236[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]237[/TH]
[TD] memset(&reader->last_geo, 0, sizeof(reader->last_geo));[/TD]
[/TR]
[TR]
[TH]238[/TH]
[TD] write_cmd(insFAC, ins8702_data);[/TD]
[/TR]
[TR]
[TH]239[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]240[/TH]
[TD] write_cmd(ins8704, NULL);[/TD]
[/TR]
[TR]
[TH]241[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]242[/TH]
[TD] write_cmd(ins8706, NULL);[/TD]
[/TR]
[TR]
[TH]243[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]244[/TH]
[TD] reader->last_geo.number_ecm =(cta_res[2]<<8) | (cta_res[3]);[/TD]
[/TR]
[TR]
[TH]245[/TH]
[TD] rdr_log(reader, "using ecm #%x for long viaccess ecm",reader->last_geo.number_ecm);[/TD]
[/TR]
[TR]
[TH]246[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]247[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]248[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]249[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]250[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]251[/TH]
[TD] // switch((atr[atrsize-4]<<8)|atr[atrsize-3])[/TD]
[/TR]
[TR]
[TH]252[/TH]
[TD] // {[/TD]
[/TR]
[TR]
[TH]253[/TH]
[TD] // case 0x6268: ver="2.3"; break;[/TD]
[/TR]
[TR]
[TH]254[/TH]
[TD] // case 0x6668: ver="2.4(?)"; break;[/TD]
[/TR]
[TR]
[TH]255[/TH]
[TD] // case 0xa268:[/TD]
[/TR]
[TR]
[TH]256[/TH]
[TD] // default: ver="unknown"; break;[/TD]
[/TR]
[TR]
[TH]257[/TH]
[TD] // }[/TD]
[/TR]
[TR]
[TH]258[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]259[/TH]
[TD] reader->caid=0x500;[/TD]
[/TR]
[TR]
[TH]260[/TH]
[TD] memset(reader->prid, 0xff, sizeof(reader->prid));[/TD]
[/TR]
[TR]
[TH]261[/TH]
[TD] insac[2]=0xa4; write_cmd(insac, NULL); // request unique id[/TD]
[/TR]
[TR]
[TH]262[/TH]
[TD] insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id[/TD]
[/TR]
[TR]
[TH]263[/TH]
[TD] memcpy(reader->hexserial, cta_res+2, 5);[/TD]
[/TR]
[TR]
[TH]264[/TH]
[TD] // rdr_log(reader, "[viaccess-reader] type: Viaccess, ver: %s serial: %llu", ver, b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]265[/TH]
[TD] rdr_log_sensitive(reader, "type: Viaccess (%sstandard atr), caid: %04X, serial: {%llu}",[/TD]
[/TR]
[TR]
[TH]266[/TH]
[TD] atr[9]==0x68?"":"non-",reader->caid, (unsigned long long) b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]267[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]268[/TH]
[TD] i=0;[/TD]
[/TR]
[TR]
[TH]269[/TH]
[TD] insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0[/TD]
[/TR]
[TR]
[TH]270[/TH]
[TD] buf[0]=0;[/TD]
[/TR]
[TR]
[TH]271[/TH]
[TD] while((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0))[/TD]
[/TR]
[TR]
[TH]272[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]273[/TH]
[TD] insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties[/TD]
[/TR]
[TR]
[TH]274[/TH]
[TD] cta_res[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]275[/TH]
[TD] reader->prid[0]=0;[/TD]
[/TR]
[TR]
[TH]276[/TH]
[TD] memcpy(&reader->prid[1], cta_res, 3);[/TD]
[/TR]
[TR]
[TH]277[/TH]
[TD] memcpy(&reader->availkeys[0], cta_res+10, 16);[/TD]
[/TR]
[TR]
[TH]278[/TH]
[TD] snprintf((char *)buf+strlen((char *)buf), sizeof(buf)-strlen((char *)buf), ",%06X", b2i(3, &reader->prid[1]));[/TD]
[/TR]
[TR]
[TH]279[/TH]
[TD] //rdr_log(reader, "[viaccess-reader] buf: %s", buf);[/TD]
[/TR]
[TR]
[TH]280[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]281[/TH]
[TD] insac[2]=0xa5; write_cmd(insac, NULL); // request sa[/TD]
[/TR]
[TR]
[TH]282[/TH]
[TD] insb8[4]=0x06; write_cmd(insb8, NULL); // read sa[/TD]
[/TR]
[TR]
[TH]283[/TH]
[TD] memcpy(&reader->sa[0], cta_res+2, 4);[/TD]
[/TR]
[TR]
[TH]284[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]285[/TH]
[TD] /*[/TD]
[/TR]
[TR]
[TH]286[/TH]
[TD] insac[2]=0xa7; write_cmd(insac, NULL); // request name[/TD]
[/TR]
[TR]
[TH]287[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len[/TD]
[/TR]
[TR]
[TH]288[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]289[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read name[/TD]
[/TR]
[TR]
[TH]290[/TH]
[TD] cta_res[l]=0;[/TD]
[/TR]
[TR]
[TH]291[/TH]
[TD] rdr_log(reader, "[viaccess-reader] name: %s", cta_res);[/TD]
[/TR]
[TR]
[TH]292[/TH]
[TD] */[/TD]
[/TR]
[TR]
[TH]293[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]294[/TH]
[TD] insa4[2]=0x02;[/TD]
[/TR]
[TR]
[TH]295[/TH]
[TD] write_cmd(insa4, NULL); // select next issuer[/TD]
[/TR]
[TR]
[TH]296[/TH]
[TD] i++;[/TD]
[/TR]
[TR]
[TH]297[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]298[/TH]
[TD] reader->nprov=i;[/TD]
[/TR]
[TR]
[TH]299[/TH]
[TD] rdr_log(reader, "providers: %d (%s)", reader->nprov, buf+1);[/TD]
[/TR]
[TR]
[TH]300[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]301[/TH]
[TD] if (cfg.ulparent)[/TD]
[/TR]
[TR]
[TH]302[/TH]
[TD] unlock_parental(reader);[/TD]
[/TR]
[TR]
[TH]303[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]304[/TH]
[TD] rdr_log(reader, "ready for requests");[/TD]
[/TR]
[TR]
[TH]305[/TH]
[TD] return OK;[/TD]
[/TR]
[TR]
[TH]306[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]307[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]308[/TH]
[TD]bool dcw_crc(uchar *dw){[/TD]
[/TR]
[TR]
[TH]309[/TH]
[TD] int8_t i;[/TD]
[/TR]
[TR]
[TH]310[/TH]
[TD] for(i=0;i<16;i+=4) if(dw[i+3]!=((dw+dw[i+1]+dw[i+2])& 0xFF))return 0;[/TD]
[/TR]
[TR]
[TH]311[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]312[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]313[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]314[/TH]
[TD]static int32_t viaccess_do_ecm(struct s_reader * reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)[/TD]
[/TR]
[TR]
[TH]315[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]316[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]317[/TH]
[TD] static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id[/TD]
[/TR]
[TR]
[TH]318[/TH]
[TD] unsigned char ins88[] = { 0xca,0x88,0x00,0x00,0x00 }; // set ecm[/TD]
[/TR]
[TR]
[TH]319[/TH]
[TD] unsigned char insf8[] = { 0xca,0xf8,0x00,0x00,0x00 }; // set geographic info[/TD]
[/TR]
[TR]
[TH]320[/TH]
[TD] static const unsigned char insc0[] = { 0xca,0xc0,0x00,0x00,0x12 }; // read dcw[/TD]
[/TR]
[TR]
[TH]321[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]322[/TH]
[TD] // //XXX what is the 4th byte for ??[/TD]
[/TR]
[TR]
[TH]323[/TH]
[TD] int32_t ecm88Len = MIN(MAX_ECM_SIZE-4, SCT_LEN(er->ecm)-4);[/TD]
[/TR]
[TR]
[TH]324[/TH]
[TD] if(ecm88Len < 1){[/TD]
[/TR]
[TR]
[TH]325[/TH]
[TD] rdr_log(reader, "ECM: Size of ECM couldn't be correctly calculated.");[/TD]
[/TR]
[TR]
[TH]326[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]327[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]328[/TH]
[TD] uchar ecmData[ecm88Len];[/TD]
[/TR]
[TR]
[TH]329[/TH]
[TD] memset(ecmData, 0, ecm88Len);[/TD]
[/TR]
[TR]
[TH]330[/TH]
[TD] memcpy(ecmData, er->ecm+4, ecm88Len);[/TD]
[/TR]
[TR]
[TH]331[/TH]
[TD] uchar *ecm88Data = &ecmData[0];[/TD]
[/TR]
[TR]
[TH]332[/TH]
[TD] uint32_t provid=0;[/TD]
[/TR]
[TR]
[TH]333[/TH]
[TD] int32_t rc=0;[/TD]
[/TR]
[TR]
[TH]334[/TH]
[TD] int32_t hasD2 = 0;[/TD]
[/TR]
[TR]
[TH]335[/TH]
[TD] int32_t curEcm88len=0;[/TD]
[/TR]
[TR]
[TH]336[/TH]
[TD] int32_t nanoLen=0;[/TD]
[/TR]
[TR]
[TH]337[/TH]
[TD] uchar *nextEcm;[/TD]
[/TR]
[TR]
[TH]338[/TH]
[TD] uchar DE04[256];[/TD]
[/TR]
[TR]
[TH]339[/TH]
[TD] int32_t D2KeyID=0;[/TD]
[/TR]
[TR]
[TH]340[/TH]
[TD] int32_t curnumber_ecm=0;[/TD]
[/TR]
[TR]
[TH]341[/TH]
[TD] //nanoD2 d2 02 0d 02 -> D2 nano, len 2[/TD]
[/TR]
[TR]
[TH]342[/TH]
[TD] // 0d -> post AES decrypt CW[/TD]
[/TR]
[TR]
[TH]343[/TH]
[TD] // 0b -> pre AES decrypt CW[/TD]
[/TR]
[TR]
[TH]344[/TH]
[TD] int32_t nanoD2 = 0; // 0x0b = 1 0x0d = 2[/TD]
[/TR]
[TR]
[TH]345[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]346[/TH]
[TD] memset(DE04, 0, sizeof(DE04)); //fix dorcel de04 bug[/TD]
[/TR]
[TR]
[TH]347[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]348[/TH]
[TD] nextEcm=ecm88Data;[/TD]
[/TR]
[TR]
[TH]349[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]350[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]351[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]352[/TH]
[TD] while (ecm88Len>0 && !rc) {[/TD]
[/TR]
[TR]
[TH]353[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]354[/TH]
[TD] if(ecm88Data[0] ==0x00 && ecm88Data[1] == 0x00) {[/TD]
[/TR]
[TR]
[TH]355[/TH]
[TD] // nano 0x00 and len 0x00 aren't valid ... something is obviously wrong with this ecm.[/TD]
[/TR]
[TR]
[TH]356[/TH]
[TD] rdr_log(reader, "ECM: Invalid ECM structure. Rejecting");[/TD]
[/TR]
[TR]
[TH]357[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]358[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]359[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]360[/TH]
[TD] // 80 33 nano 80 (ecm) + len (33)[/TD]
[/TR]
[TR]
[TH]361[/TH]
[TD] if(ecm88Data[0]==0x80) { // nano 80, give ecm len[/TD]
[/TR]
[TR]
[TH]362[/TH]
[TD] curEcm88len=ecm88Data[1];[/TD]
[/TR]
[TR]
[TH]363[/TH]
[TD] nextEcm=ecm88Data+curEcm88len+2;[/TD]
[/TR]
[TR]
[TH]364[/TH]
[TD] ecm88Data += 2;[/TD]
[/TR]
[TR]
[TH]365[/TH]
[TD] ecm88Len -= 2;[/TD]
[/TR]
[TR]
[TH]366[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]367[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]368[/TH]
[TD] if(!curEcm88len) { //there was no nano 80 -> simple ecm[/TD]
[/TR]
[TR]
[TH]369[/TH]
[TD] curEcm88len=ecm88Len;[/TD]
[/TR]
[TR]
[TH]370[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]371[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]372[/TH]
[TD] // d2 02 0d 02 -> D2 nano, len 2, select the AES key to be used[/TD]
[/TR]
[TR]
[TH]373[/TH]
[TD] if(ecm88Data[0]==0xd2) {[/TD]
[/TR]
[TR]
[TH]374[/TH]
[TD] // test if need post or pre AES decrypt[/TD]
[/TR]
[TR]
[TH]375[/TH]
[TD] if(ecm88Data[2]==0x0b)[/TD]
[/TR]
[TR]
[TH]376[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]377[/TH]
[TD] nanoD2 = 1;[/TD]
[/TR]
[TR]
[TH]378[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0b");[/TD]
[/TR]
[TR]
[TH]379[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]380[/TH]
[TD] if(ecm88Data[2]==0x0d)[/TD]
[/TR]
[TR]
[TH]381[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]382[/TH]
[TD] nanoD2 = 2;[/TD]
[/TR]
[TR]
[TH]383[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0d");[/TD]
[/TR]
[TR]
[TH]384[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]385[/TH]
[TD] // use the d2 arguments to get the key # to be used[/TD]
[/TR]
[TR]
[TH]386[/TH]
[TD] int32_t len = ecm88Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]387[/TH]
[TD] D2KeyID=ecm88Data[3];[/TD]
[/TR]
[TR]
[TH]388[/TH]
[TD] ecm88Data += len;[/TD]
[/TR]
[TR]
[TH]389[/TH]
[TD] ecm88Len -= len;[/TD]
[/TR]
[TR]
[TH]390[/TH]
[TD] curEcm88len -=len;[/TD]
[/TR]
[TR]
[TH]391[/TH]
[TD] hasD2 = 1;[/TD]
[/TR]
[TR]
[TH]392[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]393[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]394[/TH]
[TD] hasD2 = 0;[/TD]
[/TR]
[TR]
[TH]395[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]396[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]397[/TH]
[TD] // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here[/TD]
[/TR]
[TR]
[TH]398[/TH]
[TD] // 09 -> use key #9[/TD]
[/TR]
[TR]
[TH]399[/TH]
[TD] // 05 67 00[/TD]
[/TR]
[TR]
[TH]400[/TH]
[TD] if ((ecm88Data[0]==0x90 || ecm88Data[0]==0x40) && (ecm88Data[1]==0x03 || ecm88Data[1]==0x07 ) )[/TD]
[/TR]
[TR]
[TH]401[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]402[/TH]
[TD] uchar ident[3], keynr;[/TD]
[/TR]
[TR]
[TH]403[/TH]
[TD] uchar *ecmf8Data=0;[/TD]
[/TR]
[TR]
[TH]404[/TH]
[TD] int32_t ecmf8Len=0;[/TD]
[/TR]
[TR]
[TH]405[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]406[/TH]
[TD] nanoLen=ecm88Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]407[/TH]
[TD] keynr=ecm88Data[4]&0x0F;[/TD]
[/TR]
[TR]
[TH]408[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]409[/TH]
[TD] // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here[/TD]
[/TR]
[TR]
[TH]410[/TH]
[TD] // 09 -> use key #9[/TD]
[/TR]
[TR]
[TH]411[/TH]
[TD] if(nanoLen>5) {[/TD]
[/TR]
[TR]
[TH]412[/TH]
[TD] curnumber_ecm =(ecm88Data[6]<<8) | (ecm88Data[7]);[/TD]
[/TR]
[TR]
[TH]413[/TH]
[TD] rdr_debug_mask(reader, D_READER, "checking if the ecm number (%x) match the card one (%x)",curnumber_ecm,reader->last_geo.number_ecm);[/TD]
[/TR]
[TR]
[TH]414[/TH]
[TD] // if we have an ecm number we check it.[/TD]
[/TR]
[TR]
[TH]415[/TH]
[TD] // we can't assume that if the nano len is 5 or more we have an ecm number[/TD]
[/TR]
[TR]
[TH]416[/TH]
[TD] // as some card don't support this[/TD]
[/TR]
[TR]
[TH]417[/TH]
[TD] if( reader->last_geo.number_ecm > 0 ) {[/TD]
[/TR]
[TR]
[TH]418[/TH]
[TD] if (reader->last_geo.number_ecm == curnumber_ecm && !( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )) {[/TD]
[/TR]
[TR]
[TH]419[/TH]
[TD] keynr=ecm88Data[5];[/TD]
[/TR]
[TR]
[TH]420[/TH]
[TD] rdr_debug_mask(reader, D_READER, "keyToUse = %02x, ECM ending with %02x",ecm88Data[5], ecm88Data[nanoLen-1]);[/TD]
[/TR]
[TR]
[TH]421[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]422[/TH]
[TD] if( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )[/TD]
[/TR]
[TR]
[TH]423[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]424[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x) for provider %02x%02x%02x",ecm88Data[nanoLen-1], curnumber_ecm, ecm88Data[2], ecm88Data[3], ecm88Data[4]);[/TD]
[/TR]
[TR]
[TH]425[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]426[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x)",ecm88Data[nanoLen-1], curnumber_ecm);[/TD]
[/TR]
[TR]
[TH]427[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]428[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]429[/TH]
[TD] continue; //loop to next ecm[/TD]
[/TR]
[TR]
[TH]430[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]431[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]432[/TH]
[TD] else { // long ecm but we don't have an ecm number so we have to try them all.[/TD]
[/TR]
[TR]
[TH]433[/TH]
[TD] keynr=ecm88Data[5];[/TD]
[/TR]
[TR]
[TH]434[/TH]
[TD] rdr_debug_mask(reader, D_READER, "keyToUse = %02x",ecm88Data[5]);[/TD]
[/TR]
[TR]
[TH]435[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]436[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]437[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]438[/TH]
[TD] memcpy (ident, &ecm88Data[2], sizeof(ident));[/TD]
[/TR]
[TR]
[TH]439[/TH]
[TD] provid = b2i(3, ident);[/TD]
[/TR]
[TR]
[TH]440[/TH]
[TD] ident[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]441[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]442[/TH]
[TD] if(hasD2 && reader->aes_list) {[/TD]
[/TR]
[TR]
[TH]443[/TH]
[TD] // check that we have the AES key to decode the CW[/TD]
[/TR]
[TR]
[TH]444[/TH]
[TD] // if not there is no need to send the ecm to the card[/TD]
[/TR]
[TR]
[TH]445[/TH]
[TD] if(!aes_present(reader->aes_list, 0x500, (uint32_t) (provid & 0xFFFFF0) , D2KeyID))[/TD]
[/TR]
[TR]
[TH]446[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]447[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]448[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]449[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]450[/TH]
[TD] if (!chk_prov(reader, ident, keynr))[/TD]
[/TR]
[TR]
[TH]451[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]452[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: provider or key not found on card");[/TD]
[/TR]
[TR]
[TH]453[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "provider(%02x%02x%02x) or key(%d) not found on card", ident[0],ident[1],ident[2], keynr );[/TD]
[/TR]
[TR]
[TH]454[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]455[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]456[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]457[/TH]
[TD] ecm88Data+=nanoLen;[/TD]
[/TR]
[TR]
[TH]458[/TH]
[TD] ecm88Len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]459[/TH]
[TD] curEcm88len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]460[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]461[/TH]
[TD] // DE04[/TD]
[/TR]
[TR]
[TH]462[/TH]
[TD] if (ecm88Data[0]==0xDE && ecm88Data[1]==0x04)[/TD]
[/TR]
[TR]
[TH]463[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]464[/TH]
[TD] memcpy (DE04, &ecm88Data[0], 6);[/TD]
[/TR]
[TR]
[TH]465[/TH]
[TD] ecm88Data+=6;[/TD]
[/TR]
[TR]
[TH]466[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]467[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]468[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]469[/TH]
[TD] if( reader->last_geo.provid != provid )[/TD]
[/TR]
[TR]
[TH]470[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]471[/TH]
[TD] reader->last_geo.provid = provid;[/TD]
[/TR]
[TR]
[TH]472[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]473[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]474[/TH]
[TD] write_cmd(insa4, ident); // set provider[/TD]
[/TR]
[TR]
[TH]475[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]476[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]477[/TH]
[TD] //Nano D2 0x0b Pre AES decrypt CW[/TD]
[/TR]
[TR]
[TH]478[/TH]
[TD] if ( hasD2 && nanoD2 == 1)[/TD]
[/TR]
[TR]
[TH]479[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]480[/TH]
[TD] uchar *ecm88DataCW = ecm88Data;[/TD]
[/TR]
[TR]
[TH]481[/TH]
[TD] int32_t cwStart = 0;[/TD]
[/TR]
[TR]
[TH]482[/TH]
[TD] //int32_t cwStartRes = 0;[/TD]
[/TR]
[TR]
[TH]483[/TH]
[TD] int32_t exit = 0;[/TD]
[/TR]
[TR]
[TH]484[/TH]
[TD] // find CW start[/TD]
[/TR]
[TR]
[TH]485[/TH]
[TD] while(cwStart < curEcm88len -1 && !exit)[/TD]
[/TR]
[TR]
[TH]486[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]487[/TH]
[TD] if(ecm88Data[cwStart] == 0xEA && ecm88Data[cwStart+1] == 0x10)[/TD]
[/TR]
[TR]
[TH]488[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]489[/TH]
[TD] ecm88DataCW = ecm88DataCW + cwStart + 2;[/TD]
[/TR]
[TR]
[TH]490[/TH]
[TD] exit = 1;[/TD]
[/TR]
[TR]
[TH]491[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]492[/TH]
[TD] cwStart++;[/TD]
[/TR]
[TR]
[TH]493[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]494[/TH]
[TD] // use AES from list to decrypt CW[/TD]
[/TR]
[TR]
[TH]495[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));[/TD]
[/TR]
[TR]
[TH]496[/TH]
[TD] if (aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID, &ecm88DataCW[0], 16) == 0)[/TD]
[/TR]
[TR]
[TH]497[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );[/TD]
[/TR]
[TR]
[TH]498[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]499[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]500[/TH]
[TD] while(ecm88Len>1 && ecm88Data[0]<0xA0)[/TD]
[/TR]
[TR]
[TH]501[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]502[/TH]
[TD] int32_t nanoLen=ecm88Data[1]+2;[/TD]
[/TR]
[TR]
[TH]503[/TH]
[TD] if (!ecmf8Data)[/TD]
[/TR]
[TR]
[TH]504[/TH]
[TD] ecmf8Data=(uchar *)ecm88Data;[/TD]
[/TR]
[TR]
[TH]505[/TH]
[TD] ecmf8Len+=nanoLen;[/TD]
[/TR]
[TR]
[TH]506[/TH]
[TD] ecm88Len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]507[/TH]
[TD] curEcm88len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]508[/TH]
[TD] ecm88Data+=nanoLen;[/TD]
[/TR]
[TR]
[TH]509[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]510[/TH]
[TD] if(ecmf8Len)[/TD]
[/TR]
[TR]
[TH]511[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]512[/TH]
[TD] if( reader->last_geo.geo_len!=ecmf8Len ||[/TD]
[/TR]
[TR]
[TH]513[/TH]
[TD] memcmp(reader->last_geo.geo, ecmf8Data, reader->last_geo.geo_len))[/TD]
[/TR]
[TR]
[TH]514[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]515[/TH]
[TD] memcpy(reader->last_geo.geo, ecmf8Data, ecmf8Len);[/TD]
[/TR]
[TR]
[TH]516[/TH]
[TD] reader->last_geo.geo_len= ecmf8Len;[/TD]
[/TR]
[TR]
[TH]517[/TH]
[TD] insf8[3]=keynr;[/TD]
[/TR]
[TR]
[TH]518[/TH]
[TD] insf8[4]=ecmf8Len;[/TD]
[/TR]
[TR]
[TH]519[/TH]
[TD] write_cmd(insf8, ecmf8Data);[/TD]
[/TR]
[TR]
[TH]520[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]521[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]522[/TH]
[TD] ins88[2]=ecmf8Len?1:0;[/TD]
[/TR]
[TR]
[TH]523[/TH]
[TD] ins88[3]=keynr;[/TD]
[/TR]
[TR]
[TH]524[/TH]
[TD] ins88[4]= curEcm88len;[/TD]
[/TR]
[TR]
[TH]525[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]526[/TH]
[TD] // we should check the nano to make sure the ecm is valid[/TD]
[/TR]
[TR]
[TH]527[/TH]
[TD] // we should look for at least 1 E3 nano, 1 EA nano and the F0 signature nano[/TD]
[/TR]
[TR]
[TH]528[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]529[/TH]
[TD] // DE04[/TD]
[/TR]
[TR]
[TH]530[/TH]
[TD] if (DE04[0]==0xDE)[/TD]
[/TR]
[TR]
[TH]531[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]532[/TH]
[TD] uint32_t l = curEcm88len-6;[/TD]
[/TR]
[TR]
[TH]533[/TH]
[TD] if (l > 256 || curEcm88len <= 6) { //don't known if this is ok...[/TD]
[/TR]
[TR]
[TH]534[/TH]
[TD] rdr_log(reader, "ecm invalid/too long! len=%d", curEcm88len);[/TD]
[/TR]
[TR]
[TH]535[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]536[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]537[/TH]
[TD] memcpy(DE04+6, (uchar *)ecm88Data, l);[/TD]
[/TR]
[TR]
[TH]538[/TH]
[TD] write_cmd(ins88, DE04); // request dcw[/TD]
[/TR]
[TR]
[TH]539[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]540[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]541[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]542[/TH]
[TD] write_cmd(ins88, (uchar *)ecm88Data); // request dcw[/TD]
[/TR]
[TR]
[TH]543[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]544[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]545[/TH]
[TD] write_cmd(insc0, NULL); // read dcw[/TD]
[/TR]
[TR]
[TH]546[/TH]
[TD] switch(cta_res[0])[/TD]
[/TR]
[TR]
[TH]547[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]548[/TH]
[TD] case 0xe8: // even[/TD]
[/TR]
[TR]
[TH]549[/TH]
[TD] if(cta_res[1]==8) { memcpy(ea->cw,cta_res+2,8); rc=1; }[/TD]
[/TR]
[TR]
[TH]550[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]551[/TH]
[TD] case 0xe9: // odd[/TD]
[/TR]
[TR]
[TH]552[/TH]
[TD] if(cta_res[1]==8) { memcpy(ea->cw+8,cta_res+2,8); rc=1; }[/TD]
[/TR]
[TR]
[TH]553[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]554[/TH]
[TD] case 0xea: // complete[/TD]
[/TR]
[TR]
[TH]555[/TH]
[TD] if(cta_res[1]==16) { memcpy(ea->cw,cta_res+2,16); rc=1; }[/TD]
[/TR]
[TR]
[TH]556[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]557[/TH]
[TD] default :[/TD]
[/TR]
[TR]
[TH]558[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]559[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]560[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: key to use is not the current one, trying next ECM");[/TD]
[/TR]
[TR]
[TH]561[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "key to use is not the current one, trying next ECM" );[/TD]
[/TR]
[TR]
[TH]562[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]563[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]564[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]565[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]566[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]567[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: Unknown ECM type");[/TD]
[/TR]
[TR]
[TH]568[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "Unknown ECM type" );[/TD]
[/TR]
[TR]
[TH]569[/TH]
[TD] return ERROR; /*Lets interupt the loop and exit, because we don't know this ECM type.*/[/TD]
[/TR]
[TR]
[TH]570[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]571[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]572[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]573[/TH]
[TD] if ( hasD2 && !dcw_crc(ea->cw) && nanoD2 == 2) {[/TD]
[/TR]
[TR]
[TH]574[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));[/TD]
[/TR]
[TR]
[TH]575[/TH]
[TD] rc=aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID,ea->cw, 16);[/TD]
[/TR]
[TR]
[TH]576[/TH]
[TD] if( rc == 0 )[/TD]
[/TR]
[TR]
[TH]577[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );[/TD]
[/TR]
[TR]
[TH]578[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]579[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]580[/TH]
[TD] return(rc?OK:ERROR);[/TD]
[/TR]
[TR]
[TH]581[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]582[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]583[/TH]
[TD]static int32_t viaccess_get_emm_type(EMM_PACKET *ep, struct s_reader * rdr)[/TD]
[/TR]
[TR]
[TH]584[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]585[/TH]
[TD] uint32_t provid=0;[/TD]
[/TR]
[TR]
[TH]586[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "Entered viaccess_get_emm_type ep->emm[0]=%02x",ep->emm[0]);[/TD]
[/TR]
[TR]
[TH]587[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]588[/TH]
