[491] | 1 | #include "globals.h"
|
---|
| 2 | #include "reader-common.h"
|
---|
| 3 |
|
---|
| 4 | #define OK_RESPONSE 0x61
|
---|
| 5 | #define CMD_BYTE 0x59
|
---|
| 6 |
|
---|
[3122] | 7 | static uchar xor (const uchar * cmd, int cmdlen)
|
---|
[491] | 8 | {
|
---|
| 9 | int i;
|
---|
| 10 | uchar checksum = 0x00;
|
---|
| 11 | for (i = 0; i < cmdlen; i++)
|
---|
| 12 | checksum ^= cmd[i];
|
---|
| 13 | return checksum;
|
---|
| 14 | }
|
---|
| 15 |
|
---|
[3122] | 16 | static int dre_command (struct s_reader * reader, const uchar * cmd, int cmdlen, unsigned char * cta_res, unsigned short * p_cta_lr) //attention: inputcommand will be changed!!!! answer will be in cta_res, length cta_lr ; returning 1 = no error, return ERROR = err
|
---|
[491] | 17 | {
|
---|
[3122] | 18 | uchar startcmd[] = { 0x80, 0xFF, 0x10, 0x01, 0x05 }; //any command starts with this,
|
---|
[491] | 19 | //last byte is nr of bytes of the command that will be sent
|
---|
| 20 | //after the startcmd
|
---|
| 21 | //response on startcmd+cmd: = { 0x61, 0x05 } //0x61 = "OK", last byte is nr. of bytes card will send
|
---|
[3122] | 22 | uchar reqans[] = { 0x00, 0xC0, 0x00, 0x00, 0x08 }; //after command answer has to be requested,
|
---|
[491] | 23 | //last byte must be nr. of bytes that card has reported to send
|
---|
| 24 | uchar command[256];
|
---|
| 25 | int headerlen = sizeof (startcmd);
|
---|
| 26 | startcmd[4] = cmdlen + 3; //commandlength + type + len + checksum bytes
|
---|
| 27 | memcpy (command, startcmd, headerlen);
|
---|
| 28 | command[headerlen++] = CMD_BYTE; //type
|
---|
| 29 | command[headerlen++] = cmdlen + 1; //len = command + 1 checksum byte
|
---|
| 30 | memcpy (command + headerlen, cmd, cmdlen);
|
---|
| 31 |
|
---|
| 32 | uchar checksum = ~xor (cmd, cmdlen);
|
---|
[4141] | 33 | //cs_debug_mask(D_READER, "[dre-reader] Checksum: %02x", checksum);
|
---|
[491] | 34 | cmdlen += headerlen;
|
---|
| 35 | command[cmdlen++] = checksum;
|
---|
| 36 |
|
---|
[1951] | 37 | reader_cmd2icc (reader, command, cmdlen, cta_res, p_cta_lr);
|
---|
[491] | 38 |
|
---|
[1951] | 39 | if ((*p_cta_lr != 2) || (cta_res[0] != OK_RESPONSE)) {
|
---|
| 40 | cs_log ("[dre-reader] unexpected answer from card: %s", cs_hexdump (0, cta_res, *p_cta_lr));
|
---|
[1389] | 41 | return ERROR; //error
|
---|
[491] | 42 | }
|
---|
| 43 |
|
---|
| 44 | reqans[4] = cta_res[1]; //adapt length byte
|
---|
[1951] | 45 | reader_cmd2icc (reader, reqans, 5, cta_res, p_cta_lr);
|
---|
[491] | 46 |
|
---|
| 47 | if (cta_res[0] != CMD_BYTE) {
|
---|
[1399] | 48 | cs_log ("[dre-reader] unknown response: cta_res[0] expected to be %02x, is %02x", CMD_BYTE, cta_res[0]);
|
---|
[1389] | 49 | return ERROR;
|
---|
[491] | 50 | }
|
---|
| 51 | if ((cta_res[1] == 0x03) && (cta_res[2] == 0xe2)) {
|
---|
| 52 | switch (cta_res[3]) {
|
---|
| 53 | case 0xe1:
|
---|
