1 | #include "globals.h"
|
---|
2 | #ifdef READER_DRE
|
---|
3 | #include "cscrypt/des.h"
|
---|
4 | #include "reader-common.h"
|
---|
5 |
|
---|
6 | struct dre_data
|
---|
7 | {
|
---|
8 | uint8_t provider;
|
---|
9 | };
|
---|
10 |
|
---|
11 | #define OK_RESPONSE 0x61
|
---|
12 | #define CMD_BYTE 0x59
|
---|
13 |
|
---|
14 | static uchar xor(const uchar *cmd, int32_t cmdlen)
|
---|
15 | {
|
---|
16 | int32_t i;
|
---|
17 | uchar checksum = 0x00;
|
---|
18 | for(i = 0; i < cmdlen; i++)
|
---|
19 | { checksum ^= cmd[i]; }
|
---|
20 | return checksum;
|
---|
21 | }
|
---|
22 |
|
---|
23 | static int32_t dre_command(struct s_reader *reader, const uchar *cmd, int32_t cmdlen, unsigned char *cta_res, uint16_t *p_cta_lr) //attention: inputcommand will be changed!!!! answer will be in cta_res, length cta_lr ; returning 1 = no error, return ERROR = err
|
---|
24 | {
|
---|
25 | uchar startcmd[] = { 0x80, 0xFF, 0x10, 0x01, 0x05 }; //any command starts with this,
|
---|
26 | //last byte is nr of bytes of the command that will be sent
|
---|
27 | //after the startcmd
|
---|
28 | //response on startcmd+cmd: = { 0x61, 0x05 } //0x61 = "OK", last byte is nr. of bytes card will send
|
---|
29 | uchar reqans[] = { 0x00, 0xC0, 0x00, 0x00, 0x08 }; //after command answer has to be requested,
|
---|
30 | //last byte must be nr. of bytes that card has reported to send
|
---|
31 | uchar command[256];
|
---|
32 | char tmp[256];
|
---|
33 | int32_t headerlen = sizeof(startcmd);
|
---|
34 | startcmd[4] = cmdlen + 3; //commandlength + type + len + checksum bytes
|
---|
35 | memcpy(command, startcmd, headerlen);
|
---|
36 | command[headerlen++] = CMD_BYTE; //type
|
---|
37 | command[headerlen++] = cmdlen + 1; //len = command + 1 checksum byte
|
---|
38 | memcpy(command + headerlen, cmd, cmdlen);
|
---|
39 |
|
---|
40 | uchar checksum = ~xor(cmd, cmdlen);
|
---|
41 | //rdr_debug_mask(reader, D_READER, "Checksum: %02x", checksum);
|
---|
42 | cmdlen += headerlen;
|
---|
43 | command[cmdlen++] = checksum;
|
---|
44 |
|
---|
45 | reader_cmd2icc(reader, command, cmdlen, cta_res, p_cta_lr);
|
---|
46 |
|
---|
47 | if((*p_cta_lr != 2) || (cta_res[0] != OK_RESPONSE))
|
---|
48 | {
|
---|
49 | rdr_log(reader, "command sent to card: %s", cs_hexdump(0, command, cmdlen, tmp, sizeof(tmp)));
|
---|
50 | rdr_log(reader, "unexpected answer from card: %s", cs_hexdump(0, cta_res, *p_cta_lr, tmp, sizeof(tmp)));
|
---|
51 | return ERROR; //error
|
---|
52 | }
|
---|
53 |
|
---|
54 | reqans[4] = cta_res[1]; //adapt length byte
|
---|
55 | reader_cmd2icc(reader, reqans, 5, cta_res, p_cta_lr);
|
---|
56 |
|
---|
57 | if(cta_res[0] != CMD_BYTE)
|
---|
58 | {
|
---|
59 | rdr_log(reader, "unknown response: cta_res[0] expected to be %02x, is %02x", CMD_BYTE, cta_res[0]);
|
---|
60 | return ERROR;
|
---|
61 | }
|
---|
62 | if((cta_res[1] == 0x03) && (cta_res[2] == 0xe2))
|
---|
63 | {
|
---|
64 | switch(cta_res[3])
|
---|
65 | {
|
---|
66 | case 0xe1:
|
---|
67 | rdr_log(reader, "checksum error: %s.", cs_hexdump(0, cta_res, *p_cta_lr, tmp, sizeof(tmp)));
|
---|
68 | break;
|
---|
69 | case 0xe2:
|
---|