[TD] if (ep->emm[3] == 0x90 && ep->emm[4] == 0x03) {[/TD]
[/TR]
[TR]
[TH]589[/TH]
[TD] provid = ep->emm[5] << 16 | ep->emm[6] << 8 | (ep->emm[7] & 0xFE);[/TD]
[/TR]
[TR]
[TH]590[/TH]
[TD] i2b_buf(4, provid, ep->provid);[/TD]
[/TR]
[TR]
[TH]591[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]592[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]593[/TH]
[TD] switch (ep->emm[0]) {[/TD]
[/TR]
[TR]
[TH]594[/TH]
[TD]case 0x88:[/TD]
[/TR]
[TR]
[TH]595[/TH]
[TD] ep->type=UNIQUE;[/TD]
[/TR]
[TR]
[TH]596[/TH]
[TD] memset(ep->hexserial, 0, 8);[/TD]
[/TR]
[TR]
[TH]597[/TH]
[TD] memcpy(ep->hexserial, ep->emm + 4, 4);[/TD]
[/TR]
[TR]
[TH]598[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "UNIQUE");[/TD]
[/TR]
[TR]
[TH]599[/TH]
[TD] return(!memcmp(rdr->hexserial + 1, ep->hexserial, 4));[/TD]
[/TR]
[TR]
[TH]600[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]601[/TH]
[TD]case 0x8A:[/TD]
[/TR]
[TR]
[TH]602[/TH]
[TD]case 0x8B:[/TD]
[/TR]
[TR]
[TH]603[/TH]
[TD] ep->type=GLOBAL;[/TD]
[/TR]
[TR]
[TH]604[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "GLOBAL");[/TD]
[/TR]
[TR]
[TH]605[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]606[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]607[/TH]
[TD]case 0x8C:[/TD]
[/TR]
[TR]
[TH]608[/TH]
[TD]case 0x8D:[/TD]
[/TR]
[TR]
[TH]609[/TH]
[TD] ep->type=SHARED;[/TD]
[/TR]
[TR]
[TH]610[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "SHARED (part)");[/TD]
[/TR]
[TR]
[TH]611[/TH]
[TD] return FALSE;[/TD]
[/TR]
[TR]
[TH]612[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]613[/TH]
[TD]case 0x8E:[/TD]
[/TR]
[TR]
[TH]614[/TH]
[TD] ep->type=SHARED;[/TD]
[/TR]
[TR]
[TH]615[/TH]
[TD] memset(ep->hexserial, 0, 8);[/TD]
[/TR]
[TR]
[TH]616[/TH]
[TD] memcpy(ep->hexserial, ep->emm + 3, 3);[/TD]
[/TR]
[TR]
[TH]617[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "SHARED");[/TD]
[/TR]
[TR]
[TH]618[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]619[/TH]
[TD] //check for provider as serial (cccam only?)[/TD]
[/TR]
[TR]
[TH]620[/TH]
[TD] int8_t i;[/TD]
[/TR]
[TR]
[TH]621[/TH]
[TD] for (i=0;i<rdr->nprov;i++) {[/TD]
[/TR]
[TR]
[TH]622[/TH]
[TD] if (!memcmp(&rdr->prid[1], ep->hexserial, 3))[/TD]
[/TR]
[TR]
[TH]623[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]624[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]625[/TH]
[TD] return(!memcmp(&rdr->sa[0][0], ep->hexserial, 3));[/TD]
[/TR]
[TR]
[TH]626[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]627[/TH]
[TD]default:[/TD]
[/TR]
[TR]
[TH]628[/TH]
[TD] ep->type = UNKNOWN;[/TD]
[/TR]
[TR]
[TH]629[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "UNKNOWN");[/TD]
[/TR]
[TR]
[TH]630[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]631[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]632[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]633[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]634[/TH]
[TD]static void viaccess_get_emm_filter(struct s_reader * rdr, uchar *filter)[/TD]
[/TR]
[TR]
[TH]635[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]636[/TH]
[TD] int32_t idx = 2;[/TD]
[/TR]
[TR]
[TH]637[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]638[/TH]
[TD] filter[0]=0xFF;[/TD]
[/TR]
[TR]
[TH]639[/TH]
[TD] filter[1]=0;[/TD]
[/TR]
[TR]
[TH]640[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]641[/TH]
[TD] filter[idx++]=EMM_GLOBAL;[/TD]
[/TR]
[TR]
[TH]642[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]643[/TH]
[TD] filter[idx+0] = 0x8D;[/TD]
[/TR]
[TR]
[TH]644[/TH]
[TD] filter[idx+0+16] = 0xFE;[/TD]
[/TR]
[TR]
[TH]645[/TH]
[TD] //filter[idx+6] = 0xA0; // FIXME: dummy, flood client with EMM's[/TD]
[/TR]
[TR]
[TH]646[/TH]
[TD] //filter[idx+6+16] = 0xF0;[/TD]
[/TR]
[TR]
[TH]647[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]648[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]649[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]650[/TH]
[TD] filter[idx++]=EMM_SHARED;[/TD]
[/TR]
[TR]
[TH]651[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]652[/TH]
[TD] filter[idx+0] = 0x8E;[/TD]
[/TR]
[TR]
[TH]653[/TH]
[TD] filter[idx+0+16] = 0xFF;[/TD]
[/TR]
[TR]
[TH]654[/TH]
[TD] memcpy(filter+idx+1, &rdr->sa[0][0], 3);[/TD]
[/TR]
[TR]
[TH]655[/TH]
[TD] memset(filter+idx+1+16, 0xFF, 3);[/TD]
[/TR]
[TR]
[TH]656[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]657[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]658[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]659[/TH]
[TD] filter[idx++]=EMM_UNIQUE;[/TD]
[/TR]
[TR]
[TH]660[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]661[/TH]
[TD] filter[idx+0] = 0x88;[/TD]
[/TR]
[TR]
[TH]662[/TH]
[TD] filter[idx+0+16] = 0xFF;[/TD]
[/TR]
[TR]
[TH]663[/TH]
[TD] memcpy(filter+idx+1, rdr->hexserial + 1, 4);[/TD]
[/TR]
[TR]
[TH]664[/TH]
[TD] memset(filter+idx+1+16, 0xFF, 4);[/TD]
[/TR]
[TR]
[TH]665[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]666[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]667[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]668[/TH]
[TD] return;[/TD]
[/TR]
[TR]
[TH]669[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]670[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]671[/TH]
[TD]static int32_t viaccess_do_emm(struct s_reader * reader, EMM_PACKET *ep)[/TD]
[/TR]
[TR]
[TH]672[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]673[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]674[/TH]
[TD] static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id[/TD]
[/TR]
[TR]
[TH]675[/TH]
[TD] unsigned char insf0[] = { 0xca,0xf0,0x00,0x01,0x22 }; // set adf[/TD]
[/TR]
[TR]
[TH]676[/TH]
[TD] unsigned char insf4[] = { 0xca,0xf4,0x00,0x01,0x00 }; // set adf, encrypted[/TD]
[/TR]
[TR]
[TH]677[/TH]
[TD] unsigned char ins18[] = { 0xca,0x18,0x01,0x01,0x00 }; // set subscription[/TD]
[/TR]
[TR]
[TH]678[/TH]
[TD] unsigned char ins1c[] = { 0xca,0x1c,0x01,0x01,0x00 }; // set subscription, encrypted[/TD]
[/TR]
[TR]
[TH]679[/TH]
[TD] static const unsigned char insc8[] = { 0xca,0xc8,0x00,0x00,0x02 }; // read extended status[/TD]
[/TR]
[TR]
[TH]680[/TH]
[TD] // static const unsigned char insc8Data[] = { 0x00,0x00 }; // data for read extended status[/TD]
[/TR]
[TR]
[TH]681[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]682[/TH]
[TD] int32_t emmdatastart=7;[/TD]
[/TR]
[TR]
[TH]683[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]684[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]685[/TH]
[TD] if (ep->type == UNIQUE) emmdatastart++;[/TD]
[/TR]
[TR]
[TH]686[/TH]
[TD] int32_t emmLen=SCT_LEN(ep->emm)-emmdatastart;[/TD]
[/TR]
[TR]
[TH]687[/TH]
[TD] int32_t rc=0;[/TD]
[/TR]
[TR]
[TH]688[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]689[/TH]
[TD] ///cs_dump(ep->emm, emmLen+emmdatastart, "RECEIVED EMM VIACCESS");[/TD]
[/TR]
[TR]
[TH]690[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]691[/TH]
[TD] int32_t emmUpToEnd;[/TD]
[/TR]
[TR]
[TH]692[/TH]
[TD] uchar *emmParsed = ep->emm+emmdatastart;[/TD]
[/TR]
[TR]
[TH]693[/TH]
[TD] int32_t provider_ok = 0;[/TD]
[/TR]
[TR]
[TH]694[/TH]
[TD] uint32_t emm_provid;[/TD]
[/TR]
[TR]
[TH]695[/TH]
[TD] uchar keynr = 0;[/TD]
[/TR]
[TR]
[TH]696[/TH]
[TD] int32_t ins18Len = 0;[/TD]
[/TR]
[TR]
[TH]697[/TH]
[TD] uchar ins18Data[512];[/TD]
[/TR]
[TR]
[TH]698[/TH]
[TD] uchar insData[512];[/TD]
[/TR]
[TR]
[TH]699[/TH]
[TD] uchar *nano81Data = 0;[/TD]
[/TR]
[TR]
[TH]700[/TH]
[TD] uchar *nano91Data = 0;[/TD]
[/TR]
[TR]
[TH]701[/TH]
[TD] uchar *nano92Data = 0;[/TD]
[/TR]
[TR]
[TH]702[/TH]
[TD] uchar *nano9EData = 0;[/TD]
[/TR]
[TR]
[TH]703[/TH]
[TD] uchar *nanoF0Data = 0;[/TD]
[/TR]
[TR]
[TH]704[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]705[/TH]
[TD] for (emmUpToEnd=emmLen; (emmParsed[1] != 0) && (emmUpToEnd > 0); emmUpToEnd -= (2 + emmParsed[1]), emmParsed += (2 + emmParsed[1])) {[/TD]
[/TR]
[TR]
[TH]706[/TH]
[TD] ///cs_dump (emmParsed, emmParsed[1] + 2, "NANO");[/TD]
[/TR]
[TR]
[TH]707[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]708[/TH]
[TD] if (emmParsed[0]==0x90 && emmParsed[1]==0x03) {[/TD]
[/TR]
[TR]
[TH]709[/TH]
[TD] /* identification of the service operator */[/TD]
[/TR]
[TR]
[TH]710[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]711[/TH]
[TD] uchar soid[3], ident[3], i;[/TD]
[/TR]
[TR]
[TH]712[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]713[/TH]
[TD] for (i=0; i<3; i++) {[/TD]
[/TR]
[TR]
[TH]714[/TH]
[TD] soid=ident=emmParsed[2+i];[/TD]
[/TR]
[TR]
[TH]715[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]716[/TH]
[TD] ident[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]717[/TH]
[TD] emm_provid=b2i(3, ident);[/TD]
[/TR]
[TR]
[TH]718[/TH]
[TD] keynr=soid[2]&0x0F;[/TD]
[/TR]
[TR]
[TH]719[/TH]
[TD] if (chk_prov(reader, ident, keynr)) {[/TD]
[/TR]
[TR]
[TH]720[/TH]
[TD] provider_ok = 1;[/TD]
[/TR]
[TR]
[TH]721[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]722[/TH]
[TD] rdr_log(reader, "EMM: provider or key not found on card (%x, %x)", emm_provid, keynr);[/TD]
[/TR]
[TR]
[TH]723[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]724[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]725[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]726[/TH]
[TD] // check if the provider changes. If yes, set the new one. If not, don't .. card will return an error if we do.[/TD]
[/TR]
[TR]
[TH]727[/TH]
[TD] if( reader->last_geo.provid != emm_provid ) {[/TD]
[/TR]
[TR]
[TH]728[/TH]
[TD] write_cmd(insa4, ident);[/TD]
[/TR]
[TR]
[TH]729[/TH]
[TD] if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]730[/TH]
[TD] cs_dump(insa4, 5, "set provider cmd:");[/TD]
[/TR]
[TR]
[TH]731[/TH]
[TD] cs_dump(soid, 3, "set provider data:");[/TD]
[/TR]
[TR]
[TH]732[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]733[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]734[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]735[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]736[/TH]
[TD] // as we are maybe changing the used provider, clear the cache, so the next ecm will re-select the correct one[/TD]
[/TR]
[TR]
[TH]737[/TH]
[TD] reader->last_geo.provid = 0;[/TD]
[/TR]
[TR]
[TH]738[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]739[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]740[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]741[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]742[/TH]
[TD] else if (emmParsed[0]==0x9e && emmParsed[1]==0x20) {[/TD]
[/TR]
[TR]
[TH]743[/TH]
[TD] /* adf */[/TD]
[/TR]
[TR]
[TH]744[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]745[/TH]
[TD] if (!nano91Data) {[/TD]
[/TR]
[TR]
[TH]746[/TH]
[TD] /* adf is not crypted, so test it */[/TD]
[/TR]
[TR]
[TH]747[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]748[/TH]
[TD] uchar custwp;[/TD]
[/TR]
[TR]
[TH]749[/TH]
[TD] uchar *afd;[/TD]
[/TR]
[TR]
[TH]750[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]751[/TH]
[TD] custwp=reader->sa[0][3];[/TD]
[/TR]
[TR]
[TH]752[/TH]
[TD] afd=(uchar*)emmParsed+2;[/TD]
[/TR]
[TR]
[TH]753[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]754[/TH]
[TD] if( afd[31-custwp/8] & (1 << (custwp & 7)) )[/TD]
[/TR]
[TR]
[TH]755[/TH]
[TD] rdr_debug_mask(reader, D_READER, "emm for our card %08X", b2i(4, &reader->sa[0][0]));[/TD]
[/TR]
[TR]
[TH]756[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]757[/TH]
[TD] return SKIPPED;[/TD]
[/TR]
[TR]
[TH]758[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]759[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]760[/TH]
[TD] // memorize[/TD]
[/TR]
[TR]
[TH]761[/TH]
[TD] nano9EData = emmParsed;[/TD]
[/TR]
[TR]
[TH]762[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]763[/TH]
[TD] } else if (emmParsed[0]==0x81) {[/TD]
[/TR]
[TR]
[TH]764[/TH]
[TD] nano81Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]765[/TH]
[TD] } else if (emmParsed[0]==0x91 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]766[/TH]
[TD] nano91Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]767[/TH]
[TD] } else if (emmParsed[0]==0x92 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]768[/TH]
[TD] nano92Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]769[/TH]
[TD] } else if (emmParsed[0]==0xF0 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]770[/TH]
[TD] nanoF0Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]771[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]772[/TH]
[TD] /* other nanos */[/TD]
[/TR]
[TR]
[TH]773[/TH]
[TD] show_subs(reader, emmParsed);[/TD]
[/TR]
[TR]
[TH]774[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]775[/TH]
[TD] memcpy(ins18Data+ins18Len, emmParsed, emmParsed[1] + 2);[/TD]
[/TR]
[TR]
[TH]776[/TH]
[TD] ins18Len += emmParsed [1] + 2;[/TD]
[/TR]
[TR]
[TH]777[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]778[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]779[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]780[/TH]
[TD] if (!provider_ok) {[/TD]
[/TR]
[TR]
[TH]781[/TH]
[TD] rdr_debug_mask(reader, D_READER, "provider not found in emm, continue anyway");[/TD]
[/TR]
[TR]
[TH]782[/TH]
[TD] // force key to 1...[/TD]
[/TR]
[TR]
[TH]783[/TH]
[TD] keynr = 1;[/TD]
[/TR]
[TR]
[TH]784[/TH]
[TD] ///return ERROR;[/TD]
[/TR]
[TR]
[TH]785[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]786[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]787[/TH]
[TD] if (!nanoF0Data) {[/TD]
[/TR]
[TR]
[TH]788[/TH]
[TD] cs_dump(ep->emm, ep->l, "can't find 0xf0 in emm...");[/TD]
[/TR]
[TR]
[TH]789[/TH]
[TD] return ERROR; // error[/TD]
[/TR]
[TR]
[TH]790[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]791[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]792[/TH]
[TD] if (nano9EData) {[/TD]
[/TR]
[TR]
[TH]793[/TH]
[TD] if (!nano91Data) {[/TD]
[/TR]
[TR]
[TH]794[/TH]
[TD] // set adf[/TD]
[/TR]
[TR]
[TH]795[/TH]
[TD] insf0[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]796[/TH]
[TD] insf0[4] = nano9EData[1] + 2;[/TD]
[/TR]
[TR]
[TH]797[/TH]
[TD] write_cmd(insf0, nano9EData);[/TD]
[/TR]
[TR]
[TH]798[/TH]
[TD] if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]799[/TH]
[TD] cs_dump(insf0, 5, "set adf cmd:");[/TD]
[/TR]
[TR]
[TH]800[/TH]
[TD] cs_dump(nano9EData, insf0[4] , "set adf data:");[/TD]
[/TR]
[TR]
[TH]801[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]802[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]803[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]804[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]805[/TH]
[TD] // set adf crypte[/TD]
[/TR]
[TR]
[TH]806[/TH]
[TD] insf4[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]807[/TH]
[TD] insf4[4] = nano91Data[1] + 2 + nano9EData[1] + 2;[/TD]
[/TR]
[TR]
[TH]808[/TH]
[TD] memcpy (insData, nano91Data, nano91Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]809[/TH]
[TD] memcpy (insData + nano91Data[1] + 2, nano9EData, nano9EData[1] + 2);[/TD]
[/TR]
[TR]
[TH]810[/TH]
[TD] write_cmd(insf4, insData);[/TD]
[/TR]
[TR]
[TH]811[/TH]
[TD] if(( cta_res[cta_lr-2]!=0x90 && cta_res[cta_lr-2]!=0x91) || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]812[/TH]
[TD] cs_dump(insf4, 5, "set adf encrypted cmd:");[/TD]
[/TR]
[TR]
[TH]813[/TH]
[TD] cs_dump(insData, insf4[4], "set adf encrypted data:");[/TD]
[/TR]
[TR]
[TH]814[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]815[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]816[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]817[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]818[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]819[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]820[/TH]
[TD] if (!nano92Data) {[/TD]
[/TR]
[TR]
[TH]821[/TH]
[TD] // send subscription[/TD]
[/TR]
[TR]
[TH]822[/TH]
[TD] ins18[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?[/TD]
[/TR]
[TR]
[TH]823[/TH]
[TD] ins18[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]824[/TH]
[TD] ins18[4] = ins18Len + nanoF0Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]825[/TH]
[TD] memcpy (insData, ins18Data, ins18Len);[/TD]
[/TR]
[TR]
[TH]826[/TH]
[TD] memcpy (insData + ins18Len, nanoF0Data, nanoF0Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]827[/TH]
[TD] write_cmd(ins18, insData);[/TD]
[/TR]
[TR]
[TH]828[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 || cta_res[cta_lr-2]==0x91) && cta_res[cta_lr-1]==0x00 ) {[/TD]
[/TR]
[TR]
[TH]829[/TH]
[TD] rdr_debug_mask(reader, D_READER, "update successfully written");[/TD]
[/TR]
[TR]
[TH]830[/TH]
[TD] rc=1; // written[/TD]
[/TR]
[TR]
[TH]831[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]832[/TH]
[TD] cs_dump(ins18, 5, "set subscription cmd:");[/TD]
[/TR]
[TR]
[TH]833[/TH]
[TD] cs_dump(insData, ins18[4], "set subscription data:");[/TD]
[/TR]
[TR]
[TH]834[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]835[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]836[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]837[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]838[/TH]
[TD] // send subscription encrypted[/TD]
[/TR]
[TR]
[TH]839[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]840[/TH]
[TD] if (!nano81Data) {[/TD]
[/TR]
[TR]
[TH]841[/TH]
[TD] cs_dump(ep->emm, ep->l, "0x92 found, but can't find 0x81 in emm...");[/TD]
[/TR]
[TR]
[TH]842[/TH]
[TD] return ERROR; // error[/TD]
[/TR]
[TR]
[TH]843[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]844[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]845[/TH]
[TD] ins1c[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?[/TD]
[/TR]
[TR]
[TH]846[/TH]
[TD] if (ep->type == UNIQUE) ins1c[2] = 0x02;[/TD]
[/TR]
[TR]
[TH]847[/TH]
[TD] ins1c[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]848[/TH]
[TD] ins1c[4] = nano92Data[1] + 2 + nano81Data[1] + 2 + nanoF0Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]849[/TH]
[TD] memcpy (insData, nano92Data, nano92Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]850[/TH]
[TD] memcpy (insData + nano92Data[1] + 2, nano81Data, nano81Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]851[/TH]
[TD] memcpy (insData + nano92Data[1] + 2 + nano81Data[1] + 2, nanoF0Data, nanoF0Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]852[/TH]
[TD] write_cmd(ins1c, insData);[/TD]
[/TR]
[TR]
[TH]853[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]854[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {[/TD]
[/TR]
[TR]
[TH]855[/TH]
[TD] rdr_log(reader, "update successfully written");[/TD]
[/TR]
[TR]
[TH]856[/TH]
[TD] rc=1; // written[/TD]
[/TR]
[TR]
[TH]857[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]858[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]859[/TH]
[TD] if( cta_res[cta_lr-2]&0x1 )[/TD]
[/TR]
[TR]
[TH]860[/TH]
[TD] rdr_log(reader, "update not written. Data already exists or unknown address");[/TD]
[/TR]
[TR]
[TH]861[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]862[/TH]
[TD] //if( cta_res[cta_lr-2]&0x8 ) {[/TD]
[/TR]
[TR]
[TH]863[/TH]
[TD] write_cmd(insc8, NULL);[/TD]
[/TR]
[TR]
[TH]864[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {[/TD]
[/TR]
[TR]
[TH]865[/TH]
[TD] rdr_log(reader, "extended status %02X %02X", cta_res[0], cta_res[1]);[/TD]
[/TR]
[TR]
[TH]866[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]867[/TH]
[TD] //}[/TD]
[/TR]
[TR]
[TH]868[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]869[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]870[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]871[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]872[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]873[/TH]
[TD] /*[/TD]
[/TR]
[TR]
[TH]874[/TH]
[TD] Sub Main()[/TD]
[/TR]
[TR]
[TH]875[/TH]
[TD] Sc.Write("CA A4 04 00 03")[/TD]
[/TR]
[TR]
[TH]876[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]877[/TH]
[TD] Sc.Write("02 07 11")[/TD]
[/TR]
[TR]
[TH]878[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]879[/TH]
[TD] Sc.Write("CA F0 00 01 22")[/TD]
[/TR]
[TR]
[TH]880[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]881[/TH]
[TD] Sc.Write("9E 20")[/TD]
[/TR]
[TR]
[TH]882[/TH]
[TD] Sc.Write("10 10 08 8A 80 00 04 00 10 10 26 E8 54 80 1E 80")[/TD]
[/TR]
[TR]
[TH]883[/TH]
[TD] Sc.Write("00 01 00 00 00 00 00 50 00 00 80 02 22 00 08 50")[/TD]
[/TR]
[TR]
[TH]884[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]885[/TH]
[TD] Sc.Write("CA 18 01 01 11")[/TD]
[/TR]
[TR]
[TH]886[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]887[/TH]
[TD] Sc.Write("A9 05 34 DE 34 FF 80")[/TD]
[/TR]
[TR]
[TH]888[/TH]
[TD] Sc.Write("F0 08 1A 3E AF B5 2B EE E3 3B")[/TD]
[/TR]
[TR]
[TH]889[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]890[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]891[/TH]
[TD] End Sub[/TD]
[/TR]
[TR]
[TH]892[/TH]
[TD] */[/TD]
[/TR]
[TR]
[TH]893[/TH]
[TD] return rc;[/TD]
[/TR]
[TR]
[TH]894[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]895[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]896[/TH]
[TD]static int32_t viaccess_card_info(struct s_reader * reader)[/TD]
[/TR]
[TR]
[TH]897[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]898[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]899[/TH]
[TD] int32_t i, l;[/TD]
[/TR]
[TR]
[TH]900[/TH]
[TD] uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data[/TD]
[/TR]
[TR]
[TH]901[/TH]
[TD] uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data[/TD]
[/TR]
[TR]
[TH]902[/TH]
[TD] uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer[/TD]
[/TR]
[TR]
[TH]903[/TH]
[TD] uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item[/TD]
[/TR]
[TR]
[TH]904[/TH]
[TD] static const uchar ins24[] = { 0xca, 0x24, 0x00, 0x00, 0x09 }; // set pin[/TD]
[/TR]
[TR]
[TH]905[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]906[/TH]
[TD] static const uchar cls[] = { 0x00, 0x21, 0xff, 0x9f};[/TD]
[/TR]
[TR]
[TH]907[/TH]
[TD] static const uchar pin[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04};[/TD]
[/TR]
[TR]
[TH]908[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]909[/TH]
[TD] reader->last_geo.provid = 0;[/TD]
[/TR]
[TR]
[TH]910[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]911[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]912[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]913[/TH]
[TD] rdr_log(reader, "card detected");[/TD]
[/TR]
[TR]
[TH]914[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]915[/TH]
[TD] cs_clear_entitlement(reader); //reset the entitlements[/TD]
[/TR]
[TR]
[TH]916[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]917[/TH]
[TD] // set pin[/TD]
[/TR]
[TR]
[TH]918[/TH]
[TD] write_cmd(ins24, pin);[/TD]
[/TR]
[TR]
[TH]919[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]920[/TH]
[TD] insac[2]=0xa4; write_cmd(insac, NULL); // request unique id[/TD]
[/TR]
[TR]
[TH]921[/TH]
[TD] insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id[/TD]
[/TR]
[TR]
[TH]922[/TH]
[TD] rdr_log_sensitive(reader, "serial: {%llu}", (unsigned long long) b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]923[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]924[/TH]
[TD] insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0[/TD]
[/TR]
[TR]
[TH]925[/TH]
[TD] for (i=1; (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0); i++)[/TD]
[/TR]
[TR]
[TH]926[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]927[/TH]
[TD] uint32_t l_provid, l_sa;[/TD]
[/TR]
[TR]
[TH]928[/TH]
[TD] uchar l_name[64];[/TD]
[/TR]
[TR]
[TH]929[/TH]
[TD] insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties[/TD]
[/TR]
[TR]
[TH]930[/TH]
[TD] cta_res[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]931[/TH]
[TD] l_provid=b2i(3, cta_res);[/TD]
[/TR]
[TR]
[TH]932[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]933[/TH]
[TD] insac[2]=0xa5; write_cmd(insac, NULL); // request sa[/TD]
[/TR]
[TR]
[TH]934[/TH]
[TD] insb8[4]=0x06; write_cmd(insb8, NULL); // read sa[/TD]
[/TR]
[TR]
[TH]935[/TH]
[TD] l_sa=b2i(4, cta_res+2);[/TD]
[/TR]
[TR]
[TH]936[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]937[/TH]
[TD] insac[2]=0xa7; write_cmd(insac, NULL); // request name[/TD]
[/TR]
[TR]
[TH]938[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len[/TD]
[/TR]
[TR]
[TH]939[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]940[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read name[/TD]
[/TR]
[TR]
[TH]941[/TH]
[TD] cta_res[l]=0;[/TD]
[/TR]
[TR]
[TH]942[/TH]
[TD] trim((char *)cta_res);[/TD]
[/TR]
[TR]
[TH]943[/TH]
[TD] if (cta_res[0])[/TD]
[/TR]
[TR]
[TH]944[/TH]
[TD] snprintf((char *)l_name, sizeof(l_name), ", name: %s", cta_res);[/TD]
[/TR]
[TR]
[TH]945[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]946[/TH]
[TD] l_name[0]=0;[/TD]
[/TR]
[TR]
[TH]947[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]948[/TH]
