Merci Merci:  129
Likes Likes:  64
Dislikes Dislikes:  0
Page 7 sur 54 PremièrePremière ... 3456789101117 ... DernièreDernière
Affiche les résultats de 91 à 105 sur 801

Sujet : changement cryptage canal sat général


  1. #91
    Banni
    Inscrit
    May 2008
    Lieu
    lyon
    Messages
    607
    Récepteur
    IPTV CanalSat HD
    TV
    sony
    Remerciement / J'aime

    il faut tout simplement dumper le module pmcia canal ready ou déco labelisé et faire dump apres leur mise a jour ^ ^ ! le cube concerne uniquement off 018


  2. #92
    DZSatien Habitué
    Inscrit
    Feb 2011
    Messages
    159
    Récepteur
    HUMAX FR1000HD
    TV
    PANASONIC
    Remerciement / J'aime
    Citation Envoyé par Zoboloff Voir le message
    il faut tout simplement dumper le module pmcia canal ready ou déco labelisé et faire dump apres leur mise a jour ^ ^ ! le cube concerne uniquement off 018
    Il existe un module pcmcia canal Ready pour la TNT TERRESTRE mais uniquement avec les téléviseurs Sumsung avec la norme CI+, la carte est différente.

    La carte 39 ne fonctionne pas sur ce pcmcia mais sur les déco labelisé TNTSAT "Canal Ready".

  3. #93
    DZSatien Initié
    Inscrit
    Feb 2012
    Âge
    36
    Messages
    752
    Remerciement / J'aime
    Citation Envoyé par lenunz Voir le message
    Salut,
    Le cube c'est pour la carte 018 et non la 039.
    Rien à voir.
    bas si que sa a voir lol la nano est utilisé dans le cube de Csat avec la carte 018, c'est le même procédé qu'ils veulent faire dans les déco canal ready, il possède déjà un dump de mon déco mais il lui faut encore 2 autre dump car malheuresement j'ai pas envoyer ma carte car mon abo avez pris fin le 31 juillet et en attendant de rendre le déco je lui avez envoyer

  4. #94
    DZSatien Habitué
    Inscrit
    Jul 2012
    Messages
    267
    Récepteur
    DM800se,Vu+Solo
    TV
    LG 3D 47,Toshiba
    Remerciement / J'aime

    Icon2

    Penthouse HD Out , Même Frequence Que W9 HD Et Ushuaia HD
    Donc Prochaines Chaines M6 HD Et France 2 HD
    Tjrs sous la même Fréquence
    Dernière édition par xperia; 14-08-2012 à 06:45

  5. #95
    Sponsor
    Inscrit
    Nov 2007
    Messages
    171
    Récepteur
    Vu+Duo 2
    TV
    Samsoung
    Remerciement / J'aime
    Citation Envoyé par camfrancia Voir le message
    bas si que sa a voir lol la nano est utilisé dans le cube de Csat avec la carte 018, c'est le même procédé qu'ils veulent faire dans les déco canal ready, il possède déjà un dump de mon déco mais il lui faut encore 2 autre dump car malheuresement j'ai pas envoyer ma carte car mon abo avez pris fin le 31 juillet et en attendant de rendre le déco je lui avez envoyer
    Le même procédé mais pas la même nano.
    sur les 018 c'est la nano 01 qui est injectée et non la e0.
    Le dump du Canal ready et crypté et signé par viaccess selon le cahier des charges et donc a mon avis, c'est loin d'être facile.
    A+






  6. #96
    DZSatien Initié
    Inscrit
    Dec 2008
    Lieu
    moresatland
    Messages
    517
    Récepteur
    dm 500 hd
    TV
    lg 142 cm
    Remerciement / J'aime

    Icon6

    il est bien plus facile de hacker du viaccess que du seca . de plus les décodeur cube on certaine protections et de plus ces louer a canal .perso j éviterais de bouger ou de souder sur ce décodeur .