70 | rdr_log(reader, "wrong provider: %s.", cs_hexdump(0, cta_res, *p_cta_lr, tmp, sizeof(tmp)));
|
---|
71 | break;
|
---|
72 | case 0xe3:
|
---|
73 | rdr_log(reader, "illegal command: %s.", cs_hexdump(0, cta_res, *p_cta_lr, tmp, sizeof(tmp)));
|
---|
74 | break;
|
---|
75 | case 0xec:
|
---|
76 | rdr_log(reader, "wrong signature: %s.", cs_hexdump(0, cta_res, *p_cta_lr, tmp, sizeof(tmp)));
|
---|
77 | break;
|
---|
78 | default:
|
---|
79 | rdr_debug_mask(reader, D_READER, "unknown error: %s.", cs_hexdump(0, cta_res, *p_cta_lr, tmp, sizeof(tmp)));
|
---|
80 | break;
|
---|
81 | }
|
---|
82 | return ERROR; //error
|
---|
83 | }
|
---|
84 | int32_t length_excl_leader = *p_cta_lr;
|
---|
85 | if((cta_res[*p_cta_lr - 2] == 0x90) && (cta_res[*p_cta_lr - 1] == 0x00))
|
---|
86 | { length_excl_leader -= 2; }
|
---|
87 |
|
---|
88 | checksum = ~xor(cta_res + 2, length_excl_leader - 3);
|
---|
89 |
|
---|
90 | if(cta_res[length_excl_leader - 1] != checksum)
|
---|
91 | {
|
---|
92 | rdr_log(reader, "checksum does not match, expected %02x received %02x:%s", checksum,
|
---|
93 | cta_res[length_excl_leader - 1], cs_hexdump(0, cta_res, *p_cta_lr, tmp, sizeof(tmp)));
|
---|
94 | return ERROR; //error
|
---|
95 | }
|
---|
96 | return OK;
|
---|
97 | }
|
---|
98 |
|
---|
99 | #define dre_cmd(cmd) \
|
---|
100 | { \
|
---|
101 | dre_command(reader, cmd, sizeof(cmd),cta_res,&cta_lr); \
|
---|
102 | }
|
---|
103 |
|
---|
104 | static int32_t dre_set_provider_info(struct s_reader *reader)
|
---|
105 | {
|
---|
106 | def_resp;
|
---|
107 | int32_t i;
|
---|
108 | uchar cmd59[] = { 0x59, 0x14 }; // subscriptions
|
---|
109 | uchar cmd5b[] = { 0x5b, 0x00, 0x14 }; //validity dates
|
---|
110 | struct dre_data *csystem_data = reader->csystem_data;
|
---|
111 |
|
---|
112 | cs_clear_entitlement(reader);
|
---|
113 |
|
---|
114 | cmd59[1] = csystem_data->provider;
|
---|
115 | if((dre_cmd(cmd59))) //ask subscription packages, returns error on 0x11 card
|
---|
116 | {
|
---|
117 | uchar pbm[32];
|
---|
118 | char tmp_dbg[65];
|
---|
119 | memcpy(pbm, cta_res + 3, cta_lr - 6);
|
---|
120 | rdr_debug_mask(reader, D_READER, "pbm: %s", cs_hexdump(0, pbm, 32, tmp_dbg, sizeof(tmp_dbg)));
|
---|
121 |
|
---|
122 | if(pbm[0] == 0xff)
|
---|
123 | { rdr_log(reader, "no active packages"); }
|
---|
124 | else
|
---|
125 | for(i = 0; i < 32; i++)
|
---|
126 | if(pbm[i] != 0xff)
|
---|
127 | {
|
---|
128 | cmd5b[1] = i;
|
---|
129 | cmd5b[2] = csystem_data->provider;
|
---|
130 | dre_cmd(cmd5b); //ask for validity dates
|
---|
131 |
|
---|
132 | time_t start;
|
---|
133 | time_t end;
|
---|
134 | start = (cta_res[3] << 24) | (cta_res[4] << 16) | (cta_res[5] << 8) | cta_res[6];
|
---|
135 | end = (cta_res[7] << 24) | (cta_res[8] << 16) | (cta_res[9] << 8) | cta_res[10];
|
---|
136 |
|
---|
137 | struct tm temp;
|
---|
138 |
|
---|
139 | localtime_r(&start, &temp);
|
---|
140 | int32_t startyear = temp.tm_year + 1900;
|
---|
141 | int32_t startmonth = temp.tm_mon + 1;
|
---|
142 | int32_t startday = temp.tm_mday;
|
---|
143 | localtime_r(&end, &temp);
|
---|
144 | int32_t endyear = temp.tm_year + 1900;
|
---|
