1 | #include "globals.h"
|
---|
2 | #ifdef MODULE_GBOX
|
---|
3 | #include <pthread.h>
|
---|
4 | //#define _XOPEN_SOURCE 600
|
---|
5 | #include <semaphore.h>
|
---|
6 | #include <time.h>
|
---|
7 | #include <sys/time.h>
|
---|
8 |
|
---|
9 | #include "module-datastruct-llist.h"
|
---|
10 | #include "algo/minilzo.h"
|
---|
11 |
|
---|
12 | enum {
|
---|
13 | MSG_ECM = 0x445c,
|
---|
14 | MSG_CW = 0x4844,
|
---|
15 | MSG_HELLO = 0xddab,
|
---|
16 | MSG_CHECKCODE = 0x41c0,
|
---|
17 | MSG_GOODBYE = 0x9091,
|
---|
18 | MSG_GSMS_ACK = 0x9098,
|
---|
19 | MSG_GSMS = 0xff0,
|
---|
20 | MSG_BOXINFO = 0xa0a1
|
---|
21 | };
|
---|
22 |
|
---|
23 | struct gbox_card {
|
---|
24 | uint16 peer_id;
|
---|
25 | uint16 provid;
|
---|
26 | int slot;
|
---|
27 | int dist;
|
---|
28 | int lvl;
|
---|
29 | };
|
---|
30 |
|
---|
31 | struct gbox_peer {
|
---|
32 | uint16 id;
|
---|
33 | uchar key[4];
|
---|
34 | uchar ver;
|
---|
35 | uchar type;
|
---|
36 | LLIST *cards;
|
---|
37 | uchar checkcode[7];
|
---|
38 | uchar *hostname;
|
---|
39 | int online;
|
---|
40 | int fail_count;
|
---|
41 | int hello_count;
|
---|
42 | };
|
---|
43 |
|
---|
44 | struct gbox_data {
|
---|
45 | uint16 id;
|
---|
46 | uchar checkcode[7];
|
---|
47 | uchar key[4];
|
---|
48 | uchar ver;
|
---|
49 | uchar type;
|
---|
50 | int ecm_idx;
|
---|
51 | int hello_expired;
|
---|
52 | uchar cws[16];
|
---|
53 | struct gbox_peer peer;
|
---|
54 | pthread_mutex_t lock;
|
---|
55 | uchar buf[1024];
|
---|
56 | sem_t sem;
|
---|
57 | };
|
---|
58 |
|
---|
59 | static const uchar sbox[] = {
|
---|
60 | 0x25, 0x38, 0xd4, 0xcd, 0x17, 0x7a, 0x5e, 0x6c,
|
---|
61 | 0x52, 0x42, 0xfe, 0x68, 0xab, 0x3f, 0xf7, 0xbe,
|
---|
62 | 0x47, 0x57, 0x71, 0xb0, 0x23, 0xc1, 0x26, 0x6c,
|
---|
63 | 0x41, 0xce, 0x94, 0x37, 0x45, 0x04, 0xa2, 0xea,
|
---|
64 | 0x07, 0x58, 0x35, 0x55, 0x08, 0x2a, 0x0f, 0xe7,
|
---|
65 | 0xac, 0x76, 0xf0, 0xc1, 0xe6, 0x09, 0x10, 0xdd,
|
---|
66 | 0xc5, 0x8d, 0x2e, 0xd9, 0x03, 0x9c, 0x3d, 0x2c,
|
---|
67 | 0x4d, 0x41, 0x0c, 0x5e, 0xde, 0xe4, 0x90, 0xae
|
---|
68 | };
|
---|
69 |
|
---|
70 | static int gbox_decode_cmd(uchar *buf)
|
---|
71 | {
|
---|
72 | return buf[0] << 8 | buf[1];
|
---|
73 | }
|
---|
74 |
|
---|
75 | static void gbox_calc_checkcode(struct gbox_data *gbox)
|
---|
76 | {
|
---|
77 | memcpy(gbox->checkcode, "\x15\x30\x2\x4\x19\x19\x66", 7); /* no local cards */
|
---|
78 |
|
---|
79 | // for all local cards do:
|
---|
80 | /*
|
---|
81 | gbox->checkcode[0] ^= provid << 24;
|
---|
82 | gbox->checkcode[1] ^= provid << 16;
|
---|
83 | gbox->checkcode[2] ^= provid << 8;
|
---|
84 | gbox->checkcode[3] ^= provid & 0xff;
|
---|
85 | gbox->checkcode[4] ^= slot; // reader number
|
---|
86 | gbox->checkcode[5] ^= gbox->id << 8;
|
---|
87 | gbox->checkcode[6] ^= gbox->id & 0xff;
|
---|
88 | */
|
---|
89 | }
|
---|
90 |
|
---|
91 | uint32_t ecm_getcrc(ECM_REQUEST *er, int ecmlen)
|
---|
92 | {
|
---|
93 |
|
---|
94 | uint8 checksum[4];
|
---|
95 | int counter;
|
---|
96 |
|
---|
97 | uchar ecm[0xFF];
|
---|
98 | memcpy(ecm, er->ecm, er->l);
|
---|
99 |
|
---|
100 | checksum[3]= ecm[0];
|
---|
101 | checksum[2]= ecm[1];
|
---|
102 | checksum[1]= ecm[2];
|
---|
103 | checksum[0]= ecm[3];
|
---|
104 |
|
---|
105 | for (counter=1; counter< (ecmlen/4) - 4; counter++) {
|
---|
106 | checksum[3] ^=ecm[counter*4];
|
---|
107 | checksum[2] ^=ecm[counter*4+1];
|
---|
108 | checksum[1] ^=ecm[counter*4+2];
|
---|
109 | checksum[0] ^=ecm[counter*4+3];
|
---|
110 | }
|
---|
111 |
|
---|
112 | return checksum[3] << 24 | checksum[2]<<16 | checksum[1]<<8 | checksum[0];
|
---|
113 | }
|
---|
114 |
|
---|
115 | static void gbox_encrypt_stage1(uchar *buf, int l, uchar *key)
|
---|
116 | {
|
---|
117 | int i;
|
---|
118 |
|
---|
119 | for (i = 31; i >= 0; i--) {
|
---|
120 | uchar tmp;
|
---|
121 |
|
---|
122 | tmp = key[3];
|
---|
123 | int j;
|
---|
124 | for (j = 3; j > 0; j--)
