changement cryptage canal sat général

Statut
N'est pas ouverte pour d'autres réponses.
@ Constance

Plutot que de chercher à dumper un démo Canal Ready, n'est-il pas possible directement de trouver un firmware d'un démo HD Canal Ready téléchargeable sur le site d'un constructeur et de creuser le code de ce firmware pour en extraire l'algorythme qu'il nous faut pour la nano E0?
 
sandrine a dit:
bonsoir
voila quelqu'un qui a compris
c'est tout a fais ca lol
mais comment faire ca ?? sans tuer la box
qui va se sacrifier ???
c'est la question
bonne soirée
Cliquez pour agrandir...

on ne fait pas d’omelette sans casser des œufs ma chère Sandrine , moi je suis volentaire pour faire des test dans une dreambox 500 s ( une toute vielle ) pas ma 800 hd bien sur :) .....
 
MOKUHTFESA a dit:
Je pense la solution viendra d'une fuite de chez "caca", y'a de quoi être riche!...
Cliquez pour agrandir...

une fuite de caca? ce n'est pas ceux qui boss chez caca qui s'occupe du système de sécurité mais viaccess et si il y aura une fuite elle sera donner au plus offrant comme pour les gros serveurs privé et non pas pour des petits rigolo comme nous, il faudrait ensuite qu'il y ai une fuite au niveaux des gros serveur etc mais c'est clair qu'un jours grâce au célèbre téléphone arabe 4g la solution verra le jours mais à quand??
 
Mais vous voulez faire quoi avec une DM500s ou DM800HD sérieusement qui pourrait permettre de trouver la solution? J'ai comme l'impression que vous pensez à la flasher avec une image intégrant l’algorithme Canal Ready?
 
ocn69 a dit:
Mais vous voulez faire quoi avec une DM500s ou DM800HD sérieusement qui pourrait permettre de trouver la solution? J'ai comme l'impression que vous pensez à la flasher avec une image intégrant l’algorithme Canal Ready?
Cliquez pour agrandir...

je pense que pour les testes c'est ce qu'il faut , un demo linux avec un tuner et un reader une interface Ethernet peut importe la marque ....

le tuner pour recevoir les mises a jours de chez cacasat , on ne vas pas quand meme faire ça avec un blade ou un pc sous linux !!! l'algo ne contient pas un Tera d'octets a mon avis ..

bien sur le programme de la nano sera traité dans une machine linux une fois dumper ... la dream ne pourra pas faire les traitements nécessaire pour ouvrir le fichier et le modifier .
 
Bah quand vous voulez pour les tests, contactez moi en MP, je mets à disposition une DM800HD avec oscam et tout ce qu'ils vous faut pour!!!
 
Ne nous emportons pas les amis, avant de penser à "dumper" ou autre, apprenons d'abords à comprendre le fonctionnement de cette soit disant 'nano E...' afin de pouvoir la "chatouiller".
 
si vous voulez ajouter le nano e0 ces déja dans ceci qu il faux le faire pour oscam
vous verrez comment les autre nano on était config

