1 | #include "globals.h"
|
---|
2 | extern struct s_reader *reader;
|
---|
3 |
|
---|
4 | //CMD00 - ECM (request)
|
---|
5 | //CMD01 - ECM (response)
|
---|
6 | //CMD02 - EMM (in clientmode - set EMM, in server mode - EMM data) - obsolete
|
---|
7 | //CMD03 - ECM (cascading request)
|
---|
8 | //CMD04 - ECM (cascading response)
|
---|
9 | //CMD05 - EMM (emm request) send cardata/cardinfo to client
|
---|
10 | //CMD06 - EMM (incomming EMM in server mode)
|
---|
11 | //CMD19 - EMM (incomming EMM in server mode) only seen with caid 0x1830
|
---|
12 | //CMD08 - Stop sending requests to the server for current srvid,prvid,caid
|
---|
13 | //CMD44 - MPCS/OScam internal error notification
|
---|
14 |
|
---|
15 | #define REQ_SIZE 328 // 256 + 20 + 0x34
|
---|
16 | static uchar upwd[64]={0};
|
---|
17 | static uchar *req;
|
---|
18 | static int is_udp=1;
|
---|
19 |
|
---|
20 | static int camd35_send(uchar *buf)
|
---|
21 | {
|
---|
22 | int l;
|
---|
23 | unsigned char rbuf[REQ_SIZE+15+4], *sbuf=rbuf+4;
|
---|
24 |
|
---|
25 | if (!client[cs_idx].udp_fd) return(-1);
|
---|
26 | l=20+buf[1]+(((buf[0]==3) || (buf[0]==4)) ? 0x34 : 0);
|
---|
27 | memcpy(rbuf, client[cs_idx].ucrc, 4);
|
---|
28 | memcpy(sbuf, buf, l);
|
---|
29 | memset(sbuf+l, 0xff, 15); // set unused space to 0xff for newer camd3's
|
---|
30 | memcpy(sbuf+4, i2b(4, crc32(0L, sbuf+20, sbuf[1])), 4);
|
---|
31 | l=boundary(4, l);
|
---|
32 | cs_ddump(sbuf, l, "send %d bytes to %s", l, remote_txt());
|
---|
33 | aes_encrypt(sbuf, l);
|
---|
34 |
|
---|
35 | if (is_udp)
|
---|
36 | return(sendto(client[cs_idx].udp_fd, rbuf, l+4, 0,
|
---|
37 | (struct sockaddr *)&client[cs_idx].udp_sa,
|
---|
38 | sizeof(client[cs_idx].udp_sa)));
|
---|
39 | else
|
---|
40 | return(send(client[cs_idx].udp_fd, rbuf, l+4, 0));
|
---|
41 | }
|
---|
42 |
|
---|
43 | static int camd35_auth_client(uchar *ucrc)
|
---|
44 | {
|
---|
45 | int rc=1;
|
---|
46 | ulong crc;
|
---|
47 | struct s_auth *account;
|
---|
48 |
|
---|
49 | if (upwd[0])
|
---|
50 | return(memcmp(client[cs_idx].ucrc, ucrc, 4) ? 1 : 0);
|
---|
51 | client[cs_idx].crypted=1;
|
---|
52 | crc=(((ucrc[0]<<24) | (ucrc[1]<<16) | (ucrc[2]<<8) | ucrc[3]) & 0xffffffffL);
|
---|
53 | for (account=cfg->account; (account) && (!upwd[0]); account=account->next)
|
---|
54 | if (crc==crc32(0L, MD5((unsigned char *)account->usr, strlen(account->usr), NULL), 16))
|
---|
55 | {
|
---|
56 | memcpy(client[cs_idx].ucrc, ucrc, 4);
|
---|
57 | strcpy((char *)upwd, account->pwd);
|
---|
58 | aes_set_key((char *) MD5(upwd, strlen((char *)upwd), NULL));
|
---|
59 | rc=cs_auth_client(account, NULL);
|
---|
60 | }
|
---|
61 | return(rc);
|
---|
62 | }
|
---|
63 |
|
---|
64 | static int camd35_recv(uchar *buf, int l)
|
---|
65 | {
|
---|
66 | int rc, s, rs, n=0;
|
---|
67 | unsigned char recrc[4];
