search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
- fix Building without Nagra not possible at Nagra_Merlin https://trac.streamboard...
[oscam.git] / module-cccam.c
blob30859b9cd39b22dde9f4141d6ca24d58f3a0ae7e
1 #define MODULE_LOG_PREFIX "cccam"
2
3 #include "globals.h"
4
5 #ifdef MODULE_CCCAM
6
7 #include "cscrypt/md5.h"
8 #include "cscrypt/sha1.h"
9 #include "module-cacheex.h"
10 #include "module-cccam.h"
11 #include "module-cccam-data.h"
12 #include "module-cccam-cacheex.h"
13 #include "module-cccshare.h"
14 #include "oscam-chk.h"
15 #include "oscam-cache.h"
16 #include "oscam-client.h"
17 #include "oscam-ecm.h"
18 #include "oscam-emm.h"
19 #include "oscam-failban.h"
20 #include "oscam-garbage.h"
21 #include "oscam-lock.h"
22 #include "oscam-net.h"
23 #include "oscam-reader.h"
24 #include "oscam-string.h"
25 #include "oscam-time.h"
26 #include "oscam-work.h"
27
28 // Mode names for CMD_05 command
29 static const char *cmd05_mode_name[] = { "UNKNOWN", "PLAIN", "AES", "CC_CRYPT", "RC4", "LEN=0" };
30
31 // Mode names for CMD_0C command
32 static const char *cmd0c_mode_name[] = { "NONE", "RC6", "RC4", "CC_CRYPT", "AES", "IDEA" };
33
34 uint8_t cc_node_id[8];
35
36 int32_t cc_cli_connect(struct s_client *cl);
37 int32_t cc_send_pending_emms(struct s_client *cl);
38
39 #define getprefix() (!cl ? "" : (!cl->cc ? "" : (((struct cc_data *)(cl->cc))->prefix)))
40
41 void cc_init_crypt(struct cc_crypt_block *block, uint8_t *key, int32_t len)
42 {
43 int32_t i = 0;
44 uint8_t j = 0;
45
46 for(i = 0; i < 256; i++)
47 {
48 block->keytable[i] = i;
49 }
50
51 for(i = 0; i < 256; i++)
52 {
53 j += key[i % len] + block->keytable[i];
54 SWAPC(&block->keytable[i], &block->keytable[j]);
55 }
56
57 block->state = *key;
58 block->counter = 0;
59 block->sum = 0;
60 }
61
62 void cc_crypt(struct cc_crypt_block *block, uint8_t *data, int32_t len, cc_crypt_mode_t mode)
63 {
64 int32_t i;
65 uint8_t z;
66
67 for(i = 0; i < len; i++)
68 {
69 block->counter++;
70 block->sum += block->keytable[block->counter];
71 SWAPC(&block->keytable[block->counter], &block->keytable[block->sum]);
72
73 z = data[i];
74 data[i] = z ^ block->keytable[(block->keytable[block->counter] + block->keytable[block->sum]) & 0xff];
75 data[i] ^= block->state;
76
77 if(!mode)
78 {
79 z = data[i];
80 }
81
82 block->state = block->state ^ z;
83 }
84 }
85
86 void cc_rc4_crypt(struct cc_crypt_block *block, uint8_t *data, int32_t len, cc_crypt_mode_t mode)
87 {
88 int32_t i;
89 uint8_t z;
90
91 for(i = 0; i < len; i++)
92 {
93 block->counter++;
94 block->sum += block->keytable[block->counter];
95 SWAPC(&block->keytable[block->counter], &block->keytable[block->sum]);
96
97 z = data[i];
98 data[i] = z ^ block->keytable[(block->keytable[block->counter] + block->keytable[block->sum]) & 0xff];
99
100 if(!mode)
101 {
102 z = data[i];
103 }
104
105 block->state = block->state ^ z;
106 }
107 }
108
109 void cc_xor(uint8_t *buf)
110 {
111 const char cccam[] = "CCcam";
112 uint8_t i;
113
114 for(i = 0; i < 8; i++)
115 {
116 buf[8 + i] = i * buf[i];
117
118 if(i <= 5)
119 {
120 buf[i] ^= cccam[i];
121 }
122 }
123 }
124
125 void cc_cw_crypt(struct s_client *cl, uint8_t *cws, uint32_t cardid)
126 {
127 struct cc_data *cc = cl->cc;
128 uint8_t n = 0;
129 uint8_t i;
130 uint8_t tmp;
131 uint8_t *nod = NULL;
132
133 if (!cs_malloc(&nod, 8))
134 {
135 return;
136 }
137
138 for (i=0; i<8; i++)
139 {
140 if (cl->typ != 'c')
141 {
142 nod[i] = cc->node_id[7-i];
143 }
144 else
145 {
146 nod[i] = cc->peer_node_id[7-i];
147 }
148 }
149
150 for (i=0; i<16; i++)
151 {
152 if (i & 1)
153 {
154 if (i != 15)
155 {
156 n = (nod[i>>1]>>4) | (nod[(i>>1)+1]<<4);
157 }
158 else
159 {
160 n = nod[i>>1]>>4;
161 }
162 }
163 else
164 {
165 n = nod[i>>1];
166 }
167
168 n = n & 0xff;
169 tmp = cws[i] ^ n;
170
171 if (i & 1)
172 {
173 tmp = ~tmp;
174 }
175
176 cws[i] = ((cardid >> (2 * i)) ^ tmp) & 0xff;
177 }
178
179 free(nod);
180 }
181
182 /** swap endianness (int) */
183 static void SwapLBi(uint8_t *buff, int32_t len)
184 {
185 #if __BYTE_ORDER != __BIG_ENDIAN
186 return;
187 #endif
188
189 int32_t i;
190 uint8_t swap[4];
191
192 for(i = 0; i < len / 4; i++)
193 {
194 memcpy(swap, buff, 4);
195 buff[0] = swap[3];
196 buff[1] = swap[2];
197 buff[2] = swap[1];
198 buff[3] = swap[0];
199 buff += 4;
200 }
201 }
202
203 void cc_crypt_cmd0c(struct s_client *cl, uint8_t *buf, int32_t len)
204 {
205 struct cc_data *cc = cl->cc;
206 uint8_t *out;
207
208 if(!cs_malloc(&out, len))
209 {
210 return;
211 }
212
213 switch(cc->cmd0c_mode)
214 {
215 case MODE_CMD_0x0C_NONE: // none additional encryption
216 {
217 memcpy(out, buf, len);
218 break;
219 }
220
221 case MODE_CMD_0x0C_RC6: // RC6
222 {
223 // buf may be unaligned,
224 // so we use malloc() memory for the uint32_t* cast
225 uint8_t *tmp;
226 int32_t i;
227
228 if(!cs_malloc(&tmp, len))
229 {
230 return;
231 }
232
233 memcpy(tmp, buf, len);
234 SwapLBi(tmp, len);
235
236 for(i = 0; i < len / 16; i++)
237 {
238 rc6_block_decrypt((uint32_t *)(tmp + i * 16), (uint32_t *)(out + i * 16), 1, cc->cmd0c_RC6_cryptkey);
239 }
240
241 SwapLBi(out, len);
242 NULLFREE(tmp);
243 break;
244 }
245
246 case MODE_CMD_0x0C_RC4: // RC4
247 {
248 cc_rc4_crypt(&cc->cmd0c_cryptkey, buf, len, ENCRYPT);
249 memcpy(out, buf, len);
250 break;
251 }
252
253 case MODE_CMD_0x0C_CC_CRYPT: // cc_crypt
254 {
255 cc_crypt(&cc->cmd0c_cryptkey, buf, len, DECRYPT);
256 memcpy(out, buf, len);
257 break;
258 }
259
260 case MODE_CMD_0x0C_AES: // AES
261 {
262 int32_t i;
263 for(i = 0; i < len / 16; i++)
264 {
265 AES_decrypt((uint8_t *)buf + i * 16, (uint8_t *)out + i * 16, &cc->cmd0c_AES_key);
266 }
267 break;
268 }
269
270 case MODE_CMD_0x0C_IDEA: // IDEA
271 {
272 int32_t i = 0;
273 int32_t j;
274
275 while(i < len)
276 {
277 idea_ecb_encrypt(buf + i, out + i, &cc->cmd0c_IDEA_dkey);
278 i += 8;
279 }
280
281 i = 8;
282 while(i < len)
283 {
284 for(j = 0; j < 8; j++)
285 {
286 out[j + i] ^= buf[j + i - 8];
287 }
288 i += 8;
289 }
290
291 break;
292 }
293 }
294 memcpy(buf, out, len);
295 NULLFREE(out);
296 }
297
298 void set_cmd0c_cryptkey(struct s_client *cl, uint8_t *key, uint8_t len)
299 {
300 struct cc_data *cc = cl->cc;
301 uint8_t key_buf[32];
302
303 memset(&key_buf, 0, sizeof(key_buf));
304
305 if(len > 32)
306 {
307 len = 32;
308 }
309
310 memcpy(key_buf, key, len);
311
312 switch(cc->cmd0c_mode)
313 {
314 case MODE_CMD_0x0C_NONE: // NONE
315 {
316 break;
317 }
318
319 case MODE_CMD_0x0C_RC6: // RC6
320 {
321 rc6_key_setup(key_buf, 32, cc->cmd0c_RC6_cryptkey);
322 break;
323 }
324
325 case MODE_CMD_0x0C_RC4: // RC4
326 case MODE_CMD_0x0C_CC_CRYPT: // CC_CRYPT
327 {
328 cc_init_crypt(&cc->cmd0c_cryptkey, key_buf, 32);
329 break;
330 }
331
332 case MODE_CMD_0x0C_AES: // AES
333 {
334 memset(&cc->cmd0c_AES_key, 0, sizeof(cc->cmd0c_AES_key));
335 AES_set_decrypt_key((uint8_t *)key_buf, 256, &cc->cmd0c_AES_key);
336 break;
337 }
338
339 case MODE_CMD_0x0C_IDEA: // IDEA
340 {
341 uint8_t key_buf_idea[16];
342 memcpy(key_buf_idea, key_buf, 16);
343 IDEA_KEY_SCHEDULE ekey;
344
345 idea_set_encrypt_key(key_buf_idea, &ekey);
346 idea_set_decrypt_key(&ekey, &cc->cmd0c_IDEA_dkey);
347 break;
348 }
349 }
350 }
351
352 int32_t sid_eq(struct cc_srvid *srvid1, struct cc_srvid *srvid2)
353 {
354 return (srvid1->sid == srvid2->sid && (srvid1->chid == srvid2->chid || !srvid1->chid || !srvid2->chid)
355 && (srvid1->ecmlen == srvid2->ecmlen || !srvid1->ecmlen || !srvid2->ecmlen));
356 }
357
358 int32_t sid_eq_nb(struct cc_srvid *srvid1, struct cc_srvid_block *srvid2)
359 {
360 return sid_eq(srvid1, (struct cc_srvid *)srvid2);
361 }
362
363 int32_t sid_eq_bb(struct cc_srvid_block *srvid1, struct cc_srvid_block *srvid2)
364 {
365 return (srvid1->sid == srvid2->sid && (srvid1->chid == srvid2->chid || !srvid1->chid || !srvid2->chid)
366 && (srvid1->ecmlen == srvid2->ecmlen || !srvid1->ecmlen || !srvid2->ecmlen)
367 && (srvid1->blocked_till == srvid2->blocked_till || !srvid1->blocked_till || !srvid2->blocked_till));
368 }
369
370 struct cc_srvid_block *is_sid_blocked(struct cc_card *card, struct cc_srvid *srvid_blocked)
371 {
372 LL_ITER it = ll_iter_create(card->badsids);
373 struct cc_srvid_block *srvid;
374
375 while((srvid = ll_iter_next(&it)))
376 {
377 if(sid_eq_nb(srvid_blocked, srvid))
378 {
379 break;
380 }
381 }
382 return srvid;
383 }
384
385 uint32_t has_perm_blocked_sid(struct cc_card *card)
386 {
387 LL_ITER it = ll_iter_create(card->badsids);
388 struct cc_srvid_block *srvid;
389
390 while((srvid = ll_iter_next(&it)))
391 {
392 if(srvid->blocked_till == 0)
393 {
394 break;
395 }
396 }
397 return srvid != NULL;
398 }
399
400 struct cc_srvid *is_good_sid(struct cc_card *card, struct cc_srvid *srvid_good)
401 {
402 LL_ITER it = ll_iter_create(card->goodsids);
403 struct cc_srvid *srvid;
404
405 while((srvid = ll_iter_next(&it)))
406 {
407 if(sid_eq(srvid, srvid_good))
408 {
409 break;
410 }
411 }
412 return srvid;
413 }
414
415 #define BLOCKING_SECONDS 10
416
417 void add_sid_block(struct cc_card *card, struct cc_srvid *srvid_blocked, bool temporary)
418 {
419 if(is_sid_blocked(card, srvid_blocked))
420 {
421 return;
422 }
423
424 struct cc_srvid_block *srvid;
425 if(!cs_malloc(&srvid, sizeof(struct cc_srvid_block)))
426 {
427 return;
428 }
429 memcpy(srvid, srvid_blocked, sizeof(struct cc_srvid));
430
431 if(temporary)
432 {
433 srvid->blocked_till = time(NULL) + BLOCKING_SECONDS;
434 }
435
436 ll_append(card->badsids, srvid);
437 cs_log_dbg(D_READER, "added sid block %04X(CHID %04X, length %d) for card %08x",
438 srvid_blocked->sid, srvid_blocked->chid, srvid_blocked->ecmlen, card->id);
439 }
440
441 void remove_sid_block(struct cc_card *card, struct cc_srvid *srvid_blocked)
442 {
443 LL_ITER it = ll_iter_create(card->badsids);
444 struct cc_srvid_block *srvid;
445
446 while((srvid = ll_iter_next(&it)))
447 {
448 if(sid_eq_nb(srvid_blocked, srvid))
449 {
450 ll_iter_remove_data(&it);
451 }
452 }
453
454 cs_log_dbg(D_READER, "removed sid block %04X(CHID %04X, length %d) for card %08x",
455 srvid_blocked->sid, srvid_blocked->chid, srvid_blocked->ecmlen, card->id);
456 }
457
458 void add_good_sid(struct cc_card *card, struct cc_srvid *srvid_good)
459 {
460 if(is_good_sid(card, srvid_good))
461 {
462 return;
463 }
464
465 remove_sid_block(card, srvid_good);
466 struct cc_srvid *srvid;
467
468 if(!cs_malloc(&srvid, sizeof(struct cc_srvid)))
469 {
470 return;
471 }
472
473 memcpy(srvid, srvid_good, sizeof(struct cc_srvid));
474 ll_append(card->goodsids, srvid);
475
476 cs_log_dbg(D_READER, "added good sid %04X(%d) for card %08x",
477 srvid_good->sid, srvid_good->ecmlen, card->id);
478 }
479
480 void remove_good_sid(struct cc_card *card, struct cc_srvid *srvid_good)
481 {
482 LL_ITER it = ll_iter_create(card->goodsids);
483 struct cc_srvid *srvid;
484
485 while((srvid = ll_iter_next(&it)))
486 {
487 if(sid_eq(srvid, srvid_good))
488 {
489 ll_iter_remove_data(&it);
490 }
491 }
492
493 cs_log_dbg(D_READER, "removed good sid %04X(%d) for card %08x",
494 srvid_good->sid, srvid_good->ecmlen, card->id);
495 }
496
497 /**
498 * reader
499 * clears and frees values for reinit
500 */
501 void cc_cli_close(struct s_client *cl, int32_t call_conclose)
502 {
503 struct s_reader *rdr = cl->reader;
504 struct cc_data *cc = cl->cc;
505
506 if(!rdr || !cc)
507 {
508 return;
509 }
510
511 if(rdr)
512 {
513 rdr->tcp_connected = 0;
514 }
515
516 if(rdr)
517 {
518 rdr->card_status = NO_CARD;
519 }
520
521 if(rdr)
522 {
523 rdr->last_s = rdr->last_g = 0;
524 }
525
526 if(cl)
527 {
528 cl->last = 0;
529 }
530
531 if(call_conclose) // clears also pending ecms!
532 {
533 network_tcp_connection_close(rdr, "close");
534 }
535 else
536 {
537 if(cl->udp_fd)
538 {
539 close(cl->udp_fd);
540 cl->udp_fd = 0;
541 cl->pfd = 0;
542 }
543 }
544
545 cc->ecm_busy = 0;
546 cc->just_logged_in = 0;
547 }
548
549 struct cc_extended_ecm_idx *add_extended_ecm_idx(struct s_client *cl, uint8_t send_idx, uint16_t ecm_idx,
550 struct cc_card *card, struct cc_srvid srvid, int8_t free_card)
551 {
552 struct cc_data *cc = cl->cc;
553 struct cc_extended_ecm_idx *eei;
554
555 if(!cs_malloc(&eei, sizeof(struct cc_extended_ecm_idx)))
556 {
557 return NULL;
558 }
559
560 eei->send_idx = send_idx;
561 eei->ecm_idx = ecm_idx;
562 eei->card = card;
563 eei->cccam_id = card->id;
564 eei->srvid = srvid;
565 eei->free_card = free_card;
566 cs_ftime(&eei->tps);
567 ll_append(cc->extended_ecm_idx, eei);
568 //cs_log_dbg(D_TRACE, "%s add extended ecm-idx: %d:%d", getprefix(), send_idx, ecm_idx);
569 return eei;
570 }
571
572 struct cc_extended_ecm_idx *get_extended_ecm_idx(struct s_client *cl, uint8_t send_idx, int32_t remove_item)
573 {
574 struct cc_data *cc = cl->cc;
575 struct cc_extended_ecm_idx *eei;
576 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
577
578 while((eei = ll_iter_next(&it)))
579 {
580 if(eei->send_idx == send_idx)
581 {
582 if(remove_item)
583 {
584 ll_iter_remove(&it);
585 }
586
587 //cs_log_dbg(D_TRACE, "%s get by send-idx: %d FOUND: %d", getprefix(), send_idx, eei->ecm_idx);
588 return eei;
589 }
590 }
591
592 #ifdef WITH_DEBUG
593 if(remove_item)
594 {
595 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s get by send-idx: %d NOT FOUND", getprefix(), send_idx);
596 }
597 #endif
598
599 return NULL;
600 }
601
602 struct cc_extended_ecm_idx *get_extended_ecm_idx_by_idx(struct s_client *cl, uint16_t ecm_idx, int32_t remove_item)
603 {
604 struct cc_data *cc = cl->cc;
605 struct cc_extended_ecm_idx *eei;
606 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
607
608 while((eei = ll_iter_next(&it)))
609 {
610 if(eei->ecm_idx == ecm_idx)
611 {
612 if(remove_item)
613 {
614 ll_iter_remove(&it);
615 }
616
617 //cs_log_dbg(D_TRACE, "%s get by ecm-idx: %d FOUND: %d", getprefix(), ecm_idx, eei->send_idx);
618 return eei;
619 }
620 }
621
622 #ifdef WITH_DEBUG
623 if(remove_item)
624 {
625 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s get by ecm-idx: %d NOT FOUND", getprefix(), ecm_idx);
626 }
627 #endif
628
629 return NULL;
630 }
631
632 void cc_reset_pending(struct s_client *cl, int32_t ecm_idx)
633 {
634 int32_t i = 0;
635
636 for(i = 0; i < cfg.max_pending; i++)
637 {
638 if(cl->ecmtask[i].idx == ecm_idx && cl->ecmtask[i].rc == E_ALREADY_SENT)
639 {
640 cl->ecmtask[i].rc = E_UNHANDLED; // Mark unused
641 }
642 }
643 }
644
645 void free_extended_ecm_idx_by_card(struct s_client *cl, struct cc_card *card, int8_t null_only)
646 {
647 struct cc_data *cc = cl->cc;
648 struct cc_extended_ecm_idx *eei;
649 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
650
651 while((eei = ll_iter_next(&it)))
652 {
653 if(eei->card == card)
654 {
655 if(null_only)
656 {
657 cc_reset_pending(cl, eei->ecm_idx);
658 if(eei->free_card)
659 {
660 NULLFREE(eei->card);
661 }
662 ll_iter_remove_data(&it);
663 }
664 else
665 {
666 if(eei->free_card)
667 {
668 NULLFREE(eei->card);
669 }
670 eei->card = NULL;
671 }
672 }
673 }
674 }
675
676 void free_extended_ecm_idx(struct cc_data *cc)
677 {
678 struct cc_extended_ecm_idx *eei;
679 LL_ITER it = ll_iter_create(cc->extended_ecm_idx);
680
681 while((eei = ll_iter_next(&it)))
682 {
683 if(eei->free_card)
684 {
685 NULLFREE(eei->card);
686 }
687 ll_iter_remove_data(&it);
688 }
689 }
690
691 int32_t cc_recv_to(struct s_client *cl, uint8_t *buf, int32_t len)
692 {
693 int32_t rc;
694 struct pollfd pfd;
695
696 while(1)
697 {
698 pfd.fd = cl->udp_fd;
699 pfd.events = POLLIN | POLLPRI;
700
701 rc = poll(&pfd, 1, cfg.cc_recv_timeout);
702
703 if(rc < 0)
704 {
705 if(errno == EINTR)
706 {
707 continue;
708 }
709
710 return -1; // error!!
711 }
712
713 if(rc == 1)
714 {
715 if(pfd.revents & POLLHUP)
716 {
717 return -1; // hangup = error!!
718 }
719 else
720 {
721 break;
722 }
723 }
724 else
725 {
726 return -2; // timeout!!