[1951] | 54 | cs_log ("[dre-reader] checksum error: %s.", cs_hexdump (0, cta_res, *p_cta_lr));
|
---|
[491] | 55 | break;
|
---|
| 56 | case 0xe2:
|
---|
[1951] | 57 | cs_log ("[dre-reader] wrong provider: %s.", cs_hexdump (0, cta_res, *p_cta_lr));
|
---|
[491] | 58 | break;
|
---|
[936] | 59 | case 0xe3:
|
---|
[1951] | 60 | cs_log ("[dre-reader] illegal command: %s.", cs_hexdump (0, cta_res, *p_cta_lr));
|
---|
[936] | 61 | break;
|
---|
[491] | 62 | case 0xec:
|
---|
[1951] | 63 | cs_log ("[dre-reader] wrong signature: %s.", cs_hexdump (0, cta_res, *p_cta_lr));
|
---|
[491] | 64 | break;
|
---|
| 65 | default:
|
---|
[4141] | 66 | cs_debug_mask(D_READER, "[dre-reader] unknown error: %s.", cs_hexdump (0, cta_res, *p_cta_lr));
|
---|
[491] | 67 | break;
|
---|
| 68 | }
|
---|
[1389] | 69 | return ERROR; //error
|
---|
[491] | 70 | }
|
---|
[1951] | 71 | int length_excl_leader = *p_cta_lr;
|
---|
| 72 | if ((cta_res[*p_cta_lr - 2] == 0x90) && (cta_res[*p_cta_lr - 1] == 0x00))
|
---|
[491] | 73 | length_excl_leader -= 2;
|
---|
| 74 |
|
---|
| 75 | checksum = ~xor (cta_res + 2, length_excl_leader - 3);
|
---|
| 76 |
|
---|
| 77 | if (cta_res[length_excl_leader - 1] != checksum) {
|
---|
[1399] | 78 | cs_log ("[dre-reader] checksum does not match, expected %02x received %02x:%s", checksum,
|
---|
[1951] | 79 | cta_res[length_excl_leader - 1], cs_hexdump (0, cta_res, *p_cta_lr));
|
---|
[1389] | 80 | return ERROR; //error
|
---|
[491] | 81 | }
|
---|
[1389] | 82 | return OK;
|
---|
[491] | 83 | }
|
---|
| 84 |
|
---|
[1084] | 85 | #define dre_cmd(cmd) \
|
---|
| 86 | { \
|
---|
[1951] | 87 | dre_command(reader, cmd, sizeof(cmd),cta_res,&cta_lr); \
|
---|
[1084] | 88 | }
|
---|
| 89 |
|
---|
[1926] | 90 | static int dre_set_provider_info (struct s_reader * reader)
|
---|
[1084] | 91 | {
|
---|
[1951] | 92 | def_resp;
|
---|
[1084] | 93 | int i;
|
---|
[3122] | 94 | uchar cmd59[] = { 0x59, 0x14 }; // subscriptions
|
---|
| 95 | uchar cmd5b[] = { 0x5b, 0x00, 0x14 }; //validity dates
|
---|
[1084] | 96 |
|
---|
[1951] | 97 | cmd59[1] = reader->provider;
|
---|
[1084] | 98 | if ((dre_cmd (cmd59))) { //ask subscription packages, returns error on 0x11 card
|
---|
| 99 | uchar pbm[32];
|
---|
| 100 | memcpy (pbm, cta_res + 3, cta_lr - 6);
|
---|
[4141] | 101 | cs_debug_mask(D_READER, "[dre-reader] pbm: %s", cs_hexdump (0, pbm, 32));
|
---|
[1084] | 102 |
|
---|
| 103 | if (pbm[0] == 0xff)
|
---|
[1926] | 104 | cs_ri_log (reader, "[dre-reader] no active packages");
|
---|
[1084] | 105 | else
|
---|
| 106 | for (i = 0; i < 32; i++)
|
---|
| 107 | if (pbm[i] != 0xff) {
|
---|
| 108 | cmd5b[1] = i;
|
---|
[1951] | 109 | cmd5b[2] = reader->provider;
|
---|
[1084] | 110 | dre_cmd (cmd5b); //ask for validity dates
|
---|
| 111 |
|
---|
| 112 | time_t start;
|
---|
| 113 | time_t end;
|
---|
| 114 | start = (cta_res[3] << 24) | (cta_res[4] << 16) | (cta_res[5] << 8) | cta_res[6];