    &actuellement pour le viaccess ces ceci avec des modif qui date de 4 semaine
    #include "globals.h"
    2 #ifdef READER_VIACCESS
    3 #include "reader-common.h"
    4
    5 struct via_date {
    6 uint16_t day_s : 5;
    7 uint16_t month_s : 4;
    8 uint16_t year_s : 7;
    9
    10 uint16_t day_e : 5;
    11 uint16_t month_e : 4;
    12 uint16_t year_e : 7;
    13 };
    14
    15 static void parse_via_date(const uchar *buf, struct via_date *vd, int32_t fend)
    16 {
    17 uint16_t date;
    18
    19 date = (buf[0]<<8) | buf[1];
    20 vd->day_s = date & 0x1f;
    21 vd->month_s = (date>>5) & 0x0f;
    22 vd->year_s = (date>>9) & 0x7f;
    23
    24 if( fend )
    25 {
    26 date = (buf[2]<<8) | buf[3];
    27 vd->day_e = date & 0x1f;
    28 vd->month_e = (date>>5) & 0x0f;
    29 vd->year_e = (date>>9) & 0x7f;
    30 }
    31 }
    32
    33 //static void get_via_data(const uchar *b, int32_t l, time_t *start_t, time_t *end_t, uchar *cls)
    34 //{
    35 // int32_t i, j;
    36 // struct via_date vd;
    37 // struct tm tm;
    38 // memset(&vd, 0, sizeof(struct via_date));
    39 //
    40 // // b -> via date (4 bytes)
    41 // b+=4;
    42 // l-=4;
    43 //
    44 // j=l-1;
    45 // for (; j>=0; j--)
    46 // for (i=0; i<8; i++)
    47 // if (b[j] & (1 << (i&7)))
    48 // {
    49 // parse_via_date(b-4, &vd, 1);
    50 // *cls=(l-(j+1))*8+i;
    51 // }
    52 //
    53 // memset(&tm, 0, sizeof(struct tm));
    54 // tm.tm_year = vd.year_s + 80; //via year starts in 1980, tm_year starts in 1900
    55 // tm.tm_mon = vd.month_s - 1; // january is 0 in tm_mon
    56 // tm.tm_mday = vd.day_s;
    57 // *start_t = mktime(&tm);
    58 //
    59 // tm.tm_year = vd.year_e + 80;
    60 // tm.tm_mon = vd.month_e - 1;
    61 // tm.tm_mday = vd.day_e;
    62 // *end_t = mktime(&tm);
    63 //
    64 //}
    65
    66 static void show_class(struct s_reader *reader, const char *p, uint32_t provid, const uchar *b, int32_t l)
    67 {
    68 int32_t i, j;
    69
    70 // b -> via date (4 bytes)
    71 b+=4;
    72 l-=4;
    73
    74 j=l-1;
    75 for (; j>=0; j--)
    76 for (i=0; i<8; i++)
    77 if (b[j] & (1 << (i&7)))
    78 {
    79 uchar cls;
    80 struct via_date vd;
    81 parse_via_date(b-4, &vd, 1);
    82 cls=(l-(j+1))*8+i;
    83 if (p)
    84 rdr_log(reader, "%sclass: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", p, cls,
    85 vd.year_s+1980, vd.month_s, vd.day_s,
    86 vd.year_e+1980, vd.month_e, vd.day_e);
    87 else {
    88 rdr_log(reader, "class: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", cls,
    89 vd.year_s+1980, vd.month_s, vd.day_s,
    90 vd.year_e+1980, vd.month_e, vd.day_e);
    91
    92 time_t start_t, end_t;
    93 struct tm tm;
    94 //convert time:
    95 memset(&tm, 0, sizeof(tm));
    96 tm.tm_year = vd.year_s+80; //via year starts in 1980, tm_year starts in 1900
    97 tm.tm_mon = vd.month_s-1; // january is 0 in tm_mon
    98 tm.tm_mday = vd.day_s;
    99 start_t = cs_timegm(&tm);
    100
    101 tm.tm_year = vd.year_e+80; //via year starts in 1980, tm_year starts in 1900
    102 tm.tm_mon = vd.month_e-1; // january is 0 in tm_mon
    103 tm.tm_mday = vd.day_e;
    104 end_t = cs_timegm(&tm);
    105
    106 cs_add_entitlement(reader, reader->caid, provid, cls, cls, start_t, end_t, 5);
    107 }
    108 }
    109 }
    110
    111 static void show_subs(struct s_reader * reader, const uchar *emm)
    112 {
    113 // emm -> A9, A6, B6
    114
    115 switch( emm[0] )
    116 {
    117 case 0xA9:
    118 show_class(reader, "nano A9: ", 0, emm+2, emm[1]);
    119 break;
    120 /*
    121 {
    122 int32_t i, j, byts;
    123 const uchar *oemm;
    124
    125 oemm = emm;
    126 byts = emm[1]-4;
    127 emm+=6;
    128
    129 j=byts-1;
    130 for( ; j>=0; j-- )
    131 for( i=0; i<8; i++ )
    132 if( emm[j] & (1 << (i&7)) )
    133 {
    134 uchar cls;
    135 struct via_date vd;
    136 parse_via_date(emm-4, &vd, 1);
    137 cls=(byts-(j+1))*8+i;
    138 rdr_log(reader, "%sclass %02X: expiry date: %02d/%02d/%04d - %02d/%02d/%04d",
    139 fnano?"nano A9: ":"", cls,
    140 vd.day_s, vd.month_s, vd.year_s+1980,
    141 vd.day_e, vd.month_e, vd.year_e+1980);
    142 }
    143 break;
    144 }
    145 */
    146 case 0xA6:
    147 {
    148 char szGeo[256];
    149
    150 memset(szGeo, 0, 256);
    151 strncpy(szGeo, (char *)emm+2, emm[1]);
    152 rdr_log(reader, "nano A6: geo %s", szGeo);
    153 break;
    154 }
    155 case 0xB6:
    156 {
    157 uchar m; // modexp
    158 struct via_date vd;
    159
    160 m=emm[emm[1]+1];
    161 parse_via_date(emm+2, &vd, 0);
    162 rdr_log(reader, "nano B6: modexp %d%d%d%d%d%d: %02d/%02d/%04d", (m&0x20)?1:0,
    163 (m&0x10)?1:0,(m&0x08)?1:0,(m&0x04)?1:0,(m&0x02)?1: 0,(m&0x01)?1:0,
    164 vd.day_s, vd.month_s, vd.year_s+1980);
    165 break;
    166 }
    167 }
    168 }
    169
    170 static int32_t chk_prov(struct s_reader * reader, uchar *id, uchar keynr)
    171 {
    172 int32_t i, j, rc;
    173 for (rc=i=0; (!rc) && (i<reader->nprov); i++)
    174 if(!memcmp(&reader->prid[i][1], id, 3))
    175 for (j=0; (!rc) && (j<16); j++)
    176 if (reader->availkeys[i][j]==keynr)
    177 rc=1;
    178 return(rc);
    179 }
    180
    181 static int32_t unlock_parental(struct s_reader * reader)
    182 {
    183 /* disabling parental lock. assuming pin "0000" if no pin code is provided in the config */
    184
    185 static const uchar inDPL[] = {0xca, 0x24, 0x02, 0x00, 0x09};
    186 uchar cmDPL[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F};
    187 def_resp;
    188
    189 if (strcmp(reader->pincode, "none")) {
    190 rdr_log(reader, "Using PIN %s",reader->pincode);
    191 // the pin need to be coded in bcd, so we need to convert from ascii to bcd, so '1234' -> 0x12 0x34
    192 cmDPL[6]=((reader->pincode[0]-0x30)<<4) | ((reader->pincode[1]-0x30) & 0x0f);
    193 cmDPL[7]=((reader->pincode[2]-0x30)<<4) | ((reader->pincode[3]-0x30) & 0x0f);
    194 }
    195 else {
    196 rdr_log(reader, "Using PIN 0000!");
    197 }
    198 write_cmd(inDPL,cmDPL);
    199 if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) ) {
    200 if (strcmp(reader->pincode, "none")) {
    201 rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used %s!",reader->pincode);
    202 }
    203 else {
    204 rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used 0000!");
    205 }
    206 }
    207 else
    208 rdr_log(reader, "Parental lock disabled");
    209
    210 return 0;
    211 }
    212
    213 static int32_t viaccess_card_init(struct s_reader * reader, ATR *newatr)
    214 {
    215 get_atr;
    216 def_resp;
    217 int32_t i;
    218 uchar buf[256];
    219 uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data
    220 uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data
    221 uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer
    222 uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item
    223 static const uchar insFAC[] = { 0x87, 0x02, 0x00, 0x00, 0x03 }; // init FAC
    224 static const uchar FacDat[] = { 0x00, 0x00, 0x28 };
    225 static unsigned char ins8702_data[] = { 0x00, 0x00, 0x11};
    226 static unsigned char ins8704[] = { 0x87, 0x04, 0x00, 0x00, 0x07 };
    227 static unsigned char ins8706[] = { 0x87, 0x06, 0x00, 0x00, 0x04 };
    228
    229
    230 if ((atr[1]!=0x77) || ((atr[2]!=0x18) && (atr[2]!=0x11) && (atr[2]!=0x19)) || ((atr[9]!=0x68) && (atr[9]!=0x6C)))
    231 return ERROR;
    232
    233 write_cmd(insFAC, FacDat);
    234 if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) )
    235 return ERROR;
    236
    237 memset(&reader->last_geo, 0, sizeof(reader->last_geo));
    238 write_cmd(insFAC, ins8702_data);
    239 if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {
    240 write_cmd(ins8704, NULL);
    241 if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {
    242 write_cmd(ins8706, NULL);
    243 if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {
    244 reader->last_geo.number_ecm =(cta_res[2]<<8) | (cta_res[3]);
    245 rdr_log(reader, "using ecm #%x for long viaccess ecm",reader->last_geo.number_ecm);
    246 }
    247 }
    248 }
    249
    250
    251 // switch((atr[atrsize-4]<<8)|atr[atrsize-3])
    252 // {
    253 // case 0x6268: ver="2.3"; break;
    254 // case 0x6668: ver="2.4(?)"; break;
    255 // case 0xa268:
    256 // default: ver="unknown"; break;
    257 // }
    258
    259 reader->caid=0x500;
    260 memset(reader->prid, 0xff, sizeof(reader->prid));
    261 insac[2]=0xa4; write_cmd(insac, NULL); // request unique id
    262 insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id
    263 memcpy(reader->hexserial, cta_res+2, 5);
    264 // rdr_log(reader, "[viaccess-reader] type: Viaccess, ver: %s serial: %llu", ver, b2ll(5, cta_res+2));
    265 rdr_log_sensitive(reader, "type: Viaccess (%sstandard atr), caid: %04X, serial: {%llu}",
    266 atr[9]==0x68?"":"non-",reader->caid, (unsigned long long) b2ll(5, cta_res+2));
    267
    268 i=0;
    269 insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0
    270 buf[0]=0;
    271 while((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0))
    272 {
    273 insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties
    274 cta_res[2]&=0xF0;
    275 reader->prid[i][0]=0;
    276 memcpy(&reader->prid[i][1], cta_res, 3);
    277 memcpy(&reader->availkeys[i][0], cta_res+10, 16);
    278 snprintf((char *)buf+strlen((char *)buf), sizeof(buf)-strlen((char *)buf), ",%06X", b2i(3, &reader->prid[i][1]));
    279 //rdr_log(reader, "[viaccess-reader] buf: %s", buf);
    280
    281 insac[2]=0xa5; write_cmd(insac, NULL); // request sa
    282 insb8[4]=0x06; write_cmd(insb8, NULL); // read sa
    283 memcpy(&reader->sa[i][0], cta_res+2, 4);
    284
    285 /*
    286 insac[2]=0xa7; write_cmd(insac, NULL); // request name
    287 insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len
    288 l=cta_res[1];
    289 insb8[4]=l; write_cmd(insb8, NULL); // read name
    290 cta_res[l]=0;
    291 rdr_log(reader, "[viaccess-reader] name: %s", cta_res);
    292 */
    293
    294 insa4[2]=0x02;
    295 write_cmd(insa4, NULL); // select next issuer
    296 i++;
    297 }
    298 reader->nprov=i;
    299 rdr_log(reader, "providers: %d (%s)", reader->nprov, buf+1);
    300
    301 if (cfg.ulparent)
    302 unlock_parental(reader);
    303
    304 rdr_log(reader, "ready for requests");
    305 return OK;
    306 }
    307
    308 bool dcw_crc(uchar *dw){
    309 int8_t i;
    310 for(i=0;i<16;i+=4) if(dw[i+3]!=((dw[i]+dw[i+1]+dw[i+2])& 0xFF))return 0;
    311 return 1;
    312 }
    313
    314 static int32_t viaccess_do_ecm(struct s_reader * reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)
    315 {
    316 def_resp;
    317 static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id
    318 unsigned char ins88[] = { 0xca,0x88,0x00,0x00,0x00 }; // set ecm
    319 unsigned char insf8[] = { 0xca,0xf8,0x00,0x00,0x00 }; // set geographic info
    320 static const unsigned char insc0[] = { 0xca,0xc0,0x00,0x00,0x12 }; // read dcw
    321
    322 // //XXX what is the 4th byte for ??
    323 int32_t ecm88Len = MIN(MAX_ECM_SIZE-4, SCT_LEN(er->ecm)-4);
    324 if(ecm88Len < 1){
    325 rdr_log(reader, "ECM: Size of ECM couldn't be correctly calculated.");
    326 return ERROR;
    327 }
    328 uchar ecmData[ecm88Len];
    329 memset(ecmData, 0, ecm88Len);
    330 memcpy(ecmData, er->ecm+4, ecm88Len);
    331 uchar *ecm88Data = &ecmData[0];
    332 uint32_t provid=0;
    333 int32_t rc=0;
    334 int32_t hasD2 = 0;
    335 int32_t curEcm88len=0;
    336 int32_t nanoLen=0;
    337 uchar *nextEcm;
    338 uchar DE04[256];
    339 int32_t D2KeyID=0;
    340 int32_t curnumber_ecm=0;
    341 //nanoD2 d2 02 0d 02 -> D2 nano, len 2
    342 // 0d -> post AES decrypt CW
    343 // 0b -> pre AES decrypt CW
    344 int32_t nanoD2 = 0; // 0x0b = 1 0x0d = 2
    345
    346 memset(DE04, 0, sizeof(DE04)); //fix dorcel de04 bug
    347
    348 nextEcm=ecm88Data;
    349
    350
    351
    352 while (ecm88Len>0 && !rc) {
    353
    354 if(ecm88Data[0] ==0x00 && ecm88Data[1] == 0x00) {
    355 // nano 0x00 and len 0x00 aren't valid ... something is obviously wrong with this ecm.
    356 rdr_log(reader, "ECM: Invalid ECM structure. Rejecting");
    357 return ERROR;
    358 }
    359
    360 // 80 33 nano 80 (ecm) + len (33)
    361 if(ecm88Data[0]==0x80) { // nano 80, give ecm len
    362 curEcm88len=ecm88Data[1];
    363 nextEcm=ecm88Data+curEcm88len+2;
    364 ecm88Data += 2;
    365 ecm88Len -= 2;
    366 }
    367
    368 if(!curEcm88len) { //there was no nano 80 -> simple ecm
    369 curEcm88len=ecm88Len;
    370 }
    371
    372 // d2 02 0d 02 -> D2 nano, len 2, select the AES key to be used
    373 if(ecm88Data[0]==0xd2) {
    374 // test if need post or pre AES decrypt
    375 if(ecm88Data[2]==0x0b)
    376 {
    377 nanoD2 = 1;
    378 rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0b");
    379 }
    380 if(ecm88Data[2]==0x0d)
    381 {
    382 nanoD2 = 2;
    383 rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0d");
    384 }
    385 // use the d2 arguments to get the key # to be used
    386 int32_t len = ecm88Data[1] + 2;
    387 D2KeyID=ecm88Data[3];
    388 ecm88Data += len;
    389 ecm88Len -= len;
    390 curEcm88len -=len;
    391 hasD2 = 1;
    392 }
    393 else
    394 hasD2 = 0;
    395
    396
    397 // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here
    398 // 09 -> use key #9
    399 // 05 67 00
    400 if ((ecm88Data[0]==0x90 || ecm88Data[0]==0x40) && (ecm88Data[1]==0x03 || ecm88Data[1]==0x07 ) )
    401 {
    402 uchar ident[3], keynr;
    403 uchar *ecmf8Data=0;
    404 int32_t ecmf8Len=0;
    405
    406 nanoLen=ecm88Data[1] + 2;
    407 keynr=ecm88Data[4]&0x0F;
    408
    409 // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here
    410 // 09 -> use key #9
    411 if(nanoLen>5) {
    412 curnumber_ecm =(ecm88Data[6]<<8) | (ecm88Data[7]);
    413 rdr_debug_mask(reader, D_READER, "checking if the ecm number (%x) match the card one (%x)",curnumber_ecm,reader->last_geo.number_ecm);
    414 // if we have an ecm number we check it.
    415 // we can't assume that if the nano len is 5 or more we have an ecm number
    416 // as some card don't support this
    417 if( reader->last_geo.number_ecm > 0 ) {
    418 if (reader->last_geo.number_ecm == curnumber_ecm && !( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )) {
    419 keynr=ecm88Data[5];
    420 rdr_debug_mask(reader, D_READER, "keyToUse = %02x, ECM ending with %02x",ecm88Data[5], ecm88Data[nanoLen-1]);
    421 } else {
    422 if( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )
    423 {
    424 rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x) for provider %02x%02x%02x",ecm88Data[nanoLen-1], curnumber_ecm, ecm88Data[2], ecm88Data[3], ecm88Data[4]);
    425 }
    426 rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x)",ecm88Data[nanoLen-1], curnumber_ecm);
    427 ecm88Data=nextEcm;
    428 ecm88Len-=curEcm88len;
    429 continue; //loop to next ecm
    430 }
    431 }
    432 else { // long ecm but we don't have an ecm number so we have to try them all.
    433 keynr=ecm88Data[5];
    434 rdr_debug_mask(reader, D_READER, "keyToUse = %02x",ecm88Data[5]);
    435 }
    436 }
    437
    438 memcpy (ident, &ecm88Data[2], sizeof(ident));
    439 provid = b2i(3, ident);
    440 ident[2]&=0xF0;
    441
    442 if(hasD2 && reader->aes_list) {
    443 // check that we have the AES key to decode the CW
    444 // if not there is no need to send the ecm to the card
    445 if(!aes_present(reader->aes_list, 0x500, (uint32_t) (provid & 0xFFFFF0) , D2KeyID))
    446 return ERROR;
    447 }
    448
    449
    450 if (!chk_prov(reader, ident, keynr))
    451 {
    452 rdr_debug_mask(reader, D_READER, "ECM: provider or key not found on card");
    453 snprintf( ea->msglog, MSGLOGSIZE, "provider(%02x%02x%02x) or key(%d) not found on card", ident[0],ident[1],ident[2], keynr );
    454 return ERROR;
    455 }
    456
    457 ecm88Data+=nanoLen;
    458 ecm88Len-=nanoLen;
    459 curEcm88len-=nanoLen;
    460
    461 // DE04
    462 if (ecm88Data[0]==0xDE && ecm88Data[1]==0x04)
    463 {
    464 memcpy (DE04, &ecm88Data[0], 6);
    465 ecm88Data+=6;
    466 }
    467 //
    468
    469 if( reader->last_geo.provid != provid )
    470 {
    471 reader->last_geo.provid = provid;
    472 reader->last_geo.geo_len = 0;
    473 reader->last_geo.geo[0] = 0;
    474 write_cmd(insa4, ident); // set provider
    475 }
    476
    477 //Nano D2 0x0b Pre AES decrypt CW
    478 if ( hasD2 && nanoD2 == 1)
    479 {
    480 uchar *ecm88DataCW = ecm88Data;
    481 int32_t cwStart = 0;
    482 //int32_t cwStartRes = 0;
    483 int32_t exit = 0;
    484 // find CW start
    485 while(cwStart < curEcm88len -1 && !exit)
    486 {
    487 if(ecm88Data[cwStart] == 0xEA && ecm88Data[cwStart+1] == 0x10)
    488 {
    489 ecm88DataCW = ecm88DataCW + cwStart + 2;
    490 exit = 1;
    491 }
    492 cwStart++;
    493 }
    494 // use AES from list to decrypt CW
    495 rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));
    496 if (aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID, &ecm88DataCW[0], 16) == 0)
    497 snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );
    498 }
    499
    500 while(ecm88Len>1 && ecm88Data[0]<0xA0)
    501 {
    502 int32_t nanoLen=ecm88Data[1]+2;
    503 if (!ecmf8Data)
    504 ecmf8Data=(uchar *)ecm88Data;
    505 ecmf8Len+=nanoLen;
    506 ecm88Len-=nanoLen;
    507 curEcm88len-=nanoLen;
    508 ecm88Data+=nanoLen;
    509 }
    510 if(ecmf8Len)
    511 {
    512 if( reader->last_geo.geo_len!=ecmf8Len ||
    513 memcmp(reader->last_geo.geo, ecmf8Data, reader->last_geo.geo_len))
    514 {
    515 memcpy(reader->last_geo.geo, ecmf8Data, ecmf8Len);
    516 reader->last_geo.geo_len= ecmf8Len;
    517 insf8[3]=keynr;
    518 insf8[4]=ecmf8Len;
    519 write_cmd(insf8, ecmf8Data);
    520 }
    521 }
    522 ins88[2]=ecmf8Len?1:0;
    523 ins88[3]=keynr;
    524 ins88[4]= curEcm88len;
    525 //
    526 // we should check the nano to make sure the ecm is valid
    527 // we should look for at least 1 E3 nano, 1 EA nano and the F0 signature nano
    528 //
    529 // DE04
    530 if (DE04[0]==0xDE)
    531 {
    532 uint32_t l = curEcm88len-6;
    533 if (l > 256 || curEcm88len <= 6) { //don't known if this is ok...
    534 rdr_log(reader, "ecm invalid/too long! len=%d", curEcm88len);
    535 return ERROR;
    536 }