727 }
728 }
729 return cs_recv(cl->udp_fd, buf, len, MSG_WAITALL);
730 }
731
732 /**
733 * reader
734 * closes the connection and reopens it.
735 */
736 static int8_t cc_cycle_connection(struct s_client *cl)
737 {
738 if(!cl || cl->kill)
739 {
740 return 0;
741 }
742
743 cs_log_dbg(D_TRACE, "%s unlocked-cycleconnection! timeout %d ms", getprefix(), cl->reader->cc_reconnect);
744
745 cc_cli_close(cl, 0);
746 cs_sleepms(50);
747 cc_cli_connect(cl);
748
749 return cl->reader->tcp_connected;
750 }
751
752 /**
753 * reader + server:
754 * receive a message
755 */
756 int32_t cc_msg_recv(struct s_client *cl, uint8_t *buf, int32_t maxlen)
757 {
758 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
759
760 int32_t len;
761 struct cc_data *cc = cl->cc;
762 int32_t handle = cl->udp_fd;
763
764 if(handle <= 0 || maxlen < 4)
765 {
766 return -1;
767 }
768
769 if(!cl->cc)
770 {
771 return -1;
772 }
773
774 cs_writelock(__func__, &cc->lockcmd);
775
776 if(!cl->cc)
777 {
778 cs_writeunlock(__func__, &cc->lockcmd);
779 return -1;
780 }
781
782 len = cs_recv(handle, buf, 4, MSG_WAITALL);
783
784 if(len != 4) // invalid header length read
785 {
786 if(len <= 0)
787 {
788 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s disconnected by remote server", getprefix());
789 }
790 else
791 {
792 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s invalid header length (expected 4, read %d)",
793 getprefix(), len);
794 }
795
796 cs_writeunlock(__func__, &cc->lockcmd);
797 return -1;
798 }
799
800 cc_crypt(&cc->block[DECRYPT], buf, 4, DECRYPT);
801 //cs_log_dump_dbg(D_CLIENT, buf, 4, "cccam: decrypted header:");
802
803 cc->g_flag = buf[0];
804
805 int32_t size = (buf[2] << 8) | buf[3];
806 if(size) // check if any data is expected in msg
807 {
808 if(size > maxlen)
809 {
810 cs_writeunlock(__func__, &cc->lockcmd);
811 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s message too big (size=%d max=%d)",
812 getprefix(), size, maxlen);
813 return 0;
814 }
815
816 len = cs_recv(handle, buf + 4, size, MSG_WAITALL);
817
818 if(rdr && (buf[1] == MSG_CW_ECM
819 #ifdef CS_CACHEEX_AIO
820 || buf[1] == MSG_CW_ECM_LGF
821 #endif
822 ))
823 {
824 rdr->last_g = time(NULL);
825 }
826
827 if(len != size)
828 {
829 cs_writeunlock(__func__, &cc->lockcmd);
830
831 if(len <= 0)
832 {
833 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s disconnected by remote", getprefix());
834 }
835 else
836 {
837 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s invalid message length read (expected %d, read %d)",
838 getprefix(), size, len);
839 }
840 return -1;
841 }
842
843 cc_crypt(&cc->block[DECRYPT], buf + 4, len, DECRYPT);
844 len += 4;
845 }
846
847 cs_writeunlock(__func__, &cc->lockcmd);
848
849 //cs_log_dump_dbg(cl->typ=='c'?D_CLIENT:D_READER, buf, len, "cccam: full decrypted msg, len=%d:", len);
850
851 return len;
852 }
853
854 /**
855 * reader + server
856 * send a message
857 */
858 int32_t cc_cmd_send(struct s_client *cl, uint8_t *buf, int32_t len, cc_msg_type_t cmd)
859 {
860 if(!cl->udp_fd) // disconnected
861 {
862 return -1;
863 }
864
865 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
866
867 int32_t n;
868 struct cc_data *cc = cl->cc;
869
870 if(!cl->cc || cl->kill)
871 {
872 return -1;
873 }
874
875 cs_writelock(__func__, &cc->lockcmd);
876
877 if(!cl->cc || cl->kill)
878 {
879 cs_writeunlock(__func__, &cc->lockcmd);
880 return -1;
881 }
882
883 uint8_t *netbuf;
884 if(!cs_malloc(&netbuf, len + 4))
885 {
886 cs_writeunlock(__func__, &cc->lockcmd);
887 return -1;
888 }
889
890 if(cmd == MSG_NO_HEADER)
891 {
892 memcpy(netbuf, buf, len);
893 }
894 else
895 {
896 // build command message
897 netbuf[0] = cc->g_flag; // flags?
898 netbuf[1] = cmd & 0xff;
899 netbuf[2] = len >> 8;
900 netbuf[3] = len & 0xff;
901
902 if(buf)
903 {
904 memcpy(netbuf + 4, buf, len);
905 }
906 len += 4;
907 }
908
909 cs_log_dump_dbg(D_CLIENT, netbuf, len, "cccam: send:");
910 cc_crypt(&cc->block[ENCRYPT], netbuf, len, ENCRYPT);
911
912 n = send(cl->udp_fd, netbuf, len, 0);
913
914 cs_writeunlock(__func__, &cc->lockcmd);
915
916 NULLFREE(netbuf);
917
918 if(n != len)
919 {
920 if(rdr)
921 {
922 cc_cli_close(cl, 1);
923 }
924 else
925 {
926 cs_disconnect_client(cl);
927 }
928 n = -1;
929 }
930
931 return n;
932 }
933
934 #define CC_DEFAULT_VERSION 9
935 #define CC_VERSIONS 10
936 static char *version[CC_VERSIONS] = { "2.0.11", "2.1.1", "2.1.2", "2.1.3", "2.1.4", "2.2.0", "2.2.1", "2.3.0", "2.3.1", "2.3.2"};
937 static char *build[CC_VERSIONS] = { "2892", "2971", "3094", "3165", "3191", "3290", "3316", "3367", "9d508a", "4000"};
938 static char extcompat[CC_VERSIONS] = { 0, 0, 0, 0, 0, 1, 1, 1, 1, 1}; // Supporting new card format starting with 2.2.0
939
940 /**
941 * reader + server
942 * checks the cccam-version in the configuration
943 */
944 void cc_check_version(char *cc_version, char *cc_build)
945 {
946 int32_t i;
947 for(i = 0; i < CC_VERSIONS; i++)
948 {
949 if(!memcmp(cc_version, version[i], cs_strlen(version[i])))
950 {
951 memcpy(cc_build, build[i], cs_strlen(build[i]) + 1);
952 cs_log_dbg(D_CLIENT, "cccam: auto build set for version: %s build: %s", cc_version, cc_build);
953 return;
954 }
955 }
956
957 memcpy(cc_version, version[CC_DEFAULT_VERSION], cs_strlen(version[CC_DEFAULT_VERSION]));
958 memcpy(cc_build, build[CC_DEFAULT_VERSION], cs_strlen(build[CC_DEFAULT_VERSION]));
959
960 cs_log_dbg(D_CLIENT, "cccam: auto version set: %s build: %s", cc_version, cc_build);
961
962 return;
963 }
964
965 int32_t check_cccam_compat(struct cc_data *cc)
966 {
967 int32_t res = 0;
968 int32_t i = 0;
969 for(i = 0; i < CC_VERSIONS; i++)
970 {
971 if(!strcmp(cfg.cc_version, version[i]))
972 {
973 res += extcompat[i];
974 break;
975 }
976 }
977
978 if(!res)
979 {
980 return 0;
981 }
982
983 for(i = 0; i < CC_VERSIONS; i++)
984 {
985 if(!strcmp(cc->remote_version, version[i]))
986 {
987 res += extcompat[i];
988 break;
989 }
990 }
991
992 return res == 2;
993 }
994
995 /**
996 * reader
997 * sends own version information to the CCCam server
998 */
999 int32_t cc_send_cli_data(struct s_client *cl)
1000 {
1001 struct s_reader *rdr = cl->reader;
1002 struct cc_data *cc = cl->cc;
1003 const int32_t size = 20 + 8 + 6 + 26 + 4 + 28 + 1;
1004 uint8_t buf[size];
1005
1006 cs_log_dbg(D_READER, "cccam: send client data");
1007
1008 memcpy(cc->node_id, cc_node_id, sizeof(cc_node_id));
1009
1010 memcpy(buf, rdr->r_usr, sizeof(rdr->r_usr));
1011 memcpy(buf + 20, cc->node_id, 8);
1012 buf[28] = rdr->cc_want_emu; // <-- Client wants to have EMUs, 0 - NO; 1 - YES
1013 memcpy(buf + 29, rdr->cc_version, sizeof(rdr->cc_version)); // cccam version (ascii)
1014 memcpy(buf + 61, rdr->cc_build, sizeof(rdr->cc_build)); // build number (ascii)
1015
1016 // multics seed already detected, now send multics 'WHO' for getting and confirming multics server
1017 if(cc->multics_mode == 1)
1018 {
1019 memcpy(buf + 57, "W", 1);
1020 memcpy(buf + 58, "H", 1);
1021 memcpy(buf + 59, "O", 1);
1022 }
1023
1024 cs_log_dbg(D_READER, "%s sending own version: %s, build: %s", getprefix(), rdr->cc_version, rdr->cc_build);
1025
1026 return cc_cmd_send(cl, buf, size, MSG_CLI_DATA);
1027 }
1028
1029 /**
1030 * server
1031 * sends version information to the client
1032 */
1033 int32_t cc_send_srv_data(struct s_client *cl)
1034 {
1035 struct cc_data *cc = cl->cc;
1036
1037 cs_log_dbg(D_CLIENT, "cccam: send server data");
1038
1039 memcpy(cc->node_id, cc_node_id, sizeof(cc_node_id));
1040
1041 uint8_t buf[0x48];
1042 memset(buf, 0, 0x48);
1043
1044 int32_t stealth = cl->account->cccstealth;
1045 if(stealth == -1)
1046 {
1047 stealth = cfg.cc_stealth;
1048 }
1049
1050 if(stealth)
1051 {
1052 cc->node_id[7]++;
1053 }
1054
1055 memcpy(buf, cc->node_id, 8);
1056
1057 char cc_build[7], tmp_dbg[17];
1058 memset(cc_build, 0, sizeof(cc_build));
1059 cc_check_version((char *) cfg.cc_version, cc_build);
1060 memcpy(buf + 8, cfg.cc_version, sizeof(cfg.cc_version)); // cccam version (ascii)
1061 memcpy(buf + 40, cc_build, sizeof(cc_build)); // build number (ascii)
1062
1063 cs_log_dbg(D_CLIENT, "%s version: %s, build: %s nodeid: %s", getprefix(),
1064 cfg.cc_version, cc_build, cs_hexdump(0, cc->peer_node_id, 8, tmp_dbg, sizeof(tmp_dbg)));
1065
1066 return cc_cmd_send(cl, buf, 0x48, MSG_SRV_DATA);
1067 }
1068
1069 int32_t loop_check(uint8_t *myid, struct s_client *cl)
1070 {
1071 if(!cl || !myid)
1072 {
1073 return 0;
1074 }
1075
1076 struct cc_data *cc = cl->cc;
1077 if(!cc)
1078 {
1079 return 0;
1080 }
1081
1082 return !memcmp(myid, cc->peer_node_id, sizeof(cc->peer_node_id)); // same nodeid? ignore
1083 }
1084
1085 /**
1086 * reader
1087 * retrieves the next waiting ecm request
1088 */
1089 int32_t cc_get_nxt_ecm(struct s_client *cl)
1090 {
1091 struct cc_data *cc = cl->cc;
1092 ECM_REQUEST *er, *ern = NULL;
1093 int32_t n, i, pending = 0;
1094 struct timeb t;
1095
1096 cs_ftime(&t);
1097 int32_t diff = (int32_t)cfg.ctimeout + 500;
1098
1099 n = -1;
1100 for(i = 0; i < cfg.max_pending; i++)
1101 {
1102 er = &cl->ecmtask[i];
1103 if((comp_timeb(&t, &er->tps) >= diff) && (er->rc >= E_NOCARD)) // drop timeouts
1104 {
1105 write_ecm_answer(cl->reader, er, E_TIMEOUT, 0, NULL, NULL, 0, NULL);
1106 }
1107
1108 else if(er->rc >= E_NOCARD && er->rc <= E_UNHANDLED) // stil active and waiting
1109 {
1110 pending++;
1111 if(loop_check(cc->peer_node_id, er->client))
1112 {
1113 cs_log_dbg(D_READER, "%s ecm loop detected! client %s (%8lX)",
1114 getprefix(), er->client->account->usr, (unsigned long)er->client->thread);
1115 write_ecm_answer(cl->reader, er, E_NOTFOUND, E2_CCCAM_LOOP, NULL, NULL, 0, NULL);
1116 }
1117 else
1118 {
1119 // search for the ecm with the lowest time, this should be the next to go
1120 if(n < 0 || (ern->tps.time - er->tps.time < 0))
1121 {
1122 // check for already pending:
1123 if(cc && cc->extended_mode)
1124 {
1125 int32_t j, found;
1126 ECM_REQUEST *erx;
1127
1128 for(found = j = 0; j < cfg.max_pending; j++)
1129 {
1130 erx = &cl->ecmtask[j];
1131 if(i != j && erx->rc == E_ALREADY_SENT
1132 && er->caid == erx->caid && er->ecmd5 == erx->ecmd5)
1133 {
1134 found = 1;
1135 break;
1136 }
1137 }
1138
1139 if(!found)
1140 {
1141 n = i;
1142 ern = er;
1143 }
1144 }
1145 else
1146 {
1147 n = i;
1148 ern = er;
1149 }
1150 }
1151 }
1152 }
1153 }
1154
1155 cl->pending = pending;
1156 return n;
1157 }
1158
1159 /**
1160 * sends the secret cmd05 answer to the server
1161 */
1162 int32_t send_cmd05_answer(struct s_client *cl)
1163 {
1164 struct cc_data *cc = cl->cc;
1165 if(!cc->cmd05_active || cc->ecm_busy) // exit if not in cmd05 or waiting for ECM answer
1166 {
1167 return 0;
1168 }
1169
1170 cc->cmd05_active--;
1171 if(cc->cmd05_active)
1172 {
1173 return 0;
1174 }
1175
1176 uint8_t *data = cc->cmd05_data;
1177 cc_cmd05_mode cmd05_mode = MODE_UNKNOWN;
1178
1179 // by Project: Keynation
1180 switch(cc->cmd05_data_len)
1181 {
1182 case 0: // payload 0, return with payload 0!
1183 {
1184 cc_cmd_send(cl, NULL, 0, MSG_CMD_05);
1185 cmd05_mode = MODE_LEN0;
1186 break;
1187 }
1188
1189 case 256:
1190 {
1191 cmd05_mode = cc->cmd05_mode;
1192 switch(cmd05_mode)
1193 {
1194 case MODE_PLAIN: // send plain unencrypted back
1195 {
1196 cc_cmd_send(cl, data, 256, MSG_CMD_05);
1197 break;
1198 }
1199
1200 case MODE_AES: // encrypt with received aes128 key
1201 {
1202 AES_KEY key;
1203 uint8_t aeskey[16];
1204 uint8_t out[256];
1205
1206 memcpy(aeskey, cc->cmd05_aeskey, 16);
1207 memset(&key, 0, sizeof(key));
1208
1209 AES_set_encrypt_key((uint8_t *) &aeskey, 128, &key);
1210 int32_t i;
1211
1212 for(i = 0; i < 256; i += 16)
1213 {
1214 AES_encrypt((uint8_t *)data + i, (uint8_t *) &out + i, &key);
1215 }
1216
1217 cc_cmd_send(cl, out, 256, MSG_CMD_05);
1218 break;
1219 }
1220
1221 case MODE_CC_CRYPT: // encrypt with cc_crypt
1222 {
1223 cc_crypt(&cc->cmd05_cryptkey, data, 256, ENCRYPT);
1224 cc_cmd_send(cl, data, 256, MSG_CMD_05);
1225 break;
1226 }
1227
1228 case MODE_RC4_CRYPT: // special xor crypt
1229 {
1230 cc_rc4_crypt(&cc->cmd05_cryptkey, data, 256, DECRYPT);
1231 cc_cmd_send(cl, data, 256, MSG_CMD_05);
1232 break;
1233 }
1234
1235 default:
1236 cmd05_mode = MODE_UNKNOWN;
1237 }
1238 break;
1239 }
1240
1241 default:
1242 cmd05_mode = MODE_UNKNOWN;
1243 }
1244
1245 // unhandled types always needs cycle connection after 50 ECMs!
1246 if(cmd05_mode == MODE_UNKNOWN)
1247 {
1248 cc_cmd_send(cl, NULL, 0, MSG_CMD_05);
1249 if(!cc->max_ecms) // max_ecms already set?
1250 {
1251 cc->max_ecms = 50;
1252 cc->ecm_counter = 0;
1253 }
1254 }
1255
1256 cs_log_dbg(D_READER, "%s sending CMD_05 back! MODE: %s len=%d",
1257 getprefix(), cmd05_mode_name[cmd05_mode], cc->cmd05_data_len);
1258
1259 cc->cmd05NOK = 1;
1260 return 1;
1261 }
1262
1263 int32_t get_UA_ofs(uint16_t caid)
1264 {
1265 int32_t ofs = 0;
1266 switch(caid >> 8)
1267 {
1268 case 0x05: // VIACCESS
1269 case 0x0D: // CRYPTOWORKS
1270 //ofs = 1;
1271 //break;
1272 case 0x4B: // TONGFANG
1273 case 0x09: // VIDEOGUARD
1274 case 0x0B: // CONAX
1275 case 0x18: // NAGRA
1276 case 0x01: // SECA
1277 case 0x00: // SECAMANAGMENT
1278 case 0x17: // BETACRYPT
1279 case 0x06: // IRDETO
1280 ofs = 2;
1281 break;
1282 }
1283
1284 return ofs;
1285 }
1286
1287 int32_t UA_len(uint8_t *ua)
1288 {
1289 int32_t i, len = 0;
1290
1291 for(i = 0; i < 8; i++)
1292 {
1293 if(ua[i])
1294 {
1295 len++;
1296 }
1297 }
1298 return len;
1299 }
1300 void UA_left(uint8_t *in, uint8_t *out, int32_t ofs)
1301 {
1302 memset(out, 0, 8);
1303 memcpy(out, in + ofs, 8 - ofs);
1304 }
1305
1306 void UA_right(uint8_t *in, uint8_t *out, int32_t len)
1307 {
1308 int32_t ofs = 0;
1309
1310 while(len)
1311 {
1312 memcpy(out + ofs, in, len);
1313 len--;
1314
1315 if(out[len])
1316 {
1317 break;
1318 }
1319 ofs++;
1320 out[0] = 0;
1321 }
1322 }
1323
1324 /**
1325 * cccam uses UA right justified
1326 **/
1327 void cc_UA_oscam2cccam(uint8_t *in, uint8_t *out, uint16_t caid)
1328 {
1329 uint8_t tmp[8];
1330 memset(out, 0, 8);
1331 memset(tmp, 0, 8);
1332
1333 //switch(caid >> 8)
1334 //{
1335 // case 0x17: //IRDETO/Betacrypt:
1336 // //oscam: AA BB CC DD 00 00 00 00
1337 // //cccam: 00 00 00 00 DD AA BB CC
1338 // out[4] = in[3]; //Hexbase
1339 // out[5] = in[0];
1340 // out[6] = in[1];
1341 // out[7] = in[2];
1342 // return;
1343 //
1344 // //Place here your own adjustments!
1345 //}
1346
1347 if(caid_is_bulcrypt(caid))
1348 {
1349 out[4] = in[0];
1350 out[5] = in[1];
1351 out[6] = in[2];
1352 out[7] = in[3];
1353 return;
1354 }
1355
1356 hexserial_to_newcamd(in, tmp + 2, caid);
1357 UA_right(tmp, out, 8);
1358 }
1359
1360 /**
1361 * oscam has a special format, depends on offset or type:
1362 **/
1363 void cc_UA_cccam2oscam(uint8_t *in, uint8_t *out, uint16_t caid)
1364 {
1365 uint8_t tmp[8];
1366 memset(out, 0, 8);
1367 memset(tmp, 0, 8);
1368
1369 //switch(caid >> 8)
1370 //{
1371 // case 0x17: //IRDETO/Betacrypt:
1372 // //cccam: 00 00 00 00 DD AA BB CC
1373 // //oscam: AA BB CC DD 00 00 00 00
1374 // out[0] = in[5];
1375 // out[1] = in[6];
1376 // out[2] = in[7];
1377 // out[3] = in[4]; //Hexbase
1378 // return;
1379
1380 // //Place here your own adjustments!