|
---|
| 115 | end = (cta_res[7] << 24) | (cta_res[8] << 16) | (cta_res[9] << 8) | cta_res[10];
|
---|
| 116 |
|
---|
[4356] | 117 | struct tm temp;
|
---|
[1084] | 118 |
|
---|
[4356] | 119 | localtime_r (&start, &temp);
|
---|
| 120 | int startyear = temp.tm_year + 1900;
|
---|
| 121 | int startmonth = temp.tm_mon + 1;
|
---|
| 122 | int startday = temp.tm_mday;
|
---|
| 123 | localtime_r (&end, &temp);
|
---|
| 124 | int endyear = temp.tm_year + 1900;
|
---|
| 125 | int endmonth = temp.tm_mon + 1;
|
---|
| 126 | int endday = temp.tm_mday;
|
---|
[1926] | 127 | cs_ri_log (reader, "[dre-reader] active package %i valid from %04i/%02i/%02i to %04i/%02i/%02i", i, startyear, startmonth, startday,
|
---|
[1084] | 128 | endyear, endmonth, endday);
|
---|
| 129 | }
|
---|
| 130 | }
|
---|
[1389] | 131 | return OK;
|
---|
[1084] | 132 | }
|
---|
| 133 |
|
---|
[3349] | 134 | static int dre_card_init (struct s_reader * reader, ATR newatr)
|
---|
[491] | 135 | {
|
---|
[1389] | 136 | get_atr;
|
---|
[1951] | 137 | def_resp;
|
---|
[3122] | 138 | uchar ua[] = { 0x43, 0x15 }; // get serial number (UA)
|
---|
| 139 | uchar providers[] = { 0x49, 0x15 }; // get providers
|
---|
[491] | 140 | int i;
|
---|
[1389] | 141 | char *card;
|
---|
[491] | 142 |
|
---|
| 143 | if ((atr[0] != 0x3b) || (atr[1] != 0x15) || (atr[2] != 0x11) || (atr[3] != 0x12 || atr[4] != 0xca || atr[5] != 0x07))
|
---|
[1389] | 144 | return ERROR;
|
---|
[491] | 145 |
|
---|
[1951] | 146 | reader->provider = atr[6];
|
---|
[491] | 147 | uchar checksum = xor (atr + 1, 6);
|
---|
| 148 |
|
---|
| 149 | if (checksum != atr[7])
|
---|
[1399] | 150 | cs_log ("[dre-reader] warning: expected ATR checksum %02x, smartcard reports %02x", checksum, atr[7]);
|
---|
[491] | 151 |
|
---|
| 152 | switch (atr[6]) {
|
---|
| 153 | case 0x11:
|
---|
| 154 | card = "Tricolor Centr";
|
---|
[4582] | 155 | reader->caid = 0x4ae1;
|
---|
[491] | 156 | break; //59 type card = MSP (74 type = ATMEL)
|
---|
| 157 | case 0x12:
|
---|
| 158 | card = "Cable TV";
|
---|
[4582] | 159 | reader->caid = 0x4ae1; //TODO not sure about this one
|
---|
[491] | 160 | break;
|
---|
| 161 | case 0x14:
|
---|
| 162 | card = "Tricolor Syberia / Platforma HD new";
|
---|
[4582] | 163 | reader->caid = 0x4ae1;
|
---|
[491] | 164 | break; //59 type card
|
---|
| 165 | case 0x15:
|
---|
| 166 | card = "Platforma HD / DW old";
|
---|
[4582] | 167 | reader->caid = 0x4ae1;
|
---|
[491] | 168 | break; //59 type card
|
---|
| 169 | default:
|
---|
| 170 | card = "Unknown";
|
---|
[4582] | 171 | reader->caid = 0x4ae1;
|
---|
[491] | 172 | break;
|
---|
| 173 | }
|
---|
| 174 |
|
---|
[1926] | 175 | memset (reader->prid, 0x00, 8);
|
---|
[491] | 176 |
|
---|
[3122] | 177 | static const uchar cmd30[] =
|
---|
[491] | 178 | { 0x30, 0x81, 0x00, 0x81, 0x82, 0x03, 0x84, 0x05, 0x06, 0x87, 0x08, 0x09, 0x00, 0x81, 0x82, 0x03, 0x84, 0x05,