|
---|
68 | for (rc=rs=s=0; !rc; s++) switch(s)
|
---|
69 | {
|
---|
70 | case 0:
|
---|
71 | if (is_server)
|
---|
72 | {
|
---|
73 | if (!client[cs_idx].udp_fd) return(-9);
|
---|
74 | if (is_udp)
|
---|
75 | rs=recv_from_udpipe(buf);
|
---|
76 | else
|
---|
77 | rs=recv(client[cs_idx].udp_fd, buf, l, 0);
|
---|
78 | }
|
---|
79 | else
|
---|
80 | {
|
---|
81 | if (!client[cs_idx].udp_fd) return(-9);
|
---|
82 | rs=recv(client[cs_idx].udp_fd, buf, l, 0);
|
---|
83 | }
|
---|
84 | if (rs<24) rc=-1;
|
---|
85 | break;
|
---|
86 | case 1:
|
---|
87 | memcpy(recrc, buf, 4);
|
---|
88 | memmove(buf, buf+4, rs-=4);
|
---|
89 | switch (camd35_auth_client(recrc))
|
---|
90 | {
|
---|
91 | case 0: break; // ok
|
---|
92 | case 1: rc=-2; break; // unknown user
|
---|
93 | default: rc=-9; break; // error's from cs_auth()
|
---|
94 | }
|
---|
95 | break;
|
---|
96 | case 2:
|
---|
97 | aes_decrypt(buf, rs);
|
---|
98 | cs_ddump(buf, rs, "received %d bytes from %s", rs, remote_txt());
|
---|
99 | if (rs!=boundary(4, rs))
|
---|
100 | cs_debug("WARNING: packet size has wrong decryption boundary");
|
---|
101 | //n=(buf[0]==3) ? n=0x34 : 0; this was original, but statement below seems more logical -- dingo35
|
---|
102 | n=(buf[0]==3) ? 0x34 : 0;
|
---|
103 | n=boundary(4, n+20+buf[1]);
|
---|
104 | if (n<rs)
|
---|
105 | cs_debug("ignoring %d bytes of garbage", rs-n);
|
---|
106 | else
|
---|
107 | if (n>rs) rc=-3;
|
---|
108 | break;
|
---|
109 | case 3:
|
---|
110 | if (crc32(0L, buf+20, buf[1])!=b2i(4, buf+4)) rc=-4;
|
---|
111 | if (!rc) rc=n;
|
---|
112 | break;
|
---|
113 | }
|
---|
114 | if ((rs>0) && ((rc==-1)||(rc==-2)))
|
---|
115 | cs_ddump(buf, rs, "received %d bytes from %s (native)", rs, remote_txt);
|
---|
116 | client[cs_idx].last=time((time_t *) 0);
|
---|
117 | switch(rc)
|
---|
118 | {
|
---|
119 | case -1: cs_log("packet to small (%d bytes)", rs);
|
---|
120 | break;
|
---|
121 | case -2: cs_auth_client(0, "unknown user");
|
---|
122 | break;
|
---|
123 | case -3: cs_log("incomplete request !");
|
---|
124 | break;
|
---|
125 | case -4: cs_log("checksum error (wrong password ?)");
|
---|
126 | break;
|
---|
127 | }
|
---|
128 | return(rc);
|
---|
129 | }
|
---|
130 |
|
---|
131 | /*
|
---|
132 | * server functions
|
---|
133 | */
|
---|
134 |
|
---|
135 | static void camd35_request_emm(ECM_REQUEST *er)
|
---|
136 | {
|
---|
137 | int i, au;
|
---|
138 | time_t now;
|
---|
139 | static time_t last=0;
|
---|
140 | static int disable_counter=0;
|
---|
141 | static uchar lastserial[8]={0,0,0,0,0,0,0,0};
|
---|
142 |
|
---|
143 | au=client[cs_idx].au;
|
---|
144 | if ((au<0) || (au>CS_MAXREADER)) return; // TODO
|
---|
145 |
|
---|
146 | time(&now);
|
---|
147 | if (!memcmp(lastserial, reader[au].hexserial, 8))
|
---|