1381 //}
1382
1383 if(caid_is_bulcrypt(caid))
1384 {
1385 out[0] = in[4];
1386 out[1] = in[5];
1387 out[2] = in[6];
1388 out[3] = in[7];
1389 return;
1390 }
1391
1392 int32_t ofs = get_UA_ofs(caid);
1393 UA_left(in, tmp, ofs);
1394 newcamd_to_hexserial(tmp, out, caid);
1395 }
1396
1397 void cc_SA_oscam2cccam(uint8_t *in, uint8_t *out)
1398 {
1399 memcpy(out, in, 4);
1400 }
1401
1402 void cc_SA_cccam2oscam(uint8_t *in, uint8_t *out)
1403 {
1404 memcpy(out, in, 4);
1405 }
1406
1407 int32_t cc_UA_valid(uint8_t *ua)
1408 {
1409 int32_t i;
1410
1411 for(i = 0; i < 8; i++)
1412 {
1413 if(ua[i])
1414 {
1415 return 1;
1416 }
1417 }
1418
1419 return 0;
1420 }
1421
1422 /**
1423 * Updates AU Data: UA (Unique ID / Hexserial) und SA (Shared ID - Provider)
1424 */
1425 void set_au_data(struct s_client *cl, struct s_reader *rdr, struct cc_card *card, ECM_REQUEST *cur_er)
1426 {
1427 if(rdr->audisabled || !cc_UA_valid(card->hexserial))
1428 {
1429 return;
1430 }
1431
1432 struct cc_data *cc = cl->cc;
1433 char tmp_dbg[17];
1434 cc->last_emm_card = card;
1435
1436 cc_UA_cccam2oscam(card->hexserial, rdr->hexserial, rdr->caid);
1437
1438 cs_log_dbg(D_EMM, "%s au info: caid %04X UA: %s", getprefix(), card->caid,
1439 cs_hexdump(0, rdr->hexserial, 8, tmp_dbg, sizeof(tmp_dbg)));
1440
1441 rdr->nprov = 0;
1442 LL_ITER it2 = ll_iter_create(card->providers);
1443 struct cc_provider *provider;
1444 int32_t p = 0;
1445
1446 while((provider = ll_iter_next(&it2)))
1447 {
1448 if(!cur_er || provider->prov == cur_er->prid || !provider->prov || !cur_er->prid)
1449 {
1450 rdr->prid[p][0] = provider->prov >> 24;
1451 rdr->prid[p][1] = provider->prov >> 16;
1452 rdr->prid[p][2] = provider->prov >> 8;
1453 rdr->prid[p][3] = provider->prov & 0xFF;
1454 cc_SA_cccam2oscam(provider->sa, rdr->sa[p]);
1455
1456 cs_log_dbg(D_EMM, "%s au info: provider: %06X:%02X%02X%02X%02X", getprefix(),
1457 provider->prov, provider->sa[0], provider->sa[1], provider->sa[2], provider->sa[3]);
1458
1459 p++;
1460 rdr->nprov = p;
1461 if(p >= CS_MAXPROV)
1462 {
1463 break;
1464 }
1465 }
1466 }
1467
1468 if(!rdr->nprov) // No Providers? Add null-provider
1469 {
1470 memset(rdr->prid[0], 0, sizeof(rdr->prid[0]));
1471 rdr->nprov = 1;
1472 }
1473
1474 rdr->caid = card->caid;
1475 if(cur_er)
1476 {
1477 rdr->auprovid = cur_er->prid;
1478 }
1479 }
1480
1481 int32_t same_first_node(struct cc_card *card1, struct cc_card *card2)
1482 {
1483 uint8_t *node1 = ll_has_elements(card1->remote_nodes);
1484 uint8_t *node2 = ll_has_elements(card2->remote_nodes);
1485
1486 if(!node1 && !node2)
1487 {
1488 return 1; // both NULL, same!
1489 }
1490
1491 if(!node1 || !node2)
1492 {
1493 return 0; // one NULL, not same!
1494 }
1495
1496 return !memcmp(node1, node2, 8); // same?
1497 }
1498
1499 int32_t same_card2(struct cc_card *card1, struct cc_card *card2, int8_t compare_grp)
1500 {
1501 return (card1->caid == card2->caid &&
1502 card1->card_type == card2->card_type &&
1503 card1->sidtab == card2->sidtab &&
1504 (!compare_grp || card1->grp == card2->grp) &&
1505 !memcmp(card1->hexserial, card2->hexserial, sizeof(card1->hexserial)));
1506 }
1507
1508 int32_t same_card(struct cc_card *card1, struct cc_card *card2)
1509 {
1510 return (card1->remote_id == card2->remote_id &&
1511 same_card2(card1, card2, 1) &&
1512 same_first_node(card1, card2));
1513 }
1514
1515 struct cc_card *get_matching_card(struct s_client *cl, ECM_REQUEST *cur_er, int8_t chk_only)
1516 {
1517 struct cc_data *cc = cl->cc;
1518 struct s_reader *rdr = cl->reader;
1519
1520 if(cl->kill || !rdr || !cc)
1521 {
1522 return NULL;
1523 }
1524
1525 struct cc_srvid cur_srvid;
1526 cur_srvid.sid = cur_er->srvid;
1527 cur_srvid.chid = cur_er->chid;
1528 cur_srvid.ecmlen = cur_er->ecmlen;
1529
1530 int32_t best_rating = MIN_RATING - 1, rating;
1531
1532 LL_ITER it = ll_iter_create(cc->cards);
1533 struct cc_card *card = NULL, *ncard, *xcard = NULL;
1534
1535 while((ncard = ll_iter_next(&it)))
1536 {
1537 int lb_match = 0;
1538 if(config_enabled(WITH_LB))
1539 {
1540 // accept beta card when beta-tunnel is on
1541 lb_match = chk_only && cfg.lb_mode && cfg.lb_auto_betatunnel &&
1542 ((caid_is_nagra(cur_er->caid) && caid_is_betacrypt(ncard->caid) && cfg.lb_auto_betatunnel_mode <= 3) ||
1543 (caid_is_betacrypt(cur_er->caid) && caid_is_nagra(ncard->caid) && cfg.lb_auto_betatunnel_mode >= 1));
1544 }
1545
1546 if((ncard->caid == cur_er->caid // caid matches
1547 || (rdr->cc_want_emu && (ncard->caid == (cur_er->caid & 0xFF00))))
1548 || lb_match) // or system matches if caid ends with 00 (needed for wantemu)
1549 {
1550 int32_t goodSidCount = ll_count(ncard->goodsids);
1551 int32_t badSidCount = ll_count(ncard->badsids);
1552 struct cc_srvid *good_sid;
1553 struct cc_srvid_block *blocked_sid;
1554
1555 if(goodSidCount && !badSidCount) // only good sids -> check if sid is good
1556 {
1557 good_sid = is_good_sid(ncard, &cur_srvid);
1558 if(!good_sid)
1559 {
1560 continue;
1561 }
1562 }
1563 else if(!goodSidCount && badSidCount) // only bad sids -> check if sid is bad
1564 {
1565 blocked_sid = is_sid_blocked(ncard, &cur_srvid);
1566 if(blocked_sid && (!chk_only || blocked_sid->blocked_till == 0))
1567 {
1568 continue;
1569 }
1570 }
1571 else if(goodSidCount && badSidCount) // bad and good sids -> check not blocked and good
1572 {
1573 blocked_sid = is_sid_blocked(ncard, &cur_srvid);
1574 good_sid = is_good_sid(ncard, &cur_srvid);
1575
1576 if(blocked_sid && (!chk_only || blocked_sid->blocked_till == 0))
1577 {
1578 continue;
1579 }
1580
1581 if(!good_sid)
1582 {
1583 continue;
1584 }
1585 }
1586
1587 if(!(rdr->cc_want_emu) && caid_is_nagra(ncard->caid) && (!xcard || ncard->hop < xcard->hop))
1588 {
1589 xcard = ncard; // remember card (D+ / 1810 fix) if request has no provider, but card has
1590 }
1591
1592 rating = ncard->rating - ncard->hop * HOP_RATING;
1593 if(rating < MIN_RATING)
1594 {
1595 rating = MIN_RATING;
1596 }
1597 else if(rating > MAX_RATING)
1598 {
1599 rating = MAX_RATING;
1600 }
1601
1602 if(!ll_count(ncard->providers)) // card has no providers:
1603 {
1604 if(rating > best_rating)
1605 {
1606 // ncard is closer
1607 card = ncard;
1608 best_rating = rating; // ncard has been matched
1609 }
1610
1611 }
1612 else // card has providers
1613 {
1614 LL_ITER it2 = ll_iter_create(ncard->providers);
1615 struct cc_provider *provider;
1616
1617 while((provider = ll_iter_next(&it2)))
1618 {
1619 if(!cur_er->prid || (provider->prov == cur_er->prid)) // provid matches
1620 {
1621 if(rating > best_rating)
1622 {
1623 // ncard is closer
1624 card = ncard;
1625 best_rating = rating; // ncard has been matched
1626 }
1627 }
1628 }
1629 }
1630 }
1631 }
1632
1633 if(!card)
1634 {
1635 card = xcard; // 18xx: if request has no provider and we have no card, we try this card
1636 }
1637
1638 return card;
1639 }
1640
1641 // reopen all blocked sids for this srvid
1642 static void reopen_sids(struct cc_data *cc, int8_t ignore_time, ECM_REQUEST *cur_er, struct cc_srvid *cur_srvid)
1643 {
1644 time_t utime = time(NULL);
1645 struct cc_card *card;
1646 LL_ITER it = ll_iter_create(cc->cards);
1647
1648 while((card = ll_iter_next(&it)))
1649 {
1650 if(card->caid == cur_er->caid) // caid matches
1651 {
1652 LL_ITER it2 = ll_iter_create(card->badsids);
1653 struct cc_srvid_block *srvid;
1654
1655 while((srvid = ll_iter_next(&it2)))
1656 {
1657 if(srvid->blocked_till > 0 && sid_eq((struct cc_srvid *)srvid, cur_srvid))
1658 {
1659 if(ignore_time || srvid->blocked_till <= utime)
1660 {
1661 ll_iter_remove_data(&it2);
1662 }
1663 }
1664 }
1665 }
1666 }
1667 }
1668
1669 static int8_t cc_request_timeout(struct s_client *cl)
1670 {
1671 struct s_reader *rdr = cl->reader;
1672 struct cc_data *cc = cl->cc;
1673 struct timeb timeout;
1674 struct timeb cur_time;
1675
1676 if(!cc || !cc->ecm_busy)
1677 {
1678 return 0;
1679 }
1680
1681 cs_ftime(&cur_time);
1682
1683 timeout = cc->ecm_time;
1684 int32_t tt = rdr->cc_reconnect;
1685
1686 if(tt <= 0)
1687 {
1688 tt = DEFAULT_CC_RECONNECT;
1689 }
1690
1691 add_ms_to_timeb(&timeout, tt);
1692
1693 return (comp_timeb(&cur_time, &timeout) >= 0);
1694 }
1695
1696 /**
1697 * reader
1698 * sends a ecm request to the connected CCCam Server
1699 */
1700 int32_t cc_send_ecm(struct s_client *cl, ECM_REQUEST *er)
1701 {
1702 struct s_reader *rdr = cl->reader;
1703
1704 //cs_log_dbg(D_TRACE, "%s cc_send_ecm", getprefix());
1705 if(!rdr->tcp_connected)
1706 {
1707 cc_cli_connect(cl);
1708 }
1709
1710 int32_t n;
1711 struct cc_data *cc = cl->cc;
1712 struct cc_card *card = NULL;
1713 LL_ITER it;
1714 ECM_REQUEST *cur_er;
1715 struct timeb cur_time;
1716 cs_ftime(&cur_time);
1717
1718 if(!cc || (cl->pfd < 1) || !rdr->tcp_connected)
1719 {
1720 if(er)
1721 {
1722 cs_log_dbg(D_READER, "%s server not init! ccinit=%d pfd=%d", rdr->label, cc ? 1 : 0, cl->pfd);
1723 write_ecm_answer(rdr, er, E_NOTFOUND, E2_CCCAM_NOCARD, NULL, NULL, 0, NULL);
1724 }
1725 //cc_cli_close(cl);
1726 return 0;
1727 }
1728
1729 if(rdr->tcp_connected != 2)
1730 {
1731 cs_log_dbg(D_READER, "%s Waiting for CARDS", getprefix());
1732 return 0;
1733 }
1734
1735 // No Card? Waiting for shares
1736 if(!ll_has_elements(cc->cards))
1737 {
1738 cs_log_dbg(D_READER, "%s NO CARDS!", getprefix());
1739 return 0;
1740 }
1741
1742 cc->just_logged_in = 0;
1743
1744 if(!cc->extended_mode)
1745 {
1746 // Without extended mode, only one ecm at a time could be send
1747 // this is a limitation of "O" CCCam
1748 if(cc->ecm_busy > 0) // Unlock by NOK or ECM ACK
1749 {
1750 cs_log_dbg(D_READER, "%s ecm trylock: ecm busy, retrying later after msg-receive", getprefix());
1751
1752 if(!cc_request_timeout(cl))
1753 {
1754 return 0; // pending send...
1755 }
1756
1757 if(!cc_cycle_connection(cl))
1758 {
1759 return 0;
1760 }
1761 }
1762
1763 cc->ecm_busy = 1;
1764 cs_log_dbg(D_READER, "cccam: ecm trylock: got lock");
1765 }
1766
1767 int32_t processed_ecms = 0;
1768
1769 do
1770 {
1771 cc->ecm_time = cur_time;
1772
1773 // Search next ECM to send
1774 if((n = cc_get_nxt_ecm(cl)) < 0)
1775 {
1776 if(!cc->extended_mode)
1777 {
1778 cc->ecm_busy = 0;
1779 }
1780
1781 cs_log_dbg(D_READER, "%s no ecm pending!", getprefix());
1782
1783 if(!cc_send_pending_emms(cl))
1784 {
1785 send_cmd05_answer(cl);
1786 }
1787
1788 return 0; // no queued ecms
1789 }
1790
1791 cur_er = &cl->ecmtask[n];
1792 cur_er->rc = E_ALREADY_SENT; // mark ECM as already send
1793 cs_log_dbg(D_READER, "cccam: ecm-task %d", cur_er->idx);
1794
1795 // sleepsend support
1796 static const char *typtext[] = { "ok", "invalid", "sleeping" };
1797
1798 if(cc->sleepsend && cl->stopped)
1799 {
1800 if(cur_er->srvid == cl->lastsrvid && cur_er->caid == cl->lastcaid && cur_er->pid == cl->lastpid)
1801 {
1802 cs_log("%s is stopped - requested by server (%s)", cl->reader->label, typtext[cl->stopped]);
1803
1804 if(!cc->extended_mode)
1805 {
1806 cc->ecm_busy = 0;
1807 }
1808
1809 write_ecm_answer(rdr, cur_er, E_STOPPED, 0, NULL, NULL, 0, NULL);
1810 return 0;
1811 }
1812 else
1813 {
1814 cl->stopped = 0;
1815 }
1816 }
1817
1818 cl->lastsrvid = cur_er->srvid;
1819 cl->lastcaid = cur_er->caid;
1820 cl->lastpid = cur_er->pid;
1821 // sleepsend support end
1822
1823 struct cc_srvid cur_srvid;
1824 cur_srvid.sid = cur_er->srvid;
1825 cur_srvid.chid = cur_er->chid;
1826 cur_srvid.ecmlen = cur_er->ecmlen;
1827
1828 cs_readlock(__func__, &cc->cards_busy);
1829
1830 // forward_origin
1831 if(cfg.cc_forward_origin_card && cur_er->origin_reader == rdr && cur_er->origin_card)
1832 {
1833 it = ll_iter_create(cc->cards);
1834 struct cc_card *ncard;
1835
1836 while((ncard = ll_iter_next(&it)))
1837 {
1838 if(ncard == cur_er->origin_card) // Search the origin card
1839 {
1840 card = ncard; // found it, use it!
1841 break;
1842 }
1843 }
1844 }
1845
1846 if(!card)
1847 {
1848 reopen_sids(cc, 0, cur_er, &cur_srvid);
1849 card = get_matching_card(cl, cur_er, 0);
1850 }
1851
1852 if(!card && has_srvid(rdr->client, cur_er))
1853 {
1854 reopen_sids(cc, 1, cur_er, &cur_srvid);
1855 card = get_matching_card(cl, cur_er, 0);
1856 }
1857
1858 if(card)
1859 {
1860 uint8_t *ecmbuf;
1861 if(!cs_malloc(&ecmbuf, cur_er->ecmlen + 13))
1862 {
1863 cs_readunlock(__func__, &cc->cards_busy);
1864 break;
1865 }
1866
1867 // build ecm message
1868 ecmbuf[0] = cur_er->caid >> 8;
1869 ecmbuf[1] = cur_er->caid & 0xff;
1870 ecmbuf[2] = cur_er->prid >> 24;
1871 ecmbuf[3] = cur_er->prid >> 16;
1872 ecmbuf[4] = cur_er->prid >> 8;
1873 ecmbuf[5] = cur_er->prid & 0xff;
1874 ecmbuf[6] = card->id >> 24;
1875 ecmbuf[7] = card->id >> 16;
1876 ecmbuf[8] = card->id >> 8;
1877 ecmbuf[9] = card->id & 0xff;
1878 ecmbuf[10] = cur_er->srvid >> 8;
1879 ecmbuf[11] = cur_er->srvid & 0xff;
1880 ecmbuf[12] = cur_er->ecmlen & 0xff;
1881 memcpy(ecmbuf + 13, cur_er->ecm, cur_er->ecmlen);
1882
1883 uint8_t send_idx = 1;
1884 if(cc->extended_mode)
1885 {
1886 cc->server_ecm_idx++;
1887
1888 if(cc->server_ecm_idx >= 256)
1889 {
1890 cc->server_ecm_idx = 1;
1891 }
1892
1893 cc->g_flag = cc->server_ecm_idx; // Flag is used as index!
1894 send_idx = cc->g_flag;
1895 }
1896
1897 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx(cl, send_idx, 0);
1898 if(eei)
1899 {
1900 eei->ecm_idx = cur_er->idx;
1901 eei->card = card;
1902 eei->cccam_id = card->id;
1903 eei->srvid = cur_srvid;
1904 }
1905 else
1906 {
1907 eei = add_extended_ecm_idx(cl, send_idx, cur_er->idx, card, cur_srvid, 0);
1908 if(!eei)
1909 {
1910 NULLFREE(ecmbuf);
1911 cs_readunlock(__func__, &cc->cards_busy);
1912 break;
1913 }
1914 }
1915 eei->tps = cur_er->tps;
1916
1917 rdr->currenthops = card->hop;
1918 rdr->card_status = CARD_INSERTED;
1919
1920 cs_log_dbg( D_READER, "%s sending ecm for sid %04X(%d) to card %08x, hop %d, ecmtask %d",
1921 getprefix(), cur_er->srvid, cur_er->ecmlen, card->id, card->hop, cur_er->idx);
1922
1923 cl->reader->last_s = time(NULL);
1924 cc_cmd_send(cl, ecmbuf, cur_er->ecmlen + 13, MSG_CW_ECM); // send ecm
1925
1926 NULLFREE(ecmbuf);
1927
1928 // For EMM
1929 set_au_data(cl, rdr, card, cur_er);
1930 cs_readunlock(__func__, &cc->cards_busy);
1931
1932 processed_ecms++;
1933 if(cc->extended_mode)
1934 {
1935 continue; // process next pending ecm!
1936 }
1937
1938 return 0;
1939 }
1940 else
1941 {
1942 // When connecting, it could happen than ecm requests come before all cards are received.
1943 // So if the last Message was a MSG_NEW_CARD, this "card receiving" is not already done
1944 // if this happens, we do not autoblock it and do not set rc status
1945 // So fallback could resolve it
1946 if(cc->last_msg != MSG_NEW_CARD && cc->last_msg != MSG_NEW_CARD_SIDINFO
1947 && cc->last_msg != MSG_CARD_REMOVED && !cc->just_logged_in)
1948 {
1949 cs_log_dbg(D_READER, "%s no suitable card on server", getprefix());
1950
1951 write_ecm_answer(rdr, cur_er, E_NOTFOUND, E2_CCCAM_NOCARD, NULL, NULL, 0, NULL);
1952
1953 //cur_er->rc = 1;
1954 //cur_er->rcEx = 0;
1955 //cs_sleepms(300);
1956 rdr->last_s = rdr->last_g;
1957
1958 reopen_sids(cc, 0, cur_er, &cur_srvid);
1959 }
1960 else
1961 {
1962 // We didn't find a card and the last message was MSG_CARD_REMOVED,
1963 // so we wait for a new card and process die ecm later
1964 cur_er->rc = E_WAITING; // mark as waiting
1965 }
1966 }
1967
1968 cs_readunlock(__func__, &cc->cards_busy);
1969
1970 // process next pending ecm!