|
---|
| 179 | 0x00
|
---|
| 180 | };
|
---|
| 181 | dre_cmd (cmd30); //unknown command, generates error on card 0x11 and 0x14
|
---|
| 182 | /*
|
---|
| 183 | response:
|
---|
| 184 | 59 03 E2 E3
|
---|
| 185 | FE 48 */
|
---|
| 186 |
|
---|
[3122] | 187 | uchar cmd54[] = { 0x54, 0x14 }; // geocode
|
---|
[1951] | 188 | cmd54[1] = reader->provider;
|
---|
[491] | 189 | uchar geocode = 0;
|
---|
| 190 | if ((dre_cmd (cmd54))) //error would not be fatal, like on 0x11 cards
|
---|
| 191 | geocode = cta_res[3];
|
---|
| 192 |
|
---|
[1951] | 193 | providers[1] = reader->provider;
|
---|
[491] | 194 | if (!(dre_cmd (providers)))
|
---|
[1389] | 195 | return ERROR; //fatal error
|
---|
[491] | 196 | if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
[1389] | 197 | return ERROR;
|
---|
[491] | 198 | uchar provname[128];
|
---|
| 199 | for (i = 0; ((i < cta_res[2] - 6) && (i < 128)); i++) {
|
---|
| 200 | provname[i] = cta_res[6 + i];
|
---|
| 201 | if (provname[i] == 0x00)
|
---|
| 202 | break;
|
---|
| 203 | }
|
---|
| 204 | int major_version = cta_res[3];
|
---|
| 205 | int minor_version = cta_res[4];
|
---|
| 206 |
|
---|
[1951] | 207 | ua[1] = reader->provider;
|
---|
[491] | 208 | dre_cmd (ua); //error would not be fatal
|
---|
| 209 |
|
---|
[497] | 210 | int hexlength = cta_res[1] - 2; //discard first and last byte, last byte is always checksum, first is answer code
|
---|
[491] | 211 |
|
---|
[1926] | 212 | reader->hexserial[0] = 0;
|
---|
| 213 | reader->hexserial[1] = 0;
|
---|
| 214 | memcpy (reader->hexserial + 2, cta_res + 3, hexlength);
|
---|
[491] | 215 |
|
---|
| 216 | int low_dre_id = ((cta_res[4] << 16) | (cta_res[5] << 8) | cta_res[6]) - 48608;
|
---|
| 217 | int dre_chksum = 0;
|
---|
| 218 | uchar buf[32];
|
---|
[4896] | 219 | snprintf ((char *)buf, sizeof(buf), "%i%i%08i", reader->provider - 16, major_version + 1, low_dre_id);
|
---|
[491] | 220 | for (i = 0; i < 32; i++) {
|
---|
| 221 | if (buf[i] == 0x00)
|
---|
| 222 | break;
|
---|
| 223 | dre_chksum += buf[i] - 48;
|
---|
| 224 | }
|
---|
| 225 |
|
---|
[1399] | 226 | //cs_ri_log("[dre-reader] type: DRE Crypt, caid: %04X, serial: %llu, card: v%x",
|
---|
[1926] | 227 | cs_ri_log (reader, "[dre-reader] type: DRE Crypt, caid: %04X, serial: %s, dre id: %i%i%i%08i, geocode %i, card: %s v%i.%i",
|
---|
[4582] | 228 | reader->caid, cs_hexdump (0, reader->hexserial + 2, 4), dre_chksum, reader->provider - 16,
|
---|
[497] | 229 | major_version + 1, low_dre_id, geocode, card, major_version, minor_version);
|
---|
[1926] | 230 | cs_ri_log (reader, "[dre-reader] Provider name:%s.", provname);
|
---|
[491] | 231 |
|
---|
| 232 |
|
---|
[1926] | 233 | memset (reader->sa, 0, sizeof (reader->sa));
|
---|
| 234 | memcpy (reader->sa[0], reader->hexserial + 2, 1); //copy first byte of unique address also in shared address, because we dont know what it is...
