source: trunk/reader-dre.c @ 498

Last change on this file since 498 was 498, checked in by dingo35, 10 years ago

Drecrypt update; ecm Dre1 working, emm Dre1 untested, ecm Dre2 untested, emm Dre2 untested

  • Property svn:eol-style set to native
File size: 19.2 KB
Line 
1#include "globals.h"
2#include "reader-common.h"
3//#include <stdlib.h>
4
5extern uchar cta_cmd[], cta_res[];
6extern ushort cta_lr;
7unsigned long long serial;
8char *card;
9static uchar provider;
10static short int mode;
11
12#define OK_RESPONSE 0x61
13#define CMD_BYTE 0x59
14
15#define dre_cmd(cmd) \
16{ \
17    dre_command(cmd, sizeof(cmd)); \
18}
19
20int dre_set_provider_info (void)
21{
22  int i;
23  static uchar cmd59[] = { 0x59, 0x14 };    // subscriptions
24  static uchar cmd5b[] = { 0x5b, 0x00, 0x14 };  //validity dates
25
26  cmd59[1] = provider;
27  if ((dre_cmd (cmd59))) {  //ask subscription packages, returns error on 0x11 card
28    uchar pbm[32];
29    memcpy (pbm, cta_res + 3, cta_lr - 6);
30    cs_debug ("DRECRYPT pbm: %s", cs_hexdump (0, pbm, 32));
31
32    if (pbm[0] == 0xff)
33      cs_log ("No active packages!");
34    else
35      for (i = 0; i < 32; i++)
36    if (pbm[i] != 0xff) {
37      cmd5b[1] = i;
38      cmd5b[2] = provider;
39      dre_cmd (cmd5b);  //ask for validity dates
40
41      time_t start;
42      time_t end;
43      start = (cta_res[3] << 24) | (cta_res[4] << 16) | (cta_res[5] << 8) | cta_res[6];
44      end = (cta_res[7] << 24) | (cta_res[8] << 16) | (cta_res[9] << 8) | cta_res[10];
45
46      struct tm *temp;
47
48      temp = localtime (&start);
49      int startyear = temp->tm_year + 1900;
50      int startmonth = temp->tm_mon + 1;
51      int startday = temp->tm_mday;
52      temp = localtime (&end);
53      int endyear = temp->tm_year + 1900;
54      int endmonth = temp->tm_mon + 1;
55      int endday = temp->tm_mday;
56      cs_log ("Active package %i valid from %04i/%02i/%02i to %04i/%02i/%02i", i, startyear, startmonth, startday,
57          endyear, endmonth, endday);
58    }
59  }
60  return 1;
61}
62
63uchar xor (uchar * cmd, int cmdlen)
64{
65  int i;
66  uchar checksum = 0x00;
67  for (i = 0; i < cmdlen; i++)
68    checksum ^= cmd[i];
69  return checksum;
70}
71
72
73int dre_command (uchar * cmd, int cmdlen)   //attention: inputcommand will be changed!!!! answer will be in cta_res, length cta_lr ; returning 1 = no error, return 0 = err
74{
75  static uchar startcmd[] = { 0x80, 0xFF, 0x10, 0x01, 0x05 };   //any command starts with this,
76  //last byte is nr of bytes of the command that will be sent
77  //after the startcmd
78//response on startcmd+cmd:     = { 0x61, 0x05 }  //0x61 = "OK", last byte is nr. of bytes card will send
79  static uchar reqans[] = { 0x00, 0xC0, 0x00, 0x00, 0x08 }; //after command answer has to be requested,
80  //last byte must be nr. of bytes that card has reported to send
81  uchar command[256];
82  int headerlen = sizeof (startcmd);
83  startcmd[4] = cmdlen + 3; //commandlength + type + len + checksum bytes
84  memcpy (command, startcmd, headerlen);
85  command[headerlen++] = CMD_BYTE;  //type
86  command[headerlen++] = cmdlen + 1;    //len = command + 1 checksum byte