1971 }
1972 while(cc->extended_mode || processed_ecms == 0);
1973
1974 // Now mark all waiting as unprocessed
1975 int8_t i;
1976 for(i = 0; i < cfg.max_pending; i++)
1977 {
1978 er = &cl->ecmtask[i];
1979 if(er->rc == E_WAITING)
1980 {
1981 er->rc = E_UNHANDLED;
1982 }
1983 }
1984
1985 if(!cc->extended_mode)
1986 {
1987 cc->ecm_busy = 0;
1988 }
1989
1990 return 0;
1991 }
1992
1993 /*int32_t cc_abort_user_ecms()
1994 {
1995 int32_t n, i;
1996 time_t t;//, tls;
1997 struct cc_data *cc = rdr->cc;
1998
1999 t = time((time_t *)0);
2000 for(i = 1, n = 1; i < cfg.max_pending; i++)
2001 {
2002 if((t-cl->ecmtask[i].tps.time > ((cfg.ctimeout + 500) / 1000) + 1) && (cl->ecmtask[i].rc >= 10)) // drop timeouts
2003 {
2004 cl->ecmtask[i].rc=0;
2005 }
2006
2007 int32_t td = abs(comp_timeb(&ecmtask[i].tps, &cc->found->tps);
2008 if(ecmtask[i].rc >= 10 && ecmtask[i].cidx == cc->found->cidx && &ecmtask[i] != cc->found)
2009 {
2010 cs_log("aborting idx:%d caid:%04x client:%d timedelta:%d",ecmtask[i].idx,ecmtask[i].caid,ecmtask[i].cidx,td);
2011 ecmtask[i].rc = 0;
2012 ecmtask[i].rcEx = 7;
2013 write_ecm_answer(rdr, fd_c2m, &ecmtask[i], 0, NULL);
2014 }
2015 }
2016 return n;
2017 }*/
2018
2019 int32_t cc_send_pending_emms(struct s_client *cl)
2020 {
2021 struct cc_data *cc = cl->cc;
2022 if(!cc)
2023 {
2024 return 0;
2025 }
2026
2027 LL_ITER it = ll_iter_create(cc->pending_emms);
2028 uint8_t *emmbuf;
2029 int32_t size = 0;
2030
2031 if((emmbuf = ll_iter_next(&it)))
2032 {
2033 if(!cc->extended_mode)
2034 {
2035 if(cc->ecm_busy > 0) // Unlock by NOK or ECM ACK
2036 {
2037 return 0; // send later with cc_send_ecm
2038 }
2039 cc->ecm_busy = 1;
2040 }
2041
2042 // Support for emmsize > 256 bytes
2043 size = (emmbuf[11] | (emmbuf[2] << 8)) + 12;
2044 emmbuf[2] = 0;
2045
2046 cc->just_logged_in = 0;
2047 cs_ftime(&cc->ecm_time);
2048
2049 cs_log_dbg(D_EMM, "%s emm send for card %08X", getprefix(), b2i(4, emmbuf + 7));
2050
2051 cc_cmd_send(cl, emmbuf, size, MSG_EMM_ACK); // send emm
2052 cl->last = time(NULL);
2053 cl->reader->last_g = time(NULL);
2054 cl->reader->last_s = time(NULL);
2055
2056 ll_iter_remove_data(&it);
2057 }
2058
2059 return size;
2060 }
2061
2062 /**
2063 * READER only:
2064 * find card by hexserial
2065 */
2066 struct cc_card *get_card_by_hexserial(struct s_client *cl, uint8_t *hexserial, uint16_t caid)
2067 {
2068 struct cc_data *cc = cl->cc;
2069 LL_ITER it = ll_iter_create(cc->cards);
2070 struct cc_card *card;
2071
2072 while((card = ll_iter_next(&it)))
2073 {
2074 if(card->caid == caid && memcmp(card->hexserial, hexserial, 8) == 0) // found it!
2075 {
2076 break;
2077 }
2078 }
2079
2080 return card;
2081 }
2082
2083 /**
2084 * EMM Procession
2085 * Copied from http://85.17.209.13:6100/file/8ec3c0c5d257/systems/cardclient/cccam2.c
2086 * ProcessEmm
2087 */
2088 int32_t cc_send_emm(EMM_PACKET *ep)
2089 {
2090 struct s_client *cl = cur_client();
2091 struct s_reader *rdr = cl->reader;
2092
2093 if(!rdr->tcp_connected)
2094 {
2095 cc_cli_connect(cl);
2096 }
2097
2098 struct cc_data *cc = cl->cc;
2099
2100 if(!cc || (cl->pfd < 1) || !rdr->tcp_connected)
2101 {
2102 cs_log_dbg(D_READER, "%s server not init! ccinit=%d pfd=%d", getprefix(), cc ? 1 : 0, cl->pfd);
2103 return 0;
2104 }
2105
2106 if(rdr->audisabled)
2107 {
2108 cs_log_dbg(D_READER, "%s au is disabled", getprefix());
2109 return 0;
2110 }
2111
2112 uint16_t caid = b2i(2, ep->caid);
2113
2114 // Last used card is first card of current_cards
2115 cs_readlock(__func__, &cc->cards_busy);
2116
2117 struct cc_card *emm_card = cc->last_emm_card;
2118
2119 if(!emm_card)
2120 {
2121 uint8_t hs[8];
2122 char tmp_dbg[17];
2123
2124 cc_UA_oscam2cccam(ep->hexserial, hs, caid);
2125
2126 cs_log_dbg(D_EMM, "%s au info: searching card for caid %04X oscam-UA: %s",
2127 getprefix(), b2i(2, ep->caid), cs_hexdump(0, ep->hexserial, 8, tmp_dbg, sizeof(tmp_dbg)));
2128
2129 cs_log_dbg(D_EMM, "%s au info: searching card for caid %04X cccam-UA: %s",
2130 getprefix(), b2i(2, ep->caid), cs_hexdump(0, hs, 8, tmp_dbg, sizeof(tmp_dbg)));
2131
2132 emm_card = get_card_by_hexserial(cl, hs, caid);
2133 }
2134
2135 if(!emm_card) // Card for emm not found!
2136 {
2137 cs_log_dbg(D_EMM, "%s emm for client %8lX not possible, no card found!",
2138 getprefix(), (unsigned long)ep->client->thread);
2139
2140 cs_readunlock(__func__, &cc->cards_busy);
2141 return 0;
2142 }
2143
2144 cs_log_dbg(D_EMM, "%s emm received for client %8lX caid %04X for card %08X",
2145 getprefix(), (unsigned long)ep->client->thread, caid, emm_card->id);
2146
2147 int32_t size = ep->emmlen + 12;
2148 uint8_t *emmbuf;
2149
2150 if(!cs_malloc(&emmbuf, size))
2151 {
2152 cs_readunlock(__func__, &cc->cards_busy);
2153 return 0;
2154 }
2155
2156 // build ecm message
2157 emmbuf[0] = ep->caid[0];
2158 emmbuf[1] = ep->caid[1];
2159 emmbuf[2] = ep->emmlen >> 8; // Support for emm len > 256 bytes
2160 emmbuf[3] = ep->provid[0];
2161 emmbuf[4] = ep->provid[1];
2162 emmbuf[5] = ep->provid[2];
2163 emmbuf[6] = ep->provid[3];
2164 emmbuf[7] = emm_card->id >> 24;
2165 emmbuf[8] = emm_card->id >> 16;
2166 emmbuf[9] = emm_card->id >> 8;
2167 emmbuf[10] = emm_card->id & 0xff;
2168 emmbuf[11] = ep->emmlen & 0xff;
2169 memcpy(emmbuf + 12, ep->emm, ep->emmlen);
2170
2171 cs_readunlock(__func__, &cc->cards_busy);
2172
2173 ll_append(cc->pending_emms, emmbuf);
2174 cc_send_pending_emms(cl);
2175
2176 return 1;
2177 }
2178
2179 void cc_free_card(struct cc_card *card)
2180 {
2181 if(!card)
2182 {
2183 return;
2184 }
2185
2186 ll_destroy_data(&card->providers);
2187 ll_destroy_data(&card->badsids);
2188 ll_destroy_data(&card->goodsids);
2189 ll_destroy_data(&card->remote_nodes);
2190
2191 add_garbage(card);
2192 }
2193
2194 struct cc_card *cc_get_card_by_id(uint32_t card_id, LLIST *cards)
2195 {
2196 if(!cards)
2197 {
2198 return NULL;
2199 }
2200
2201 LL_ITER it = ll_iter_create(cards);
2202 struct cc_card *card;
2203
2204 while((card = ll_iter_next(&it)))
2205 {
2206 if(card->id == card_id)
2207 {
2208 break;
2209 }
2210 }
2211
2212 return card;
2213 }
2214
2215 void cc_free_cardlist(LLIST *card_list, int32_t destroy_list)
2216 {
2217 if(card_list)
2218 {
2219 LL_ITER it = ll_iter_create(card_list);
2220 struct cc_card *card;
2221
2222 while((card = ll_iter_next_remove(&it)))
2223 {
2224 cc_free_card(card);
2225 }
2226
2227 if(destroy_list)
2228 {
2229 ll_destroy(&card_list);
2230 }
2231 }
2232 }
2233
2234 /**
2235 * Clears and free the cc datas
2236 */
2237 void cc_free(struct s_client *cl)
2238 {
2239 struct cc_data *cc = cl->cc;
2240 if(!cc)
2241 {
2242 return;
2243 }
2244
2245 cl->cc = NULL;
2246
2247 cs_writelock(__func__, &cc->lockcmd);
2248
2249 cs_log_dbg(D_TRACE, "exit cccam1/3");
2250 cc_free_cardlist(cc->cards, 1);
2251 ll_destroy_data(&cc->pending_emms);
2252 free_extended_ecm_idx(cc);
2253 ll_destroy_data(&cc->extended_ecm_idx);
2254
2255 cs_writeunlock(__func__, &cc->lockcmd);
2256
2257 cs_log_dbg(D_TRACE, "exit cccam2/3");
2258
2259 add_garbage(cc->prefix);
2260 add_garbage(cc);
2261
2262 cs_log_dbg(D_TRACE, "exit cccam3/3");
2263 }
2264
2265 int32_t is_null_dcw(uint8_t *dcw)
2266 {
2267 int32_t i;
2268 for(i = 0; i < 15; i++)
2269 if(dcw[i])
2270 { return 0; }
2271 return 1;
2272 }
2273
2274 /*int32_t is_dcw_corrupted(uint8_t *dcw)
2275 {
2276 int32_t i;
2277 int32_t c, cs;
2278
2279 for(i = 0; i < 16; i += 4)
2280 {
2281 c = (dcw[i] + dcw[i + 1] + dcw[i + 2]) & 0xFF;
2282 cs = dcw[i + 3];
2283
2284 if(cs != c)
2285 {
2286 return (1);
2287 }
2288 }
2289 return 0;
2290 }*/
2291
2292 int32_t check_extended_mode(struct s_client *cl, char *msg)
2293 {
2294 // Extended mode: if PARTNER String is ending with [PARAM], extended mode is activated
2295 // For future compatibilty the syntax should be compatible with
2296 // [PARAM1,PARAM2...PARAMn]
2297 //
2298 // EXT: Extended ECM Mode: Multiple ECMs could be send and received
2299 // ECMs are numbered, Flag (byte[0] is the index
2300 //
2301 // SID: Exchange of good sids/bad sids activated (like cccam 2.2.x)
2302 // card exchange command MSG_NEW_CARD_SIDINFO instead MSG_NEW_CARD is used
2303 //
2304 // SLP: Sleepsend supported, like camd35
2305 //
2306
2307 struct cc_data *cc = cl->cc;
2308 char *saveptr1 = NULL;
2309 int32_t has_param = 0;
2310 char *p = strtok_r(msg, "[", &saveptr1);
2311
2312 while(p)
2313 {
2314 p = strtok_r(NULL, ",]", &saveptr1);
2315 if(p && strncmp(p, "EXT", 3) == 0)
2316 {
2317 cc->extended_mode = 1;
2318 cs_log_dbg(D_CLIENT, "%s extended ECM mode", getprefix());
2319 has_param = 1;
2320 }
2321 else if(p && strncmp(p, "SID", 3) == 0)
2322 {
2323 cc->cccam220 = 1;
2324 cs_log_dbg(D_CLIENT, "%s extra SID mode", getprefix());
2325 has_param = 1;
2326 }
2327 else if(p && strncmp(p, "SLP", 3) == 0)
2328 {
2329 cc->sleepsend = 1;
2330 cs_log_dbg(D_CLIENT, "%s sleepsend", getprefix());
2331 has_param = 1;
2332 }
2333 #ifdef CS_CACHEEX_AIO
2334 else if(p && strncmp(p, "LGF", 3) == 0)
2335 {
2336 cc->extended_lg_flagged_cws = 1;
2337 cs_log_dbg(D_CLIENT, "%s lg-flagged CWs", getprefix());
2338 has_param = 1;
2339 }
2340 #endif
2341 }
2342 return has_param;
2343 }
2344
2345 void cc_idle(void)
2346 {
2347 struct s_client *cl = cur_client();
2348 struct s_reader *rdr = cl->reader;
2349 struct cc_data *cc = cl->cc;
2350
2351 if(!cl->udp_fd)
2352 {
2353 cc_cli_close(cl, 0);
2354 }
2355
2356 if(rdr && !rdr->tcp_connected && (rdr->cc_keepalive || (rdr->tcp_ito == -1 && (rdr->last_s != 0 || rdr->last_g != 0))))
2357 {
2358 cc_cli_connect(cl);
2359 }
2360
2361 if(!rdr || !rdr->tcp_connected || !cl || !cc)
2362 {
2363 return;
2364 }
2365
2366 time_t now = time(NULL);
2367
2368 if(rdr->cc_keepalive)
2369 {
2370 #ifdef CS_CACHEEX_AIO
2371 if(!cl->cacheex_aio_checked && ((cl->account && cl->account->cacheex.mode > 0) || (cl->reader && cl->reader->cacheex.mode > 0)))
2372 {
2373 cc_cacheex_feature_request(cl);
2374 cl->cacheex_aio_checked = 1;
2375 }
2376 #endif
2377 if(cc_cmd_send(cl, NULL, 0, MSG_KEEPALIVE) > 0)
2378 {
2379 cs_log_dbg(D_READER, "cccam: keepalive");
2380
2381 if(cl)
2382 {
2383 cl->last = now;
2384 }
2385
2386 if(cl->reader)
2387 {
2388 cl->reader->last_s = now;
2389 cl->reader->last_g = now;
2390 }
2391 }
2392 return;
2393 }
2394 else
2395 {
2396 //cs_log("last_s - now = %d, last_g - now = %d, tcp_ito=%d",
2397 // abs(rdr->last_s - now), abs(rdr->last_g - now), rdr->tcp_ito);
2398
2399 // check inactivity timeout
2400 if(rdr->tcp_ito > 0)
2401 {
2402 // inactivity timeout is entered in seconds in webif!
2403 if((llabs(rdr->last_s - now) > rdr->tcp_ito) && (llabs(rdr->last_g - now) > rdr->tcp_ito))
2404 {
2405 rdr_log_dbg(rdr, D_READER, "inactive_timeout, close connection (fd=%d)", rdr->client->pfd);
2406 network_tcp_connection_close(rdr, "inactivity");
2407 return;
2408 }
2409 }
2410
2411 // check read timeout
2412 int32_t rto = llabs(rdr->last_g - now);
2413 //cs_log("last_g - now = %d, rto=%d", rto, rdr->tcp_rto);
2414
2415 // this is also entered in seconds, actually its an receive timeout!
2416 if(rto > (rdr->tcp_rto) && (rdr->last_g != 0 || rdr->last_s != 0) && rdr->last_s != rdr->last_g)
2417 {
2418 rdr_log_dbg(rdr, D_READER, "read timeout, close connection (fd=%d)", rdr->client->pfd);
2419 network_tcp_connection_close(rdr, "rto");
2420 return;
2421 }
2422 }
2423 }
2424
2425 struct cc_card *read_card(uint8_t *buf, int32_t buflen, int32_t ext)
2426 {
2427 struct cc_card *card;
2428 int16_t nprov, nassign = 0, nreject = 0;
2429 int32_t offset = 21;
2430
2431 if(buflen < 21)
2432 {
2433 return NULL;
2434 }
2435
2436 if(!cs_malloc(&card, sizeof(struct cc_card)))
2437 {
2438 return NULL;
2439 }
2440
2441 card->providers = ll_create("providers");
2442 card->badsids = ll_create("badsids");
2443 card->goodsids = ll_create("goodsids");
2444 card->remote_nodes = ll_create("remote_nodes");
2445 card->id = b2i(4, buf);
2446 card->remote_id = b2i(4, buf + 4);
2447 card->caid = b2i(2, buf + 8);
2448 card->hop = buf[10];
2449 card->reshare = buf[11];
2450 card->is_ext = ext;
2451 card->card_type = CT_REMOTECARD;
2452 memcpy(card->hexserial, buf + 12, 8); // HEXSERIAL!!
2453
2454 //cs_log_dbg(D_CLIENT, "cccam: card %08x added, caid %04X, hop %d, key %s, count %d", card->id, card->caid,
2455 // card->hop, cs_hexdump(0, card->hexserial, 8, tmp_dbg, sizeof(tmp_dbg)), ll_count(cc->cards));
2456
2457 nprov = buf[20];
2458
2459 if(ext)
2460 {
2461 if(buflen < 23)
2462 {
2463 cc_free_card(card);
2464 return NULL;
2465 }
2466
2467 nassign = buf[21];
2468 nreject = buf[22];
2469
2470 offset += 2;
2471 }
2472
2473 if(buflen < (offset + (nprov * 7)))
2474 {
2475 cc_free_card(card);
2476 return NULL;
2477 }
2478
2479 int16_t i;
2480 for(i = 0; i < nprov; i++) // providers
2481 {
2482 struct cc_provider *prov;
2483 if(!cs_malloc(&prov, sizeof(struct cc_provider)))
2484 {
2485 break;
2486 }
2487
2488 prov->prov = b2i(3, buf + offset);
2489 if(prov->prov == 0xFFFFFF && caid_is_betacrypt(card->caid))
2490 {
2491 prov->prov = i;
2492 }
2493
2494 memcpy(prov->sa, buf + offset + 3, 4);
2495 //cs_log_dbg(D_CLIENT, " prov %d, %06x, sa %08x", i + 1, prov->prov, b2i(4, prov->sa));
2496
2497 ll_append(card->providers, prov);
2498 offset += 7;
2499 }
2500
2501 if(ext)
2502 {
2503 if(buflen < (offset + (nassign * 2) + (nreject * 2)))
2504 {
2505 cc_free_card(card);
2506 return NULL;
2507 }
2508
2509 for(i = 0; i < nassign; i++)
2510 {
2511 uint16_t sid = b2i(2, buf + offset);
2512 //cs_log_dbg(D_CLIENT, " assigned sid = %04X, added to good sid list", sid);
2513
2514 struct cc_srvid *srvid;
2515 if(!cs_malloc(&srvid, sizeof(struct cc_srvid)))
2516 {
2517 break;
2518 }
2519
2520 srvid->sid = sid;
2521 srvid->chid = 0;
2522 srvid->ecmlen = 0;
2523 ll_append(card->goodsids, srvid);
2524 offset += 2;
2525 }
2526
2527 for(i = 0; i < nreject; i++)
2528 {
2529 uint16_t sid = b2i(2, buf + offset);
2530 //cs_log_dbg(D_CLIENT, " rejected sid = %04X, added to sid block list", sid);
2531
2532 struct cc_srvid_block *srvid;
2533 if(!cs_malloc(&srvid, sizeof(struct cc_srvid_block)))
2534 {
2535 break;
2536 }
2537
2538 srvid->sid = sid;
2539 srvid->chid = 0;
2540 srvid->ecmlen = 0;
2541 srvid->blocked_till = 0;
2542 ll_append(card->badsids, srvid);
2543 offset += 2;
2544 }
2545 }
2546
2547 if(buflen < (offset + 1))
2548 {
2549 return card;
2550 }
2551
2552 int16_t remote_count = buf[offset];
2553 offset++;
2554
2555 if(buflen < (offset + (remote_count * 8)))
2556 {
2557 cc_free_card(card);
2558 return NULL;
2559 }
2560
2561 for(i = 0; i < remote_count; i++)
2562 {
2563 uint8_t *remote_node;
2564 if(!cs_malloc(&remote_node, 8))
2565 {
2566 break;
2567 }
2568
2569 memcpy(remote_node, buf + offset, 8);
2570 ll_append(card->remote_nodes, remote_node);
2571 offset += 8;
2572 }
2573
2574 return card;
2575 }
2576
2577 void cc_card_removed(struct s_client *cl, uint32_t shareid)
2578 {
2579 struct cc_data *cc = cl->cc;
2580 struct cc_card *card;
2581 LL_ITER it = ll_iter_create(cc->cards);
2582
2583 while((card = ll_iter_next(&it)))
2584 {
2585 if(card->id == shareid) // && card->sub_id == b2i (3, buf + 9)) {
2586 {
2587 //cs_log_dbg(D_CLIENT, "cccam: card %08x removed, caid %04X, count %d",
2588 // card->id, card->caid, ll_count(cc->cards));
2589
2590 ll_iter_remove(&it);
2591 if(cc->last_emm_card == card)
2592 {
2593 cc->last_emm_card = NULL;
2594 cs_log_dbg(D_READER, "%s current card %08x removed!", getprefix(), card->id);
2595 }
2596
2597 free_extended_ecm_idx_by_card(cl, card, 1);
2598
2599 if(card->hop == 1)
2600 {
2601 cc->num_hop1--;
2602 }
2603 else if(card->hop == 2)
2604 {
2605 cc->num_hop2--;
2606 }
2607 else
2608 {
2609 cc->num_hopx--;
2610 }
2611
2612 if(card->reshare == 0)
2613 {
2614 cc->num_reshare0--;
2615 }
2616 else if(card->reshare == 1)
2617 {
2618 cc->num_reshare1--;
2619 }
2620 else if(card->reshare == 2)
2621 {
2622 cc->num_reshare2--;
2623 }
2624 else
2625 {
2626 cc->num_resharex--;
2627 }
2628
2629 cs_log_dbg(D_TRACE, "%s card removed: id %8X remoteid %8X caid %4X hop %d reshare %d originid %8X cardtype %d",
2630 getprefix(), card->id, card->remote_id, card->caid, card->hop, card->reshare, card->origin_id, card->card_type);
2631
2632 cc_free_card(card);
2633 cc->card_removed_count++;
2634 //break;
2635 }
2636 }
2637 }
2638
2639 void move_card_to_end(struct s_client *cl, struct cc_card *card_to_move)
2640 {
2641 struct cc_data *cc = cl->cc;
2642 LL_ITER it = ll_iter_create(cc->cards);
2643 struct cc_card *card;
2644
2645 while((card = ll_iter_next(&it)))
2646 {
2647 if(card == card_to_move)
2648 {
2649 ll_iter_remove(&it);
2650 break;
2651 }
2652 }
2653
2654 if(card)
2655 {
2656 cs_log_dbg(D_READER, "%s Moving card %08X to the end...", getprefix(), card_to_move->id);
2657 free_extended_ecm_idx_by_card(cl, card, 0);
2658 ll_append(cc->cards, card_to_move);
2659 }
2660 }
2661
2662 /*void fix_dcw(uint8_t *dcw)
2663 {
2664 int32_t i;
2665
2666 for(i = 0; i < 16; i += 4)
2667 {
2668 dcw[i + 3] = (dcw[i] + dcw[i + 1] + dcw[i + 2]) & 0xFF;
2669 }
2670 }*/
2671
2672 void addParam(char *param, size_t param_sz, char *value)
2673 {
2674 if (!param_sz) {
2675 cs_log("ERROR! Sizeof param is zero!");
2676 return;
2677 }
2678
2679 if (param && value) {
2680 if ((cs_strlen(param) + cs_strlen(value) + 1) < param_sz) {
2681 if (cs_strlen(param) < 4) {
2682 cs_strncat(param, value, param_sz);
2683 }
2684 else {
2685 cs_strncat(param, ",", param_sz);
2686 cs_strncat(param, value, param_sz);
2687 }
2688 }
2689 else {
2690 cs_log("ERROR! Buffer overflow in addParam!");
2691 }
2692 }
2693 else {
2694 cs_log("ERROR! Booth param and value pointer NULL!");
2695 }
2696 }
2697
2698 static void chk_peer_node_for_oscam(struct cc_data *cc)
2699 {
2700 if(!cc->is_oscam_cccam) // Allready discovered oscam-cccam
2701 {
2702 uint16_t sum = 0x1234;
2703 uint16_t recv_sum = (cc->peer_node_id[6] << 8) | cc->peer_node_id[7];
2704 int32_t i;
2705
2706 for(i = 0; i < 6; i++)
2707 {
2708 sum += cc->peer_node_id[i];
2709 }
2710
2711 // Create special data to detect oscam-cccam
2712 cc->is_oscam_cccam = sum == recv_sum;
2713 }
2714 }
2715
2716 #ifdef MODULE_CCCSHARE
2717 static void cc_s_idle(struct s_client *cl)
2718 {
2719 cs_log_dbg(D_TRACE, "ccc idle %s", username(cl));
2720 if(cfg.cc_keep_connected)
2721 {
2722 #ifdef CS_CACHEEX_AIO
2723 if(!cl->cacheex_aio_checked && ((cl->account && cl->account->cacheex.mode > 0) || (cl->reader && cl->reader->cacheex.mode > 0)))
2724 {
2725 cc_cacheex_feature_request(cl);
2726 cl->cacheex_aio_checked = 1;
2727 }
2728 #endif
2729 cc_cmd_send(cl, NULL, 0, MSG_KEEPALIVE);
2730 cl->last = time(NULL);
2731 }
2732 else
2733 {
2734 cs_log_dbg(D_CLIENT, "%s keepalive after maxidle is reached", getprefix());
2735 cs_disconnect_client(cl);
2736 }
2737 }
2738 #endif
2739
2740 int32_t cc_parse_msg(struct s_client *cl, uint8_t *buf, int32_t l)
2741 {
2742 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
2743 int32_t ret = buf[1];
2744 struct cc_data *cc = cl->cc;
2745 char tmp_dbg[33];
2746
2747 if(!cc || cl->kill)
2748 {
2749 return -1;
2750 }
2751
2752 cs_log_dbg(cl->typ == 'c' ? D_CLIENT : D_READER, "%s parse_msg=%d", getprefix(), buf[1]);
2753
2754 uint8_t *data = buf + 4;
2755
2756 if(l < 4)
2757 {
2758 return -1;
2759 }
2760
2761 memcpy(&cc->receive_buffer, data, l - 4);
2762 cc->last_msg = buf[1];
2763
2764 switch(buf[1])
2765 {
2766 case MSG_CLI_DATA:
2767 {
2768 cs_log_dbg(D_CLIENT, "cccam: client data ack");
2769 break;
2770 }
2771
2772 case MSG_SRV_DATA:
2773 {
2774 l -= 4;
2775 cs_log_dbg(D_READER, "%s MSG_SRV_DATA (payload=%d, hex=%02X)", getprefix(), l, l);
2776 data = cc->receive_buffer;
2777
2778 if(l == 0x48) // 72 bytes: normal server data
2779 {
2780 cs_writelock(__func__, &cc->cards_busy);
2781
2782 cc_free_cardlist(cc->cards, 0);
2783 free_extended_ecm_idx(cc);
2784 cc->last_emm_card = NULL;
2785 cc->num_hop1 = 0;
2786 cc->num_hop2 = 0;
2787 cc->num_hopx = 0;
2788 cc->num_reshare0 = 0;
2789 cc->num_reshare1 = 0;
2790 cc->num_reshare2 = 0;
2791 cc->num_resharex = 0;
2792
2793 memcpy(cc->peer_node_id, data, 8);
2794 memcpy(cc->peer_version, data + 8, 8);
2795
2796 memcpy(cc->cmd0b_aeskey, cc->peer_node_id, 8);
2797 memcpy(cc->cmd0b_aeskey + 8, cc->peer_version, 8);
2798
2799 cs_strncpy(cc->remote_version, (char *)data + 8, sizeof(cc->remote_version));
2800 cs_strncpy(cc->remote_build, (char *)data + 40, sizeof(cc->remote_build));
2801 cc->remote_build_nr = atoi(cc->remote_build);
2802
2803 // multics server response
2804 if(data[33] == 'M' && data[34] == 'C' && data[35] == 'S')
2805 {
2806 cc->multics_mode = 2; // multics server finaly confirmed.
