1 | #include "globals.h"
|
---|
2 | #ifdef READER_SECA
|
---|
3 | #include "reader-common.h"
|
---|
4 |
|
---|
5 | struct seca_data
|
---|
6 | {
|
---|
7 | bool valid_provider[CS_MAXPROV];
|
---|
8 | };
|
---|
9 |
|
---|
10 | static uint64_t get_pbm(struct s_reader *reader, uint8_t idx)
|
---|
11 | {
|
---|
12 | def_resp;
|
---|
13 | unsigned char ins34[] = { 0xc1, 0x34, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00}; // set request options
|
---|
14 | unsigned char ins32[] = { 0xc1, 0x32, 0x00, 0x00, 0x0A }; // get PBM
|
---|
15 | uint64_t pbm = 0;
|
---|
16 |
|
---|
17 | ins32[2] = idx;
|
---|
18 | if (!idx){ // change request options for first (=managment) provider only
|
---|
19 | ins32[4] = 0x0D;
|
---|
20 | ins34[5] = 0x04;
|
---|
21 | }
|
---|
22 | write_cmd(ins34, ins34 + 5); //set request options
|
---|
23 | write_cmd(ins32, NULL); //pbm request
|
---|
24 |
|
---|
25 | switch(cta_res[0])
|
---|
26 | {
|
---|
27 | case 0x04:
|
---|
28 | rdr_log(reader, "no PBM for provider %u", idx + 1);
|
---|
29 | break;
|
---|
30 | case 0x83:
|
---|
31 | pbm = b2ll(8, cta_res + 1);
|
---|
32 | rdr_log(reader, "PBM for provider %u: %08llx", idx + 1, (unsigned long long) pbm);
|
---|
33 | break;
|
---|
34 | case 0xb2:
|
---|
35 | pbm = b2ll(8, cta_res + 1);
|
---|
36 | rdr_log(reader, "PBM for provider %u: %08llx", idx + 1, (unsigned long long) pbm);
|
---|
37 | break;
|
---|
38 | default:
|
---|
39 | rdr_log(reader, "ERROR: PBM returns unknown byte %02x", cta_res[0]);
|
---|
40 | }
|
---|
41 | return pbm;
|
---|
42 | }
|
---|
43 |
|
---|
44 | static int32_t set_provider_info(struct s_reader *reader, int32_t i)
|
---|
45 | {
|
---|
46 | def_resp;
|
---|
47 | uchar ins12[] = { 0xc1, 0x12, 0x00, 0x00, 0x19 }; // get provider info
|
---|
48 | int32_t year, month, day;
|
---|
49 | struct tm lt;
|
---|
50 | time_t t;
|
---|
51 | bool valid = false;
|
---|
52 | char l_name[16 + 8 + 1] = ", name: ";
|
---|
53 | char tmp[9];
|
---|
54 |
|
---|
55 | uint32_t provid;
|
---|
56 |
|
---|
57 | ins12[2] = i; //select provider
|
---|
58 | rdr_log(reader, "Request provider %i", i + 1);
|
---|
59 | write_cmd(ins12, NULL); // show provider properties
|
---|
60 |
|
---|
61 | if((cta_res[25] != 0x90) || (cta_res[26] != 0x00)) { return ERROR; }
|
---|
62 | reader->prid[i][0] = 0;
|
---|
63 | reader->prid[i][1] = 0; //blanken high byte provider code
|
---|
64 | memcpy(&reader->prid[i][2], cta_res, 2);
|
---|
65 |
|
---|
66 | provid = b2ll(4, reader->prid[i]);
|
---|
67 | int seca_version = reader->card_atr[9] & 0X0F; //Get seca cardversion from cardatr
|
---|
68 | if(seca_version == 10 && provid == 0x006a){ // check for cds nagra smartcard (seca3)
|
---|
69 | reader->secatype = 3;
|
---|
70 | rdr_log(reader, "Detected seca3 card");
|
---|
71 | }
|
---|
72 | if(seca_version == 7 && provid == 0x006a){ // check for cds seca smartcard (seca2)
|
---|
73 | reader->secatype = 2;
|
---|
74 | rdr_log(reader, "Detected seca2 card");
|
---|
75 | }
|
---|
76 | year = (cta_res[22] >> 1) + 1990;
|
---|