148 | if (abs(now-last)<180) return;
|
---|
149 | memcpy(lastserial, reader[au].hexserial, 8);
|
---|
150 | last=now;
|
---|
151 |
|
---|
152 | if (reader[au].caid[0])
|
---|
153 | {
|
---|
154 | disable_counter=0;
|
---|
155 | log_emm_request(au);
|
---|
156 | }
|
---|
157 | else
|
---|
158 | if (disable_counter>2)
|
---|
159 | return;
|
---|
160 | else
|
---|
161 | disable_counter++;
|
---|
162 |
|
---|
163 | // if (reader[au].hexserial[3])
|
---|
164 | // {
|
---|
165 | // if (!reader[au].online)
|
---|
166 | // {
|
---|
167 | // memset(lastserial, 0, sizeof(lastserial));
|
---|
168 | // return;
|
---|
169 | // }
|
---|
170 | memset(mbuf, 0, sizeof(mbuf));
|
---|
171 | mbuf[2]=mbuf[3]=0xff; // must not be zero
|
---|
172 | memcpy(mbuf+ 8, i2b(2, er->srvid), 2);
|
---|
173 | memcpy(mbuf+12, i2b(4, er->prid ), 4);
|
---|
174 | memcpy(mbuf+16, i2b(2, er->pid ), 2);
|
---|
175 | mbuf[0]=5;
|
---|
176 | mbuf[1]=111;
|
---|
177 | if (reader[au].caid[0])
|
---|
178 | {
|
---|
179 | mbuf[39]=1; // no. caids
|
---|
180 | mbuf[20]=reader[au].caid[0]>>8; // caid's (max 8)
|
---|
181 | mbuf[21]=reader[au].caid[0]&0xff;
|
---|
182 | memcpy(mbuf+40, reader[au].hexserial, 6); // serial now 6 bytes
|
---|
183 | mbuf[47]=reader[au].nprov;
|
---|
184 | for (i=0; i<reader[au].nprov; i++)
|
---|
185 | {
|
---|
186 | if (((reader[au].caid[0] >= 0x1700) && (reader[au].caid[0] <= 0x1799)) || // Betacrypt
|
---|
187 | ((reader[au].caid[0] >= 0x0600) && (reader[au].caid[0] <= 0x0699))) // Irdeto (don't know if this is correct, cause I don't own a IRDETO-Card)
|
---|
188 | {
|
---|
189 | mbuf[48+(i*5)]=reader[au].prid[i][0];
|
---|
190 | memcpy(&mbuf[50+(i*5)], &reader[au].prid[i][1], 3);
|
---|
191 | }
|
---|
192 | else
|
---|
193 | {
|
---|
194 | mbuf[48+(i*5)]=reader[au].prid[i][2];
|
---|
195 | mbuf[49+(i*5)]=reader[au].prid[i][3];
|
---|
196 | memcpy(&mbuf[50+(i*5)], &reader[au].sa[i][0],3);
|
---|
197 | }
|
---|
198 | }/* b_nano old implementation was not working according to documentation, so we changed it
|
---|
199 | mbuf[128]=(reader[au].b_nano[0xd0])?0:1;
|
---|
200 | mbuf[129]=(reader[au].b_nano[0xd2])?0:1;
|
---|
201 | mbuf[130]=(reader[au].b_nano[0xd3])?0:1;*/
|
---|
202 | //we think client/server protocols should deliver all information, and only readers should discard EMM
|
---|
203 | mbuf[128]=reader[au].blockemm_g; //if 0, GA EMM is blocked
|
---|
204 | mbuf[129]=reader[au].blockemm_s; //if 0, SA EMM is blocked
|
---|
205 | mbuf[130]=reader[au].blockemm_u; //if 0, UA EMM is blocked
|
---|
206 | mbuf[131]=reader[au].card_system; //Cardsystem for Oscam client
|
---|
207 | }
|
---|
208 | else // disable emm
|
---|
209 | mbuf[20]=mbuf[39]=mbuf[40]=mbuf[47]=mbuf[49]=1;
|
---|
210 | memcpy(mbuf+10, mbuf+20, 2);
|
---|
211 | camd35_send(mbuf); // send with data-len 111 for camd3 > 3.890