145 | int32_t endmonth = temp.tm_mon + 1;
|
---|
146 | int32_t endday = temp.tm_mday;
|
---|
147 | rdr_log(reader, "active package %i valid from %04i/%02i/%02i to %04i/%02i/%02i", i, startyear, startmonth, startday,
|
---|
148 | endyear, endmonth, endday);
|
---|
149 | cs_add_entitlement(reader, reader->caid, b2ll(4, reader->prid[0]), 0, 0, start, end, 1);
|
---|
150 | }
|
---|
151 | }
|
---|
152 | return OK;
|
---|
153 | }
|
---|
154 |
|
---|
155 | static int32_t dre_card_init(struct s_reader *reader, ATR *newatr)
|
---|
156 | {
|
---|
157 | get_atr;
|
---|
158 | def_resp;
|
---|
159 | uchar ua[] = { 0x43, 0x15 }; // get serial number (UA)
|
---|
160 | uchar providers[] = { 0x49, 0x15 }; // get providers
|
---|
161 | int32_t i;
|
---|
162 | char *card;
|
---|
163 | char tmp[9];
|
---|
164 |
|
---|
165 | if((atr[0] != 0x3b) || (atr[1] != 0x15) || (atr[2] != 0x11) || (atr[3] != 0x12) || (
|
---|
166 | ((atr[4] != 0xca) || (atr[5] != 0x07)) &&
|
---|
167 | ((atr[4] != 0x01) || (atr[5] != 0x01))
|
---|
168 | ))
|
---|
169 | { return ERROR; }
|
---|
170 |
|
---|
171 | if(!cs_malloc(&reader->csystem_data, sizeof(struct dre_data)))
|
---|
172 | { return ERROR; }
|
---|
173 | struct dre_data *csystem_data = reader->csystem_data;
|
---|
174 |
|
---|
175 | csystem_data->provider = atr[6];
|
---|
176 | uchar checksum = xor(atr + 1, 6);
|
---|
177 |
|
---|
178 | if(checksum != atr[7])
|
---|
179 | { rdr_log(reader, "warning: expected ATR checksum %02x, smartcard reports %02x", checksum, atr[7]); }
|
---|
180 |
|
---|
181 | switch(atr[6])
|
---|
182 | {
|
---|
183 | case 0x11:
|
---|
184 | card = "Tricolor Centr";
|
---|
185 | reader->caid = 0x4ae1;
|
---|
186 | break; //59 type card = MSP (74 type = ATMEL)
|
---|
187 | case 0x12:
|
---|
188 | card = "Cable TV";
|
---|
189 | reader->caid = 0x4ae1; //TODO not sure about this one
|
---|
190 | break;
|
---|
191 | case 0x14:
|
---|
192 | card = "Tricolor Syberia / Platforma HD new";
|
---|
193 | reader->caid = 0x4ae1;
|
---|
194 | break; //59 type card
|
---|
195 | case 0x15:
|
---|
196 | card = "Platforma HD / DW old";
|
---|
197 | reader->caid = 0x4ae1;
|
---|
198 | break; //59 type card
|
---|
199 | default:
|
---|
200 | card = "Unknown";
|
---|
201 | reader->caid = 0x4ae1;
|
---|
202 | break;
|
---|
203 | }
|
---|
204 |
|
---|
205 | memset(reader->prid, 0x00, 8);
|
---|
206 |
|
---|
207 | static const uchar cmd30[] =
|
---|
208 | {
|
---|
209 | 0x30, 0x81, 0x00, 0x81, 0x82, 0x03, 0x84, 0x05, 0x06, 0x87, 0x08, 0x09, 0x00, 0x81, 0x82, 0x03, 0x84, 0x05,
|
---|
210 | 0x00
|
---|
211 | };
|
---|
212 | dre_cmd(cmd30); //unknown command, generates error on card 0x11 and 0x14
|
---|
213 | /*
|
---|
214 | response:
|
---|
215 | 59 03 E2 E3
|
---|
216 | FE 48 */
|
---|
217 |
|
---|
218 | uchar cmd54[] = { 0x54, 0x14 }; // geocode
|
---|
219 | cmd54[1] = csystem_data->provider;
|
---|
220 | uchar geocode = 0;
|
---|
221 | if((dre_cmd(cmd54))) //error would not be fatal, like on 0x11 cards
|
---|
222 | { geocode = cta_res[3]; }
|
---|
223 |
|
---|
224 | providers[1] = csystem_data->provider;
|
---|
225 | if(!(dre_cmd(providers)))
|
---|