|
---|
125 | key[j] = (key[j - 1] << 7) + (key[j] >> 1);
|
---|
126 | key[0] = (tmp << 7) + (key[0] >> 1);
|
---|
127 |
|
---|
128 | buf[i + 1 - ((i + 1) & 0xf8)] += sbox[((key[i + 1 - ((i + 1) & 0xfc)] ^ buf[i - (i & 0xf8)]) >> 2) & 0x3f] * 2;
|
---|
129 | buf[i + 1 - ((i + 1) & 0xf8)] ^= sbox[(buf[i - (i & 0xf8)] - key[i + 1 - ((i + 1) & 0xfc)]) & 0x3f];
|
---|
130 | buf[i + 1 - ((i + 1) & 0xf8)] += key[i - (i & 0xfc)];
|
---|
131 | }
|
---|
132 | }
|
---|
133 |
|
---|
134 | static void gbox_encrypt_stage2(uchar *buf, int l, uchar *key)
|
---|
135 | {
|
---|
136 | int i, j;
|
---|
137 |
|
---|
138 | for (i = 0; i < 4; i++)
|
---|
139 | for (j = 7; j >= 0; j--) {
|
---|
140 | uchar tmp;
|
---|
141 |
|
---|
142 | tmp = key[3];
|
---|
143 | int k;
|
---|
144 | for (k = 3; k > 0; k--)
|
---|
145 | key[k] = (key[k - 1] << 7) + (key[k] >> 1);
|
---|
146 | key[0] = (tmp << 7) + (key[0] >> 1);
|
---|
147 |
|
---|
148 | buf[(j + 1) & 7] -= sbox[(buf[j] >> 2) & 0x3f];
|
---|
149 | buf[(j + 1) & 7] ^= sbox[(buf[j] - key[(j + 1) & 3]) & 0x3f];
|
---|
150 | buf[(j + 1) & 7] -= key[j & 3];
|
---|
151 | }
|
---|
152 | }
|
---|
153 |
|
---|
154 | static void gbox_decrypt_stage1(uchar *buf, int l, uchar *key)
|
---|
155 | {
|
---|
156 | int i;
|
---|
157 |
|
---|
158 | for (i = 0; i < 32; i++) {
|
---|
159 | uchar tmp;
|
---|
160 |
|
---|
161 | buf[i + 1 - ((i + 1) & 0xf8)] -= key[i - (i & 0xfc)];
|
---|
162 | buf[i + 1 - ((i + 1) & 0xf8)] ^= sbox[(buf[i - (i & 0xf8)] - key[i + 1 - ((i + 1) & 0xfc)]) & 0x3f];
|
---|
163 | buf[i + 1 - ((i + 1) & 0xf8)] -= sbox[((key[i + 1 - ((i + 1) & 0xfc)] ^ buf[i - (i & 0xf8)]) >> 2) & 0x3f] * 2;
|
---|
164 |
|
---|
165 | tmp = key[0];
|
---|
166 | int j;
|
---|
167 | for (j = 0; j < 3; j++)
|
---|
168 | key[j] = ((key[j + 1] & 0x80) >> 7) + (key[j] * 2);
|
---|
169 | key[3] = ((tmp & 0x80) >> 7) + (key[3] * 2);
|
---|
170 | }
|
---|
171 | }
|
---|
172 |
|
---|
173 | static void gbox_decrypt_stage2(uchar *buf, int l, uchar *key)
|
---|
174 | {
|
---|
175 | int i, j;
|
---|
176 |
|
---|
177 | for (i = 3; i >= 0; i--)
|
---|
178 | for (j = 0; j < 8; j++) {
|
---|
179 | uchar tmp;
|
---|
180 |
|
---|
181 | buf[(j + 1) & 7] += key[j & 3];
|
---|
182 | buf[(j + 1) & 7] ^= sbox[(buf[j] - key[(j + 1) & 3]) & 0x3f];
|
---|
183 | buf[(j + 1) & 7] += sbox[(buf[j] >> 2) & 0x3f];
|
---|
184 |
|
---|
185 | tmp = key[0];
|
---|
186 | int k;
|
---|
187 | for (k = 0; k < 3; k++)
|
---|
188 | key[k] = ((key[k + 1] & 0x80) >> 7) + (key[k] * 2);
|
---|
189 | key[3] = ((tmp & 0x80) >> 7) + (key[3] * 2);
|
---|
190 | }
|
---|
191 | }
|
---|
192 |
|
---|
193 | static void gbox_encrypt(uchar *buf, int l, uchar *key)
|
---|
194 | {
|
---|
195 | int i;
|
---|
196 | uchar tmp_key[4];
|
---|
197 |
|
---|
198 | memcpy(tmp_key, key, 4);
|
---|
199 |
|
---|
200 | gbox_encrypt_stage1(buf, l, tmp_key);
|
---|
201 |
|
---|
202 | for (i = 0; i < l - 2; i++)
|
---|
203 | buf[i] ^= buf[i + 1];
|
---|
204 |
|
---|
205 | gbox_encrypt_stage2(buf, l, tmp_key);
|
---|
206 | gbox_decrypt_stage2(buf + l - 9, 9, tmp_key);
|
---|
207 | }
|
---|
208 |
|
---|
209 | static void gbox_decrypt(uchar *buf, int l, uchar *key)
|
---|
210 | {
|
---|
211 | uchar tmp_key[4];
|
---|
212 |
|
---|
213 | memcpy(tmp_key, key, 4);
|
---|
214 |
|
---|
215 | gbox_encrypt_stage2(buf + l - 9, 9, tmp_key);
|
---|
216 | gbox_decrypt_stage2(buf, l, tmp_key);
|
---|
217 |
|
---|
218 | int i;
|
---|
219 | for (i = l - 2; i >= 0; i--) {
|
---|
220 | buf[i] ^= buf[i + 1];
|
---|
221 | }
|
---|
222 |
|
---|
223 | gbox_decrypt_stage1(buf, l, tmp_key);
|
---|
224 | }
|
---|
225 |
|
---|
226 | static void gbox_compress(struct gbox_data *gbox, uchar *buf, int unpacked_len, int *packed_len)
|
---|
227 | {
|
---|
228 | unsigned char *tmp = malloc(0x40000);
|
---|
229 | unsigned char *tmp2 = malloc(0x40000);
|
---|
230 |
|
---|
231 | unpacked_len -= 12;
|
---|
232 | memcpy(tmp2, buf + 12, unpacked_len);