|
---|
212 | mbuf[1]++;
|
---|
213 | camd35_send(mbuf); // send with data-len 112 for camd3 < 3.890
|
---|
214 | // }
|
---|
215 | }
|
---|
216 |
|
---|
217 | static void camd35_send_dcw(ECM_REQUEST *er)
|
---|
218 | {
|
---|
219 | uchar *buf;
|
---|
220 | buf=req+(er->cpti*REQ_SIZE); // get orig request
|
---|
221 |
|
---|
222 | if (((er->rcEx > 0) || (er->rc == 8)) && !client[cs_idx].c35_suppresscmd08)
|
---|
223 | {
|
---|
224 | buf[0]=0x08;
|
---|
225 | buf[1]=2;
|
---|
226 | memset(buf+20, 0, buf[1]);
|
---|
227 | }
|
---|
228 | else
|
---|
229 | {
|
---|
230 | // Send CW
|
---|
231 | if ((er->rc < 4) || (er->rc == 7))
|
---|
232 | {
|
---|
233 | if (buf[0]==3)
|
---|
234 | memmove(buf+20+16, buf+20+buf[1], 0x34);
|
---|
235 | buf[0]++;
|
---|
236 | buf[1]=16;
|
---|
237 | memcpy(buf+20, er->cw, buf[1]);
|
---|
238 | }
|
---|
239 | else
|
---|
240 | {
|
---|
241 | // Send old CMD44 to prevent cascading problems with older mpcs/oscam versions
|
---|
242 | buf[0]=0x44;
|
---|
243 | buf[1]=0;
|
---|
244 | }
|
---|
245 | }
|
---|
246 | camd35_send(buf);
|
---|
247 | camd35_request_emm(er);
|
---|
248 | }
|
---|
249 |
|
---|
250 | static void camd35_process_ecm(uchar *buf)
|
---|
251 | {
|
---|
252 | ECM_REQUEST *er;
|
---|
253 | if (!(er=get_ecmtask()))
|
---|
254 | return;
|
---|
255 | er->l=buf[1];
|
---|
256 | memcpy(req+(er->cpti*REQ_SIZE), buf, 0x34+20+er->l); // save request
|
---|
257 | er->srvid=b2i(2, buf+ 8);
|
---|
258 | er->caid =b2i(2, buf+10);
|
---|
259 | er->prid =b2i(4, buf+12);
|
---|
260 | er->pid =b2i(2, buf+16);
|
---|
261 | memcpy(er->ecm, buf+20, er->l);
|
---|
262 | get_cw(er);
|
---|
263 | }
|
---|
264 |
|
---|
265 | static void camd35_process_emm(uchar *buf)
|
---|
266 | {
|
---|
267 | int au;
|
---|
268 | EMM_PACKET epg;
|
---|
269 | memset(&epg, 0, sizeof(epg));
|
---|
270 | au=client[cs_idx].au;
|
---|
271 | if ((au<0) || (au>CS_MAXREADER)) return; // TODO
|
---|
272 | epg.l=buf[1];
|
---|
273 | memcpy(epg.caid , buf+10 , 2);
|
---|
274 | memcpy(epg.provid , buf+12 , 4);
|
---|
275 | memcpy(epg.emm , buf+20 , epg.l);
|
---|
276 | do_emm(&epg);
|
---|
277 | }
|
---|
278 |
|
---|
279 | static void camd35_server()
|
---|
280 | {
|
---|
281 | int n;
|
---|
282 |
|
---|
283 | req=(uchar *)malloc(CS_MAXPENDING*REQ_SIZE);
|
---|
284 | if (!req)
|
---|
285 | {
|
---|
286 | cs_log("Cannot allocate memory (errno=%d)", errno);
|
---|
287 | cs_exit(1);
|
---|
288 | }
|
---|
289 | memset(req, 0, CS_MAXPENDING*REQ_SIZE);
|
---|
290 |
|
---|
291 | is_udp = (ph[client[cs_idx].ctyp].type == MOD_CONN_UDP);
|
---|
292 |
|
---|
293 | while ((n=process_input(mbuf, sizeof(mbuf), cfg->cmaxidle))>0)
|
---|
294 | {
|
---|
295 | switch(mbuf[0])
|
---|
296 | {
|
---|
297 | case 0: // ECM
|
---|
298 | case 3: // ECM (cascading)
|
---|