226 | { return ERROR; } //fatal error
|
---|
227 | if((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
228 | { return ERROR; }
|
---|
229 | uchar provname[128];
|
---|
230 | for(i = 0; ((i < cta_res[2] - 6) && (i < 128)); i++)
|
---|
231 | {
|
---|
232 | provname[i] = cta_res[6 + i];
|
---|
233 | if(provname[i] == 0x00)
|
---|
234 | { break; }
|
---|
235 | }
|
---|
236 | int32_t major_version = cta_res[3];
|
---|
237 | int32_t minor_version = cta_res[4];
|
---|
238 |
|
---|
239 | ua[1] = csystem_data->provider;
|
---|
240 | dre_cmd(ua); //error would not be fatal
|
---|
241 |
|
---|
242 | int32_t hexlength = cta_res[1] - 2; //discard first and last byte, last byte is always checksum, first is answer code
|
---|
243 |
|
---|
244 | reader->hexserial[0] = 0;
|
---|
245 | reader->hexserial[1] = 0;
|
---|
246 | memcpy(reader->hexserial + 2, cta_res + 3, hexlength);
|
---|
247 |
|
---|
248 | int32_t low_dre_id = ((cta_res[4] << 16) | (cta_res[5] << 8) | cta_res[6]) - 48608;
|
---|
249 | int32_t dre_chksum = 0;
|
---|
250 | uchar buf[32];
|
---|
251 | snprintf((char *)buf, sizeof(buf), "%i%i%08i", csystem_data->provider - 16, major_version + 1, low_dre_id);
|
---|
252 | for(i = 0; i < 32; i++)
|
---|
253 | {
|
---|
254 | if(buf[i] == 0x00)
|
---|
255 | { break; }
|
---|
256 | dre_chksum += buf[i] - 48;
|
---|
257 | }
|
---|
258 |
|
---|
259 | rdr_log(reader, "type: DRE Crypt, caid: %04X, serial: {%s}, dre id: %i%i%i%08i, geocode %i, card: %s v%i.%i",
|
---|
260 | reader->caid, cs_hexdump(0, reader->hexserial + 2, 4, tmp, sizeof(tmp)), dre_chksum, csystem_data->provider - 16,
|
---|
261 | major_version + 1, low_dre_id, geocode, card, major_version, minor_version);
|
---|
262 | rdr_log(reader, "Provider name:%s.", provname);
|
---|
263 |
|
---|
264 |
|
---|
265 | memset(reader->sa, 0, sizeof(reader->sa));
|
---|
266 | memcpy(reader->sa[0], reader->hexserial + 2, 1); //copy first byte of unique address also in shared address, because we dont know what it is...
|
---|
267 |
|
---|
268 | rdr_log_sensitive(reader, "SA = %02X%02X%02X%02X, UA = {%s}", reader->sa[0][0], reader->sa[0][1], reader->sa[0][2],
|
---|
269 | reader->sa[0][3], cs_hexdump(0, reader->hexserial + 2, 4, tmp, sizeof(tmp)));
|
---|
270 |
|
---|
271 | reader->nprov = 1;
|
---|
272 |
|
---|
273 | if(!dre_set_provider_info(reader))
|
---|
274 | { return ERROR; } //fatal error
|
---|
275 |
|
---|
276 | rdr_log(reader, "ready for requests");
|
---|
277 | return OK;
|
---|
278 | }
|
---|
279 |
|
---|
280 | static unsigned char DESkeys[16 * 8] =
|
---|
281 | {
|
---|
282 | 0x4A, 0x11, 0x23, 0xB1, 0x45, 0x99, 0xCF, 0x10, // 00
|
---|
283 | 0x21, 0x1B, 0x18, 0xCD, 0x02, 0xD4, 0xA1, 0x1F, // 01
|
---|
284 | 0x07, 0x56, 0xAB, 0xB4, 0x45, 0x31, 0xAA, 0x23, // 02
|
---|
285 | 0xCD, 0xF2, 0x55, 0xA1, 0x13, 0x4C, 0xF1, 0x76, // 03
|
---|
286 | 0x57, 0xD9, 0x31, 0x75, 0x13, 0x98, 0x89, 0xC8, // 04
|
---|
287 | 0xA3, 0x36, 0x5B, 0x18, 0xC2, 0x83, 0x45, 0xE2, // 05
|
---|
288 | 0x19, 0xF7, 0x35, 0x08, 0xC3, 0xDA, 0xE1, 0x28, // 06
|
---|
289 | 0xE7, 0x19, 0xB5, 0xD8, 0x8D, 0xE3, 0x23, 0xA4, // 07
|
---|