87  memcpy (command + headerlen, cmd, cmdlen);
88
89  uchar checksum = ~xor (cmd, cmdlen);
90  //cs_debug ("Checksum: %02x", checksum);
91  cmdlen += headerlen;
92  command[cmdlen++] = checksum;
93
94  reader_cmd2icc (command, cmdlen);
95
96  if ((cta_lr != 2) || (cta_res[0] != OK_RESPONSE)) {
97    cs_log ("DRECRYPT ERROR: unexpected answer from card: %s", cs_hexdump (0, cta_res, cta_lr));
98    return 0;           //error
99  }
100
101  reqans[4] = cta_res[1];   //adapt length byte
102  reader_cmd2icc (reqans, 5);
103
104  if (cta_res[0] != CMD_BYTE) {
105    cs_log ("DRECRYPT Unknown response: cta_res[0] expected to be %02x, is %02x", CMD_BYTE, cta_res[0]);
106    return 0;
107  }
108  if ((cta_res[1] == 0x03) && (cta_res[2] == 0xe2)) {
109    switch (cta_res[3]) {
110    case 0xe1:
111      cs_log ("DRECRYPT checksum error: %s.", cs_hexdump (0, cta_res, cta_lr));
112      break;
113    case 0xe2:
114      cs_log ("DRECRYPT wrong provider: %s.", cs_hexdump (0, cta_res, cta_lr));
115      break;
116    case 0xec:
117      cs_log ("DRECRYPT wrong signature: %s.", cs_hexdump (0, cta_res, cta_lr));
118      break;
119    default:
120      cs_debug ("DRECRYPT unknown error: %s.", cs_hexdump (0, cta_res, cta_lr));
121      break;
122    }
123    return 0;           //error
124  }
125  int length_excl_leader = cta_lr;
126  if ((cta_res[cta_lr - 2] == 0x90) && (cta_res[cta_lr - 1] == 0x00))
127    length_excl_leader -= 2;
128
129  checksum = ~xor (cta_res + 2, length_excl_leader - 3);
130
131  if (cta_res[length_excl_leader - 1] != checksum) {
132    cs_log ("DRECRYPT checksum does not match, expected %02x received %02x:%s", checksum,
133        cta_res[length_excl_leader - 1], cs_hexdump (0, cta_res, cta_lr));
134    return 0;           //error
135  }
136  return 1;
137}
138
139int dre_card_init (uchar * atr, int atrsize)
140{
141  static uchar ua[] = { 0x43, 0x15 };   // get serial number (UA)
142  static uchar providers[] = { 0x49, 0x15 };    // get providers
143  int i;
144
145  if ((atr[0] != 0x3b) || (atr[1] != 0x15) || (atr[2] != 0x11) || (atr[3] != 0x12 || atr[4] != 0xca || atr[5] != 0x07))
146    return (0);
147
148  provider = atr[6];
149  uchar checksum = xor (atr + 1, 6);
150
151  if (checksum != atr[7])
152    cs_log ("DRECRYPT Warning: expected ATR checksum %02x, smartcard reports %02x", checksum, atr[7]);
153
154  switch (atr[6]) {
155  case 0x11:
156    card = "Tricolor Centr";
157    reader[ridx].caid[0] = 0x4ae0;
158    mode = 41;
159    break;          //59 type card = MSP (74 type = ATMEL)
160  case 0x12:
161    card = "Cable TV";
162    reader[ridx].caid[0] = 0x4ae0;  //TODO not sure about this one
163    mode = 41;          //TODO not sure
164    break;
165  case 0x14:
166    card = "Tricolor Syberia / Platforma HD new";
167    reader[ridx].caid[0] = 0x4ae1;
168    mode = 51;
169    break;          //59 type card
170  case 0x15:
171    card = "Platforma HD / DW old";
172    reader[ridx].caid[0] = 0x4ae1;  //TODO not sure
173    mode = 51;
174    break;          //59 type card
175  default:
176    card = "Unknown";
177    reader[ridx].caid[0] = 0x4ae1;  //TODO: what is sensible value here?