2807 cc->multics_version[0] = data[37];
2808 cc->multics_version[1] = data[38];
2809 cs_log_dbg(D_READER, "multics detected: %s!", getprefix());
2810 }
2811
2812 cs_writeunlock(__func__, &cc->cards_busy);
2813
2814 cs_log_dbg(D_READER, "%s remote server %s running v%s (%s)", getprefix(), cs_hexdump(0,
2815 cc->peer_node_id, 8, tmp_dbg, sizeof(tmp_dbg)), cc->remote_version, cc->remote_build);
2816
2817 chk_peer_node_for_oscam(cc);
2818 // Trick: when discovered partner is an Oscam Client, then we send him our version string:
2819 if(cc->is_oscam_cccam)
2820 {
2821 uint8_t token[256];
2822 #ifdef CS_CACHEEX_AIO
2823 snprintf((char *)token, sizeof(token), "PARTNER: OSCam v%s, build r%s (%s) [EXT,SID,SLP,LGF]",
2824 #else
2825 snprintf((char *)token, sizeof(token), "PARTNER: OSCam v%s, build r%s (%s) [EXT,SID,SLP]",
2826 #endif
2827 CS_VERSION, CS_SVN_VERSION, CS_TARGET);
2828
2829 cc_cmd_send(cl, token, cs_strlen((char *)token) + 1, MSG_CW_NOK1);
2830 }
2831
2832 cc->cmd05_mode = MODE_PLAIN;
2833 //
2834 // Keyoffset is payload-size:
2835 //
2836 }
2837 else if(l >= 0x00 && l <= 0x0F)
2838 {
2839 cs_writelock(__func__, &cc->cards_busy);
2840 cc->cmd05_offset = l;
2841 cs_writeunlock(__func__, &cc->cards_busy);
2842 //
2843 // 16..43 bytes: RC4 encryption
2844 //
2845 }
2846 else if((l >= 0x10 && l <= 0x1f) || (l >= 0x24 && l <= 0x2b))
2847 {
2848 cs_writelock(__func__, &cc->cards_busy);
2849 cc_init_crypt(&cc->cmd05_cryptkey, data, l);
2850 cc->cmd05_mode = MODE_RC4_CRYPT;
2851 cs_writeunlock(__func__, &cc->cards_busy);
2852 //
2853 // 32 bytes: set AES128 key for CMD_05, Key=16 bytes offset keyoffset
2854 //
2855 }
2856 else if(l == 0x20)
2857 {
2858 cs_writelock(__func__, &cc->cards_busy);
2859 memcpy(cc->cmd05_aeskey, data + cc->cmd05_offset, 16);
2860 cc->cmd05_mode = MODE_AES;
2861 cs_writeunlock(__func__, &cc->cards_busy);
2862 //
2863 // 33 bytes: xor-algo mit payload-bytes, offset keyoffset
2864 //
2865 }
2866 else if(l == 0x21)
2867 {
2868 cs_writelock(__func__, &cc->cards_busy);
2869 cc_init_crypt(&cc->cmd05_cryptkey, data + cc->cmd05_offset, l);
2870 cc->cmd05_mode = MODE_CC_CRYPT;
2871 cs_writeunlock(__func__, &cc->cards_busy);
2872 //
2873 // 34 bytes: cmd_05 plain back
2874 //
2875 }
2876 else if(l == 0x22)
2877 {
2878 cs_writelock(__func__, &cc->cards_busy);
2879 cc->cmd05_mode = MODE_PLAIN;
2880 cs_writeunlock(__func__, &cc->cards_busy);
2881 //
2882 // 35 bytes: Unknown!! 2 256 byte keys exchange
2883 //
2884 }
2885 else if(l == 0x23)
2886 {
2887 cs_writelock(__func__, &cc->cards_busy);
2888 cc->cmd05_mode = MODE_UNKNOWN;
2889 cs_writeunlock(__func__, &cc->cards_busy);
2890 cc_cycle_connection(cl);
2891 //
2892 // 44 bytes: set aes128 key, Key=16 bytes [Offset=len(password)]
2893 //
2894 }
2895 else if(l == 0x2c)
2896 {
2897 cs_writelock(__func__, &cc->cards_busy);
2898 memcpy(cc->cmd05_aeskey, data + cs_strlen(rdr->r_pwd), 16);
2899 cc->cmd05_mode = MODE_AES;
2900 cs_writeunlock(__func__, &cc->cards_busy);
2901 //
2902 // 45 bytes: set aes128 key, Key=16 bytes [Offset=len(username)]
2903 //
2904 }
2905 else if(l == 0x2d)
2906 {
2907 cs_writelock(__func__, &cc->cards_busy);
2908 memcpy(cc->cmd05_aeskey, data + cs_strlen(rdr->r_usr), 16);
2909 cc->cmd05_mode = MODE_AES;
2910 cs_writeunlock(__func__, &cc->cards_busy);
2911 //
2912 //Unknown!!
2913 //
2914 }
2915 else
2916 {
2917 cs_log_dbg(D_READER, "%s received improper MSG_SRV_DATA! No change to current mode, mode=%d",
2918 getprefix(), cc->cmd05_mode);
2919 break;
2920 }
2921
2922 cs_log_dbg(D_READER, "%s MSG_SRV_DATA MODE=%s, len=%d", getprefix(), cmd05_mode_name[cc->cmd05_mode], l);
2923 break;
2924 }
2925
2926 case MSG_NEW_CARD_SIDINFO:
2927 case MSG_NEW_CARD:
2928 {
2929 if(l < 16 || !rdr)
2930 {
2931 break;
2932 }
2933
2934 uint16_t caid = b2i(2, buf + 12);
2935
2936 // filter caid == 0 and maxhop
2937 if(!caid || buf[14] >= rdr->cc_maxhops + 1)
2938 {
2939 break;
2940 }
2941
2942 // filter mindown
2943 if(buf[15] < rdr->cc_mindown)
2944 {
2945 break;
2946 }
2947
2948 // caid check
2949 if(!chk_ctab(caid, &rdr->ctab))
2950 {
2951 break;
2952 }
2953
2954 rdr->tcp_connected = 2; // we have card
2955 rdr->card_status = CARD_INSERTED;
2956
2957 cs_writelock(__func__, &cc->cards_busy);
2958 struct cc_card *card = read_card(data, l - 4, buf[1] == MSG_NEW_CARD_SIDINFO);
2959
2960 if(!card)
2961 {
2962 cs_writeunlock(__func__, &cc->cards_busy);
2963 break;
2964 }
2965
2966 card->origin_reader = rdr;
2967 card->origin_id = card->id;
2968 card->grp = rdr->grp;
2969 card->rdr_reshare = rdr->cc_reshare > -1 ? rdr->cc_reshare : cfg.cc_reshare;
2970
2971 // Check if this card is from us
2972 LL_ITER it = ll_iter_create(card->remote_nodes);
2973 uint8_t *node_id;
2974
2975 while((node_id = ll_iter_next(&it)))
2976 {
2977 if(memcmp(node_id, cc_node_id, sizeof(cc_node_id)) == 0) // this card is from us!
2978 {
2979 cs_log_dbg(D_READER, "filtered card because of recursive nodeid: id=%08X, caid=%04X", card->id, card->caid);
2980 cc_free_card(card);
2981 card = NULL;
2982 break;
2983 }
2984 }
2985
2986 #ifdef MODULE_CCCSHARE
2987 // Check Ident filter
2988 if(card)
2989 {
2990 if(!chk_ident(&rdr->ftab, card))
2991 {
2992 cc_free_card(card);
2993 card = NULL;
2994 }
2995 }
2996 #endif
2997 if(card)
2998 {
2999 // Check if we already have this card
3000 it = ll_iter_create(cc->cards);
3001 struct cc_card *old_card;
3002
3003 while((old_card = ll_iter_next(&it)))
3004 {
3005 // We already have this card, delete it
3006 if(old_card->id == card->id || same_card(old_card, card))
3007 {
3008 cc_free_card(card);
3009 card = old_card;
3010 break;
3011 }
3012 }
3013
3014 if(!old_card)
3015 {
3016 card->card_type = CT_REMOTECARD;
3017 ll_append(cc->cards, card);
3018 set_au_data(cl, rdr, card, NULL);
3019 cc->card_added_count++;
3020 card->hop++;
3021
3022 if(card->hop == 1)
3023 {
3024 cc->num_hop1++;
3025 }
3026 else if(card->hop == 2)
3027 {
3028 cc->num_hop2++;
3029 }
3030 else
3031 {
3032 cc->num_hopx++;
3033 }
3034
3035 if(card->reshare == 0)
3036 {
3037 cc->num_reshare0++;
3038 }
3039 else if(card->reshare == 1)
3040 {
3041 cc->num_reshare1++;
3042 }
3043 else if(card->reshare == 2)
3044 {
3045 cc->num_reshare2++;
3046 }
3047 else
3048 {
3049 cc->num_resharex++;
3050 }
3051
3052 cs_log_dbg(D_TRACE, "%s card added: id %8X remoteid %8X caid %4X hop %d reshare %d originid %8X cardtype %d",
3053 getprefix(), card->id, card->remote_id, card->caid, card->hop, card->reshare, card->origin_id, card->card_type);
3054 }
3055 }
3056
3057 cs_writeunlock(__func__, &cc->cards_busy);
3058
3059 #ifdef MODULE_CCCSHARE
3060 cccam_refresh_share();
3061 #endif
3062 break;
3063 }
3064
3065 case MSG_CARD_REMOVED:
3066 {
3067 if(l < 8)
3068 {
3069 break;
3070 }
3071
3072 cs_writelock(__func__, &cc->cards_busy);
3073 cc_card_removed(cl, b2i(4, buf + 4));
3074 cs_writeunlock(__func__, &cc->cards_busy);
3075 break;
3076 }
3077
3078 case MSG_SLEEPSEND:
3079 {
3080 // Server sends SLEEPSEND
3081 if(l < 5)
3082 {
3083 break;
3084 }
3085
3086 if(!cfg.c35_suppresscmd08)
3087 {
3088 if(buf[4] == 0xFF)
3089 {
3090 cl->stopped = 2; // server says sleep
3091 //rdr->card_status = NO_CARD;
3092 }
3093 else
3094 {
3095 if(config_enabled(WITH_LB) && !cfg.lb_mode)
3096 {
3097 cl->stopped = 1; // server says invalid
3098 if(rdr)
3099 rdr->card_status = CARD_FAILURE;
3100 }
3101 }
3102 }
3103 } /* fallthrough */ // NO BREAK!! NOK Handling needed!
3104
3105 case MSG_CW_NOK1:
3106 case MSG_CW_NOK2:
3107 {
3108 if(l < 2)
3109 {
3110 break;
3111 }
3112
3113 if(l > 5)
3114 {
3115 // Received NOK with payload
3116 char *msg = (char *) buf + 4;
3117
3118 // Check for PARTNER connection
3119 if((l >= (4 + 8)) && strncmp(msg, "PARTNER:", 8) == 0)
3120 {
3121 // When Data starts with "PARTNER:" we have an Oscam-cccam-compatible client/server!
3122
3123 cs_strncpy(cc->remote_oscam, msg + 9, sizeof(cc->remote_oscam));
3124 int32_t has_param = check_extended_mode(cl, msg);
3125
3126 if(!cc->is_oscam_cccam)
3127 {
3128 cc->is_oscam_cccam = 1;
3129
3130 // send params back. At the moment there is only "EXT"
3131 char param[20];
3132 if(!has_param)
3133 {
3134 param[0] = 0;
3135 }
3136 else
3137 {
3138 cs_strncpy(param, " [", sizeof(param));
3139
3140 if(cc->extended_mode)
3141 {
3142 addParam(param, sizeof(param), "EXT");
3143 }
3144
3145 if(cc->cccam220)
3146 {
3147 addParam(param, sizeof(param), "SID");
3148 }
3149
3150 if(cc->sleepsend)
3151 {
3152 addParam(param, sizeof(param), "SLP");
3153 }
3154
3155 #ifdef CS_CACHEEX_AIO
3156 if(cc->extended_lg_flagged_cws)
3157 {
3158 addParam(param, sizeof(param), "LGF");
3159 }
3160 #endif
3161 if (!cs_strncat(param, "]", sizeof(param))) {
3162 cs_log("BUG!!, Adding ']' didn't succed!");
3163 }
3164 }
3165
3166 uint8_t token[256];
3167 snprintf((char *)token, sizeof(token), "PARTNER: OSCam v%s, build r%s (%s)%s",
3168 CS_VERSION, CS_SVN_VERSION, CS_TARGET, param);
3169
3170 cc_cmd_send(cl, token, cs_strlen((char *)token) + 1, MSG_CW_NOK1);
3171 }
3172 }
3173 else
3174 {
3175 size_t msg_size = l - 4;
3176 char last_char = msg[msg_size - 1];
3177
3178 if(last_char == 0) // verify if the payload is a null terminated string
3179 {
3180 if(cs_realloc(&cc->nok_message, msg_size))
3181 {
3182 memcpy(cc->nok_message, msg, msg_size);
3183 }
3184 }
3185 else
3186 {
3187 NULLFREE(cc->nok_message);
3188 }
3189 }
3190
3191 return ret;
3192 }
3193
3194 if(cl->typ == 'c')
3195 {
3196 return ret;
3197 }
3198
3199 // for reader only
3200
3201 cc->recv_ecmtask = -1;
3202
3203 if(cc->just_logged_in) // reader restart needed
3204 {
3205 return -1;
3206 }
3207
3208 cs_readlock(__func__, &cc->cards_busy);
3209
3210 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx(cl, cc->extended_mode ? cc->g_flag : 1, 1);
3211 if(!eei)
3212 {
3213 cs_log_dbg(D_READER, "%s received extended ecm NOK id %d but not found!", getprefix(), cc->g_flag);
3214 }
3215 else
3216 {
3217 uint16_t ecm_idx = eei->ecm_idx;
3218 cc->recv_ecmtask = ecm_idx;
3219 struct cc_card *card = eei->card;
3220 //uint32_t cccam_id = eei->cccam_id;
3221 struct cc_srvid srvid = eei->srvid;
3222 int8_t retry = 1;
3223 struct timeb tpe;
3224 cs_ftime(&tpe);
3225 int64_t cwlastresptime = comp_timeb(&tpe, &eei->tps);
3226
3227 add_garbage(eei);
3228
3229 if(card)
3230 {
3231 if(buf[1] == MSG_CW_NOK1) // MSG_CW_NOK1: share no more available
3232 {
3233 cs_log_dbg(D_TRACE, "NOK1: share temporarily not available %d %04X ecm %d %d!",
3234 card->id, card->caid, eei->send_idx, eei->ecm_idx);
3235
3236 int j;
3237 for(j = 0; j < cfg.max_pending; j++)
3238 {
3239 if(cl->ecmtask[j].idx == ecm_idx && cl->ecmtask[j].rc == E_ALREADY_SENT)
3240 {
3241 ECM_REQUEST *er = &cl->ecmtask[j];
3242 cl->pending--;
3243
3244 write_ecm_answer(rdr, er, E_NOTFOUND, 0, NULL, NULL, 0, NULL);
3245 break;
3246 }
3247 }
3248 }
3249 else if(cc->cmd05NOK) // else MSG_CW_NOK2: can't decode
3250 {
3251 move_card_to_end(cl, card);
3252 if(cwlastresptime < 5000)
3253 {
3254 add_sid_block(card, &srvid, true);
3255 }
3256 else
3257 {
3258 if(card->rating <= MIN_RATING)
3259 {
3260 add_sid_block(card, &srvid, true);
3261 }
3262 else
3263 {
3264 card->rating--;
3265 }
3266 }
3267 }
3268 else if(cacheex_get_rdr_mode(rdr) != 1)
3269 {
3270 if(!is_good_sid(card, &srvid))
3271 {
3272 move_card_to_end(cl, card);
3273 if(cwlastresptime < 5000)
3274 {
3275 add_sid_block(card, &srvid, true);
3276 }
3277 else
3278 {
3279 if(card->rating <= MIN_RATING)
3280 {
3281 add_sid_block(card, &srvid, true);
3282 }
3283 else
3284 {
3285 card->rating--;
3286 }
3287 }
3288 }
3289 else
3290 {
3291 move_card_to_end(cl, card);
3292 add_sid_block(card, &srvid, true);
3293 }
3294
3295 if(card->rating < MIN_RATING)
3296 {
3297 card->rating = MIN_RATING;
3298 }
3299
3300 if(cfg.cc_forward_origin_card && card->origin_reader == rdr)
3301 {
3302 // this card is from us but it can't decode this ecm
3303 // also origin card is only set on cccam clients
3304 // so wie send back the nok to the client
3305 cs_log_dbg(D_TRACE, "%s forward card: %s", getprefix(), (buf[1] == MSG_CW_NOK1) ? "NOK1" : "NOK2");
3306 retry = 0;
3307 }
3308 }
3309 }
3310 else
3311 {
3312 cs_log_dbg(D_READER, "%s NOK: NO CARD!", getprefix());
3313 // try next card...