|
---|
233 |
|
---|
234 | lzo_init();
|
---|
235 |
|
---|
236 | lzo_voidp wrkmem = malloc(unpacked_len * 0x1000);
|
---|
237 | cs_debug_mask(D_READER, "gbox: wrkmem = %p", wrkmem);
|
---|
238 | lzo_uint pl = 0;
|
---|
239 | if (lzo1x_1_compress(tmp2, unpacked_len, tmp, &pl, wrkmem) != LZO_E_OK)
|
---|
240 | cs_log("gbox: compression failed!");
|
---|
241 |
|
---|
242 | memcpy(buf + 12, tmp, pl);
|
---|
243 | pl += 12;
|
---|
244 |
|
---|
245 | free(tmp);
|
---|
246 | free(tmp2);
|
---|
247 | free(wrkmem);
|
---|
248 |
|
---|
249 | *packed_len = pl;
|
---|
250 | }
|
---|
251 |
|
---|
252 | static void gbox_decompress(struct gbox_data *gbox, uchar *buf, int *unpacked_len)
|
---|
253 | {
|
---|
254 | uchar tmp[2048];
|
---|
255 |
|
---|
256 | int len = buf[12] - 13;
|
---|
257 |
|
---|
258 | lzo_init();
|
---|
259 | if (lzo1x_decompress(buf + 12, len, tmp, (lzo_uint *)unpacked_len, NULL) != LZO_E_OK)
|
---|
260 | cs_debug_mask(D_READER, "gbox: decompression failed!");
|
---|
261 |
|
---|
262 | memcpy(buf + 12, tmp, *unpacked_len);
|
---|
263 | *unpacked_len += 12;
|
---|
264 | }
|
---|
265 |
|
---|
266 | /*
|
---|
267 | static void gbox_handle_gsms(ushort peerid, char *gsms)
|
---|
268 | {
|
---|
269 | cs_log("gbox: gsms received from peer %04x: %s", peerid, gsms);
|
---|
270 |
|
---|
271 | if (strnlen(cfg.gbox_gsms_path, sizeof(cfg.gbox_gsms_path))) {
|
---|
272 | FILE *f = fopen(cfg.gbox_gsms_path, "a");
|
---|
273 | if (f) {
|
---|
274 | f//printf(f, "FROM %04X: %s\n", peerid, gsms);
|
---|
275 | fclose(f);
|
---|
276 | }
|
---|
277 | else
|
---|
278 | cs_log("gbox: error writing to file! (path=%s)", cfg.gbox_gsms_path);
|
---|
279 | }
|
---|
280 | }
|
---|
281 | */
|
---|
282 |
|
---|
283 | static void gbox_expire_hello(struct s_client *cli)
|
---|
284 | {
|
---|
285 | //printf("gbox: enter gbox_expire_hello()\n");
|
---|
286 | struct gbox_data *gbox = cli->gbox;
|
---|
287 |
|
---|
288 | sem_t sem;
|
---|
289 | sem_init(&sem, 0 , 1);
|
---|
290 |
|
---|
291 | struct timespec ts;
|
---|
292 | struct timeval tv;
|
---|
293 | gettimeofday(&tv, NULL);
|
---|
294 | ts.tv_sec = tv.tv_sec;
|
---|
295 | ts.tv_nsec = tv.tv_usec * 1000;
|
---|
296 | ts.tv_sec += 30;
|
---|
297 |
|
---|
298 | sem_wait(&sem);
|
---|
299 | if (sem_timedwait(&sem, &ts) == -1) {
|
---|
300 | if (errno == ETIMEDOUT) {
|
---|
301 | //printf("gbox: hello expired!\n");
|
---|
302 | gbox->hello_expired = 0;
|
---|
303 | }
|
---|
304 | }
|
---|
305 |
|
---|
306 | //printf("gbox: exit gbox_expire_hello()\n");
|
---|
307 | }
|
---|
308 |
|
---|
309 | static void gbox_wait_for_response(struct s_client *cli)
|
---|
310 | {
|
---|
311 | //printf("gbox: enter gbox_wait_for_response()\n");
|
---|
312 | //cs_debug_mask(D_READER, "gbox: enter gbox_wait_for_response()");
|
---|
313 | struct gbox_data *gbox = cli->gbox;
|
---|
314 | struct timespec ts;
|
---|
315 | struct timeval tv;
|
---|
316 | gettimeofday(&tv, NULL);
|
---|
317 | ts.tv_sec = tv.tv_sec;
|
---|
318 | ts.tv_nsec = tv.tv_usec * 1000;
|
---|
319 | ts.tv_sec += 5;
|
---|
320 |
|
---|
321 | //sem_wait(&gbox->sem);
|
---|
322 | if (sem_timedwait(&gbox->sem, &ts) == -1) {
|
---|
323 | if (errno == ETIMEDOUT) {
|
---|
324 | gbox->peer.fail_count++;
|
---|
325 | //printf("gbox: sem wait timed-out, fail_count=%d\n", gbox->peer.fail_count);
|
---|
326 | #define GBOX_FAIL_COUNT 1
|
---|
327 | if (gbox->peer.fail_count >= GBOX_FAIL_COUNT) {
|
---|
328 | gbox->peer.online = 0;
|
---|
329 | //printf("gbox: fail_count >= %d, peer is offline\n", GBOX_FAIL_COUNT);
|
---|
330 | }
|
---|
331 | //cs_debug_mask(D_READER, "gbox: sem wait timed-out, fail_count=%d\n", gbox->peer.fail_count);
|
---|
332 | }
|
---|
333 | } else {
|
---|
334 | gbox->peer.fail_count = 0;
|
---|
335 | //printf("gbox: sem posted, peer is online\n");
|
---|
336 | }
|
---|
337 | //cs_debug_mask(D_READER, "gbox: sem posted, peer is online");