    537 memcpy(DE04+6, (uchar *)ecm88Data, l);
    538 write_cmd(ins88, DE04); // request dcw
    539 }
    540 else
    541 {
    542 write_cmd(ins88, (uchar *)ecm88Data); // request dcw
    543 }
    544 //
    545 write_cmd(insc0, NULL); // read dcw
    546 switch(cta_res[0])
    547 {
    548 case 0xe8: // even
    549 if(cta_res[1]==8) { memcpy(ea->cw,cta_res+2,8); rc=1; }
    550 break;
    551 case 0xe9: // odd
    552 if(cta_res[1]==8) { memcpy(ea->cw+8,cta_res+2,8); rc=1; }
    553 break;
    554 case 0xea: // complete
    555 if(cta_res[1]==16) { memcpy(ea->cw,cta_res+2,16); rc=1; }
    556 break;
    557 default :
    558 ecm88Data=nextEcm;
    559 ecm88Len-=curEcm88len;
    560 rdr_debug_mask(reader, D_READER, "ECM: key to use is not the current one, trying next ECM");
    561 snprintf( ea->msglog, MSGLOGSIZE, "key to use is not the current one, trying next ECM" );
    562 }
    563 }
    564 else {
    565 ecm88Data=nextEcm;
    566 ecm88Len-=curEcm88len;
    567 rdr_debug_mask(reader, D_READER, "ECM: Unknown ECM type");
    568 snprintf( ea->msglog, MSGLOGSIZE, "Unknown ECM type" );
    569 return ERROR; /*Lets interupt the loop and exit, because we don't know this ECM type.*/
    570 }
    571 }
    572
    573 if ( hasD2 && !dcw_crc(ea->cw) && nanoD2 == 2) {
    574 rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));
    575 rc=aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID,ea->cw, 16);
    576 if( rc == 0 )
    577 snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );
    578 }
    579
    580 return(rc?OK:ERROR);
    581 }
    582
    583 static int32_t viaccess_get_emm_type(EMM_PACKET *ep, struct s_reader * rdr)
    584 {
    585 uint32_t provid=0;
    586 rdr_debug_mask(rdr, D_EMM, "Entered viaccess_get_emm_type ep->emm[0]=%02x",ep->emm[0]);
    587
    588 if (ep->emm[3] == 0x90 && ep->emm[4] == 0x03) {
    589 provid = ep->emm[5] << 16 | ep->emm[6] << 8 | (ep->emm[7] & 0xFE);
    590 i2b_buf(4, provid, ep->provid);
    591 }
    592
    593 switch (ep->emm[0]) {
    594 case 0x88:
    595 ep->type=UNIQUE;
    596 memset(ep->hexserial, 0, 8);
    597 memcpy(ep->hexserial, ep->emm + 4, 4);
    598 rdr_debug_mask(rdr, D_EMM, "UNIQUE");
    599 return(!memcmp(rdr->hexserial + 1, ep->hexserial, 4));
    600
    601 case 0x8A:
    602 case 0x8B:
    603 ep->type=GLOBAL;
    604 rdr_debug_mask(rdr, D_EMM, "GLOBAL");
    605 return TRUE;
    606
    607 case 0x8C:
    608 case 0x8D:
    609 ep->type=SHARED;
    610 rdr_debug_mask(rdr, D_EMM, "SHARED (part)");
    611 return FALSE;
    612
    613 case 0x8E:
    614 ep->type=SHARED;
    615 memset(ep->hexserial, 0, 8);
    616 memcpy(ep->hexserial, ep->emm + 3, 3);
    617 rdr_debug_mask(rdr, D_EMM, "SHARED");
    618
    619 //check for provider as serial (cccam only?)
    620 int8_t i;
    621 for (i=0;i<rdr->nprov;i++) {
    622 if (!memcmp(&rdr->prid[i][1], ep->hexserial, 3))
    623 return TRUE;
    624 }
    625 return(!memcmp(&rdr->sa[0][0], ep->hexserial, 3));
    626
    627 default:
    628 ep->type = UNKNOWN;
    629 rdr_debug_mask(rdr, D_EMM, "UNKNOWN");
    630 return TRUE;
    631 }
    632 }
    633
    634 static void viaccess_get_emm_filter(struct s_reader * rdr, uchar *filter)
    635 {
    636 int32_t idx = 2;
    637
    638 filter[0]=0xFF;
    639 filter[1]=0;
    640
    641 filter[idx++]=EMM_GLOBAL;
    642 filter[idx++]=0;
    643 filter[idx+0] = 0x8D;
    644 filter[idx+0+16] = 0xFE;
    645 //filter[idx+6] = 0xA0; // FIXME: dummy, flood client with EMM's
    646 //filter[idx+6+16] = 0xF0;
    647 filter[1]++;
    648 idx += 32;
    649
    650 filter[idx++]=EMM_SHARED;
    651 filter[idx++]=0;
    652 filter[idx+0] = 0x8E;
    653 filter[idx+0+16] = 0xFF;
    654 memcpy(filter+idx+1, &rdr->sa[0][0], 3);
    655 memset(filter+idx+1+16, 0xFF, 3);
    656 filter[1]++;
    657 idx += 32;
    658
    659 filter[idx++]=EMM_UNIQUE;
    660 filter[idx++]=0;
    661 filter[idx+0] = 0x88;
    662 filter[idx+0+16] = 0xFF;
    663 memcpy(filter+idx+1, rdr->hexserial + 1, 4);
    664 memset(filter+idx+1+16, 0xFF, 4);
    665 filter[1]++;
    666 idx += 32;
    667
    668 return;
    669 }
    670
    671 static int32_t viaccess_do_emm(struct s_reader * reader, EMM_PACKET *ep)
    672 {
    673 def_resp;
    674 static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id
    675 unsigned char insf0[] = { 0xca,0xf0,0x00,0x01,0x22 }; // set adf
    676 unsigned char insf4[] = { 0xca,0xf4,0x00,0x01,0x00 }; // set adf, encrypted
    677 unsigned char ins18[] = { 0xca,0x18,0x01,0x01,0x00 }; // set subscription
    678 unsigned char ins1c[] = { 0xca,0x1c,0x01,0x01,0x00 }; // set subscription, encrypted
    679 static const unsigned char insc8[] = { 0xca,0xc8,0x00,0x00,0x02 }; // read extended status
    680 // static const unsigned char insc8Data[] = { 0x00,0x00 }; // data for read extended status
    681
    682 int32_t emmdatastart=7;
    683
    684
    685 if (ep->type == UNIQUE) emmdatastart++;
    686 int32_t emmLen=SCT_LEN(ep->emm)-emmdatastart;
    687 int32_t rc=0;
    688
    689 ///cs_dump(ep->emm, emmLen+emmdatastart, "RECEIVED EMM VIACCESS");
    690
    691 int32_t emmUpToEnd;
    692 uchar *emmParsed = ep->emm+emmdatastart;
    693 int32_t provider_ok = 0;
    694 uint32_t emm_provid;
    695 uchar keynr = 0;
    696 int32_t ins18Len = 0;
    697 uchar ins18Data[512];
    698 uchar insData[512];
    699 uchar *nano81Data = 0;
    700 uchar *nano91Data = 0;
    701 uchar *nano92Data = 0;
    702 uchar *nano9EData = 0;
    703 uchar *nanoF0Data = 0;
    704
    705 for (emmUpToEnd=emmLen; (emmParsed[1] != 0) && (emmUpToEnd > 0); emmUpToEnd -= (2 + emmParsed[1]), emmParsed += (2 + emmParsed[1])) {
    706 ///cs_dump (emmParsed, emmParsed[1] + 2, "NANO");
    707
    708 if (emmParsed[0]==0x90 && emmParsed[1]==0x03) {
    709 /* identification of the service operator */
    710
    711 uchar soid[3], ident[3], i;
    712
    713 for (i=0; i<3; i++) {
    714 soid[i]=ident[i]=emmParsed[2+i];
    715 }
    716 ident[2]&=0xF0;
    717 emm_provid=b2i(3, ident);
    718 keynr=soid[2]&0x0F;
    719 if (chk_prov(reader, ident, keynr)) {
    720 provider_ok = 1;
    721 } else {
    722 rdr_log(reader, "EMM: provider or key not found on card (%x, %x)", emm_provid, keynr);
    723 return ERROR;
    724 }
    725
    726 // check if the provider changes. If yes, set the new one. If not, don't .. card will return an error if we do.
    727 if( reader->last_geo.provid != emm_provid ) {
    728 write_cmd(insa4, ident);
    729 if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {
    730 cs_dump(insa4, 5, "set provider cmd:");
    731 cs_dump(soid, 3, "set provider data:");
    732 rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);
    733 return ERROR;
    734 }
    735 }
    736 // as we are maybe changing the used provider, clear the cache, so the next ecm will re-select the correct one
    737 reader->last_geo.provid = 0;
    738 reader->last_geo.geo_len = 0;
    739 reader->last_geo.geo[0] = 0;
    740
    741 }
    742 else if (emmParsed[0]==0x9e && emmParsed[1]==0x20) {
    743 /* adf */
    744
    745 if (!nano91Data) {
    746 /* adf is not crypted, so test it */
    747
    748 uchar custwp;
    749 uchar *afd;
    750
    751 custwp=reader->sa[0][3];
    752 afd=(uchar*)emmParsed+2;
    753
    754 if( afd[31-custwp/8] & (1 << (custwp & 7)) )
    755 rdr_debug_mask(reader, D_READER, "emm for our card %08X", b2i(4, &reader->sa[0][0]));
    756 else
    757 return SKIPPED;
    758 }
    759
    760 // memorize
    761 nano9EData = emmParsed;
    762
    763 } else if (emmParsed[0]==0x81) {
    764 nano81Data = emmParsed;
    765 } else if (emmParsed[0]==0x91 && emmParsed[1]==0x08) {
    766 nano91Data = emmParsed;
    767 } else if (emmParsed[0]==0x92 && emmParsed[1]==0x08) {
    768 nano92Data = emmParsed;
    769 } else if (emmParsed[0]==0xF0 && emmParsed[1]==0x08) {
    770 nanoF0Data = emmParsed;
    771 } else {
    772 /* other nanos */
    773 show_subs(reader, emmParsed);
    774
    775 memcpy(ins18Data+ins18Len, emmParsed, emmParsed[1] + 2);
    776 ins18Len += emmParsed [1] + 2;
    777 }
    778 }
    779
    780 if (!provider_ok) {
    781 rdr_debug_mask(reader, D_READER, "provider not found in emm, continue anyway");
    782 // force key to 1...
    783 keynr = 1;
    784 ///return ERROR;
    785 }
    786
    787 if (!nanoF0Data) {
    788 cs_dump(ep->emm, ep->l, "can't find 0xf0 in emm...");
    789 return ERROR; // error
    790 }
    791
    792 if (nano9EData) {
    793 if (!nano91Data) {
    794 // set adf
    795 insf0[3] = keynr; // key
    796 insf0[4] = nano9EData[1] + 2;
    797 write_cmd(insf0, nano9EData);
    798 if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {
    799 cs_dump(insf0, 5, "set adf cmd:");
    800 cs_dump(nano9EData, insf0[4] , "set adf data:");
    801 rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);
    802 return ERROR;
    803 }
    804 } else {
    805 // set adf crypte
    806 insf4[3] = keynr; // key
    807 insf4[4] = nano91Data[1] + 2 + nano9EData[1] + 2;
    808 memcpy (insData, nano91Data, nano91Data[1] + 2);
    809 memcpy (insData + nano91Data[1] + 2, nano9EData, nano9EData[1] + 2);
    810 write_cmd(insf4, insData);
    811 if(( cta_res[cta_lr-2]!=0x90 && cta_res[cta_lr-2]!=0x91) || cta_res[cta_lr-1]!=0x00 ) {
    812 cs_dump(insf4, 5, "set adf encrypted cmd:");
    813 cs_dump(insData, insf4[4], "set adf encrypted data:");
    814 rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);
    815 return ERROR;
    816 }
    817 }
    818 }
    819
    820 if (!nano92Data) {
    821 // send subscription
    822 ins18[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?
    823 ins18[3] = keynr; // key
    824 ins18[4] = ins18Len + nanoF0Data[1] + 2;
    825 memcpy (insData, ins18Data, ins18Len);
    826 memcpy (insData + ins18Len, nanoF0Data, nanoF0Data[1] + 2);
    827 write_cmd(ins18, insData);
    828 if( (cta_res[cta_lr-2]==0x90 || cta_res[cta_lr-2]==0x91) && cta_res[cta_lr-1]==0x00 ) {
    829 rdr_debug_mask(reader, D_READER, "update successfully written");
    830 rc=1; // written
    831 } else {
    832 cs_dump(ins18, 5, "set subscription cmd:");
    833 cs_dump(insData, ins18[4], "set subscription data:");
    834 rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);
    835 }
    836
    837 } else {
    838 // send subscription encrypted
    839
    840 if (!nano81Data) {
    841 cs_dump(ep->emm, ep->l, "0x92 found, but can't find 0x81 in emm...");
    842 return ERROR; // error
    843 }
    844
    845 ins1c[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?
    846 if (ep->type == UNIQUE) ins1c[2] = 0x02;
    847 ins1c[3] = keynr; // key
    848 ins1c[4] = nano92Data[1] + 2 + nano81Data[1] + 2 + nanoF0Data[1] + 2;
    849 memcpy (insData, nano92Data, nano92Data[1] + 2);
    850 memcpy (insData + nano92Data[1] + 2, nano81Data, nano81Data[1] + 2);
    851 memcpy (insData + nano92Data[1] + 2 + nano81Data[1] + 2, nanoF0Data, nanoF0Data[1] + 2);
    852 write_cmd(ins1c, insData);
    853
    854 if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {
    855 rdr_log(reader, "update successfully written");
    856 rc=1; // written
    857 }
    858 else {
    859 if( cta_res[cta_lr-2]&0x1 )
    860 rdr_log(reader, "update not written. Data already exists or unknown address");
    861
    862 //if( cta_res[cta_lr-2]&0x8 ) {
    863 write_cmd(insc8, NULL);
    864 if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {
    865 rdr_log(reader, "extended status %02X %02X", cta_res[0], cta_res[1]);
    866 }
    867 //}
    868 return ERROR;
    869 }
    870
    871 }
    872
    873 /*
    874 Sub Main()
    875 Sc.Write("CA A4 04 00 03")
    876 RX
    877 Sc.Write("02 07 11")
    878 RX
    879 Sc.Write("CA F0 00 01 22")
    880 RX
    881 Sc.Write("9E 20")
    882 Sc.Write("10 10 08 8A 80 00 04 00 10 10 26 E8 54 80 1E 80")
    883 Sc.Write("00 01 00 00 00 00 00 50 00 00 80 02 22 00 08 50")
    884 RX
    885 Sc.Write("CA 18 01 01 11")
    886 RX
    887 Sc.Write("A9 05 34 DE 34 FF 80")
    888 Sc.Write("F0 08 1A 3E AF B5 2B EE E3 3B")
    889 RX
    890
    891 End Sub
    892 */
    893 return rc;
    894 }
    895
    896 static int32_t viaccess_card_info(struct s_reader * reader)
    897 {
    898 def_resp;
    899 int32_t i, l;
    900 uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data
    901 uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data
    902 uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer
    903 uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item
    904 static const uchar ins24[] = { 0xca, 0x24, 0x00, 0x00, 0x09 }; // set pin
    905
    906 static const uchar cls[] = { 0x00, 0x21, 0xff, 0x9f};
    907 static const uchar pin[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04};
    908
    909 reader->last_geo.provid = 0;
    910 reader->last_geo.geo_len = 0;
    911 reader->last_geo.geo[0] = 0;
    912
    913 rdr_log(reader, "card detected");
    914
    915 cs_clear_entitlement(reader); //reset the entitlements
    916
    917 // set pin
    918 write_cmd(ins24, pin);
    919
    920 insac[2]=0xa4; write_cmd(insac, NULL); // request unique id
    921 insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id
    922 rdr_log_sensitive(reader, "serial: {%llu}", (unsigned long long) b2ll(5, cta_res+2));
    923
    924 insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0
    925 for (i=1; (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0); i++)
    926 {
    927 uint32_t l_provid, l_sa;
    928 uchar l_name[64];
    929 insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties
    930 cta_res[2]&=0xF0;
    931 l_provid=b2i(3, cta_res);
    932
    933 insac[2]=0xa5; write_cmd(insac, NULL); // request sa
    934 insb8[4]=0x06; write_cmd(insb8, NULL); // read sa
    935 l_sa=b2i(4, cta_res+2);
    936
    937 insac[2]=0xa7; write_cmd(insac, NULL); // request name
    938 insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len
    939 l=cta_res[1];
    940 insb8[4]=l; write_cmd(insb8, NULL); // read name
    941 cta_res[l]=0;
    942 trim((char *)cta_res);
    943 if (cta_res[0])
    944 snprintf((char *)l_name, sizeof(l_name), ", name: %s", cta_res);
    945 else
    946 l_name[0]=0;
    947
    948 // read GEO
    949 insac[2]=0xa6; write_cmd(insac, NULL); // request GEO
    950 insb8[4]=0x02; write_cmd(insb8, NULL); // read GEO nano + len
    951 l=cta_res[1];
    952 char tmp[l*3+1];
    953 insb8[4]=l; write_cmd(insb8, NULL); // read geo
    954 rdr_log_sensitive(reader, "provider: %d, id: {%06X%s}, sa: {%08X}, geo: %s",
    955 i, l_provid, l_name, l_sa, (l<4) ? "empty" : cs_hexdump(1, cta_res, l, tmp, sizeof(tmp)));
    956
    957 // read classes subscription
    958 insac[2]=0xa9; insac[4]=4;
    959 write_cmd(insac, cls); // request class subs
    960 while( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )
    961 {
    962 insb8[4]=0x02; write_cmd(insb8, NULL); // read class subs nano + len
    963 if( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )
    964 {
    965 l=cta_res[1];
    966 insb8[4]=l; write_cmd(insb8, NULL); // read class subs
    967 if( (cta_res[cta_lr-2]==0x90) &&
    968 (cta_res[cta_lr-1]==0x00 || cta_res[cta_lr-1]==0x08) )
    969 {
    970 show_class(reader, NULL, l_provid, cta_res, cta_lr-2);
    971 }
    972 }
    973 }
    974
    975 insac[4]=0;
    976 insa4[2]=0x02;
    977 write_cmd(insa4, NULL); // select next provider
    978 }
    979 //return ERROR;
    980 return OK;
    981 }
    982
    983 #ifdef HAVE_DVBAPI
    984 void dvbapi_sort_nanos(unsigned char *dest, const unsigned char *src, int32_t len);
    985
    986 int32_t viaccess_reassemble_emm(uchar *buffer, uint32_t *len) {
    987 static uchar emm_global[512];
    988 static int32_t emm_global_len = 0;
    989
    990 int32_t pos=0, i;
    991 uint32_t k;
    992
    993 // Viaccess
    994 if (*len>500) return 0;
    995
    996 switch(buffer[0]) {
    997 case 0x8c:
    998 case 0x8d:
    999 // emm-s part 1
    1000 if (!memcmp(emm_global, buffer, *len))
    1001 return 0;
    1002
    1003 // copy first part of the emm-s
    1004 memcpy(emm_global, buffer, *len);
    1005 emm_global_len=*len;
    1006 //cs_ddump_mask(D_READER, buffer, len, "viaccess global emm:");
    1007 return 0;
    1008
    1009 case 0x8e:
    1010 // emm-s part 2
    1011 if (!emm_global_len) return 0;
    1012
    1013 //extract nanos from emm-gh and emm-s
    1014 uchar emmbuf[512];
    1015
    1016 cs_debug_mask(D_DVBAPI, "[viaccess] %s: start extracting nanos", __func__);
    1017 //extract from emm-gh
    1018 for (i=3; i<emm_global_len; i+=emm_global[i+1]+2) {
    1019 //copy nano (length determined by i+1)
    1020 memcpy(emmbuf+pos, emm_global+i, emm_global[i+1]+2);
    1021 pos+=emm_global[i+1]+2;
    1022 }
    1023
    1024 if (buffer[2]==0x2c) {
    1025 //add 9E 20 nano + first 32 bytes of emm content
    1026 memcpy(emmbuf+pos, "\x9E\x20", 2);
    1027 memcpy(emmbuf+pos+2, buffer+7, 32);
    1028 pos+=34;
    1029
    1030 //add F0 08 nano + 8 subsequent bytes of emm content
    1031 memcpy(emmbuf+pos, "\xF0\x08", 2);
    1032 memcpy(emmbuf+pos+2, buffer+39, 8);
    1033 pos+=10;
    1034 } else {
    1035 //extract from variable emm-s
    1036 for (k=7; k<(*len); k+=buffer[k+1]+2) {
    1037 //copy nano (length determined by k+1)
    1038 memcpy(emmbuf+pos, buffer+k, buffer[k+1]+2);
    1039 pos+=buffer[k+1]+2;
    1040 }
    1041 }
    1042
    1043 cs_ddump_mask(D_DVBAPI, buffer, *len, "[viaccess] %s: %s emm-s", __func__, (buffer[2]==0x2c) ? "fixed" : "variable");
    1044
    1045 dvbapi_sort_nanos(buffer+7, emmbuf, pos);
    1046 pos+=7;
    1047
    1048 //calculate emm length and set it on position 2
    1049 buffer[2]=pos-3;
    1050
    1051 cs_ddump_mask(D_DVBAPI, emm_global, emm_global_len, "[viaccess] %s: emm-gh", __func__);
    1052 cs_ddump_mask(D_DVBAPI, buffer, pos, "[viaccess] %s: assembled emm", __func__);
    1053
    1054 *len=pos;
    1055 break;
    1056 }
    1057 return 1;
    1058 }
    1059 #endif
    1060
    1061 void reader_viaccess(struct s_cardsystem *ph)
    1062 {
    1063 ph->do_emm=viaccess_do_emm;
    1064 ph->do_ecm=viaccess_do_ecm;
    1065 ph->card_info=viaccess_card_info;
    1066 ph->card_init=viaccess_card_init;
    1067 ph->get_emm_type=viaccess_get_emm_type;
    1068 ph->get_emm_filter=viaccess_get_emm_filter;
    1069 ph->caids[0]=0x05;
    1070 ph->desc="viaccess";
    1071 }
    1072 #endif
    solo team