#include "globals.h"
2#ifdef READER_VIACCESS
3#include "oscam-aes.h"
4#include "oscam-time.h"
5#include "reader-common.h"
6
7struct via_date {
8 uint16_t day_s : 5;
9 uint16_t month_s : 4;
10 uint16_t year_s : 7;
11
12 uint16_t day_e : 5;
13 uint16_t month_e : 4;
14 uint16_t year_e : 7;
15};
16
17static void parse_via_date(const uchar *buf, struct via_date *vd, int32_t fend)
18{
19 uint16_t date;
20
21 date = (buf[0]<<8) | buf[1];
22 vd->day_s = date & 0x1f;
23 vd->month_s = (date>>5) & 0x0f;
24 vd->year_s = (date>>9) & 0x7f;
25
26 if( fend )
27 {
28 date = (buf[2]<<8) | buf[3];
29 vd->day_e = date & 0x1f;
30 vd->month_e = (date>>5) & 0x0f;
31 vd->year_e = (date>>9) & 0x7f;
32 }
33}
34
35//static void get_via_data(const uchar *b, int32_t l, time_t *start_t, time_t *end_t, uchar *cls)
36//{
37// int32_t i, j;
38// struct via_date vd;
39// struct tm tm;
40// memset(&vd, 0, sizeof(struct via_date));
41//
42// // b -> via date (4 bytes)
43// b+=4;
44// l-=4;
45//
46// j=l-1;
47// for (; j>=0; j--)
48// for (i=0; i<8; i++)
49// if (b[j] & (1 << (i&7)))
50// {
51// parse_via_date(b-4, &vd, 1);
52// *cls=(l-(j+1))*8+i;
53// }
54//
55// memset(&tm, 0, sizeof(struct tm));
56// tm.tm_year = vd.year_s + 80; //via year starts in 1980, tm_year starts in 1900
57// tm.tm_mon = vd.month_s - 1; // january is 0 in tm_mon
58// tm.tm_mday = vd.day_s;
59// *start_t = mktime(&tm);
60//
61// tm.tm_year = vd.year_e + 80;
62// tm.tm_mon = vd.month_e - 1;
63// tm.tm_mday = vd.day_e;
64// *end_t = mktime(&tm);
65//
66//}
67
68static void show_class(struct s_reader *reader, const char *p, uint32_t provid, const uchar *b, int32_t l)
69{
70 int32_t i, j;
71
72 // b -> via date (4 bytes)
73 b+=4;
74 l-=4;
75
76 j=l-1;
77 for (; j>=0; j--)
78 for (i=0; i<8; i++)
79 if (b[j] & (1 << (i&7)))
80 {
81 uchar cls;
82 struct via_date vd;
83 parse_via_date(b-4, &vd, 1);
84 cls=(l-(j+1))*8+i;
85 if (p)
86 rdr_log(reader, "%sclass: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", p, cls,
87 vd.year_s+1980, vd.month_s, vd.day_s,
88 vd.year_e+1980, vd.month_e, vd.day_e);
89 else {
90 rdr_log(reader, "class: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", cls,
91 vd.year_s+1980, vd.month_s, vd.day_s,
92 vd.year_e+1980, vd.month_e, vd.day_e);
93
94 time_t start_t, end_t;
95 struct tm tm;
96 //convert time:
97 memset(&tm, 0, sizeof(tm));
98 tm.tm_year = vd.year_s+80; //via year starts in 1980, tm_year starts in 1900
99 tm.tm_mon = vd.month_s-1; // january is 0 in tm_mon
100 tm.tm_mday = vd.day_s;
101 start_t = cs_timegm(&tm);
102
103 tm.tm_year = vd.year_e+80; //via year starts in 1980, tm_year starts in 1900
104 tm.tm_mon = vd.month_e-1; // january is 0 in tm_mon
105 tm.tm_mday = vd.day_e;
106 end_t = cs_timegm(&tm);
107
108 cs_add_entitlement(reader, reader->caid, provid, cls, cls, start_t, end_t, 5);
109 }
110 }
111}
112
113static void show_subs(struct s_reader * reader, const uchar *emm)
114{
115 // emm -> A9, A6, B6
116
117 switch( emm[0] )
118 {
119 case 0xA9:
120 show_class(reader, "nano A9: ", 0, emm+2, emm[1]);
121 break;
122 /*
123 {
124 int32_t i, j, byts;
125 const uchar *oemm;
126
127 oemm = emm;
128 byts = emm[1]-4;
129 emm+=6;
130
131 j=byts-1;
132 for( ; j>=0; j-- )
133 for( i=0; i<8; i++ )
134 if( emm[j] & (1 << (i&7)) )
135 {
136 uchar cls;
137 struct via_date vd;
138 parse_via_date(emm-4, &vd, 1);
139 cls=(byts-(j+1))*8+i;
140 rdr_log(reader, "%sclass %02X: expiry date: %02d/%02d/%04d - %02d/%02d/%04d",
141 fnano?"nano A9: ":"", cls,
142 vd.day_s, vd.month_s, vd.year_s+1980,
143 vd.day_e, vd.month_e, vd.year_e+1980);
144 }
145 break;
146 }
147 */
148 case 0xA6:
149 {
150 char szGeo[256];
151
152 memset(szGeo, 0, 256);
153 strncpy(szGeo, (char *)emm+2, emm[1]);
154 rdr_log(reader, "nano A6: geo %s", szGeo);
155 break;
156 }
157 case 0xB6:
158 {
159 uchar m; // modexp
160 struct via_date vd;
161
162 m=emm[emm[1]+1];
163 parse_via_date(emm+2, &vd, 0);
164 rdr_log(reader, "nano B6: modexp %d%d%d%d%d%d: %02d/%02d/%04d", (m&0x20)?1:0,
165 (m&0x10)?1:0,(m&0x08)?1:0,(m&0x04)?1:0,(m&0x02)?1:0,(m&0x01)?1:0,
166 vd.day_s, vd.month_s, vd.year_s+1980);
167 break;
168 }
169 }
170}
171
172static int32_t chk_prov(struct s_reader * reader, uchar *id, uchar keynr)
173{
174 int32_t i, j, rc;
175 for (rc=i=0; (!rc) && (i<reader->nprov); i++)
176 if(!memcmp(&reader->prid[1], id, 3))
[TR]
[TH]177[/TH]
[TD] for (j=0; (!rc) && (j<16); j++)[/TD]
[/TR]
[TR]
[TH]178[/TH]
[TD] if (reader->availkeys[j]==keynr)[/TD]
[/TR]
[TR]
[TH]179[/TH]
[TD] rc=1;[/TD]
[/TR]
[TR]
[TH]180[/TH]
[TD] return(rc);[/TD]
[/TR]
[TR]
[TH]181[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]182[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]183[/TH]
[TD]static int32_t unlock_parental(struct s_reader * reader)[/TD]
[/TR]
[TR]
[TH]184[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]185[/TH]
[TD] /* disabling parental lock. assuming pin "0000" if no pin code is provided in the config */[/TD]
[/TR]
[TR]
[TH]186[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]187[/TH]
[TD] static const uchar inDPL[] = {0xca, 0x24, 0x02, 0x00, 0x09};[/TD]
[/TR]
[TR]
[TH]188[/TH]
[TD] uchar cmDPL[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F};[/TD]
[/TR]
[TR]
[TH]189[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]190[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]191[/TH]
[TD] if (strcmp(reader->pincode, "none")) {[/TD]
[/TR]
[TR]
[TH]192[/TH]
[TD] rdr_log(reader, "Using PIN %s",reader->pincode);[/TD]
[/TR]
[TR]
[TH]193[/TH]
[TD] // the pin need to be coded in bcd, so we need to convert from ascii to bcd, so '1234' -> 0x12 0x34[/TD]
[/TR]
[TR]
[TH]194[/TH]
[TD] cmDPL[6]=((reader->pincode[0]-0x30)<<4) | ((reader->pincode[1]-0x30) & 0x0f);[/TD]
[/TR]
[TR]
[TH]195[/TH]
[TD] cmDPL[7]=((reader->pincode[2]-0x30)<<4) | ((reader->pincode[3]-0x30) & 0x0f);[/TD]
[/TR]
[TR]
[TH]196[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]197[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]198[/TH]
[TD] rdr_log(reader, "Using PIN 0000!");[/TD]
[/TR]
[TR]
[TH]199[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]200[/TH]
[TD] write_cmd(inDPL,cmDPL);[/TD]
[/TR]
[TR]
[TH]201[/TH]
[TD] if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) ) {[/TD]
[/TR]
[TR]
[TH]202[/TH]
[TD] if (strcmp(reader->pincode, "none")) {[/TD]
[/TR]
[TR]
[TH]203[/TH]
[TD] rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used %s!",reader->pincode);[/TD]
[/TR]
[TR]
[TH]204[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]205[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]206[/TH]
[TD] rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used 0000!");[/TD]
[/TR]
[TR]
[TH]207[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]208[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]209[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]210[/TH]
[TD] rdr_log(reader, "Parental lock disabled");[/TD]
[/TR]
[TR]
[TH]211[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]212[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]213[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]214[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]215[/TH]
[TD]static int32_t viaccess_card_init(struct s_reader * reader, ATR *newatr)[/TD]
[/TR]
[TR]
[TH]216[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]217[/TH]
[TD] get_atr;[/TD]
[/TR]
[TR]
[TH]218[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]219[/TH]
[TD] int32_t i;[/TD]
[/TR]
[TR]
[TH]220[/TH]
[TD] uchar buf[256];[/TD]
[/TR]
[TR]
[TH]221[/TH]
[TD] uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data[/TD]
[/TR]
[TR]
[TH]222[/TH]
[TD] uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data[/TD]
[/TR]
[TR]
[TH]223[/TH]
[TD] uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer[/TD]
[/TR]
[TR]
[TH]224[/TH]
[TD] uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item[/TD]
[/TR]
[TR]
[TH]225[/TH]
[TD] static const uchar insFAC[] = { 0x87, 0x02, 0x00, 0x00, 0x03 }; // init FAC[/TD]
[/TR]
[TR]
[TH]226[/TH]
[TD] static const uchar FacDat[] = { 0x00, 0x00, 0x28 };[/TD]
[/TR]
[TR]
[TH]227[/TH]
[TD] static unsigned char ins8702_data[] = { 0x00, 0x00, 0x11};[/TD]
[/TR]
[TR]
[TH]228[/TH]
[TD] static unsigned char ins8704[] = { 0x87, 0x04, 0x00, 0x00, 0x07 };[/TD]
[/TR]
[TR]
[TH]229[/TH]
[TD] static unsigned char ins8706[] = { 0x87, 0x06, 0x00, 0x00, 0x04 };[/TD]
[/TR]
[TR]
[TH]230[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]231[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]232[/TH]
[TD] if ((atr[1]!=0x77) || ((atr[2]!=0x18) && (atr[2]!=0x11) && (atr[2]!=0x19)) || ((atr[9]!=0x68) && (atr[9]!=0x6C)))[/TD]
[/TR]
[TR]
[TH]233[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]234[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]235[/TH]
[TD] write_cmd(insFAC, FacDat);[/TD]
[/TR]
[TR]
[TH]236[/TH]
[TD] if( !(cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]237[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]238[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]239[/TH]
[TD] memset(&reader->last_geo, 0, sizeof(reader->last_geo));[/TD]
[/TR]
[TR]
[TH]240[/TH]
[TD] write_cmd(insFAC, ins8702_data);[/TD]
[/TR]
[TR]
[TH]241[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]242[/TH]
[TD] write_cmd(ins8704, NULL);[/TD]
[/TR]
[TR]
[TH]243[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]244[/TH]
[TD] write_cmd(ins8706, NULL);[/TD]
[/TR]
[TR]
[TH]245[/TH]
[TD] if ((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0x00)) {[/TD]
[/TR]
[TR]
[TH]246[/TH]
[TD] reader->last_geo.number_ecm =(cta_res[2]<<8) | (cta_res[3]);[/TD]
[/TR]
[TR]
[TH]247[/TH]
[TD] rdr_log(reader, "using ecm #%x for long viaccess ecm",reader->last_geo.number_ecm);[/TD]
[/TR]
[TR]
[TH]248[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]249[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]250[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]251[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]252[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]253[/TH]
[TD] // switch((atr[atrsize-4]<<8)|atr[atrsize-3])[/TD]
[/TR]
[TR]
[TH]254[/TH]
[TD] // {[/TD]
[/TR]
[TR]
[TH]255[/TH]
[TD] // case 0x6268: ver="2.3"; break;[/TD]
[/TR]
[TR]
[TH]256[/TH]
[TD] // case 0x6668: ver="2.4(?)"; break;[/TD]
[/TR]
[TR]
[TH]257[/TH]
[TD] // case 0xa268:[/TD]
[/TR]
[TR]
[TH]258[/TH]
[TD] // default: ver="unknown"; break;[/TD]
[/TR]
[TR]
[TH]259[/TH]
[TD] // }[/TD]
[/TR]
[TR]
[TH]260[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]261[/TH]
[TD] reader->caid=0x500;[/TD]
[/TR]
[TR]
[TH]262[/TH]
[TD] memset(reader->prid, 0xff, sizeof(reader->prid));[/TD]
[/TR]
[TR]
[TH]263[/TH]
[TD] insac[2]=0xa4; write_cmd(insac, NULL); // request unique id[/TD]
[/TR]
[TR]
[TH]264[/TH]
[TD] insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id[/TD]
[/TR]
[TR]
[TH]265[/TH]
[TD] memcpy(reader->hexserial, cta_res+2, 5);[/TD]
[/TR]
[TR]
[TH]266[/TH]
[TD] // rdr_log(reader, "[viaccess-reader] type: Viaccess, ver: %s serial: %llu", ver, b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]267[/TH]