178    mode = 51;
179    break;
180  }
181
182  memset (reader[ridx].prid, 0x00, 8);
183
184  static uchar cmd30[] =
185    { 0x30, 0x81, 0x00, 0x81, 0x82, 0x03, 0x84, 0x05, 0x06, 0x87, 0x08, 0x09, 0x00, 0x81, 0x82, 0x03, 0x84, 0x05,
186    0x00
187  };
188  dre_cmd (cmd30);      //unknown command, generates error on card 0x11 and 0x14
189/*
190response:
19159 03 E2 E3
192FE 48 */
193
194  static uchar cmd54[] = { 0x54, 0x14 };    // geocode
195  cmd54[1] = provider;
196  uchar geocode = 0;
197  if ((dre_cmd (cmd54)))    //error would not be fatal, like on 0x11 cards
198    geocode = cta_res[3];
199
200  providers[1] = provider;
201  if (!(dre_cmd (providers)))
202    return 0;           //fatal error
203  if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
204    return 0;
205  uchar provname[128];
206  for (i = 0; ((i < cta_res[2] - 6) && (i < 128)); i++) {
207    provname[i] = cta_res[6 + i];
208    if (provname[i] == 0x00)
209      break;
210  }
211  int major_version = cta_res[3];
212  int minor_version = cta_res[4];
213
214  ua[1] = provider;
215  dre_cmd (ua);         //error would not be fatal
216
217  int hexlength = cta_res[1] - 2;   //discard first and last byte, last byte is always checksum, first is answer code
218
219  reader[ridx].hexserial[0] = 0;
220  reader[ridx].hexserial[1] = 0;
221  memcpy (reader[ridx].hexserial + 2, cta_res + 3, hexlength);
222
223  int low_dre_id = ((cta_res[4] << 16) | (cta_res[5] << 8) | cta_res[6]) - 48608;
224  int dre_chksum = 0;
225  uchar buf[32];
226  sprintf (buf, "%i%i%08i", provider - 16, major_version + 1, low_dre_id);
227  for (i = 0; i < 32; i++) {
228    if (buf[i] == 0x00)
229      break;
230    dre_chksum += buf[i] - 48;
231  }
232
233  //cs_ri_log("type: DRECrypt, caid: %04X, serial: %llu, card: v%x",
234  cs_log ("type: DRECrypt, caid: %04X, serial: %s, dre id: %i%i%i%08i, geocode %i, card: %s v%i.%i",
235      reader[ridx].caid[0], cs_hexdump (0, reader[ridx].hexserial + 2, 4), dre_chksum, provider - 16,
236      major_version + 1, low_dre_id, geocode, card, major_version, minor_version);
237  cs_log ("Provider name:%s.", provname);
238
239
240  memset (reader[ridx].sa, 0, sizeof (reader[ridx].sa));
241  memcpy (reader[ridx].sa[0], reader[ridx].hexserial + 2, 1);   //copy first byte of unique address also in shared address, because we dont know what it is...
242
243  cs_log ("DEBUG: SA = %02X%02X%02X%02X, UA = %s", reader[ridx].sa[0][0], reader[ridx].sa[0][1], reader[ridx].sa[0][2],
244      reader[ridx].sa[0][3], cs_hexdump (0, reader[ridx].hexserial + 2, 4));
245
246  //reader[ridx].nprov = 1; TODO doesnt seem necessary
247
248  if (!dre_set_provider_info ())
249    return 0;           //fatal error
250
251
252  /* Unknown function 51
253     59
254     23 51 82 3B 05 00 4A D4 CA
255     A3 1D A2
256     DF 95 29 90 65 E1 95 B8 1C 91 87 C8 B5 CB 62 2F
257     09
258     F7 BC 18 BA 14  some byte seems to be missing !?!
259
260     ANOTHER INS is the same except last line:
261     EF C7 1D 4C E3 14 last byte stays the same = provider byte???
262
263     response: DW info retour
264     59 12 D2 8E 7A FE BA 6C DF 31 49
265     1A 8F 34
266     98 48 42 CE 0D DE
267     90 00 */
268
269
270  //memcpy(&reader[ridx].prid[i][2], cta_res, 2);
271
272//############### PLAYGROUND ////
273
274//from bbs, provider = 15???