  7. #97
    DZSatien Initié
    Inscrit
    Dec 2008
    Lieu
    moresatland
    Messages
    517
    Récepteur
    dm 500 hd
    TV
    lg 142 cm
    Remerciement / J'aime
    actuellement pour le viaccess our oscam on na cela et la dernier améliorations date de 4 semaine

    #include "globals.h"
    2 #ifdef READER_VIACCESS
    3 #include "reader-common.h"
    4
    5 struct via_date {
    6 uint16_t day_s : 5;
    7 uint16_t month_s : 4;
    8 uint16_t year_s : 7;
    9
    10 uint16_t day_e : 5;
    11 uint16_t month_e : 4;
    12 uint16_t year_e : 7;
    13 };
    14
    15 static void parse_via_date(const uchar *buf, struct via_date *vd, int32_t fend)
    16 {
    17 uint16_t date;
    18
    19 date = (buf[0]<<8) | buf[1];
    20 vd->day_s = date & 0x1f;
    21 vd->month_s = (date>>5) & 0x0f;
    22 vd->year_s = (date>>9) & 0x7f;
    23
    24 if( fend )
    25 {
    26 date = (buf[2]<<8) | buf[3];
    27 vd->day_e = date & 0x1f;
    28 vd->month_e = (date>>5) & 0x0f;
    29 vd->year_e = (date>>9) & 0x7f;
    30 }
    31 }
    32
    33 //static void get_via_data(const uchar *b, int32_t l, time_t *start_t, time_t *end_t, uchar *cls)
    34 //{
    35 // int32_t i, j;
    36 // struct via_date vd;
    37 // struct tm tm;
    38 // memset(&vd, 0, sizeof(struct via_date));
    39 //
    40 // // b -> via date (4 bytes)
    41 // b+=4;
    42 // l-=4;
    43 //
    44 // j=l-1;
    45 // for (; j>=0; j--)
    46 // for (i=0; i<8; i++)
    47 // if (b[j] & (1 << (i&7)))
    48 // {
    49 // parse_via_date(b-4, &vd, 1);
    50 // *cls=(l-(j+1))*8+i;
    51 // }
    52 //
    53 // memset(&tm, 0, sizeof(struct tm));
    54 // tm.tm_year = vd.year_s + 80; //via year starts in 1980, tm_year starts in 1900
    55 // tm.tm_mon = vd.month_s - 1; // january is 0 in tm_mon
    56 // tm.tm_mday = vd.day_s;
    57 // *start_t = mktime(&tm);
    58 //
    59 // tm.tm_year = vd.year_e + 80;
    60 // tm.tm_mon = vd.month_e - 1;
    61 // tm.tm_mday = vd.day_e;
    62 // *end_t = mktime(&tm);
    63 //
    64 //}
    65
    66 static void show_class(struct s_reader *reader, const char *p, uint32_t provid, const uchar *b, int32_t l)
    67 {
    68 int32_t i, j;
    69
    70 // b -> via date (4 bytes)
    71 b+=4;
    72 l-=4;
    73
    74 j=l-1;
    75 for (; j>=0; j--)
    76 for (i=0; i<8; i++)
    77 if (b[j] & (1 << (i&7)))
    78 {
    79 uchar cls;
    80 struct via_date vd;
    81 parse_via_date(b-4, &vd, 1);
    82 cls=(l-(j+1))*8+i;
    83 if (p)
    84 rdr_log(reader, "%sclass: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", p, cls,
    85 vd.year_s+1980, vd.month_s, vd.day_s,
    86 vd.year_e+1980, vd.month_e, vd.day_e);
    87 else {
    88 rdr_log(reader, "class: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", cls,
    89 vd.year_s+1980, vd.month_s, vd.day_s,
    90 vd.year_e+1980, vd.month_e, vd.day_e);
    91
    92 time_t start_t, end_t;
    93 struct tm tm;
    94 //convert time:
    95 memset(&tm, 0, sizeof(tm));
    96 tm.tm_year = vd.year_s+80; //via year starts in 1980, tm_year starts in 1900
    97 tm.tm_mon = vd.month_s-1; // january is 0 in tm_mon
    98 tm.tm_mday = vd.day_s;
    99 start_t = cs_timegm(&tm);
    100
    101 tm.tm_year = vd.year_e+80; //via year starts in 1980, tm_year starts in 1900
    102 tm.tm_mon = vd.month_e-1; // january is 0 in tm_mon
    103 tm.tm_mday = vd.day_e;
    104 end_t = cs_timegm(&tm);
    105
    106 cs_add_entitlement(reader, reader->caid, provid, cls, cls, start_t, end_t, 5);
    107 }
    108 }
    109 }
    110
    111 static void show_subs(struct s_reader * reader, const uchar *emm)
    112 {
    113 // emm -> A9, A6, B6
    114
    115 switch( emm[0] )
    116 {
    117 case 0xA9:
    118 show_class(reader, "nano A9: ", 0, emm+2, emm[1]);
    119 break;
    120 /*
    121 {
    122 int32_t i, j, byts;
    123 const uchar *oemm;
    124
    125 oemm = emm;
    126 byts = emm[1]-4;
    127 emm+=6;
    128
    129 j=byts-1;
    130 for( ; j>=0; j-- )
    131 for( i=0; i<8; i++ )
    132 if( emm[j] & (1 << (i&7)) )
    133 {
    134 uchar cls;
    135 struct via_date vd;
    136 parse_via_date(emm-4, &vd, 1);
    137 cls=(byts-(j+1))*8+i;
    138 rdr_log(reader, "%sclass %02X: expiry date: %02d/%02d/%04d - %02d/%02d/%04d",
    139 fnano?"nano A9: ":"", cls,
    140 vd.day_s, vd.month_s, vd.year_s+1980,
    141 vd.day_e, vd.month_e, vd.year_e+1980);
    142 }
    143 break;
    144 }
    145 */
    146 case 0xA6:
    147 {
    148 char szGeo[256];
    149
    150 memset(szGeo, 0, 256);
    151 strncpy(szGeo, (char *)emm+2, emm[1]);
    152 rdr_log(reader, "nano A6: geo %s", szGeo);
    153 break;
    154 }
    155 case 0xB6:
    156 {
    157 uchar m; // modexp
    158 struct via_date vd;
    159
    160 m=emm[emm[1]+1];
    161 parse_via_date(emm+2, &vd, 0);
    162 rdr_log(reader, "nano B6: modexp %d%d%d%d%d%d: %02d/%02d/%04d", (m&0x20)?1:0,
    163 (m&0x10)?1:0,(m&0x08)?1:0,(m&0x04)?1:0,(m&0x02)?1: 0,(m&0x01)?1:0,
    164 vd.day_s, vd.month_s, vd.year_s+1980);
    165 break;
    166 }
    167 }
    168 }
    169
    170 static int32_t chk_prov(struct s_reader * reader, uchar *id, uchar keynr)
    171 {
    172 int32_t i, j, rc;
    173 for (rc=i=0; (!rc) && (i<reader->nprov); i++)
    174 if(!memcmp(&reader->prid[i][1], id, 3))
    175 for (j=0; (!rc) && (j<16); j++)
    176 if (reader->availkeys[i][j]==keynr)
    177 rc=1;
    178 return(rc);
    179 }
    180
    181 static int32_t unlock_parental(struct s_reader * reader)
    182 {
    183 /* disabling parental lock. assuming pin "0000" if no pin code is provided in the config */
    184
    185 static const uchar inDPL[] = {0xca, 0x24, 0x02, 0x00, 0x09};
    186 uchar cmDPL[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F};
    187 def_resp;
    188
    189 if (strcmp(reader->pincode, "none")) {
    190 rdr_log(reader, "Using PIN %s",reader->pincode);
    191 // the pin need to be coded in bcd, so we need to convert from ascii to bcd, so '1234' -> 0x12 0x34
    192 cmDPL[6]=((reader->pincode[0]-0x30)<<4) | ((reader->pincode[1]-0x30) & 0x0f);
    193 cmDPL[7]=((reader->pincode[2]-0x30)<<4) | ((reader->pincode[3]-0x30) & 0x0f);
    194 }
    195 else {
    196 rdr_log(reader, "Using PIN 0000!");
    197 }
    198 write_cmd(inDPL,cmDPL);
    199 if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) ) {
    200 if (strcmp(reader->pincode, "none")) {
    201 rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used %s!",reader->pincode);
    202 }
    203 else {
    204 rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used 0000!");
    205 }
    206 }
    207 else
    208 rdr_log(reader, "Parental lock disabled");
    209
    210 return 0;
    211 }
    212
    213 static int32_t viaccess_card_init(struct s_reader * reader, ATR *newatr)
    214 {
    215 get_atr;
    216 def_resp;
    217 int32_t i;
    218 uchar buf[256];
    219 uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data
    220 uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data
    221 uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer
    222 uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item
    223 static const uchar insFAC[] = { 0x87, 0x02, 0x00, 0x00, 0x03 }; // init FAC
    224 static const uchar FacDat[] = { 0x00, 0x00, 0x28 };
    225 static unsigned char ins8702_data[] = { 0x00, 0x00, 0x11};
    226 static unsigned char ins8704[] = { 0x87, 0x04, 0x00, 0x00, 0x07 };
    227 static unsigned char ins8706[] = { 0x87, 0x06, 0x00, 0x00, 0x04 };
    228
    229
    230 if ((atr[1]!=0x77) || ((atr[2]!=0x18) && (atr[2]!=0x11) && (atr[2]!=0x19)) || ((atr[9]!=0x68) && (atr[9]!=0x6C)))
    231 return ERROR;
    232
    233 write_cmd(insFAC, FacDat);
    234 if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) )
    235 return ERROR;
    236
    237 memset(&reader->last_geo, 0, sizeof(reader->last_geo));
    238 write_cmd(insFAC, ins8702_data);
    239 if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {
    240 write_cmd(ins8704, NULL);
    241 if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {
    242 write_cmd(ins8706, NULL);
    243 if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {
    244 reader->last_geo.number_ecm =(cta_res[2]<<8) | (cta_res[3]);
    245 rdr_log(reader, "using ecm #%x for long viaccess ecm",reader->last_geo.number_ecm);
    246 }
    247 }
    248 }
    249
    250
    251 // switch((atr[atrsize-4]<<8)|atr[atrsize-3])
    252 // {
    253 // case 0x6268: ver="2.3"; break;
    254 // case 0x6668: ver="2.4(?)"; break;
    255 // case 0xa268:
    256 // default: ver="unknown"; break;
    257 // }
    258
    259 reader->caid=0x500;
    260 memset(reader->prid, 0xff, sizeof(reader->prid));
    261 insac[2]=0xa4; write_cmd(insac, NULL); // request unique id
    262 insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id
    263 memcpy(reader->hexserial, cta_res+2, 5);
    264 // rdr_log(reader, "[viaccess-reader] type: Viaccess, ver: %s serial: %llu", ver, b2ll(5, cta_res+2));
    265 rdr_log_sensitive(reader, "type: Viaccess (%sstandard atr), caid: %04X, serial: {%llu}",
    266 atr[9]==0x68?"":"non-",reader->caid, (unsigned long long) b2ll(5, cta_res+2));
    267
    268 i=0;
    269 insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0
    270 buf[0]=0;
    271 while((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0))
    272 {
    273 insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties
    274 cta_res[2]&=0xF0;
    275 reader->prid[i][0]=0;
    276 memcpy(&reader->prid[i][1], cta_res, 3);
    277 memcpy(&reader->availkeys[i][0], cta_res+10, 16);
    278 snprintf((char *)buf+strlen((char *)buf), sizeof(buf)-strlen((char *)buf), ",%06X", b2i(3, &reader->prid[i][1]));
    279 //rdr_log(reader, "[viaccess-reader] buf: %s", buf);
    280
    281 insac[2]=0xa5; write_cmd(insac, NULL); // request sa
    282 insb8[4]=0x06; write_cmd(insb8, NULL); // read sa
    283 memcpy(&reader->sa[i][0], cta_res+2, 4);
    284
    285 /*
    286 insac[2]=0xa7; write_cmd(insac, NULL); // request name
    287 insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len
    288 l=cta_res[1];
    289 insb8[4]=l; write_cmd(insb8, NULL); // read name
    290 cta_res[l]=0;
    291 rdr_log(reader, "[viaccess-reader] name: %s", cta_res);
    292 */
    293
    294 insa4[2]=0x02;
    295 write_cmd(insa4, NULL); // select next issuer
    296 i++;
    297 }
    298 reader->nprov=i;
    299 rdr_log(reader, "providers: %d (%s)", reader->nprov, buf+1);
    300
    301 if (cfg.ulparent)
    302 unlock_parental(reader);
    303
    304 rdr_log(reader, "ready for requests");
    305 return OK;
    306 }
    307
    308 bool dcw_crc(uchar *dw){
    309 int8_t i;
    310 for(i=0;i<16;i+=4) if(dw[i+3]!=((dw[i]+dw[i+1]+dw[i+2])& 0xFF))return 0;
    311 return 1;
    312 }
    313
    314 static int32_t viaccess_do_ecm(struct s_reader * reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)
    315 {
    316 def_resp;
    317 static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id
    318 unsigned char ins88[] = { 0xca,0x88,0x00,0x00,0x00 }; // set ecm
    319 unsigned char insf8[] = { 0xca,0xf8,0x00,0x00,0x00 }; // set geographic info
    320 static const unsigned char insc0[] = { 0xca,0xc0,0x00,0x00,0x12 }; // read dcw
    321
    322 // //XXX what is the 4th byte for ??
    323 int32_t ecm88Len = MIN(MAX_ECM_SIZE-4, SCT_LEN(er->ecm)-4);
    324 if(ecm88Len < 1){
    325 rdr_log(reader, "ECM: Size of ECM couldn't be correctly calculated.");
    326 return ERROR;
    327 }
    328 uchar ecmData[ecm88Len];
    329 memset(ecmData, 0, ecm88Len);
    330 memcpy(ecmData, er->ecm+4, ecm88Len);
    331 uchar *ecm88Data = &ecmData[0];
    332 uint32_t provid=0;
    333 int32_t rc=0;
    334 int32_t hasD2 = 0;
    335 int32_t curEcm88len=0;
    336 int32_t nanoLen=0;
    337 uchar *nextEcm;
    338 uchar DE04[256];
    339 int32_t D2KeyID=0;
    340 int32_t curnumber_ecm=0;
    341 //nanoD2 d2 02 0d 02 -> D2 nano, len 2
    342 // 0d -> post AES decrypt CW
    343 // 0b -> pre AES decrypt CW
    344 int32_t nanoD2 = 0; // 0x0b = 1 0x0d = 2
    345
    346 memset(DE04, 0, sizeof(DE04)); //fix dorcel de04 bug
    347
    348 nextEcm=ecm88Data;
    349
    350
    351
    352 while (ecm88Len>0 && !rc) {
    353
    354 if(ecm88Data[0] ==0x00 && ecm88Data[1] == 0x00) {
    355 // nano 0x00 and len 0x00 aren't valid ... something is obviously wrong with this ecm.