[TD] // read GEO[/TD]
[/TR]
[TR]
[TH]949[/TH]
[TD] insac[2]=0xa6; write_cmd(insac, NULL); // request GEO[/TD]
[/TR]
[TR]
[TH]950[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read GEO nano + len[/TD]
[/TR]
[TR]
[TH]951[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]952[/TH]
[TD] char tmp[l*3+1];[/TD]
[/TR]
[TR]
[TH]953[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read geo[/TD]
[/TR]
[TR]
[TH]954[/TH]
[TD] rdr_log_sensitive(reader, "provider: %d, id: {%06X%s}, sa: {%08X}, geo: %s",[/TD]
[/TR]
[TR]
[TH]955[/TH]
[TD] i, l_provid, l_name, l_sa, (l<4) ? "empty" : cs_hexdump(1, cta_res, l, tmp, sizeof(tmp)));[/TD]
[/TR]
[TR]
[TH]956[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]957[/TH]
[TD] // read classes subscription[/TD]
[/TR]
[TR]
[TH]958[/TH]
[TD] insac[2]=0xa9; insac[4]=4;[/TD]
[/TR]
[TR]
[TH]959[/TH]
[TD] write_cmd(insac, cls); // request class subs[/TD]
[/TR]
[TR]
[TH]960[/TH]
[TD] while( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]961[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]962[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read class subs nano + len[/TD]
[/TR]
[TR]
[TH]963[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]964[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]965[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]966[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read class subs[/TD]
[/TR]
[TR]
[TH]967[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90) &&[/TD]
[/TR]
[TR]
[TH]968[/TH]
[TD] (cta_res[cta_lr-1]==0x00 || cta_res[cta_lr-1]==0x08) )[/TD]
[/TR]
[TR]
[TH]969[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]970[/TH]
[TD] show_class(reader, NULL, l_provid, cta_res, cta_lr-2);[/TD]
[/TR]
[TR]
[TH]971[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]972[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]973[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]974[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]975[/TH]
[TD] insac[4]=0;[/TD]
[/TR]
[TR]
[TH]976[/TH]
[TD] insa4[2]=0x02;[/TD]
[/TR]
[TR]
[TH]977[/TH]
[TD] write_cmd(insa4, NULL); // select next provider[/TD]
[/TR]
[TR]
[TH]978[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]979[/TH]
[TD] //return ERROR;[/TD]
[/TR]
[TR]
[TH]980[/TH]
[TD] return OK;[/TD]
[/TR]
[TR]
[TH]981[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]982[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]983[/TH]
[TD]#ifdef HAVE_DVBAPI[/TD]
[/TR]
[TR]
[TH]984[/TH]
[TD]void dvbapi_sort_nanos(unsigned char *dest, const unsigned char *src, int32_t len);[/TD]
[/TR]
[TR]
[TH]985[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]986[/TH]
[TD]int32_t viaccess_reassemble_emm(uchar *buffer, uint32_t *len) {[/TD]
[/TR]
[TR]
[TH]987[/TH]
[TD] static uchar emm_global[512];[/TD]
[/TR]
[TR]
[TH]988[/TH]
[TD] static int32_t emm_global_len = 0;[/TD]
[/TR]
[TR]
[TH]989[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]990[/TH]
[TD] int32_t pos=0, i;[/TD]
[/TR]
[TR]
[TH]991[/TH]
[TD] uint32_t k;[/TD]
[/TR]
[TR]
[TH]992[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]993[/TH]
[TD] // Viaccess[/TD]
[/TR]
[TR]
[TH]994[/TH]
[TD] if (*len>500) return 0;[/TD]
[/TR]
[TR]
[TH]995[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]996[/TH]
[TD] switch(buffer[0]) {[/TD]
[/TR]
[TR]
[TH]997[/TH]
[TD] case 0x8c:[/TD]
[/TR]
[TR]
[TH]998[/TH]
[TD] case 0x8d:[/TD]
[/TR]
[TR]
[TH]999[/TH]
[TD] // emm-s part 1[/TD]
[/TR]
[TR]
[TH]1000[/TH]
[TD] if (!memcmp(emm_global, buffer, *len))[/TD]
[/TR]
[TR]
[TH]1001[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]1002[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1003[/TH]
[TD] // copy first part of the emm-s[/TD]
[/TR]
[TR]
[TH]1004[/TH]
[TD] memcpy(emm_global, buffer, *len);[/TD]
[/TR]
[TR]
[TH]1005[/TH]
[TD] emm_global_len=*len;[/TD]
[/TR]
[TR]
[TH]1006[/TH]
[TD] //cs_ddump_mask(D_READER, buffer, len, "viaccess global emm:");[/TD]
[/TR]
[TR]
[TH]1007[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]1008[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1009[/TH]
[TD] case 0x8e:[/TD]
[/TR]
[TR]
[TH]1010[/TH]
[TD] // emm-s part 2[/TD]
[/TR]
[TR]
[TH]1011[/TH]
[TD] if (!emm_global_len) return 0;[/TD]
[/TR]
[TR]
[TH]1012[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1013[/TH]
[TD] //extract nanos from emm-gh and emm-s[/TD]
[/TR]
[TR]
[TH]1014[/TH]
[TD] uchar emmbuf[512];[/TD]
[/TR]
[TR]
[TH]1015[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1016[/TH]
[TD] cs_debug_mask(D_DVBAPI, "[viaccess] %s: start extracting nanos", __func__);[/TD]
[/TR]
[TR]
[TH]1017[/TH]
[TD] //extract from emm-gh[/TD]
[/TR]
[TR]
[TH]1018[/TH]
[TD] for (i=3; i<emm_global_len; i+=emm_global[i+1]+2) {[/TD]
[/TR]
[TR]
[TH]1019[/TH]
[TD] //copy nano (length determined by i+1)[/TD]
[/TR]
[TR]
[TH]1020[/TH]
[TD] memcpy(emmbuf+pos, emm_global+i, emm_global[i+1]+2);[/TD]
[/TR]
[TR]
[TH]1021[/TH]
[TD] pos+=emm_global[i+1]+2;[/TD]
[/TR]
[TR]
[TH]1022[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1023[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1024[/TH]
[TD] if (buffer[2]==0x2c) {[/TD]
[/TR]
[TR]
[TH]1025[/TH]
[TD] //add 9E 20 nano + first 32 bytes of emm content[/TD]
[/TR]
[TR]
[TH]1026[/TH]
[TD] memcpy(emmbuf+pos, "\x9E\x20", 2);[/TD]
[/TR]
[TR]
[TH]1027[/TH]
[TD] memcpy(emmbuf+pos+2, buffer+7, 32);[/TD]
[/TR]
[TR]
[TH]1028[/TH]
[TD] pos+=34;[/TD]
[/TR]
[TR]
[TH]1029[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1030[/TH]
[TD] //add F0 08 nano + 8 subsequent bytes of emm content[/TD]
[/TR]
[TR]
[TH]1031[/TH]
[TD] memcpy(emmbuf+pos, "\xF0\x08", 2);[/TD]
[/TR]
[TR]
[TH]1032[/TH]
[TD] memcpy(emmbuf+pos+2, buffer+39, 8);[/TD]
[/TR]
[TR]
[TH]1033[/TH]
[TD] pos+=10;[/TD]
[/TR]
[TR]
[TH]1034[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]1035[/TH]
[TD] //extract from variable emm-s[/TD]
[/TR]
[TR]
[TH]1036[/TH]
[TD] for (k=7; k<(*len); k+=buffer[k+1]+2) {[/TD]
[/TR]
[TR]
[TH]1037[/TH]
[TD] //copy nano (length determined by k+1)[/TD]
[/TR]
[TR]
[TH]1038[/TH]
[TD] memcpy(emmbuf+pos, buffer+k, buffer[k+1]+2);[/TD]
[/TR]
[TR]
[TH]1039[/TH]
[TD] pos+=buffer[k+1]+2;[/TD]
[/TR]
[TR]
[TH]1040[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1041[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1042[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1043[/TH]
[TD] cs_ddump_mask(D_DVBAPI, buffer, *len, "[viaccess] %s: %s emm-s", __func__, (buffer[2]==0x2c) ? "fixed" : "variable");[/TD]
[/TR]
[TR]
[TH]1044[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1045[/TH]
[TD] dvbapi_sort_nanos(buffer+7, emmbuf, pos);[/TD]
[/TR]
[TR]
[TH]1046[/TH]
[TD] pos+=7;[/TD]
[/TR]
[TR]
[TH]1047[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1048[/TH]
[TD] //calculate emm length and set it on position 2[/TD]
[/TR]
[TR]
[TH]1049[/TH]
[TD] buffer[2]=pos-3;[/TD]
[/TR]
[TR]
[TH]1050[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1051[/TH]
[TD] cs_ddump_mask(D_DVBAPI, emm_global, emm_global_len, "[viaccess] %s: emm-gh", __func__);[/TD]
[/TR]
[TR]
[TH]1052[/TH]
[TD] cs_ddump_mask(D_DVBAPI, buffer, pos, "[viaccess] %s: assembled emm", __func__);[/TD]
[/TR]
[TR]
[TH]1053[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1054[/TH]
[TD] *len=pos;[/TD]
[/TR]
[TR]
[TH]1055[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]1056[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1057[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]1058[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]1059[/TH]
[TD]#endif[/TD]
[/TR]
[TR]
[TH]1060[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1061[/TH]
[TD]void reader_viaccess(struct s_cardsystem *ph)[/TD]
[/TR]
[TR]
[TH]1062[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]1063[/TH]
[TD] ph->do_emm=viaccess_do_emm;[/TD]
[/TR]
[TR]
[TH]1064[/TH]
[TD] ph->do_ecm=viaccess_do_ecm;[/TD]
[/TR]
[TR]
[TH]1065[/TH]
[TD] ph->card_info=viaccess_card_info;[/TD]
[/TR]
[TR]
[TH]1066[/TH]
[TD] ph->card_init=viaccess_card_init;[/TD]
[/TR]
[TR]
[TH]1067[/TH]
[TD] ph->get_emm_type=viaccess_get_emm_type;[/TD]
[/TR]
[TR]
[TH]1068[/TH]
[TD] ph->get_emm_filter=viaccess_get_emm_filter;[/TD]
[/TR]
[TR]
[TH]1069[/TH]
[TD] ph->caids[0]=0x05;[/TD]
[/TR]
[TR]
[TH]1070[/TH]
[TD] ph->desc="viaccess";[/TD]
[/TR]
[TR]
[TH]1071[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]1072[/TH]
[TD]#endif[/TD]
[/TR]
constance
DZSatien Accro
- Inscrit
- 15/12/08
- Messages
- 775
actuellement pour le viaccess our oscam on na cela et la dernier améliorations date de 4 semaine
[TR]
[TH]175[/TH]
[TD] for (j=0; (!rc) && (j<16); j++)[/TD]
[/TR]
[TR]
[TH]176[/TH]
[TD] if (reader->availkeys[j]==keynr)[/TD]
[/TR]
[TR]
[TH]177[/TH]
[TD] rc=1;[/TD]
[/TR]
[TR]
[TH]178[/TH]
[TD] return(rc);[/TD]
[/TR]
[TR]
[TH]179[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]180[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]181[/TH]
[TD]static int32_t unlock_parental(struct s_reader * reader)[/TD]
[/TR]
[TR]
[TH]182[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]183[/TH]
[TD] /* disabling parental lock. assuming pin "0000" if no pin code is provided in the config */[/TD]
[/TR]
[TR]
[TH]184[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]185[/TH]
[TD] static const uchar inDPL[] = {0xca, 0x24, 0x02, 0x00, 0x09};[/TD]
[/TR]
[TR]
[TH]186[/TH]
[TD] uchar cmDPL[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F};[/TD]
[/TR]
[TR]
[TH]187[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]188[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]189[/TH]
[TD] if (strcmp(reader->pincode, "none")) {[/TD]
[/TR]
[TR]
[TH]190[/TH]
[TD] rdr_log(reader, "Using PIN %s",reader->pincode);[/TD]
[/TR]
[TR]
[TH]191[/TH]
[TD] // the pin need to be coded in bcd, so we need to convert from ascii to bcd, so '1234' -> 0x12 0x34[/TD]
[/TR]
[TR]
[TH]192[/TH]
[TD] cmDPL[6]=((reader->pincode[0]-0x30)<<4) | ((reader->pincode[1]-0x30) & 0x0f);[/TD]
[/TR]
[TR]
[TH]193[/TH]
[TD] cmDPL[7]=((reader->pincode[2]-0x30)<<4) | ((reader->pincode[3]-0x30) & 0x0f);[/TD]
[/TR]
[TR]
[TH]194[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]195[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]196[/TH]
[TD] rdr_log(reader, "Using PIN 0000!");[/TD]
[/TR]
[TR]
[TH]197[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]198[/TH]
[TD] write_cmd(inDPL,cmDPL);[/TD]
[/TR]
[TR]
[TH]199[/TH]
[TD] if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) ) {[/TD]
[/TR]
[TR]
[TH]200[/TH]
[TD] if (strcmp(reader->pincode, "none")) {[/TD]
[/TR]
[TR]
[TH]201[/TH]
[TD] rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used %s!",reader->pincode);[/TD]
[/TR]
[TR]
[TH]202[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]203[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]204[/TH]
[TD] rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used 0000!");[/TD]
[/TR]
[TR]
[TH]205[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]206[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]207[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]208[/TH]
[TD] rdr_log(reader, "Parental lock disabled");[/TD]
[/TR]
[TR]
[TH]209[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]210[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]211[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]212[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]213[/TH]
[TD]static int32_t viaccess_card_init(struct s_reader * reader, ATR *newatr)[/TD]
[/TR]
[TR]
[TH]214[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]215[/TH]
[TD] get_atr;[/TD]
[/TR]
[TR]
[TH]216[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]217[/TH]
[TD] int32_t i;[/TD]
[/TR]
[TR]
[TH]218[/TH]
[TD] uchar buf[256];[/TD]
[/TR]
[TR]
[TH]219[/TH]
[TD] uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data[/TD]
[/TR]
[TR]
[TH]220[/TH]
[TD] uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data[/TD]
[/TR]
[TR]
[TH]221[/TH]
[TD] uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer[/TD]
[/TR]
[TR]
[TH]222[/TH]
[TD] uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item[/TD]
[/TR]
[TR]
[TH]223[/TH]
[TD] static const uchar insFAC[] = { 0x87, 0x02, 0x00, 0x00, 0x03 }; // init FAC[/TD]
[/TR]
[TR]
[TH]224[/TH]
[TD] static const uchar FacDat[] = { 0x00, 0x00, 0x28 };[/TD]
[/TR]
[TR]
[TH]225[/TH]
[TD] static unsigned char ins8702_data[] = { 0x00, 0x00, 0x11};[/TD]
[/TR]
[TR]
[TH]226[/TH]
[TD] static unsigned char ins8704[] = { 0x87, 0x04, 0x00, 0x00, 0x07 };[/TD]
[/TR]
[TR]
[TH]227[/TH]
[TD] static unsigned char ins8706[] = { 0x87, 0x06, 0x00, 0x00, 0x04 };[/TD]
[/TR]
[TR]
[TH]228[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]229[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]230[/TH]
[TD] if ((atr[1]!=0x77) || ((atr[2]!=0x18) && (atr[2]!=0x11) && (atr[2]!=0x19)) || ((atr[9]!=0x68) && (atr[9]!=0x6C)))[/TD]
[/TR]
[TR]
[TH]231[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]232[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]233[/TH]
[TD] write_cmd(insFAC, FacDat);[/TD]
[/TR]
[TR]
[TH]234[/TH]
[TD] if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]235[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]236[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]237[/TH]
[TD] memset(&reader->last_geo, 0, sizeof(reader->last_geo));[/TD]
[/TR]
[TR]
[TH]238[/TH]
[TD] write_cmd(insFAC, ins8702_data);[/TD]
[/TR]
[TR]
[TH]239[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]240[/TH]
[TD] write_cmd(ins8704, NULL);[/TD]
[/TR]
[TR]
[TH]241[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]242[/TH]
[TD] write_cmd(ins8706, NULL);[/TD]
[/TR]
[TR]
[TH]243[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]244[/TH]
[TD] reader->last_geo.number_ecm =(cta_res[2]<<8) | (cta_res[3]);[/TD]
[/TR]
[TR]
[TH]245[/TH]
[TD] rdr_log(reader, "using ecm #%x for long viaccess ecm",reader->last_geo.number_ecm);[/TD]
[/TR]
[TR]
[TH]246[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]247[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]248[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]249[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]250[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]251[/TH]
[TD] // switch((atr[atrsize-4]<<8)|atr[atrsize-3])[/TD]
[/TR]
[TR]
[TH]252[/TH]
[TD] // {[/TD]
[/TR]
[TR]
[TH]253[/TH]
[TD] // case 0x6268: ver="2.3"; break;[/TD]
[/TR]
[TR]
[TH]254[/TH]
[TD] // case 0x6668: ver="2.4(?)"; break;[/TD]
[/TR]
[TR]
[TH]255[/TH]
[TD] // case 0xa268:[/TD]
[/TR]
[TR]
[TH]256[/TH]
[TD] // default: ver="unknown"; break;[/TD]
[/TR]
[TR]
[TH]257[/TH]
[TD] // }[/TD]
[/TR]
[TR]
[TH]258[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]259[/TH]
[TD] reader->caid=0x500;[/TD]
[/TR]
[TR]
[TH]260[/TH]
[TD] memset(reader->prid, 0xff, sizeof(reader->prid));[/TD]
[/TR]
[TR]
[TH]261[/TH]
[TD] insac[2]=0xa4; write_cmd(insac, NULL); // request unique id[/TD]
[/TR]
[TR]
[TH]262[/TH]
[TD] insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id[/TD]
[/TR]
[TR]
[TH]263[/TH]
[TD] memcpy(reader->hexserial, cta_res+2, 5);[/TD]
[/TR]
[TR]
[TH]264[/TH]
[TD] // rdr_log(reader, "[viaccess-reader] type: Viaccess, ver: %s serial: %llu", ver, b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]265[/TH]
[TD] rdr_log_sensitive(reader, "type: Viaccess (%sstandard atr), caid: %04X, serial: {%llu}",[/TD]
[/TR]
[TR]
[TH]266[/TH]
[TD] atr[9]==0x68?"":"non-",reader->caid, (unsigned long long) b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]267[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]268[/TH]
[TD] i=0;[/TD]
[/TR]
[TR]
[TH]269[/TH]
[TD] insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0[/TD]
[/TR]
[TR]
[TH]270[/TH]
[TD] buf[0]=0;[/TD]
[/TR]
[TR]
[TH]271[/TH]
[TD] while((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0))[/TD]
[/TR]
[TR]
[TH]272[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]273[/TH]
[TD] insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties[/TD]
[/TR]
[TR]
[TH]274[/TH]
[TD] cta_res[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]275[/TH]
[TD] reader->prid[0]=0;[/TD]
[/TR]
[TR]
[TH]276[/TH]
[TD] memcpy(&reader->prid[1], cta_res, 3);[/TD]
[/TR]
[TR]
[TH]277[/TH]
[TD] memcpy(&reader->availkeys[0], cta_res+10, 16);[/TD]
[/TR]
[TR]
[TH]278[/TH]
[TD] snprintf((char *)buf+strlen((char *)buf), sizeof(buf)-strlen((char *)buf), ",%06X", b2i(3, &reader->prid[1]));[/TD]
[/TR]
[TR]
[TH]279[/TH]
[TD] //rdr_log(reader, "[viaccess-reader] buf: %s", buf);[/TD]
[/TR]
[TR]
[TH]280[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]281[/TH]
[TD] insac[2]=0xa5; write_cmd(insac, NULL); // request sa[/TD]
[/TR]
[TR]
[TH]282[/TH]
[TD] insb8[4]=0x06; write_cmd(insb8, NULL); // read sa[/TD]
[/TR]
[TR]
[TH]283[/TH]
[TD] memcpy(&reader->sa[0], cta_res+2, 4);[/TD]
[/TR]
[TR]
[TH]284[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]285[/TH]
[TD] /*[/TD]
[/TR]
[TR]
[TH]286[/TH]
[TD] insac[2]=0xa7; write_cmd(insac, NULL); // request name[/TD]
[/TR]
[TR]
[TH]287[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len[/TD]
[/TR]
[TR]
[TH]288[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]289[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read name[/TD]
[/TR]
[TR]
[TH]290[/TH]
[TD] cta_res[l]=0;[/TD]
[/TR]
[TR]
[TH]291[/TH]
[TD] rdr_log(reader, "[viaccess-reader] name: %s", cta_res);[/TD]
[/TR]
[TR]
[TH]292[/TH]
[TD] */[/TD]
[/TR]
[TR]
[TH]293[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]294[/TH]
[TD] insa4[2]=0x02;[/TD]
[/TR]
[TR]
[TH]295[/TH]
[TD] write_cmd(insa4, NULL); // select next issuer[/TD]
[/TR]
[TR]
[TH]296[/TH]
[TD] i++;[/TD]
[/TR]
[TR]
[TH]297[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]298[/TH]
[TD] reader->nprov=i;[/TD]
[/TR]
[TR]
[TH]299[/TH]
[TD] rdr_log(reader, "providers: %d (%s)", reader->nprov, buf+1);[/TD]
[/TR]
[TR]
[TH]300[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]301[/TH]
[TD] if (cfg.ulparent)[/TD]
[/TR]
[TR]
[TH]302[/TH]
[TD] unlock_parental(reader);[/TD]
[/TR]
[TR]
[TH]303[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]304[/TH]
[TD] rdr_log(reader, "ready for requests");[/TD]
[/TR]
[TR]
[TH]305[/TH]
[TD] return OK;[/TD]
[/TR]
[TR]
[TH]306[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]307[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]308[/TH]
[TD]bool dcw_crc(uchar *dw){[/TD]
[/TR]
[TR]
[TH]309[/TH]
[TD] int8_t i;[/TD]
[/TR]
[TR]
[TH]310[/TH]
[TD] for(i=0;i<16;i+=4) if(dw[i+3]!=((dw+dw[i+1]+dw[i+2])& 0xFF))return 0;[/TD]
[/TR]
[TR]
[TH]311[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]312[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]313[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]314[/TH]
[TD]static int32_t viaccess_do_ecm(struct s_reader * reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)[/TD]
[/TR]
[TR]
[TH]315[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]316[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]317[/TH]
[TD] static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id[/TD]
[/TR]
[TR]
[TH]318[/TH]
[TD] unsigned char ins88[] = { 0xca,0x88,0x00,0x00,0x00 }; // set ecm[/TD]
[/TR]
[TR]
[TH]319[/TH]
[TD] unsigned char insf8[] = { 0xca,0xf8,0x00,0x00,0x00 }; // set geographic info[/TD]
[/TR]
[TR]
[TH]320[/TH]
[TD] static const unsigned char insc0[] = { 0xca,0xc0,0x00,0x00,0x12 }; // read dcw[/TD]
[/TR]
[TR]
[TH]321[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]322[/TH]
[TD] // //XXX what is the 4th byte for ??[/TD]
[/TR]
[TR]
[TH]323[/TH]
[TD] int32_t ecm88Len = MIN(MAX_ECM_SIZE-4, SCT_LEN(er->ecm)-4);[/TD]
[/TR]
[TR]
[TH]324[/TH]
[TD] if(ecm88Len < 1){[/TD]
[/TR]
[TR]
[TH]325[/TH]
[TD] rdr_log(reader, "ECM: Size of ECM couldn't be correctly calculated.");[/TD]
[/TR]
[TR]
[TH]326[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]327[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]328[/TH]
[TD] uchar ecmData[ecm88Len];[/TD]
[/TR]
[TR]
[TH]329[/TH]
[TD] memset(ecmData, 0, ecm88Len);[/TD]
[/TR]
[TR]
[TH]330[/TH]
[TD] memcpy(ecmData, er->ecm+4, ecm88Len);[/TD]
[/TR]
[TR]
[TH]331[/TH]
[TD] uchar *ecm88Data = &ecmData[0];[/TD]
[/TR]
[TR]
[TH]332[/TH]
[TD] uint32_t provid=0;[/TD]
[/TR]
[TR]
[TH]333[/TH]
[TD] int32_t rc=0;[/TD]
[/TR]
[TR]
[TH]334[/TH]
[TD] int32_t hasD2 = 0;[/TD]
[/TR]
[TR]
[TH]335[/TH]
[TD] int32_t curEcm88len=0;[/TD]
[/TR]
[TR]
[TH]336[/TH]
[TD] int32_t nanoLen=0;[/TD]
[/TR]
[TR]
[TH]337[/TH]
[TD] uchar *nextEcm;[/TD]
[/TR]
[TR]
[TH]338[/TH]
[TD] uchar DE04[256];[/TD]
[/TR]
[TR]
[TH]339[/TH]
[TD] int32_t D2KeyID=0;[/TD]
[/TR]
[TR]
[TH]340[/TH]
[TD] int32_t curnumber_ecm=0;[/TD]
[/TR]
[TR]
[TH]341[/TH]
[TD] //nanoD2 d2 02 0d 02 -> D2 nano, len 2[/TD]
[/TR]
[TR]
[TH]342[/TH]
[TD] // 0d -> post AES decrypt CW[/TD]
[/TR]
[TR]
[TH]343[/TH]
[TD] // 0b -> pre AES decrypt CW[/TD]
[/TR]
[TR]
[TH]344[/TH]
[TD] int32_t nanoD2 = 0; // 0x0b = 1 0x0d = 2[/TD]
[/TR]
[TR]
[TH]345[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]346[/TH]
[TD] memset(DE04, 0, sizeof(DE04)); //fix dorcel de04 bug[/TD]
[/TR]
[TR]
[TH]347[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]348[/TH]
[TD] nextEcm=ecm88Data;[/TD]
[/TR]
[TR]
[TH]349[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]350[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]351[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]352[/TH]
[TD] while (ecm88Len>0 && !rc) {[/TD]
[/TR]
[TR]
[TH]353[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]354[/TH]
[TD] if(ecm88Data[0] ==0x00 && ecm88Data[1] == 0x00) {[/TD]
[/TR]
[TR]
[TH]355[/TH]
[TD] // nano 0x00 and len 0x00 aren't valid ... something is obviously wrong with this ecm.[/TD]
[/TR]
[TR]
[TH]356[/TH]
[TD] rdr_log(reader, "ECM: Invalid ECM structure. Rejecting");[/TD]
[/TR]
[TR]
[TH]357[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]358[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]359[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]360[/TH]
[TD] // 80 33 nano 80 (ecm) + len (33)[/TD]
[/TR]
[TR]
[TH]361[/TH]
[TD] if(ecm88Data[0]==0x80) { // nano 80, give ecm len[/TD]
[/TR]
[TR]
[TH]362[/TH]
[TD] curEcm88len=ecm88Data[1];[/TD]
[/TR]
[TR]
[TH]363[/TH]
[TD] nextEcm=ecm88Data+curEcm88len+2;[/TD]
[/TR]
[TR]
[TH]364[/TH]
[TD] ecm88Data += 2;[/TD]
[/TR]
[TR]
[TH]365[/TH]
[TD] ecm88Len -= 2;[/TD]
[/TR]
[TR]
[TH]366[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]367[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]368[/TH]
[TD] if(!curEcm88len) { //there was no nano 80 -> simple ecm[/TD]
[/TR]
[TR]
[TH]369[/TH]
[TD] curEcm88len=ecm88Len;[/TD]
[/TR]
[TR]
[TH]370[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]371[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]372[/TH]
[TD] // d2 02 0d 02 -> D2 nano, len 2, select the AES key to be used[/TD]
[/TR]
[TR]
[TH]373[/TH]
[TD] if(ecm88Data[0]==0xd2) {[/TD]
[/TR]
[TR]
[TH]374[/TH]
[TD] // test if need post or pre AES decrypt[/TD]
[/TR]
[TR]
[TH]375[/TH]
[TD] if(ecm88Data[2]==0x0b)[/TD]
[/TR]
[TR]
[TH]376[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]377[/TH]
[TD] nanoD2 = 1;[/TD]
[/TR]
[TR]
[TH]378[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0b");[/TD]
[/TR]
[TR]
[TH]379[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]380[/TH]
[TD] if(ecm88Data[2]==0x0d)[/TD]
[/TR]
[TR]
[TH]381[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]382[/TH]
[TD] nanoD2 = 2;[/TD]
[/TR]
[TR]
[TH]383[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0d");[/TD]
[/TR]
[TR]
[TH]384[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]385[/TH]
[TD] // use the d2 arguments to get the key # to be used[/TD]
[/TR]
[TR]
[TH]386[/TH]
[TD] int32_t len = ecm88Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]387[/TH]
[TD] D2KeyID=ecm88Data[3];[/TD]
[/TR]
[TR]
[TH]388[/TH]
[TD] ecm88Data += len;[/TD]
[/TR]
[TR]
[TH]389[/TH]
[TD] ecm88Len -= len;[/TD]
[/TR]
[TR]
[TH]390[/TH]
[TD] curEcm88len -=len;[/TD]
[/TR]
[TR]
[TH]391[/TH]
[TD] hasD2 = 1;[/TD]
[/TR]
[TR]
[TH]392[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]393[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]394[/TH]
[TD] hasD2 = 0;[/TD]
[/TR]
[TR]
[TH]395[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]396[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]397[/TH]
[TD] // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here[/TD]
[/TR]
[TR]
[TH]398[/TH]
[TD] // 09 -> use key #9[/TD]
[/TR]
[TR]
[TH]399[/TH]
[TD] // 05 67 00[/TD]
[/TR]
[TR]
[TH]400[/TH]
[TD] if ((ecm88Data[0]==0x90 || ecm88Data[0]==0x40) && (ecm88Data[1]==0x03 || ecm88Data[1]==0x07 ) )[/TD]
[/TR]
[TR]
[TH]401[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]402[/TH]
[TD] uchar ident[3], keynr;[/TD]
[/TR]
[TR]
[TH]403[/TH]