[TD] rdr_log_sensitive(reader, "type: Viaccess (%sstandard atr), caid: %04X, serial: {%llu}",[/TD]
[/TR]
[TR]
[TH]268[/TH]
[TD] atr[9]==0x68?"":"non-",reader->caid, (unsigned long long) b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]269[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]270[/TH]
[TD] i=0;[/TD]
[/TR]
[TR]
[TH]271[/TH]
[TD] insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0[/TD]
[/TR]
[TR]
[TH]272[/TH]
[TD] buf[0]=0;[/TD]
[/TR]
[TR]
[TH]273[/TH]
[TD] while((cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0))[/TD]
[/TR]
[TR]
[TH]274[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]275[/TH]
[TD] insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties[/TD]
[/TR]
[TR]
[TH]276[/TH]
[TD] cta_res[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]277[/TH]
[TD] reader->prid[0]=0;[/TD]
[/TR]
[TR]
[TH]278[/TH]
[TD] memcpy(&reader->prid[1], cta_res, 3);[/TD]
[/TR]
[TR]
[TH]279[/TH]
[TD] memcpy(&reader->availkeys[0], cta_res+10, 16);[/TD]
[/TR]
[TR]
[TH]280[/TH]
[TD] snprintf((char *)buf+strlen((char *)buf), sizeof(buf)-strlen((char *)buf), ",%06X", b2i(3, &reader->prid[1]));[/TD]
[/TR]
[TR]
[TH]281[/TH]
[TD] //rdr_log(reader, "[viaccess-reader] buf: %s", buf);[/TD]
[/TR]
[TR]
[TH]282[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]283[/TH]
[TD] insac[2]=0xa5; write_cmd(insac, NULL); // request sa[/TD]
[/TR]
[TR]
[TH]284[/TH]
[TD] insb8[4]=0x06; write_cmd(insb8, NULL); // read sa[/TD]
[/TR]
[TR]
[TH]285[/TH]
[TD] memcpy(&reader->sa[0], cta_res+2, 4);[/TD]
[/TR]
[TR]
[TH]286[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]287[/TH]
[TD] /*[/TD]
[/TR]
[TR]
[TH]288[/TH]
[TD] insac[2]=0xa7; write_cmd(insac, NULL); // request name[/TD]
[/TR]
[TR]
[TH]289[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len[/TD]
[/TR]
[TR]
[TH]290[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]291[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read name[/TD]
[/TR]
[TR]
[TH]292[/TH]
[TD] cta_res[l]=0;[/TD]
[/TR]
[TR]
[TH]293[/TH]
[TD] rdr_log(reader, "[viaccess-reader] name: %s", cta_res);[/TD]
[/TR]
[TR]
[TH]294[/TH]
[TD] */[/TD]
[/TR]
[TR]
[TH]295[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]296[/TH]
[TD] insa4[2]=0x02;[/TD]
[/TR]
[TR]
[TH]297[/TH]
[TD] write_cmd(insa4, NULL); // select next issuer[/TD]
[/TR]
[TR]
[TH]298[/TH]
[TD] i++;[/TD]
[/TR]
[TR]
[TH]299[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]300[/TH]
[TD] reader->nprov=i;[/TD]
[/TR]
[TR]
[TH]301[/TH]
[TD] rdr_log(reader, "providers: %d (%s)", reader->nprov, buf+1);[/TD]
[/TR]
[TR]
[TH]302[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]303[/TH]
[TD] if (cfg.ulparent)[/TD]
[/TR]
[TR]
[TH]304[/TH]
[TD] unlock_parental(reader);[/TD]
[/TR]
[TR]
[TH]305[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]306[/TH]
[TD] rdr_log(reader, "ready for requests");[/TD]
[/TR]
[TR]
[TH]307[/TH]
[TD] return OK;[/TD]
[/TR]
[TR]
[TH]308[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]309[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]310[/TH]
[TD]bool dcw_crc(uchar *dw){[/TD]
[/TR]
[TR]
[TH]311[/TH]
[TD] int8_t i;[/TD]
[/TR]
[TR]
[TH]312[/TH]
[TD] for(i=0;i<16;i+=4) if(dw[i+3]!=((dw+dw[i+1]+dw[i+2])& 0xFF))return 0;[/TD]
[/TR]
[TR]
[TH]313[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]314[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]315[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]316[/TH]
[TD]static int32_t viaccess_do_ecm(struct s_reader * reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)[/TD]
[/TR]
[TR]
[TH]317[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]318[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]319[/TH]
[TD] static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id[/TD]
[/TR]
[TR]
[TH]320[/TH]
[TD] unsigned char ins88[] = { 0xca,0x88,0x00,0x00,0x00 }; // set ecm[/TD]
[/TR]
[TR]
[TH]321[/TH]
[TD] unsigned char insf8[] = { 0xca,0xf8,0x00,0x00,0x00 }; // set geographic info[/TD]
[/TR]
[TR]
[TH]322[/TH]
[TD] static const unsigned char insc0[] = { 0xca,0xc0,0x00,0x00,0x12 }; // read dcw[/TD]
[/TR]
[TR]
[TH]323[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]324[/TH]
[TD] // //XXX what is the 4th byte for ??[/TD]
[/TR]
[TR]
[TH]325[/TH]
[TD] int32_t ecm88Len = MIN(MAX_ECM_SIZE-4, SCT_LEN(er->ecm)-4);[/TD]
[/TR]
[TR]
[TH]326[/TH]
[TD] if(ecm88Len < 1){[/TD]
[/TR]
[TR]
[TH]327[/TH]
[TD] rdr_log(reader, "ECM: Size of ECM couldn't be correctly calculated.");[/TD]
[/TR]
[TR]
[TH]328[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]329[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]330[/TH]
[TD] uchar ecmData[ecm88Len];[/TD]
[/TR]
[TR]
[TH]331[/TH]
[TD] memset(ecmData, 0, ecm88Len);[/TD]
[/TR]
[TR]
[TH]332[/TH]
[TD] memcpy(ecmData, er->ecm+4, ecm88Len);[/TD]
[/TR]
[TR]
[TH]333[/TH]
[TD] uchar *ecm88Data = &ecmData[0];[/TD]
[/TR]
[TR]
[TH]334[/TH]
[TD] uint32_t provid=0;[/TD]
[/TR]
[TR]
[TH]335[/TH]
[TD] int32_t rc=0;[/TD]
[/TR]
[TR]
[TH]336[/TH]
[TD] int32_t hasD2 = 0;[/TD]
[/TR]
[TR]
[TH]337[/TH]
[TD] int32_t curEcm88len=0;[/TD]
[/TR]
[TR]
[TH]338[/TH]
[TD] int32_t nanoLen=0;[/TD]
[/TR]
[TR]
[TH]339[/TH]
[TD] uchar *nextEcm;[/TD]
[/TR]
[TR]
[TH]340[/TH]
[TD] uchar DE04[256];[/TD]
[/TR]
[TR]
[TH]341[/TH]
[TD] int32_t D2KeyID=0;[/TD]
[/TR]
[TR]
[TH]342[/TH]
[TD] int32_t curnumber_ecm=0;[/TD]
[/TR]
[TR]
[TH]343[/TH]
[TD] //nanoD2 d2 02 0d 02 -> D2 nano, len 2[/TD]
[/TR]
[TR]
[TH]344[/TH]
[TD] // 0d -> post AES decrypt CW[/TD]
[/TR]
[TR]
[TH]345[/TH]
[TD] // 0b -> pre AES decrypt CW[/TD]
[/TR]
[TR]
[TH]346[/TH]
[TD] int32_t nanoD2 = 0; // 0x0b = 1 0x0d = 2[/TD]
[/TR]
[TR]
[TH]347[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]348[/TH]
[TD] memset(DE04, 0, sizeof(DE04)); //fix dorcel de04 bug[/TD]
[/TR]
[TR]
[TH]349[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]350[/TH]
[TD] nextEcm=ecm88Data;[/TD]
[/TR]
[TR]
[TH]351[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]352[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]353[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]354[/TH]
[TD] while (ecm88Len>0 && !rc) {[/TD]
[/TR]
[TR]
[TH]355[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]356[/TH]
[TD] if(ecm88Data[0] ==0x00 && ecm88Data[1] == 0x00) {[/TD]
[/TR]
[TR]
[TH]357[/TH]
[TD] // nano 0x00 and len 0x00 aren't valid ... something is obviously wrong with this ecm.[/TD]
[/TR]
[TR]
[TH]358[/TH]
[TD] rdr_log(reader, "ECM: Invalid ECM structure. Rejecting");[/TD]
[/TR]
[TR]
[TH]359[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]360[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]361[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]362[/TH]
[TD] // 80 33 nano 80 (ecm) + len (33)[/TD]
[/TR]
[TR]
[TH]363[/TH]
[TD] if(ecm88Data[0]==0x80) { // nano 80, give ecm len[/TD]
[/TR]
[TR]
[TH]364[/TH]
[TD] curEcm88len=ecm88Data[1];[/TD]
[/TR]
[TR]
[TH]365[/TH]
[TD] nextEcm=ecm88Data+curEcm88len+2;[/TD]
[/TR]
[TR]
[TH]366[/TH]
[TD] ecm88Data += 2;[/TD]
[/TR]
[TR]
[TH]367[/TH]
[TD] ecm88Len -= 2;[/TD]
[/TR]
[TR]
[TH]368[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]369[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]370[/TH]
[TD] if(!curEcm88len) { //there was no nano 80 -> simple ecm[/TD]
[/TR]
[TR]
[TH]371[/TH]
[TD] curEcm88len=ecm88Len;[/TD]
[/TR]
[TR]
[TH]372[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]373[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]374[/TH]
[TD] // d2 02 0d 02 -> D2 nano, len 2, select the AES key to be used[/TD]
[/TR]
[TR]
[TH]375[/TH]
[TD] if(ecm88Data[0]==0xd2) {[/TD]
[/TR]
[TR]
[TH]376[/TH]
[TD] // test if need post or pre AES decrypt[/TD]
[/TR]
[TR]
[TH]377[/TH]
[TD] if(ecm88Data[2]==0x0b)[/TD]
[/TR]
[TR]
[TH]378[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]379[/TH]
[TD] nanoD2 = 1;[/TD]
[/TR]
[TR]
[TH]380[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0b");[/TD]
[/TR]
[TR]
[TH]381[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]382[/TH]
[TD] if(ecm88Data[2]==0x0d)[/TD]
[/TR]
[TR]
[TH]383[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]384[/TH]
[TD] nanoD2 = 2;[/TD]
[/TR]
[TR]
[TH]385[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: nano D2 0x0d");[/TD]
[/TR]
[TR]
[TH]386[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]387[/TH]
[TD] // use the d2 arguments to get the key # to be used[/TD]
[/TR]
[TR]
[TH]388[/TH]
[TD] int32_t len = ecm88Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]389[/TH]
[TD] D2KeyID=ecm88Data[3];[/TD]
[/TR]
[TR]
[TH]390[/TH]
[TD] ecm88Data += len;[/TD]
[/TR]
[TR]
[TH]391[/TH]
[TD] ecm88Len -= len;[/TD]
[/TR]
[TR]
[TH]392[/TH]
[TD] curEcm88len -=len;[/TD]
[/TR]
[TR]
[TH]393[/TH]
[TD] hasD2 = 1;[/TD]
[/TR]
[TR]
[TH]394[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]395[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]396[/TH]
[TD] hasD2 = 0;[/TD]
[/TR]
[TR]
[TH]397[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]398[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]399[/TH]
[TD] // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here[/TD]
[/TR]
[TR]
[TH]400[/TH]
[TD] // 09 -> use key #9[/TD]
[/TR]
[TR]
[TH]401[/TH]
[TD] // 05 67 00[/TD]
[/TR]
[TR]
[TH]402[/TH]
[TD] if ((ecm88Data[0]==0x90 || ecm88Data[0]==0x40) && (ecm88Data[1]==0x03 || ecm88Data[1]==0x07 ) )[/TD]
[/TR]
[TR]
[TH]403[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]404[/TH]
[TD] uchar ident[3], keynr;[/TD]
[/TR]
[TR]
[TH]405[/TH]
[TD] uchar *ecmf8Data=0;[/TD]
[/TR]
[TR]
[TH]406[/TH]
[TD] int32_t ecmf8Len=0;[/TD]
[/TR]
[TR]
[TH]407[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]408[/TH]
[TD] nanoLen=ecm88Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]409[/TH]
[TD] keynr=ecm88Data[4]&0x0F;[/TD]
[/TR]
[TR]
[TH]410[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]411[/TH]
[TD] // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here[/TD]
[/TR]
[TR]
[TH]412[/TH]
[TD] // 09 -> use key #9[/TD]
[/TR]
[TR]
[TH]413[/TH]
[TD] if(nanoLen>5) {[/TD]
[/TR]
[TR]
[TH]414[/TH]
[TD] curnumber_ecm =(ecm88Data[6]<<8) | (ecm88Data[7]);[/TD]
[/TR]
[TR]
[TH]415[/TH]
[TD] rdr_debug_mask(reader, D_READER, "checking if the ecm number (%x) match the card one (%x)",curnumber_ecm,reader->last_geo.number_ecm);[/TD]
[/TR]
[TR]
[TH]416[/TH]
[TD] // if we have an ecm number we check it.[/TD]
[/TR]
[TR]
[TH]417[/TH]
[TD] // we can't assume that if the nano len is 5 or more we have an ecm number[/TD]
[/TR]
[TR]
[TH]418[/TH]
[TD] // as some card don't support this[/TD]
[/TR]
[TR]
[TH]419[/TH]
[TD] if( reader->last_geo.number_ecm > 0 ) {[/TD]
[/TR]
[TR]
[TH]420[/TH]
[TD] if (reader->last_geo.number_ecm == curnumber_ecm && !( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )) {[/TD]
[/TR]
[TR]
[TH]421[/TH]
[TD] keynr=ecm88Data[5];[/TD]
[/TR]
[TR]
[TH]422[/TH]
[TD] rdr_debug_mask(reader, D_READER, "keyToUse = %02x, ECM ending with %02x",ecm88Data[5], ecm88Data[nanoLen-1]);[/TD]
[/TR]
[TR]
[TH]423[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]424[/TH]
[TD] if( ecm88Data[nanoLen-1] == 0x01 && (ecm88Data[2] == 0x03 && ecm88Data[3] == 0x0B && ecm88Data[4] == 0x00 ) )[/TD]
[/TR]
[TR]