    356 rdr_log(reader, "ECM: Invalid ECM structure. Rejecting");
    357 return ERROR;
    358 }
    359
    360 // 80 33 nano 80 (ecm) + len (33)
    361 if(ecm88Data[0]==0x80) { // nano 80, give ecm len
    362 curEcm88len=ecm88Data[1];
    363 nextEcm=ecm88Data+curEcm88len+2;
    364 ecm88Data += 2;
    365 ecm88Len -= 2;
    366 }
    367
    368 if(!curEcm88len) { //there was no nano 80 -> simple ecm
    369 curEcm88len=ecm88Len;
    370 }
    371
    372 // d2 02 0d 02 -> D2 nano, len 2, select the AES key to be used
    373 if(ecm88Data[0]==0xd2) {
    374 // test if need post or pre AES decrypt
    375 if(ecm88Data[2]==0x0b)
    376 {
    377 nanoD2 = 1;
    378 rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0b");
    379 }
    380 if(ecm88Data[2]==0x0d)
    381 {
    382 nanoD2 = 2;
    383 rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0d");
    384 }
    385 // use the d2 arguments to get the key # to be used
    386 int32_t len = ecm88Data[1] + 2;
    387 D2KeyID=ecm88Data[3];
    388 ecm88Data += len;
    389 ecm88Len -= len;
    390 curEcm88len -=len;
    391 hasD2 = 1;
    392 }
    393 else
    394 hasD2 = 0;
    395
    396
    397 // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here
    398 // 09 -> use key #9
    399 // 05 67 00
    400 if ((ecm88Data[0]==0x90 || ecm88Data[0]==0x40) && (ecm88Data[1]==0x03 || ecm88Data[1]==0x07 ) )
    401 {
    402 uchar ident[3], keynr;
    403 uchar *ecmf8Data=0;
    404 int32_t ecmf8Len=0;
    405
    406 nanoLen=ecm88Data[1] + 2;
    407 keynr=ecm88Data[4]&0x0F;
    408
    409 // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here
    410 // 09 -> use key #9
    411 if(nanoLen>5) {
    412 curnumber_ecm =(ecm88Data[6]<<8) | (ecm88Data[7]);
    413 rdr_debug_mask(reader, D_READER, "checking if the ecm number (%x) match the card one (%x)",curnumber_ecm,reader->last_geo.number_ecm);
    414 // if we have an ecm number we check it.
    415 // we can't assume that if the nano len is 5 or more we have an ecm number
    416 // as some card don't support this
    417 if( reader->last_geo.number_ecm > 0 ) {
    418 if (reader->last_geo.number_ecm == curnumber_ecm && !( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )) {
    419 keynr=ecm88Data[5];
    420 rdr_debug_mask(reader, D_READER, "keyToUse = %02x, ECM ending with %02x",ecm88Data[5], ecm88Data[nanoLen-1]);
    421 } else {
    422 if( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )
    423 {
    424 rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x) for provider %02x%02x%02x",ecm88Data[nanoLen-1], curnumber_ecm, ecm88Data[2], ecm88Data[3], ecm88Data[4]);
    425 }
    426 rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x)",ecm88Data[nanoLen-1], curnumber_ecm);
    427 ecm88Data=nextEcm;
    428 ecm88Len-=curEcm88len;
    429 continue; //loop to next ecm
    430 }
    431 }
    432 else { // long ecm but we don't have an ecm number so we have to try them all.
    433 keynr=ecm88Data[5];
    434 rdr_debug_mask(reader, D_READER, "keyToUse = %02x",ecm88Data[5]);
    435 }
    436 }
    437
    438 memcpy (ident, &ecm88Data[2], sizeof(ident));
    439 provid = b2i(3, ident);
    440 ident[2]&=0xF0;
    441
    442 if(hasD2 && reader->aes_list) {
    443 // check that we have the AES key to decode the CW
    444 // if not there is no need to send the ecm to the card
    445 if(!aes_present(reader->aes_list, 0x500, (uint32_t) (provid & 0xFFFFF0) , D2KeyID))
    446 return ERROR;
    447 }
    448
    449
    450 if (!chk_prov(reader, ident, keynr))
    451 {
    452 rdr_debug_mask(reader, D_READER, "ECM: provider or key not found on card");
    453 snprintf( ea->msglog, MSGLOGSIZE, "provider(%02x%02x%02x) or key(%d) not found on card", ident[0],ident[1],ident[2], keynr );
    454 return ERROR;
    455 }
    456
    457 ecm88Data+=nanoLen;
    458 ecm88Len-=nanoLen;
    459 curEcm88len-=nanoLen;
    460
    461 // DE04
    462 if (ecm88Data[0]==0xDE && ecm88Data[1]==0x04)
    463 {
    464 memcpy (DE04, &ecm88Data[0], 6);
    465 ecm88Data+=6;
    466 }
    467 //
    468
    469 if( reader->last_geo.provid != provid )
    470 {
    471 reader->last_geo.provid = provid;
    472 reader->last_geo.geo_len = 0;
    473 reader->last_geo.geo[0] = 0;
    474 write_cmd(insa4, ident); // set provider
    475 }
    476
    477 //Nano D2 0x0b Pre AES decrypt CW
    478 if ( hasD2 && nanoD2 == 1)
    479 {
    480 uchar *ecm88DataCW = ecm88Data;
    481 int32_t cwStart = 0;
    482 //int32_t cwStartRes = 0;
    483 int32_t exit = 0;
    484 // find CW start
    485 while(cwStart < curEcm88len -1 && !exit)
    486 {
    487 if(ecm88Data[cwStart] == 0xEA && ecm88Data[cwStart+1] == 0x10)
    488 {
    489 ecm88DataCW = ecm88DataCW + cwStart + 2;
    490 exit = 1;
    491 }
    492 cwStart++;
    493 }
    494 // use AES from list to decrypt CW
    495 rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));
    496 if (aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID, &ecm88DataCW[0], 16) == 0)
    497 snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );
    498 }
    499
    500 while(ecm88Len>1 && ecm88Data[0]<0xA0)
    501 {
    502 int32_t nanoLen=ecm88Data[1]+2;
    503 if (!ecmf8Data)
    504 ecmf8Data=(uchar *)ecm88Data;
    505 ecmf8Len+=nanoLen;
    506 ecm88Len-=nanoLen;
    507 curEcm88len-=nanoLen;
    508 ecm88Data+=nanoLen;
    509 }
    510 if(ecmf8Len)
    511 {
    512 if( reader->last_geo.geo_len!=ecmf8Len ||
    513 memcmp(reader->last_geo.geo, ecmf8Data, reader->last_geo.geo_len))
    514 {
    515 memcpy(reader->last_geo.geo, ecmf8Data, ecmf8Len);
    516 reader->last_geo.geo_len= ecmf8Len;
    517 insf8[3]=keynr;
    518 insf8[4]=ecmf8Len;
    519 write_cmd(insf8, ecmf8Data);
    520 }
    521 }
    522 ins88[2]=ecmf8Len?1:0;
    523 ins88[3]=keynr;
    524 ins88[4]= curEcm88len;
    525 //
    526 // we should check the nano to make sure the ecm is valid
    527 // we should look for at least 1 E3 nano, 1 EA nano and the F0 signature nano
    528 //
    529 // DE04
    530 if (DE04[0]==0xDE)
    531 {
    532 uint32_t l = curEcm88len-6;
    533 if (l > 256 || curEcm88len <= 6) { //don't known if this is ok...
    534 rdr_log(reader, "ecm invalid/too long! len=%d", curEcm88len);
    535 return ERROR;
    536 }
    537 memcpy(DE04+6, (uchar *)ecm88Data, l);
    538 write_cmd(ins88, DE04); // request dcw
    539 }
    540 else
    541 {
    542 write_cmd(ins88, (uchar *)ecm88Data); // request dcw
    543 }
    544 //
    545 write_cmd(insc0, NULL); // read dcw
    546 switch(cta_res[0])
    547 {
    548 case 0xe8: // even
    549 if(cta_res[1]==8) { memcpy(ea->cw,cta_res+2,8); rc=1; }
    550 break;
    551 case 0xe9: // odd
    552 if(cta_res[1]==8) { memcpy(ea->cw+8,cta_res+2,8); rc=1; }
    553 break;
    554 case 0xea: // complete
    555 if(cta_res[1]==16) { memcpy(ea->cw,cta_res+2,16); rc=1; }
    556 break;
    557 default :
    558 ecm88Data=nextEcm;
    559 ecm88Len-=curEcm88len;
    560 rdr_debug_mask(reader, D_READER, "ECM: key to use is not the current one, trying next ECM");
    561 snprintf( ea->msglog, MSGLOGSIZE, "key to use is not the current one, trying next ECM" );
    562 }
    563 }
    564 else {
    565 ecm88Data=nextEcm;
    566 ecm88Len-=curEcm88len;
    567 rdr_debug_mask(reader, D_READER, "ECM: Unknown ECM type");
    568 snprintf( ea->msglog, MSGLOGSIZE, "Unknown ECM type" );
    569 return ERROR; /*Lets interupt the loop and exit, because we don't know this ECM type.*/
    570 }
    571 }
    572
    573 if ( hasD2 && !dcw_crc(ea->cw) && nanoD2 == 2) {
    574 rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));
    575 rc=aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID,ea->cw, 16);
    576 if( rc == 0 )
    577 snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );
    578 }
    579
    580 return(rc?OK:ERROR);
    581 }
    582
    583 static int32_t viaccess_get_emm_type(EMM_PACKET *ep, struct s_reader * rdr)
    584 {
    585 uint32_t provid=0;
    586 rdr_debug_mask(rdr, D_EMM, "Entered viaccess_get_emm_type ep->emm[0]=%02x",ep->emm[0]);
    587
    588 if (ep->emm[3] == 0x90 && ep->emm[4] == 0x03) {
    589 provid = ep->emm[5] << 16 | ep->emm[6] << 8 | (ep->emm[7] & 0xFE);
    590 i2b_buf(4, provid, ep->provid);
    591 }
    592
    593 switch (ep->emm[0]) {
    594 case 0x88:
    595 ep->type=UNIQUE;
    596 memset(ep->hexserial, 0, 8);
    597 memcpy(ep->hexserial, ep->emm + 4, 4);
    598 rdr_debug_mask(rdr, D_EMM, "UNIQUE");
    599 return(!memcmp(rdr->hexserial + 1, ep->hexserial, 4));
    600
    601 case 0x8A:
    602 case 0x8B:
    603 ep->type=GLOBAL;
    604 rdr_debug_mask(rdr, D_EMM, "GLOBAL");
    605 return TRUE;
    606
    607 case 0x8C:
    608 case 0x8D:
    609 ep->type=SHARED;
    610 rdr_debug_mask(rdr, D_EMM, "SHARED (part)");
    611 return FALSE;
    612
    613 case 0x8E:
    614 ep->type=SHARED;
    615 memset(ep->hexserial, 0, 8);
    616 memcpy(ep->hexserial, ep->emm + 3, 3);
    617 rdr_debug_mask(rdr, D_EMM, "SHARED");
    618
    619 //check for provider as serial (cccam only?)
    620 int8_t i;
    621 for (i=0;i<rdr->nprov;i++) {
    622 if (!memcmp(&rdr->prid[i][1], ep->hexserial, 3))
    623 return TRUE;
    624 }
    625 return(!memcmp(&rdr->sa[0][0], ep->hexserial, 3));
    626
    627 default:
    628 ep->type = UNKNOWN;
    629 rdr_debug_mask(rdr, D_EMM, "UNKNOWN");
    630 return TRUE;
    631 }
    632 }
    633
    634 static void viaccess_get_emm_filter(struct s_reader * rdr, uchar *filter)
    635 {
    636 int32_t idx = 2;
    637
    638 filter[0]=0xFF;
    639 filter[1]=0;
    640
    641 filter[idx++]=EMM_GLOBAL;
    642 filter[idx++]=0;
    643 filter[idx+0] = 0x8D;
    644 filter[idx+0+16] = 0xFE;
    645 //filter[idx+6] = 0xA0; // FIXME: dummy, flood client with EMM's
    646 //filter[idx+6+16] = 0xF0;
    647 filter[1]++;
    648 idx += 32;
    649
    650 filter[idx++]=EMM_SHARED;
    651 filter[idx++]=0;
    652 filter[idx+0] = 0x8E;
    653 filter[idx+0+16] = 0xFF;
    654 memcpy(filter+idx+1, &rdr->sa[0][0], 3);
    655 memset(filter+idx+1+16, 0xFF, 3);
    656 filter[1]++;
    657 idx += 32;
    658
    659 filter[idx++]=EMM_UNIQUE;
    660 filter[idx++]=0;
    661 filter[idx+0] = 0x88;
    662 filter[idx+0+16] = 0xFF;
    663 memcpy(filter+idx+1, rdr->hexserial + 1, 4);
    664 memset(filter+idx+1+16, 0xFF, 4);
    665 filter[1]++;
    666 idx += 32;
    667
    668 return;
    669 }
    670
    671 static int32_t viaccess_do_emm(struct s_reader * reader, EMM_PACKET *ep)
    672 {
    673 def_resp;
    674 static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id
    675 unsigned char insf0[] = { 0xca,0xf0,0x00,0x01,0x22 }; // set adf
    676 unsigned char insf4[] = { 0xca,0xf4,0x00,0x01,0x00 }; // set adf, encrypted
    677 unsigned char ins18[] = { 0xca,0x18,0x01,0x01,0x00 }; // set subscription
    678 unsigned char ins1c[] = { 0xca,0x1c,0x01,0x01,0x00 }; // set subscription, encrypted
    679 static const unsigned char insc8[] = { 0xca,0xc8,0x00,0x00,0x02 }; // read extended status
    680 // static const unsigned char insc8Data[] = { 0x00,0x00 }; // data for read extended status
    681
    682 int32_t emmdatastart=7;
    683
    684
    685 if (ep->type == UNIQUE) emmdatastart++;
    686 int32_t emmLen=SCT_LEN(ep->emm)-emmdatastart;
    687 int32_t rc=0;
    688
    689 ///cs_dump(ep->emm, emmLen+emmdatastart, "RECEIVED EMM VIACCESS");
    690
    691 int32_t emmUpToEnd;
    692 uchar *emmParsed = ep->emm+emmdatastart;
    693 int32_t provider_ok = 0;
    694 uint32_t emm_provid;
    695 uchar keynr = 0;
    696 int32_t ins18Len = 0;
    697 uchar ins18Data[512];
    698 uchar insData[512];
    699 uchar *nano81Data = 0;
    700 uchar *nano91Data = 0;
    701 uchar *nano92Data = 0;
    702 uchar *nano9EData = 0;
    703 uchar *nanoF0Data = 0;
    704
    705 for (emmUpToEnd=emmLen; (emmParsed[1] != 0) && (emmUpToEnd > 0); emmUpToEnd -= (2 + emmParsed[1]), emmParsed += (2 + emmParsed[1])) {
    706 ///cs_dump (emmParsed, emmParsed[1] + 2, "NANO");
    707
    708 if (emmParsed[0]==0x90 && emmParsed[1]==0x03) {
    709 /* identification of the service operator */
    710
    711 uchar soid[3], ident[3], i;
    712
    713 for (i=0; i<3; i++) {
    714 soid[i]=ident[i]=emmParsed[2+i];
    715 }
    716 ident[2]&=0xF0;
    717 emm_provid=b2i(3, ident);
    718 keynr=soid[2]&0x0F;
    719 if (chk_prov(reader, ident, keynr)) {