[TD] uchar *ecmf8Data=0;[/TD]
[/TR]
[TR]
[TH]404[/TH]
[TD] int32_t ecmf8Len=0;[/TD]
[/TR]
[TR]
[TH]405[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]406[/TH]
[TD] nanoLen=ecm88Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]407[/TH]
[TD] keynr=ecm88Data[4]&0x0F;[/TD]
[/TR]
[TR]
[TH]408[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]409[/TH]
[TD] // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here[/TD]
[/TR]
[TR]
[TH]410[/TH]
[TD] // 09 -> use key #9[/TD]
[/TR]
[TR]
[TH]411[/TH]
[TD] if(nanoLen>5) {[/TD]
[/TR]
[TR]
[TH]412[/TH]
[TD] curnumber_ecm =(ecm88Data[6]<<8) | (ecm88Data[7]);[/TD]
[/TR]
[TR]
[TH]413[/TH]
[TD] rdr_debug_mask(reader, D_READER, "checking if the ecm number (%x) match the card one (%x)",curnumber_ecm,reader->last_geo.number_ecm);[/TD]
[/TR]
[TR]
[TH]414[/TH]
[TD] // if we have an ecm number we check it.[/TD]
[/TR]
[TR]
[TH]415[/TH]
[TD] // we can't assume that if the nano len is 5 or more we have an ecm number[/TD]
[/TR]
[TR]
[TH]416[/TH]
[TD] // as some card don't support this[/TD]
[/TR]
[TR]
[TH]417[/TH]
[TD] if( reader->last_geo.number_ecm > 0 ) {[/TD]
[/TR]
[TR]
[TH]418[/TH]
[TD] if (reader->last_geo.number_ecm == curnumber_ecm && !( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )) {[/TD]
[/TR]
[TR]
[TH]419[/TH]
[TD] keynr=ecm88Data[5];[/TD]
[/TR]
[TR]
[TH]420[/TH]
[TD] rdr_debug_mask(reader, D_READER, "keyToUse = %02x, ECM ending with %02x",ecm88Data[5], ecm88Data[nanoLen-1]);[/TD]
[/TR]
[TR]
[TH]421[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]422[/TH]
[TD] if( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )[/TD]
[/TR]
[TR]
[TH]423[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]424[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x) for provider %02x%02x%02x",ecm88Data[nanoLen-1], curnumber_ecm, ecm88Data[2], ecm88Data[3], ecm88Data[4]);[/TD]
[/TR]
[TR]
[TH]425[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]426[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x)",ecm88Data[nanoLen-1], curnumber_ecm);[/TD]
[/TR]
[TR]
[TH]427[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]428[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]429[/TH]
[TD] continue; //loop to next ecm[/TD]
[/TR]
[TR]
[TH]430[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]431[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]432[/TH]
[TD] else { // long ecm but we don't have an ecm number so we have to try them all.[/TD]
[/TR]
[TR]
[TH]433[/TH]
[TD] keynr=ecm88Data[5];[/TD]
[/TR]
[TR]
[TH]434[/TH]
[TD] rdr_debug_mask(reader, D_READER, "keyToUse = %02x",ecm88Data[5]);[/TD]
[/TR]
[TR]
[TH]435[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]436[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]437[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]438[/TH]
[TD] memcpy (ident, &ecm88Data[2], sizeof(ident));[/TD]
[/TR]
[TR]
[TH]439[/TH]
[TD] provid = b2i(3, ident);[/TD]
[/TR]
[TR]
[TH]440[/TH]
[TD] ident[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]441[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]442[/TH]
[TD] if(hasD2 && reader->aes_list) {[/TD]
[/TR]
[TR]
[TH]443[/TH]
[TD] // check that we have the AES key to decode the CW[/TD]
[/TR]
[TR]
[TH]444[/TH]
[TD] // if not there is no need to send the ecm to the card[/TD]
[/TR]
[TR]
[TH]445[/TH]
[TD] if(!aes_present(reader->aes_list, 0x500, (uint32_t) (provid & 0xFFFFF0) , D2KeyID))[/TD]
[/TR]
[TR]
[TH]446[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]447[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]448[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]449[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]450[/TH]
[TD] if (!chk_prov(reader, ident, keynr))[/TD]
[/TR]
[TR]
[TH]451[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]452[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: provider or key not found on card");[/TD]
[/TR]
[TR]
[TH]453[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "provider(%02x%02x%02x) or key(%d) not found on card", ident[0],ident[1],ident[2], keynr );[/TD]
[/TR]
[TR]
[TH]454[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]455[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]456[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]457[/TH]
[TD] ecm88Data+=nanoLen;[/TD]
[/TR]
[TR]
[TH]458[/TH]
[TD] ecm88Len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]459[/TH]
[TD] curEcm88len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]460[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]461[/TH]
[TD] // DE04[/TD]
[/TR]
[TR]
[TH]462[/TH]
[TD] if (ecm88Data[0]==0xDE && ecm88Data[1]==0x04)[/TD]
[/TR]
[TR]
[TH]463[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]464[/TH]
[TD] memcpy (DE04, &ecm88Data[0], 6);[/TD]
[/TR]
[TR]
[TH]465[/TH]
[TD] ecm88Data+=6;[/TD]
[/TR]
[TR]
[TH]466[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]467[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]468[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]469[/TH]
[TD] if( reader->last_geo.provid != provid )[/TD]
[/TR]
[TR]
[TH]470[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]471[/TH]
[TD] reader->last_geo.provid = provid;[/TD]
[/TR]
[TR]
[TH]472[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]473[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]474[/TH]
[TD] write_cmd(insa4, ident); // set provider[/TD]
[/TR]
[TR]
[TH]475[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]476[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]477[/TH]
[TD] //Nano D2 0x0b Pre AES decrypt CW[/TD]
[/TR]
[TR]
[TH]478[/TH]
[TD] if ( hasD2 && nanoD2 == 1)[/TD]
[/TR]
[TR]
[TH]479[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]480[/TH]
[TD] uchar *ecm88DataCW = ecm88Data;[/TD]
[/TR]
[TR]
[TH]481[/TH]
[TD] int32_t cwStart = 0;[/TD]
[/TR]
[TR]
[TH]482[/TH]
[TD] //int32_t cwStartRes = 0;[/TD]
[/TR]
[TR]
[TH]483[/TH]
[TD] int32_t exit = 0;[/TD]
[/TR]
[TR]
[TH]484[/TH]
[TD] // find CW start[/TD]
[/TR]
[TR]
[TH]485[/TH]
[TD] while(cwStart < curEcm88len -1 && !exit)[/TD]
[/TR]
[TR]
[TH]486[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]487[/TH]
[TD] if(ecm88Data[cwStart] == 0xEA && ecm88Data[cwStart+1] == 0x10)[/TD]
[/TR]
[TR]
[TH]488[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]489[/TH]
[TD] ecm88DataCW = ecm88DataCW + cwStart + 2;[/TD]
[/TR]
[TR]
[TH]490[/TH]
[TD] exit = 1;[/TD]
[/TR]
[TR]
[TH]491[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]492[/TH]
[TD] cwStart++;[/TD]
[/TR]
[TR]
[TH]493[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]494[/TH]
[TD] // use AES from list to decrypt CW[/TD]
[/TR]
[TR]
[TH]495[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));[/TD]
[/TR]
[TR]
[TH]496[/TH]
[TD] if (aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID, &ecm88DataCW[0], 16) == 0)[/TD]
[/TR]
[TR]
[TH]497[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );[/TD]
[/TR]
[TR]
[TH]498[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]499[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]500[/TH]
[TD] while(ecm88Len>1 && ecm88Data[0]<0xA0)[/TD]
[/TR]
[TR]
[TH]501[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]502[/TH]
[TD] int32_t nanoLen=ecm88Data[1]+2;[/TD]
[/TR]
[TR]
[TH]503[/TH]
[TD] if (!ecmf8Data)[/TD]
[/TR]
[TR]
[TH]504[/TH]
[TD] ecmf8Data=(uchar *)ecm88Data;[/TD]
[/TR]
[TR]
[TH]505[/TH]
[TD] ecmf8Len+=nanoLen;[/TD]
[/TR]
[TR]
[TH]506[/TH]
[TD] ecm88Len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]507[/TH]
[TD] curEcm88len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]508[/TH]
[TD] ecm88Data+=nanoLen;[/TD]
[/TR]
[TR]
[TH]509[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]510[/TH]
[TD] if(ecmf8Len)[/TD]
[/TR]
[TR]
[TH]511[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]512[/TH]
[TD] if( reader->last_geo.geo_len!=ecmf8Len ||[/TD]
[/TR]
[TR]
[TH]513[/TH]
[TD] memcmp(reader->last_geo.geo, ecmf8Data, reader->last_geo.geo_len))[/TD]
[/TR]
[TR]
[TH]514[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]515[/TH]
[TD] memcpy(reader->last_geo.geo, ecmf8Data, ecmf8Len);[/TD]
[/TR]
[TR]
[TH]516[/TH]
[TD] reader->last_geo.geo_len= ecmf8Len;[/TD]
[/TR]
[TR]
[TH]517[/TH]
[TD] insf8[3]=keynr;[/TD]
[/TR]
[TR]
[TH]518[/TH]
[TD] insf8[4]=ecmf8Len;[/TD]
[/TR]
[TR]
[TH]519[/TH]
[TD] write_cmd(insf8, ecmf8Data);[/TD]
[/TR]
[TR]
[TH]520[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]521[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]522[/TH]
[TD] ins88[2]=ecmf8Len?1:0;[/TD]
[/TR]
[TR]
[TH]523[/TH]
[TD] ins88[3]=keynr;[/TD]
[/TR]
[TR]
[TH]524[/TH]
[TD] ins88[4]= curEcm88len;[/TD]
[/TR]
[TR]
[TH]525[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]526[/TH]
[TD] // we should check the nano to make sure the ecm is valid[/TD]
[/TR]
[TR]
[TH]527[/TH]
[TD] // we should look for at least 1 E3 nano, 1 EA nano and the F0 signature nano[/TD]
[/TR]
[TR]
[TH]528[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]529[/TH]
[TD] // DE04[/TD]
[/TR]
[TR]
[TH]530[/TH]
[TD] if (DE04[0]==0xDE)[/TD]
[/TR]
[TR]
[TH]531[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]532[/TH]
[TD] uint32_t l = curEcm88len-6;[/TD]
[/TR]
[TR]
[TH]533[/TH]
[TD] if (l > 256 || curEcm88len <= 6) { //don't known if this is ok...[/TD]
[/TR]
[TR]
[TH]534[/TH]
[TD] rdr_log(reader, "ecm invalid/too long! len=%d", curEcm88len);[/TD]
[/TR]
[TR]
[TH]535[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]536[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]537[/TH]
[TD] memcpy(DE04+6, (uchar *)ecm88Data, l);[/TD]
[/TR]
[TR]
[TH]538[/TH]
[TD] write_cmd(ins88, DE04); // request dcw[/TD]
[/TR]
[TR]
[TH]539[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]540[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]541[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]542[/TH]
[TD] write_cmd(ins88, (uchar *)ecm88Data); // request dcw[/TD]
[/TR]
[TR]
[TH]543[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]544[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]545[/TH]
[TD] write_cmd(insc0, NULL); // read dcw[/TD]
[/TR]
[TR]
[TH]546[/TH]
[TD] switch(cta_res[0])[/TD]
[/TR]
[TR]
[TH]547[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]548[/TH]
[TD] case 0xe8: // even[/TD]
[/TR]
[TR]
[TH]549[/TH]
[TD] if(cta_res[1]==8) { memcpy(ea->cw,cta_res+2,8); rc=1; }[/TD]
[/TR]
[TR]
[TH]550[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]551[/TH]
[TD] case 0xe9: // odd[/TD]
[/TR]
[TR]
[TH]552[/TH]
[TD] if(cta_res[1]==8) { memcpy(ea->cw+8,cta_res+2,8); rc=1; }[/TD]
[/TR]
[TR]
[TH]553[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]554[/TH]
[TD] case 0xea: // complete[/TD]
[/TR]
[TR]
[TH]555[/TH]
[TD] if(cta_res[1]==16) { memcpy(ea->cw,cta_res+2,16); rc=1; }[/TD]
[/TR]
[TR]
[TH]556[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]557[/TH]
[TD] default :[/TD]
[/TR]
[TR]
[TH]558[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]559[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]560[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: key to use is not the current one, trying next ECM");[/TD]
[/TR]
[TR]
[TH]561[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "key to use is not the current one, trying next ECM" );[/TD]
[/TR]
[TR]
[TH]562[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]563[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]564[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]565[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]566[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]567[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: Unknown ECM type");[/TD]
[/TR]
[TR]
[TH]568[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "Unknown ECM type" );[/TD]
[/TR]
[TR]
[TH]569[/TH]
[TD] return ERROR; /*Lets interupt the loop and exit, because we don't know this ECM type.*/[/TD]
[/TR]
[TR]
[TH]570[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]571[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]572[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]573[/TH]
[TD] if ( hasD2 && !dcw_crc(ea->cw) && nanoD2 == 2) {[/TD]
[/TR]
[TR]
[TH]574[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));[/TD]
[/TR]
[TR]
[TH]575[/TH]
[TD] rc=aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID,ea->cw, 16);[/TD]
[/TR]
[TR]
[TH]576[/TH]
[TD] if( rc == 0 )[/TD]
[/TR]
[TR]
[TH]577[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );[/TD]
[/TR]
[TR]
[TH]578[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]579[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]580[/TH]
[TD] return(rc?OK:ERROR);[/TD]
[/TR]
[TR]
[TH]581[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]582[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]583[/TH]
[TD]static int32_t viaccess_get_emm_type(EMM_PACKET *ep, struct s_reader * rdr)[/TD]
[/TR]
[TR]
[TH]584[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]585[/TH]
[TD] uint32_t provid=0;[/TD]
[/TR]
[TR]
[TH]586[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "Entered viaccess_get_emm_type ep->emm[0]=%02x",ep->emm[0]);[/TD]
[/TR]
[TR]
[TH]587[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]588[/TH]
[TD] if (ep->emm[3] == 0x90 && ep->emm[4] == 0x03) {[/TD]
[/TR]
[TR]
[TH]589[/TH]
[TD] provid = ep->emm[5] << 16 | ep->emm[6] << 8 | (ep->emm[7] & 0xFE);[/TD]
[/TR]
[TR]
[TH]590[/TH]
[TD] i2b_buf(4, provid, ep->provid);[/TD]
[/TR]
[TR]
[TH]591[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]592[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]593[/TH]
[TD] switch (ep->emm[0]) {[/TD]
[/TR]
[TR]
[TH]594[/TH]
[TD]case 0x88:[/TD]
[/TR]
[TR]
[TH]595[/TH]
[TD] ep->type=UNIQUE;[/TD]
[/TR]
[TR]
[TH]596[/TH]
[TD] memset(ep->hexserial, 0, 8);[/TD]
[/TR]
[TR]
[TH]597[/TH]
[TD] memcpy(ep->hexserial, ep->emm + 4, 4);[/TD]
[/TR]
[TR]
[TH]598[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "UNIQUE");[/TD]
[/TR]
[TR]
[TH]599[/TH]
[TD] return(!memcmp(rdr->hexserial + 1, ep->hexserial, 4));[/TD]
[/TR]
[TR]
[TH]600[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]601[/TH]
[TD]case 0x8A:[/TD]
[/TR]
[TR]
[TH]602[/TH]
[TD]case 0x8B:[/TD]
[/TR]
[TR]
[TH]603[/TH]
[TD] ep->type=GLOBAL;[/TD]
[/TR]
[TR]
[TH]604[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "GLOBAL");[/TD]
[/TR]
[TR]
[TH]605[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]606[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]607[/TH]
[TD]case 0x8C:[/TD]
[/TR]
[TR]
[TH]608[/TH]
[TD]case 0x8D:[/TD]
[/TR]
[TR]
[TH]609[/TH]
[TD] ep->type=SHARED;[/TD]
[/TR]
[TR]
[TH]610[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "SHARED (part)");[/TD]
[/TR]
[TR]
[TH]611[/TH]
[TD] return FALSE;[/TD]
[/TR]
[TR]
[TH]612[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]613[/TH]
[TD]case 0x8E:[/TD]
[/TR]
[TR]
[TH]614[/TH]
[TD] ep->type=SHARED;[/TD]
[/TR]
[TR]
[TH]615[/TH]
[TD] memset(ep->hexserial, 0, 8);[/TD]
[/TR]
[TR]
[TH]616[/TH]
[TD] memcpy(ep->hexserial, ep->emm + 3, 3);[/TD]
[/TR]
[TR]
[TH]617[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "SHARED");[/TD]
[/TR]
[TR]
[TH]618[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]619[/TH]
[TD] //check for provider as serial (cccam only?)[/TD]
[/TR]
[TR]
[TH]620[/TH]
[TD] int8_t i;[/TD]
[/TR]
[TR]
[TH]621[/TH]
[TD] for (i=0;i<rdr->nprov;i++) {[/TD]
[/TR]
[TR]
[TH]622[/TH]
[TD] if (!memcmp(&rdr->prid[1], ep->hexserial, 3))[/TD]
[/TR]
[TR]
[TH]623[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]624[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]625[/TH]
[TD] return(!memcmp(&rdr->sa[0][0], ep->hexserial, 3));[/TD]
[/TR]
[TR]
[TH]626[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]627[/TH]
[TD]default:[/TD]
[/TR]
[TR]
[TH]628[/TH]
[TD] ep->type = UNKNOWN;[/TD]
[/TR]
[TR]
[TH]629[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "UNKNOWN");[/TD]
[/TR]
[TR]
[TH]630[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]631[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]632[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]633[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]634[/TH]
[TD]static void viaccess_get_emm_filter(struct s_reader * rdr, uchar *filter)[/TD]
[/TR]
[TR]
[TH]635[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]636[/TH]
[TD] int32_t idx = 2;[/TD]
[/TR]
[TR]
[TH]637[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]638[/TH]
[TD] filter[0]=0xFF;[/TD]
[/TR]
[TR]
[TH]639[/TH]
[TD] filter[1]=0;[/TD]
[/TR]
[TR]
[TH]640[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]641[/TH]
[TD] filter[idx++]=EMM_GLOBAL;[/TD]
[/TR]
[TR]
[TH]642[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]643[/TH]
[TD] filter[idx+0] = 0x8D;[/TD]
[/TR]
[TR]
[TH]644[/TH]
[TD] filter[idx+0+16] = 0xFE;[/TD]
[/TR]
[TR]
[TH]645[/TH]
[TD] //filter[idx+6] = 0xA0; // FIXME: dummy, flood client with EMM's[/TD]
[/TR]
[TR]
[TH]646[/TH]
[TD] //filter[idx+6+16] = 0xF0;[/TD]
[/TR]
[TR]
[TH]647[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]648[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]649[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]650[/TH]
[TD] filter[idx++]=EMM_SHARED;[/TD]
[/TR]
[TR]
[TH]651[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]652[/TH]
[TD] filter[idx+0] = 0x8E;[/TD]
[/TR]
[TR]
[TH]653[/TH]
[TD] filter[idx+0+16] = 0xFF;[/TD]
[/TR]
[TR]
[TH]654[/TH]
[TD] memcpy(filter+idx+1, &rdr->sa[0][0], 3);[/TD]
[/TR]
[TR]
[TH]655[/TH]
[TD] memset(filter+idx+1+16, 0xFF, 3);[/TD]
[/TR]
[TR]
[TH]656[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]657[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]658[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]659[/TH]
[TD] filter[idx++]=EMM_UNIQUE;[/TD]
[/TR]
[TR]
[TH]660[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]661[/TH]
[TD] filter[idx+0] = 0x88;[/TD]
[/TR]
[TR]
[TH]662[/TH]
[TD] filter[idx+0+16] = 0xFF;[/TD]
[/TR]
[TR]
[TH]663[/TH]
[TD] memcpy(filter+idx+1, rdr->hexserial + 1, 4);[/TD]
[/TR]
[TR]
[TH]664[/TH]
[TD] memset(filter+idx+1+16, 0xFF, 4);[/TD]
[/TR]
[TR]
[TH]665[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]666[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]667[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]668[/TH]
[TD] return;[/TD]
[/TR]
[TR]
[TH]669[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]670[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]671[/TH]
[TD]static int32_t viaccess_do_emm(struct s_reader * reader, EMM_PACKET *ep)[/TD]
[/TR]
[TR]
[TH]672[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]673[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]674[/TH]
[TD] static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id[/TD]
[/TR]
[TR]
[TH]675[/TH]
[TD] unsigned char insf0[] = { 0xca,0xf0,0x00,0x01,0x22 }; // set adf[/TD]
[/TR]
[TR]
[TH]676[/TH]
[TD] unsigned char insf4[] = { 0xca,0xf4,0x00,0x01,0x00 }; // set adf, encrypted[/TD]
[/TR]
[TR]
[TH]677[/TH]
[TD] unsigned char ins18[] = { 0xca,0x18,0x01,0x01,0x00 }; // set subscription[/TD]
[/TR]
[TR]
[TH]678[/TH]
[TD] unsigned char ins1c[] = { 0xca,0x1c,0x01,0x01,0x00 }; // set subscription, encrypted[/TD]
[/TR]
[TR]
[TH]679[/TH]
[TD] static const unsigned char insc8[] = { 0xca,0xc8,0x00,0x00,0x02 }; // read extended status[/TD]
[/TR]
[TR]
[TH]680[/TH]
[TD] // static const unsigned char insc8Data[] = { 0x00,0x00 }; // data for read extended status[/TD]
[/TR]
[TR]
[TH]681[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]682[/TH]
[TD] int32_t emmdatastart=7;[/TD]
[/TR]
[TR]
[TH]683[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]684[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]685[/TH]
[TD] if (ep->type == UNIQUE) emmdatastart++;[/TD]
[/TR]
[TR]
[TH]686[/TH]
[TD] int32_t emmLen=SCT_LEN(ep->emm)-emmdatastart;[/TD]
[/TR]
[TR]
[TH]687[/TH]
[TD] int32_t rc=0;[/TD]
[/TR]
[TR]
[TH]688[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]689[/TH]
[TD] ///cs_dump(ep->emm, emmLen+emmdatastart, "RECEIVED EMM VIACCESS");[/TD]
[/TR]
[TR]
[TH]690[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]691[/TH]
[TD] int32_t emmUpToEnd;[/TD]
[/TR]
[TR]
[TH]692[/TH]
[TD] uchar *emmParsed = ep->emm+emmdatastart;[/TD]
[/TR]
[TR]
[TH]693[/TH]
[TD] int32_t provider_ok = 0;[/TD]
[/TR]
[TR]
[TH]694[/TH]
[TD] uint32_t emm_provid;[/TD]
[/TR]
[TR]
[TH]695[/TH]
[TD] uchar keynr = 0;[/TD]
[/TR]
[TR]
[TH]696[/TH]
[TD] int32_t ins18Len = 0;[/TD]
[/TR]
[TR]
[TH]697[/TH]
[TD] uchar ins18Data[512];[/TD]
[/TR]
[TR]
[TH]698[/TH]
[TD] uchar insData[512];[/TD]
[/TR]
[TR]
[TH]699[/TH]
[TD] uchar *nano81Data = 0;[/TD]
[/TR]
[TR]
[TH]700[/TH]
[TD] uchar *nano91Data = 0;[/TD]
[/TR]
[TR]
[TH]701[/TH]
[TD] uchar *nano92Data = 0;[/TD]
[/TR]
[TR]
[TH]702[/TH]
[TD] uchar *nano9EData = 0;[/TD]
[/TR]
[TR]
[TH]703[/TH]
[TD] uchar *nanoF0Data = 0;[/TD]
[/TR]
[TR]
[TH]704[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]705[/TH]
[TD] for (emmUpToEnd=emmLen; (emmParsed[1] != 0) && (emmUpToEnd > 0); emmUpToEnd -= (2 + emmParsed[1]), emmParsed += (2 + emmParsed[1])) {[/TD]
[/TR]
[TR]
[TH]706[/TH]
[TD] ///cs_dump (emmParsed, emmParsed[1] + 2, "NANO");[/TD]
[/TR]
[TR]
[TH]707[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]708[/TH]
[TD] if (emmParsed[0]==0x90 && emmParsed[1]==0x03) {[/TD]
[/TR]
[TR]
[TH]709[/TH]
[TD] /* identification of the service operator */[/TD]
[/TR]
[TR]
[TH]710[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]711[/TH]
[TD] uchar soid[3], ident[3], i;[/TD]
[/TR]
[TR]
[TH]712[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]713[/TH]
[TD] for (i=0; i<3; i++) {[/TD]
[/TR]
[TR]
[TH]714[/TH]
[TD] soid=ident=emmParsed[2+i];[/TD]
[/TR]
[TR]
[TH]715[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]716[/TH]
[TD] ident[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]717[/TH]
[TD] emm_provid=b2i(3, ident);[/TD]
[/TR]
[TR]
[TH]718[/TH]
[TD] keynr=soid[2]&0x0F;[/TD]
[/TR]
[TR]
[TH]719[/TH]
[TD] if (chk_prov(reader, ident, keynr)) {[/TD]
[/TR]
[TR]
[TH]720[/TH]
[TD] provider_ok = 1;[/TD]
[/TR]
[TR]
[TH]721[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]722[/TH]
[TD] rdr_log(reader, "EMM: provider or key not found on card (%x, %x)", emm_provid, keynr);[/TD]
[/TR]
[TR]
[TH]723[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]724[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]725[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]726[/TH]
[TD] // check if the provider changes. If yes, set the new one. If not, don't .. card will return an error if we do.[/TD]
[/TR]
[TR]
[TH]727[/TH]
[TD] if( reader->last_geo.provid != emm_provid ) {[/TD]
[/TR]
[TR]
[TH]728[/TH]
[TD] write_cmd(insa4, ident);[/TD]
[/TR]
[TR]
[TH]729[/TH]
[TD] if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]730[/TH]
[TD] cs_dump(insa4, 5, "set provider cmd:");[/TD]
[/TR]
[TR]
[TH]731[/TH]
[TD] cs_dump(soid, 3, "set provider data:");[/TD]
[/TR]
[TR]
[TH]732[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]733[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]734[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]735[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]736[/TH]
[TD] // as we are maybe changing the used provider, clear the cache, so the next ecm will re-select the correct one[/TD]
[/TR]
[TR]
[TH]737[/TH]
[TD] reader->last_geo.provid = 0;[/TD]
[/TR]
[TR]
[TH]738[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]739[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]740[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]741[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]742[/TH]
[TD] else if (emmParsed[0]==0x9e && emmParsed[1]==0x20) {[/TD]
[/TR]
[TR]
[TH]743[/TH]
[TD] /* adf */[/TD]
[/TR]
[TR]
[TH]744[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]745[/TH]
[TD] if (!nano91Data) {[/TD]
[/TR]
[TR]
[TH]746[/TH]
[TD] /* adf is not crypted, so test it */[/TD]
[/TR]
[TR]
[TH]747[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]748[/TH]
[TD] uchar custwp;[/TD]
[/TR]
[TR]
[TH]749[/TH]
[TD] uchar *afd;[/TD]
[/TR]
[TR]
[TH]750[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]751[/TH]
[TD] custwp=reader->sa[0][3];[/TD]
[/TR]
[TR]
[TH]752[/TH]
[TD] afd=(uchar*)emmParsed+2;[/TD]
[/TR]
[TR]
[TH]753[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]754[/TH]
[TD] if( afd[31-custwp/8] & (1 << (custwp & 7)) )[/TD]
[/TR]
[TR]
[TH]755[/TH]
[TD] rdr_debug_mask(reader, D_READER, "emm for our card %08X", b2i(4, &reader->sa[0][0]));[/TD]
[/TR]
[TR]
[TH]756[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]757[/TH]
[TD] return SKIPPED;[/TD]
[/TR]
[TR]
[TH]758[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]759[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]760[/TH]
[TD] // memorize[/TD]
[/TR]
[TR]