299 | camd35_process_ecm(mbuf);
|
---|
300 | break;
|
---|
301 | case 6: // EMM
|
---|
302 | case 19: // EMM
|
---|
303 | camd35_process_emm(mbuf);
|
---|
304 | break;
|
---|
305 | default:
|
---|
306 | cs_log("unknown camd35 command! (%d)", mbuf[0]);
|
---|
307 | }
|
---|
308 | }
|
---|
309 |
|
---|
310 | if(req) { free(req); req=0;}
|
---|
311 |
|
---|
312 | cs_disconnect_client();
|
---|
313 | }
|
---|
314 |
|
---|
315 | /*
|
---|
316 | * client functions
|
---|
317 | */
|
---|
318 |
|
---|
319 | static void casc_set_account()
|
---|
320 | {
|
---|
321 | strcpy((char *)upwd, reader[ridx].r_pwd);
|
---|
322 | memcpy(client[cs_idx].ucrc, i2b(4, crc32(0L, MD5((unsigned char *)reader[ridx].r_usr, strlen(reader[ridx].r_usr), NULL), 16)), 4);
|
---|
323 | aes_set_key((char *)MD5(upwd, strlen((char *)upwd), NULL));
|
---|
324 | client[cs_idx].crypted=1;
|
---|
325 | }
|
---|
326 |
|
---|
327 | int camd35_client_init()
|
---|
328 | {
|
---|
329 | static struct sockaddr_in loc_sa;
|
---|
330 | struct protoent *ptrp;
|
---|
331 | int p_proto;//, sock_type;
|
---|
332 | char ptxt[16];
|
---|
333 |
|
---|
334 | pfd=0;
|
---|
335 | if (reader[ridx].r_port<=0)
|
---|
336 | {
|
---|
337 | cs_log("invalid port %d for server %s", reader[ridx].r_port, reader[ridx].device);
|
---|
338 | return(1);
|
---|
339 | }
|
---|
340 | is_udp=(reader[ridx].typ==R_CAMD35);
|
---|
341 | if( (ptrp=getprotobyname(is_udp ? "udp" : "tcp")) )
|
---|
342 | p_proto=ptrp->p_proto;
|
---|
343 | else
|
---|
344 | p_proto=(is_udp) ? 17 : 6; // use defaults on error
|
---|
345 |
|
---|
346 | client[cs_idx].ip=0;
|
---|
347 | memset((char *)&loc_sa,0,sizeof(loc_sa));
|
---|
348 | loc_sa.sin_family = AF_INET;
|
---|
349 | #ifdef LALL
|
---|
350 | if (cfg->serverip[0])
|
---|
351 | loc_sa.sin_addr.s_addr = inet_addr(cfg->serverip);
|
---|
352 | else
|
---|
353 | #endif
|
---|
354 | loc_sa.sin_addr.s_addr = INADDR_ANY;
|
---|
355 | loc_sa.sin_port = htons(reader[ridx].l_port);
|
---|
356 |
|
---|
357 | if ((client[cs_idx].udp_fd=socket(PF_INET, is_udp ? SOCK_DGRAM : SOCK_STREAM, p_proto))<0)
|
---|
358 | {
|
---|
359 | cs_log("Socket creation failed (errno=%d)", errno);
|
---|
360 | cs_exit(1);
|
---|
361 | }
|
---|
362 |
|
---|
363 | #ifdef SO_PRIORITY
|
---|
364 | if (cfg->netprio)
|
---|
365 | setsockopt(client[cs_idx].udp_fd, SOL_SOCKET, SO_PRIORITY, (void *)&cfg->netprio, sizeof(ulong));
|
---|
366 | #endif
|
---|
367 |
|
---|
368 | if (reader[ridx].l_port>0)
|
---|
369 | {
|
---|
370 | if (bind(client[cs_idx].udp_fd, (struct sockaddr *)&loc_sa, sizeof (loc_sa))<0)
|
---|
371 | {
|
---|
372 | cs_log("bind failed (errno=%d)", errno);
|
---|
373 | close(client[cs_idx].udp_fd);
|
---|
374 | return(1);
|
---|
375 | }
|
---|
376 | sprintf(ptxt, ", port=%d", reader[ridx].l_port);
|
---|
377 | }
|
---|