3314 }
3315
3316 // A "NOK" in extended mode means, NOTHING found,
3317 // regardless of the requested card. So do not retry
3318 if(cc->extended_mode)
3319 {
3320 cl->pending--;
3321 retry = 0;
3322 }
3323
3324 if(retry)
3325 {
3326 cc_reset_pending(cl, ecm_idx);
3327 }
3328 else
3329 {
3330 int32_t i = 0;
3331 for(i = 0; i < cfg.max_pending; i++)
3332 {
3333 if(cl->ecmtask[i].idx == ecm_idx && cl->ecmtask[i].rc == E_ALREADY_SENT)
3334 {
3335 cs_log_dbg(D_TRACE, "%s ext NOK %s", getprefix(), (buf[1] == MSG_CW_NOK1) ? "NOK1" : "NOK2");
3336 ECM_REQUEST *er = &cl->ecmtask[i];
3337 cl->pending--;
3338
3339 write_ecm_answer(rdr, er, E_NOTFOUND, 0, NULL, NULL, 0, NULL);
3340 break;
3341 }
3342 }
3343 }
3344 }
3345 cc->cmd05NOK = 0;
3346 cs_readunlock(__func__, &cc->cards_busy);
3347
3348 if(!cc->extended_mode)
3349 {
3350 cc->ecm_busy = 0;
3351 }
3352
3353 cc_send_ecm(cl, NULL);
3354 break;
3355 }
3356
3357 case MSG_CACHE_PUSH:
3358 {
3359 if((l - 4) >= 18)
3360 {
3361 cc_cacheex_push_in(cl, data);
3362 }
3363 break;
3364 }
3365
3366 case MSG_CACHE_FILTER:
3367 {
3368 if((l - 4) >= 482)
3369 {
3370 cc_cacheex_filter_in(cl, data);
3371 }
3372 break;
3373 }
3374 #ifdef CS_CACHEEX_AIO
3375 case MSG_CACHE_FEATURE_EXCHANGE:
3376 {
3377 if((l - 4) >= 2)
3378 {
3379 cc_cacheex_feature_request_reply(cl);
3380 }
3381 break;
3382 }
3383
3384 case MSG_CACHE_FEATURE_EXCHANGE_REPLY:
3385 {
3386 if((l - 4) >= 2)
3387 {
3388 cc_cacheex_feature_request_save(cl, data);
3389 }
3390 break;
3391 }
3392
3393 case MSG_CACHE_FEATURE_TRIGGER:
3394 {
3395 if((l - 4) >= 2)
3396 {
3397 cc_cacheex_feature_trigger_in(cl, data);
3398 }
3399 break;
3400 }
3401
3402 case MSG_CW_ECM_LGF:
3403 #endif
3404 case MSG_CW_ECM:
3405 {
3406 cc->just_logged_in = 0;
3407 if(cl->typ == 'c') // SERVER:
3408 {
3409 #define CCMSG_HEADER_LEN 17
3410 ECM_REQUEST *er;
3411 struct cc_card *server_card;
3412
3413 if(l < CCMSG_HEADER_LEN)
3414 {
3415 break;
3416 }
3417
3418 if(!cs_malloc(&server_card, sizeof(struct cc_card)))
3419 {
3420 break;
3421 }
3422
3423 server_card->id = buf[10] << 24 | buf[11] << 16 | buf[12] << 8 | buf[13];
3424 server_card->caid = b2i(2, data);
3425
3426 if((er = get_ecmtask()) && l > CCMSG_HEADER_LEN && MAX_ECM_SIZE > l - CCMSG_HEADER_LEN)
3427 {
3428 er->caid = b2i(2, buf + 4);
3429 er->prid = b2i(4, buf + 6);
3430 er->srvid = b2i(2, buf + 14);
3431 er->ecmlen = l - CCMSG_HEADER_LEN;
3432 memcpy(er->ecm, buf + CCMSG_HEADER_LEN, er->ecmlen);
3433 cc->server_ecm_pending++;
3434 er->idx = ++cc->server_ecm_idx;
3435
3436 #ifdef MODULE_CCCSHARE
3437 if(cfg.cc_forward_origin_card) // search my shares for this card:
3438 {
3439 cs_log_dbg(D_TRACE, "%s forward card: %04X:%04x search share %d", getprefix(),
3440 er->caid, er->srvid, server_card->id);
3441
3442 LLIST **sharelist = get_and_lock_sharelist();
3443 LL_ITER itr = ll_iter_create(get_cardlist(er->caid, sharelist));
3444 struct cc_card *card;
3445 struct cc_card *rcard = NULL;
3446
3447 while((card = ll_iter_next(&itr)))
3448 {
3449 if(card->id == server_card->id) // found it
3450 {
3451 break;
3452 }
3453 }
3454
3455 cs_log_dbg(D_TRACE, "%s forward card: share %d found: %d", getprefix(), server_card->id, card ? 1 : 0);
3456
3457 struct s_reader *ordr = NULL;
3458
3459 if(card && card->origin_reader) // found own card, now search reader card
3460 {
3461 // Search reader in list, because it is maybe offline?
3462 for(ordr = first_active_reader; ordr; ordr = ordr->next)
3463 {
3464 if(ordr == card->origin_reader)
3465 {
3466 break;
3467 }
3468 }
3469
3470 if(!ordr)
3471 {
3472 cs_log_dbg(D_TRACE, "%s origin reader not found!", getprefix());
3473 }
3474 else
3475 {
3476 cs_log_dbg(D_TRACE, "%s forward card: share %d origin reader %s origin id %d",
3477 getprefix(), card->id, ordr->label, card->origin_id);
3478
3479 struct s_client *cl2 = ordr->client;
3480 if(card->origin_id && cl2 && cl2->cc) // only if we have a origin from a cccam reader
3481 {
3482 struct cc_data *rcc = cl2->cc;
3483
3484 if(rcc)
3485 {
3486 itr = ll_iter_create(rcc->cards);
3487 while((rcard = ll_iter_next(&itr)))
3488 {
3489 if(rcard->id == card->origin_id) // found it!
3490 {
3491 break;
3492 }
3493 }
3494 }
3495 }
3496 else
3497 {
3498 rcard = card;
3499 }
3500 }
3501 er->origin_reader = ordr;
3502 }
3503
3504 er->origin_card = rcard;
3505 if(!rcard || !ordr)
3506 {
3507 cs_log_dbg(D_TRACE, "%s forward card: share %d not found!", getprefix(), server_card->id);
3508 er->rc = E_NOTFOUND;
3509 er->rcEx = E2_CCCAM_NOK1; // share not found!
3510 }
3511 else
3512 {
3513 cs_log_dbg(D_TRACE, "%s forward card: share %d forwarded to %s origin as id %d",
3514 getprefix(), card->id, ordr->label, rcard->id);
3515 }
3516 unlock_sharelist();
3517 }
3518 #endif
3519 cs_log_dbg(D_CLIENT, "%s ECM request from client: caid %04x srvid %04x(%d) prid %06x",
3520 getprefix(), er->caid, er->srvid, er->ecmlen, er->prid);
3521
3522 struct cc_srvid srvid;
3523 srvid.sid = er->srvid;
3524 srvid.chid = er->chid;
3525 srvid.ecmlen = er->ecmlen;
3526 add_extended_ecm_idx(cl, cc->extended_mode ? cc->g_flag : 1, er->idx, server_card, srvid, 1);
3527
3528 get_cw(cl, er);
3529
3530 }
3531 else
3532 {
3533 cs_log_dbg(D_CLIENT, "%s NO ECMTASK!!!! l=%d", getprefix(), l);
3534 NULLFREE(server_card);
3535 }
3536
3537 }
3538 else // READER
3539 {
3540 if(l < 20)
3541 {
3542 break;
3543 }
3544
3545 cs_readlock(__func__, &cc->cards_busy);
3546 cc->recv_ecmtask = -1;
3547
3548 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx(cl, cc->extended_mode ? cc->g_flag : 1, 1);
3549 if(!eei)
3550 {
3551 cs_log_dbg(D_READER, "%s received extended ecm id %d but not found!", getprefix(), cc->g_flag);
3552
3553 if(!cc->extended_mode)
3554 {
3555 cc_cli_close(cl, 0);
3556 }
3557 }
3558 else
3559 {
3560 uint16_t ecm_idx = eei->ecm_idx;
3561 cc->recv_ecmtask = ecm_idx;
3562 struct cc_card *card = eei->card;
3563 uint32_t cccam_id = eei->cccam_id;
3564 struct cc_srvid srvid = eei->srvid;
3565 NULLFREE(eei);
3566
3567 if(card)
3568 {
3569 if(!cc->extended_mode)
3570 {
3571 cc_cw_crypt(cl, buf + 4, card->id);
3572 cc_crypt_cmd0c(cl, buf + 4, 16);
3573 }
3574
3575 memcpy(cc->dcw, buf + 4, 16);
3576 //fix_dcw(cc->dcw);
3577
3578 if(!cc->extended_mode) // additional crypto step
3579 {
3580 cc_crypt(&cc->block[DECRYPT], buf + 4, l - 4, ENCRYPT);
3581 }
3582
3583 if(is_null_dcw(cc->dcw))
3584 {
3585 cs_log_dbg(D_READER, "%s null dcw received! sid=%04X(%d)", getprefix(), srvid.sid, srvid.ecmlen);
3586 move_card_to_end(cl, card);
3587 add_sid_block(card, &srvid, true);
3588 // ecm retry
3589 cc_reset_pending(cl, ecm_idx);
3590 buf[1] = MSG_CW_NOK2; // So it's really handled like a nok!
3591 }
3592 else
3593 {
3594 cs_log_dbg(D_READER, "%s cws: %d %s", getprefix(), ecm_idx,
3595 cs_hexdump(0, cc->dcw, 16, tmp_dbg, sizeof(tmp_dbg)));
3596
3597 // check response time, if > fallbacktime, switch cards!
3598 struct timeb tpe;
3599 cs_ftime(&tpe);
3600 int64_t cwlastresptime = comp_timeb(&tpe, &cc->ecm_time);
3601
3602 if(cwlastresptime > get_fallbacktimeout(card->caid) && !cc->extended_mode)
3603 {
3604 cs_log_dbg(D_READER, "%s card %04X is too slow, moving to the end...", getprefix(), card->id);
3605 move_card_to_end(cl, card);
3606
3607 card->rating--;
3608 if(card->rating < MIN_RATING)
3609 {
3610 card->rating = MIN_RATING;
3611 }
3612 }
3613 else
3614 {
3615 card->rating++;
3616 if(card->rating > MAX_RATING)
3617 {
3618 card->rating = MAX_RATING;
3619 }
3620 }
3621 }
3622 }
3623 else
3624 {
3625 // Card removed...
3626 cs_log_dbg(D_READER, "%s warning: ECM-CWS respond by CCCam server without current card!", getprefix());
3627
3628 if(!cc->extended_mode)
3629 {
3630 cc_cw_crypt(cl, buf + 4, cccam_id);
3631 cc_crypt_cmd0c(cl, buf + 4, 16);
3632 }
3633 memcpy(cc->dcw, buf + 4, 16);
3634 //fix_dcw(cc->dcw);
3635
3636 if(!cc->extended_mode) // additional crypto step
3637 {
3638 cc_crypt(&cc->block[DECRYPT], buf + 4, l - 4, ENCRYPT);
3639 }
3640
3641 cs_log_dbg(D_READER, "%s cws: %d %s", getprefix(), ecm_idx,
3642 cs_hexdump(0, cc->dcw, 16, tmp_dbg, sizeof(tmp_dbg)));
3643 }
3644 }
3645 cs_readunlock(__func__, &cc->cards_busy);
3646
3647 if(!cc->extended_mode)
3648 {
3649 cc->ecm_busy = 0;
3650 }
3651
3652 //cc_abort_user_ecms();
3653 cc_send_ecm(cl, NULL);
3654
3655 if(cc->max_ecms)
3656 {
3657 cc->ecm_counter++;
3658 }
3659 }
3660 break;
3661 }
3662
3663 case MSG_KEEPALIVE:
3664 {
3665 #ifdef CS_CACHEEX_AIO
3666 if(!cl->cacheex_aio_checked && ((cl->account && cl->account->cacheex.mode > 0) || (cl->reader && cl->reader->cacheex.mode > 0)))
3667 {
3668 cc_cacheex_feature_request(cl);
3669 cl->cacheex_aio_checked = 1;
3670 }
3671 #endif
3672 if(cl)
3673 {
3674 cl->last = time(NULL);
3675 }
3676
3677 if(rdr && rdr->cc_keepalive)
3678 {
3679 rdr->last_g = time(NULL);
3680 rdr->last_s = time(NULL);
3681 rdr_log_dbg(rdr, D_READER, "%s: receive keepalive", __func__);
3682 }
3683
3684 cc->just_logged_in = 0;
3685 break;
3686 }
3687
3688 case MSG_CMD_05:
3689 {
3690 if(cl->typ != 'c')
3691 {
3692 cc->just_logged_in = 0;
3693 l = l - 4; // Header Length = 4 bytes
3694 if(l < 0)
3695 {
3696 break;
3697 }
3698
3699 cs_log_dbg(D_READER, "%s MSG_CMD_05 recvd, payload length=%d mode=%d",
3700 getprefix(), l, cc->cmd05_mode);
3701
3702 cc->cmd05_active = 1;
3703 cc->cmd05_data_len = l;
3704 memcpy(&cc->cmd05_data, buf + 4, l);
3705
3706 if(!cc->ecm_busy && ll_has_elements(cc->cards))
3707 {
3708 send_cmd05_answer(cl);
3709 }
3710 }
3711 break;
3712 }
3713
3714 case MSG_CMD_0B:
3715 {
3716 if(l < 20)
3717 {
3718 break;
3719 }
3720
3721 // by Project: Keynation
3722 cs_log_dbg(D_READER, "%s MSG_CMD_0B received (payload=%d)!", getprefix(), l - 4);
3723
3724 AES_KEY key;
3725 uint8_t aeskey[16];
3726 uint8_t out[16];
3727
3728 memcpy(aeskey, cc->cmd0b_aeskey, 16);
3729 memset(&key, 0, sizeof(key));
3730
3731 //cs_log_dump_dbg(D_READER, aeskey, 16, "%s CMD_0B AES key:", getprefix());
3732 //cs_log_dump_dbg(D_READER, data, 16, "%s CMD_0B received data:", getprefix());
3733
3734 AES_set_encrypt_key((uint8_t *)&aeskey, 128, &key);
3735 AES_encrypt((uint8_t *)data, (uint8_t *)&out, &key);
3736
3737 cs_log_dbg(D_TRACE, "%s sending CMD_0B! ", getprefix());
3738 //cs_log_dump_dbg(D_READER, out, 16, "%s CMD_0B out:", getprefix());
3739 cc_cmd_send(cl, out, 16, MSG_CMD_0B);
3740 break;
3741 }
3742
3743 case MSG_CMD_0C: // New CCCAM 2.2.0 Server/Client fake check!
3744 {
3745 int32_t len = l - 4;
3746 if(len < 0)
3747 {
3748 break;
3749 }
3750
3751 if(cl->typ == 'c') // Only im comming from "client"
3752 {
3753 cs_log_dbg(D_CLIENT, "%s MSG_CMD_0C received (payload=%d)!", getprefix(), len);
3754
3755 uint8_t bytes[0x20];
3756 if(len < 0x20) // if less then 0x20 bytes, clear others
3757 {
3758 memset(data + len, 0, 0x20 - len);
3759 }
3760
3761 // change first 0x10 bytes to the second
3762 memcpy(bytes, data + 0x10, 0x10);
3763 memcpy(bytes + 0x10, data, 0x10);
3764
3765 // xor data:
3766 int32_t i;
3767 for(i = 0; i < 0x20; i++)
3768 {
3769 bytes[i] ^= (data[i] & 0x7F);
3770 }
3771
3772 // key is now the 16bit hash of md5
3773 uint8_t md5hash[0x10];
3774 MD5(data, 0x20, md5hash);
3775 memcpy(bytes, md5hash, 0x10);
3776
3777 cs_log_dbg(D_CLIENT, "%s sending CMD_0C! ", getprefix());
3778 //cs_log_dump_dbg(D_CLIENT, bytes, 0x20, "%s CMD_0C out:", getprefix());
3779 cc_cmd_send(cl, bytes, 0x20, MSG_CMD_0C);
3780 }
3781 else // reader
3782 {
3783 // by Project: Keynation + Oscam team
3784 cc_crypt_cmd0c(cl, data, len);
3785
3786 uint8_t CMD_0x0C_Command = data[0];
3787
3788 switch(CMD_0x0C_Command)
3789 {
3790 case 0: // RC6
3791 {
3792 cc->cmd0c_mode = MODE_CMD_0x0C_RC6;
3793 break;
3794 }
3795
3796 case 1: // RC4
3797 {
3798 cc->cmd0c_mode = MODE_CMD_0x0C_RC4;
3799 break;
3800 }
3801
3802 case 2: // CC_CRYPT
3803 {
3804 cc->cmd0c_mode = MODE_CMD_0x0C_CC_CRYPT;
3805 break;
3806 }
3807
3808 case 3: // AES
3809 {
3810 cc->cmd0c_mode = MODE_CMD_0x0C_AES;
3811 break;
3812 }
3813
3814 case 4: // IDEA
3815 {
3816 cc->cmd0c_mode = MODE_CMD_0x0C_IDEA;
3817 break;
3818 }
3819
3820 default:
3821 {
3822 cc->cmd0c_mode = MODE_CMD_0x0C_NONE;
3823 }
3824 }
3825
3826 set_cmd0c_cryptkey(cl, data, len);
3827
3828 cs_log_dbg(D_READER, "%s received MSG_CMD_0C from server! CMD_0x0C_CMD=%d, MODE=%s",
3829 getprefix(), CMD_0x0C_Command, cmd0c_mode_name[cc->cmd0c_mode]);
3830 }
3831 break;
3832 }
3833
3834 case MSG_CMD_0D: // key update for the active cmd0x0c algo
3835 {
3836 int32_t len = l - 4;
3837 if(len < 0)
3838 {
3839 break;
3840 }
3841
3842 if(cc->cmd0c_mode == MODE_CMD_0x0C_NONE)
3843 {
3844 break;
3845 }
3846
3847 cc_crypt_cmd0c(cl, data, len);
3848 set_cmd0c_cryptkey(cl, data, len);
3849
3850 cs_log_dbg(D_READER, "%s received MSG_CMD_0D from server! MODE=%s",
3851 getprefix(), cmd0c_mode_name[cc->cmd0c_mode]);
3852 break;
3853 }
3854
3855 case MSG_CMD_0E:
3856 {
3857 if(l < 2)
3858 {
3859 break;
3860 }
3861
3862 cs_log_dbg(D_READER, "cccam 2.2.x commands not implemented: 0x%02X", buf[1]);
3863
3864 // Unkwon commands... need workout algo
3865 if(cl->typ == 'c') // client connection
3866 {
3867 //switching to an oder version and then disconnect...
3868 cs_strncpy(cfg.cc_version, version[0], sizeof(cfg.cc_version));
3869 ret = -1;
3870 }
3871 else // reader connection
3872 {
3873 cs_strncpy(cl->reader->cc_version, version[0], sizeof(cl->reader->cc_version));
3874 cs_strncpy(cl->reader->cc_build, build[0], sizeof(cl->reader->cc_build));
3875 cc_cycle_connection(cl);
3876 }
3877 break;
3878 }
3879
3880 case MSG_EMM_ACK:
3881 {
3882 cc->just_logged_in = 0;
3883 if(cl->typ == 'c') // EMM Request received
3884 {
3885 cc_cmd_send(cl, NULL, 0, MSG_EMM_ACK); // Send back ACK
3886
3887 if(l < 16)
3888 {
3889 break;
3890 }
3891
3892 cs_log_dbg(D_EMM, "%s EMM Request received!", getprefix());
3893
3894 if(!ll_count(cl->aureader_list))
3895 {
3896 cs_log_dbg( D_EMM, "%s EMM Request discarded because au is not assigned to an reader!", getprefix());
3897 return MSG_EMM_ACK;
3898 }
3899
3900 EMM_PACKET *emm;
3901 if(!cs_malloc(&emm, sizeof(EMM_PACKET)))
3902 {
3903 break;
3904 }
3905
3906 emm->caid[0] = buf[4];
3907 emm->caid[1] = buf[5];
3908 emm->provid[0] = buf[7];
3909 emm->provid[1] = buf[8];
3910 emm->provid[2] = buf[9];
3911 emm->provid[3] = buf[10];
3912 //emm->hexserial[0] = buf[11];
3913 //emm->hexserial[1] = buf[12];
3914 //emm->hexserial[2] = buf[13];
3915 //emm->hexserial[3] = buf[14];
3916
3917 if(l <= 0xFF)
3918 {
3919 emm->emmlen = buf[15];
3920 }
3921 else
3922 {
3923 emm->emmlen = MIN(l - 16, (int32_t)sizeof(emm->emm));
3924 }
3925
3926 if(emm->emmlen < 0 || emm->emmlen > MAX_EMM_SIZE || emm->emmlen + 16 > l)
3927 {
3928 NULLFREE(emm);
3929 break;
3930 }
3931
3932 memcpy(emm->emm, buf + 16, emm->emmlen);
3933 //emm->type = UNKNOWN;
3934 //emm->cidx = cs_idx;
3935 do_emm(cl, emm);
3936 NULLFREE(emm);
3937 }
3938 else // Our EMM Request Ack!