    720 provider_ok = 1;
    721 } else {
    722 rdr_log(reader, "EMM: provider or key not found on card (%x, %x)", emm_provid, keynr);
    723 return ERROR;
    724 }
    725
    726 // check if the provider changes. If yes, set the new one. If not, don't .. card will return an error if we do.
    727 if( reader->last_geo.provid != emm_provid ) {
    728 write_cmd(insa4, ident);
    729 if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {
    730 cs_dump(insa4, 5, "set provider cmd:");
    731 cs_dump(soid, 3, "set provider data:");
    732 rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);
    733 return ERROR;
    734 }
    735 }
    736 // as we are maybe changing the used provider, clear the cache, so the next ecm will re-select the correct one
    737 reader->last_geo.provid = 0;
    738 reader->last_geo.geo_len = 0;
    739 reader->last_geo.geo[0] = 0;
    740
    741 }
    742 else if (emmParsed[0]==0x9e && emmParsed[1]==0x20) {
    743 /* adf */
    744
    745 if (!nano91Data) {
    746 /* adf is not crypted, so test it */
    747
    748 uchar custwp;
    749 uchar *afd;
    750
    751 custwp=reader->sa[0][3];
    752 afd=(uchar*)emmParsed+2;
    753
    754 if( afd[31-custwp/8] & (1 << (custwp & 7)) )
    755 rdr_debug_mask(reader, D_READER, "emm for our card %08X", b2i(4, &reader->sa[0][0]));
    756 else
    757 return SKIPPED;
    758 }
    759
    760 // memorize
    761 nano9EData = emmParsed;
    762
    763 } else if (emmParsed[0]==0x81) {
    764 nano81Data = emmParsed;
    765 } else if (emmParsed[0]==0x91 && emmParsed[1]==0x08) {
    766 nano91Data = emmParsed;
    767 } else if (emmParsed[0]==0x92 && emmParsed[1]==0x08) {
    768 nano92Data = emmParsed;
    769 } else if (emmParsed[0]==0xF0 && emmParsed[1]==0x08) {
    770 nanoF0Data = emmParsed;
    771 } else {
    772 /* other nanos */
    773 show_subs(reader, emmParsed);
    774
    775 memcpy(ins18Data+ins18Len, emmParsed, emmParsed[1] + 2);
    776 ins18Len += emmParsed [1] + 2;
    777 }
    778 }
    779
    780 if (!provider_ok) {
    781 rdr_debug_mask(reader, D_READER, "provider not found in emm, continue anyway");
    782 // force key to 1...
    783 keynr = 1;
    784 ///return ERROR;
    785 }
    786
    787 if (!nanoF0Data) {
    788 cs_dump(ep->emm, ep->l, "can't find 0xf0 in emm...");
    789 return ERROR; // error
    790 }
    791
    792 if (nano9EData) {
    793 if (!nano91Data) {
    794 // set adf
    795 insf0[3] = keynr; // key
    796 insf0[4] = nano9EData[1] + 2;
    797 write_cmd(insf0, nano9EData);
    798 if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {
    799 cs_dump(insf0, 5, "set adf cmd:");
    800 cs_dump(nano9EData, insf0[4] , "set adf data:");
    801 rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);
    802 return ERROR;
    803 }
    804 } else {
    805 // set adf crypte
    806 insf4[3] = keynr; // key
    807 insf4[4] = nano91Data[1] + 2 + nano9EData[1] + 2;
    808 memcpy (insData, nano91Data, nano91Data[1] + 2);
    809 memcpy (insData + nano91Data[1] + 2, nano9EData, nano9EData[1] + 2);
    810 write_cmd(insf4, insData);
    811 if(( cta_res[cta_lr-2]!=0x90 && cta_res[cta_lr-2]!=0x91) || cta_res[cta_lr-1]!=0x00 ) {
    812 cs_dump(insf4, 5, "set adf encrypted cmd:");
    813 cs_dump(insData, insf4[4], "set adf encrypted data:");
    814 rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);
    815 return ERROR;
    816 }
    817 }
    818 }
    819
    820 if (!nano92Data) {
    821 // send subscription
    822 ins18[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?
    823 ins18[3] = keynr; // key
    824 ins18[4] = ins18Len + nanoF0Data[1] + 2;
    825 memcpy (insData, ins18Data, ins18Len);
    826 memcpy (insData + ins18Len, nanoF0Data, nanoF0Data[1] + 2);
    827 write_cmd(ins18, insData);
    828 if( (cta_res[cta_lr-2]==0x90 || cta_res[cta_lr-2]==0x91) && cta_res[cta_lr-1]==0x00 ) {
    829 rdr_debug_mask(reader, D_READER, "update successfully written");
    830 rc=1; // written
    831 } else {
    832 cs_dump(ins18, 5, "set subscription cmd:");
    833 cs_dump(insData, ins18[4], "set subscription data:");
    834 rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);
    835 }
    836
    837 } else {
    838 // send subscription encrypted
    839
    840 if (!nano81Data) {
    841 cs_dump(ep->emm, ep->l, "0x92 found, but can't find 0x81 in emm...");
    842 return ERROR; // error
    843 }
    844
    845 ins1c[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?
    846 if (ep->type == UNIQUE) ins1c[2] = 0x02;
    847 ins1c[3] = keynr; // key
    848 ins1c[4] = nano92Data[1] + 2 + nano81Data[1] + 2 + nanoF0Data[1] + 2;
    849 memcpy (insData, nano92Data, nano92Data[1] + 2);
    850 memcpy (insData + nano92Data[1] + 2, nano81Data, nano81Data[1] + 2);
    851 memcpy (insData + nano92Data[1] + 2 + nano81Data[1] + 2, nanoF0Data, nanoF0Data[1] + 2);
    852 write_cmd(ins1c, insData);
    853
    854 if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {
    855 rdr_log(reader, "update successfully written");
    856 rc=1; // written
    857 }
    858 else {
    859 if( cta_res[cta_lr-2]&0x1 )
    860 rdr_log(reader, "update not written. Data already exists or unknown address");
    861
    862 //if( cta_res[cta_lr-2]&0x8 ) {
    863 write_cmd(insc8, NULL);
    864 if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {
    865 rdr_log(reader, "extended status %02X %02X", cta_res[0], cta_res[1]);
    866 }
    867 //}
    868 return ERROR;
    869 }
    870
    871 }
    872
    873 /*
    874 Sub Main()
    875 Sc.Write("CA A4 04 00 03")
    876 RX
    877 Sc.Write("02 07 11")
    878 RX
    879 Sc.Write("CA F0 00 01 22")
    880 RX
    881 Sc.Write("9E 20")
    882 Sc.Write("10 10 08 8A 80 00 04 00 10 10 26 E8 54 80 1E 80")
    883 Sc.Write("00 01 00 00 00 00 00 50 00 00 80 02 22 00 08 50")
    884 RX
    885 Sc.Write("CA 18 01 01 11")
    886 RX
    887 Sc.Write("A9 05 34 DE 34 FF 80")
    888 Sc.Write("F0 08 1A 3E AF B5 2B EE E3 3B")
    889 RX
    890
    891 End Sub
    892 */
    893 return rc;
    894 }
    895
    896 static int32_t viaccess_card_info(struct s_reader * reader)
    897 {
    898 def_resp;
    899 int32_t i, l;
    900 uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data
    901 uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data
    902 uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer
    903 uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item
    904 static const uchar ins24[] = { 0xca, 0x24, 0x00, 0x00, 0x09 }; // set pin
    905
    906 static const uchar cls[] = { 0x00, 0x21, 0xff, 0x9f};
    907 static const uchar pin[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04};
    908
    909 reader->last_geo.provid = 0;
    910 reader->last_geo.geo_len = 0;
    911 reader->last_geo.geo[0] = 0;
    912
    913 rdr_log(reader, "card detected");
    914
    915 cs_clear_entitlement(reader); //reset the entitlements
    916
    917 // set pin
    918 write_cmd(ins24, pin);
    919
    920 insac[2]=0xa4; write_cmd(insac, NULL); // request unique id
    921 insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id
    922 rdr_log_sensitive(reader, "serial: {%llu}", (unsigned long long) b2ll(5, cta_res+2));
    923
    924 insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0
    925 for (i=1; (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0); i++)
    926 {
    927 uint32_t l_provid, l_sa;
    928 uchar l_name[64];
    929 insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties
    930 cta_res[2]&=0xF0;
    931 l_provid=b2i(3, cta_res);
    932
    933 insac[2]=0xa5; write_cmd(insac, NULL); // request sa
    934 insb8[4]=0x06; write_cmd(insb8, NULL); // read sa
    935 l_sa=b2i(4, cta_res+2);
    936
    937 insac[2]=0xa7; write_cmd(insac, NULL); // request name
    938 insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len
    939 l=cta_res[1];
    940 insb8[4]=l; write_cmd(insb8, NULL); // read name
    941 cta_res[l]=0;
    942 trim((char *)cta_res);
    943 if (cta_res[0])
    944 snprintf((char *)l_name, sizeof(l_name), ", name: %s", cta_res);
    945 else
    946 l_name[0]=0;
    947
    948 // read GEO
    949 insac[2]=0xa6; write_cmd(insac, NULL); // request GEO
    950 insb8[4]=0x02; write_cmd(insb8, NULL); // read GEO nano + len
    951 l=cta_res[1];
    952 char tmp[l*3+1];
    953 insb8[4]=l; write_cmd(insb8, NULL); // read geo
    954 rdr_log_sensitive(reader, "provider: %d, id: {%06X%s}, sa: {%08X}, geo: %s",
    955 i, l_provid, l_name, l_sa, (l<4) ? "empty" : cs_hexdump(1, cta_res, l, tmp, sizeof(tmp)));
    956
    957 // read classes subscription
    958 insac[2]=0xa9; insac[4]=4;
    959 write_cmd(insac, cls); // request class subs
    960 while( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )
    961 {
    962 insb8[4]=0x02; write_cmd(insb8, NULL); // read class subs nano + len
    963 if( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )
    964 {
    965 l=cta_res[1];
    966 insb8[4]=l; write_cmd(insb8, NULL); // read class subs
    967 if( (cta_res[cta_lr-2]==0x90) &&
    968 (cta_res[cta_lr-1]==0x00 || cta_res[cta_lr-1]==0x08) )
    969 {
    970 show_class(reader, NULL, l_provid, cta_res, cta_lr-2);
    971 }
    972 }
    973 }
    974
    975 insac[4]=0;
    976 insa4[2]=0x02;
    977 write_cmd(insa4, NULL); // select next provider
    978 }
    979 //return ERROR;
    980 return OK;
    981 }
    982
    983 #ifdef HAVE_DVBAPI
    984 void dvbapi_sort_nanos(unsigned char *dest, const unsigned char *src, int32_t len);
    985
    986 int32_t viaccess_reassemble_emm(uchar *buffer, uint32_t *len) {
    987 static uchar emm_global[512];
    988 static int32_t emm_global_len = 0;
    989
    990 int32_t pos=0, i;
    991 uint32_t k;
    992
    993 // Viaccess
    994 if (*len>500) return 0;
    995
    996 switch(buffer[0]) {
    997 case 0x8c:
    998 case 0x8d:
    999 // emm-s part 1
    1000 if (!memcmp(emm_global, buffer, *len))
    1001 return 0;
    1002
    1003 // copy first part of the emm-s
    1004 memcpy(emm_global, buffer, *len);
    1005 emm_global_len=*len;
    1006 //cs_ddump_mask(D_READER, buffer, len, "viaccess global emm:");
    1007 return 0;
    1008
    1009 case 0x8e:
    1010 // emm-s part 2
    1011 if (!emm_global_len) return 0;
    1012
    1013 //extract nanos from emm-gh and emm-s
    1014 uchar emmbuf[512];
    1015
    1016 cs_debug_mask(D_DVBAPI, "[viaccess] %s: start extracting nanos", __func__);
    1017 //extract from emm-gh
    1018 for (i=3; i<emm_global_len; i+=emm_global[i+1]+2) {
    1019 //copy nano (length determined by i+1)
    1020 memcpy(emmbuf+pos, emm_global+i, emm_global[i+1]+2);
    1021 pos+=emm_global[i+1]+2;
    1022 }
    1023
    1024 if (buffer[2]==0x2c) {
    1025 //add 9E 20 nano + first 32 bytes of emm content
    1026 memcpy(emmbuf+pos, "\x9E\x20", 2);
    1027 memcpy(emmbuf+pos+2, buffer+7, 32);
    1028 pos+=34;
    1029
    1030 //add F0 08 nano + 8 subsequent bytes of emm content
    1031 memcpy(emmbuf+pos, "\xF0\x08", 2);
    1032 memcpy(emmbuf+pos+2, buffer+39, 8);
    1033 pos+=10;
    1034 } else {
    1035 //extract from variable emm-s
    1036 for (k=7; k<(*len); k+=buffer[k+1]+2) {
    1037 //copy nano (length determined by k+1)
    1038 memcpy(emmbuf+pos, buffer+k, buffer[k+1]+2);
    1039 pos+=buffer[k+1]+2;
    1040 }
    1041 }
    1042
    1043 cs_ddump_mask(D_DVBAPI, buffer, *len, "[viaccess] %s: %s emm-s", __func__, (buffer[2]==0x2c) ? "fixed" : "variable");
    1044
    1045 dvbapi_sort_nanos(buffer+7, emmbuf, pos);
    1046 pos+=7;
    1047
    1048 //calculate emm length and set it on position 2
    1049 buffer[2]=pos-3;
    1050
    1051 cs_ddump_mask(D_DVBAPI, emm_global, emm_global_len, "[viaccess] %s: emm-gh", __func__);
    1052 cs_ddump_mask(D_DVBAPI, buffer, pos, "[viaccess] %s: assembled emm", __func__);
    1053
    1054 *len=pos;
    1055 break;
    1056 }
    1057 return 1;
    1058 }
    1059 #endif
    1060
    1061 void reader_viaccess(struct s_cardsystem *ph)
    1062 {
    1063 ph->do_emm=viaccess_do_emm;
    1064 ph->do_ecm=viaccess_do_ecm;
    1065 ph->card_info=viaccess_card_info;
    1066 ph->card_init=viaccess_card_init;
    1067 ph->get_emm_type=viaccess_get_emm_type;
    1068 ph->get_emm_filter=viaccess_get_emm_filter;
    1069 ph->caids[0]=0x05;
    1070 ph->desc="viaccess";
    1071 }
    1072 #endif
    solo team