378 | else
|
---|
379 | ptxt[0]='\0';
|
---|
380 |
|
---|
381 | casc_set_account();
|
---|
382 | memset((char *)&client[cs_idx].udp_sa, 0, sizeof(client[cs_idx].udp_sa));
|
---|
383 | client[cs_idx].udp_sa.sin_family=AF_INET;
|
---|
384 | client[cs_idx].udp_sa.sin_port=htons((u_short)reader[ridx].r_port);
|
---|
385 |
|
---|
386 | cs_log("proxy %s:%d (fd=%d%s)",
|
---|
387 | reader[ridx].device, reader[ridx].r_port,
|
---|
388 | client[cs_idx].udp_fd, ptxt);
|
---|
389 |
|
---|
390 | if (is_udp) pfd=client[cs_idx].udp_fd;
|
---|
391 |
|
---|
392 | return(0);
|
---|
393 | }
|
---|
394 |
|
---|
395 | int camd35_client_init_log()
|
---|
396 | {
|
---|
397 | static struct sockaddr_in loc_sa;
|
---|
398 | struct protoent *ptrp;
|
---|
399 | int p_proto;
|
---|
400 |
|
---|
401 | if (reader[ridx].log_port<=0)
|
---|
402 | {
|
---|
403 | cs_log("invalid port %d for camd3-loghost", reader[ridx].log_port);
|
---|
404 | return(1);
|
---|
405 | }
|
---|
406 |
|
---|
407 | ptrp=getprotobyname("udp");
|
---|
408 | if (ptrp)
|
---|
409 | p_proto=ptrp->p_proto;
|
---|
410 | else
|
---|
411 | p_proto=17; // use defaults on error
|
---|
412 |
|
---|
413 | memset((char *)&loc_sa,0,sizeof(loc_sa));
|
---|
414 | loc_sa.sin_family = AF_INET;
|
---|
415 | loc_sa.sin_addr.s_addr = INADDR_ANY;
|
---|
416 | loc_sa.sin_port = htons(reader[ridx].log_port);
|
---|
417 |
|
---|
418 | if ((logfd=socket(PF_INET, SOCK_DGRAM, p_proto))<0)
|
---|
419 | {
|
---|
420 | cs_log("Socket creation failed (errno=%d)", errno);
|
---|
421 | return(1);
|
---|
422 | }
|
---|
423 |
|
---|
424 | if (bind(logfd, (struct sockaddr *)&loc_sa, sizeof(loc_sa))<0)
|
---|
425 | {
|
---|
426 | cs_log("bind failed (errno=%d)", errno);
|
---|
427 | close(logfd);
|
---|
428 | return(1);
|
---|
429 | }
|
---|
430 |
|
---|
431 | cs_log("camd3 loghost initialized (fd=%d, port=%d)",
|
---|
432 | logfd, reader[ridx].log_port);
|
---|
433 |
|
---|
434 | return(0);
|
---|
435 | }
|
---|
436 |
|
---|
437 | static int tcp_connect()
|
---|
438 | {
|
---|
439 | if (!reader[ridx].tcp_connected)
|
---|
440 | {
|
---|
441 | int handle=0;
|
---|
442 | handle = network_tcp_connection_open();
|
---|
443 | if (handle<0) return(0);
|
---|
444 |
|
---|
445 | reader[ridx].tcp_connected = 1;
|
---|
446 | reader[ridx].last_s = reader[ridx].last_g = time((time_t *)0);
|
---|
447 | pfd = client[cs_idx].udp_fd = handle;
|
---|
448 | }
|
---|
449 | if (!client[cs_idx].udp_fd) return(0);
|
---|
450 | return(1);
|
---|
451 | }
|
---|
452 |
|
---|
453 | static int camd35_send_ecm(ECM_REQUEST *er, uchar *buf)
|
---|
454 | {
|
---|
455 | if (!client[cs_idx].udp_sa.sin_addr.s_addr) // once resolved at least
|
---|
456 | return(-1);
|
---|
457 |
|
---|
458 | if (!is_udp && !tcp_connect()) return(-1);
|
---|
459 |
|
---|
460 | memset(buf, 0, 20);
|