290 | 0xA7, 0xEC, 0xD2, 0x15, 0x8B, 0x42, 0x59, 0xC5, // 08
|
---|
291 | 0x13, 0x49, 0x83, 0x2E, 0xFB, 0xAD, 0x7C, 0xD3, // 09
|
---|
292 | 0x37, 0x25, 0x78, 0xE3, 0x72, 0x19, 0x53, 0xD9, // 0A
|
---|
293 | 0x7A, 0x15, 0xA4, 0xC7, 0x15, 0x49, 0x32, 0xE8, // 0B
|
---|
294 | 0x63, 0xD5, 0x96, 0xA7, 0x27, 0xD8, 0xB2, 0x68, // 0C
|
---|
295 | 0x42, 0x5E, 0x1A, 0x8C, 0x41, 0x69, 0x8E, 0xE8, // 0D
|
---|
296 | 0xC2, 0xAB, 0x37, 0x29, 0xD3, 0xCF, 0x93, 0xA7, // 0E
|
---|
297 | 0x49, 0xD3, 0x33, 0xC2, 0xEB, 0x71, 0xD3, 0x14 // 0F
|
---|
298 | };
|
---|
299 |
|
---|
300 | static void DREover(const unsigned char *ECMdata, unsigned char *DW)
|
---|
301 | {
|
---|
302 | uchar key[8];
|
---|
303 | if(ECMdata[2] >= (43 + 4) && ECMdata[40] == 0x3A && ECMdata[41] == 0x4B)
|
---|
304 | {
|
---|
305 | memcpy(key, &DESkeys[(ECMdata[42] & 0x0F) * 8], 8);
|
---|
306 |
|
---|
307 | doPC1(key);
|
---|
308 |
|
---|
309 | des(key, DES_ECS2_DECRYPT, DW); // even DW post-process
|
---|
310 | des(key, DES_ECS2_DECRYPT, DW + 8); // odd DW post-process
|
---|
311 | };
|
---|
312 | };
|
---|
313 |
|
---|
314 | static int32_t dre_do_ecm(struct s_reader *reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)
|
---|
315 | {
|
---|
316 | def_resp;
|
---|
317 | char tmp_dbg[256];
|
---|
318 | struct dre_data *csystem_data = reader->csystem_data;
|
---|
319 | if(reader->caid == 0x4ae0)
|
---|
320 | {
|
---|
321 | uchar ecmcmd41[] = { 0x41,
|
---|
322 | 0x58, 0x1f, 0x00, //fixed part, dont change
|
---|
323 | 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, //0x01 - 0x08: next key
|
---|
324 | 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, //0x11 - 0x18: current key
|
---|
325 | 0x3b, 0x59, 0x11 //0x3b = keynumber, can be a value 56 ;; 0x59 number of package = 58+1 - Pay Package ;; 0x11 = provider
|
---|
326 | };
|
---|
327 | ecmcmd41[22] = csystem_data->provider;
|
---|
328 | memcpy(ecmcmd41 + 4, er->ecm + 8, 16);
|
---|
329 | ecmcmd41[20] = er->ecm[6]; //keynumber
|
---|
330 | ecmcmd41[21] = 0x58 + er->ecm[25]; //package number
|
---|
331 | rdr_debug_mask(reader, D_READER, "unused ECM info front:%s", cs_hexdump(0, er->ecm, 8, tmp_dbg, sizeof(tmp_dbg)));
|
---|
332 | rdr_debug_mask(reader, D_READER, "unused ECM info back:%s", cs_hexdump(0, er->ecm + 24, er->ecm[2] + 2 - 24, tmp_dbg, sizeof(tmp_dbg)));
|
---|
333 | if((dre_cmd(ecmcmd41))) //ecm request
|
---|
334 | {
|
---|
335 | if((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
336 | { return ERROR; } //exit if response is not 90 00
|
---|
337 | memcpy(ea->cw, cta_res + 11, 8);
|
---|
338 | memcpy(ea->cw + 8, cta_res + 3, 8);
|
---|
339 |
|
---|
340 | return OK;
|
---|
341 | }
|
---|
342 | }
|
---|
343 | else
|
---|
344 | {
|
---|
345 |
|
---|
346 | uchar ecmcmd51[] = { 0x51, 0x02, 0x56, 0x05, 0x00, 0x4A, 0xE3, //fixed header?
|
---|
347 | 0x9C, 0xDA, //first three nibbles count up, fourth nibble counts down; all ECMs sent twice
|
---|
348 | 0xC1, 0x71, 0x21, 0x06, 0xF0, 0x14, 0xA7, 0x0E, //next key?
|
---|
349 | 0x89, 0xDA, 0xC9, 0xD7, 0xFD, 0xB9, 0x06, 0xFD, //current key?
|
---|
350 | 0xD5, 0x1E, 0x2A, 0xA3, 0xB5, 0xA0, 0x82, 0x11, //key or signature?