[TH]425[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]426[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x) for provider %02x%02x%02x",ecm88Data[nanoLen-1], curnumber_ecm, ecm88Data[2], ecm88Data[3], ecm88Data[4]);[/TD]
[/TR]
[TR]
[TH]427[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]428[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x)",ecm88Data[nanoLen-1], curnumber_ecm);[/TD]
[/TR]
[TR]
[TH]429[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]430[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]431[/TH]
[TD] continue; //loop to next ecm[/TD]
[/TR]
[TR]
[TH]432[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]433[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]434[/TH]
[TD] else { // long ecm but we don't have an ecm number so we have to try them all.[/TD]
[/TR]
[TR]
[TH]435[/TH]
[TD] keynr=ecm88Data[5];[/TD]
[/TR]
[TR]
[TH]436[/TH]
[TD] rdr_debug_mask(reader, D_READER, "keyToUse = %02x",ecm88Data[5]);[/TD]
[/TR]
[TR]
[TH]437[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]438[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]439[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]440[/TH]
[TD] memcpy (ident, &ecm88Data[2], sizeof(ident));[/TD]
[/TR]
[TR]
[TH]441[/TH]
[TD] provid = b2i(3, ident);[/TD]
[/TR]
[TR]
[TH]442[/TH]
[TD] ident[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]443[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]444[/TH]
[TD] if(hasD2 && reader->aes_list) {[/TD]
[/TR]
[TR]
[TH]445[/TH]
[TD] // check that we have the AES key to decode the CW[/TD]
[/TR]
[TR]
[TH]446[/TH]
[TD] // if not there is no need to send the ecm to the card[/TD]
[/TR]
[TR]
[TH]447[/TH]
[TD] if(!aes_present(reader->aes_list, 0x500, (uint32_t) (provid & 0xFFFFF0) , D2KeyID))[/TD]
[/TR]
[TR]
[TH]448[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]449[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]450[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]451[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]452[/TH]
[TD] if (!chk_prov(reader, ident, keynr))[/TD]
[/TR]
[TR]
[TH]453[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]454[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: provider or key not found on card");[/TD]
[/TR]
[TR]
[TH]455[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "provider(%02x%02x%02x) or key(%d) not found on card", ident[0],ident[1],ident[2], keynr );[/TD]
[/TR]
[TR]
[TH]456[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]457[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]458[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]459[/TH]
[TD] ecm88Data+=nanoLen;[/TD]
[/TR]
[TR]
[TH]460[/TH]
[TD] ecm88Len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]461[/TH]
[TD] curEcm88len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]462[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]463[/TH]
[TD] // DE04[/TD]
[/TR]
[TR]
[TH]464[/TH]
[TD] if (ecm88Data[0]==0xDE && ecm88Data[1]==0x04)[/TD]
[/TR]
[TR]
[TH]465[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]466[/TH]
[TD] memcpy (DE04, &ecm88Data[0], 6);[/TD]
[/TR]
[TR]
[TH]467[/TH]
[TD] ecm88Data+=6;[/TD]
[/TR]
[TR]
[TH]468[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]469[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]470[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]471[/TH]
[TD] if( reader->last_geo.provid != provid )[/TD]
[/TR]
[TR]
[TH]472[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]473[/TH]
[TD] reader->last_geo.provid = provid;[/TD]
[/TR]
[TR]
[TH]474[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]475[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]476[/TH]
[TD] write_cmd(insa4, ident); // set provider[/TD]
[/TR]
[TR]
[TH]477[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]478[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]479[/TH]
[TD] //Nano D2 0x0b Pre AES decrypt CW[/TD]
[/TR]
[TR]
[TH]480[/TH]
[TD] if ( hasD2 && nanoD2 == 1)[/TD]
[/TR]
[TR]
[TH]481[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]482[/TH]
[TD] uchar *ecm88DataCW = ecm88Data;[/TD]
[/TR]
[TR]
[TH]483[/TH]
[TD] int32_t cwStart = 0;[/TD]
[/TR]
[TR]
[TH]484[/TH]
[TD] //int32_t cwStartRes = 0;[/TD]
[/TR]
[TR]
[TH]485[/TH]
[TD] int32_t must_exit = 0;[/TD]
[/TR]
[TR]
[TH]486[/TH]
[TD] // find CW start[/TD]
[/TR]
[TR]
[TH]487[/TH]
[TD] while(cwStart < curEcm88len -1 && !must_exit)[/TD]
[/TR]
[TR]
[TH]488[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]489[/TH]
[TD] if(ecm88Data[cwStart] == 0xEA && ecm88Data[cwStart+1] == 0x10)[/TD]
[/TR]
[TR]
[TH]490[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]491[/TH]
[TD] ecm88DataCW = ecm88DataCW + cwStart + 2;[/TD]
[/TR]
[TR]
[TH]492[/TH]
[TD] must_exit = 1;[/TD]
[/TR]
[TR]
[TH]493[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]494[/TH]
[TD] cwStart++;[/TD]
[/TR]
[TR]
[TH]495[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]496[/TH]
[TD] // use AES from list to decrypt CW[/TD]
[/TR]
[TR]
[TH]497[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));[/TD]
[/TR]
[TR]
[TH]498[/TH]
[TD] if (aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID, &ecm88DataCW[0], 16) == 0)[/TD]
[/TR]
[TR]
[TH]499[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );[/TD]
[/TR]
[TR]
[TH]500[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]501[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]502[/TH]
[TD] while(ecm88Len>1 && ecm88Data[0]<0xA0)[/TD]
[/TR]
[TR]
[TH]503[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]504[/TH]
[TD] nanoLen=ecm88Data[1]+2;[/TD]
[/TR]
[TR]
[TH]505[/TH]
[TD] if (!ecmf8Data)[/TD]
[/TR]
[TR]
[TH]506[/TH]
[TD] ecmf8Data=(uchar *)ecm88Data;[/TD]
[/TR]
[TR]
[TH]507[/TH]
[TD] ecmf8Len+=nanoLen;[/TD]
[/TR]
[TR]
[TH]508[/TH]
[TD] ecm88Len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]509[/TH]
[TD] curEcm88len-=nanoLen;[/TD]
[/TR]
[TR]
[TH]510[/TH]
[TD] ecm88Data+=nanoLen;[/TD]
[/TR]
[TR]
[TH]511[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]512[/TH]
[TD] if(ecmf8Len)[/TD]
[/TR]
[TR]
[TH]513[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]514[/TH]
[TD] if( reader->last_geo.geo_len!=ecmf8Len ||[/TD]
[/TR]
[TR]
[TH]515[/TH]
[TD] memcmp(reader->last_geo.geo, ecmf8Data, reader->last_geo.geo_len))[/TD]
[/TR]
[TR]
[TH]516[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]517[/TH]
[TD] memcpy(reader->last_geo.geo, ecmf8Data, ecmf8Len);[/TD]
[/TR]
[TR]
[TH]518[/TH]
[TD] reader->last_geo.geo_len= ecmf8Len;[/TD]
[/TR]
[TR]
[TH]519[/TH]
[TD] insf8[3]=keynr;[/TD]
[/TR]
[TR]
[TH]520[/TH]
[TD] insf8[4]=ecmf8Len;[/TD]
[/TR]
[TR]
[TH]521[/TH]
[TD] write_cmd(insf8, ecmf8Data);[/TD]
[/TR]
[TR]
[TH]522[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]523[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]524[/TH]
[TD] ins88[2]=ecmf8Len?1:0;[/TD]
[/TR]
[TR]
[TH]525[/TH]
[TD] ins88[3]=keynr;[/TD]
[/TR]
[TR]
[TH]526[/TH]
[TD] ins88[4]= curEcm88len;[/TD]
[/TR]
[TR]
[TH]527[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]528[/TH]
[TD] // we should check the nano to make sure the ecm is valid[/TD]
[/TR]
[TR]
[TH]529[/TH]
[TD] // we should look for at least 1 E3 nano, 1 EA nano and the F0 signature nano[/TD]
[/TR]
[TR]
[TH]530[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]531[/TH]
[TD] // DE04[/TD]
[/TR]
[TR]
[TH]532[/TH]
[TD] if (DE04[0]==0xDE)[/TD]
[/TR]
[TR]
[TH]533[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]534[/TH]
[TD] uint32_t l = curEcm88len-6;[/TD]
[/TR]
[TR]
[TH]535[/TH]
[TD] if (l > 256 || curEcm88len <= 6) { //don't known if this is ok...[/TD]
[/TR]
[TR]
[TH]536[/TH]
[TD] rdr_log(reader, "ecm invalid/too long! len=%d", curEcm88len);[/TD]
[/TR]
[TR]
[TH]537[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]538[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]539[/TH]
[TD] memcpy(DE04+6, (uchar *)ecm88Data, l);[/TD]
[/TR]
[TR]
[TH]540[/TH]
[TD] write_cmd(ins88, DE04); // request dcw[/TD]
[/TR]
[TR]
[TH]541[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]542[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]543[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]544[/TH]
[TD] write_cmd(ins88, (uchar *)ecm88Data); // request dcw[/TD]
[/TR]
[TR]
[TH]545[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]546[/TH]
[TD] //[/TD]
[/TR]
[TR]
[TH]547[/TH]
[TD] write_cmd(insc0, NULL); // read dcw[/TD]
[/TR]
[TR]
[TH]548[/TH]
[TD] switch(cta_res[0])[/TD]
[/TR]
[TR]
[TH]549[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]550[/TH]
[TD] case 0xe8: // even[/TD]
[/TR]
[TR]
[TH]551[/TH]
[TD] if(cta_res[1]==8) { memcpy(ea->cw,cta_res+2,8); rc=1; }[/TD]
[/TR]
[TR]
[TH]552[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]553[/TH]
[TD] case 0xe9: // odd[/TD]
[/TR]
[TR]
[TH]554[/TH]
[TD] if(cta_res[1]==8) { memcpy(ea->cw+8,cta_res+2,8); rc=1; }[/TD]
[/TR]
[TR]
[TH]555[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]556[/TH]
[TD] case 0xea: // complete[/TD]
[/TR]
[TR]
[TH]557[/TH]
[TD] if(cta_res[1]==16) { memcpy(ea->cw,cta_res+2,16); rc=1; }[/TD]
[/TR]
[TR]
[TH]558[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]559[/TH]
[TD] default :[/TD]
[/TR]
[TR]
[TH]560[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]561[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]562[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: key to use is not the current one, trying next ECM");[/TD]
[/TR]
[TR]
[TH]563[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "key to use is not the current one, trying next ECM" );[/TD]
[/TR]
[TR]
[TH]564[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]565[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]566[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]567[/TH]
[TD] ecm88Data=nextEcm;[/TD]
[/TR]
[TR]
[TH]568[/TH]
[TD] ecm88Len-=curEcm88len;[/TD]
[/TR]
[TR]
[TH]569[/TH]
[TD] rdr_debug_mask(reader, D_READER, "ECM: Unknown ECM type");[/TD]
[/TR]
[TR]
[TH]570[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "Unknown ECM type" );[/TD]
[/TR]
[TR]
[TH]571[/TH]
[TD] return ERROR; /*Lets interupt the loop and exit, because we don't know this ECM type.*/[/TD]
[/TR]
[TR]
[TH]572[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]573[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]574[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]575[/TH]
[TD] if ( hasD2 && !dcw_crc(ea->cw) && nanoD2 == 2) {[/TD]
[/TR]
[TR]
[TH]576[/TH]
[TD] rdr_debug_mask(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x",D2KeyID, (provid & 0xFFFFF0));[/TD]
[/TR]
[TR]
[TH]577[/TH]
[TD] rc=aes_decrypt_from_list(reader->aes_list,0x500, (uint32_t) (provid & 0xFFFFF0), D2KeyID,ea->cw, 16);[/TD]
[/TR]
[TR]
[TH]578[/TH]
[TD] if( rc == 0 )[/TD]
[/TR]
[TR]
[TH]579[/TH]
[TD] snprintf( ea->msglog, MSGLOGSIZE, "AES Decrypt : key id %d not found for CAID %04X , provider %06x", D2KeyID, 0x500, (provid & 0xFFFFF0) );[/TD]
[/TR]
[TR]
[TH]580[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]581[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]582[/TH]
[TD] return(rc?OK:ERROR);[/TD]
[/TR]
[TR]