275//static uchar ecmtest[] = { 0x51, 0x01, 0x56, 0x00, 0x00, 0x48, 0xC6, 0xF0, 0x19, 0x01, 0xD4, 0xDF, 0x4F, 0xD7, 0x91, 0x55, 0x68, 0x02, 0x72, 0xF7, 0x98, 0x28, 0xBD, 0x78, 0x8E, 0x4E, 0xE8, 0xED, 0x0B, 0x51, 0xBF, 0xA4, 0x4E, 0x15 };
276//from log, works:
277//static uchar ecmtest[] = { 0x51, 0x02, 0x56, 0x05, 0x00, 0x4A, 0xE3, 0x9C, 0xDA, 0xC1, 0x71, 0x21, 0x06, 0xF0, 0x14, 0xA7, 0x0E, 0x89, 0xDA, 0xC9, 0xD7, 0xFD, 0xB9, 0x06, 0xFD, 0xD5, 0x1E, 0x2A, 0xA3, 0xB5, 0xA0, 0x82, 0x11, 0x14 };
278/*  static uchar ecmtest[] =
279    { 0x51, 0x03, 0x56, 0x05, 0x00, 0x4A, 0xE4, 0x58, 0x02, 0x8B, 0xAE, 0x42, 0xEE, 0xE2, 0x6A, 0x7F, 0x51, 0xE0, 0x7D,
2800xCE, 0x20, 0x8A, 0x24, 0xE8, 0xBA, 0xA6, 0xC3, 0xCB, 0x35, 0x45, 0x35, 0x52, 0x94, 0x14 };
281*/
282//from platforma itself through dvbviewer
283/*
284  static uchar ecmtest[] =
285    { 0x51, 0x02, 0x56, 0x00, 0x00, 0x4A, 0xEC, 0x00, 0xAA, 0x31, 0x39, 0x06, 0x57, 0x94, 0x55, 0x1D, 0x23, 0x52, 0x88,
2860x3D, 0xA8, 0x62, 0xDC, 0xA2, 0x98, 0xD7, 0xAB, 0x0D, 0x80, 0x60, 0x15, 0xF5, 0x07, 0x14 };
287*/
288  //from redirected dvbviewer
289  static uchar ecmtest[] =
290    { 0x51, 0x02, 0x56, 0x00, 0x00, 0x4A, 0xEC, 0x3B, 0xF6, 0x56, 0x5A, 0x43, 0x95, 0x43, 0x05, 0x02, 0xBB, 0x46, 0x22,
291    0x27, 0xEF, 0x33, 0xF4, 0xA9, 0xD0, 0x65, 0xDB, 0x57, 0x8F, 0x8F, 0x7C, 0x19, 0x36, 0x14
292  };
293
294//rest: 0x93, 0x36, 0x58, 0xC9
295
296
297  //ecmcmd51[33]=provider; //FIXME part of signatur
298
299//int hans, index, save;
300//for (index=1; index<3; index++) {
301//  save = ecmtest[index];
302//  for (hans=0; hans<256; hans++) {
303//   ecmtest[index] = hans;
304//    if ((dre_cmd(ecmtest)))
305//  }
306//  ecmtest[index] = save;
307//}
308/*
309  EMM_PACKET *eptmp;
310  eptmp = malloc (sizeof (EMM_PACKET));
311//  static unsigned char tempser[] = { 0, 0, 0xC8, 0x4D, 0x25, 0x5A };
312//  memcpy (reader[ridx].hexserial, tempser, 8);
313  dre_do_emm (eptmp);
314  free (eptmp);*/
315//############### PLAYGROUND ////
316  cs_log ("ready for requests");
317  return (1);
318}
319
320int dre_do_ecm (ECM_REQUEST * er)
321{
322  //
323  //cmd41 is not known for card provider 0x14 ???
324  if (mode == 41) {
325    static uchar ecmcmd41[] = { 0x41,
326      0x58, 0x1f, 0x00,     //fixed part, dont change
327      0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,   //0x01 - 0x08: next key
328      0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18,   //0x11 - 0x18: current key
329      0x3b, 0x59, 0x11      //0x3b = keynumber, can be a value 56 ;; 0x59 number of package = 58+1 - Pay Package ;; 0x11 = provider
330    };
331    ecmcmd41[22] = provider;
332    memcpy (ecmcmd41 + 4, er->ecm + 8, 16);
333    ecmcmd41[20] = er->ecm[6];  //keynumber
334    ecmcmd41[21] = 0x58 + er->ecm[25];  //package number
335    cs_debug ("DEBUG: unused ECM info front:%s", cs_hexdump (0, er->ecm, 8));
336    cs_debug ("DEBUG: unused ECM info back:%s", cs_hexdump (0, er->ecm + 24, er->ecm[2] + 2 - 24));
337    if ((dre_cmd (ecmcmd41))) { //ecm request
338      if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
339    return (0);     //exit if response is not 90 00 //TODO: if response is 9027 ppv mode is possible!
340      memcpy (er->cw, cta_res + 11, 8);
341      memcpy (er->cw + 8, cta_res + 3, 8);
342
343      return 1;
344    }
345  }
346  else {
347
348    //cmd51 is used for provider 0x14
349    static uchar ecmcmd51[] = { 0x51, 0x02, 0x56, 0x05, 0x00, 0x4A, 0xE3,   //fixed header?