|
---|
[491] | 235 |
|
---|
[1926] | 236 | cs_ri_log (reader, "[dre-reader] SA = %02X%02X%02X%02X, UA = %s", reader->sa[0][0], reader->sa[0][1], reader->sa[0][2],
|
---|
| 237 | reader->sa[0][3], cs_hexdump (0, reader->hexserial + 2, 4));
|
---|
[497] | 238 |
|
---|
[1926] | 239 | reader->nprov = 1;
|
---|
[497] | 240 |
|
---|
[1926] | 241 | if (!dre_set_provider_info (reader))
|
---|
[1389] | 242 | return ERROR; //fatal error
|
---|
[491] | 243 |
|
---|
[1399] | 244 | cs_log ("[dre-reader] ready for requests");
|
---|
[1389] | 245 | return OK;
|
---|
[491] | 246 | }
|
---|
| 247 |
|
---|
[4686] | 248 | static unsigned char DESkeys[16*8]=
|
---|
| 249 | {
|
---|
| 250 | 0x4A,0x11,0x23,0xB1,0x45,0x99,0xCF,0x10, // 00
|
---|
| 251 | 0x21,0x1B,0x18,0xCD,0x02,0xD4,0xA1,0x1F, // 01
|
---|
| 252 | 0x07,0x56,0xAB,0xB4,0x45,0x31,0xAA,0x23, // 02
|
---|
| 253 | 0xCD,0xF2,0x55,0xA1,0x13,0x4C,0xF1,0x76, // 03
|
---|
| 254 | 0x57,0xD9,0x31,0x75,0x13,0x98,0x89,0xC8, // 04
|
---|
| 255 | 0xA3,0x36,0x5B,0x18,0xC2,0x83,0x45,0xE2, // 05
|
---|
| 256 | 0x19,0xF7,0x35,0x08,0xC3,0xDA,0xE1,0x28, // 06
|
---|
| 257 | 0xE7,0x19,0xB5,0xD8,0x8D,0xE3,0x23,0xA4, // 07
|
---|
| 258 | 0xA7,0xEC,0xD2,0x15,0x8B,0x42,0x59,0xC5, // 08
|
---|
| 259 | 0x13,0x49,0x83,0x2E,0xFB,0xAD,0x7C,0xD3, // 09
|
---|
| 260 | 0x37,0x25,0x78,0xE3,0x72,0x19,0x53,0xD9, // 0A
|
---|
| 261 | 0x7A,0x15,0xA4,0xC7,0x15,0x49,0x32,0xE8, // 0B
|
---|
| 262 | 0x63,0xD5,0x96,0xA7,0x27,0xD8,0xB2,0x68, // 0C
|
---|
| 263 | 0x42,0x5E,0x1A,0x8C,0x41,0x69,0x8E,0xE8, // 0D
|
---|
| 264 | 0xC2,0xAB,0x37,0x29,0xD3,0xCF,0x93,0xA7, // 0E
|
---|
| 265 | 0x49,0xD3,0x33,0xC2,0xEB,0x71,0xD3,0x14 // 0F
|
---|
| 266 | };
|
---|
| 267 |
|
---|
| 268 | void DREover(unsigned char *ECMdata, unsigned char *DW)
|
---|
| 269 | {
|
---|
[4692] | 270 | uchar key[8];
|
---|
| 271 | if(ECMdata[2] >= (43+4) && ECMdata[40] == 0x3A && ECMdata[41] == 0x4B)
|
---|
| 272 | {
|
---|
| 273 | memcpy(key, &DESkeys[(ECMdata[42] & 0x0F) * 8], 8);
|
---|
[4687] | 274 |
|
---|
[4692] | 275 | doPC1(key);
|
---|
[4686] | 276 |
|
---|
[4692] | 277 | des(key, DES_ECS2_DECRYPT, DW); // even DW post-process
|
---|
| 278 | des(key, DES_ECS2_DECRYPT, DW+8); // odd DW post-process
|
---|
| 279 | };
|
---|
[4686] | 280 | };
|
---|
| 281 |
|
---|
[3349] | 282 | static int dre_do_ecm (struct s_reader * reader, ECM_REQUEST * er)
|
---|
[491] | 283 | {
|
---|
[1951] | 284 | def_resp;
|
---|
[4582] | 285 | if (reader->caid == 0x4ae0) {
|
---|
[3122] | 286 | uchar ecmcmd41[] = { 0x41,
|
---|
[491] | 287 | 0x58, 0x1f, 0x00, //fixed part, dont change
|
---|
| 288 | 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, //0x01 - 0x08: next key
|
---|
| 289 | 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, //0x11 - 0x18: current key
|
---|
| 290 | 0x3b, 0x59, 0x11 //0x3b = keynumber, can be a value 56 ;; 0x59 number of package = 58+1 - Pay Package ;; 0x11 = provider
|
---|
| 291 | };
|
---|
[1951] | 292 | ecmcmd41[22] = reader->provider;
|
---|
[491] | 293 | memcpy (ecmcmd41 + 4, er->ecm + 8, 16);
|
---|
| 294 | ecmcmd41[20] = er->ecm[6]; //keynumber
|
---|
[497] | 295 | ecmcmd41[21] = 0x58 + er->ecm[25]; //package number
|
---|
[4141] | 296 | cs_debug_mask(D_READER, "[dre-reader] unused ECM info front:%s", cs_hexdump (0, er->ecm, 8));
|
---|
| 297 | cs_debug_mask(D_READER, "[dre-reader] unused ECM info back:%s", cs_hexdump (0, er->ecm + 24, er->ecm[2] + 2 - 24));
|
---|
[491] | 298 | if ((dre_cmd (ecmcmd41))) { //ecm request
|
---|
| 299 | if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
[1389] | 300 | return ERROR; //exit if response is not 90 00
|
---|
[491] | 301 | memcpy (er->cw, cta_res + 11, 8);
|
---|
| 302 | memcpy (er->cw + 8, cta_res + 3, 8);
|
---|
| 303 |
|
---|
[1389] | 304 | return OK;
|
---|
[491] | 305 | }
|
---|
| 306 | }
|
---|
| 307 | else {
|
---|
| 308 |
|
---|
[3122] | 309 | uchar ecmcmd51[] = { 0x51, 0x02, 0x56, 0x05, 0x00, 0x4A, 0xE3, //fixed header?