[TH]583[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]584[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]585[/TH]
[TD]static int32_t viaccess_get_emm_type(EMM_PACKET *ep, struct s_reader * rdr)[/TD]
[/TR]
[TR]
[TH]586[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]587[/TH]
[TD] uint32_t provid=0;[/TD]
[/TR]
[TR]
[TH]588[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "Entered viaccess_get_emm_type ep->emm[0]=%02x",ep->emm[0]);[/TD]
[/TR]
[TR]
[TH]589[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]590[/TH]
[TD] if (ep->emm[3] == 0x90 && ep->emm[4] == 0x03) {[/TD]
[/TR]
[TR]
[TH]591[/TH]
[TD] provid = ep->emm[5] << 16 | ep->emm[6] << 8 | (ep->emm[7] & 0xFE);[/TD]
[/TR]
[TR]
[TH]592[/TH]
[TD] i2b_buf(4, provid, ep->provid);[/TD]
[/TR]
[TR]
[TH]593[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]594[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]595[/TH]
[TD] switch (ep->emm[0]) {[/TD]
[/TR]
[TR]
[TH]596[/TH]
[TD]case 0x88:[/TD]
[/TR]
[TR]
[TH]597[/TH]
[TD] ep->type=UNIQUE;[/TD]
[/TR]
[TR]
[TH]598[/TH]
[TD] memset(ep->hexserial, 0, 8);[/TD]
[/TR]
[TR]
[TH]599[/TH]
[TD] memcpy(ep->hexserial, ep->emm + 4, 4);[/TD]
[/TR]
[TR]
[TH]600[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "UNIQUE");[/TD]
[/TR]
[TR]
[TH]601[/TH]
[TD] return(!memcmp(rdr->hexserial + 1, ep->hexserial, 4));[/TD]
[/TR]
[TR]
[TH]602[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]603[/TH]
[TD]case 0x8A:[/TD]
[/TR]
[TR]
[TH]604[/TH]
[TD]case 0x8B:[/TD]
[/TR]
[TR]
[TH]605[/TH]
[TD] ep->type=GLOBAL;[/TD]
[/TR]
[TR]
[TH]606[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "GLOBAL");[/TD]
[/TR]
[TR]
[TH]607[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]608[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]609[/TH]
[TD]case 0x8C:[/TD]
[/TR]
[TR]
[TH]610[/TH]
[TD]case 0x8D:[/TD]
[/TR]
[TR]
[TH]611[/TH]
[TD] ep->type=SHARED;[/TD]
[/TR]
[TR]
[TH]612[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "SHARED (part)");[/TD]
[/TR]
[TR]
[TH]613[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]614[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]615[/TH]
[TD]case 0x8E:[/TD]
[/TR]
[TR]
[TH]616[/TH]
[TD] ep->type=SHARED;[/TD]
[/TR]
[TR]
[TH]617[/TH]
[TD] memset(ep->hexserial, 0, 8);[/TD]
[/TR]
[TR]
[TH]618[/TH]
[TD] memcpy(ep->hexserial, ep->emm + 3, 3);[/TD]
[/TR]
[TR]
[TH]619[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "SHARED");[/TD]
[/TR]
[TR]
[TH]620[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]621[/TH]
[TD] //check for provider as serial (cccam only?)[/TD]
[/TR]
[TR]
[TH]622[/TH]
[TD] int8_t i;[/TD]
[/TR]
[TR]
[TH]623[/TH]
[TD] for (i=0;i<rdr->nprov;i++) {[/TD]
[/TR]
[TR]
[TH]624[/TH]
[TD] if (!memcmp(&rdr->prid[1], ep->hexserial, 3))[/TD]
[/TR]
[TR]
[TH]625[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]626[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]627[/TH]
[TD] return(!memcmp(&rdr->sa[0][0], ep->hexserial, 3));[/TD]
[/TR]
[TR]
[TH]628[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]629[/TH]
[TD]default:[/TD]
[/TR]
[TR]
[TH]630[/TH]
[TD] ep->type = UNKNOWN;[/TD]
[/TR]
[TR]
[TH]631[/TH]
[TD] rdr_debug_mask(rdr, D_EMM, "UNKNOWN");[/TD]
[/TR]
[TR]
[TH]632[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]633[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]634[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]635[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]636[/TH]
[TD]static void viaccess_get_emm_filter(struct s_reader * rdr, uchar *filter)[/TD]
[/TR]
[TR]
[TH]637[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]638[/TH]
[TD] int32_t idx = 2;[/TD]
[/TR]
[TR]
[TH]639[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]640[/TH]
[TD] filter[0]=0xFF;[/TD]
[/TR]
[TR]
[TH]641[/TH]
[TD] filter[1]=0;[/TD]
[/TR]
[TR]
[TH]642[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]643[/TH]
[TD] filter[idx++]=EMM_GLOBAL;[/TD]
[/TR]
[TR]
[TH]644[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]645[/TH]
[TD] filter[idx+0] = 0x8D;[/TD]
[/TR]
[TR]
[TH]646[/TH]
[TD] filter[idx+0+16] = 0xFE;[/TD]
[/TR]
[TR]
[TH]647[/TH]
[TD] //filter[idx+6] = 0xA0; // FIXME: dummy, flood client with EMM's[/TD]
[/TR]
[TR]
[TH]648[/TH]
[TD] //filter[idx+6+16] = 0xF0;[/TD]
[/TR]
[TR]
[TH]649[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]650[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]651[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]652[/TH]
[TD] filter[idx++]=EMM_SHARED;[/TD]
[/TR]
[TR]
[TH]653[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]654[/TH]
[TD] filter[idx+0] = 0x8E;[/TD]
[/TR]
[TR]
[TH]655[/TH]
[TD] filter[idx+0+16] = 0xFF;[/TD]
[/TR]
[TR]
[TH]656[/TH]
[TD] memcpy(filter+idx+1, &rdr->sa[0][0], 3);[/TD]
[/TR]
[TR]
[TH]657[/TH]
[TD] memset(filter+idx+1+16, 0xFF, 3);[/TD]
[/TR]
[TR]
[TH]658[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]659[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]660[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]661[/TH]
[TD] filter[idx++]=EMM_UNIQUE;[/TD]
[/TR]
[TR]
[TH]662[/TH]
[TD] filter[idx++]=0;[/TD]
[/TR]
[TR]
[TH]663[/TH]
[TD] filter[idx+0] = 0x88;[/TD]
[/TR]
[TR]
[TH]664[/TH]
[TD] filter[idx+0+16] = 0xFF;[/TD]
[/TR]
[TR]
[TH]665[/TH]
[TD] memcpy(filter+idx+1, rdr->hexserial + 1, 4);[/TD]
[/TR]
[TR]
[TH]666[/TH]
[TD] memset(filter+idx+1+16, 0xFF, 4);[/TD]
[/TR]
[TR]
[TH]667[/TH]
[TD] filter[1]++;[/TD]
[/TR]
[TR]
[TH]668[/TH]
[TD] idx += 32;[/TD]
[/TR]
[TR]
[TH]669[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]670[/TH]
[TD] return;[/TD]
[/TR]
[TR]
[TH]671[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]672[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]673[/TH]
[TD]static int32_t viaccess_do_emm(struct s_reader * reader, EMM_PACKET *ep)[/TD]
[/TR]
[TR]
[TH]674[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]675[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]676[/TH]
[TD] static const unsigned char insa4[] = { 0xca,0xa4,0x04,0x00,0x03 }; // set provider id[/TD]
[/TR]
[TR]
[TH]677[/TH]
[TD] unsigned char insf0[] = { 0xca,0xf0,0x00,0x01,0x22 }; // set adf[/TD]
[/TR]
[TR]
[TH]678[/TH]
[TD] unsigned char insf4[] = { 0xca,0xf4,0x00,0x01,0x00 }; // set adf, encrypted[/TD]
[/TR]
[TR]
[TH]679[/TH]
[TD] unsigned char ins18[] = { 0xca,0x18,0x01,0x01,0x00 }; // set subscription[/TD]
[/TR]
[TR]
[TH]680[/TH]
[TD] unsigned char ins1c[] = { 0xca,0x1c,0x01,0x01,0x00 }; // set subscription, encrypted[/TD]
[/TR]
[TR]
[TH]681[/TH]
[TD] static const unsigned char insc8[] = { 0xca,0xc8,0x00,0x00,0x02 }; // read extended status[/TD]
[/TR]
[TR]
[TH]682[/TH]
[TD] // static const unsigned char insc8Data[] = { 0x00,0x00 }; // data for read extended status[/TD]
[/TR]
[TR]
[TH]683[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]684[/TH]
[TD] int32_t emmdatastart=7;[/TD]
[/TR]
[TR]
[TH]685[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]686[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]687[/TH]
[TD] if (ep->type == UNIQUE) emmdatastart++;[/TD]
[/TR]
[TR]
[TH]688[/TH]
[TD] int32_t emmLen=SCT_LEN(ep->emm)-emmdatastart;[/TD]
[/TR]
[TR]
[TH]689[/TH]
[TD] int32_t rc=0;[/TD]
[/TR]
[TR]
[TH]690[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]691[/TH]
[TD] ///cs_dump(ep->emm, emmLen+emmdatastart, "RECEIVED EMM VIACCESS");[/TD]
[/TR]
[TR]
[TH]692[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]693[/TH]
[TD] int32_t emmUpToEnd;[/TD]
[/TR]
[TR]
[TH]694[/TH]
[TD] uchar *emmParsed = ep->emm+emmdatastart;[/TD]
[/TR]
[TR]
[TH]695[/TH]
[TD] int32_t provider_ok = 0;[/TD]
[/TR]
[TR]
[TH]696[/TH]
[TD] uint32_t emm_provid;[/TD]
[/TR]
[TR]
[TH]697[/TH]
[TD] uchar keynr = 0;[/TD]
[/TR]
[TR]
[TH]698[/TH]
[TD] int32_t ins18Len = 0;[/TD]
[/TR]
[TR]
[TH]699[/TH]
[TD] uchar ins18Data[512];[/TD]
[/TR]
[TR]
[TH]700[/TH]
[TD] uchar insData[512];[/TD]
[/TR]
[TR]
[TH]701[/TH]
[TD] uchar *nano81Data = 0;[/TD]
[/TR]
[TR]
[TH]702[/TH]
[TD] uchar *nano91Data = 0;[/TD]
[/TR]
[TR]
[TH]703[/TH]
[TD] uchar *nano92Data = 0;[/TD]
[/TR]
[TR]
[TH]704[/TH]
[TD] uchar *nano9EData = 0;[/TD]
[/TR]
[TR]
[TH]705[/TH]
[TD] uchar *nanoF0Data = 0;[/TD]
[/TR]
[TR]
[TH]706[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]707[/TH]
[TD] for (emmUpToEnd=emmLen; (emmParsed[1] != 0) && (emmUpToEnd > 0); emmUpToEnd -= (2 + emmParsed[1]), emmParsed += (2 + emmParsed[1])) {[/TD]
[/TR]
[TR]
[TH]708[/TH]
[TD] ///cs_dump (emmParsed, emmParsed[1] + 2, "NANO");[/TD]
[/TR]
[TR]
[TH]709[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]710[/TH]
[TD] if (emmParsed[0]==0x90 && emmParsed[1]==0x03) {[/TD]
[/TR]
[TR]
[TH]711[/TH]
[TD] /* identification of the service operator */[/TD]
[/TR]
[TR]
[TH]712[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]713[/TH]
[TD] uchar soid[3], ident[3], i;[/TD]
[/TR]
[TR]
[TH]714[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]715[/TH]
[TD] for (i=0; i<3; i++) {[/TD]
[/TR]
[TR]
[TH]716[/TH]
[TD] soid=ident=emmParsed[2+i];[/TD]
[/TR]
[TR]
[TH]717[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]718[/TH]
[TD] ident[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]719[/TH]
[TD] emm_provid=b2i(3, ident);[/TD]
[/TR]
[TR]
[TH]720[/TH]
[TD] keynr=soid[2]&0x0F;[/TD]
[/TR]
[TR]
[TH]721[/TH]
[TD] if (chk_prov(reader, ident, keynr)) {[/TD]
[/TR]
[TR]
[TH]722[/TH]
[TD] provider_ok = 1;[/TD]
[/TR]
[TR]
[TH]723[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]724[/TH]
[TD] rdr_log(reader, "EMM: provider or key not found on card (%x, %x)", emm_provid, keynr);[/TD]
[/TR]
[TR]
[TH]725[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]726[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]727[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]728[/TH]
[TD] // check if the provider changes. If yes, set the new one. If not, don't .. card will return an error if we do.[/TD]
[/TR]
[TR]
[TH]729[/TH]
[TD] if( reader->last_geo.provid != emm_provid ) {[/TD]
[/TR]
[TR]
[TH]730[/TH]
[TD] write_cmd(insa4, ident);[/TD]
[/TR]
[TR]
[TH]731[/TH]
[TD] if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]732[/TH]
[TD] cs_dump(insa4, 5, "set provider cmd:");[/TD]
[/TR]
[TR]
[TH]733[/TH]
[TD] cs_dump(soid, 3, "set provider data:");[/TD]
[/TR]
[TR]
[TH]734[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]735[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]736[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]737[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]738[/TH]
[TD] // as we are maybe changing the used provider, clear the cache, so the next ecm will re-select the correct one[/TD]
[/TR]
[TR]
[TH]739[/TH]
[TD] reader->last_geo.provid = 0;[/TD]
[/TR]
[TR]
[TH]740[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]741[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]742[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]743[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]744[/TH]
[TD] else if (emmParsed[0]==0x9e && emmParsed[1]==0x20) {[/TD]
[/TR]
[TR]
[TH]745[/TH]
[TD] /* adf */[/TD]
[/TR]
[TR]
[TH]746[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]747[/TH]
[TD] if (!nano91Data) {[/TD]
[/TR]
[TR]