|
---|
351 | 0x14 //provider
|
---|
352 | };
|
---|
353 | memcpy(ecmcmd51 + 1, er->ecm + 5, 0x21);
|
---|
354 | rdr_debug_mask(reader, D_READER, "unused ECM info front:%s", cs_hexdump(0, er->ecm, 5, tmp_dbg, sizeof(tmp_dbg)));
|
---|
355 | rdr_debug_mask(reader, D_READER, "unused ECM info back:%s", cs_hexdump(0, er->ecm + 37, 4, tmp_dbg, sizeof(tmp_dbg)));
|
---|
356 | ecmcmd51[33] = csystem_data->provider; //no part of sig
|
---|
357 | if((dre_cmd(ecmcmd51))) //ecm request
|
---|
358 | {
|
---|
359 | if((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
360 | { return ERROR; } //exit if response is not 90 00
|
---|
361 | DREover(er->ecm, cta_res + 3);
|
---|
362 | memcpy(ea->cw, cta_res + 11, 8);
|
---|
363 | memcpy(ea->cw + 8, cta_res + 3, 8);
|
---|
364 | return OK;
|
---|
365 | }
|
---|
366 | }
|
---|
367 | return ERROR;
|
---|
368 | }
|
---|
369 |
|
---|
370 | static int32_t dre_get_emm_type(EMM_PACKET *ep, struct s_reader *rdr)
|
---|
371 | {
|
---|
372 | switch(ep->emm[0])
|
---|
373 | {
|
---|
374 | case 0x87:
|
---|
375 | ep->type = UNIQUE;
|
---|
376 | return 1; //FIXME: no filling of ep->hexserial
|
---|
377 |
|
---|
378 | case 0x83:
|
---|
379 | case 0x89:
|
---|
380 | ep->type = SHARED;
|
---|
381 | // FIXME: Seems to be that SA is only used with caid 0x4ae1
|
---|
382 | if(rdr->caid == 0x4ae1)
|
---|
383 | {
|
---|
384 | memset(ep->hexserial, 0, 8);
|
---|
385 | memcpy(ep->hexserial, ep->emm + 3, 4);
|
---|
386 | return (!memcmp(&rdr->sa[0][0], ep->emm + 3, 4));
|
---|
387 | }
|
---|
388 | else
|
---|
389 | { return 1; }
|
---|
390 |
|
---|
391 | case 0x80:
|
---|
392 | case 0x82:
|
---|
393 | case 0x86:
|
---|
394 | case 0x8c:
|
---|
395 | ep->type = SHARED;
|
---|
396 | memset(ep->hexserial, 0, 8);
|
---|
397 | ep->hexserial[0] = ep->emm[3];
|
---|
398 | return ep->hexserial[0] == rdr->sa[0][0];
|
---|
399 |
|
---|
400 | default:
|
---|
401 | ep->type = UNKNOWN;
|
---|
402 | return 1;
|
---|
403 | }
|
---|
404 | }
|
---|
405 |
|
---|
406 | static int32_t dre_get_emm_filter(struct s_reader *rdr, struct s_csystem_emm_filter **emm_filters, unsigned int *filter_count)
|
---|
407 | {
|
---|
408 | if(*emm_filters == NULL)
|
---|
409 | {
|
---|
410 | const unsigned int max_filter_count = 7;
|
---|
411 | if(!cs_malloc(emm_filters, max_filter_count * sizeof(struct s_csystem_emm_filter)))
|
---|
412 | { return ERROR; }
|
---|
413 |
|
---|
414 | struct s_csystem_emm_filter *filters = *emm_filters;
|
---|
415 | *filter_count = 0;
|
---|
416 |
|
---|
417 | int32_t idx = 0;
|
---|
418 |
|
---|
419 | filters[idx].type = EMM_SHARED;
|
---|
420 | filters[idx].enabled = 1;
|
---|
421 | filters[idx].filter[0] = 0x80;
|
---|
422 | filters[idx].filter[1] = rdr->sa[0][0];
|
---|
423 | filters[idx].mask[0] = 0xF2;
|
---|
424 | filters[idx].mask[1] = 0xFF;
|
---|
425 | idx++;
|
---|
426 |
|
---|
427 | filters[idx].type = EMM_SHARED;
|
---|
428 | filters[idx].enabled = 1;
|
---|
429 | filters[idx].filter[0] = 0x82;
|
---|
430 | filters[idx].filter[1] = rdr->sa[0][0];
|
---|
431 | filters[idx].mask[0] = 0xF3;
|
---|
432 | filters[idx].mask[1] = 0xFF;
|
---|
433 | idx++;
|
---|
434 |
|
---|
435 | filters[idx].type = EMM_SHARED;
|