350      0x9C, 0xDA,       //first three nibbles count up, fourth nibble counts down; all ECMs sent twice
351      0xC1, 0x71, 0x21, 0x06, 0xF0, 0x14, 0xA7, 0x0E,   //next key?
352      0x89, 0xDA, 0xC9, 0xD7, 0xFD, 0xB9, 0x06, 0xFD,   //current key?
353      0xD5, 0x1E, 0x2A, 0xA3, 0xB5, 0xA0, 0x82, 0x11,   //key or signature?
354      0x14          //provider
355    };
356    memcpy (ecmcmd51 + 1, er->ecm + 5, 0x21);
357    //cs_log ("DEBUG: ECM: %s", cs_hexdump (0, er->ecm, er->ecm[2] + 3));
358    cs_debug ("DEBUG: unused ECM info front:%s", cs_hexdump (0, er->ecm, 5));
359    cs_debug ("DEBUG: unused ECM info back:%s", cs_hexdump (0, er->ecm + 37, 4));
360    ecmcmd51[33] = provider;    //no part of sig
361    if ((dre_cmd (ecmcmd51))) { //ecm request
362      if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
363    return (0);     //exit if response is not 90 00 //TODO: if response is 9027 ppv mode is possible!
364      //memcpy(er->cw,cta_res+3,16);
365      //or swap bytes:
366      memcpy (er->cw, cta_res + 11, 8);
367      memcpy (er->cw + 8, cta_res + 3, 8);
368
369      //  return 0; //FIXME only used for testing CWs
370      return 1;
371    }
372  }
373  return 0;
374}
375
376int dre_do_emm (EMM_PACKET * ep)
377{
378  //return 0;                   //FIXME STUB
379  /*
380     uchar emmtest[] = { 0x87, 0x00, 0x8C, 0xC8, 0x4D, 0x25, 0x5A, 0x02, 0xA9, 0xA5, 0x34, 0x31, 0xAB, 0x9C, 0x9B, 0x59,
381     0x5D, 0x47, 0x95, 0xB3, 0xB1, 0x61, 0x47, 0xE6, 0x85, 0xE0, 0x17, 0xC8, 0x25, 0x70, 0x59, 0x73,
382     0x12, 0x1F, 0x2B, 0x9B, 0x02, 0x5A, 0x9D, 0x3A, 0x05, 0x56, 0x85, 0x58, 0x00, 0xC8, 0x4D, 0x25,
383     0x5A, 0x06, 0x02, 0x23, 0xB4, 0x37, 0x1E, 0xE0, 0x7E, 0x59, 0xFC, 0x38, 0xCA, 0x13, 0x21, 0x0D,
384     0x3E, 0x09, 0xDF, 0xB4, 0x45, 0x6C, 0x99, 0x7E, 0x3E, 0xDA, 0xA4, 0xC7, 0xB9, 0x7B, 0xAB, 0x4A,
385     0xB5, 0xE2, 0x1D, 0xA3, 0xCD, 0x03, 0xAF, 0xDA, 0xBA, 0xEA, 0x3B, 0x85, 0x58, 0x00, 0xC8, 0x4D,
386     0x25, 0x5A, 0x05, 0xF4, 0xAF, 0x8B, 0x8F, 0x2F, 0x6C, 0xF2, 0x43, 0x8C, 0x86, 0x03, 0xFD, 0x1C,
387     0xDF, 0x7A, 0xE4, 0xB6, 0x0B, 0xF9, 0x70, 0x72, 0xFC, 0x2A, 0xEC, 0x0F, 0x6D, 0x8D, 0x82, 0xC6,
388     0x4C, 0x16, 0x81, 0xDC, 0xC9, 0x3C, 0x34, 0x84, 0x35, 0x9A, 0xA7, 0xED, 0xB1, 0x39, 0xBC
389     }; //UNIQE EMM
390   */
391 /*
392  uchar emmtest[] = { 0x89, 0x00, 0x68, 0x00, 0x4D, 0x56, 0x85, 0x58, 0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x29, 0x58,
393    0x89, 0x04, 0x3A, 0xEE, 0x15, 0xB1, 0x38, 0x4A, 0x75, 0x5A, 0x21, 0xEE, 0x4D, 0x37, 0xF3, 0x53,
394    0xF8, 0xAC, 0x1F, 0x8D, 0xEA, 0xDF, 0x12, 0x73, 0x00, 0x69, 0xBB, 0x67, 0x5D, 0x8A, 0x96, 0x2D,
395    0x1C, 0x08, 0xEB, 0xF1, 0xCA, 0x40, 0x3B, 0x85, 0x58, 0x01, 0x00, 0x00, 0x00, 0x00, 0x05, 0x85,
396    0xF2, 0xE1, 0xD9, 0x86, 0xEA, 0x19, 0x6A, 0xEF, 0x3B, 0x9D, 0x0C, 0xEA, 0xF3, 0x7B, 0x74, 0xE5,
397    0xF7, 0x4F, 0xD6, 0x9C, 0x85, 0x6C, 0x7E, 0x79, 0xDF, 0x18, 0xD1, 0xC3, 0x54, 0xA9, 0x47, 0xCB,
398    0xAC, 0xB6, 0x18, 0x71, 0xC8, 0x69, 0x6B, 0x10, 0xFF, 0x9D, 0x11
399  };                //GLOBAL EMM???