---|
461 | memset(buf+20, 0xff, er->l+15);
|
---|
462 | buf[1]=er->l;
|
---|
463 | memcpy(buf+ 8, i2b(2, er->srvid), 2);
|
---|
464 | memcpy(buf+10, i2b(2, er->caid ), 2);
|
---|
465 | memcpy(buf+12, i2b(4, er->prid ), 4);
|
---|
466 | // memcpy(buf+16, i2b(2, er->pid ), 2);
|
---|
467 | // memcpy(buf+16, &er->idx , 2);
|
---|
468 | memcpy(buf+16, i2b(2, er->idx ), 2);
|
---|
469 | buf[18]=0xff;
|
---|
470 | buf[19]=0xff;
|
---|
471 | memcpy(buf+20, er->ecm , er->l);
|
---|
472 | return((camd35_send(buf)<1) ? (-1) : 0);
|
---|
473 | }
|
---|
474 |
|
---|
475 | static int camd35_send_emm(EMM_PACKET *ep)
|
---|
476 | {
|
---|
477 | uchar buf[512];
|
---|
478 | if (!client[cs_idx].udp_sa.sin_addr.s_addr) // once resolved at least
|
---|
479 | return(-1);
|
---|
480 |
|
---|
481 | if (!is_udp && !tcp_connect()) return(-1);
|
---|
482 |
|
---|
483 | memset(buf, 0, 20);
|
---|
484 | memset(buf+20, 0xff, ep->l+15);
|
---|
485 |
|
---|
486 | buf[0]=0x06;
|
---|
487 | buf[1]=ep->l;
|
---|
488 | memcpy(buf+10, ep->caid, 2);
|
---|
489 | memcpy(buf+12, ep->provid, 4);
|
---|
490 | memcpy(buf+20, ep->emm, ep->l);
|
---|
491 |
|
---|
492 | return((camd35_send(buf)<1) ? (-1) : 0);
|
---|
493 | }
|
---|
494 |
|
---|
495 | static int camd35_recv_chk(uchar *dcw, int *rc, uchar *buf)
|
---|
496 | {
|
---|
497 | ushort idx;
|
---|
498 |
|
---|
499 | // reading CMD05 Emm request and set serial
|
---|
500 | if ((buf[0] == 0x05) && !(buf[131]==0xff)) {
|
---|
501 | memcpy(reader[ridx].hexserial, buf + 40, 6);
|
---|
502 | reader[ridx].hexserial[6] = 0;
|
---|
503 | reader[ridx].hexserial[7] = 0;
|
---|
504 | reader[ridx].blockemm_g = buf[128];
|
---|
505 | reader[ridx].blockemm_s = buf[129];
|
---|
506 | reader[ridx].blockemm_u = buf[129];
|
---|
507 | reader[ridx].aucaid = b2i(2, buf+20);
|
---|
508 | reader[ridx].card_system = buf[131];
|
---|
509 | cs_log("CMD05 reader: %s serial: %s cardsyst: %d aucaid: %04X",
|
---|
510 | reader[ridx].label,
|
---|
511 | cs_hexdump(0, reader[ridx].hexserial, 8),
|
---|
512 | reader[ridx].card_system,
|
---|
513 | reader[ridx].aucaid);
|
---|
514 | }
|
---|
515 |
|
---|
516 | // CMD44: old reject command introduced in mpcs
|
---|
517 | // keeping this for backward compatibility
|
---|
518 | if ((buf[0] != 1) && (buf[0] != 0x44) && (buf[0] != 0x08))
|
---|
519 | return(-1);
|
---|
520 |
|
---|
521 | idx = b2i(2, buf+16);
|
---|
522 |
|
---|
523 | *rc = ((buf[0] != 0x44) && (buf[0] != 0x08));
|
---|
524 |
|
---|
525 | memcpy(dcw, buf+20, 16);
|
---|
526 | return(idx);
|
---|
527 | }
|
---|
528 |
|
---|
529 | static int camd35_recv_log(ushort *caid, ulong *provid, ushort *srvid)
|
---|
530 | {
|
---|
531 | int i;
|
---|
532 | uchar buf[512], *ptr, *ptr2;
|
---|
533 | ushort idx=0;
|
---|
534 | if (!logfd) return(-1);
|
---|