  8. Merci beavis, tidou17 disent merci
  9. #98
    DZSatien Habitué
    Inscrit
    Jul 2012
    Messages
    267
    Récepteur
    DM800se,Vu+Solo
    TV
    LG 3D 47,Toshiba
    Remerciement / J'aime
    et ca veux dire quoi tt ca constance ???

  10. #99
    DZSatien Initié
    Inscrit
    Dec 2008
    Lieu
    Planete namek
    Messages
    597
    Récepteur
    Vu+ duo2
    TV
    Samsung led 3D
    Remerciement / J'aime
    C'est du chinois lol, constance tu peux nous expliquer cela? Merci a toi

  11. #100
    Sponsor
    Inscrit
    Nov 2007
    Messages
    171
    Récepteur
    Vu+Duo 2
    TV
    Samsoung
    Remerciement / J'aime
    Tu sais constance,
    Il est inutile que tu nous fasse des copier/coller des autres forum alors que tu ne sais pas de quoi tu parles.
    Le viacess est plus simple de le craquer que le seca?
    Va faire un tour du coter du forum oscam.to et tu verras de quoi on parle stp car on est loin d'être sorti d'affaire.
    La mise à jour injectée dans les Canal Ready est uniquement envoyée au terminaux de nouvelle génération qui ceux-ci possèdent un J-Tag Locké et une password dans la signature du firmware en lui même.
    Il ne feront aucune MAJ sur les anciennes générations car il est facile de faire un DUMP car le J-Tag est accessible.
    Donc stp, ou tu apportes des infos concrètes ou alors tu ne poste pas pour rien dire et surtout du charabia qui rempli ce post inutilement veux-tu?