[TH]748[/TH]
[TD] /* adf is not crypted, so test it */[/TD]
[/TR]
[TR]
[TH]749[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]750[/TH]
[TD] uchar custwp;[/TD]
[/TR]
[TR]
[TH]751[/TH]
[TD] uchar *afd;[/TD]
[/TR]
[TR]
[TH]752[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]753[/TH]
[TD] custwp=reader->sa[0][3];[/TD]
[/TR]
[TR]
[TH]754[/TH]
[TD] afd=(uchar*)emmParsed+2;[/TD]
[/TR]
[TR]
[TH]755[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]756[/TH]
[TD] if( afd[31-custwp/8] & (1 << (custwp & 7)) )[/TD]
[/TR]
[TR]
[TH]757[/TH]
[TD] rdr_debug_mask(reader, D_READER, "emm for our card %08X", b2i(4, &reader->sa[0][0]));[/TD]
[/TR]
[TR]
[TH]758[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]759[/TH]
[TD] return SKIPPED;[/TD]
[/TR]
[TR]
[TH]760[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]761[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]762[/TH]
[TD] // memorize[/TD]
[/TR]
[TR]
[TH]763[/TH]
[TD] nano9EData = emmParsed;[/TD]
[/TR]
[TR]
[TH]764[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]765[/TH]
[TD] } else if (emmParsed[0]==0x81) {[/TD]
[/TR]
[TR]
[TH]766[/TH]
[TD] nano81Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]767[/TH]
[TD] } else if (emmParsed[0]==0x91 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]768[/TH]
[TD] nano91Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]769[/TH]
[TD] } else if (emmParsed[0]==0x92 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]770[/TH]
[TD] nano92Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]771[/TH]
[TD] } else if (emmParsed[0]==0xF0 && emmParsed[1]==0x08) {[/TD]
[/TR]
[TR]
[TH]772[/TH]
[TD] nanoF0Data = emmParsed;[/TD]
[/TR]
[TR]
[TH]773[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]774[/TH]
[TD] /* other nanos */[/TD]
[/TR]
[TR]
[TH]775[/TH]
[TD] show_subs(reader, emmParsed);[/TD]
[/TR]
[TR]
[TH]776[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]777[/TH]
[TD] memcpy(ins18Data+ins18Len, emmParsed, emmParsed[1] + 2);[/TD]
[/TR]
[TR]
[TH]778[/TH]
[TD] ins18Len += emmParsed [1] + 2;[/TD]
[/TR]
[TR]
[TH]779[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]780[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]781[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]782[/TH]
[TD] if (!provider_ok) {[/TD]
[/TR]
[TR]
[TH]783[/TH]
[TD] rdr_debug_mask(reader, D_READER, "provider not found in emm, continue anyway");[/TD]
[/TR]
[TR]
[TH]784[/TH]
[TD] // force key to 1...[/TD]
[/TR]
[TR]
[TH]785[/TH]
[TD] keynr = 1;[/TD]
[/TR]
[TR]
[TH]786[/TH]
[TD] ///return ERROR;[/TD]
[/TR]
[TR]
[TH]787[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]788[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]789[/TH]
[TD] if (!nanoF0Data) {[/TD]
[/TR]
[TR]
[TH]790[/TH]
[TD] cs_dump(ep->emm, ep->l, "can't find 0xf0 in emm...");[/TD]
[/TR]
[TR]
[TH]791[/TH]
[TD] return ERROR; // error[/TD]
[/TR]
[TR]
[TH]792[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]793[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]794[/TH]
[TD] if (nano9EData) {[/TD]
[/TR]
[TR]
[TH]795[/TH]
[TD] if (!nano91Data) {[/TD]
[/TR]
[TR]
[TH]796[/TH]
[TD] // set adf[/TD]
[/TR]
[TR]
[TH]797[/TH]
[TD] insf0[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]798[/TH]
[TD] insf0[4] = nano9EData[1] + 2;[/TD]
[/TR]
[TR]
[TH]799[/TH]
[TD] write_cmd(insf0, nano9EData);[/TD]
[/TR]
[TR]
[TH]800[/TH]
[TD] if( cta_res[cta_lr-2]!=0x90 || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]801[/TH]
[TD] cs_dump(insf0, 5, "set adf cmd:");[/TD]
[/TR]
[TR]
[TH]802[/TH]
[TD] cs_dump(nano9EData, insf0[4] , "set adf data:");[/TD]
[/TR]
[TR]
[TH]803[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]804[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]805[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]806[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]807[/TH]
[TD] // set adf crypte[/TD]
[/TR]
[TR]
[TH]808[/TH]
[TD] insf4[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]809[/TH]
[TD] insf4[4] = nano91Data[1] + 2 + nano9EData[1] + 2;[/TD]
[/TR]
[TR]
[TH]810[/TH]
[TD] memcpy (insData, nano91Data, nano91Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]811[/TH]
[TD] memcpy (insData + nano91Data[1] + 2, nano9EData, nano9EData[1] + 2);[/TD]
[/TR]
[TR]
[TH]812[/TH]
[TD] write_cmd(insf4, insData);[/TD]
[/TR]
[TR]
[TH]813[/TH]
[TD] if(( cta_res[cta_lr-2]!=0x90 && cta_res[cta_lr-2]!=0x91) || cta_res[cta_lr-1]!=0x00 ) {[/TD]
[/TR]
[TR]
[TH]814[/TH]
[TD] cs_dump(insf4, 5, "set adf encrypted cmd:");[/TD]
[/TR]
[TR]
[TH]815[/TH]
[TD] cs_dump(insData, insf4[4], "set adf encrypted data:");[/TD]
[/TR]
[TR]
[TH]816[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]817[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]818[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]819[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]820[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]821[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]822[/TH]
[TD] if (!nano92Data) {[/TD]
[/TR]
[TR]
[TH]823[/TH]
[TD] // send subscription[/TD]
[/TR]
[TR]
[TH]824[/TH]
[TD] ins18[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?[/TD]
[/TR]
[TR]
[TH]825[/TH]
[TD] ins18[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]826[/TH]
[TD] ins18[4] = ins18Len + nanoF0Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]827[/TH]
[TD] memcpy (insData, ins18Data, ins18Len);[/TD]
[/TR]
[TR]
[TH]828[/TH]
[TD] memcpy (insData + ins18Len, nanoF0Data, nanoF0Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]829[/TH]
[TD] write_cmd(ins18, insData);[/TD]
[/TR]
[TR]
[TH]830[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 || cta_res[cta_lr-2]==0x91) && cta_res[cta_lr-1]==0x00 ) {[/TD]
[/TR]
[TR]
[TH]831[/TH]
[TD] rdr_debug_mask(reader, D_READER, "update successfully written");[/TD]
[/TR]
[TR]
[TH]832[/TH]
[TD] rc=1; // written[/TD]
[/TR]
[TR]
[TH]833[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]834[/TH]
[TD] cs_dump(ins18, 5, "set subscription cmd:");[/TD]
[/TR]
[TR]
[TH]835[/TH]
[TD] cs_dump(insData, ins18[4], "set subscription data:");[/TD]
[/TR]
[TR]
[TH]836[/TH]
[TD] rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr-2], cta_res[cta_lr-1]);[/TD]
[/TR]
[TR]
[TH]837[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]838[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]839[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]840[/TH]
[TD] // send subscription encrypted[/TD]
[/TR]
[TR]
[TH]841[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]842[/TH]
[TD] if (!nano81Data) {[/TD]
[/TR]
[TR]
[TH]843[/TH]
[TD] cs_dump(ep->emm, ep->l, "0x92 found, but can't find 0x81 in emm...");[/TD]
[/TR]
[TR]
[TH]844[/TH]
[TD] return ERROR; // error[/TD]
[/TR]
[TR]
[TH]845[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]846[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]847[/TH]
[TD] ins1c[2] = nano9EData ? 0x01: 0x00; // found 9E nano ?[/TD]
[/TR]
[TR]
[TH]848[/TH]
[TD] if (ep->type == UNIQUE) ins1c[2] = 0x02;[/TD]
[/TR]
[TR]
[TH]849[/TH]
[TD] ins1c[3] = keynr; // key[/TD]
[/TR]
[TR]
[TH]850[/TH]
[TD] ins1c[4] = nano92Data[1] + 2 + nano81Data[1] + 2 + nanoF0Data[1] + 2;[/TD]
[/TR]
[TR]
[TH]851[/TH]
[TD] memcpy (insData, nano92Data, nano92Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]852[/TH]
[TD] memcpy (insData + nano92Data[1] + 2, nano81Data, nano81Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]853[/TH]
[TD] memcpy (insData + nano92Data[1] + 2 + nano81Data[1] + 2, nanoF0Data, nanoF0Data[1] + 2);[/TD]
[/TR]
[TR]
[TH]854[/TH]
[TD] write_cmd(ins1c, insData);[/TD]
[/TR]
[TR]
[TH]855[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]856[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {[/TD]
[/TR]
[TR]
[TH]857[/TH]
[TD] rdr_log(reader, "update successfully written");[/TD]
[/TR]
[TR]
[TH]858[/TH]
[TD] rc=1; // written[/TD]
[/TR]
[TR]
[TH]859[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]860[/TH]
[TD] else {[/TD]
[/TR]
[TR]
[TH]861[/TH]
[TD] if( cta_res[cta_lr-2]&0x1 )[/TD]
[/TR]
[TR]
[TH]862[/TH]
[TD] rdr_log(reader, "update not written. Data already exists or unknown address");[/TD]
[/TR]
[TR]
[TH]863[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]864[/TH]
[TD] //if( cta_res[cta_lr-2]&0x8 ) {[/TD]
[/TR]
[TR]
[TH]865[/TH]
[TD] write_cmd(insc8, NULL);[/TD]
[/TR]
[TR]
[TH]866[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) {[/TD]
[/TR]
[TR]
[TH]867[/TH]
[TD] rdr_log(reader, "extended status %02X %02X", cta_res[0], cta_res[1]);[/TD]
[/TR]
[TR]
[TH]868[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]869[/TH]
[TD] //}[/TD]
[/TR]
[TR]
[TH]870[/TH]
[TD] return ERROR;[/TD]
[/TR]
[TR]
[TH]871[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]872[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]873[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]874[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]875[/TH]
[TD] /*[/TD]
[/TR]
[TR]
[TH]876[/TH]
[TD] Sub Main()[/TD]
[/TR]
[TR]
[TH]877[/TH]
[TD] Sc.Write("CA A4 04 00 03")[/TD]
[/TR]
[TR]
[TH]878[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]879[/TH]
[TD] Sc.Write("02 07 11")[/TD]
[/TR]
[TR]
[TH]880[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]881[/TH]
[TD] Sc.Write("CA F0 00 01 22")[/TD]
[/TR]
[TR]
[TH]882[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]883[/TH]
[TD] Sc.Write("9E 20")[/TD]
[/TR]
[TR]
[TH]884[/TH]
[TD] Sc.Write("10 10 08 8A 80 00 04 00 10 10 26 E8 54 80 1E 80")[/TD]
[/TR]
[TR]
[TH]885[/TH]
[TD] Sc.Write("00 01 00 00 00 00 00 50 00 00 80 02 22 00 08 50")[/TD]
[/TR]
[TR]
[TH]886[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]887[/TH]
[TD] Sc.Write("CA 18 01 01 11")[/TD]
[/TR]
[TR]
[TH]888[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]889[/TH]
[TD] Sc.Write("A9 05 34 DE 34 FF 80")[/TD]
[/TR]
[TR]
[TH]890[/TH]
[TD] Sc.Write("F0 08 1A 3E AF B5 2B EE E3 3B")[/TD]
[/TR]
[TR]
[TH]891[/TH]
[TD] RX[/TD]
[/TR]
[TR]
[TH]892[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]893[/TH]
[TD] End Sub[/TD]
[/TR]
[TR]
[TH]894[/TH]
[TD] */[/TD]
[/TR]
[TR]
[TH]895[/TH]
[TD] return rc;[/TD]
[/TR]
[TR]
[TH]896[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]897[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]898[/TH]
[TD]static int32_t viaccess_card_info(struct s_reader * reader)[/TD]
[/TR]
[TR]
[TH]899[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]900[/TH]
[TD] def_resp;[/TD]
[/TR]
[TR]
[TH]901[/TH]
[TD] int32_t i, l;[/TD]
[/TR]
[TR]
[TH]902[/TH]
[TD] uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data[/TD]
[/TR]
[TR]
[TH]903[/TH]
[TD] uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data[/TD]
[/TR]
[TR]
[TH]904[/TH]
[TD] uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer[/TD]
[/TR]
[TR]
[TH]905[/TH]
[TD] uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item[/TD]
[/TR]
[TR]
[TH]906[/TH]
[TD] static const uchar ins24[] = { 0xca, 0x24, 0x00, 0x00, 0x09 }; // set pin[/TD]
[/TR]
[TR]
[TH]907[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]908[/TH]
[TD] static const uchar cls[] = { 0x00, 0x21, 0xff, 0x9f};[/TD]
[/TR]