77 | month = ((cta_res[22] & 0x1) << 3) | (cta_res[23] >> 5);
|
---|
78 | day = (cta_res[23] & 0x1f);
|
---|
79 | t = time(NULL);
|
---|
80 | localtime_r(&t, <);
|
---|
81 | if(lt.tm_year + 1900 != year)
|
---|
82 | { valid = (lt.tm_year + 1900 < year); }
|
---|
83 | else if(lt.tm_mon + 1 != month)
|
---|
84 | { valid = (lt.tm_mon + 1 < month); }
|
---|
85 | else if(lt.tm_mday != day)
|
---|
86 | { valid = (lt.tm_mday < day); }
|
---|
87 |
|
---|
88 | memcpy(l_name + 8, cta_res + 2, 16);
|
---|
89 | l_name[sizeof(l_name) - 1] = 0;
|
---|
90 | trim(l_name + 8);
|
---|
91 | l_name[0] = (l_name[8]) ? ',' : 0;
|
---|
92 | if(l_name[8])
|
---|
93 | { add_provider(0x0100, provid, l_name + 8, "", ""); }
|
---|
94 | struct seca_data *csystem_data = reader->csystem_data;
|
---|
95 | csystem_data->valid_provider[i] = valid;
|
---|
96 | rdr_log(reader, "provider %d: %04X, valid: %i%s, expiry date: %4d/%02d/%02d",
|
---|
97 | i + 1, provid, valid, l_name, year, month, day);
|
---|
98 | memcpy(&reader->sa[i][0], cta_res + 18, 4);
|
---|
99 | if(valid) //if not expired
|
---|
100 | { rdr_log_sensitive(reader, "SA: {%s}", cs_hexdump(0, cta_res + 18, 4, tmp, sizeof(tmp))); }
|
---|
101 |
|
---|
102 | // add entitlement to list
|
---|
103 | memset(<, 0, sizeof(struct tm));
|
---|
104 | lt.tm_year = year - 1900;
|
---|
105 | lt.tm_mon = month - 1;
|
---|
106 | lt.tm_mday = day;
|
---|
107 |
|
---|
108 | // Check if entitlement entry exists
|
---|
109 | LL_ITER it = ll_iter_create(reader->ll_entitlements);
|
---|
110 | S_ENTITLEMENT *entry = NULL;
|
---|
111 | do
|
---|
112 | {
|
---|
113 | entry = ll_iter_next(&it);
|
---|
114 | if((entry) && (entry->provid == provid))
|
---|
115 | { break; }
|
---|
116 | }
|
---|
117 | while(entry);
|
---|
118 |
|
---|
119 | if(entry)
|
---|
120 | {
|
---|
121 | // update entitlement info if found
|
---|
122 | entry->end = mktime(<);
|
---|
123 | entry->id = get_pbm(reader, i);
|
---|
124 | entry->type = (i) ? 6 : 7;
|
---|
125 | }
|
---|
126 | else
|
---|
127 | // add entitlement info
|
---|
128 | { cs_add_entitlement(reader, reader->caid, provid, get_pbm(reader, i), 0, 0, mktime(<), (i) ? 6 : 7); }
|
---|
129 |
|
---|
130 | return OK;
|
---|
131 | }
|
---|
132 |
|
---|
133 | static int32_t unlock_parental(struct s_reader *reader)
|
---|
134 | {
|
---|
135 | // Unlock parental control
|
---|
136 | // c1 30 00 01 09
|
---|
137 | // 00 00 00 00 00 00 00 00 ff
|
---|
138 | static const uchar ins30[] = { 0xc1, 0x30, 0x00, 0x01, 0x09 };
|
---|
139 | static uchar ins30data[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
|
---|
140 |
|
---|
141 | def_resp;
|
---|
142 |
|
---|
143 | if(strcmp(reader->pincode, "none"))
|
---|
144 | {
|
---|
145 | rdr_log(reader, "Using PIN %s", reader->pincode);
|
---|
146 | // the pin need to be coded in bcd, so we need to convert from ascii to bcd, so '1234' -> 0x12 0x34
|
---|
147 | ins30data[6] = ((reader->pincode[0] - 0x30) << 4) | ((reader->pincode[1] - 0x30) & 0x0f);
|
---|
148 | ins30data[7] = ((reader->pincode[2] - 0x30) << 4) | ((reader->pincode[3] - 0x30) & 0x0f);