    Sans rancune, merci.






  12. Merci maradona10 disent merci
  13. #101
    DZSatien Motivé Avatar de beavis
    Inscrit
    Feb 2008
    Lieu
    sur terre
    Messages
    366
    Récepteur
    Vu+ Ultimo
    TV
    sony
    Remerciement / J'aime
    Citation Envoyé par lenunz Voir le message
    Tu sais constance,
    Il est inutile que tu nous fasse des copier/coller des autres forum alors que tu ne sais pas de quoi tu parles.
    Le viacess est plus simple de le craquer que le seca?
    Va faire un tour du coter du forum oscam.to et tu verras de quoi on parle stp car on est loin d'être sorti d'affaire.
    La mise à jour injectée dans les Canal Ready est uniquement envoyée au terminaux de nouvelle génération qui ceux-ci possèdent un J-Tag Locké et une password dans la signature du firmware en lui même.
    Il ne feront aucune MAJ sur les anciennes générations car il est facile de faire un DUMP car le J-Tag est accessible.
    Donc stp, ou tu apportes des infos concrètes ou alors tu ne poste pas pour rien dire et surtout du charabia qui rempli ce post inutilement veux-tu?

    Sans rancune, merci.
    salut

    ah bon ceux qui ont prit un abonnement carte seul
    et qu'ils ont acheté un démo canal ready HD de premiere generation
    ils pourront plus s'en servir ?
    de mieux en mieux
    atlas hd 100 et 200

  14. #102
    DZSatien Habitué
    Inscrit
    Feb 2011
    Messages
    159
    Récepteur
    HUMAX FR1000HD
    TV
    PANASONIC
    Remerciement / J'aime
    J'ai acheté le SAGEM DTR94160S HD avant que l'on ne parle du label "canal ready" il y a presque 4 ans,
    donc on peut dire qu'il est de "première génération".
    Toutes les mises à jours on été faite par satellite et toutes les chaines sont lue avec la carte 039 !

  15. #103
    Sponsor
    Inscrit
    Nov 2007
    Messages
    171
    Récepteur
    Vu+Duo 2
    TV
    Samsoung
    Remerciement / J'aime
    Citation Envoyé par beavis Voir le message
    salut

    ah bon ceux qui ont prit un abonnement carte seul
    et qu'ils ont acheté un démo canal ready HD de premiere generation
    ils pourront plus s'en servir ?
    de mieux en mieux
    Il faut voir quel démo tu possèdes.
    Si tu n'as pas reçu de MAJ et que ta carte insérée dans ton démo n'ouvre pas certaines chaînes HD sur 12168.00 V 29700 2/3 (W9 HD, Arte HD, Ushuaia TV HD et Penthouse HD si abonné), tu peux demander aupès du fabriquant s'il y en a une ou pas.
    SI oui, tu leur dit que dans ton cas, tu n'as toujours rien ou dans le cas contraire, faut que tu voies avec Csat pour autres alternatives.






  16. J'aimes nicokana ont aimés
  17. #104
    Sponsor
    Inscrit
    Nov 2007
    Messages
    171
    Récepteur
    Vu+Duo 2
    TV
    Samsoung
    Remerciement / J'aime
    Citation Envoyé par dreamup Voir le message
    J'ai acheté le SAGEM DTR94160S HD avant que l'on ne parle du label "canal ready" il y a presque 4 ans,
    donc on peut dire qu'il est de "première génération".
    Toutes les mises à jours on été faite par satellite et toutes les chaines sont lue avec la carte 039 !
    On parle aussi du DT 81 de première génération et à prioris, aucune MAJ à ce jour car le J-tag n'est pas locké.
    Merci de me corriger en cas d'erreur.

    A+






  18. #105
    DZSatien Initié
    Inscrit
    Dec 2008
    Lieu
    moresatland
    Messages
    517
    Récepteur
    dm 500 hd
    TV
    lg 142 cm
    Remerciement / J'aime
    mort de rire si les constructeur retire le rs232 + le jtag comment font t il pour remettre une mise a jour au save lol . dit toi que je suis développer chez moresat
    j ai programmer pour proteck , technomat . édisions alors que je suis sur que tu savais meme pas ce que veux dire firmware . en aucun cas le forum oscam font du développement
    algorythmique. il ne font que de l améliorations oscam grace a d autre personne qui poste des ticket de conversions . et tous cela ce passe ici et non pas sur oscam forum .
    si on regarde le forum oscam versions francais il a beaucoup de blabla et aucun raisonnement valabe alors si tu veux vraiment une souce qui tien la route vas la lol
    http://streamboard.de.vu:8001/browser/trunk#
    solo team

Page 7 sur 54 PremièrePremière ... 3456789101117 ... DernièreDernière

Sujets similaires

  1. jazeera sport prevoit un changement de system de cryptage??
    Par nsync dans le forum Discussions autour du satellite
    Réponses: 11
    Dernier message: 27-12-2013, 12:53
  2. Canal+ et Canalsat vont passer au cryptage Nagravision
    Par spyk dans le forum News du sat
    Réponses: 51
    Dernier message: 03-07-2008, 15:04
  3. Canal+ et Canalsat vont passer au cryptage Nagravision
    Par skywalker dans le forum News du sat
    Réponses: 0
    Dernier message: 24-06-2008, 19:13
  4. INFO nouveau changement de cryptage
    Par kamilou dans le forum News du sat
    Réponses: 1
    Dernier message: 14-06-2008, 13:44
  5. Réponses: 23
    Dernier message: 17-01-2008, 11:38

Règles des messages

  • Vous ne pouvez pas créer de sujets
  • Vous ne pouvez pas répondre aux sujets
  • Vous ne pouvez pas importer de fichiers joints
  • Vous ne pouvez pas modifier vos messages
  •  
Nous contacter | DZSat | Archives | Haut de page