400
401  memcpy (ep->emm, emmtest, 0x8f);*/
402
403  int emm_length = ((ep->emm[1] & 0x0f) << 8) + ep->emm[2];
404
405  cs_ddump (ep->emm, emm_length + 3, "EMM:");
406  ep->type = ep->emm[0];
407  //cs_debug ("ep->type%x", ep->type);
408
409  if (mode == 51) {
410    static uchar emmcmd52[0x3a];
411    emmcmd52[0] = 0x52;
412    int i;
413    for (i = 0; i < 2; i++) {
414      memcpy (emmcmd52 + 1, ep->emm + 5 + 32 + i * 56, 56);
415      emmcmd52[0x39] = provider;
416      if ((dre_cmd (emmcmd52)))
417    if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
418      return (0);       //exit if response is not 90 00
419    }
420  }
421
422  else {
423
424    static uchar emmcmd42[] =
425      { 0x42, 0x85, 0x58, 0x01, 0xC8, 0x00, 0x00, 0x00, 0x05, 0xB8, 0x0C, 0xBD, 0x7B, 0x07, 0x04, 0xC8,
426      0x77, 0x31, 0x95, 0xF2, 0x30, 0xB7, 0xE9, 0xEE, 0x0F, 0x81, 0x39, 0x1C, 0x1F, 0xA9, 0x11, 0x3E,
427      0xE5, 0x0E, 0x8E, 0x50, 0xA4, 0x31, 0xBB, 0x01, 0x00, 0xD6, 0xAF, 0x69, 0x60, 0x04, 0x70, 0x3A,
428      0x91,
429      0x56, 0x58, 0x11
430    };
431/*
432    if (memcmp (ep->emm + 9, reader[ridx].sa[0], 1)) {  //in case of SHARED EMM, only first byte has to match?
433      cs_log ("EMM: Shared update did not match; EMM SA:%02X%02X%02X%02X, Reader SA:%s.", ep->emm[9], ep->emm[10],
434          ep->emm[11], ep->emm[12], cs_hexdump (0, reader[ridx].sa[0], 4));
435      return (0);
436    }
437    else {
438      cs_log ("EMM: Shared update matched for EMM SA %02X%02X%02X%02X.", ep->emm[9], ep->emm[19], ep->emm[11],
439          ep->emm[12]);