|
---|
338 |
|
---|
339 | //cs_debug_mask(D_READER, "gbox: exit gbox_wait_for_response()");
|
---|
340 | //printf("gbox: exit gbox_wait_for_response()\n");
|
---|
341 | }
|
---|
342 |
|
---|
343 | static void gbox_send(struct s_client *cli, uchar *buf, int l)
|
---|
344 | {
|
---|
345 | struct gbox_data *gbox = cli->gbox;
|
---|
346 |
|
---|
347 | cs_ddump_mask(D_READER, buf, l, "gbox: decrypted data sent (%d bytes):", l);
|
---|
348 | cs_ddump_mask(D_READER, gbox->key, 4, "gbox: key before encrypt:");
|
---|
349 |
|
---|
350 | gbox_encrypt(buf, l, gbox->peer.key);
|
---|
351 | sendto(cli->udp_fd, buf, l, 0, (struct sockaddr *)&cli->udp_sa, sizeof(cli->udp_sa));
|
---|
352 |
|
---|
353 | cs_ddump_mask(D_READER, gbox->key, 4, "gbox: key after encrypt:");
|
---|
354 | cs_ddump_mask(D_READER, buf, l, "gbox: encrypted data sent (%d bytes):", l);
|
---|
355 |
|
---|
356 | pthread_t t;
|
---|
357 | pthread_create(&t, NULL, (void *)gbox_wait_for_response, cli);
|
---|
358 | }
|
---|
359 |
|
---|
360 | static void gbox_send_boxinfo(struct s_client *cli)
|
---|
361 | {
|
---|
362 | struct gbox_data *gbox = cli->gbox;
|
---|
363 |
|
---|
364 | int len;
|
---|
365 | uchar buf[4096];
|
---|
366 |
|
---|
367 | int hostname_len = strnlen(cfg.gbox_hostname, sizeof(cfg.gbox_hostname) - 1);
|
---|
368 |
|
---|
369 | buf[0] = 0xA0;
|
---|
370 | buf[1] = 0xA1;
|
---|
371 | memcpy(buf + 2, gbox->peer.key, 4);
|
---|
372 | memcpy(buf + 6, gbox->key, 4);
|
---|
373 | buf[10] = gbox->peer.ver;
|
---|
374 | buf[11] = 0x10;
|
---|
375 | memcpy(buf + 12, cfg.gbox_hostname, hostname_len);
|
---|
376 |
|
---|
377 | len = 12 + hostname_len;
|
---|
378 |
|
---|
379 | gbox_send(cli, buf, len);
|
---|
380 | }
|
---|
381 |
|
---|
382 | static void gbox_send_hello(struct s_client *cli)
|
---|
383 | {
|
---|
384 | struct gbox_data *gbox = cli->gbox;
|
---|
385 |
|
---|
386 | int len;
|
---|
387 | uchar buf[4096];
|
---|
388 |
|
---|
389 | int hostname_len = strnlen(cfg.gbox_hostname, sizeof(cfg.gbox_hostname) - 1);
|
---|
390 |
|
---|
391 | len = 22 + hostname_len;
|
---|
392 |
|
---|
393 | memset(buf, 0, sizeof(buf));
|
---|
394 |
|
---|
395 | gbox_calc_checkcode(gbox);
|
---|
396 |
|
---|
397 | buf[0] = MSG_HELLO >> 8;
|
---|
398 | buf[1] = MSG_HELLO & 0xff;
|
---|
399 | memcpy(buf + 2, gbox->peer.key, 4);
|
---|
400 | memcpy(buf + 6, gbox->key, 4);
|
---|
401 | buf[10] = gbox->peer.hello_count;
|
---|
402 | buf[11] = 0x80; // todo this needs adjusting if local card support is added
|
---|
403 |
|
---|
404 | memcpy(buf + 12, gbox->checkcode, 7);
|
---|
405 | buf[19] = 0x73;
|
---|
406 | buf[20] = 0x10;
|
---|
407 | memcpy(buf + 21, cfg.gbox_hostname, hostname_len);
|
---|
408 | buf[21 + hostname_len] = hostname_len;
|
---|
409 |
|
---|
410 | cs_ddump_mask(D_READER, buf, len, "send hello (len=%d):", len);
|
---|
411 |
|
---|
412 | gbox_compress(gbox, buf, len, &len); // TODO: remove _re
|
---|
413 |
|
---|
414 | cs_ddump_mask(D_READER, buf, len, "send hello, compressed (len=%d):", len);
|
---|
415 |
|
---|
416 | if (++gbox->peer.hello_count == 2) gbox->peer.hello_count = 0;
|
---|
417 |
|
---|
418 | gbox_send(cli, buf, len);
|
---|
419 | }
|
---|
420 |
|
---|
421 | static int gbox_recv(struct s_client *cli, uchar *b, int l)
|
---|
422 | {
|
---|
423 | struct gbox_data *gbox = cli->gbox;
|
---|
424 |
|
---|
425 | if (!gbox)
|
---|
426 | return -1;
|
---|
427 |
|
---|
428 | uchar *data = gbox->buf;
|
---|
429 | int n;
|
---|
430 |
|
---|
431 | sem_post(&gbox->sem);
|
---|
432 | gbox->peer.online = 1;
|
---|
433 |
|
---|
434 | pthread_mutex_lock(&gbox->lock);
|
---|
435 |
|
---|
436 | unsigned int r_addr_len = 0;
|
---|
437 | struct sockaddr_in r_addr;
|
---|
438 | if ((n = recvfrom(cli->udp_fd, data, sizeof(gbox->buf), 0, (struct sockaddr *)&r_addr, &r_addr_len)) < 8) {
|
---|
439 | cs_log("gbox: invalid recvfrom!!!");
|
---|
440 | pthread_mutex_unlock(&gbox->lock);