[TH]761[/TH]
[TD] nano9EData = emmParsed;[/TD]
[/TR]
[TR]
[TH]762[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]763[/TH]
[TD] } else if (emmParsed[0]==0x81) {[/TD]
[/TR]
[TR]
[TH]764[/TH]
[TD] nano81Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]765[/TH]
[TD] } else if (emmParsed[0]==0x91 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]766[/TH]
[TD] nano91Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]767[/TH]
[TD] } else if (emmParsed[0]==0x92 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]768[/TH]
[TD] nano92Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]769[/TH]
[TD] } else if (emmParsed[0]==0xF0 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]770[/TH]
[TD] nanoF0Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]771[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]772[/TH]
[TD] /* other nanos */[/TD]
[/TR]
[TR]
[TH]773[/TH]
[TD] show_subs(reader, emmParsed);[/TD]
[/TR]
[TR]
[TH]774[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]775[/TH]
[TD] memcpy(ins18Data+ins18Len, emmParsed, emmParsed[1] + 2);[/TD]
[/TR]
[TR]
[TH]776[/TH]
[TD] ins18Len += emmParsed [1] + 2;[/TD]
[/TR]
[TR]
[TH]777[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]778[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]779[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]780[/TH]
[TD] if (!provider_ok) {[/TD]
[/TR]
[TR]
[TH]781[/TH]
[TD] rdr_debug_mask(reader, D_READER, "provider not found in emm, continue anyway");[/TD]
[/TR]
[TR]
[TH]782[/TH]
[TD] // force key to 1...[/TD]
[/TR]
[TR]
[TH]783[/TH]
[TD] keynr = 1;[/TD]
[/TR]
[TR]
[TH]784[/TH]
[TD] ///return ERROR;[/TD]
[/TR]
[TR]
[TH]785[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]786[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]787[/TH]
[TD] if (!nanoF0Data) {[/TD]
[/TR]
[TR]
[TH]788[/TH]
[TD] cs_dump(ep->emm, ep->l, "can't find 0xf0 in emm...");[/TD]
[/TR]
[TR]
[TH]789[/TH]
[TD] return ERROR; // error[/TD]
[/TR]
[TR]
[TH]790[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]791[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]792[/TH]
[TD] if (nano9EData) {[/TD]
[/TR]
[TR]
[TH]793[/TH]
[TD] if (!nano91Data) {[/TD]
[/TR]
[TR]
[TH]794[/TH]
[TD] // set adf[/TD]
[/TR]
[TR]
[TH]795[/TH]
[TD] insf0[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]796[/TH]
[TD] insf0[4] = nano9EData[1] + 2;[/TD]
[/TR]
[TR]
[TH]797[/TH]
[TD] write_cmd(insf0, nano9EData);[/TD]
[/TR]
[TR]
[TH]798[/TH]
[TD] if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]799[/TH]
[TD] cs_dump(insf0, 5, "set adf cmd:");[/TD]
[/TR]
[TR]
[TH]800[/TH]
[TD] cs_dump(nano9EData, insf0[4] , "set adf data:");[/TD]
[/TR]
[TR]
[TH]801[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]802[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]803[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]804[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]805[/TH]
[TD] // set adf crypte[/TD]
[/TR]
[TR]
[TH]806[/TH]
[TD] insf4[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]807[/TH]
[TD] insf4[4] = nano91Data[1] + 2 + nano9EData[1] + 2;[/TD]
[/TR]
[TR]
[TH]808[/TH]
[TD] memcpy (insData, nano91Data, nano91Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]809[/TH]
[TD] memcpy (insData + nano91Data[1] + 2, nano9EData, nano9EData[1] + 2);[/TD]
[/TR]
[TR]
[TH]810[/TH]
[TD] write_cmd(insf4, insData);[/TD]
[/TR]
[TR]
[TH]811[/TH]
[TD] if(( cta_res[cta_lr-2]!=0x90 && cta_res[cta_lr-2]!=0x91) || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]812[/TH]
[TD] cs_dump(insf4, 5, "set adf encrypted cmd:");[/TD]
[/TR]
[TR]
[TH]813[/TH]
[TD] cs_dump(insData, insf4[4], "set adf encrypted data:");[/TD]
[/TR]
[TR]
[TH]814[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]815[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]816[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]817[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]818[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]819[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]820[/TH]
[TD] if (!nano92Data) {[/TD]
[/TR]
[TR]
[TH]821[/TH]
[TD] // send subscription[/TD]
[/TR]
[TR]
[TH]822[/TH]
[TD] ins18[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?[/TD]
[/TR]
[TR]
[TH]823[/TH]
[TD] ins18[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]824[/TH]
[TD] ins18[4] = ins18Len + nanoF0Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]825[/TH]
[TD] memcpy (insData, ins18Data, ins18Len);[/TD]
[/TR]
[TR]
[TH]826[/TH]
[TD] memcpy (insData + ins18Len, nanoF0Data, nanoF0Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]827[/TH]
[TD] write_cmd(ins18, insData);[/TD]
[/TR]
[TR]
[TH]828[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 || cta_res[cta_lr-2]==0x91) && cta_res[cta_lr-1]==0x00 ) {[/TD]
[/TR]
[TR]
[TH]829[/TH]
[TD] rdr_debug_mask(reader, D_READER, "update successfully written");[/TD]
[/TR]
[TR]
[TH]830[/TH]
[TD] rc=1; // written[/TD]
[/TR]
[TR]
[TH]831[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]832[/TH]
[TD] cs_dump(ins18, 5, "set subscription cmd:");[/TD]
[/TR]
[TR]
[TH]833[/TH]
[TD] cs_dump(insData, ins18[4], "set subscription data:");[/TD]
[/TR]
[TR]
[TH]834[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]835[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]836[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]837[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]838[/TH]
[TD] // send subscription encrypted[/TD]
[/TR]
[TR]
[TH]839[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]840[/TH]
[TD] if (!nano81Data) {[/TD]
[/TR]
[TR]
[TH]841[/TH]
[TD] cs_dump(ep->emm, ep->l, "0x92 found, but can't find 0x81 in emm...");[/TD]
[/TR]
[TR]
[TH]842[/TH]
[TD] return ERROR; // error[/TD]
[/TR]
[TR]
[TH]843[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]844[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]845[/TH]
[TD] ins1c[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?[/TD]
[/TR]
[TR]
[TH]846[/TH]
[TD] if (ep->type == UNIQUE) ins1c[2] = 0x02;[/TD]
[/TR]
[TR]
[TH]847[/TH]
[TD] ins1c[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]848[/TH]
[TD] ins1c[4] = nano92Data[1] + 2 + nano81Data[1] + 2 + nanoF0Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]849[/TH]
[TD] memcpy (insData, nano92Data, nano92Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]850[/TH]
[TD] memcpy (insData + nano92Data[1] + 2, nano81Data, nano81Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]851[/TH]
[TD] memcpy (insData + nano92Data[1] + 2 + nano81Data[1] + 2, nanoF0Data, nanoF0Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]852[/TH]
[TD] write_cmd(ins1c, insData);[/TD]
[/TR]
[TR]
[TH]853[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]854[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {[/TD]
[/TR]
[TR]
[TH]855[/TH]
[TD] rdr_log(reader, "update successfully written");[/TD]
[/TR]
[TR]
[TH]856[/TH]
[TD] rc=1; // written[/TD]
[/TR]
[TR]
[TH]857[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]858[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]859[/TH]
[TD] if( cta_res[cta_lr-2]&0x1 )[/TD]
[/TR]
[TR]
[TH]860[/TH]
[TD] rdr_log(reader, "update not written. Data already exists or unknown address");[/TD]
[/TR]
[TR]
[TH]861[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]862[/TH]
[TD] //if( cta_res[cta_lr-2]&0x8 ) {[/TD]
[/TR]
[TR]
[TH]863[/TH]
[TD] write_cmd(insc8, NULL);[/TD]
[/TR]
[TR]
[TH]864[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {[/TD]
[/TR]
[TR]
[TH]865[/TH]
[TD] rdr_log(reader, "extended status %02X %02X", cta_res[0], cta_res[1]);[/TD]
[/TR]
[TR]
[TH]866[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]867[/TH]
[TD] //}[/TD]
[/TR]
[TR]
[TH]868[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]869[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]870[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]871[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]872[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]873[/TH]
[TD] /*[/TD]
[/TR]
[TR]
[TH]874[/TH]
[TD] Sub Main()[/TD]
[/TR]
[TR]
[TH]875[/TH]
[TD] Sc.Write("CA A4 04 00 03")[/TD]
[/TR]
[TR]
[TH]876[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]877[/TH]
[TD] Sc.Write("02 07 11")[/TD]
[/TR]
[TR]
[TH]878[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]879[/TH]
[TD] Sc.Write("CA F0 00 01 22")[/TD]
[/TR]
[TR]
[TH]880[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]881[/TH]
[TD] Sc.Write("9E 20")[/TD]
[/TR]
[TR]
[TH]882[/TH]
[TD] Sc.Write("10 10 08 8A 80 00 04 00 10 10 26 E8 54 80 1E 80")[/TD]
[/TR]
[TR]
[TH]883[/TH]
[TD] Sc.Write("00 01 00 00 00 00 00 50 00 00 80 02 22 00 08 50")[/TD]
[/TR]
[TR]
[TH]884[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]885[/TH]
[TD] Sc.Write("CA 18 01 01 11")[/TD]
[/TR]
[TR]
[TH]886[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]887[/TH]
[TD] Sc.Write("A9 05 34 DE 34 FF 80")[/TD]
[/TR]
[TR]
[TH]888[/TH]
[TD] Sc.Write("F0 08 1A 3E AF B5 2B EE E3 3B")[/TD]
[/TR]
[TR]
[TH]889[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]890[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]891[/TH]
[TD] End Sub[/TD]
[/TR]
[TR]
[TH]892[/TH]
[TD] */[/TD]
[/TR]
[TR]
[TH]893[/TH]
[TD] return rc;[/TD]
[/TR]
[TR]
[TH]894[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]895[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]896[/TH]
[TD]static int32_t viaccess_card_info(struct s_reader * reader)[/TD]
[/TR]
[TR]
[TH]897[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]898[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]899[/TH]
[TD] int32_t i, l;[/TD]
[/TR]
[TR]
[TH]900[/TH]
[TD] uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data[/TD]
[/TR]
[TR]
[TH]901[/TH]
[TD] uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data[/TD]
[/TR]
[TR]
[TH]902[/TH]
[TD] uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer[/TD]
[/TR]
[TR]
[TH]903[/TH]
[TD] uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item[/TD]
[/TR]
[TR]
[TH]904[/TH]
[TD] static const uchar ins24[] = { 0xca, 0x24, 0x00, 0x00, 0x09 }; // set pin[/TD]
[/TR]
[TR]
[TH]905[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]906[/TH]
[TD] static const uchar cls[] = { 0x00, 0x21, 0xff, 0x9f};[/TD]
[/TR]
[TR]
[TH]907[/TH]
[TD] static const uchar pin[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04};[/TD]
[/TR]
[TR]
[TH]908[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]909[/TH]
[TD] reader->last_geo.provid = 0;[/TD]
[/TR]
[TR]
[TH]910[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]911[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]912[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]913[/TH]
[TD] rdr_log(reader, "card detected");[/TD]
[/TR]
[TR]
[TH]914[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]915[/TH]
[TD] cs_clear_entitlement(reader); //reset the entitlements[/TD]
[/TR]
[TR]
[TH]916[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]917[/TH]
[TD] // set pin[/TD]
[/TR]
[TR]
[TH]918[/TH]
[TD] write_cmd(ins24, pin);[/TD]
[/TR]
[TR]
[TH]919[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]920[/TH]
[TD] insac[2]=0xa4; write_cmd(insac, NULL); // request unique id[/TD]
[/TR]
[TR]
[TH]921[/TH]
[TD] insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id[/TD]
[/TR]
[TR]
[TH]922[/TH]
[TD] rdr_log_sensitive(reader, "serial: {%llu}", (unsigned long long) b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]923[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]924[/TH]
[TD] insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0[/TD]
[/TR]
[TR]
[TH]925[/TH]
[TD] for (i=1; (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0); i++)[/TD]
[/TR]
[TR]
[TH]926[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]927[/TH]
[TD] uint32_t l_provid, l_sa;[/TD]
[/TR]
[TR]
[TH]928[/TH]
[TD] uchar l_name[64];[/TD]
[/TR]
[TR]
[TH]929[/TH]
[TD] insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties[/TD]
[/TR]
[TR]
[TH]930[/TH]
[TD] cta_res[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]931[/TH]
[TD] l_provid=b2i(3, cta_res);[/TD]
[/TR]
[TR]
[TH]932[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]933[/TH]
[TD] insac[2]=0xa5; write_cmd(insac, NULL); // request sa[/TD]
[/TR]
[TR]
[TH]934[/TH]
[TD] insb8[4]=0x06; write_cmd(insb8, NULL); // read sa[/TD]
[/TR]
[TR]
[TH]935[/TH]
[TD] l_sa=b2i(4, cta_res+2);[/TD]
[/TR]
[TR]
[TH]936[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]937[/TH]
[TD] insac[2]=0xa7; write_cmd(insac, NULL); // request name[/TD]
[/TR]
[TR]
[TH]938[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len[/TD]
[/TR]
[TR]
[TH]939[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]940[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read name[/TD]
[/TR]
[TR]
[TH]941[/TH]
[TD] cta_res[l]=0;[/TD]
[/TR]
[TR]
[TH]942[/TH]
[TD] trim((char *)cta_res);[/TD]
[/TR]
[TR]
[TH]943[/TH]
[TD] if (cta_res[0])[/TD]
[/TR]
[TR]
[TH]944[/TH]
[TD] snprintf((char *)l_name, sizeof(l_name), ", name: %s", cta_res);[/TD]
[/TR]
[TR]
[TH]945[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]946[/TH]
[TD] l_name[0]=0;[/TD]
[/TR]
[TR]
[TH]947[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]948[/TH]
[TD] // read GEO[/TD]
[/TR]
[TR]
[TH]949[/TH]
[TD] insac[2]=0xa6; write_cmd(insac, NULL); // request GEO[/TD]
[/TR]
[TR]
[TH]950[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read GEO nano + len[/TD]
[/TR]
[TR]
[TH]951[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]952[/TH]
[TD] char tmp[l*3+1];[/TD]
[/TR]
[TR]
[TH]953[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read geo[/TD]
[/TR]
[TR]
[TH]954[/TH]
[TD] rdr_log_sensitive(reader, "provider: %d, id: {%06X%s}, sa: {%08X}, geo: %s",[/TD]
[/TR]
[TR]
[TH]955[/TH]
[TD] i, l_provid, l_name, l_sa, (l<4) ? "empty" : cs_hexdump(1, cta_res, l, tmp, sizeof(tmp)));[/TD]
[/TR]
[TR]
[TH]956[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]957[/TH]
[TD] // read classes subscription[/TD]
[/TR]
[TR]
[TH]958[/TH]
[TD] insac[2]=0xa9; insac[4]=4;[/TD]
[/TR]
[TR]
[TH]959[/TH]
[TD] write_cmd(insac, cls); // request class subs[/TD]
[/TR]
[TR]
[TH]960[/TH]
[TD] while( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]961[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]962[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read class subs nano + len[/TD]
[/TR]
[TR]
[TH]963[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]964[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]965[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]966[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read class subs[/TD]
[/TR]
[TR]
[TH]967[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90) &&[/TD]
[/TR]
[TR]
[TH]968[/TH]
[TD] (cta_res[cta_lr-1]==0x00 || cta_res[cta_lr-1]==0x08) )[/TD]
[/TR]
[TR]
[TH]969[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]970[/TH]
[TD] show_class(reader, NULL, l_provid, cta_res, cta_lr-2);[/TD]
[/TR]
[TR]
[TH]971[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]972[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]973[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]974[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]975[/TH]
[TD] insac[4]=0;[/TD]
[/TR]
[TR]
[TH]976[/TH]
[TD] insa4[2]=0x02;[/TD]
[/TR]
[TR]
[TH]977[/TH]
[TD] write_cmd(insa4, NULL); // select next provider[/TD]
[/TR]
[TR]
[TH]978[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]979[/TH]
[TD] //return ERROR;[/TD]
[/TR]
[TR]
[TH]980[/TH]
[TD] return OK;[/TD]
[/TR]
[TR]
[TH]981[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]982[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]983[/TH]
[TD]#ifdef HAVE_DVBAPI[/TD]
[/TR]
[TR]
[TH]984[/TH]
[TD]void dvbapi_sort_nanos(unsigned char *dest, const unsigned char *src, int32_t len);[/TD]
[/TR]
[TR]
[TH]985[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]986[/TH]
[TD]int32_t viaccess_reassemble_emm(uchar *buffer, uint32_t *len) {[/TD]
[/TR]
[TR]
[TH]987[/TH]
[TD] static uchar emm_global[512];[/TD]
[/TR]
[TR]
[TH]988[/TH]
[TD] static int32_t emm_global_len = 0;[/TD]
[/TR]
[TR]
[TH]989[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]990[/TH]
[TD] int32_t pos=0, i;[/TD]
[/TR]
[TR]
[TH]991[/TH]
[TD] uint32_t k;[/TD]
[/TR]
[TR]
[TH]992[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]993[/TH]
[TD] // Viaccess[/TD]
[/TR]
[TR]
[TH]994[/TH]
[TD] if (*len>500) return 0;[/TD]
[/TR]
[TR]
[TH]995[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]996[/TH]
[TD] switch(buffer[0]) {[/TD]
[/TR]
[TR]
[TH]997[/TH]
[TD] case 0x8c:[/TD]
[/TR]
[TR]
[TH]998[/TH]
[TD] case 0x8d:[/TD]
[/TR]
[TR]
[TH]999[/TH]
[TD] // emm-s part 1[/TD]
[/TR]
[TR]
[TH]1000[/TH]
[TD] if (!memcmp(emm_global, buffer, *len))[/TD]
[/TR]
[TR]
[TH]1001[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]1002[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1003[/TH]
[TD] // copy first part of the emm-s[/TD]
[/TR]
[TR]
[TH]1004[/TH]
[TD] memcpy(emm_global, buffer, *len);[/TD]
[/TR]
[TR]
[TH]1005[/TH]
[TD] emm_global_len=*len;[/TD]
[/TR]
[TR]
[TH]1006[/TH]
[TD] //cs_ddump_mask(D_READER, buffer, len, "viaccess global emm:");[/TD]
[/TR]
[TR]
[TH]1007[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]1008[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1009[/TH]
[TD] case 0x8e:[/TD]
[/TR]
[TR]
[TH]1010[/TH]
[TD] // emm-s part 2[/TD]
[/TR]
[TR]
[TH]1011[/TH]
[TD] if (!emm_global_len) return 0;[/TD]
[/TR]
[TR]
[TH]1012[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1013[/TH]
[TD] //extract nanos from emm-gh and emm-s[/TD]
[/TR]
[TR]
[TH]1014[/TH]
[TD] uchar emmbuf[512];[/TD]
[/TR]
[TR]
[TH]1015[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1016[/TH]
[TD] cs_debug_mask(D_DVBAPI, "[viaccess] %s: start extracting nanos", __func__);[/TD]
[/TR]
[TR]
[TH]1017[/TH]
[TD] //extract from emm-gh[/TD]
[/TR]
[TR]
[TH]1018[/TH]
[TD] for (i=3; i<emm_global_len; i+=emm_global[i+1]+2) {[/TD]
[/TR]
[TR]
[TH]1019[/TH]
[TD] //copy nano (length determined by i+1)[/TD]
[/TR]
[TR]
[TH]1020[/TH]
[TD] memcpy(emmbuf+pos, emm_global+i, emm_global[i+1]+2);[/TD]
[/TR]
[TR]
[TH]1021[/TH]
[TD] pos+=emm_global[i+1]+2;[/TD]
[/TR]
[TR]
[TH]1022[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1023[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1024[/TH]
[TD] if (buffer[2]==0x2c) {[/TD]
[/TR]
[TR]
[TH]1025[/TH]
[TD] //add 9E 20 nano + first 32 bytes of emm content[/TD]
[/TR]
[TR]
[TH]1026[/TH]
[TD] memcpy(emmbuf+pos, "\x9E\x20", 2);[/TD]
[/TR]
[TR]
[TH]1027[/TH]
[TD] memcpy(emmbuf+pos+2, buffer+7, 32);[/TD]
[/TR]
[TR]
[TH]1028[/TH]
[TD] pos+=34;[/TD]
[/TR]
[TR]
[TH]1029[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1030[/TH]
[TD] //add F0 08 nano + 8 subsequent bytes of emm content[/TD]
[/TR]
[TR]
[TH]1031[/TH]
[TD] memcpy(emmbuf+pos, "\xF0\x08", 2);[/TD]
[/TR]
[TR]
[TH]1032[/TH]
[TD] memcpy(emmbuf+pos+2, buffer+39, 8);[/TD]
[/TR]
[TR]
[TH]1033[/TH]
[TD] pos+=10;[/TD]
[/TR]
[TR]
[TH]1034[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]1035[/TH]
[TD] //extract from variable emm-s[/TD]
[/TR]
[TR]
[TH]1036[/TH]
[TD] for (k=7; k<(*len); k+=buffer[k+1]+2) {[/TD]
[/TR]
[TR]
[TH]1037[/TH]
[TD] //copy nano (length determined by k+1)[/TD]
[/TR]
[TR]
[TH]1038[/TH]
[TD] memcpy(emmbuf+pos, buffer+k, buffer[k+1]+2);[/TD]
[/TR]
[TR]
[TH]1039[/TH]
[TD] pos+=buffer[k+1]+2;[/TD]
[/TR]
[TR]
[TH]1040[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1041[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1042[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1043[/TH]
[TD] cs_ddump_mask(D_DVBAPI, buffer, *len, "[viaccess] %s: %s emm-s", __func__, (buffer[2]==0x2c) ? "fixed" : "variable");[/TD]
[/TR]
[TR]
[TH]1044[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1045[/TH]
[TD] dvbapi_sort_nanos(buffer+7, emmbuf, pos);[/TD]
[/TR]
[TR]
[TH]1046[/TH]
[TD] pos+=7;[/TD]
[/TR]
[TR]
[TH]1047[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1048[/TH]
[TD] //calculate emm length and set it on position 2[/TD]
[/TR]
[TR]
[TH]1049[/TH]
[TD] buffer[2]=pos-3;[/TD]
[/TR]
[TR]
[TH]1050[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1051[/TH]
[TD] cs_ddump_mask(D_DVBAPI, emm_global, emm_global_len, "[viaccess] %s: emm-gh", __func__);[/TD]
[/TR]
[TR]
[TH]1052[/TH]
[TD] cs_ddump_mask(D_DVBAPI, buffer, pos, "[viaccess] %s: assembled emm", __func__);[/TD]
[/TR]
[TR]
[TH]1053[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1054[/TH]
[TD] *len=pos;[/TD]
[/TR]
[TR]
[TH]1055[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]1056[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1057[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]1058[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]1059[/TH]
[TD]#endif[/TD]
[/TR]
[TR]
[TH]1060[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1061[/TH]
[TD]void reader_viaccess(struct s_cardsystem *ph)[/TD]
[/TR]
[TR]
[TH]1062[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]1063[/TH]
[TD] ph->do_emm=viaccess_do_emm;[/TD]
[/TR]
[TR]
[TH]1064[/TH]
[TD] ph->do_ecm=viaccess_do_ecm;[/TD]
[/TR]
[TR]
[TH]1065[/TH]
[TD] ph->card_info=viaccess_card_info;[/TD]
[/TR]
[TR]
[TH]1066[/TH]
[TD] ph->card_init=viaccess_card_init;[/TD]
[/TR]
[TR]
[TH]1067[/TH]
[TD] ph->get_emm_type=viaccess_get_emm_type;[/TD]
[/TR]
[TR]
[TH]1068[/TH]
[TD] ph->get_emm_filter=viaccess_get_emm_filter;[/TD]
[/TR]
[TR]
[TH]1069[/TH]
[TD] ph->caids[0]=0x05;[/TD]
[/TR]
[TR]
[TH]1070[/TH]
[TD] ph->desc="viaccess";[/TD]
[/TR]
[TR]
[TH]1071[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]1072[/TH]
[TD]#endif[/TD]
[/TR]
| #include "globals.h" | |
| 2 | #ifdef READER_VIACCESS |
|---|---|
| 3 | #include "reader-common.h" |
| 4 | |
| 5 | struct via_date { |
| 6 | uint16_t day_s : 5; |
| 7 | uint16_t month_s : 4; |
| 8 | uint16_t year_s : 7; |
| 9 | |
| 10 | uint16_t day_e : 5; |
| 11 | uint16_t month_e : 4; |
| 12 | uint16_t year_e : 7; |
| 13 | }; |
| 14 | |
| 15 | static void parse_via_date(const uchar *buf, struct via_date *vd, int32_t fend) |
| 16 | { |
| 17 | uint16_t date; |
| 18 | |
| 19 | date = (buf[0]<<8) | buf[1]; |
| 20 | vd->day_s = date & 0x1f; |
| 21 | vd->month_s = (date>>5) & 0x0f; |
| 22 | vd->year_s = (date>>9) & 0x7f; |
| 23 | |
| 24 | if( fend ) |
| 25 | { |
| 26 | date = (buf[2]<<8) | buf[3]; |
| 27 | vd->day_e = date & 0x1f; |
| 28 | vd->month_e = (date>>5) & 0x0f; |
| 29 | vd->year_e = (date>>9) & 0x7f; |
| 30 | } |
| 31 | } |
| 32 | |
| 33 | //static void get_via_data(const uchar *b, int32_t l, time_t *start_t, time_t *end_t, uchar *cls) |
| 34 | //{ |
| 35 | // int32_t i, j; |
| 36 | // struct via_date vd; |
| 37 | // struct tm tm; |
| 38 | // memset(&vd, 0, sizeof(struct via_date)); |
| 39 | // |
| 40 | // // b -> via date (4 bytes) |
| 41 | // b+=4; |
| 42 | // l-=4; |
| 43 | // |
| 44 | // j=l-1; |
| 45 | // for (; j>=0; j--) |
| 46 | // for (i=0; i<8; i++) |
| 47 | // if (b[j] & (1 << (i&7))) |
| 48 | // { |
| 49 | // parse_via_date(b-4, &vd, 1); |
| 50 | // *cls=(l-(j+1))*8+i; |
| 51 | // } |
| 52 | // |
| 53 | // memset(&tm, 0, sizeof(struct tm)); |
| 54 | // tm.tm_year = vd.year_s + 80; //via year starts in 1980, tm_year starts in 1900 |
| 55 | // tm.tm_mon = vd.month_s - 1; // january is 0 in tm_mon |
| 56 | // tm.tm_mday = vd.day_s; |
| 57 | // *start_t = mktime(&tm); |
| 58 | // |
| 59 | // tm.tm_year = vd.year_e + 80; |
| 60 | // tm.tm_mon = vd.month_e - 1; |
| 61 | // tm.tm_mday = vd.day_e; |
| 62 | // *end_t = mktime(&tm); |
| 63 | // |
| 64 | //} |
| 65 | |
| 66 | static void show_class(struct s_reader *reader, const char *p, uint32_t provid, const uchar *b, int32_t l) |
| 67 | { |
| 68 | int32_t i, j; |
| 69 | |
| 70 | // b -> via date (4 bytes) |
| 71 | b+=4; |
| 72 | l-=4; |
| 73 | |
| 74 | j=l-1; |
| 75 | for (; j>=0; j--) |
| 76 | for (i=0; i<8; i++) |
| 77 | if (b[j] & (1 << (i&7))) |
| 78 | { |
| 79 | uchar cls; |
| 80 | struct via_date vd; |
| 81 | parse_via_date(b-4, &vd, 1); |
| 82 | cls=(l-(j+1))*8+i; |
| 83 | if (p) |
| 84 | rdr_log(reader, "%sclass: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", p, cls, |
| 85 | vd.year_s+1980, vd.month_s, vd.day_s, |
| 86 | vd.year_e+1980, vd.month_e, vd.day_e); |
| 87 | else { |
| 88 | rdr_log(reader, "class: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", cls, |
| 89 | vd.year_s+1980, vd.month_s, vd.day_s, |
| 90 | vd.year_e+1980, vd.month_e, vd.day_e); |
| 91 | |
| 92 | time_t start_t, end_t; |
| 93 | struct tm tm; |
| 94 | //convert time: |
| 95 | memset(&tm, 0, sizeof(tm)); |
| 96 | tm.tm_year = vd.year_s+80; //via year starts in 1980, tm_year starts in 1900 |
| 97 | tm.tm_mon = vd.month_s-1; // january is 0 in tm_mon |
| 98 | tm.tm_mday = vd.day_s; |