---|
436 | filters[idx].enabled = 1;
|
---|
437 | filters[idx].filter[0] = 0x83;
|
---|
438 | filters[idx].filter[1] = rdr->sa[0][0];
|
---|
439 | filters[idx].mask[0] = 0xF3;
|
---|
440 | if(rdr->caid == 0x4ae1)
|
---|
441 | {
|
---|
442 | memcpy(&filters[idx].filter[1], &rdr->sa[0][0], 4);
|
---|
443 | memset(&filters[idx].mask[1], 0xFF, 4);
|
---|
444 | }
|
---|
445 | filters[idx].mask[1] = 0xFF;
|
---|
446 | idx++;
|
---|
447 |
|
---|
448 | filters[idx].type = EMM_SHARED;
|
---|
449 | filters[idx].enabled = 1;
|
---|
450 | filters[idx].filter[0] = 0x86;
|
---|
451 | filters[idx].filter[1] = rdr->sa[0][0];
|
---|
452 | filters[idx].mask[0] = 0xFF;
|
---|
453 | filters[idx].mask[1] = 0xFF;
|
---|
454 | idx++;
|
---|
455 |
|
---|
456 | filters[idx].type = EMM_SHARED;
|
---|
457 | filters[idx].enabled = 1;
|
---|
458 | filters[idx].filter[0] = 0x8c;
|
---|
459 | filters[idx].filter[1] = rdr->sa[0][0];
|
---|
460 | filters[idx].mask[0] = 0xFF;
|
---|
461 | filters[idx].mask[1] = 0xFF;
|
---|
462 | idx++;
|
---|
463 |
|
---|
464 | filters[idx].type = EMM_SHARED;
|
---|
465 | filters[idx].enabled = 1;
|
---|
466 | filters[idx].filter[0] = 0x89;
|
---|
467 | filters[idx].mask[0] = 0xFF;
|
---|
468 | // FIXME: Seems to be that SA is only used with caid 0x4ae1
|
---|
469 | if(rdr->caid == 0x4ae1)
|
---|
470 | {
|
---|
471 | memcpy(&filters[idx].filter[1], &rdr->sa[0][0], 4);
|
---|
472 | memset(&filters[idx].mask[1], 0xFF, 4);
|
---|
473 | }
|
---|
474 | idx++;
|
---|
475 |
|
---|
476 | filters[idx].type = EMM_UNIQUE;
|
---|
477 | filters[idx].enabled = 1;
|
---|
478 | filters[idx].filter[0] = 0x87;
|
---|
479 | filters[idx].mask[0] = 0xFF;
|
---|
480 | //FIXME: No filter for hexserial
|
---|
481 | idx++;
|
---|
482 |
|
---|
483 | *filter_count = idx;
|
---|
484 | }
|
---|
485 |
|
---|
486 | return OK;
|
---|
487 | }
|
---|
488 |
|
---|
489 | static int32_t dre_do_emm(struct s_reader *reader, EMM_PACKET *ep)
|
---|
490 | {
|
---|
491 | def_resp;
|
---|
492 | struct dre_data *csystem_data = reader->csystem_data;
|
---|
493 |
|
---|
494 | if(reader->caid == 0x4ae1)
|
---|
495 | {
|
---|
496 | if(ep->type == UNIQUE && ep->emm[39] == 0x3d)
|
---|
497 | {
|
---|
498 | /* For new package activation. */
|
---|
499 | uchar emmcmd58[26];
|
---|
500 | emmcmd58[0] = 0x58;
|
---|
501 | memcpy(&emmcmd58[1], &ep->emm[40], 24);
|
---|
502 | emmcmd58[25] = 0x15;
|
---|
503 | if((dre_cmd(emmcmd58)))
|
---|
504 | if((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
505 | { return ERROR; }
|
---|
506 | }
|
---|
507 | else
|
---|
508 | {
|
---|
509 | uchar emmcmd52[0x3a];
|
---|
510 | emmcmd52[0] = 0x52;
|
---|
511 | int32_t i;
|
---|
512 | for(i = 0; i < 2; i++)
|
---|
513 | {
|
---|
514 | memcpy(emmcmd52 + 1, ep->emm + 5 + 32 + i * 56, 56);
|
---|
515 | // check for shared address
|
---|
516 | if(ep->emm[3] != reader->sa[0][0])
|
---|
517 | { return OK; } // ignore, wrong address
|
---|
518 | emmcmd52[0x39] = csystem_data->provider;
|
---|
519 | if((dre_cmd(emmcmd52)))
|
---|
520 | if((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
521 | { return ERROR; } //exit if response is not 90 00
|
---|
522 | }
|
---|
523 | }
|
---|
524 | }
|