|
---|
441 | return -1;
|
---|
442 | }
|
---|
443 |
|
---|
444 | cs_ddump_mask(D_READER, data, n, "gbox: encrypted data recvd (%d bytes):", n);
|
---|
445 | cs_ddump_mask(D_READER, gbox->key, 4, "gbox: key before decrypt:");
|
---|
446 |
|
---|
447 | gbox_decrypt(data, n, gbox->key);
|
---|
448 |
|
---|
449 | cs_ddump_mask(D_READER, gbox->key, 4, "gbox: key after decrypt:");
|
---|
450 | cs_ddump_mask(D_READER, data, n, "gbox: decrypted data recvd (%d bytes):", n);
|
---|
451 |
|
---|
452 | memcpy(b, data, l);
|
---|
453 |
|
---|
454 | if (!memcmp(data + 2, gbox->key, 4)) {
|
---|
455 | if (memcmp(data + 6, gbox->peer.key, 4) && gbox_decode_cmd(data) != MSG_CW) {
|
---|
456 | cs_log("gbox: INTRUDER ALERT (peer key)!");
|
---|
457 |
|
---|
458 | cs_add_violation((uint)cli->ip);
|
---|
459 |
|
---|
460 | pthread_mutex_unlock(&gbox->lock);
|
---|
461 | return -1;
|
---|
462 | }
|
---|
463 | } else {
|
---|
464 | cs_log("gbox: INTRUDER ALERT!");
|
---|
465 |
|
---|
466 | cs_add_violation((uint)cli->ip);
|
---|
467 |
|
---|
468 | pthread_mutex_unlock(&gbox->lock);
|
---|
469 | return -1;
|
---|
470 | }
|
---|
471 |
|
---|
472 | switch (gbox_decode_cmd(data)) {
|
---|
473 | case MSG_HELLO:
|
---|
474 | {
|
---|
475 | static int exp_seq = 0;
|
---|
476 |
|
---|
477 | int ip_clien_gbox = cs_inet_addr(cli->reader->device);
|
---|
478 | cli->ip = ip_clien_gbox;
|
---|
479 | gbox->peer.online = 1;
|
---|
480 |
|
---|
481 | int payload_len = n;
|
---|
482 |
|
---|
483 | gbox_decompress(gbox, data, &payload_len);
|
---|
484 | cs_ddump_mask(D_READER, data, payload_len, "gbox: decompressed data (%d bytes):", payload_len);
|
---|
485 |
|
---|
486 | int seqno = data[11] & 0x7f;
|
---|
487 | int final = data[11] & 0x80;
|
---|
488 |
|
---|
489 | int ncards_in_msg = 0;
|
---|
490 |
|
---|
491 | if (seqno != exp_seq) return -1;
|
---|
492 |
|
---|
493 | if (seqno == 0) {
|
---|
494 | exp_seq++;
|
---|
495 |
|
---|
496 | if (gbox->peer.cards) ll_destroy_data(gbox->peer.cards);
|
---|
497 | gbox->peer.cards = ll_create();
|
---|
498 |
|
---|
499 | int checkcode_len = 7;
|
---|
500 | int hostname_len = data[payload_len - 1];
|
---|
501 | int footer_len = hostname_len + 2;
|
---|
502 |
|
---|
503 | // add cards to card list
|
---|
504 | uchar *ptr = data + 12;
|
---|
505 | while (ptr < data + payload_len - footer_len - checkcode_len - 1) {
|
---|
506 | uint32 provid = ptr[0] << 24 | ptr[1] << 16 | ptr[2] << 8 | ptr[3];
|
---|
507 | int ncards = ptr[4];
|
---|
508 |
|
---|
509 | ptr += 5;
|
---|
510 |
|
---|
511 | int i;
|
---|
512 | for (i = 0; i < ncards; i++) {
|
---|
513 | struct gbox_card *card = malloc(sizeof(struct gbox_card));
|
---|
514 |
|
---|
515 | card->provid = provid;
|
---|
516 | card->slot = ptr[0];
|
---|
517 | card->dist = ptr[1] & 0xf;
|
---|
518 | card->lvl = ptr[1] >> 4;
|
---|
519 | card->peer_id = ptr[2] << 8 | ptr[3];
|
---|
520 |
|
---|
521 | ptr += 4;
|
---|
522 |
|
---|
523 | ll_append(gbox->peer.cards, card);
|
---|
524 |
|
---|
525 | ncards_in_msg++;
|
---|
526 |
|
---|
527 | cs_debug_mask(D_READER, " card: provid=%08x, slot=%d, level=%d, dist=%d, peer=%04x", card->provid, card->slot, card->lvl, card->dist, card->peer_id);
|
---|
528 |
|
---|
529 | cli->reader->tcp_connected = 2; //we have card
|
---|
530 | cli->reader->card_status = CARD_INSERTED;
|
---|
531 | }
|
---|
532 | }
|
---|
533 |
|
---|
534 | NULLFREE(gbox->peer.hostname);
|
---|
535 | gbox->peer.hostname = malloc(hostname_len + 1);
|
---|
536 | memcpy(gbox->peer.hostname, data + payload_len - 1 - hostname_len, hostname_len);
|
---|
537 | gbox->peer.hostname[hostname_len] = '\0';
|
---|
538 |
|
---|
539 | memcpy(gbox->peer.checkcode, data + payload_len - footer_len - checkcode_len - 1, checkcode_len);
|
---|
540 | gbox->peer.ver = data[payload_len - footer_len - 1];
|
---|
541 | gbox->peer.type = data[payload_len - footer_len];
|
---|
542 | } else {