[TR]
[TH]909[/TH]
[TD] static const uchar pin[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04};[/TD]
[/TR]
[TR]
[TH]910[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]911[/TH]
[TD] reader->last_geo.provid = 0;[/TD]
[/TR]
[TR]
[TH]912[/TH]
[TD] reader->last_geo.geo_len = 0;[/TD]
[/TR]
[TR]
[TH]913[/TH]
[TD] reader->last_geo.geo[0] = 0;[/TD]
[/TR]
[TR]
[TH]914[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]915[/TH]
[TD] rdr_log(reader, "card detected");[/TD]
[/TR]
[TR]
[TH]916[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]917[/TH]
[TD] cs_clear_entitlement(reader); //reset the entitlements[/TD]
[/TR]
[TR]
[TH]918[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]919[/TH]
[TD] // set pin[/TD]
[/TR]
[TR]
[TH]920[/TH]
[TD] write_cmd(ins24, pin);[/TD]
[/TR]
[TR]
[TH]921[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]922[/TH]
[TD] insac[2]=0xa4; write_cmd(insac, NULL); // request unique id[/TD]
[/TR]
[TR]
[TH]923[/TH]
[TD] insb8[4]=0x07; write_cmd(insb8, NULL); // read unique id[/TD]
[/TR]
[TR]
[TH]924[/TH]
[TD] rdr_log_sensitive(reader, "serial: {%llu}", (unsigned long long) b2ll(5, cta_res+2));[/TD]
[/TR]
[TR]
[TH]925[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]926[/TH]
[TD] insa4[2]=0x00; write_cmd(insa4, NULL); // select issuer 0[/TD]
[/TR]
[TR]
[TH]927[/TH]
[TD] for (i=1; (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0); i++)[/TD]
[/TR]
[TR]
[TH]928[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]929[/TH]
[TD] uint32_t l_provid, l_sa;[/TD]
[/TR]
[TR]
[TH]930[/TH]
[TD] uchar l_name[64];[/TD]
[/TR]
[TR]
[TH]931[/TH]
[TD] insc0[4]=0x1a; write_cmd(insc0, NULL); // show provider properties[/TD]
[/TR]
[TR]
[TH]932[/TH]
[TD] cta_res[2]&=0xF0;[/TD]
[/TR]
[TR]
[TH]933[/TH]
[TD] l_provid=b2i(3, cta_res);[/TD]
[/TR]
[TR]
[TH]934[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]935[/TH]
[TD] insac[2]=0xa5; write_cmd(insac, NULL); // request sa[/TD]
[/TR]
[TR]
[TH]936[/TH]
[TD] insb8[4]=0x06; write_cmd(insb8, NULL); // read sa[/TD]
[/TR]
[TR]
[TH]937[/TH]
[TD] l_sa=b2i(4, cta_res+2);[/TD]
[/TR]
[TR]
[TH]938[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]939[/TH]
[TD] insac[2]=0xa7; write_cmd(insac, NULL); // request name[/TD]
[/TR]
[TR]
[TH]940[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len[/TD]
[/TR]
[TR]
[TH]941[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]942[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read name[/TD]
[/TR]
[TR]
[TH]943[/TH]
[TD] cta_res[l]=0;[/TD]
[/TR]
[TR]
[TH]944[/TH]
[TD] trim((char *)cta_res);[/TD]
[/TR]
[TR]
[TH]945[/TH]
[TD] if (cta_res[0])[/TD]
[/TR]
[TR]
[TH]946[/TH]
[TD] snprintf((char *)l_name, sizeof(l_name), ", name: %s", cta_res);[/TD]
[/TR]
[TR]
[TH]947[/TH]
[TD] else[/TD]
[/TR]
[TR]
[TH]948[/TH]
[TD] l_name[0]=0;[/TD]
[/TR]
[TR]
[TH]949[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]950[/TH]
[TD] // read GEO[/TD]
[/TR]
[TR]
[TH]951[/TH]
[TD] insac[2]=0xa6; write_cmd(insac, NULL); // request GEO[/TD]
[/TR]
[TR]
[TH]952[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read GEO nano + len[/TD]
[/TR]
[TR]
[TH]953[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]954[/TH]
[TD] char tmp[l*3+1];[/TD]
[/TR]
[TR]
[TH]955[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read geo[/TD]
[/TR]
[TR]
[TH]956[/TH]
[TD] rdr_log_sensitive(reader, "provider: %d, id: {%06X%s}, sa: {%08X}, geo: %s",[/TD]
[/TR]
[TR]
[TH]957[/TH]
[TD] i, l_provid, l_name, l_sa, (l<4) ? "empty" : cs_hexdump(1, cta_res, l, tmp, sizeof(tmp)));[/TD]
[/TR]
[TR]
[TH]958[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]959[/TH]
[TD] // read classes subscription[/TD]
[/TR]
[TR]
[TH]960[/TH]
[TD] insac[2]=0xa9; insac[4]=4;[/TD]
[/TR]
[TR]
[TH]961[/TH]
[TD] write_cmd(insac, cls); // request class subs[/TD]
[/TR]
[TR]
[TH]962[/TH]
[TD] while( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]963[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]964[/TH]
[TD] insb8[4]=0x02; write_cmd(insb8, NULL); // read class subs nano + len[/TD]
[/TR]
[TR]
[TH]965[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90) && (cta_res[cta_lr-1]==0) )[/TD]
[/TR]
[TR]
[TH]966[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]967[/TH]
[TD] l=cta_res[1];[/TD]
[/TR]
[TR]
[TH]968[/TH]
[TD] insb8[4]=l; write_cmd(insb8, NULL); // read class subs[/TD]
[/TR]
[TR]
[TH]969[/TH]
[TD] if( (cta_res[cta_lr-2]==0x90) &&[/TD]
[/TR]
[TR]
[TH]970[/TH]
[TD] (cta_res[cta_lr-1]==0x00 || cta_res[cta_lr-1]==0x08) )[/TD]
[/TR]
[TR]
[TH]971[/TH]
[TD] {[/TD]
[/TR]
[TR]
[TH]972[/TH]
[TD] show_class(reader, NULL, l_provid, cta_res, cta_lr-2);[/TD]
[/TR]
[TR]
[TH]973[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]974[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]975[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]976[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]977[/TH]
[TD] insac[4]=0;[/TD]
[/TR]
[TR]
[TH]978[/TH]
[TD] insa4[2]=0x02;[/TD]
[/TR]
[TR]
[TH]979[/TH]
[TD] write_cmd(insa4, NULL); // select next provider[/TD]
[/TR]
[TR]
[TH]980[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]981[/TH]
[TD] //return ERROR;[/TD]
[/TR]
[TR]
[TH]982[/TH]
[TD] return OK;[/TD]
[/TR]
[TR]
[TH]983[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]984[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]985[/TH]
[TD]#ifdef HAVE_DVBAPI[/TD]
[/TR]
[TR]
[TH]986[/TH]
[TD]void dvbapi_sort_nanos(unsigned char *dest, const unsigned char *src, int32_t len);[/TD]
[/TR]
[TR]
[TH]987[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]988[/TH]
[TD]int32_t viaccess_reassemble_emm(uchar *buffer, uint32_t *len) {[/TD]
[/TR]
[TR]
[TH]989[/TH]
[TD] static uchar emm_global[512];[/TD]
[/TR]
[TR]
[TH]990[/TH]
[TD] static int32_t emm_global_len = 0;[/TD]
[/TR]
[TR]
[TH]991[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]992[/TH]
[TD] int32_t pos=0, i;[/TD]
[/TR]
[TR]
[TH]993[/TH]
[TD] uint32_t k;[/TD]
[/TR]
[TR]
[TH]994[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]995[/TH]
[TD] // Viaccess[/TD]
[/TR]
[TR]
[TH]996[/TH]
[TD] if (*len>500) return 0;[/TD]
[/TR]
[TR]
[TH]997[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]998[/TH]
[TD] switch(buffer[0]) {[/TD]
[/TR]
[TR]
[TH]999[/TH]
[TD] case 0x8c:[/TD]
[/TR]
[TR]
[TH]1000[/TH]
[TD] case 0x8d:[/TD]
[/TR]
[TR]
[TH]1001[/TH]
[TD] // emm-s part 1[/TD]
[/TR]
[TR]
[TH]1002[/TH]
[TD] if (!memcmp(emm_global, buffer, *len))[/TD]
[/TR]
[TR]
[TH]1003[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]1004[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1005[/TH]
[TD] // copy first part of the emm-s[/TD]
[/TR]
[TR]
[TH]1006[/TH]
[TD] memcpy(emm_global, buffer, *len);[/TD]
[/TR]
[TR]
[TH]1007[/TH]
[TD] emm_global_len=*len;[/TD]
[/TR]
[TR]
[TH]1008[/TH]
[TD] //cs_ddump_mask(D_READER, buffer, len, "viaccess global emm:");[/TD]
[/TR]
[TR]
[TH]1009[/TH]
[TD] return 0;[/TD]
[/TR]
[TR]
[TH]1010[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1011[/TH]
[TD] case 0x8e:[/TD]
[/TR]
[TR]
[TH]1012[/TH]
[TD] // emm-s part 2[/TD]
[/TR]
[TR]
[TH]1013[/TH]
[TD] if (!emm_global_len) return 0;[/TD]
[/TR]
[TR]
[TH]1014[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1015[/TH]
[TD] //extract nanos from emm-gh and emm-s[/TD]
[/TR]
[TR]
[TH]1016[/TH]
[TD] uchar emmbuf[512];[/TD]
[/TR]
[TR]
[TH]1017[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1018[/TH]
[TD] cs_debug_mask(D_DVBAPI, "[viaccess] %s: start extracting nanos", __func__);[/TD]
[/TR]
[TR]
[TH]1019[/TH]
[TD] //extract from emm-gh[/TD]
[/TR]
[TR]
[TH]1020[/TH]
[TD] for (i=3; i<emm_global_len; i+=emm_global[i+1]+2) {[/TD]
[/TR]
[TR]
[TH]1021[/TH]
[TD] //copy nano (length determined by i+1)[/TD]
[/TR]
[TR]
[TH]1022[/TH]
[TD] memcpy(emmbuf+pos, emm_global+i, emm_global[i+1]+2);[/TD]
[/TR]
[TR]
[TH]1023[/TH]
[TD] pos+=emm_global[i+1]+2;[/TD]
[/TR]
[TR]
[TH]1024[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1025[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1026[/TH]
[TD] if (buffer[2]==0x2c) {[/TD]
[/TR]
[TR]
[TH]1027[/TH]
[TD] //add 9E 20 nano + first 32 bytes of emm content[/TD]
[/TR]
[TR]
[TH]1028[/TH]
[TD] memcpy(emmbuf+pos, "\x9E\x20", 2);[/TD]
[/TR]
[TR]
[TH]1029[/TH]
[TD] memcpy(emmbuf+pos+2, buffer+7, 32);[/TD]
[/TR]
[TR]
[TH]1030[/TH]
[TD] pos+=34;[/TD]
[/TR]
[TR]
[TH]1031[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1032[/TH]
[TD] //add F0 08 nano + 8 subsequent bytes of emm content[/TD]
[/TR]
[TR]
[TH]1033[/TH]
[TD] memcpy(emmbuf+pos, "\xF0\x08", 2);[/TD]
[/TR]
[TR]
[TH]1034[/TH]
[TD] memcpy(emmbuf+pos+2, buffer+39, 8);[/TD]
[/TR]
[TR]
[TH]1035[/TH]
[TD] pos+=10;[/TD]
[/TR]
[TR]
[TH]1036[/TH]
[TD] } else {[/TD]
[/TR]
[TR]
[TH]1037[/TH]
[TD] //extract from variable emm-s[/TD]
[/TR]
[TR]
[TH]1038[/TH]
[TD] for (k=7; k<(*len); k+=buffer[k+1]+2) {[/TD]
[/TR]
[TR]
[TH]1039[/TH]
[TD] //copy nano (length determined by k+1)[/TD]
[/TR]
[TR]
[TH]1040[/TH]
[TD] memcpy(emmbuf+pos, buffer+k, buffer[k+1]+2);[/TD]
[/TR]
[TR]
[TH]1041[/TH]
[TD] pos+=buffer[k+1]+2;[/TD]
[/TR]
[TR]
[TH]1042[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1043[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1044[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1045[/TH]
[TD] cs_ddump_mask(D_DVBAPI, buffer, *len, "[viaccess] %s: %s emm-s", __func__, (buffer[2]==0x2c) ? "fixed" : "variable");[/TD]
[/TR]
[TR]
[TH]1046[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1047[/TH]
[TD] dvbapi_sort_nanos(buffer+7, emmbuf, pos);[/TD]
[/TR]
[TR]
[TH]1048[/TH]
[TD] pos+=7;[/TD]
[/TR]
[TR]
[TH]1049[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1050[/TH]
[TD] //calculate emm length and set it on position 2[/TD]
[/TR]
[TR]
[TH]1051[/TH]
[TD] buffer[2]=pos-3;[/TD]
[/TR]
[TR]
[TH]1052[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1053[/TH]
[TD] cs_ddump_mask(D_DVBAPI, emm_global, emm_global_len, "[viaccess] %s: emm-gh", __func__);[/TD]
[/TR]
[TR]
[TH]1054[/TH]
[TD] cs_ddump_mask(D_DVBAPI, buffer, pos, "[viaccess] %s: assembled emm", __func__);[/TD]
[/TR]
[TR]
[TH]1055[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1056[/TH]
[TD] *len=pos;[/TD]
[/TR]
[TR]
[TH]1057[/TH]
[TD] break;[/TD]
[/TR]
[TR]
[TH]1058[/TH]
[TD] }[/TD]
[/TR]
[TR]
[TH]1059[/TH]
[TD] return 1;[/TD]
[/TR]
[TR]
[TH]1060[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]1061[/TH]
[TD]#endif[/TD]
[/TR]
[TR]
[TH]1062[/TH]
[TD][/TD]
[/TR]
[TR]
[TH]1063[/TH]
[TD]void reader_viaccess(struct s_cardsystem *ph)[/TD]
[/TR]
[TR]
[TH]1064[/TH]
[TD]{[/TD]
[/TR]
[TR]
[TH]1065[/TH]
[TD] ph->do_emm=viaccess_do_emm;[/TD]
[/TR]
[TR]
[TH]1066[/TH]
[TD] ph->do_ecm=viaccess_do_ecm;[/TD]
[/TR]
[TR]
[TH]1067[/TH]
[TD] ph->card_info=viaccess_card_info;[/TD]
[/TR]
[TR]
[TH]1068[/TH]
[TD] ph->card_init=viaccess_card_init;[/TD]
[/TR]
[TR]
[TH]1069[/TH]
[TD] ph->get_emm_type=viaccess_get_emm_type;[/TD]
[/TR]
[TR]
[TH]1070[/TH]
[TD] ph->get_emm_filter=viaccess_get_emm_filter;[/TD]
[/TR]
[TR]
[TH]1071[/TH]
[TD] ph->caids[0]=0x05;[/TD]
[/TR]
[TR]
[TH]1072[/TH]
[TD] ph->desc="viaccess";[/TD]
[/TR]
[TR]
[TH]1073[/TH]
[TD]}[/TD]
[/TR]
[TR]
[TH]1074[/TH]
[TD]#endif[/TD]
[/TR]
 