3939 {
3940 cs_log_dbg(D_EMM, "%s EMM ACK!", getprefix());
3941 if(!cc->extended_mode)
3942 {
3943 cc->ecm_busy = 0;
3944 }
3945 cc_send_ecm(cl, NULL);
3946 }
3947 break;
3948 }
3949
3950 default:
3951 {
3952 //cs_log_dump_dbg(D_CLIENT, buf, l, "%s unhandled msg: %d len=%d", getprefix(), buf[1], l);
3953 break;
3954 }
3955 }
3956
3957 if(cc->max_ecms && (cc->ecm_counter > cc->max_ecms))
3958 {
3959 cs_log_dbg(D_READER, "%s max ecms (%d) reached, cycle connection!", getprefix(), cc->max_ecms);
3960 cc_cycle_connection(cl);
3961 }
3962 return ret;
3963 }
3964
3965 /**
3966 * Reader: write dcw to receive
3967 */
3968 int32_t cc_recv_chk(struct s_client *cl, uint8_t *dcw, int32_t *rc, uint8_t *buf, int32_t UNUSED(n))
3969 {
3970 struct cc_data *cc = cl->cc;
3971
3972 if(buf[1] == MSG_CW_ECM
3973 #ifdef CS_CACHEEX_AIO
3974 || buf[1] == MSG_CW_ECM_LGF
3975 #endif
3976 )
3977 {
3978 memcpy(dcw, cc->dcw, 16);
3979 //cs_log_dbg(D_CLIENT, "cccam: recv chk - MSG_CW %d - %s", cc->recv_ecmtask,
3980 // cs_hexdump(0, dcw, 16, tmp_dbg, sizeof(tmp_dbg)));
3981 *rc = 1;
3982 #ifdef CS_CACHEEX_AIO
3983 if(buf[1] == MSG_CW_ECM_LGF)
3984 *rc = 0x86;
3985 #endif
3986 return (cc->recv_ecmtask);
3987 }
3988 else if((buf[1] == (MSG_CW_NOK1)) || (buf[1] == (MSG_CW_NOK2)))
3989 {
3990 *rc = 0;
3991 //if(cc->is_oscam_cccam)
3992 if(cfg.cc_forward_origin_card)
3993 {
3994 return (cc->recv_ecmtask);
3995 }
3996 else
3997 {
3998 return -1;
3999 }
4000 }
4001
4002 return (-1);
4003 }
4004
4005 //int32_t is_softfail(int32_t rc)
4006 //{
4007 // //see oscam.c send_dcw() for a full list
4008 // switch(rc)
4009 // {
4010 // case 5: // 5 = timeout
4011 // case 6: // 6 = sleeping
4012 // case 7: // 7 = fake
4013 // case 10: // 10 = no card
4014 // case 11: // 11 = expdate
4015 // case 12: // 12 = disabled
4016 // case 13: // 13 = stopped
4017 // case 14: // 100 = unhandled
4018 // return 1;
4019 // }
4020 // return 0;
4021 //}
4022
4023 /**
4024 * Server: send DCW to client
4025 */
4026 void cc_send_dcw(struct s_client *cl, ECM_REQUEST *er)
4027 {
4028 uint8_t buf[16];
4029 struct cc_data *cc = cl->cc;
4030
4031 memset(buf, 0, sizeof(buf));
4032
4033 struct cc_extended_ecm_idx *eei = get_extended_ecm_idx_by_idx(cl, er->idx, 1);
4034
4035 if(er->rc < E_NOTFOUND && eei) // found
4036 {
4037 memcpy(buf, er->cw, sizeof(buf));
4038 //fix_dcw(buf);
4039 //cs_log_dbg(D_TRACE, "%s send cw: %s cpti: %d", getprefix(),
4040 // cs_hexdump(0, buf, 16, tmp_dbg, sizeof(tmp_dbg)), er->cpti);
4041
4042 if(!cc->extended_mode)
4043 {
4044 cc_cw_crypt(cl, buf, eei->cccam_id);
4045 }
4046 else
4047 {
4048 cc->g_flag = eei->send_idx;
4049 }
4050
4051 #ifdef CS_CACHEEX_AIO
4052 // lg-flag
4053 if(cc->extended_lg_flagged_cws && (er->localgenerated || (er->selected_reader && !is_network_reader(er->selected_reader))))
4054 {
4055 cc_cmd_send(cl, buf, 16, MSG_CW_ECM_LGF);
4056 }
4057 else
4058 {
4059 #endif
4060 cc_cmd_send(cl, buf, 16, MSG_CW_ECM);
4061 #ifdef CS_CACHEEX_AIO
4062 }
4063 #endif
4064
4065 if(!cc->extended_mode)
4066 {
4067 cc_crypt(&cc->block[ENCRYPT], buf, 16, ENCRYPT); // additional crypto step
4068 }
4069 }
4070 else // NOT found
4071 {
4072 //cs_log_dbg(D_TRACE, "%s send cw: NOK cpti: %d", getprefix(), er->cpti);
4073
4074 if(eei && cc->extended_mode)
4075 {
4076 cc->g_flag = eei->send_idx;
4077 }
4078
4079 int32_t nok, bufsize = 0;
4080 if(cc->sleepsend && er->rc == E_STOPPED)
4081 {
4082 buf[0] = cl->c35_sleepsend;
4083 bufsize = 1;
4084 nok = MSG_SLEEPSEND;
4085 }
4086 else if(!eei || !eei->card)
4087 {
4088 nok = MSG_CW_NOK1; // share no more available
4089 }
4090 else
4091 {
4092 if(cfg.cc_forward_origin_card && er->origin_card == eei->card)
4093 {
4094 nok = (er->rcEx == E2_CCCAM_NOK1) ? MSG_CW_NOK1 : MSG_CW_NOK2;
4095 }
4096 else
4097 {
4098 nok = MSG_CW_NOK2; // can't decode
4099 }
4100 }
4101 cc_cmd_send(cl, buf, bufsize, nok);
4102 }
4103 cc->server_ecm_pending--;
4104
4105 if(eei)
4106 {
4107 NULLFREE(eei->card);
4108 NULLFREE(eei);
4109 }
4110 }
4111
4112 int32_t cc_recv(struct s_client *cl, uint8_t *buf, int32_t l)
4113 {
4114 int32_t n;
4115 struct s_reader *rdr = (cl->typ == 'c') ? NULL : cl->reader;
4116
4117 if(buf == NULL || l <= 0)
4118 {
4119 return -1;
4120 }
4121
4122 n = cc_msg_recv(cl, buf, l); // recv and decrypt msg
4123 //cs_log_dump_dbg(D_CLIENT, buf, n, "cccam: received %d bytes from %s", n, remote_txt());
4124
4125 if(n <= 0)
4126 {
4127 struct cc_data *cc = cl->cc;
4128 if(cc && cc->nok_message)
4129 {
4130 cs_log_dbg(D_CLIENT, "%s connection closed by %s. n=%d, Reason: %s",
4131 getprefix(), remote_txt(), n, cc->nok_message);
4132 }
4133 else
4134 {
4135 cs_log_dbg(D_CLIENT, "%s connection closed by %s, n=%d.", getprefix(), remote_txt(), n);
4136 if(rdr)
4137 {
4138 cc_cli_close(cl, 1);
4139 }
4140 else
4141 {
4142 //cs_writelock(__func__, &cc->cards_busy); maybe uninitialized
4143 cs_disconnect_client(cl);
4144 //cs_writeunlock(__func__, &cc->cards_busy);
4145 }
4146
4147 cs_sleepms(150);
4148 n = -1;
4149 return n;
4150 }
4151
4152 n = -1;
4153 }
4154 else if(n < 4)
4155 {
4156 cs_log("%s packet is too small (%d bytes)", getprefix(), n);
4157 n = -1;
4158 }
4159 else if(n > CC_MAXMSGSIZE)
4160 {
4161 cs_log("%s packet is too big (%d bytes, max: %d)", getprefix(), n, CC_MAXMSGSIZE);
4162 n = -1;
4163 }
4164 else
4165 {
4166 // parse it and write it back, if we have received something of value
4167 n = cc_parse_msg(cl, buf, n);
4168 if(n == MSG_CW_ECM || n == MSG_EMM_ACK
4169 #ifdef CS_CACHEEX_AIO
4170 || n == MSG_CW_ECM_LGF
4171 #endif
4172 )
4173 {
4174 cl->last = time(NULL); // last client action is now
4175 if(rdr)
4176 {
4177 rdr->last_g = time(NULL); // last reader receive is now
4178 }
4179 }
4180 }
4181
4182 if(n == -1)
4183 {
4184 if(cl->typ != 'c')
4185 {
4186 cc_cli_close(cl, 1);
4187 }
4188 }
4189
4190 return n;
4191 }
4192
4193 void cc_init_locks(struct cc_data *cc)
4194 {
4195 cs_lock_create(__func__, &cc->lockcmd, "lockcmd", 5000);
4196 cs_lock_create(__func__, &cc->cards_busy, "cards_busy", 10000);
4197 }
4198
4199 #ifdef MODULE_CCCSHARE
4200 /**
4201 * Starting readers to get cards
4202 **/
4203 int32_t cc_srv_wakeup_readers(struct s_client *cl)
4204 {
4205 int32_t wakeup = 0;
4206 struct s_reader *rdr;
4207 struct s_client *client;
4208
4209 for(rdr = first_active_reader; rdr; rdr = rdr->next)
4210 {
4211 if(rdr->typ != R_CCCAM)
4212 {
4213 continue;
4214 }
4215
4216 if(rdr->tcp_connected == 2)
4217 {
4218 continue;
4219 }
4220
4221 if(!(rdr->grp & cl->grp))
4222 {
4223 continue;
4224 }
4225
4226 // if reader has keepalive but is NOT connected,
4227 // reader can't connect. so don't ask him
4228 if(rdr->cc_keepalive)
4229 {
4230 continue;
4231 }
4232
4233 // reader is in shutdown
4234 if((client = rdr->client) == NULL || (client->cc) == NULL || client->kill)
4235 {
4236 continue;
4237 }
4238
4239 // reader cannot be waked up currently because its blocked
4240 if(is_connect_blocked(rdr))
4241 {
4242 continue;
4243 }
4244
4245 // This wakeups the reader:
4246 add_job(rdr->client, ACTION_READER_CARDINFO, NULL, 0);
4247 wakeup++;
4248 }
4249
4250 return wakeup;
4251 }
4252
4253 int32_t cc_srv_connect(struct s_client *cl)
4254 {
4255 int32_t i, ccversion_pos, ccbuild_pos;
4256 int32_t no_delay = 1;
4257 uint8_t data[16];
4258 char usr[21], pwd[65], tmp_dbg[17];
4259 struct s_auth *account;
4260 struct cc_data *cc;
4261
4262 if(!cs_malloc(&cc, sizeof(struct cc_data)))
4263 {
4264 return -1;
4265 }
4266
4267 memset(usr, 0, sizeof(usr));
4268 memset(pwd, 0, sizeof(pwd));
4269
4270 // init internals data struct
4271 cl->cc = cc;
4272 cc->extended_ecm_idx = ll_create("extended_ecm_idx");
4273
4274 cc_init_locks(cc);
4275 uint8_t *buf = cc->send_buffer;
4276
4277 cc->server_ecm_pending = 0;
4278 cc->extended_mode = 0;
4279 cc->ecm_busy = 0;
4280
4281 int32_t keep_alive = 1;
4282 setsockopt(cl->udp_fd, SOL_SOCKET, SO_KEEPALIVE, (void *)&keep_alive, sizeof(keep_alive));
4283
4284 // Create checksum for "O" cccam
4285 get_random_bytes(data, 12);
4286 for(i = 0; i < 4; i++)
4287 {
4288 data[12 + i] = (data[i] + data[4 + i] + data[8 + i]) & 0xff;
4289 }
4290
4291 cs_log_dbg(D_TRACE, "send ccc checksum");
4292
4293 send(cl->udp_fd, data, 16, 0);
4294
4295 cc_xor(data); // XOR init bytes with 'CCcam'
4296
4297 SHA_CTX ctx;
4298 SHA1_Init(&ctx);
4299 SHA1_Update(&ctx, data, 16);
4300 SHA1_Final(buf, &ctx);
4301
4302 cc_init_crypt(&cc->block[ENCRYPT], buf, 20);
4303 cc_crypt(&cc->block[ENCRYPT], data, 16, DECRYPT);
4304 cc_init_crypt(&cc->block[DECRYPT], data, 16);
4305 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
4306
4307 cs_log_dbg(D_TRACE, "receive ccc checksum");
4308
4309 if(cc_recv_to(cl, buf, 20) == 20)
4310 {
4311 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: recv:");
4312 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
4313 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: hash:");
4314 }
4315 else
4316 {
4317 return -1;
4318 }
4319
4320 // receive username
4321 memset(buf, 0, CC_MAXMSGSIZE);
4322 i = cc_recv_to(cl, buf, 20);
4323 if(i < 0) // errors during receive!
4324 {
4325 return -1;
4326 }
4327
4328 if(i == 20)
4329 {
4330 cc_crypt(&cc->block[DECRYPT], buf, 20, DECRYPT);
4331 cs_strncpy(usr, (char *)buf, sizeof(usr));
4332
4333 // test for non printable characters
4334 for(i = 0; i < 20; i++)
4335 {
4336 if(usr[i] > 0 && usr[i] < 0x20) // found non printable char
4337 {
4338 cs_log("illegal username received");
4339 return -3;
4340 }
4341 }
4342 //cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: username '%s':", usr);
4343 }
4344 else
4345 {
4346 cs_add_violation(cl, NULL);
4347 return -2;
4348 }
4349 cs_log_dbg(D_TRACE, "ccc username received %s", usr);
4350
4351 cl->crypted = 1;
4352
4353 // CCCam only supports len=20 usr/pass. So we could have
4354 // more than one user that matches the first 20 chars.
4355
4356 // receive password-CCCam encrypted Hash:
4357 i = cc_recv_to(cl, buf, 6);
4358
4359 if(i < 0) // errors during receive!
4360 {
4361 return -1;
4362 }
4363
4364 if(i != 6) // received invalid password length
4365 {
4366 cs_add_violation(cl, usr);
4367 return -2;
4368 }
4369
4370 cs_log_dbg(D_TRACE, "ccc passwdhash received %s", usr);
4371
4372 account = cfg.account;
4373 struct cc_crypt_block *save_block;
4374 if(!cs_malloc(&save_block, sizeof(struct cc_crypt_block)))
4375 {
4376 return -1;
4377 }
4378
4379 memcpy(save_block, cc->block, sizeof(struct cc_crypt_block));
4380 int32_t found = 0;
4381
4382 while(1)
4383 {
4384 while(account)
4385 {
4386 if(strncmp(usr, account->usr, 20) == 0)
4387 {
4388 memset(pwd, 0, sizeof(pwd));
4389 cs_strncpy(pwd, account->pwd, sizeof(pwd));
4390 found = 1;
4391 break;
4392 }
4393 account = account->next;
4394 }
4395
4396 if(!account)
4397 {
4398 break;
4399 }
4400
4401 // receive passwd / 'CCcam'
4402 memcpy(cc->block, save_block, sizeof(struct cc_crypt_block));
4403 cc_crypt(&cc->block[DECRYPT], (uint8_t *) pwd, cs_strlen(pwd), ENCRYPT);
4404 cc_crypt(&cc->block[DECRYPT], buf, 6, DECRYPT);
4405
4406 // illegal buf-bytes could kill the logger!
4407 //cs_log_dump_dbg(D_CLIENT, buf, 6, "cccam: pwd check '%s':", buf);
4408
4409 if(memcmp(buf, "CCcam\0", 6) == 0) // Password Hash OK!