|
---|
543 | // add cards to card list
|
---|
544 | uchar *ptr = data + 12;
|
---|
545 | while (ptr < data + payload_len - 1) {
|
---|
546 | uint32 provid = ptr[0] << 24 | ptr[1] << 16 | ptr[2] << 8 | ptr[3];
|
---|
547 | int ncards = ptr[4];
|
---|
548 |
|
---|
549 | ptr += 5;
|
---|
550 |
|
---|
551 | int i;
|
---|
552 | for (i = 0; i < ncards; i++) {
|
---|
553 | struct gbox_card *card = malloc(sizeof(struct gbox_card));
|
---|
554 |
|
---|
555 | card->provid = provid;
|
---|
556 | card->slot = ptr[0];
|
---|
557 | card->dist = ptr[1] & 0xf;
|
---|
558 | card->lvl = ptr[1] >> 4;
|
---|
559 | card->peer_id = ptr[2] << 8 | ptr[3];
|
---|
560 |
|
---|
561 | ptr += 4;
|
---|
562 |
|
---|
563 | ll_append(gbox->peer.cards, card);
|
---|
564 |
|
---|
565 | ncards_in_msg++;
|
---|
566 |
|
---|
567 | cs_debug_mask(D_READER, " card: provid=%08x, slot=%d, level=%d, dist=%d, peer=%04x", card->provid, card->slot, card->lvl, card->dist, card->peer_id);
|
---|
568 | }
|
---|
569 | }
|
---|
570 | }
|
---|
571 |
|
---|
572 | if (final) exp_seq = 0;
|
---|
573 | // write_sahre_info() // TODO
|
---|
574 |
|
---|
575 | cs_log("gbox: received hello %d%s, %d providers from %s, version=2.%02X, checkcode=%s",
|
---|
576 | seqno, final ? " (final)" : "", ncards_in_msg, gbox->peer.hostname, gbox->peer.ver, cs_hexdump(0, gbox->peer.checkcode, 7));
|
---|
577 |
|
---|
578 | if (!ll_count(gbox->peer.cards))
|
---|
579 | cli->reader->tcp_connected = 1;
|
---|
580 |
|
---|
581 | if (final) {
|
---|
582 | if (gbox->hello_expired) {
|
---|
583 | gbox->hello_expired = 0;
|
---|
584 | gbox_send_hello(cli);
|
---|
585 |
|
---|
586 | pthread_t t;
|
---|
587 | pthread_create(&t, NULL, (void *)gbox_expire_hello, cli);
|
---|
588 | }
|
---|
589 | gbox_send_boxinfo(cli);
|
---|
590 | }
|
---|
591 | }
|
---|
592 | break;
|
---|
593 | case MSG_CW:
|
---|
594 | memcpy(gbox->cws, data + 14, 16);
|
---|
595 |
|
---|
596 | cs_debug_mask(D_READER, "gbox: received cws=%s, peer=%04x, ecm_pid=%d, sid=%d",
|
---|
597 | data[10] << 8 | data[11], data[6] << 8 | data[7], data[8] << 8 | data[9], cs_hexdump(0, gbox->cws, 16));
|
---|
598 | break;
|
---|
599 | case MSG_CHECKCODE:
|
---|
600 | memcpy(gbox->peer.checkcode, data + 10, 7);
|
---|
601 | cs_debug_mask(D_READER, "gbox: received checkcode=%s", cs_hexdump(0, gbox->peer.checkcode, 7));
|
---|
602 | break;
|
---|
603 | /*case MSG_GSMS:
|
---|
604 | //gbox_handle_gsms(peerid, gsms);
|
---|
605 | break;
|
---|
606 | */
|
---|
607 | case MSG_ECM: //TODO:
|
---|
608 | break;
|
---|
609 | default:
|
---|
610 | cs_ddump_mask(D_READER, data, n, "gbox: unknown data received (%d bytes):", n);
|
---|
611 | }
|
---|
612 | pthread_mutex_unlock(&gbox->lock);
|
---|
613 |
|
---|
614 | return 0;
|
---|
615 | }
|
---|
616 |
|
---|
617 | static void gbox_send_dcw(struct s_client *cli, ECM_REQUEST *er)
|
---|
618 | {
|
---|
619 | // TODO
|
---|
620 | }
|
---|
621 |
|
---|
622 | static int gbox_client_init(struct s_client *cli)
|
---|
623 | {
|
---|
624 | if (!strnlen(cfg.gbox_hostname, sizeof(cfg.gbox_hostname) - 1)) {
|
---|
625 | cs_log("gbox: error, no hostname configured in oscam.conf!");
|
---|
626 | return -1;
|
---|
627 | }
|
---|
628 |
|
---|
629 | if (strnlen(cfg.gbox_key, sizeof(cfg.gbox_key) - 1) != 8) {
|
---|
630 | cs_log("gbox: error, no/invalid password configured in oscam.conf!");
|
---|
631 | return -1;
|
---|
632 | }
|
---|
633 |
|
---|
634 | if (cfg.gbox_port < 1) {
|
---|
635 | cs_log("gbox: no/invalid port configured in oscam.conf!");
|
---|
636 | return -1;
|
---|
637 | }
|
---|
638 |
|
---|
639 | cli->gbox = malloc(sizeof(struct gbox_data));
|
---|
640 |
|
---|
641 | struct gbox_data *gbox = cli->gbox;
|
---|
642 | struct s_reader *rdr = cli->reader;
|
---|
643 |
|
---|
644 | sem_init(&gbox->sem, 0 , 1);
|
---|
645 |
|
---|
646 | rdr->card_status = CARD_FAILURE;
|
---|
647 | rdr->tcp_connected = 0;
|
---|
648 |