|
---|
[491] | 310 | 0x9C, 0xDA, //first three nibbles count up, fourth nibble counts down; all ECMs sent twice
|
---|
| 311 | 0xC1, 0x71, 0x21, 0x06, 0xF0, 0x14, 0xA7, 0x0E, //next key?
|
---|
| 312 | 0x89, 0xDA, 0xC9, 0xD7, 0xFD, 0xB9, 0x06, 0xFD, //current key?
|
---|
| 313 | 0xD5, 0x1E, 0x2A, 0xA3, 0xB5, 0xA0, 0x82, 0x11, //key or signature?
|
---|
| 314 | 0x14 //provider
|
---|
| 315 | };
|
---|
| 316 | memcpy (ecmcmd51 + 1, er->ecm + 5, 0x21);
|
---|
[4141] | 317 | cs_debug_mask(D_READER, "[dre-reader] unused ECM info front:%s", cs_hexdump (0, er->ecm, 5));
|
---|
| 318 | cs_debug_mask(D_READER, "[dre-reader] unused ECM info back:%s", cs_hexdump (0, er->ecm + 37, 4));
|
---|
[1951] | 319 | ecmcmd51[33] = reader->provider; //no part of sig
|
---|
[491] | 320 | if ((dre_cmd (ecmcmd51))) { //ecm request
|
---|
| 321 | if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
[1389] | 322 | return ERROR; //exit if response is not 90 00
|
---|
[4686] | 323 | DREover(er->ecm, cta_res + 3);
|
---|
[491] | 324 | memcpy (er->cw, cta_res + 11, 8);
|
---|
| 325 | memcpy (er->cw + 8, cta_res + 3, 8);
|
---|
[1389] | 326 | return OK;
|
---|
[491] | 327 | }
|
---|
| 328 | }
|
---|
[1389] | 329 | return ERROR;
|
---|
[491] | 330 | }
|
---|
| 331 |
|
---|
[3349] | 332 | static int dre_get_emm_type(EMM_PACKET *ep, struct s_reader * rdr)
|
---|
[1766] | 333 | {
|
---|
| 334 | switch (ep->emm[0]) {
|
---|
| 335 | case 0x87:
|
---|
[2052] | 336 | ep->type = UNIQUE;
|
---|
| 337 | return TRUE; //FIXME: no filling of ep->hexserial
|
---|
| 338 |
|
---|
[1766] | 339 | case 0x89:
|
---|
[2032] | 340 | ep->type = SHARED;
|
---|
[2050] | 341 | // FIXME: Seems to be that SA is only used with caid 0x4ae1
|
---|
[4582] | 342 | if (rdr->caid == 0x4ae1) {
|
---|
[2050] | 343 | memset(ep->hexserial, 0, 8);
|
---|
| 344 | memcpy(ep->hexserial, ep->emm + 3, 4);
|
---|
| 345 | return (!memcmp(&rdr->sa[0][0], ep->emm + 3, 4));
|
---|
[2051] | 346 | }
|
---|
[2050] | 347 | else
|
---|
| 348 | return TRUE;
|
---|
[1766] | 349 | default:
|
---|
| 350 | ep->type = UNKNOWN;
|
---|
[2052] | 351 | return TRUE;
|
---|
[1766] | 352 | }
|
---|
| 353 | }
|
---|
| 354 |
|
---|
[2074] | 355 | void dre_get_emm_filter(struct s_reader * rdr, uchar *filter)
|
---|
[2032] | 356 | {
|
---|
[4875] | 357 | int idx = 2;
|
---|
| 358 |
|
---|
[2074] | 359 | filter[0]=0xFF;
|
---|
[4875] | 360 | filter[1]=0;
|
---|
[2032] | 361 |
|
---|
[4904] | 362 | filter[idx++]=EMM_GLOBAL;
|
---|
| 363 | filter[idx++]=1; //not active
|
---|
| 364 | //FIXME: Dont now how to filter GLOBAL EMM's
|
---|
| 365 | filter[idx+0] = 0xFF; //dummy
|
---|
| 366 | filter[idx+0+16] = 0xFF;
|
---|
| 367 | filter[1]++;
|
---|
| 368 | idx += 32;
|
---|
[2074] | 369 |
|
---|