| 99 | start_t = cs_timegm(&tm); |
| 100 | |
| 101 | tm.tm_year = vd.year_e+80; //via year starts in 1980, tm_year starts in 1900 |
| 102 | tm.tm_mon = vd.month_e-1; // january is 0 in tm_mon |
| 103 | tm.tm_mday = vd.day_e; |
| 104 | end_t = cs_timegm(&tm); |
| 105 | |
| 106 | cs_add_entitlement(reader, reader->caid, provid, cls, cls, start_t, end_t, 5); |
| 107 | } |
| 108 | } |
| 109 | } |
| 110 | |
| 111 | static void show_subs(struct s_reader * reader, const uchar *emm) |
| 112 | { |
| 113 | // emm -> A9, A6, B6 |
| 114 | |
| 115 | switch( emm[0] ) |
| 116 | { |
| 117 | case 0xA9: |
| 118 | show_class(reader, "nano A9: ", 0, emm+2, emm[1]); |
| 119 | break; |
| 120 | /* |
| 121 | { |
| 122 | int32_t i, j, byts; |
| 123 | const uchar *oemm; |
| 124 | |
| 125 | oemm = emm; |
| 126 | byts = emm[1]-4; |
| 127 | emm+=6; |
| 128 | |
| 129 | j=byts-1; |
| 130 | for( ; j>=0; j-- ) |
| 131 | for( i=0; i<8; i++ ) |
| 132 | if( emm[j] & (1 << (i&7)) ) |
| 133 | { |
| 134 | uchar cls; |
| 135 | struct via_date vd; |
| 136 | parse_via_date(emm-4, &vd, 1); |
| 137 | cls=(byts-(j+1))*8+i; |
| 138 | rdr_log(reader, "%sclass %02X: expiry date: %02d/%02d/%04d - %02d/%02d/%04d", |
| 139 | fnano?"nano A9: ":"", cls, |
| 140 | vd.day_s, vd.month_s, vd.year_s+1980, |
| 141 | vd.day_e, vd.month_e, vd.year_e+1980); |
| 142 | } |
| 143 | break; |
| 144 | } |
| 145 | */ |
| 146 | case 0xA6: |
| 147 | { |
| 148 | char szGeo[256]; |
| 149 | |
| 150 | memset(szGeo, 0, 256); |
| 151 | strncpy(szGeo, (char *)emm+2, emm[1]); |
| 152 | rdr_log(reader, "nano A6: geo %s", szGeo); |
| 153 | break; |
| 154 | } |
| 155 | case 0xB6: |
| 156 | { |
| 157 | uchar m; // modexp |
| 158 | struct via_date vd; |
| 159 | |
| 160 | m=emm[emm[1]+1]; |
| 161 | parse_via_date(emm+2, &vd, 0); |
| 162 | rdr_log(reader, "nano B6: modexp %d%d%d%d%d%d: %02d/%02d/%04d", (m&0x20)?1:0, |
| 163 | (m&0x10)?1:0,(m&0x08)?1:0,(m&0x04)?1:0,(m&0x02)?1:0,(m&0x01)?1:0, |
| 164 | vd.day_s, vd.month_s, vd.year_s+1980); |
| 165 | break; |
| 166 | } |
| 167 | } |
| 168 | } |
| 169 | |
| 170 | static int32_t chk_prov(struct s_reader * reader, uchar *id, uchar keynr) |
| 171 | { |
| 172 | int32_t i, j, rc; |
| 173 | for (rc=i=0; (!rc) && (i<reader->nprov); i++) |
| 174 | if(!memcmp(&reader->prid[1], id, 3)) |
[TR]
[TH]175[/TH]
[TD] for (j=0; (!rc) && (j<16); j++)[/TD]
[/TR]
[TR]
[TH]176[/TH]
[TD] if (reader->availkeys[j]==keynr)[/TD]
[/TR]
[TR]
[TH]177[/TH]
[TD] rc=1;[/TD]
[/TR]
[TR]
[TH]178[/TH]
[TD] return(rc);[/TD]
[/TR]
[TR]
[TH]179[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]180[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]181[/TH]
[TD]static int32_t unlock_parental(struct s_reader * reader)[/TD]
[/TR]
[TR]
[TH]182[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]183[/TH]
[TD] /* disabling parental lock. assuming pin "0000" if no pin code is provided in the config */[/TD]
[/TR]
[TR]
[TH]184[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]185[/TH]
[TD] static const uchar inDPL[] = {0xca, 0x24, 0x02, 0x00, 0x09};[/TD]
[/TR]
[TR]
[TH]186[/TH]
[TD] uchar cmDPL[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F};[/TD]
[/TR]
[TR]
[TH]187[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]188[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]189[/TH]
[TD] if (strcmp(reader->pincode, "none")) {[/TD]
[/TR]
[TR]
[TH]190[/TH]
[TD] rdr_log(reader, "Using PIN %s",reader->pincode);[/TD]
[/TR]
[TR]
[TH]191[/TH]
[TD] // the pin need to be coded in bcd, so we need to convert from ascii to bcd, so '1234' -> 0x12 0x34[/TD]
[/TR]
[TR]
[TH]192[/TH]
[TD] cmDPL[6]=((reader->pincode[0]-0x30)<<4) | ((reader->pincode[1]-0x30) & 0x0f);[/TD]
[/TR]
[TR]
[TH]193[/TH]
[TD] cmDPL[7]=((reader->pincode[2]-0x30)<<4) | ((reader->pincode[3]-0x30) & 0x0f);[/TD]
[/TR]
[TR]
[TH]194[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]195[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]196[/TH]
[TD] rdr_log(reader, "Using PIN 0000!");[/TD]
[/TR]
[TR]
[TH]197[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]198[/TH]
[TD] write_cmd(inDPL,cmDPL);[/TD]
[/TR]
[TR]
[TH]199[/TH]
[TD] if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) ) {[/TD]
[/TR]
[TR]
[TH]200[/TH]
[TD] if (strcmp(reader->pincode, "none")) {[/TD]
[/TR]
[TR]
[TH]201[/TH]
[TD] rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used %s!",reader->pincode);[/TD]
[/TR]
[TR]
[TH]202[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]203[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]204[/TH]
[TD] rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used 0000!");[/TD]
[/TR]
[TR]
[TH]205[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]206[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]207[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]208[/TH]
[TD] rdr_log(reader, "Parental lock disabled");[/TD]
[/TR]
[TR]
[TH]209[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]210[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]211[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]212[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]213[/TH]
[TD]static int32_t viaccess_card_init(struct s_reader * reader, ATR *newatr)[/TD]
[/TR]
[TR]
[TH]214[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]215[/TH]
[TD] get_atr;[/TD]
[/TR]
[TR]
[TH]216[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]217[/TH]
[TD] int32_t i;[/TD]
[/TR]
[TR]
[TH]218[/TH]
[TD] uchar buf[256];[/TD]
[/TR]
[TR]
[TH]219[/TH]
[TD] uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data[/TD]
[/TR]
[TR]
[TH]220[/TH]
[TD] uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data[/TD]
[/TR]
[TR]
[TH]221[/TH]
[TD] uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer[/TD]
[/TR]
[TR]
[TH]222[/TH]
[TD] uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item[/TD]
[/TR]
[TR]
[TH]223[/TH]
[TD] static const uchar insFAC[] = { 0x87, 0x02, 0x00, 0x00, 0x03 }; // init FAC[/TD]
[/TR]
[TR]
[TH]224[/TH]
[TD] static const uchar FacDat[] = { 0x00, 0x00, 0x28 };[/TD]
[/TR]
[TR]
[TH]225[/TH]
[TD] static unsigned char ins8702_data[] = { 0x00, 0x00, 0x11};[/TD]
[/TR]
[TR]
[TH]226[/TH]
[TD] static unsigned char ins8704[] = { 0x87, 0x04, 0x00, 0x00, 0x07 };[/TD]
[/TR]
[TR]
[TH]227[/TH]
[TD] static unsigned char ins8706[] = { 0x87, 0x06, 0x00, 0x00, 0x04 };[/TD]
[/TR]
[TR]
[TH]228[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]229[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]230[/TH]
[TD] if ((atr[1]!=0x77) || ((atr[2]!=0x18) && (atr[2]!=0x11) && (atr[2]!=0x19)) || ((atr[9]!=0x68) && (atr[9]!=0x6C)))[/TD]
[/TR]
[TR]
[TH]231[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]232[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]233[/TH]
[TD] write_cmd(insFAC, FacDat);[/TD]
[/TR]
[TR]
[TH]234[/TH]
[TD] if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]235[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]236[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]237[/TH]
[TD] memset(&reader->last_geo, 0, sizeof(reader->last_geo));[/TD]
[/TR]
[TR]
[TH]238[/TH]
[TD] write_cmd(insFAC, ins8702_data);[/TD]
[/TR]
[TR]
[TH]239[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]240[/TH]
[TD] write_cmd(ins8704, NULL);[/TD]
[/TR]
[TR]
[TH]241[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]242[/TH]
[TD] write_cmd(ins8706, NULL);[/TD]
[/TR]
[TR]
[TH]243[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]244[/TH]
[TD] reader->last_geo.number_ecm =(cta_res[2]<<8) | (cta_res[3]);[/TD]
[/TR]
[TR]
[TH]245[/TH]
[TD] rdr_log(reader, "using ecm #%x for long viaccess ecm",reader->last_geo.number_ecm);[/TD]
[/TR]
[TR]
[TH]246[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]247[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]248[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]249[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]250[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]251[/TH]
[TD] // switch((atr[atrsize-4]<<8)|atr[atrsize-3])[/TD]
[/TR]
[TR]
[TH]252[/TH]
[TD] // {[/TD]
[/TR]
[TR]
[TH]253[/TH]
[TD] // case 0x6268: ver="2.3"; break;[/TD]
[/TR]
[TR]
[TH]254[/TH]
[TD] // case 0x6668: ver="2.4(?)"; break;[/TD]
[/TR]
[TR]
[TH]255[/TH]
[TD] // case 0xa268:[/TD]
[/TR]
[TR]
[TH]256[/TH]
[TD] // default: ver="unknown"; break;[/TD]
[/TR]
[TR]
[TH]257[/TH]
[TD] // }[/TD]
[/TR]
[TR]
[TH]258[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]259[/TH]
[TD] reader->caid=0x500;[/TD]
[/TR]
[TR]
[TH]260[/TH]
[TD] memset(reader->prid, 0xff, sizeof(reader->prid));[/TD]
[/TR]
[TR]
[TH]261[/TH]
[TD] insac[2]=0xa4; write_cmd(insac, NULL); // request unique id[/TD]
[/TR]
[TR]
[TH]262[/TH]
[TD] insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id[/TD]
[/TR]
[TR]
[TH]263[/TH]
[TD] memcpy(reader->hexserial, cta_res+2, 5);[/TD]
[/TR]
[TR]
[TH]264[/TH]
[TD] // rdr_log(reader, "[viaccess-reader] type: Viaccess, ver: %s serial: %llu", ver, b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]265[/TH]
[TD] rdr_log_sensitive(reader, "type: Viaccess (%sstandard atr), caid: %04X, serial: {%llu}",[/TD]
[/TR]
[TR]
[TH]266[/TH]
[TD] atr[9]==0x68?"":"non-",reader->caid, (unsigned long long) b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]267[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]268[/TH]
[TD] i=0;[/TD]
[/TR]
[TR]
[TH]269[/TH]
[TD] insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0[/TD]
[/TR]
[TR]
[TH]270[/TH]
[TD] buf[0]=0;[/TD]
[/TR]
[TR]
[TH]271[/TH]
[TD] while((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0))[/TD]
[/TR]
[TR]
[TH]272[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]273[/TH]
[TD] insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties[/TD]
[/TR]
[TR]
[TH]274[/TH]
[TD] cta_res[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]275[/TH]
[TD] reader->prid[0]=0;[/TD]
[/TR]
[TR]
[TH]276[/TH]
[TD] memcpy(&reader->prid[1], cta_res, 3);[/TD]
[/TR]
[TR]
[TH]277[/TH]
[TD] memcpy(&reader->availkeys[0], cta_res+10, 16);[/TD]
[/TR]
[TR]
[TH]278[/TH]
[TD] snprintf((char *)buf+strlen((char *)buf), sizeof(buf)-strlen((char *)buf), ",%06X", b2i(3, &reader->prid[1]));[/TD]
[/TR]
[TR]
[TH]279[/TH]
[TD] //rdr_log(reader, "[viaccess-reader] buf: %s", buf);[/TD]
[/TR]
[TR]
[TH]280[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]281[/TH]
[TD] insac[2]=0xa5; write_cmd(insac, NULL); // request sa[/TD]
[/TR]
[TR]
[TH]282[/TH]
[TD] insb8[4]=0x06; write_cmd(insb8, NULL); // read sa[/TD]
[/TR]
[TR]
[TH]283[/TH]
[TD] memcpy(&reader->sa[0], cta_res+2, 4);[/TD]
[/TR]
[TR]
[TH]284[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]285[/TH]
[TD] /*[/TD]
[/TR]
[TR]
[TH]286[/TH]
[TD] insac[2]=0xa7; write_cmd(insac, NULL); // request name[/TD]
[/TR]
[TR]
[TH]287[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len[/TD]
[/TR]
[TR]
[TH]288[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]289[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read name[/TD]
[/TR]
[TR]
[TH]290[/TH]
[TD] cta_res[l]=0;[/TD]
[/TR]
[TR]
[TH]291[/TH]
[TD] rdr_log(reader, "[viaccess-reader] name: %s", cta_res);[/TD]
[/TR]
[TR]
[TH]292[/TH]
[TD] */[/TD]
[/TR]
[TR]
[TH]293[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]294[/TH]
[TD] insa4[2]=0x02;[/TD]
[/TR]
[TR]
[TH]295[/TH]
[TD] write_cmd(insa4, NULL); // select next issuer[/TD]
[/TR]
[TR]
[TH]296[/TH]
[TD] i++;[/TD]
[/TR]
[TR]
[TH]297[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]298[/TH]
[TD] reader->nprov=i;[/TD]
[/TR]
[TR]
[TH]299[/TH]
[TD] rdr_log(reader, "providers: %d (%s)", reader->nprov, buf+1);[/TD]
[/TR]
[TR]
[TH]300[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]301[/TH]
[TD] if (cfg.ulparent)[/TD]
[/TR]
[TR]
[TH]302[/TH]
[TD] unlock_parental(reader);[/TD]
[/TR]
[TR]
[TH]303[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]304[/TH]
[TD] rdr_log(reader, "ready for requests");[/TD]
[/TR]
[TR]
[TH]305[/TH]
[TD] return OK;[/TD]
[/TR]
[TR]
[TH]306[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]307[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]308[/TH]
[TD]bool dcw_crc(uchar *dw){[/TD]
[/TR]
[TR]
[TH]309[/TH]
[TD] int8_t i;[/TD]
[/TR]
[TR]
[TH]310[/TH]
[TD] for(i=0;i<16;i+=4) if(dw[i+3]!=((dw+dw[i+1]+dw[i+2])& 0xFF))return 0;[/TD]
[/TR]
[TR]
[TH]311[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]312[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]313[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]314[/TH]
[TD]static int32_t viaccess_do_ecm(struct s_reader * reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)[/TD]
[/TR]
[TR]
[TH]315[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]316[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]317[/TH]
[TD] static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id[/TD]
[/TR]
[TR]
[TH]318[/TH]
[TD] unsigned char ins88[] = { 0xca,0x88,0x00,0x00,0x00 }; // set ecm[/TD]
[/TR]
[TR]
[TH]319[/TH]
[TD] unsigned char insf8[] = { 0xca,0xf8,0x00,0x00,0x00 }; // set geographic info[/TD]
[/TR]
[TR]
[TH]320[/TH]
[TD] static const unsigned char insc0[] = { 0xca,0xc0,0x00,0x00,0x12 }; // read dcw[/TD]
[/TR]
[TR]
[TH]321[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]322[/TH]
[TD] // //XXX what is the 4th byte for ??[/TD]
[/TR]
[TR]
[TH]323[/TH]
[TD] int32_t ecm88Len = MIN(MAX_ECM_SIZE-4, SCT_LEN(er->ecm)-4);[/TD]
[/TR]
[TR]
[TH]324[/TH]
[TD] if(ecm88Len < 1){[/TD]
[/TR]
[TR]
[TH]325[/TH]
[TD] rdr_log(reader, "ECM: Size of ECM couldn't be correctly calculated.");[/TD]
[/TR]
[TR]
[TH]326[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]327[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]328[/TH]
[TD] uchar ecmData[ecm88Len];[/TD]
[/TR]
[TR]
[TH]329[/TH]
[TD] memset(ecmData, 0, ecm88Len);[/TD]
[/TR]
[TR]
[TH]330[/TH]
[TD] memcpy(ecmData, er->ecm+4, ecm88Len);[/TD]
[/TR]
[TR]
[TH]331[/TH]
[TD] uchar *ecm88Data = &ecmData[0];[/TD]
[/TR]
[TR]
[TH]332[/TH]
[TD] uint32_t provid=0;[/TD]
[/TR]
[TR]
[TH]333[/TH]
[TD] int32_t rc=0;[/TD]
[/TR]
[TR]
[TH]334[/TH]
[TD] int32_t hasD2 = 0;[/TD]
[/TR]
[TR]
[TH]335[/TH]
[TD] int32_t curEcm88len=0;[/TD]
[/TR]
[TR]
[TH]336[/TH]
[TD] int32_t nanoLen=0;[/TD]
[/TR]
[TR]
[TH]337[/TH]
[TD] uchar *nextEcm;[/TD]
[/TR]
[TR]
[TH]338[/TH]
[TD] uchar DE04[256];[/TD]
[/TR]
[TR]
[TH]339[/TH]
[TD] int32_t D2KeyID=0;[/TD]
[/TR]
[TR]
[TH]340[/TH]
[TD] int32_t curnumber_ecm=0;[/TD]
[/TR]
[TR]
[TH]341[/TH]
[TD] //nanoD2 d2 02 0d 02 -> D2 nano, len 2[/TD]
[/TR]
[TR]
[TH]342[/TH]
[TD] // 0d -> post AES decrypt CW[/TD]
[/TR]
[TR]
[TH]343[/TH]
[TD] // 0b -> pre AES decrypt CW[/TD]
[/TR]
[TR]
[TH]344[/TH]
[TD] int32_t nanoD2 = 0; // 0x0b = 1 0x0d = 2[/TD]
[/TR]
[TR]
[TH]345[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]346[/TH]
[TD] memset(DE04, 0, sizeof(DE04)); //fix dorcel de04 bug[/TD]
[/TR]
[TR]
[TH]347[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]348[/TH]
[TD] nextEcm=ecm88Data;[/TD]
[/TR]
[TR]
[TH]349[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]350[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]351[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]352[/TH]
[TD] while (ecm88Len>0 && !rc) {[/TD]
[/TR]
[TR]
[TH]353[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]354[/TH]
[TD] if(ecm88Data[0] ==0x00 && ecm88Data[1] == 0x00) {[/TD]
[/TR]
[TR]
[TH]355[/TH]
[TD] // nano 0x00 and len 0x00 aren't valid ... something is obviously wrong with this ecm.[/TD]
[/TR]
[TR]
[TH]356[/TH]
[TD] rdr_log(reader, "ECM: Invalid ECM structure. Rejecting");[/TD]
[/TR]
[TR]
[TH]357[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]358[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]359[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]360[/TH]
[TD] // 80 33 nano 80 (ecm) + len (33)[/TD]
[/TR]
[TR]
[TH]361[/TH]
[TD] if(ecm88Data[0]==0x80) { // nano 80, give ecm len[/TD]
[/TR]
[TR]
[TH]362[/TH]
[TD] curEcm88len=ecm88Data[1];[/TD]
[/TR]
[TR]
[TH]363[/TH]
[TD] nextEcm=ecm88Data+curEcm88len+2;[/TD]
[/TR]
[TR]
[TH]364[/TH]
[TD] ecm88Data += 2;[/TD]
[/TR]
[TR]
[TH]365[/TH]
[TD] ecm88Len -= 2;[/TD]
[/TR]
[TR]
[TH]366[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]367[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]368[/TH]
[TD] if(!curEcm88len) { //there was no nano 80 -> simple ecm[/TD]
[/TR]
[TR]
[TH]369[/TH]
[TD] curEcm88len=ecm88Len;[/TD]
[/TR]
[TR]
[TH]370[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]371[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]372[/TH]
[TD] // d2 02 0d 02 -> D2 nano, len 2, select the AES key to be used[/TD]
[/TR]
[TR]
[TH]373[/TH]
[TD] if(ecm88Data[0]==0xd2) {[/TD]
[/TR]
[TR]
[TH]374[/TH]
[TD] // test if need post or pre AES decrypt[/TD]
[/TR]
[TR]
[TH]375[/TH]
[TD] if(ecm88Data[2]==0x0b)[/TD]
[/TR]
[TR]
[TH]376[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]377[/TH]
[TD] nanoD2 = 1;[/TD]
[/TR]
[TR]
[TH]378[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0b");[/TD]
[/TR]
[TR]
[TH]379[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]380[/TH]
[TD] if(ecm88Data[2]==0x0d)[/TD]
[/TR]
[TR]
[TH]381[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]382[/TH]
[TD] nanoD2 = 2;[/TD]
[/TR]
[TR]
[TH]383[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0d");[/TD]
[/TR]
[TR]
[TH]384[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]385[/TH]
[TD] // use the d2 arguments to get the key # to be used[/TD]
[/TR]
[TR]
[TH]386[/TH]
[TD] int32_t len = ecm88Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]387[/TH]
[TD] D2KeyID=ecm88Data[3];[/TD]
[/TR]
[TR]
[TH]388[/TH]
[TD] ecm88Data += len;[/TD]
[/TR]
[TR]
[TH]389[/TH]
[TD] ecm88Len -= len;[/TD]
[/TR]
[TR]
[TH]390[/TH]
[TD] curEcm88len -=len;[/TD]
[/TR]
[TR]
[TH]391[/TH]
[TD] hasD2 = 1;[/TD]
[/TR]
[TR]
[TH]392[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]393[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]394[/TH]
[TD] hasD2 = 0;[/TD]
[/TR]
[TR]
[TH]395[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]396[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]397[/TH]
[TD] // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here[/TD]
[/TR]
[TR]
[TH]398[/TH]
[TD] // 09 -> use key #9[/TD]
[/TR]
[TR]
[TH]399[/TH]
[TD] // 05 67 00[/TD]
[/TR]
[TR]
[TH]400[/TH]
[TD] if ((ecm88Data[0]==0x90 || ecm88Data[0]==0x40) && (ecm88Data[1]==0x03 || ecm88Data[1]==0x07 ) )[/TD]
[/TR]
[TR]
[TH]401[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]402[/TH]
[TD] uchar ident[3], keynr;[/TD]
[/TR]
[TR]
[TH]403[/TH]
[TD] uchar *ecmf8Data=0;[/TD]
[/TR]
[TR]
[TH]404[/TH]
[TD] int32_t ecmf8Len=0;[/TD]
[/TR]
[TR]
[TH]405[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]406[/TH]
[TD] nanoLen=ecm88Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]407[/TH]
[TD] keynr=ecm88Data[4]&0x0F;[/TD]
[/TR]
[TR]
[TH]408[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]409[/TH]
[TD] // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here[/TD]
[/TR]
[TR]
[TH]410[/TH]
[TD] // 09 -> use key #9[/TD]
[/TR]
[TR]
[TH]411[/TH]
[TD] if(nanoLen>5) {[/TD]
[/TR]
[TR]
[TH]412[/TH]
[TD] curnumber_ecm =(ecm88Data[6]<<8) | (ecm88Data[7]);[/TD]
[/TR]
[TR]
[TH]413[/TH]
[TD] rdr_debug_mask(reader, D_READER, "checking if the ecm number (%x) match the card one (%x)",curnumber_ecm,reader->last_geo.number_ecm);[/TD]
[/TR]
[TR]
[TH]414[/TH]
[TD] // if we have an ecm number we check it.[/TD]
[/TR]
[TR]
[TH]415[/TH]
[TD] // we can't assume that if the nano len is 5 or more we have an ecm number[/TD]
[/TR]
[TR]
[TH]416[/TH]
[TD] // as some card don't support this[/TD]
[/TR]
[TR]
[TH]417[/TH]
[TD] if( reader->last_geo.number_ecm > 0 ) {[/TD]
[/TR]
[TR]
[TH]418[/TH]
[TD] if (reader->last_geo.number_ecm == curnumber_ecm && !( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )) {[/TD]
[/TR]
[TR]
[TH]419[/TH]
[TD] keynr=ecm88Data[5];[/TD]
[/TR]
[TR]
[TH]420[/TH]
[TD] rdr_debug_mask(reader, D_READER, "keyToUse = %02x, ECM ending with %02x",ecm88Data[5], ecm88Data[nanoLen-1]);[/TD]
[/TR]
[TR]
[TH]421[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]422[/TH]
[TD] if( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )[/TD]
[/TR]
[TR]
[TH]423[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]424[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x) for provider %02x%02x%02x",ecm88Data[nanoLen-1], curnumber_ecm, ecm88Data[2], ecm88Data[3], ecm88Data[4]);[/TD]
[/TR]
[TR]
[TH]425[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]426[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x)",ecm88Data[nanoLen-1], curnumber_ecm);[/TD]
[/TR]
[TR]
[TH]427[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]428[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]429[/TH]
[TD] continue; //loop to next ecm[/TD]
[/TR]
[TR]
[TH]430[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]431[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]432[/TH]
[TD] else { // long ecm but we don't have an ecm number so we have to try them all.[/TD]
[/TR]
[TR]
[TH]433[/TH]
[TD] keynr=ecm88Data[5];[/TD]
[/TR]
[TR]
[TH]434[/TH]
[TD] rdr_debug_mask(reader, D_READER, "keyToUse = %02x",ecm88Data[5]);[/TD]
[/TR]
[TR]
[TH]435[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]436[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]437[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]438[/TH]
[TD] memcpy (ident, &ecm88Data[2], sizeof(ident));[/TD]
[/TR]
[TR]
[TH]439[/TH]
[TD] provid = b2i(3, ident);[/TD]
[/TR]
[TR]
[TH]440[/TH]
[TD] ident[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]441[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]442[/TH]
[TD] if(hasD2 && reader->aes_list) {[/TD]
[/TR]
[TR]
[TH]443[/TH]
[TD] // check that we have the AES key to decode the CW[/TD]
[/TR]
[TR]
[TH]444[/TH]
[TD] // if not there is no need to send the ecm to the card[/TD]
[/TR]
[TR]
[TH]445[/TH]
[TD] if(!aes_present(reader->aes_list, 0x500, (uint32_t) (provid & 0xFFFFF0) , D2KeyID))[/TD]
[/TR]
[TR]
[TH]446[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]447[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]448[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]449[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]450[/TH]
[TD] if (!chk_prov(reader, ident, keynr))[/TD]
[/TR]
[TR]
[TH]451[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]452[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: provider or key not found on card");[/TD]
[/TR]
[TR]
[TH]453[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "provider(%02x%02x%02x) or key(%d) not found on card", ident[0],ident[1],ident[2], keynr );[/TD]
[/TR]
[TR]
[TH]454[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]455[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]456[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]457[/TH]
[TD] ecm88Data+=nanoLen;[/TD]
[/TR]
[TR]
[TH]458[/TH]
[TD] ecm88Len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]459[/TH]
[TD] curEcm88len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]460[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]461[/TH]
[TD] // DE04[/TD]
[/TR]
[TR]
[TH]462[/TH]
[TD] if (ecm88Data[0]==0xDE && ecm88Data[1]==0x04)[/TD]
[/TR]
[TR]
[TH]463[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]464[/TH]
[TD] memcpy (DE04, &ecm88Data[0], 6);[/TD]
[/TR]
[TR]
[TH]465[/TH]
[TD] ecm88Data+=6;[/TD]
[/TR]
[TR]
[TH]466[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]467[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]468[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]469[/TH]
[TD] if( reader->last_geo.provid != provid )[/TD]
[/TR]
[TR]
[TH]470[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]471[/TH]
[TD] reader->last_geo.provid = provid;[/TD]
[/TR]
[TR]
[TH]472[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]473[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]474[/TH]
[TD] write_cmd(insa4, ident); // set provider[/TD]
[/TR]
[TR]
[TH]475[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]476[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]477[/TH]
[TD] //Nano D2 0x0b Pre AES decrypt CW[/TD]
[/TR]
[TR]
[TH]478[/TH]
[TD] if ( hasD2 && nanoD2 == 1)[/TD]
[/TR]
[TR]
[TH]479[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]480[/TH]
[TD] uchar *ecm88DataCW = ecm88Data;[/TD]
[/TR]
[TR]
[TH]481[/TH]
[TD] int32_t cwStart = 0;[/TD]
[/TR]
[TR]
[TH]482[/TH]
[TD] //int32_t cwStartRes = 0;[/TD]
[/TR]
[TR]
[TH]483[/TH]
[TD] int32_t exit = 0;[/TD]
[/TR]
[TR]
[TH]484[/TH]
[TD] // find CW start[/TD]
[/TR]
[TR]
[TH]485[/TH]
[TD] while(cwStart < curEcm88len -1 && !exit)[/TD]
[/TR]
[TR]
[TH]486[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]487[/TH]
[TD] if(ecm88Data[cwStart] == 0xEA && ecm88Data[cwStart+1] == 0x10)[/TD]
[/TR]
[TR]