|
---|
649 | memset(gbox, 0, sizeof(struct gbox_data));
|
---|
650 | memset(&gbox->peer, 0, sizeof(struct gbox_peer));
|
---|
651 |
|
---|
652 | ulong r_pwd = a2i(rdr->r_pwd, 4);
|
---|
653 | ulong key = a2i(cfg.gbox_key, 4);
|
---|
654 | int i;
|
---|
655 | for (i = 3; i >= 0; i--) {
|
---|
656 | gbox->peer.key[3 - i] = (r_pwd >> (8 * i)) & 0xff;
|
---|
657 | gbox->key[3 - i] = (key >> (8 * i)) & 0xff;
|
---|
658 | }
|
---|
659 |
|
---|
660 | cs_ddump_mask(D_READER, gbox->peer.key, 4, "r_pwd: %s:", rdr->r_pwd);
|
---|
661 | cs_ddump_mask(D_READER, gbox->key, 4, "cfg.gbox_key: %s:", cfg.gbox_key);
|
---|
662 |
|
---|
663 | gbox->peer.id = (gbox->peer.key[0] ^ gbox->peer.key[2]) << 8 | (gbox->peer.key[1] ^ gbox->peer.key[3]);
|
---|
664 | gbox->id = (gbox->key[0] ^ gbox->key[2]) << 8 | (gbox->key[1] ^ gbox->key[3]);
|
---|
665 | gbox->ver = 0x30;
|
---|
666 | gbox->type = 0x32;
|
---|
667 |
|
---|
668 | struct sockaddr_in loc_sa;
|
---|
669 | struct protoent *ptrp;
|
---|
670 | int p_proto;
|
---|
671 |
|
---|
672 | cli->pfd=0;
|
---|
673 |
|
---|
674 | cli->is_udp = 1;
|
---|
675 |
|
---|
676 | if ((ptrp=getprotobyname("udp")))
|
---|
677 | p_proto=ptrp->p_proto;
|
---|
678 | else
|
---|
679 | p_proto=(cli->is_udp) ? 17 : 6;
|
---|
680 |
|
---|
681 | cli->ip=0;
|
---|
682 | memset((char *)&loc_sa,0,sizeof(loc_sa));
|
---|
683 | loc_sa.sin_family = AF_INET;
|
---|
684 | loc_sa.sin_addr.s_addr = INADDR_ANY;
|
---|
685 | loc_sa.sin_port = htons(cfg.gbox_port);
|
---|
686 |
|
---|
687 | if ((cli->udp_fd=socket(PF_INET, SOCK_DGRAM, p_proto))<0)
|
---|
688 | {
|
---|
689 | cs_log("socket creation failed (errno=%d)", errno);
|
---|
690 | cs_exit(1);
|
---|
691 | }
|
---|
692 |
|
---|
693 | int opt = 1;
|
---|
694 | setsockopt(cli->udp_fd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof (opt));
|
---|
695 |
|
---|
696 | #ifdef SO_PRIORITY
|
---|
697 | if (cfg.netprio)
|
---|
698 | setsockopt(cli->udp_fd, SOL_SOCKET, SO_PRIORITY, (void *)&cfg.netprio, sizeof(ulong));
|
---|
699 | #endif
|
---|
700 |
|
---|
701 | if (cfg.gbox_port>0)
|
---|
702 | {
|
---|
703 | if (bind(cli->udp_fd, (struct sockaddr *)&loc_sa, sizeof (loc_sa))<0)
|
---|
704 | {
|
---|
705 | cs_log("bind failed (port=%d, errno=%d)", rdr->l_port, errno);
|
---|
706 | close(cli->udp_fd);
|
---|
707 | return 1;
|
---|
708 | }
|
---|
709 | }
|
---|
710 |
|
---|
711 | memset((char *)&cli->udp_sa, 0, sizeof(cli->udp_sa));
|
---|
712 |
|
---|
713 | struct hostent *hp;
|
---|
714 | hp = gethostbyname(rdr->device);
|
---|
715 | memcpy((char *)&cli->udp_sa.sin_addr, (char *)hp->h_addr, hp->h_length);
|
---|
716 |
|
---|
717 | cli->udp_sa.sin_family=AF_INET;
|
---|
718 | cli->udp_sa.sin_port=htons((u_short)rdr->r_port);
|
---|
719 |
|
---|
720 | cs_log("proxy %s:%d (fd=%d, peer id=%04x, my id=%04x, my hostname=%s, listen port=%d)",
|
---|
721 | rdr->device, rdr->r_port, cli->udp_fd, gbox->peer.id, gbox->id, cfg.gbox_hostname, cfg.gbox_port);
|
---|
722 |
|
---|
723 | cli->pfd=cli->udp_fd;
|
---|
724 |
|
---|
725 | pthread_mutex_init(&gbox->lock, NULL);
|
---|
726 |
|
---|
727 | gbox->hello_expired = 1;
|
---|
728 |
|
---|
729 | gbox_send_hello(cli);
|
---|
730 |
|
---|
731 | return 0;
|
---|
732 | }
|
---|
733 |
|
---|
734 | static int gbox_recv_chk(struct s_client *cli, uchar *dcw, int *rc, uchar *buf, int UNUSED(n))
|
---|
735 | {
|
---|
736 | struct gbox_data *gbox = cli->gbox;
|
---|
737 |
|
---|
738 | if (gbox_decode_cmd(buf) == MSG_CW) {
|
---|
739 | *rc = 1;
|
---|
740 |
|
---|
741 | memcpy(dcw, gbox->cws, 16);
|
---|
742 |
|
---|
743 | return gbox->ecm_idx;
|
---|
744 | }
|
---|
745 |
|
---|
746 | return -1;
|
---|
747 | }
|
---|
748 |
|
---|
749 | static int gbox_send_ecm(struct s_client *cli, ECM_REQUEST *er, uchar *buf)
|
---|
750 | {
|
---|
751 | struct gbox_data *gbox = cli->gbox;
|
---|
752 |
|
---|
753 | if (!gbox || !cli->reader->tcp_connected) {
|
---|