[4904] | 370 | filter[idx++]=EMM_SHARED;
|
---|
| 371 | filter[idx++]=0;
|
---|
| 372 | filter[idx+0] = 0x89;
|
---|
| 373 | filter[idx+0+16] = 0xFF;
|
---|
| 374 | // FIXME: Seems to be that SA is only used with caid 0x4ae1
|
---|
| 375 | if (rdr->caid == 0x4ae1) {
|
---|
| 376 | memcpy(filter+idx+1, &rdr->sa[0][0], 4);
|
---|
| 377 | memset(filter+idx+1+16, 0xFF, 4);
|
---|
[4875] | 378 | }
|
---|
[4904] | 379 | filter[1]++;
|
---|
| 380 | idx += 32;
|
---|
[2074] | 381 |
|
---|
[4904] | 382 | filter[70]=EMM_UNIQUE;
|
---|
| 383 | filter[71]=0;
|
---|
| 384 | filter[72+0] = 0x87;
|
---|
| 385 | filter[72+0+16] = 0xFF;
|
---|
| 386 | //FIXME: No filter for hexserial
|
---|
| 387 | filter[1]++;
|
---|
| 388 | idx += 32;
|
---|
[2074] | 389 |
|
---|
| 390 | return;
|
---|
[2032] | 391 | }
|
---|
| 392 |
|
---|
[3349] | 393 | static int dre_do_emm (struct s_reader * reader, EMM_PACKET * ep)
|
---|
[491] | 394 | {
|
---|
[1951] | 395 | def_resp;
|
---|
[497] | 396 |
|
---|
[4141] | 397 | cs_ddump_mask(D_READER, ep->emm, ((ep->emm[1] & 0x0f) << 8) + ep->emm[2] + 3, "EMM:");
|
---|
[497] | 398 |
|
---|
[4582] | 399 | if (reader->caid == 0x4ae1) {
|
---|
[2853] | 400 | if(ep->type == UNIQUE && ep->emm[39] == 0x3d)
|
---|
| 401 | { /* For new package activation. */
|
---|
[3122] | 402 | uchar emmcmd58[26];
|
---|
[2853] | 403 | emmcmd58[0] = 0x58;
|
---|
| 404 | memcpy(&emmcmd58[1], &ep->emm[40], 24);
|
---|
| 405 | emmcmd58[25] = 0x15;
|
---|
| 406 | if ((dre_cmd (emmcmd58)))
|
---|
| 407 | if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
| 408 | return ERROR;
|
---|
| 409 | }
|
---|
| 410 | else
|
---|
| 411 | {
|
---|
[3122] | 412 | uchar emmcmd52[0x3a];
|
---|
[2853] | 413 | emmcmd52[0] = 0x52;
|
---|
| 414 | int i;
|
---|
| 415 | for (i = 0; i < 2; i++) {
|
---|
| 416 | memcpy (emmcmd52 + 1, ep->emm + 5 + 32 + i * 56, 56);
|
---|
| 417 | // check for shared address
|
---|
| 418 | if(ep->emm[3]!=reader->sa[0][0])
|
---|
| 419 | return OK; // ignore, wrong address
|
---|
| 420 | emmcmd52[0x39] = reader->provider;
|
---|
| 421 | if ((dre_cmd (emmcmd52)))
|
---|
| 422 | if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
| 423 | return ERROR; //exit if response is not 90 00
|
---|
| 424 | }
|
---|
| 425 | }
|
---|
[497] | 426 | }
|
---|
[498] | 427 | else {
|
---|
[3122] | 428 | uchar emmcmd42[] =
|
---|
[498] | 429 | { 0x42, 0x85, 0x58, 0x01, 0xC8, 0x00, 0x00, 0x00, 0x05, 0xB8, 0x0C, 0xBD, 0x7B, 0x07, 0x04, 0xC8,
|
---|
| 430 | 0x77, 0x31, 0x95, 0xF2, 0x30, 0xB7, 0xE9, 0xEE, 0x0F, 0x81, 0x39, 0x1C, 0x1F, 0xA9, 0x11, 0x3E,
|
---|
| 431 | 0xE5, 0x0E, 0x8E, 0x50, 0xA4, 0x31, 0xBB, 0x01, 0x00, 0xD6, 0xAF, 0x69, 0x60, 0x04, 0x70, 0x3A,
|
---|
| 432 | 0x91,
|
---|
| 433 | 0x56, 0x58, 0x11
|
---|