440    } */
441    /*
442       01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
443       88 00 68 C8 4D 56 85 58 01 C8 00 00 00 05 B8 0C
444
445       17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 --
446       BD 7B 07 04 C8 77 31 95 F2 30 B7 E9 EE 0F 81 39
447
448       33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 --
449       1C 1F A9 11 3E E5 0E 8E 50 A4 31 BB 01 00 D6 AF
450
451       49 50 51 52 53 54X55 56 57 58 59 60 61 62 63 64 --
452       69 60 04 70 3A 91 3B 85 58 01 C8 00 00 00 05 B1
453
454       65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 --
455       3F BF A0 05 6E BD AB 0A 70 77 30 C2 AC EC 06 C2
456
457       81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 --
458       3D 47 50 8D B1 77 68 62 6B 26 6B CE A9 EF 1B 6A
459
460       97 98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 --
461       DF 7B 39 52 A4 5A 0E B0 A6 ED 7B DC 82 3C AE A3
462
463       Here we have:
464
465       Bytes ...
466       01 (88) - EMM filter can be a value 87
467       03 (68) - length of data EMM
468       04 (C8) - the number of SA for the filter (C8 - is a map)
469       06 (56) - index kriptodannyh (56/3B alternate) are likely key number
470
471       07 (85) - choice of algorithm (8x - MSP / 4x - Atmel), in the cards until only 85
472       08 (01) - the type of EMM (00 - EMM_U, solo / 01 - EMM_S, group)
473       10 - 13 (C8 00 00 00) - here only for SA EMM_S
474       14 (05) - additional flags
475       15 - 54 (V8. .. 91) own body EMM, information about the key.
476       55 (3B) may be a checksum.
477
478       Bytes 56 - 104 - for the second key.
479       Appointment of the remaining bytes is unknown.
480     */
481    memcpy (emmcmd42 + 1, ep->emm + 6, 48);
482    emmcmd42[51] = provider;
483    //emmcmd42[50] = ecmcmd42[2]; //TODO package nr could also be fixed 0x58
484    emmcmd42[50] = 0x58;
485    emmcmd42[49] = ep->emm[5];  //keynr
486    /* response:
487       59 05 A2 02 05 01 5B
488       90 00 */
489    if ((dre_cmd (emmcmd42))) { //first emm request
490      if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
491    return (0);     //exit if response is not 90 00
492
493      memcpy (emmcmd42 + 1, ep->emm + 55, 7); //TODO OR next two lines?
494      /*memcpy (emmcmd42 + 1, ep->emm + 55, 7);  //FIXME either I cant count or my EMM log contains errors
495         memcpy (emmcmd42 + 8, ep->emm + 67, 41); */
496      emmcmd42[51] = provider;
497      //emmcmd42[50] = ecmcmd42[2]; //TODO package nr could also be fixed 0x58
498      emmcmd42[50] = 0x58;
499      emmcmd42[49] = ep->emm[54];   //keynr
500      if ((dre_cmd (emmcmd42))) {   //second emm request
501    if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
502      return (0);       //exit if response is not 90 00
503    return 1;       //success
504      }
505    }
506  }
507
508  /*
509     0x87, 0x00, 0x8C, ser1, ser2, ser3, ser4, 0x02, 0xA9, 0xA5, 0x34, 0x31, 0xAB, 0x9C, 0x9B, 0x59,
510     0x5D, 0x47, 0x95, 0xB3, 0xB1, 0x61, 0x47, 0xE6, 0x85, 0xE0, 0x17, 0xC8, 0x25, 0x70, 0x59, 0x73,
511     0x12, 0x1F, 0x2B, 0x9B, 0x02, 0x5A, 0x9D, 0x3A, 0x05, 0x56, 0x85, 0x58, 0x00, 0xC8, 0x4D, 0x25,
512     0x5A, 0x06, 0x02, 0x23, 0xB4, 0x37, 0x1E, 0xE0, 0x7E, 0x59, 0xFC, 0x38, 0xCA, 0x13, 0x21, 0x0D,
513     0x3E, 0x09, 0xDF, 0xB4, 0x45, 0x6C, 0x99, 0x7E, 0x3E, 0xDA, 0xA4, 0xC7, 0xB9, 0x7B, 0xAB, 0x4A,
514     0xB5, 0xE2, 0x1D, 0xA3, 0xCD, 0x03, 0xAF, 0xDA, 0xBA, 0xEA, 0x3B, 0x85, 0x58, 0x00, 0xC8, 0x4D,
515     0x25, 0x5A, 0x05, 0xF4, 0xAF, 0x8B, 0x8F, 0x2F, 0x6C, 0xF2, 0x43, 0x8C, 0x86, 0x03, 0xFD, 0x1C,
516     0xDF, 0x7A, 0xE4, 0xB6, 0x0B, 0xF9, 0x70, 0x72, 0xFC, 0x2A, 0xEC, 0x0F, 0x6D, 0x8D, 0x82, 0xC6,
517     0x4C, 0x16, 0x81, 0xDC, 0xC9, 0x3C, 0x34, 0x84, 0x35, 0x9A, 0xA7, 0xED, 0xB1, 0x39, 0xBC
518   */
519  return 0;
520}
521
522int dre_card_info (void)
523{
524  return (1);
525}
Note: See TracBrowser for help on using the repository browser.