754 | er->rc = E_RDR_NOTFOUND;
|
---|
755 | er->rcEx = 0x27;
|
---|
756 | cs_debug_mask(D_READER, "gbox: %s server not init!", cli->reader->label);
|
---|
757 | write_ecm_answer(cli->reader, er);
|
---|
758 |
|
---|
759 | return 0;
|
---|
760 | }
|
---|
761 |
|
---|
762 | if (!ll_count(gbox->peer.cards)) {
|
---|
763 | er->rc = E_RDR_NOTFOUND;
|
---|
764 | er->rcEx = 0x27;
|
---|
765 | cs_debug_mask(D_READER, "gbox: %s NO CARDS!", cli->reader->label);
|
---|
766 | write_ecm_answer(cli->reader, er);
|
---|
767 | return 0;
|
---|
768 | }
|
---|
769 |
|
---|
770 | if (!gbox->peer.online) {
|
---|
771 | er->rc = E_RDR_NOTFOUND;
|
---|
772 | er->rcEx = 0x27;
|
---|
773 | cs_debug_mask(D_READER, "gbox: peer is OFFLINE!");
|
---|
774 | write_ecm_answer(cli->reader, er);
|
---|
775 | return 0;
|
---|
776 | }
|
---|
777 |
|
---|
778 | uchar send_buf[0x2048], *ptr;
|
---|
779 |
|
---|
780 | if (!er->l) return -1;
|
---|
781 |
|
---|
782 | gbox->ecm_idx = er->idx;
|
---|
783 |
|
---|
784 | memset(send_buf, 0, sizeof(send_buf));
|
---|
785 |
|
---|
786 | send_buf[0] = MSG_ECM >> 8;
|
---|
787 | send_buf[1] = MSG_ECM & 0xff;
|
---|
788 | memcpy(send_buf + 2, gbox->peer.key, 4);
|
---|
789 | memcpy(send_buf + 6, gbox->key, 4);
|
---|
790 | send_buf[10] = er->pid >> 8;
|
---|
791 | send_buf[11] = er->pid;
|
---|
792 | send_buf[12] = er->srvid >> 8;
|
---|
793 | send_buf[13] = er->srvid;
|
---|
794 | /* send_buf[14] = er->prid >> 16;
|
---|
795 | send_buf[15] = er->prid >> 8;
|
---|
796 | send_buf[17] = er->prid;*/
|
---|
797 | memcpy(send_buf + 18, er->ecm, er->l);
|
---|
798 | ptr = send_buf + 18 + er->l;
|
---|
799 | *(ptr) = gbox->id >> 8;
|
---|
800 | *(++ptr) = gbox->id;
|
---|
801 | *(++ptr) = gbox->ver;
|
---|
802 | ptr++;
|
---|
803 | *(++ptr) = gbox->type;
|
---|
804 | *(++ptr) = er->caid >> 8;
|
---|
805 | *(++ptr) = er->prid >> 16;
|
---|
806 | *(++ptr) = er->prid >> 8;
|
---|
807 | *(++ptr) = er->prid;
|
---|
808 | ptr++;
|
---|
809 |
|
---|
810 | LL_ITER *it = ll_iter_create(gbox->peer.cards);
|
---|
811 | struct gbox_card *card;
|
---|
812 | while ((card = ll_iter_next(it))) {
|
---|
813 | //if (card->caid == er->caid && card->provid == er->prid) {
|
---|
814 | if (card->provid >> 24 == er->caid >> 8 && (card->provid & 0xffffff) == er->prid) {
|
---|
815 | *(++ptr) = card->peer_id >> 8;
|
---|
816 | *(++ptr) = card->peer_id;
|
---|
817 | *(++ptr) = card->slot;
|
---|
818 | send_buf[16]++;
|
---|
819 | }
|
---|
820 | }
|
---|
821 | ll_iter_release(it);
|
---|
822 |
|
---|
823 | if (!send_buf[16]) {
|
---|
824 | er->rc = E_RDR_NOTFOUND;
|
---|
825 | er->rcEx = 0x27;
|
---|
826 | cs_debug_mask(D_READER, "gbox: %s no suitable card found, discarding ecm", cli->reader->label);
|
---|
827 | write_ecm_answer(cli->reader, er);
|
---|
828 |
|
---|
829 | return 0;
|
---|
830 | }
|
---|
831 |
|
---|
832 | memcpy(++ptr, gbox->checkcode, 7);
|
---|
833 | ptr += 7;
|
---|
834 | memcpy(ptr, gbox->peer.checkcode, 7);
|
---|
835 |
|
---|
836 | gbox_send(cli, send_buf, ptr + 7 - send_buf);
|
---|
837 |
|
---|
838 | return 0;
|
---|
839 | }
|
---|
840 |
|
---|
841 | static int gbox_send_emm(EMM_PACKET *ep)
|
---|
842 | {
|
---|
843 | // emms not yet supported
|
---|
844 |
|
---|
845 | return 0;
|
---|
846 | }
|
---|
847 |
|
---|
848 | void module_gbox(struct s_module *ph)
|
---|
849 | {
|
---|
850 | cs_strncpy(ph->desc, "gbox", sizeof(ph->desc));
|
---|
851 | ph->num=R_GBOX;
|
---|
852 | ph->type=MOD_CONN_UDP;
|
---|
853 | ph->logtxt = ", crypted";
|
---|
854 |
|
---|
855 | ph->multi=1;
|
---|
856 | ph->watchdog=1;
|
---|
857 | ph->send_dcw=gbox_send_dcw;
|
---|
858 |
|
---|
859 | ph->recv=gbox_recv;
|
---|
860 | ph->c_multi=1;
|
---|
861 | ph->c_init=gbox_client_init;
|
---|
862 | ph->c_recv_chk=gbox_recv_chk;
|
---|
863 | ph->c_send_ecm=gbox_send_ecm;
|
---|
864 | ph->c_send_emm=gbox_send_emm;
|
---|
865 | }
|
---|
866 | #endif
|
---|
867 |
|
---|