4410 {
4411 break; // account is set
4412 }
4413
4414 account = account->next;
4415 }
4416 NULLFREE(save_block);
4417
4418 // cs_auth_client returns 0 if account is valid/active/accessible
4419 if(cs_auth_client(cl, account, NULL))
4420 {
4421 if(!found)
4422 {
4423 cs_log("account '%s' not found!", usr);
4424 }
4425 else
4426 {
4427 cs_log("password for '%s' invalid!", usr);
4428 }
4429
4430 cs_add_violation(cl, usr);
4431 return -2;
4432 }
4433
4434 if(cl->dup)
4435 {
4436 cs_log("account '%s' duplicate login, disconnect!", usr);
4437 return -3;
4438 }
4439
4440 if(cl->disabled)
4441 {
4442 cs_log("account '%s' disabled, blocking+disconnect!", usr);
4443 cs_add_violation(cl, usr);
4444 return -2;
4445 }
4446
4447 if(account->cccmaxhops < -1)
4448 {
4449 cs_log("account '%s' has cccmaxhops < -1, cccam can't handle this, disconnect!", usr);
4450 return -3;
4451 }
4452
4453 cs_log_dbg(D_TRACE, "ccc user authenticated %s", usr);
4454
4455 if(account->cccmaxhops == -1)
4456 {
4457 cs_log("account '%s' has cccmaxhops = -1: user will not see any card!", usr);
4458 }
4459
4460 if(!cs_malloc(&cc->prefix, cs_strlen(cl->account->usr) + 20))
4461 {
4462 return -1;
4463 }
4464 snprintf(cc->prefix, cs_strlen(cl->account->usr) + 20, "cccam(s) %s:", cl->account->usr);
4465
4466 #ifdef CS_CACHEEX
4467 if(cl->account->cacheex.mode < 2)
4468 #endif
4469 if(cl->tcp_nodelay == 0)
4470 {
4471 setsockopt(cl->udp_fd, IPPROTO_TCP, TCP_NODELAY, (void *)&no_delay, sizeof(no_delay));
4472 cl->tcp_nodelay = 1;
4473 }
4474
4475 // Starting readers to get cards
4476 cc_srv_wakeup_readers(cl);
4477
4478 // send passwd ack
4479 memset(buf, 0, 20);
4480 memcpy(buf, "CCcam\0", 6);
4481 cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: send ack:");
4482 cc_crypt(&cc->block[ENCRYPT], buf, 20, ENCRYPT);
4483 send(cl->pfd, buf, 20, 0);
4484
4485 // recv cli data
4486 memset(buf, 0, CC_MAXMSGSIZE);
4487 i = cc_msg_recv(cl, buf, CC_MAXMSGSIZE - 1);
4488
4489 if(i < 0)
4490 {
4491 return -1;
4492 }
4493 cs_log_dump_dbg(D_CLIENT, buf, i, "cccam: cli data:");
4494
4495 if(i < 66)
4496 {
4497 cs_log_dbg(D_CLIENT, "cccam: cli data too small");
4498 return -1;
4499 }
4500
4501 memcpy(cc->peer_node_id, buf + 24, 8);
4502 //chk_peer_node_for_oscam(cc);
4503
4504 ccversion_pos = 33;
4505 while(ccversion_pos + 1 < i && ccversion_pos < 33 + 5 && buf[ccversion_pos] == 0)
4506 {
4507 ccversion_pos++;
4508 }
4509
4510 ccbuild_pos = 65;
4511 while(ccbuild_pos + 1 < i && ccbuild_pos < 65 + 5 && buf[ccbuild_pos] == 0)
4512 {
4513 ccbuild_pos++;
4514 }
4515
4516 cs_strncpy(cc->remote_version, (char *)buf + ccversion_pos, sizeof(cc->remote_version));
4517 cs_strncpy(cc->remote_build, (char *)buf + ccbuild_pos, sizeof(cc->remote_build));
4518
4519 cs_log_dbg(D_CLIENT, "%s client '%s' (%s) running v%s (%s)", getprefix(), buf + 4,
4520 cs_hexdump(0, cc->peer_node_id, 8, tmp_dbg, sizeof(tmp_dbg)), cc->remote_version, cc->remote_build);
4521
4522 // send cli data ack
4523 cc_cmd_send(cl, NULL, 0, MSG_CLI_DATA);
4524
4525 cs_log_dbg(D_TRACE, "ccc send srv_data %s", usr);
4526 if(cc_send_srv_data(cl) < 0)
4527 {
4528 return -1;
4529 }
4530
4531 cc->cccam220 = check_cccam_compat(cc);
4532 cc->just_logged_in = 1;
4533
4534 // Wait for Partner detection (NOK1 with data) before reporting cards
4535 // When Partner is detected, cccam220=1 is set. then we can report extended card data
4536 i = process_input(buf, CC_MAXMSGSIZE, 1);
4537
4538 if(i <= 0 && i != -9) // disconnected
4539 {
4540 return 0;
4541 }
4542
4543 if(cc->cccam220)
4544 {
4545 cs_log_dbg(D_CLIENT, "%s extended sid mode activated", getprefix());
4546 }
4547 else
4548 {
4549 cs_log_dbg(D_CLIENT, "%s 2.1.x compatibility mode", getprefix());
4550 }
4551
4552 cs_log_dbg(D_TRACE, "ccc send cards %s", usr);
4553
4554 if(!cc_srv_report_cards(cl))
4555 {
4556 return -1;
4557 }
4558 cs_ftime(&cc->ecm_time);
4559
4560 // some clients, e.g. mgcamd, do not support keepalive. So if not answered, keep
4561 // connection check for client timeout. If timeout occurs try to send keepalive
4562 cs_log_dbg(D_TRACE, "ccc connected and waiting for data %s", usr);
4563 return 0;
4564 }
4565
4566 void cc_srv_init2(struct s_client *cl)
4567 {
4568 if(!cl->init_done && !cl->kill)
4569 {
4570 if(IP_ISSET(cl->ip))
4571 {
4572 cs_log_dbg(D_CLIENT, "cccam: new connection from %s", cs_inet_ntoa(cl->ip));
4573 }
4574
4575 cl->pfd = cl->udp_fd;
4576 int32_t ret;
4577 if((ret = cc_srv_connect(cl)) < 0)
4578 {
4579 if(errno != 0)
4580 {
4581 cs_log_dbg(D_CLIENT, "cccam: failed errno: %d (%s)", errno, strerror(errno));
4582 }
4583 else
4584 {
4585 cs_log_dbg(D_CLIENT, "cccam: failed ret: %d", ret);
4586 }
4587 cs_disconnect_client(cl);
4588 }
4589 else
4590 {
4591 cl->init_done = 1;
4592 cc_cacheex_filter_out(cl);
4593 #ifdef CS_CACHEEX_AIO
4594 if((cl->account && cl->account->cacheex.mode > 0) || (cl->reader && cl->reader->cacheex.mode > 0))
4595 cc_cacheex_feature_request(cl);
4596 #endif
4597 }
4598 }
4599 return;
4600 }
4601
4602 void *cc_srv_init(struct s_client *cl, uint8_t *UNUSED(mbuf), int32_t UNUSED(len))
4603 {
4604 cc_srv_init2(cl);
4605 return NULL;
4606 }
4607 #endif
4608
4609 int32_t cc_cli_connect(struct s_client *cl)
4610 {
4611 struct s_reader *rdr = cl->reader;
4612 struct cc_data *cc = cl->cc;
4613 rdr->card_status = CARD_FAILURE;
4614 cl->stopped = 0;
4615
4616 if(!cc)
4617 {
4618 // init internals data struct
4619 if(!cs_malloc(&cc, sizeof(struct cc_data)))
4620 {
4621 return -1;
4622 }
4623
4624 cc_init_locks(cc);
4625 cc->cards = ll_create("cards");
4626 cl->cc = cc;
4627 cc->pending_emms = ll_create("pending_emms");
4628 cc->extended_ecm_idx = ll_create("extended_ecm_idx");
4629 }
4630 else
4631 {
4632 cc_free_cardlist(cc->cards, 0);
4633 free_extended_ecm_idx(cc);
4634 }
4635
4636 if(!cc->prefix)
4637 {
4638 if(!cs_malloc(&cc->prefix, cs_strlen(cl->reader->label) + 20))
4639 {
4640 return -1;
4641 }
4642 }
4643 snprintf(cc->prefix, cs_strlen(cl->reader->label) + 20, "cccam(r) %s:", cl->reader->label);
4644
4645 int32_t handle, n;
4646 uint8_t data[20];
4647 uint8_t hash[SHA_DIGEST_LENGTH];
4648 uint8_t *buf = cc->send_buffer;
4649 char pwd[65];
4650
4651 // check cred config
4652 if(rdr->device[0] == 0 || rdr->r_pwd[0] == 0 || rdr->r_usr[0] == 0 || rdr->r_port == 0)
4653 {
4654 cs_log("%s configuration error!", rdr->label);
4655 return -5;
4656 }
4657
4658 // connect
4659 handle = network_tcp_connection_open(rdr);
4660 if(handle <= 0)
4661 {
4662 cs_log_dbg(D_READER, "%s network connect error!", rdr->label);
4663 return -1;
4664 }
4665
4666 if(errno == EISCONN)
4667 {
4668 cc_cli_close(cl, 0);
4669 block_connect(rdr);
4670 return -1;
4671 }
4672
4673 int32_t no_delay = 1;
4674 if(cacheex_get_rdr_mode(rdr) < 2)
4675 {
4676 setsockopt(cl->udp_fd, IPPROTO_TCP, TCP_NODELAY, (void *)&no_delay, sizeof(no_delay));
4677 }
4678
4679 // get init seed
4680 if((n = cc_recv_to(cl, data, 16)) != 16)
4681 {
4682 if(n <= 0)
4683 {
4684 cs_log("init error from reader %s", rdr->label);
4685 }
4686 else
4687 {
4688 cs_log("%s server returned %d instead of 16 bytes as init seed (errno=%d %s)",
4689 rdr->label, n, errno, strerror(errno));
4690 }
4691
4692 cc_cli_close(cl, 0);
4693 block_connect(rdr);
4694 return -2;
4695 }
4696
4697 cc->ecm_counter = 0;
4698 cc->max_ecms = 0;
4699 cc->cmd05_mode = MODE_UNKNOWN;
4700 cc->cmd05_offset = 0;
4701 cc->cmd05_active = 0;
4702 cc->cmd05_data_len = 0;
4703 cc->extended_mode = 0;
4704 cc->last_emm_card = NULL;
4705 cc->num_hop1 = 0;
4706 cc->num_hop2 = 0;
4707 cc->num_hopx = 0;
4708 cc->num_reshare0 = 0;
4709 cc->num_reshare1 = 0;
4710 cc->num_reshare2 = 0;
4711 cc->num_resharex = 0;
4712 memset(&cc->cmd05_data, 0, sizeof(cc->cmd05_data));
4713 memset(&cc->receive_buffer, 0, sizeof(cc->receive_buffer));
4714 NULLFREE(cc->nok_message);
4715 cc->cmd0c_mode = MODE_CMD_0x0C_NONE;
4716
4717 cs_log_dump_dbg(D_CLIENT, data, 16, "cccam: server init seed:");
4718
4719 uint16_t sum = 0x1234;
4720 uint16_t recv_sum = (data[14] << 8) | data[15];
4721 int32_t i;
4722
4723 for(i = 0; i < 14; i++)
4724 {
4725 sum += data[i];
4726 }
4727
4728 // create special data to detect oscam-cccam
4729 cc->is_oscam_cccam = sum == recv_sum;
4730
4731 // detect multics seed
4732 uint8_t a = (data[0] ^ 'M') + data[1] + data[2];
4733 uint8_t b = data[4] + (data[5] ^ 'C') + data[6];
4734 uint8_t c = data[8] + data[9] + (data[10] ^ 'S');
4735
4736 if((a == data[3]) && (b == data[7]) && (c == data[11]))
4737 {
4738 cc->multics_mode = 1; // detected multics seed
4739 cs_log_dbg(D_READER, "multics seed detected: %s", rdr->label);
4740 }
4741
4742 cc_xor(data); // XOR init bytes with 'CCcam'
4743
4744 SHA_CTX ctx;
4745 SHA1_Init(&ctx);
4746 SHA1_Update(&ctx, data, 16);
4747 SHA1_Final(hash, &ctx);
4748
4749 cs_log_dump_dbg(D_CLIENT, hash, sizeof(hash), "cccam: sha1 hash:");
4750
4751 // initialisate crypto states
4752 cc_init_crypt(&cc->block[DECRYPT], hash, 20);
4753 cc_crypt(&cc->block[DECRYPT], data, 16, DECRYPT);
4754 cc_init_crypt(&cc->block[ENCRYPT], data, 16);
4755 cc_crypt(&cc->block[ENCRYPT], hash, 20, DECRYPT);
4756
4757 cc_cmd_send(cl, hash, 20, MSG_NO_HEADER); // send crypted hash to server
4758
4759 memset(buf, 0, CC_MAXMSGSIZE);
4760 memcpy(buf, rdr->r_usr, cs_strlen(rdr->r_usr));
4761 cs_log_dump_dbg(D_CLIENT, buf, 20, "cccam: username '%s':", buf);
4762 cc_cmd_send(cl, buf, 20, MSG_NO_HEADER); // send usr '0' padded -> 20 bytes
4763
4764 memset(buf, 0, CC_MAXMSGSIZE);
4765 memset(pwd, 0, sizeof(pwd));
4766
4767 //cs_log_dbg(D_CLIENT, "cccam: 'CCcam' xor");
4768 memcpy(buf, "CCcam", 5);
4769 cs_strncpy(pwd, rdr->r_pwd, sizeof(pwd));
4770 cc_crypt(&cc->block[ENCRYPT], (uint8_t *)pwd, cs_strlen(pwd), ENCRYPT);
4771 cc_cmd_send(cl, buf, 6, MSG_NO_HEADER); // send 'CCcam' xor w/ pwd
4772
4773 if((cc_recv_to(cl, data, 20)) != 20)
4774 {
4775 cs_log("%s login failed, usr/pwd invalid", getprefix());
4776 cc_cli_close(cl, 0);
4777 block_connect(rdr);
4778 return -2;
4779 }
4780
4781 cc_crypt(&cc->block[DECRYPT], data, 20, DECRYPT);
4782 cs_log_dump_dbg(D_CLIENT, data, 20, "cccam: login data");
4783
4784 if(memcmp(data, buf, 5)) // check server response
4785 {
4786 cs_log("%s login failed, usr/pwd invalid", getprefix());
4787 cc_cli_close(cl, 0);
4788 block_connect(rdr);
4789 return -2;
4790 }
4791 else
4792 {
4793 cs_log_dbg(D_READER, "%s login succeeded", getprefix());
4794 }
4795
4796 cs_log_dbg(D_READER, "cccam: last_s=%ld, last_g=%ld", rdr->last_s, rdr->last_g);
4797
4798 cl->pfd = cl->udp_fd;
4799 cs_log_dbg(D_READER, "cccam: pfd=%d", cl->pfd);
4800
4801 if(cc_send_cli_data(cl) <= 0)
4802 {
4803 cs_log("%s login failed, could not send client data", getprefix());
4804 cc_cli_close(cl, 0);
4805 block_connect(rdr);
4806 return -3;
4807 }
4808
4809 if(rdr->ftab.filts)
4810 {
4811 rdr->caid = rdr->ftab.filts[0].caid;
4812 rdr->nprov = rdr->ftab.filts[0].nprids;
4813
4814 for(n = 0; n < rdr->nprov; n++)
4815 {
4816 rdr->prid[n][0] = rdr->ftab.filts[0].prids[n] >> 24;
4817 rdr->prid[n][1] = rdr->ftab.filts[0].prids[n] >> 16;
4818 rdr->prid[n][2] = rdr->ftab.filts[0].prids[n] >> 8;
4819 rdr->prid[n][3] = rdr->ftab.filts[0].prids[n] & 0xff;
4820 }
4821 }
4822
4823 rdr->card_status = CARD_NEED_INIT;
4824 rdr->last_g = rdr->last_s = time((time_t *) 0);
4825 rdr->tcp_connected = 1;
4826
4827 cc->just_logged_in = 1;
4828 cl->crypted = 1;
4829 cc->ecm_busy = 0;
4830
4831 #ifdef CS_CACHEEX_AIO
4832 if(cacheex_get_rdr_mode(rdr) > 0)
4833 {
4834 #endif
4835
4836 cc_cacheex_filter_out(cl);
4837
4838 #ifdef CS_CACHEEX_AIO
4839 cc_cacheex_feature_request(cl);
4840 }
4841 #endif
4842
4843 return 0;
4844 }
4845
4846 int32_t cc_cli_init_int(struct s_client *cl)
4847 {
4848 struct s_reader *rdr = cl->reader;
4849
4850 if(rdr->tcp_connected)
4851 {
4852 return 1;
4853 }
4854
4855 if(rdr->tcp_ito < 15 && rdr->tcp_ito !=-1)
4856 {
4857 rdr->tcp_ito = 30;
4858 }
4859
4860 if(rdr->cc_maxhops < 0)
4861 {
4862 rdr->cc_maxhops = DEFAULT_CC_MAXHOPS;
4863 }
4864
4865 if(rdr->tcp_rto < 1) // timeout to 30s
4866 {
4867 rdr->tcp_rto = 30;
4868 }
4869
4870 cs_log_dbg(D_READER, "cccam: inactivity timeout: %d seconds, receive timeout: %d seconds",
4871 rdr->tcp_ito, rdr->tcp_rto);
4872
4873 cc_check_version(rdr->cc_version, rdr->cc_build);
4874
4875 cs_log_dbg(D_READER, "proxy reader: %s (%s:%d) cccam v%s build %s, maxhops: %d",
4876 rdr->label, rdr->device, rdr->r_port, rdr->cc_version, rdr->cc_build, rdr->cc_maxhops);
4877
4878 return 0;
4879 }
4880
4881 int32_t cc_cli_init(struct s_client *cl)
4882 {
4883 struct s_reader *reader = cl->reader;
4884 int32_t res = cc_cli_init_int(cl); // Create socket
4885
4886 if(res == 0 && reader && (reader->cc_keepalive || !cl->cc) && !reader->tcp_connected)
4887 {
4888 cc_cli_connect(cl); // connect to remote server
4889
4890 //while(!reader->tcp_connected && reader->cc_keepalive && cfg.reader_restart_seconds > 0)
4891 //{
4892 // if((cc && cc->mode == CCCAM_MODE_SHUTDOWN))
4893 // {
4894 // return -1;
4895 // }
4896 //
4897 // if(!reader->tcp_connected)
4898 // {
4899 // cc_cli_close(cl, 0);
4900 // res = cc_cli_init_int(cl);
4901 // if(res)
4902 // {
4903 // return res;
4904 // }
4905 // }
4906 //
4907 // cs_log_dbg(D_READER, "%s restarting reader in %d seconds", reader->label, cfg.reader_restart_seconds);
4908 // cs_sleepms(cfg.reader_restart_seconds*1000);
4909 // cs_log_dbg(D_READER, "%s restarting reader...", reader->label);
4910 // cc_cli_connect(cl);
4911 //}
4912 }
4913 return res;
4914 }
4915
4916 /**
4917 * return 1 if we are able to send requests:
4918 */
4919 int32_t cc_available(struct s_reader *rdr, int32_t checktype, ECM_REQUEST *er)
4920 {
4921 if(!rdr || !rdr->client)
4922 {
4923 return 0;
4924 }
4925
4926 struct s_client *cl = rdr->client;
4927 if(!cl)
4928 {
4929 return 0;
4930 }
4931
4932 struct cc_data *cc = cl->cc;
4933 if(er && cc && rdr->tcp_connected)
4934 {
4935 struct cc_card *card = get_matching_card(cl, er, 1);
4936 if(!card)
4937 {
4938 return 0;
4939 }
4940 }
4941 //cs_log_dbg(D_TRACE, "checking reader %s availibility", rdr->label);
4942
4943 if(!cc || rdr->tcp_connected != 2)
4944 {
4945 // Two cases:
4946 // 1. Keepalive ON but not connected: Do NOT send requests,
4947 // because we can't connect - problem of full running pipes
4948 // 2. Keepalive OFF but not connected: Send requests to connect
4949 // pipe won't run full, because we are reading from pipe to
4950 // get the ecm request
4951
4952 if(rdr->cc_keepalive)
4953 {
4954 return 0;
4955 }
4956 }
4957
4958 //if(er && er->ecmlen > 255 && cc && !cc->extended_mode && (cc->remote_build_nr < 3367))
4959 //{
4960 // return 0; // remote does not support large ecms!
4961 //}
4962
4963 if(checktype == AVAIL_CHECK_LOADBALANCE && cc && cc->ecm_busy)
4964 {
4965 if(cc_request_timeout(cl))
4966 {
4967 cc_cycle_connection(cl);
4968 }
4969
4970 if(!rdr->tcp_connected || cc->ecm_busy)
4971 {
4972 cs_log_dbg(D_TRACE, "checking reader %s availibility=0 (unavail)", rdr->label);
4973 return 0; // We are processing EMMs/ECMs
4974 }
4975 }
4976
4977 return 1;
4978 }
4979
4980 /**
4981 *
4982 **/
4983 void cc_card_info(void)
4984 {
4985 struct s_client *cl = cur_client();
4986 struct s_reader *rdr = cl->reader;
4987
4988 if(rdr && !rdr->tcp_connected)
4989 {
4990 cc_cli_connect(cl);
4991 }
4992 }
4993
4994 void cc_cleanup(struct s_client *cl)
4995 {
4996 if(cl->typ != 'c')
4997 {
4998 cc_cli_close(cl, 1); // we need to close open fd's
4999 }
5000 cc_free(cl);
5001 }
5002
5003 void cc_update_nodeid(void)
5004 {
5005 if(array_has_nonzero_byte(cfg.cc_fixed_nodeid, sizeof(cfg.cc_fixed_nodeid)))
5006 {
5007 memcpy(cc_node_id, cfg.cc_fixed_nodeid, 8);
5008 return;
5009 }
5010
5011 // Partner Detection
5012 uint16_t sum = 0x1234; // This is our checksum
5013 int32_t i;
5014 get_random_bytes(cc_node_id, 4);
5015
5016 for(i = 0; i < 4; i++)
5017 {
5018 sum += cc_node_id[i];
5019 }
5020
5021 // Partner ID
5022 cc_node_id[4] = 0x10; // (Oscam 0x10, vPlugServer 0x11, Hadu 0x12, ...)
5023 sum += cc_node_id[4];
5024
5025 // generate checksum for Partner ID:
5026 cc_node_id[5] = 0xAA;
5027
5028 for(i = 0; i < 5; i++)
5029 {
5030 cc_node_id[5] ^= cc_node_id[i];
5031 }
5032 sum += cc_node_id[5];
5033
5034 cc_node_id[6] = sum >> 8;
5035 cc_node_id[7] = sum & 0xff;
5036
5037 memcpy(cfg.cc_fixed_nodeid, cc_node_id, 8);
5038 }
5039
5040 bool cccam_forward_origin_card(ECM_REQUEST *er)
5041 {
5042 if(cfg.cc_forward_origin_card && er->origin_card)
5043 {
5044 struct cc_card *card = er->origin_card;
5045 struct s_ecm_answer *eab = NULL;
5046 struct s_ecm_answer *ea;
5047
5048 for(ea = er->matching_rdr; ea; ea = ea->next)
5049 {
5050 ea->status &= ~(READER_ACTIVE | READER_FALLBACK);
5051 if(card->origin_reader == ea->reader)
5052 {
5053 eab = ea;
5054 }
5055 }
5056
5057 if(eab)
5058 {
5059 cs_log_dbg(D_LB, "loadbalancer: forward card: forced by card %d to reader %s",
5060 card->id, eab->reader->label);
5061
5062 eab->status |= READER_ACTIVE;
5063 return true;
5064 }
5065 }
5066
5067 return false;
5068 }
5069
5070 bool cccam_snprintf_cards_stat(struct s_client *cl, char *emmtext, size_t emmtext_sz)
5071 {
5072 struct cc_data *rcc = cl->cc;
5073 if(rcc)
5074 {
5075 LLIST *cards = rcc->cards;
5076 if(cards)
5077 {
5078 int32_t ncards = ll_count(cards);
5079 int32_t locals = rcc->num_hop1;
5080 snprintf(emmtext, emmtext_sz, " %3d/%3d card%s", locals, ncards, ncards > 1 ? "s " : " ");
5081 return true;
5082 }
5083 }
5084 return false;
5085 }
5086
5087 bool cccam_client_extended_mode(struct s_client *cl)
5088 {
5089 return cl && cl->cc && ((struct cc_data *)cl->cc)->extended_mode;
5090 }
5091
5092 bool cccam_client_multics_mode(struct s_client *cl)
5093 {
5094 return cl && cl->cc && ((struct cc_data *)cl->cc)->multics_mode == 2;
5095 }
5096
5097 void module_cccam(struct s_module *ph)
5098 {
5099 ph->desc = "cccam";
5100 ph->type = MOD_CONN_TCP;
5101 ph->large_ecm_support = 1;
5102 ph->listenertype = LIS_CCCAM;
5103 ph->num = R_CCCAM;
5104 ph->recv = cc_recv;
5105 ph->cleanup = cc_cleanup;
5106 ph->bufsize = 2048;
5107 ph->c_init = cc_cli_init;
5108 ph->c_idle = cc_idle;
5109 ph->c_recv_chk = cc_recv_chk;
5110 ph->c_send_ecm = cc_send_ecm;
5111 ph->c_send_emm = cc_send_emm;
5112 #ifdef MODULE_CCCSHARE
5113 IP_ASSIGN(ph->s_ip, cfg.cc_srvip);
5114 ph->s_handler = cc_srv_init;
5115 ph->s_init = cc_srv_init2;
5116 ph->s_idle = cc_s_idle;
5117 ph->send_dcw = cc_send_dcw;
5118 #endif
5119 ph->c_available = cc_available;
5120 ph->c_card_info = cc_card_info;
5121 cc_cacheex_module_init(ph);
5122 cc_update_nodeid();
5123
5124 #ifdef MODULE_CCCSHARE
5125 int32_t i;
5126 for(i = 0; i < CS_MAXPORTS; i++)
5127 {
5128 if(!cfg.cc_port[i])
5129 {
5130 break;
5131 }
5132 ph->ptab.ports[i].s_port = cfg.cc_port[i];
5133 ph->ptab.nports++;
5134 }
5135
5136 if(cfg.cc_port[0])
5137 {
5138 cccam_init_share();
5139 }
5140 #endif
5141 }
5142 #endif
Open Source Conditional Access Module