13EME RUE HD out
ARTE HD out
BE IN SPORT 1&2 HD ok
BLACKBELT TV HD out
BRAVA HD ok
CANAL+ HD ok
CANAL+ CINEMA HD ok
CANAL+ DECALE HD ok
CANAL+ FAMILY HD out
CANAL+ SPORT HD ok
CINE+ CINEMA HD out
DISCOVERY HD ok
DISCOVERY SCIENCE HD ok
DISNEY HD out
DISNEY JUNIOR HD out
DISNEY MAGIC HD out
DISNEY XD HD out
DJAZZ TV HD ok
EUROSPORT HD out
FRANCE 2 HD out
GOLF+ HD out
KOMBAT SPORT HD ok
M6 HD out
MA CHAINE SPORT HD out
MEZZO LIVE HD out
NAT GEO WILD HD ok
NATIONAL GEO HD out
OCS MAX HD ok
PARIS PREMIERE HD out
SERIE CLUB HD out
SYFY HD out
TCM HD out
TEVA HD out
TF1 HD out
TF6 HD out
USHUAIA HD out
W9 HD out
***********************************
 
aide pour corriger + explications et merci a ce développer pour l avancement

Je vais essayer d'expliquer, Orange (032920 et 032940) déploie une nouvelle protection pour certains canaux à l'aide de la nano E0. Ce utiliser le CA 18 et CA commandes 1C. Ces commandes sont maintenant utilisés par la démo officielle.
Orange est également le déploiement de nouvelles cartes et de nouveaux actifs de protection uniquement avec eux.
Certaines personnes travaillent français sur ce point. Je ne suis pas sûr mais je pense: lorsque le nano E0 est présent dans l'ECM, oscam doit choisir sortECM terminant par 01 et finissant par ne pas shortECM 00. Dans d'autres cas , oscam doit choisir shortECM terminant par 00. que je découvre aujourd'hui que 2 formats de la nano E0 exister. Le premier, utilisé pour la protection des canaux HD et le cinéma (E0 02 00 02, comme vous pouvez le voir, c'est très semblable à la D2 NANO utilisant des clés AES) et une seconde pour France 3 (E0 01 20). Touche 2 ou 20 Clé? Peut-être le même pour tous les canaux TNTSAT? Nous avons donc besoin de modifier le lecteur-viaccess.C

nextEcm=ecm88Data;
322
322
323
 //detecte nano E0
323
 //looking for nano E0
324
324
 while (ecm88Len)
325
325
 {
326
326
 // 80 33 nano 80 (ecm) + len (33)


334
334
 {
335
335
 curnumber_ecm =(ecm88Data[6]<<8) | (ecm88Data[7]);
336
336
 //if number_ecm & nano E0 ecm not suported
337
 if ((reader->last_geo.number_ecm == curnumber_ecm )&&(ecm88Data[9] == 0xE0))
337
 if ((reader->last_geo.number_ecm == curnumber_ecm )&&((ecm88Data[9] == 0xE0)&&(ecm88Data[10] == 0x02)))
338
338
 {
339
339
 cs_log("[viaccess-reader] ECM: Invalid ECM nano E0 Rejecting");
340
340
 return ERROR;


346
346
 } else ecm88Len = 0; //exit while
347
347
 }
348
348
349
 //return original parametre
349
 //returning at beginning of ECM
350
350
 ecm88Data=er->ecm+4; //XXX what is the 4th byte for ??
351
351
 ecm88Len=SCT_LEN(er->ecm)-4;
352
352
 curEcm88len=0;






 
salut

donc si j'ai bien compris ton explication il existerai plusieurs keys aes différente et nano eo pour différente chaine.
 
E0 02 00 02
E0 01 20

Le CTRL-ECM est utilisé pour les évenement XXX dont le code parental est requis ;-) ce qui explique le E0 01 20..... control parental !
 
mais pourquoi un systeme de control parental sur une chaine comme france 3 ????,
mais nagracard je dois dire que tu est trés bon
 
le systéme control parental serai activer sur uniquement certaine chaine et pas tous et pour quel raison
 
dogan a dit:
le systéme control parental serai activer sur uniquement certaine chaine et pas tous et pour quel raison
Cliquez pour agrandir...

Non selon le code rating du control parental, il existe plusieurs niveau pour le control parental.

Selon les tranches d'age.
 
plusieurs niveau ok donc ce code parental n'est pas d'office activer sur toute les chaines et au même niveau
 
salut moi j'ai ma vrai carte local canalsat t cine+ et et aussi carte c+ mais quand je suis abonné je n'ai pas demandé décodeur ready comment faire au moins pour regarder le chaines hd par mon décodeur j'ai vu+ duo merci
 
alex-du-75 a dit:
salut moi j'ai ma vrai carte local canalsat t cine+ et et aussi carte c+ mais quand je suis abonné je n'ai pas demandé décodeur ready comment faire au moins pour regarder le chaines hd par mon décodeur j'ai vu+ duo merci
Cliquez pour agrandir...


tu ne pourra pas regarder les HD dans ton VU + Duo ni dans un autre Demo non labelisé Canal Ready pour le moment meme avec une carte officiel .. meme si tu plaint chez canalsat il te diront qu'il te faut un Demo de chez eux et non un demo linux pour les HD
 
unix33 a dit:
tu ne pourra pas regarder les HD dans ton VU + Duo ni dans un autre Demo non labelisé Canal Ready pour le moment meme avec une carte officiel .. meme si tu plaint chez canalsat il te diront qu'il te faut un Demo de chez eux et non un demo linux pour les HD
Cliquez pour agrandir...

Même en Hypercam...?
 
c'est génèral pour l'instant peu importe l'ému même les abonnés avec carte officiel
 
salut je viends d'avoir leur support j'ai lui dit que j'ai ça Aston SIMBA HD TNTSAT que j'ai acheté chez darty mais pas de réponse clair incompétent bref en plus j'ai jamais reçu mes 50euro de parrainage
et voila c'est comme ça chez cacasat
et enfn unix a raison ça sert a rien d’appeler leur service de 34cem/minute

Cldt
 
Statut
N'est pas ouverte pour d'autres réponses.

Similar threads

msirda41
Raccourci TLC Z8
Réponses
0
Affichages
299
msirda41
msirda41
ULTRON
Prochain plan de service des offres canal+ le 18 mars 2020
Réponses
16
Affichages
1K
croquette
C
msirda41
Sortie de la nouvelle version bêta de Z8 / Z Alpha et MOL 2
Réponses
0
Affichages
666
msirda41
msirda41
msirda41
Nouvelle version bêta publiée pour Z8 et MOL 2.
Réponses
0
Affichages
571
msirda41
msirda41
msirda41
Nouvelle mise à jour officielle publiée pour Z8 / Z Alpha.
Réponses
3
Affichages
1K
msirda41
msirda41

Statistiques en ligne

Membres en ligne
5
Visiteurs en ligne
427
Total de visiteurs
432
Nombre total incluant les visiteurs cachés.

Partager cette page

Social

Retour
Haut