[TH]488[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]489[/TH]
[TD] ecm88DataCW = ecm88DataCW + cwStart + 2;[/TD]
[/TR]
[TR]
[TH]490[/TH]
[TD] exit = 1;[/TD]
[/TR]
[TR]
[TH]491[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]492[/TH]
[TD] cwStart++;[/TD]
[/TR]
[TR]
[TH]493[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]494[/TH]
[TD] // use AES from list to decrypt CW[/TD]
[/TR]
[TR]
[TH]495[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));[/TD]
[/TR]
[TR]
[TH]496[/TH]
[TD] if (aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID, &ecm88DataCW[0], 16) == 0)[/TD]
[/TR]
[TR]
[TH]497[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );[/TD]
[/TR]
[TR]
[TH]498[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]499[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]500[/TH]
[TD] while(ecm88Len>1 && ecm88Data[0]<0xA0)[/TD]
[/TR]
[TR]
[TH]501[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]502[/TH]
[TD] int32_t nanoLen=ecm88Data[1]+2;[/TD]
[/TR]
[TR]
[TH]503[/TH]
[TD] if (!ecmf8Data)[/TD]
[/TR]
[TR]
[TH]504[/TH]
[TD] ecmf8Data=(uchar *)ecm88Data;[/TD]
[/TR]
[TR]
[TH]505[/TH]
[TD] ecmf8Len+=nanoLen;[/TD]
[/TR]
[TR]
[TH]506[/TH]
[TD] ecm88Len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]507[/TH]
[TD] curEcm88len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]508[/TH]
[TD] ecm88Data+=nanoLen;[/TD]
[/TR]
[TR]
[TH]509[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]510[/TH]
[TD] if(ecmf8Len)[/TD]
[/TR]
[TR]
[TH]511[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]512[/TH]
[TD] if( reader->last_geo.geo_len!=ecmf8Len ||[/TD]
[/TR]
[TR]
[TH]513[/TH]
[TD] memcmp(reader->last_geo.geo, ecmf8Data, reader->last_geo.geo_len))[/TD]
[/TR]
[TR]
[TH]514[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]515[/TH]
[TD] memcpy(reader->last_geo.geo, ecmf8Data, ecmf8Len);[/TD]
[/TR]
[TR]
[TH]516[/TH]
[TD] reader->last_geo.geo_len= ecmf8Len;[/TD]
[/TR]
[TR]
[TH]517[/TH]
[TD] insf8[3]=keynr;[/TD]
[/TR]
[TR]
[TH]518[/TH]
[TD] insf8[4]=ecmf8Len;[/TD]
[/TR]
[TR]
[TH]519[/TH]
[TD] write_cmd(insf8, ecmf8Data);[/TD]
[/TR]
[TR]
[TH]520[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]521[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]522[/TH]
[TD] ins88[2]=ecmf8Len?1:0;[/TD]
[/TR]
[TR]
[TH]523[/TH]
[TD] ins88[3]=keynr;[/TD]
[/TR]
[TR]
[TH]524[/TH]
[TD] ins88[4]= curEcm88len;[/TD]
[/TR]
[TR]
[TH]525[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]526[/TH]
[TD] // we should check the nano to make sure the ecm is valid[/TD]
[/TR]
[TR]
[TH]527[/TH]
[TD] // we should look for at least 1 E3 nano, 1 EA nano and the F0 signature nano[/TD]
[/TR]
[TR]
[TH]528[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]529[/TH]
[TD] // DE04[/TD]
[/TR]
[TR]
[TH]530[/TH]
[TD] if (DE04[0]==0xDE)[/TD]
[/TR]
[TR]
[TH]531[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]532[/TH]
[TD] uint32_t l = curEcm88len-6;[/TD]
[/TR]
[TR]
[TH]533[/TH]
[TD] if (l > 256 || curEcm88len <= 6) { //don't known if this is ok...[/TD]
[/TR]
[TR]
[TH]534[/TH]
[TD] rdr_log(reader, "ecm invalid/too long! len=%d", curEcm88len);[/TD]
[/TR]
[TR]
[TH]535[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]536[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]537[/TH]
[TD] memcpy(DE04+6, (uchar *)ecm88Data, l);[/TD]
[/TR]
[TR]
[TH]538[/TH]
[TD] write_cmd(ins88, DE04); // request dcw[/TD]
[/TR]
[TR]
[TH]539[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]540[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]541[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]542[/TH]
[TD] write_cmd(ins88, (uchar *)ecm88Data); // request dcw[/TD]
[/TR]
[TR]
[TH]543[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]544[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]545[/TH]
[TD] write_cmd(insc0, NULL); // read dcw[/TD]
[/TR]
[TR]
[TH]546[/TH]
[TD] switch(cta_res[0])[/TD]
[/TR]
[TR]
[TH]547[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]548[/TH]
[TD] case 0xe8: // even[/TD]
[/TR]
[TR]
[TH]549[/TH]
[TD] if(cta_res[1]==8) { memcpy(ea->cw,cta_res+2,8); rc=1; }[/TD]
[/TR]
[TR]
[TH]550[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]551[/TH]
[TD] case 0xe9: // odd[/TD]
[/TR]
[TR]
[TH]552[/TH]
[TD] if(cta_res[1]==8) { memcpy(ea->cw+8,cta_res+2,8); rc=1; }[/TD]
[/TR]
[TR]
[TH]553[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]554[/TH]
[TD] case 0xea: // complete[/TD]
[/TR]
[TR]
[TH]555[/TH]
[TD] if(cta_res[1]==16) { memcpy(ea->cw,cta_res+2,16); rc=1; }[/TD]
[/TR]
[TR]
[TH]556[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]557[/TH]
[TD] default :[/TD]
[/TR]
[TR]
[TH]558[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]559[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]560[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: key to use is not the current one, trying next ECM");[/TD]
[/TR]
[TR]
[TH]561[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "key to use is not the current one, trying next ECM" );[/TD]
[/TR]
[TR]
[TH]562[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]563[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]564[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]565[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]566[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]567[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: Unknown ECM type");[/TD]
[/TR]
[TR]
[TH]568[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "Unknown ECM type" );[/TD]
[/TR]
[TR]
[TH]569[/TH]
[TD] return ERROR; /*Lets interupt the loop and exit, because we don't know this ECM type.*/[/TD]
[/TR]
[TR]
[TH]570[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]571[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]572[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]573[/TH]
[TD] if ( hasD2 && !dcw_crc(ea->cw) && nanoD2 == 2) {[/TD]
[/TR]
[TR]
[TH]574[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));[/TD]
[/TR]
[TR]
[TH]575[/TH]
[TD] rc=aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID,ea->cw, 16);[/TD]
[/TR]
[TR]
[TH]576[/TH]
[TD] if( rc == 0 )[/TD]
[/TR]
[TR]
[TH]577[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );[/TD]
[/TR]
[TR]
[TH]578[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]579[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]580[/TH]
[TD] return(rc?OK:ERROR);[/TD]
[/TR]
[TR]
[TH]581[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]582[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]583[/TH]
[TD]static int32_t viaccess_get_emm_type(EMM_PACKET *ep, struct s_reader * rdr)[/TD]
[/TR]
[TR]
[TH]584[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]585[/TH]
[TD] uint32_t provid=0;[/TD]
[/TR]
[TR]
[TH]586[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "Entered viaccess_get_emm_type ep->emm[0]=%02x",ep->emm[0]);[/TD]
[/TR]
[TR]
[TH]587[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]588[/TH]
[TD] if (ep->emm[3] == 0x90 && ep->emm[4] == 0x03) {[/TD]
[/TR]
[TR]
[TH]589[/TH]
[TD] provid = ep->emm[5] << 16 | ep->emm[6] << 8 | (ep->emm[7] & 0xFE);[/TD]
[/TR]
[TR]
[TH]590[/TH]
[TD] i2b_buf(4, provid, ep->provid);[/TD]
[/TR]
[TR]
[TH]591[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]592[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]593[/TH]
[TD] switch (ep->emm[0]) {[/TD]
[/TR]
[TR]
[TH]594[/TH]
[TD]case 0x88:[/TD]
[/TR]
[TR]
[TH]595[/TH]
[TD] ep->type=UNIQUE;[/TD]
[/TR]
[TR]
[TH]596[/TH]
[TD] memset(ep->hexserial, 0, 8);[/TD]
[/TR]
[TR]
[TH]597[/TH]
[TD] memcpy(ep->hexserial, ep->emm + 4, 4);[/TD]
[/TR]
[TR]
[TH]598[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "UNIQUE");[/TD]
[/TR]
[TR]
[TH]599[/TH]
[TD] return(!memcmp(rdr->hexserial + 1, ep->hexserial, 4));[/TD]
[/TR]
[TR]
[TH]600[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]601[/TH]
[TD]case 0x8A:[/TD]
[/TR]
[TR]
[TH]602[/TH]
[TD]case 0x8B:[/TD]
[/TR]
[TR]
[TH]603[/TH]
[TD] ep->type=GLOBAL;[/TD]
[/TR]
[TR]
[TH]604[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "GLOBAL");[/TD]
[/TR]
[TR]
[TH]605[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]606[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]607[/TH]
[TD]case 0x8C:[/TD]
[/TR]
[TR]
[TH]608[/TH]
[TD]case 0x8D:[/TD]
[/TR]
[TR]
[TH]609[/TH]
[TD] ep->type=SHARED;[/TD]
[/TR]
[TR]
[TH]610[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "SHARED (part)");[/TD]
[/TR]
[TR]
[TH]611[/TH]
[TD] return FALSE;[/TD]
[/TR]
[TR]
[TH]612[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]613[/TH]
[TD]case 0x8E:[/TD]
[/TR]
[TR]
[TH]614[/TH]
[TD] ep->type=SHARED;[/TD]
[/TR]
[TR]
[TH]615[/TH]
[TD] memset(ep->hexserial, 0, 8);[/TD]
[/TR]
[TR]
[TH]616[/TH]
[TD] memcpy(ep->hexserial, ep->emm + 3, 3);[/TD]
[/TR]
[TR]
[TH]617[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "SHARED");[/TD]
[/TR]
[TR]
[TH]618[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]619[/TH]
[TD] //check for provider as serial (cccam only?)[/TD]
[/TR]
[TR]
[TH]620[/TH]
[TD] int8_t i;[/TD]
[/TR]
[TR]
[TH]621[/TH]
[TD] for (i=0;i<rdr->nprov;i++) {[/TD]
[/TR]
[TR]
[TH]622[/TH]
[TD] if (!memcmp(&rdr->prid[1], ep->hexserial, 3))[/TD]
[/TR]
[TR]
[TH]623[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]624[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]625[/TH]
[TD] return(!memcmp(&rdr->sa[0][0], ep->hexserial, 3));[/TD]
[/TR]
[TR]
[TH]626[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]627[/TH]
[TD]default:[/TD]
[/TR]
[TR]
[TH]628[/TH]
[TD] ep->type = UNKNOWN;[/TD]
[/TR]
[TR]
[TH]629[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "UNKNOWN");[/TD]
[/TR]
[TR]
[TH]630[/TH]
[TD] return TRUE;[/TD]
[/TR]
[TR]
[TH]631[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]632[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]633[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]634[/TH]
[TD]static void viaccess_get_emm_filter(struct s_reader * rdr, uchar *filter)[/TD]
[/TR]
[TR]
[TH]635[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]636[/TH]
[TD] int32_t idx = 2;[/TD]
[/TR]
[TR]
[TH]637[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]638[/TH]
[TD] filter[0]=0xFF;[/TD]
[/TR]
[TR]
[TH]639[/TH]
[TD] filter[1]=0;[/TD]
[/TR]
[TR]
[TH]640[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]641[/TH]
[TD] filter[idx++]=EMM_GLOBAL;[/TD]
[/TR]
[TR]
[TH]642[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]643[/TH]
[TD] filter[idx+0] = 0x8D;[/TD]
[/TR]
[TR]
[TH]644[/TH]
[TD] filter[idx+0+16] = 0xFE;[/TD]
[/TR]
[TR]
[TH]645[/TH]
[TD] //filter[idx+6] = 0xA0; // FIXME: dummy, flood client with EMM's[/TD]
[/TR]
[TR]
[TH]646[/TH]
[TD] //filter[idx+6+16] = 0xF0;[/TD]
[/TR]
[TR]
[TH]647[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]648[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]649[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]650[/TH]
[TD] filter[idx++]=EMM_SHARED;[/TD]
[/TR]
[TR]
[TH]651[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]652[/TH]
[TD] filter[idx+0] = 0x8E;[/TD]
[/TR]
[TR]
[TH]653[/TH]
[TD] filter[idx+0+16] = 0xFF;[/TD]
[/TR]
[TR]
[TH]654[/TH]
[TD] memcpy(filter+idx+1, &rdr->sa[0][0], 3);[/TD]
[/TR]
[TR]
[TH]655[/TH]
[TD] memset(filter+idx+1+16, 0xFF, 3);[/TD]
[/TR]
[TR]
[TH]656[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]657[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]658[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]659[/TH]
[TD] filter[idx++]=EMM_UNIQUE;[/TD]
[/TR]
[TR]
[TH]660[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]661[/TH]
[TD] filter[idx+0] = 0x88;[/TD]
[/TR]
[TR]
[TH]662[/TH]
[TD] filter[idx+0+16] = 0xFF;[/TD]
[/TR]
[TR]
[TH]663[/TH]
[TD] memcpy(filter+idx+1, rdr->hexserial + 1, 4);[/TD]
[/TR]
[TR]
[TH]664[/TH]
[TD] memset(filter+idx+1+16, 0xFF, 4);[/TD]
[/TR]
[TR]
[TH]665[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]666[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]667[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]668[/TH]
[TD] return;[/TD]
[/TR]
[TR]
[TH]669[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]670[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]671[/TH]
[TD]static int32_t viaccess_do_emm(struct s_reader * reader, EMM_PACKET *ep)[/TD]
[/TR]
[TR]
[TH]672[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]673[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]674[/TH]
[TD] static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id[/TD]
[/TR]
[TR]
[TH]675[/TH]
[TD] unsigned char insf0[] = { 0xca,0xf0,0x00,0x01,0x22 }; // set adf[/TD]
[/TR]
[TR]
[TH]676[/TH]
[TD] unsigned char insf4[] = { 0xca,0xf4,0x00,0x01,0x00 }; // set adf, encrypted[/TD]
[/TR]
[TR]
[TH]677[/TH]
[TD] unsigned char ins18[] = { 0xca,0x18,0x01,0x01,0x00 }; // set subscription[/TD]
[/TR]
[TR]
[TH]678[/TH]
[TD] unsigned char ins1c[] = { 0xca,0x1c,0x01,0x01,0x00 }; // set subscription, encrypted[/TD]
[/TR]
[TR]
[TH]679[/TH]
[TD] static const unsigned char insc8[] = { 0xca,0xc8,0x00,0x00,0x02 }; // read extended status[/TD]
[/TR]
[TR]
[TH]680[/TH]
[TD] // static const unsigned char insc8Data[] = { 0x00,0x00 }; // data for read extended status[/TD]
[/TR]
[TR]
[TH]681[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]682[/TH]
[TD] int32_t emmdatastart=7;[/TD]
[/TR]
[TR]
[TH]683[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]684[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]685[/TH]
[TD] if (ep->type == UNIQUE) emmdatastart++;[/TD]
[/TR]
[TR]
[TH]686[/TH]
[TD] int32_t emmLen=SCT_LEN(ep->emm)-emmdatastart;[/TD]
[/TR]
[TR]
[TH]687[/TH]
[TD] int32_t rc=0;[/TD]
[/TR]
[TR]
[TH]688[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]689[/TH]
[TD] ///cs_dump(ep->emm, emmLen+emmdatastart, "RECEIVED EMM VIACCESS");[/TD]
[/TR]
[TR]
[TH]690[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]691[/TH]
[TD] int32_t emmUpToEnd;[/TD]
[/TR]
[TR]
[TH]692[/TH]
[TD] uchar *emmParsed = ep->emm+emmdatastart;[/TD]
[/TR]
[TR]
[TH]693[/TH]
[TD] int32_t provider_ok = 0;[/TD]
[/TR]
[TR]
[TH]694[/TH]
[TD] uint32_t emm_provid;[/TD]
[/TR]
[TR]
[TH]695[/TH]
[TD] uchar keynr = 0;[/TD]
[/TR]
[TR]
[TH]696[/TH]
[TD] int32_t ins18Len = 0;[/TD]
[/TR]
[TR]
[TH]697[/TH]
[TD] uchar ins18Data[512];[/TD]
[/TR]
[TR]
[TH]698[/TH]
[TD] uchar insData[512];[/TD]
[/TR]
[TR]
[TH]699[/TH]
[TD] uchar *nano81Data = 0;[/TD]
[/TR]
[TR]
[TH]700[/TH]
[TD] uchar *nano91Data = 0;[/TD]
[/TR]
[TR]
[TH]701[/TH]
[TD] uchar *nano92Data = 0;[/TD]
[/TR]
[TR]
[TH]702[/TH]
[TD] uchar *nano9EData = 0;[/TD]
[/TR]
[TR]
[TH]703[/TH]
[TD] uchar *nanoF0Data = 0;[/TD]
[/TR]
[TR]
[TH]704[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]705[/TH]
[TD] for (emmUpToEnd=emmLen; (emmParsed[1] != 0) && (emmUpToEnd > 0); emmUpToEnd -= (2 + emmParsed[1]), emmParsed += (2 + emmParsed[1])) {[/TD]
[/TR]
[TR]
[TH]706[/TH]
[TD] ///cs_dump (emmParsed, emmParsed[1] + 2, "NANO");[/TD]
[/TR]
[TR]
[TH]707[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]708[/TH]
[TD] if (emmParsed[0]==0x90 && emmParsed[1]==0x03) {[/TD]
[/TR]
[TR]
[TH]709[/TH]
[TD] /* identification of the service operator */[/TD]
[/TR]
[TR]
[TH]710[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]711[/TH]
[TD] uchar soid[3], ident[3], i;[/TD]
[/TR]
[TR]
[TH]712[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]713[/TH]
[TD] for (i=0; i<3; i++) {[/TD]
[/TR]
[TR]
[TH]714[/TH]
[TD] soid=ident=emmParsed[2+i];[/TD]
[/TR]
[TR]
[TH]715[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]716[/TH]
[TD] ident[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]717[/TH]
[TD] emm_provid=b2i(3, ident);[/TD]
[/TR]
[TR]
[TH]718[/TH]
[TD] keynr=soid[2]&0x0F;[/TD]
[/TR]
[TR]
[TH]719[/TH]
[TD] if (chk_prov(reader, ident, keynr)) {[/TD]
[/TR]
[TR]
[TH]720[/TH]
[TD] provider_ok = 1;[/TD]
[/TR]
[TR]
[TH]721[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]722[/TH]
[TD] rdr_log(reader, "EMM: provider or key not found on card (%x, %x)", emm_provid, keynr);[/TD]
[/TR]
[TR]
[TH]723[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]724[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]725[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]726[/TH]
[TD] // check if the provider changes. If yes, set the new one. If not, don't .. card will return an error if we do.[/TD]
[/TR]
[TR]
[TH]727[/TH]
[TD] if( reader->last_geo.provid != emm_provid ) {[/TD]
[/TR]
[TR]
[TH]728[/TH]
[TD] write_cmd(insa4, ident);[/TD]
[/TR]
[TR]
[TH]729[/TH]
[TD] if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]730[/TH]
[TD] cs_dump(insa4, 5, "set provider cmd:");[/TD]
[/TR]
[TR]
[TH]731[/TH]
[TD] cs_dump(soid, 3, "set provider data:");[/TD]
[/TR]
[TR]
[TH]732[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]733[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]734[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]735[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]736[/TH]
[TD] // as we are maybe changing the used provider, clear the cache, so the next ecm will re-select the correct one[/TD]
[/TR]
[TR]
[TH]737[/TH]
[TD] reader->last_geo.provid = 0;[/TD]
[/TR]
[TR]
[TH]738[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]739[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]740[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]741[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]742[/TH]
[TD] else if (emmParsed[0]==0x9e && emmParsed[1]==0x20) {[/TD]
[/TR]
[TR]
[TH]743[/TH]
[TD] /* adf */[/TD]
[/TR]
[TR]
[TH]744[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]745[/TH]
[TD] if (!nano91Data) {[/TD]
[/TR]
[TR]
[TH]746[/TH]
[TD] /* adf is not crypted, so test it */[/TD]
[/TR]
[TR]
[TH]747[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]748[/TH]
[TD] uchar custwp;[/TD]
[/TR]
[TR]
[TH]749[/TH]
[TD] uchar *afd;[/TD]
[/TR]
[TR]
[TH]750[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]751[/TH]
[TD] custwp=reader->sa[0][3];[/TD]
[/TR]
[TR]
[TH]752[/TH]
[TD] afd=(uchar*)emmParsed+2;[/TD]
[/TR]
[TR]
[TH]753[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]754[/TH]
[TD] if( afd[31-custwp/8] & (1 << (custwp & 7)) )[/TD]
[/TR]
[TR]
[TH]755[/TH]
[TD] rdr_debug_mask(reader, D_READER, "emm for our card %08X", b2i(4, &reader->sa[0][0]));[/TD]
[/TR]
[TR]
[TH]756[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]757[/TH]
[TD] return SKIPPED;[/TD]
[/TR]
[TR]
[TH]758[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]759[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]760[/TH]
[TD] // memorize[/TD]
[/TR]
[TR]
[TH]761[/TH]
[TD] nano9EData = emmParsed;[/TD]
[/TR]
[TR]
[TH]762[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]763[/TH]
[TD] } else if (emmParsed[0]==0x81) {[/TD]
[/TR]
[TR]
[TH]764[/TH]
[TD] nano81Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]765[/TH]
[TD] } else if (emmParsed[0]==0x91 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]766[/TH]
[TD] nano91Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]767[/TH]
[TD] } else if (emmParsed[0]==0x92 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]768[/TH]
[TD] nano92Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]769[/TH]
[TD] } else if (emmParsed[0]==0xF0 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]770[/TH]
[TD] nanoF0Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]771[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]772[/TH]
[TD] /* other nanos */[/TD]
[/TR]
[TR]
[TH]773[/TH]
[TD] show_subs(reader, emmParsed);[/TD]
[/TR]
[TR]
[TH]774[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]775[/TH]
[TD] memcpy(ins18Data+ins18Len, emmParsed, emmParsed[1] + 2);[/TD]
[/TR]
[TR]
[TH]776[/TH]
[TD] ins18Len += emmParsed [1] + 2;[/TD]
[/TR]
[TR]
[TH]777[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]778[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]779[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]780[/TH]
[TD] if (!provider_ok) {[/TD]
[/TR]
[TR]
[TH]781[/TH]
[TD] rdr_debug_mask(reader, D_READER, "provider not found in emm, continue anyway");[/TD]
[/TR]
[TR]
[TH]782[/TH]
[TD] // force key to 1...[/TD]
[/TR]
[TR]
[TH]783[/TH]
[TD] keynr = 1;[/TD]
[/TR]
[TR]
[TH]784[/TH]
[TD] ///return ERROR;[/TD]
[/TR]
[TR]
[TH]785[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]786[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]787[/TH]
[TD] if (!nanoF0Data) {[/TD]
[/TR]
[TR]
[TH]788[/TH]
[TD] cs_dump(ep->emm, ep->l, "can't find 0xf0 in emm...");[/TD]
[/TR]
[TR]
[TH]789[/TH]
[TD] return ERROR; // error[/TD]
[/TR]
[TR]
[TH]790[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]791[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]792[/TH]
[TD] if (nano9EData) {[/TD]
[/TR]
[TR]
[TH]793[/TH]
[TD] if (!nano91Data) {[/TD]
[/TR]
[TR]
[TH]794[/TH]
[TD] // set adf[/TD]
[/TR]
[TR]
[TH]795[/TH]
[TD] insf0[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]796[/TH]
[TD] insf0[4] = nano9EData[1] + 2;[/TD]
[/TR]
[TR]
[TH]797[/TH]
[TD] write_cmd(insf0, nano9EData);[/TD]
[/TR]
[TR]
[TH]798[/TH]
[TD] if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]799[/TH]
[TD] cs_dump(insf0, 5, "set adf cmd:");[/TD]
[/TR]
[TR]
[TH]800[/TH]
[TD] cs_dump(nano9EData, insf0[4] , "set adf data:");[/TD]
[/TR]
[TR]
[TH]801[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]802[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]803[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]804[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]805[/TH]
[TD] // set adf crypte[/TD]
[/TR]
[TR]
[TH]806[/TH]
[TD] insf4[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]807[/TH]
[TD] insf4[4] = nano91Data[1] + 2 + nano9EData[1] + 2;[/TD]
[/TR]
[TR]
[TH]808[/TH]
[TD] memcpy (insData, nano91Data, nano91Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]809[/TH]
[TD] memcpy (insData + nano91Data[1] + 2, nano9EData, nano9EData[1] + 2);[/TD]
[/TR]
[TR]
[TH]810[/TH]
[TD] write_cmd(insf4, insData);[/TD]
[/TR]
[TR]
[TH]811[/TH]
[TD] if(( cta_res[cta_lr-2]!=0x90 && cta_res[cta_lr-2]!=0x91) || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]812[/TH]
[TD] cs_dump(insf4, 5, "set adf encrypted cmd:");[/TD]
[/TR]
[TR]
[TH]813[/TH]
[TD] cs_dump(insData, insf4[4], "set adf encrypted data:");[/TD]
[/TR]
[TR]
[TH]814[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]815[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]816[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]817[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]818[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]819[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]820[/TH]
[TD] if (!nano92Data) {[/TD]
[/TR]
[TR]
[TH]821[/TH]
[TD] // send subscription[/TD]
[/TR]
[TR]
[TH]822[/TH]
[TD] ins18[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?[/TD]
[/TR]
[TR]
[TH]823[/TH]
[TD] ins18[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]824[/TH]
[TD] ins18[4] = ins18Len + nanoF0Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]825[/TH]
[TD] memcpy (insData, ins18Data, ins18Len);[/TD]
[/TR]
[TR]
[TH]826[/TH]
[TD] memcpy (insData + ins18Len, nanoF0Data, nanoF0Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]827[/TH]
[TD] write_cmd(ins18, insData);[/TD]
[/TR]
[TR]
[TH]828[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 || cta_res[cta_lr-2]==0x91) && cta_res[cta_lr-1]==0x00 ) {[/TD]
[/TR]
[TR]
[TH]829[/TH]
[TD] rdr_debug_mask(reader, D_READER, "update successfully written");[/TD]
[/TR]
[TR]
[TH]830[/TH]
[TD] rc=1; // written[/TD]
[/TR]
[TR]
[TH]831[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]832[/TH]
[TD] cs_dump(ins18, 5, "set subscription cmd:");[/TD]
[/TR]
[TR]
[TH]833[/TH]
[TD] cs_dump(insData, ins18[4], "set subscription data:");[/TD]
[/TR]
[TR]
[TH]834[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]835[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]836[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]837[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]838[/TH]
[TD] // send subscription encrypted[/TD]
[/TR]
[TR]
[TH]839[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]840[/TH]
[TD] if (!nano81Data) {[/TD]
[/TR]
[TR]
[TH]841[/TH]
[TD] cs_dump(ep->emm, ep->l, "0x92 found, but can't find 0x81 in emm...");[/TD]
[/TR]
[TR]
[TH]842[/TH]
[TD] return ERROR; // error[/TD]
[/TR]
[TR]
[TH]843[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]844[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]845[/TH]
[TD] ins1c[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?[/TD]
[/TR]
[TR]
[TH]846[/TH]
[TD] if (ep->type == UNIQUE) ins1c[2] = 0x02;[/TD]
[/TR]
[TR]
[TH]847[/TH]
[TD] ins1c[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]848[/TH]
[TD] ins1c[4] = nano92Data[1] + 2 + nano81Data[1] + 2 + nanoF0Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]849[/TH]