---|
525 | else
|
---|
526 | {
|
---|
527 | uchar emmcmd42[] =
|
---|
528 | {
|
---|
529 | 0x42, 0x85, 0x58, 0x01, 0xC8, 0x00, 0x00, 0x00, 0x05, 0xB8, 0x0C, 0xBD, 0x7B, 0x07, 0x04, 0xC8,
|
---|
530 | 0x77, 0x31, 0x95, 0xF2, 0x30, 0xB7, 0xE9, 0xEE, 0x0F, 0x81, 0x39, 0x1C, 0x1F, 0xA9, 0x11, 0x3E,
|
---|
531 | 0xE5, 0x0E, 0x8E, 0x50, 0xA4, 0x31, 0xBB, 0x01, 0x00, 0xD6, 0xAF, 0x69, 0x60, 0x04, 0x70, 0x3A,
|
---|
532 | 0x91,
|
---|
533 | 0x56, 0x58, 0x11
|
---|
534 | };
|
---|
535 | int32_t i;
|
---|
536 | switch(ep->type)
|
---|
537 | {
|
---|
538 | case UNIQUE:
|
---|
539 | for(i = 0; i < 2; i++)
|
---|
540 | {
|
---|
541 | memcpy(emmcmd42 + 1, ep->emm + 42 + i * 49, 48);
|
---|
542 | emmcmd42[49] = ep->emm[i * 49 + 41]; //keynr
|
---|
543 | emmcmd42[50] = 0x58 + ep->emm[40]; //package nr
|
---|
544 | emmcmd42[51] = csystem_data->provider;
|
---|
545 | if((dre_cmd(emmcmd42)))
|
---|
546 | {
|
---|
547 | if((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
548 | { return ERROR; } //exit if response is not 90 00
|
---|
549 | }
|
---|
550 | }
|
---|
551 | break;
|
---|
552 | case SHARED:
|
---|
553 | default:
|
---|
554 | memcpy(emmcmd42 + 1, ep->emm + 6, 48);
|
---|
555 | emmcmd42[51] = csystem_data->provider;
|
---|
556 | //emmcmd42[50] = ecmcmd42[2]; //TODO package nr could also be fixed 0x58
|
---|
557 | emmcmd42[50] = 0x58;
|
---|
558 | emmcmd42[49] = ep->emm[5]; //keynr
|
---|
559 | /* response:
|
---|
560 | 59 05 A2 02 05 01 5B
|
---|
561 | 90 00 */
|
---|
562 | if((dre_cmd(emmcmd42))) //first emm request
|
---|
563 | {
|
---|
564 | if((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
565 | { return ERROR; } //exit if response is not 90 00
|
---|
566 |
|
---|
567 | memcpy(emmcmd42 + 1, ep->emm + 55, 7); //TODO OR next two lines?
|
---|
568 | /*memcpy (emmcmd42 + 1, ep->emm + 55, 7); //FIXME either I cant count or my EMM log contains errors
|
---|
569 | memcpy (emmcmd42 + 8, ep->emm + 67, 41); */
|
---|
570 | emmcmd42[51] = csystem_data->provider;
|
---|
571 | //emmcmd42[50] = ecmcmd42[2]; //TODO package nr could also be fixed 0x58
|
---|
572 | emmcmd42[50] = 0x58;
|
---|
573 | emmcmd42[49] = ep->emm[54]; //keynr
|
---|
574 | if((dre_cmd(emmcmd42))) //second emm request
|
---|
575 | {
|
---|
576 | if((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
|
---|
577 | { return ERROR; } //exit if response is not 90 00
|
---|
578 | }
|
---|
579 | }
|
---|
580 | }
|
---|
581 | }
|
---|
582 | return OK; //success
|
---|
583 | }
|
---|
584 |
|
---|
585 | static int32_t dre_card_info(struct s_reader *UNUSED(rdr))
|
---|
586 | {
|
---|
587 | return OK;
|
---|
588 | }
|
---|
589 |
|
---|
590 | void reader_dre(struct s_cardsystem *ph)
|
---|
591 | {
|
---|
592 | ph->do_emm = dre_do_emm;
|
---|
593 | ph->do_ecm = dre_do_ecm;
|
---|
594 | ph->card_info = dre_card_info;
|
---|
595 | ph->card_init = dre_card_init;
|
---|
596 | ph->get_emm_type = dre_get_emm_type;
|
---|
597 | ph->get_emm_filter = dre_get_emm_filter;
|
---|
598 | ph->caids[0] = 0x4AE0;
|
---|
599 | ph->caids[1] = 0x4AE1;
|
---|
600 | ph->caids[2] = 0x7BE0;
|
---|
601 | ph->caids[3] = 0x7BE1;
|
---|
602 | ph->desc = "dre";
|
---|
603 | }
|
---|
604 | #endif
|
---|