535 | if ((i=recv(logfd, buf, sizeof(buf), 0))<=0) return(-1);
|
---|
536 | buf[i]=0;
|
---|
537 |
|
---|
538 | if (!(ptr=(uchar *)strstr((char *)buf, " -> "))) return(-1);
|
---|
539 | ptr+=4;
|
---|
540 | if (strstr((char *)ptr, " decoded ")) return(-1); // skip "found"s
|
---|
541 | if (!(ptr2=(uchar *)strchr((char *)ptr, ' '))) return(-1); // corrupt
|
---|
542 | *ptr2=0;
|
---|
543 |
|
---|
544 | for (i=0, ptr2=(uchar *)strtok((char *)ptr, ":"); ptr2; i++, ptr2=(uchar *)strtok(NULL, ":"))
|
---|
545 | {
|
---|
546 | trim((char *)ptr2);
|
---|
547 | switch(i)
|
---|
548 | {
|
---|
549 | case 0: *caid =cs_atoi((char *)ptr2, strlen((char *)ptr2)>>1, 0); break;
|
---|
550 | case 1: *provid=cs_atoi((char *)ptr2, strlen((char *)ptr2)>>1, 0); break;
|
---|
551 | case 2: *srvid =cs_atoi((char *)ptr2, strlen((char *)ptr2)>>1, 0); break;
|
---|
552 | case 3: idx =cs_atoi((char *)ptr2, strlen((char *)ptr2)>>1, 0); break;
|
---|
553 | }
|
---|
554 | if (errno) return(-1);
|
---|
555 | }
|
---|
556 | return(idx&0x1FFF);
|
---|
557 | }
|
---|
558 |
|
---|
559 | /*
|
---|
560 | * module definitions
|
---|
561 | */
|
---|
562 |
|
---|
563 | void module_camd35(struct s_module *ph)
|
---|
564 | {
|
---|
565 | static PTAB ptab;
|
---|
566 | ptab.ports[0].s_port = cfg->c35_port;
|
---|
567 | ph->ptab = &ptab;
|
---|
568 | ph->ptab->nports = 1;
|
---|
569 |
|
---|
570 | strcpy(ph->desc, "camd 3.5x");
|
---|
571 | ph->type=MOD_CONN_UDP;
|
---|
572 | ph->multi=1;
|
---|
573 | ph->watchdog=1;
|
---|
574 | ph->s_ip=cfg->c35_srvip;
|
---|
575 | ph->s_handler=camd35_server;
|
---|
576 | ph->recv=camd35_recv;
|
---|
577 | ph->send_dcw=camd35_send_dcw;
|
---|
578 | ph->c_multi=1;
|
---|
579 | ph->c_init=camd35_client_init;
|
---|
580 | ph->c_recv_chk=camd35_recv_chk;
|
---|
581 | ph->c_send_ecm=camd35_send_ecm;
|
---|
582 | ph->c_send_emm=camd35_send_emm;
|
---|
583 | ph->c_init_log=camd35_client_init_log;
|
---|
584 | ph->c_recv_log=camd35_recv_log;
|
---|
585 | }
|
---|
586 |
|
---|
587 | void module_camd35_tcp(struct s_module *ph)
|
---|
588 | {
|
---|
589 | strcpy(ph->desc, "cs378x");
|
---|
590 | ph->type=MOD_CONN_TCP;
|
---|
591 | ph->multi=1;
|
---|
592 | ph->watchdog=1;
|
---|
593 | ph->ptab=&cfg->c35_tcp_ptab;
|
---|
594 | if (ph->ptab->nports==0)
|
---|
595 | ph->ptab->nports=1; // show disabled in log
|
---|
596 | ph->s_ip=cfg->c35_tcp_srvip;
|
---|
597 | ph->s_handler=camd35_server;
|
---|
598 | ph->recv=camd35_recv;
|
---|
599 | ph->send_dcw=camd35_send_dcw;
|
---|
600 | ph->c_multi=1;
|
---|
601 | ph->c_init=camd35_client_init;
|
---|
602 | ph->c_recv_chk=camd35_recv_chk;
|
---|
603 | ph->c_send_ecm=camd35_send_ecm;
|
---|
604 | ph->c_send_emm=camd35_send_emm;
|
---|
605 | ph->c_init_log=camd35_client_init_log;
|
---|
606 | ph->c_recv_log=camd35_recv_log;
|
---|
607 | }
|
---|