[TD] memcpy (insData, nano92Data, nano92Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]850[/TH]
[TD] memcpy (insData + nano92Data[1] + 2, nano81Data, nano81Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]851[/TH]
[TD] memcpy (insData + nano92Data[1] + 2 + nano81Data[1] + 2, nanoF0Data, nanoF0Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]852[/TH]
[TD] write_cmd(ins1c, insData);[/TD]
[/TR]
[TR]
[TH]853[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]854[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {[/TD]
[/TR]
[TR]
[TH]855[/TH]
[TD] rdr_log(reader, "update successfully written");[/TD]
[/TR]
[TR]
[TH]856[/TH]
[TD] rc=1; // written[/TD]
[/TR]
[TR]
[TH]857[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]858[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]859[/TH]
[TD] if( cta_res[cta_lr-2]&0x1 )[/TD]
[/TR]
[TR]
[TH]860[/TH]
[TD] rdr_log(reader, "update not written. Data already exists or unknown address");[/TD]
[/TR]
[TR]
[TH]861[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]862[/TH]
[TD] //if( cta_res[cta_lr-2]&0x8 ) {[/TD]
[/TR]
[TR]
[TH]863[/TH]
[TD] write_cmd(insc8, NULL);[/TD]
[/TR]
[TR]
[TH]864[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {[/TD]
[/TR]
[TR]
[TH]865[/TH]
[TD] rdr_log(reader, "extended status %02X %02X", cta_res[0], cta_res[1]);[/TD]
[/TR]
[TR]
[TH]866[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]867[/TH]
[TD] //}[/TD]
[/TR]
[TR]
[TH]868[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]869[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]870[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]871[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]872[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]873[/TH]
[TD] /*[/TD]
[/TR]
[TR]
[TH]874[/TH]
[TD] Sub Main()[/TD]
[/TR]
[TR]
[TH]875[/TH]
[TD] Sc.Write("CA A4 04 00 03")[/TD]
[/TR]
[TR]
[TH]876[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]877[/TH]
[TD] Sc.Write("02 07 11")[/TD]
[/TR]
[TR]
[TH]878[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]879[/TH]
[TD] Sc.Write("CA F0 00 01 22")[/TD]
[/TR]
[TR]
[TH]880[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]881[/TH]
[TD] Sc.Write("9E 20")[/TD]
[/TR]
[TR]
[TH]882[/TH]
[TD] Sc.Write("10 10 08 8A 80 00 04 00 10 10 26 E8 54 80 1E 80")[/TD]
[/TR]
[TR]
[TH]883[/TH]
[TD] Sc.Write("00 01 00 00 00 00 00 50 00 00 80 02 22 00 08 50")[/TD]
[/TR]
[TR]
[TH]884[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]885[/TH]
[TD] Sc.Write("CA 18 01 01 11")[/TD]
[/TR]
[TR]
[TH]886[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]887[/TH]
[TD] Sc.Write("A9 05 34 DE 34 FF 80")[/TD]
[/TR]
[TR]
[TH]888[/TH]
[TD] Sc.Write("F0 08 1A 3E AF B5 2B EE E3 3B")[/TD]
[/TR]
[TR]
[TH]889[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]890[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]891[/TH]
[TD] End Sub[/TD]
[/TR]
[TR]
[TH]892[/TH]
[TD] */[/TD]
[/TR]
[TR]
[TH]893[/TH]
[TD] return rc;[/TD]
[/TR]
[TR]
[TH]894[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]895[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]896[/TH]
[TD]static int32_t viaccess_card_info(struct s_reader * reader)[/TD]
[/TR]
[TR]
[TH]897[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]898[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]899[/TH]
[TD] int32_t i, l;[/TD]
[/TR]
[TR]
[TH]900[/TH]
[TD] uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data[/TD]
[/TR]
[TR]
[TH]901[/TH]
[TD] uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data[/TD]
[/TR]
[TR]
[TH]902[/TH]
[TD] uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer[/TD]
[/TR]
[TR]
[TH]903[/TH]
[TD] uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item[/TD]
[/TR]
[TR]
[TH]904[/TH]
[TD] static const uchar ins24[] = { 0xca, 0x24, 0x00, 0x00, 0x09 }; // set pin[/TD]
[/TR]
[TR]
[TH]905[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]906[/TH]
[TD] static const uchar cls[] = { 0x00, 0x21, 0xff, 0x9f};[/TD]
[/TR]
[TR]
[TH]907[/TH]
[TD] static const uchar pin[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04};[/TD]
[/TR]
[TR]
[TH]908[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]909[/TH]
[TD] reader->last_geo.provid = 0;[/TD]
[/TR]
[TR]
[TH]910[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]911[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]912[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]913[/TH]
[TD] rdr_log(reader, "card detected");[/TD]
[/TR]
[TR]
[TH]914[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]915[/TH]
[TD] cs_clear_entitlement(reader); //reset the entitlements[/TD]
[/TR]
[TR]
[TH]916[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]917[/TH]
[TD] // set pin[/TD]
[/TR]
[TR]
[TH]918[/TH]
[TD] write_cmd(ins24, pin);[/TD]
[/TR]
[TR]
[TH]919[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]920[/TH]
[TD] insac[2]=0xa4; write_cmd(insac, NULL); // request unique id[/TD]
[/TR]
[TR]
[TH]921[/TH]
[TD] insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id[/TD]
[/TR]
[TR]
[TH]922[/TH]
[TD] rdr_log_sensitive(reader, "serial: {%llu}", (unsigned long long) b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]923[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]924[/TH]
[TD] insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0[/TD]
[/TR]
[TR]
[TH]925[/TH]
[TD] for (i=1; (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0); i++)[/TD]
[/TR]
[TR]
[TH]926[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]927[/TH]
[TD] uint32_t l_provid, l_sa;[/TD]
[/TR]
[TR]
[TH]928[/TH]
[TD] uchar l_name[64];[/TD]
[/TR]
[TR]
[TH]929[/TH]
[TD] insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties[/TD]
[/TR]
[TR]
[TH]930[/TH]
[TD] cta_res[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]931[/TH]
[TD] l_provid=b2i(3, cta_res);[/TD]
[/TR]
[TR]
[TH]932[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]933[/TH]
[TD] insac[2]=0xa5; write_cmd(insac, NULL); // request sa[/TD]
[/TR]
[TR]
[TH]934[/TH]
[TD] insb8[4]=0x06; write_cmd(insb8, NULL); // read sa[/TD]
[/TR]
[TR]
[TH]935[/TH]
[TD] l_sa=b2i(4, cta_res+2);[/TD]
[/TR]
[TR]
[TH]936[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]937[/TH]
[TD] insac[2]=0xa7; write_cmd(insac, NULL); // request name[/TD]
[/TR]
[TR]
[TH]938[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len[/TD]
[/TR]
[TR]
[TH]939[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]940[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read name[/TD]
[/TR]
[TR]
[TH]941[/TH]
[TD] cta_res[l]=0;[/TD]
[/TR]
[TR]
[TH]942[/TH]
[TD] trim((char *)cta_res);[/TD]
[/TR]
[TR]
[TH]943[/TH]
[TD] if (cta_res[0])[/TD]
[/TR]
[TR]
[TH]944[/TH]
[TD] snprintf((char *)l_name, sizeof(l_name), ", name: %s", cta_res);[/TD]
[/TR]
[TR]
[TH]945[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]946[/TH]
[TD] l_name[0]=0;[/TD]
[/TR]
[TR]
[TH]947[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]948[/TH]
[TD] // read GEO[/TD]
[/TR]
[TR]
[TH]949[/TH]
[TD] insac[2]=0xa6; write_cmd(insac, NULL); // request GEO[/TD]
[/TR]
[TR]
[TH]950[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read GEO nano + len[/TD]
[/TR]
[TR]
[TH]951[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]952[/TH]
[TD] char tmp[l*3+1];[/TD]
[/TR]
[TR]
[TH]953[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read geo[/TD]
[/TR]
[TR]
[TH]954[/TH]
[TD] rdr_log_sensitive(reader, "provider: %d, id: {%06X%s}, sa: {%08X}, geo: %s",[/TD]
[/TR]
[TR]
[TH]955[/TH]
[TD] i, l_provid, l_name, l_sa, (l<4) ? "empty" : cs_hexdump(1, cta_res, l, tmp, sizeof(tmp)));[/TD]
[/TR]
[TR]
[TH]956[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]957[/TH]
[TD] // read classes subscription[/TD]
[/TR]
[TR]
[TH]958[/TH]
[TD] insac[2]=0xa9; insac[4]=4;[/TD]
[/TR]
[TR]
[TH]959[/TH]
[TD] write_cmd(insac, cls); // request class subs[/TD]
[/TR]
[TR]
[TH]960[/TH]
[TD] while( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]961[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]962[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read class subs nano + len[/TD]
[/TR]
[TR]
[TH]963[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]964[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]965[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]966[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read class subs[/TD]
[/TR]
[TR]
[TH]967[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90) &&[/TD]
[/TR]
[TR]
[TH]968[/TH]
[TD] (cta_res[cta_lr-1]==0x00 || cta_res[cta_lr-1]==0x08) )[/TD]
[/TR]
[TR]
[TH]969[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]970[/TH]
[TD] show_class(reader, NULL, l_provid, cta_res, cta_lr-2);[/TD]
[/TR]
[TR]
[TH]971[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]972[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]973[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]974[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]975[/TH]
[TD] insac[4]=0;[/TD]
[/TR]
[TR]
[TH]976[/TH]
[TD] insa4[2]=0x02;[/TD]
[/TR]
[TR]
[TH]977[/TH]
[TD] write_cmd(insa4, NULL); // select next provider[/TD]
[/TR]
[TR]
[TH]978[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]979[/TH]
[TD] //return ERROR;[/TD]
[/TR]
[TR]
[TH]980[/TH]
[TD] return OK;[/TD]
[/TR]
[TR]
[TH]981[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]982[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]983[/TH]
[TD]#ifdef HAVE_DVBAPI[/TD]
[/TR]
[TR]
[TH]984[/TH]
[TD]void dvbapi_sort_nanos(unsigned char *dest, const unsigned char *src, int32_t len);[/TD]
[/TR]
[TR]
[TH]985[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]986[/TH]
[TD]int32_t viaccess_reassemble_emm(uchar *buffer, uint32_t *len) {[/TD]
[/TR]
[TR]
[TH]987[/TH]
[TD] static uchar emm_global[512];[/TD]
[/TR]
[TR]
[TH]988[/TH]
[TD] static int32_t emm_global_len = 0;[/TD]
[/TR]
[TR]
[TH]989[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]990[/TH]
[TD] int32_t pos=0, i;[/TD]
[/TR]
[TR]
[TH]991[/TH]
[TD] uint32_t k;[/TD]
[/TR]
[TR]
[TH]992[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]993[/TH]
[TD] // Viaccess[/TD]
[/TR]
[TR]
[TH]994[/TH]
[TD] if (*len>500) return 0;[/TD]
[/TR]
[TR]
[TH]995[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]996[/TH]
[TD] switch(buffer[0]) {[/TD]
[/TR]
[TR]
[TH]997[/TH]
[TD] case 0x8c:[/TD]
[/TR]
[TR]
[TH]998[/TH]
[TD] case 0x8d:[/TD]
[/TR]
[TR]
[TH]999[/TH]
[TD] // emm-s part 1[/TD]
[/TR]
[TR]
[TH]1000[/TH]
[TD] if (!memcmp(emm_global, buffer, *len))[/TD]
[/TR]
[TR]
[TH]1001[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]1002[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1003[/TH]
[TD] // copy first part of the emm-s[/TD]
[/TR]
[TR]
[TH]1004[/TH]
[TD] memcpy(emm_global, buffer, *len);[/TD]
[/TR]
[TR]
[TH]1005[/TH]
[TD] emm_global_len=*len;[/TD]
[/TR]
[TR]
[TH]1006[/TH]
[TD] //cs_ddump_mask(D_READER, buffer, len, "viaccess global emm:");[/TD]
[/TR]
[TR]
[TH]1007[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]1008[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1009[/TH]
[TD] case 0x8e:[/TD]
[/TR]
[TR]
[TH]1010[/TH]
[TD] // emm-s part 2[/TD]
[/TR]
[TR]
[TH]1011[/TH]
[TD] if (!emm_global_len) return 0;[/TD]
[/TR]
[TR]
[TH]1012[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1013[/TH]
[TD] //extract nanos from emm-gh and emm-s[/TD]
[/TR]
[TR]
[TH]1014[/TH]
[TD] uchar emmbuf[512];[/TD]
[/TR]
[TR]
[TH]1015[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1016[/TH]
[TD] cs_debug_mask(D_DVBAPI, "[viaccess] %s: start extracting nanos", __func__);[/TD]
[/TR]
[TR]
[TH]1017[/TH]
[TD] //extract from emm-gh[/TD]
[/TR]
[TR]
[TH]1018[/TH]
[TD] for (i=3; i<emm_global_len; i+=emm_global[i+1]+2) {[/TD]
[/TR]
[TR]
[TH]1019[/TH]
[TD] //copy nano (length determined by i+1)[/TD]
[/TR]
[TR]
[TH]1020[/TH]
[TD] memcpy(emmbuf+pos, emm_global+i, emm_global[i+1]+2);[/TD]
[/TR]
[TR]
[TH]1021[/TH]
[TD] pos+=emm_global[i+1]+2;[/TD]
[/TR]
[TR]
[TH]1022[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1023[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1024[/TH]
[TD] if (buffer[2]==0x2c) {[/TD]
[/TR]
[TR]
[TH]1025[/TH]
[TD] //add 9E 20 nano + first 32 bytes of emm content[/TD]
[/TR]
[TR]
[TH]1026[/TH]
[TD] memcpy(emmbuf+pos, "\x9E\x20", 2);[/TD]
[/TR]
[TR]
[TH]1027[/TH]
[TD] memcpy(emmbuf+pos+2, buffer+7, 32);[/TD]
[/TR]
[TR]
[TH]1028[/TH]
[TD] pos+=34;[/TD]
[/TR]
[TR]
[TH]1029[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1030[/TH]
[TD] //add F0 08 nano + 8 subsequent bytes of emm content[/TD]
[/TR]
[TR]
[TH]1031[/TH]
[TD] memcpy(emmbuf+pos, "\xF0\x08", 2);[/TD]
[/TR]
[TR]
[TH]1032[/TH]
[TD] memcpy(emmbuf+pos+2, buffer+39, 8);[/TD]
[/TR]
[TR]
[TH]1033[/TH]
[TD] pos+=10;[/TD]
[/TR]
[TR]
[TH]1034[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]1035[/TH]
[TD] //extract from variable emm-s[/TD]
[/TR]
[TR]
[TH]1036[/TH]
[TD] for (k=7; k<(*len); k+=buffer[k+1]+2) {[/TD]
[/TR]
[TR]
[TH]1037[/TH]
[TD] //copy nano (length determined by k+1)[/TD]
[/TR]
[TR]
[TH]1038[/TH]
[TD] memcpy(emmbuf+pos, buffer+k, buffer[k+1]+2);[/TD]
[/TR]
[TR]
[TH]1039[/TH]
[TD] pos+=buffer[k+1]+2;[/TD]
[/TR]
[TR]
[TH]1040[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1041[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1042[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1043[/TH]
[TD] cs_ddump_mask(D_DVBAPI, buffer, *len, "[viaccess] %s: %s emm-s", __func__, (buffer[2]==0x2c) ? "fixed" : "variable");[/TD]
[/TR]
[TR]
[TH]1044[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1045[/TH]
[TD] dvbapi_sort_nanos(buffer+7, emmbuf, pos);[/TD]
[/TR]
[TR]
[TH]1046[/TH]
[TD] pos+=7;[/TD]
[/TR]
[TR]
[TH]1047[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1048[/TH]
[TD] //calculate emm length and set it on position 2[/TD]
[/TR]
[TR]
[TH]1049[/TH]
[TD] buffer[2]=pos-3;[/TD]
[/TR]
[TR]
[TH]1050[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1051[/TH]
[TD] cs_ddump_mask(D_DVBAPI, emm_global, emm_global_len, "[viaccess] %s: emm-gh", __func__);[/TD]
[/TR]
[TR]
[TH]1052[/TH]
[TD] cs_ddump_mask(D_DVBAPI, buffer, pos, "[viaccess] %s: assembled emm", __func__);[/TD]
[/TR]
[TR]
[TH]1053[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1054[/TH]
[TD] *len=pos;[/TD]
[/TR]
[TR]
[TH]1055[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]1056[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1057[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]1058[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]1059[/TH]
[TD]#endif[/TD]
[/TR]
[TR]
[TH]1060[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1061[/TH]
[TD]void reader_viaccess(struct s_cardsystem *ph)[/TD]
[/TR]
[TR]
[TH]1062[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]1063[/TH]
[TD] ph->do_emm=viaccess_do_emm;[/TD]
[/TR]
[TR]
[TH]1064[/TH]
[TD] ph->do_ecm=viaccess_do_ecm;[/TD]
[/TR]
[TR]
[TH]1065[/TH]
[TD] ph->card_info=viaccess_card_info;[/TD]
[/TR]
[TR]
[TH]1066[/TH]
[TD] ph->card_init=viaccess_card_init;[/TD]
[/TR]
[TR]
[TH]1067[/TH]
[TD] ph->get_emm_type=viaccess_get_emm_type;[/TD]
[/TR]
[TR]
[TH]1068[/TH]
[TD] ph->get_emm_filter=viaccess_get_emm_filter;[/TD]
[/TR]
[TR]
[TH]1069[/TH]
[TD] ph->caids[0]=0x05;[/TD]
[/TR]
[TR]
[TH]1070[/TH]
[TD] ph->desc="viaccess";[/TD]
[/TR]
[TR]
[TH]1071[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]1072[/TH]
[TD]#endif[/TD]
[/TR]
Tu sais constance,
Il est inutile que tu nous fasse des copier/coller des autres forum alors que tu ne sais pas de quoi tu parles.
Le viacess est plus simple de le craquer que le seca?
Va faire un tour du coter du forum oscam.to et tu verras de quoi on parle stp car on est loin d'être sorti d'affaire.
La mise à jour injectée dans les Canal Ready est uniquement envoyée au terminaux de nouvelle génération qui ceux-ci possèdent un J-Tag Locké et une password dans la signature du firmware en lui même.
Il ne feront aucune MAJ sur les anciennes générations car il est facile de faire un DUMP car le J-Tag est accessible.
Donc stp, ou tu apportes des infos concrètes ou alors tu ne poste pas pour rien dire et surtout du charabia qui rempli ce post inutilement veux-tu?
Sans rancune, merci.
Il est inutile que tu nous fasse des copier/coller des autres forum alors que tu ne sais pas de quoi tu parles.
Le viacess est plus simple de le craquer que le seca?
Va faire un tour du coter du forum oscam.to et tu verras de quoi on parle stp car on est loin d'être sorti d'affaire.
La mise à jour injectée dans les Canal Ready est uniquement envoyée au terminaux de nouvelle génération qui ceux-ci possèdent un J-Tag Locké et une password dans la signature du firmware en lui même.
Il ne feront aucune MAJ sur les anciennes générations car il est facile de faire un DUMP car le J-Tag est accessible.
Donc stp, ou tu apportes des infos concrètes ou alors tu ne poste pas pour rien dire et surtout du charabia qui rempli ce post inutilement veux-tu?
Sans rancune, merci.
beavis
DZSatien Passionné
- Inscrit
- 16/2/08
- Messages
- 368
salut
ah bon ceux qui ont prit un abonnement carte seul
et qu'ils ont acheté un démo canal ready HD de premiere generation
ils pourront plus s'en servir ?
de mieux en mieux
J'ai acheté le SAGEM DTR94160S HD avant que l'on ne parle du label "canal ready" il y a presque 4 ans,
donc on peut dire qu'il est de "première génération".
Toutes les mises à jours on été faite par satellite et toutes les chaines sont lue avec la carte 039 !
donc on peut dire qu'il est de "première génération".
Toutes les mises à jours on été faite par satellite et toutes les chaines sont lue avec la carte 039 !
Il faut voir quel démo tu possèdes.
Si tu n'as pas reçu de MAJ et que ta carte insérée dans ton démo n'ouvre pas certaines chaînes HD sur 12168.00 V 29700 2/3 (W9 HD, Arte HD, Ushuaia TV HD et Penthouse HD si abonné), tu peux demander aupès du fabriquant s'il y en a une ou pas.
SI oui, tu leur dit que dans ton cas, tu n'as toujours rien ou dans le cas contraire, faut que tu voies avec Csat pour autres alternatives.
On parle aussi du DT 81 de première génération et à prioris, aucune MAJ à ce jour car le J-tag n'est pas locké.
Merci de me corriger en cas d'erreur.
A+
constance
DZSatien Accro
- Inscrit
- 15/12/08
- Messages
- 775
mort de rire si les constructeur retire le rs232 + le jtag comment font t il pour remettre une mise a jour au save lol . dit toi que je suis développer chez moresat
j ai programmer pour proteck , technomat . édisions alors que je suis sur que tu savais meme pas ce que veux dire firmware . en aucun cas le forum oscam font du développement
algorythmique. il ne font que de l améliorations oscam grace a d autre personne qui poste des ticket de conversions . et tous cela ce passe ici et non pas sur oscam forum .
si on regarde le forum oscam versions francais il a beaucoup de blabla et aucun raisonnement valabe alors si tu veux vraiment une souce qui tien la route vas la lol
http://streamboard.de.vu:8001/browser/trunk#
j ai programmer pour proteck , technomat . édisions alors que je suis sur que tu savais meme pas ce que veux dire firmware . en aucun cas le forum oscam font du développement
algorythmique. il ne font que de l améliorations oscam grace a d autre personne qui poste des ticket de conversions . et tous cela ce passe ici et non pas sur oscam forum .
si on regarde le forum oscam versions francais il a beaucoup de blabla et aucun raisonnement valabe alors si tu veux vraiment une souce qui tien la route vas la lol
http://streamboard.de.vu:8001/browser/trunk#
constance
DZSatien Accro
- Inscrit
- 15/12/08
- Messages
- 775
le balmet 9960 et de premiere générations car pas de canal ready marquer dessus . par contre 1 ans aprés j ai recus le meme balmet avec canal ready dessus et aucune différence matériel ni différence coté mise a jour .
Merci pour tes informations.
Voici un texte écris par Qosmio et tu me dis ce que tu en penses.
Merci.
Ceci se rapporte au fameux Humax TN-5050 que l'on a posté en PDF.
Voici les conclusions.
En espérant que certains, j'espère comme toi, arrivent trouver une solution:
Bonne lecture.
Le chip utilisé est plus avancé que ceux utilisé précédemment.
http://www.cs.indiana.edu/~geobrown/publications/sti7105.pdf
Et si je me trome pas en Page 11, en bas à Gauche, le rectangle identifié par le SEC => le module de sécurité qui embarque les clefs pour les algos DES/AES au niveau de la sécurisation des DW.
The STi7105 provides a solution for operators to specify a range of low-cost, high
performance HD STBs including low-cost Zappers, IP clients, Interactive STBs, DVR
standalone and DVR server/home network capable STBs, and with content delivery
possible using broadcast or broadband networks, or both (hybrid STBs). The STi7105 keeps
pace with the latest conditional access, DRM and trusted platform requirements of major
operators worldwide by incorporating the latest generation of advanced security features.
The STi7105 offers current users of STs growing family of advanced decoding ICs
enhancements in performance and features whilst reducing cost and time-to-market for the
next generation deployments.
Et le moins marrant -> Advanced security - Secure control words, Code authentication, JTAG locking,
Network/DVR copy protection, SVP, VGS, DTCP-IP, MS-DRM, MSTV
Alors pour faire simple, le décodeur boot sur une Flash dont le boot vérifie l'intégrité de la flash à l'aide du Crypto SoC, seul solution => exploiter un modchip sur la Flash ( si c'est possible ) pour basculer sur une flash alternative, Flash BGA surement bien collée avec de l'expoxy.
Ensuite même si le Jtag est présent -> le jtag est locké , fusé avec un mot de passe unique, chaque décodeur à son propre mot de passe selon l'ID du décodeur.
Et pour finir les clefs secure sont masquées si tu veux lire l'espace mémoire.
1 ) Hijacker le déco , pour avoir accés à un terminal ( si linux ).
2 ) Executer son propre code , et injecter son propre U-Boot
3 ) lancer un kernel linux non sécurisé pour executer du code en Userland pour tester le secure SoC, avec l'arrivée
Il y a beaucoup plus de chance de trouver des failles dans les premiéres Gamme, voila ce que je voulais dire au départ, et ce n'est surement pas un hazard si Canal veut remplacer les DSI 81 , Flash non protégée contre le dump (???) , pas d'expoxy ???? ou accés directe au déco par l'intermédiaire d'un connecteur RS232 ou autre ???
constance
DZSatien Accro
- Inscrit
- 15/12/08
- Messages
- 775
le poste et tous a fais juste car le ce systeme et identique a celui que nous avions implanté dans no décodeur . mais comme le texte aussi le dit avec un décodeur linux il a toujour possibilité
il faux juste vous dire que tous syteme a une porte d entrée et de sortie . et cela et obligatoire pour tous systeme . mais en aucun cas canal + peux demander au client de changer leur décodeur et encore moin si le label canal ready et dessus . de + le label canal ready et pour les hd obligatoirement et en aucun cas les hd .
de + pour les décodeur canal ready non hd ,il posséde un systeme qui interdit la recherche des fréquence des chaine hd .
D
djammm
je ne comprend pas pourquoi autant de monde s inquiète car comme le dit constance il y as toujours une porte d entrée et une porte de sortie et il en seras toujours ainsi et tant qu il y auras ces 2 portes il y auras toujours une solution .vous pouvez prendre tout les systèmes ils sont ainsi fait une entrée et une sortie
djammm
djammm
dinodzo
DZSatien Accro
- Inscrit
- 11/5/09
- Messages
- 588
d'ou tu sort ça ?????
Il y a toujours une porte d'entrée et une de sortie.
Mais on ne sais pas ce qu'il y a au milieu.
n'importe koi comment ça team kyng utulise la nano Eo pour crypter c firmware!!!!!!!!!!!!!! c totalement faux et d'ou sort tu ça !!!!!!!!!!!
D
djammm
d ou je sort cela vous savez je suis un ancien de l époque de secaforum c est vrais que tout as évolue mais beaucoup de choses n ont pas tant change que cela depuis 1984 je suis las dedans et j ai suivi les évolutions
si je vous disais que les cartes de c+ fonctionne très bien( carte modifie bien sur) mais cela est très prives et le resteras encore très longtemps je pense car beaucoup de personnes n ont pas envie de voir leurs travail détruit en quelques minutes
pour moi la discutions est close sur ce sujet
djammm
si je vous disais que les cartes de c+ fonctionne très bien( carte modifie bien sur) mais cela est très prives et le resteras encore très longtemps je pense car beaucoup de personnes n ont pas envie de voir leurs travail détruit en quelques minutes
pour moi la discutions est close sur ce sujet
djammm
camfrancia
DZSatien Accro
- Inscrit
- 11/2/12
- Messages
- 752
pas de soucis tous est ok
- Statut