| 434 | };
|
---|
[834] | 435 | int i;
|
---|
[1766] | 436 | switch (ep->type) {
|
---|
| 437 | case UNIQUE:
|
---|
[834] | 438 | for (i = 0; i < 2; i++) {
|
---|
| 439 | memcpy (emmcmd42 + 1, ep->emm + 42 + i*49, 48);
|
---|
| 440 | emmcmd42[49] = ep->emm[i*49 + 41]; //keynr
|
---|
| 441 | emmcmd42[50] = 0x58 + ep->emm[40]; //package nr
|
---|
[1951] | 442 | emmcmd42[51] = reader->provider;
|
---|
[834] | 443 | if ((dre_cmd (emmcmd42))) {
|
---|
| 444 | if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
[1389] | 445 | return ERROR; //exit if response is not 90 00
|
---|
[834] | 446 | }
|
---|
[823] | 447 | }
|
---|
| 448 | break;
|
---|
[1766] | 449 | case SHARED:
|
---|
[823] | 450 | default:
|
---|
| 451 | memcpy (emmcmd42 + 1, ep->emm + 6, 48);
|
---|
[1951] | 452 | emmcmd42[51] = reader->provider;
|
---|
[823] | 453 | //emmcmd42[50] = ecmcmd42[2]; //TODO package nr could also be fixed 0x58
|
---|
| 454 | emmcmd42[50] = 0x58;
|
---|
| 455 | emmcmd42[49] = ep->emm[5]; //keynr
|
---|
| 456 | /* response:
|
---|
| 457 | 59 05 A2 02 05 01 5B
|
---|
| 458 | 90 00 */
|
---|
| 459 | if ((dre_cmd (emmcmd42))) { //first emm request
|
---|
| 460 | if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
[1389] | 461 | return ERROR; //exit if response is not 90 00
|
---|
[823] | 462 |
|
---|
| 463 | memcpy (emmcmd42 + 1, ep->emm + 55, 7); //TODO OR next two lines?
|
---|
| 464 | /*memcpy (emmcmd42 + 1, ep->emm + 55, 7); //FIXME either I cant count or my EMM log contains errors
|
---|
| 465 | memcpy (emmcmd42 + 8, ep->emm + 67, 41); */
|
---|
[1951] | 466 | emmcmd42[51] = reader->provider;
|
---|
[823] | 467 | //emmcmd42[50] = ecmcmd42[2]; //TODO package nr could also be fixed 0x58
|
---|
| 468 | emmcmd42[50] = 0x58;
|
---|
| 469 | emmcmd42[49] = ep->emm[54]; //keynr
|
---|
| 470 | if ((dre_cmd (emmcmd42))) { //second emm request
|
---|
| 471 | if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
[1389] | 472 | return ERROR; //exit if response is not 90 00
|
---|
[823] | 473 | }
|
---|
| 474 | }
|
---|
| 475 | }
|
---|
[498] | 476 | }
|
---|
[1389] | 477 | return OK; //success
|
---|
[491] | 478 | }
|
---|
| 479 |
|
---|
[3349] | 480 | static int dre_card_info (void)
|
---|
[491] | 481 | {
|
---|
[1389] | 482 | return OK;
|
---|
[491] | 483 | }
|
---|
[3168] | 484 |
|
---|
| 485 | void reader_dre(struct s_cardsystem *ph)
|
---|
| 486 | {
|
---|
| 487 | ph->do_emm=dre_do_emm;
|
---|
| 488 | ph->do_ecm=dre_do_ecm;
|
---|
| 489 | ph->card_info=dre_card_info;
|
---|
| 490 | ph->card_init=dre_card_init;
|
---|
| 491 | ph->get_emm_type=dre_get_emm_type;
|
---|
| 492 | ph->get_emm_filter=dre_get_emm_filter;
|
---|
| 493 | ph->caids[0]=0x4A;
|
---|
[3893] | 494 | ph->desc="dre";
|
---|
[3168] | 495 | }
|
---|