|
---|
149 | }
|
---|
150 | else
|
---|
151 | {
|
---|
152 | rdr_log(reader, "Using PIN 0000!");
|
---|
153 | }
|
---|
154 |
|
---|
155 | write_cmd(ins30, ins30data);
|
---|
156 | if(!(cta_res[cta_lr - 2] == 0x90 && cta_res[cta_lr - 1] == 0))
|
---|
157 | {
|
---|
158 | if(strcmp(reader->pincode, "none"))
|
---|
159 | {
|
---|
160 | rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used %s!", reader->pincode);
|
---|
161 | }
|
---|
162 | else
|
---|
163 | {
|
---|
164 | rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used 0000!");
|
---|
165 | }
|
---|
166 | }
|
---|
167 | else
|
---|
168 | { rdr_log(reader, "Parental lock disabled"); }
|
---|
169 |
|
---|
170 | rdr_debug_mask(reader, D_READER, "ins30_answer: %02x%02x", cta_res[0], cta_res[1]);
|
---|
171 | return 0;
|
---|
172 | }
|
---|
173 |
|
---|
174 | static int32_t seca_card_init(struct s_reader *reader, ATR *newatr)
|
---|
175 | {
|
---|
176 | get_atr;
|
---|
177 | def_resp;
|
---|
178 | char *card;
|
---|
179 | uint16_t pmap = 0; // provider-maptable
|
---|
180 | uint64_t serial ;
|
---|
181 | uchar buf[256];
|
---|
182 | static const uchar ins0e[] = { 0xc1, 0x0e, 0x00, 0x00, 0x08 }; // get serial number (UA)
|
---|
183 | static const uchar ins16[] = { 0xc1, 0x16, 0x00, 0x00, 0x06 }; // get nr. of providers
|
---|
184 | int32_t i;
|
---|
185 |
|
---|
186 | cs_clear_entitlement(reader);
|
---|
187 |
|
---|
188 | buf[0] = 0x00;
|
---|
189 | if((atr[10] != 0x0e) || (atr[11] != 0x6c) || (atr[12] != 0xb6) || (atr[13] != 0xd6)) { return ERROR; }
|
---|
190 |
|
---|
191 | if(!cs_malloc(&reader->csystem_data, sizeof(struct seca_data)))
|
---|
192 | { return ERROR; }
|
---|
193 |
|
---|
194 | switch(atr[7] << 8 | atr[8])
|
---|
195 | {
|
---|
196 | case 0x5084:
|
---|
197 | card = "Generic";
|
---|
198 | break;
|
---|
199 | case 0x5384:
|
---|
200 | card = "Philips";
|
---|
201 | break;
|
---|
202 | case 0x5130:
|
---|
203 | case 0x5430:
|
---|
204 | case 0x5760:
|
---|
205 | card = "Thompson";
|
---|
206 | break;
|
---|
207 | case 0x5284:
|
---|
208 | case 0x5842:
|
---|
209 | case 0x6060:
|
---|
210 | card = "Siemens";
|
---|
211 | break;
|
---|
212 | case 0x7070:
|
---|
213 | card = "Mediaguard";
|
---|
214 | break;
|
---|
215 | default:
|
---|
216 | card = "Unknown";
|
---|
217 | break;
|
---|
218 | }
|
---|
219 | reader->caid = 0x0100;
|
---|
220 | memset(reader->prid, 0xff, sizeof(reader->prid));
|
---|
221 | write_cmd(ins0e, NULL); // read unique id
|
---|
222 | memcpy(reader->hexserial, cta_res + 2, 6);
|
---|
223 | serial = b2ll(5, cta_res + 3) ;
|
---|
224 | rdr_log_sensitive(reader, "type: SECA, caid: %04X, serial: {%llu}, card: %s v%d.%d",
|
---|
225 | reader->caid, (unsigned long long) serial, card, atr[9] & 0x0F, atr[9] >> 4);
|
---|
226 | write_cmd(ins16, NULL); // read nr of providers
|
---|
227 | pmap = cta_res[2] << 8 | cta_res[3];
|
---|
228 | for(reader->nprov = 0, i = pmap; i; i >>= 1)
|
---|
229 | { reader->nprov += i & 1; }
|
---|
230 |
|
---|
231 | for(i = 0; i < 16; i++)
|
---|
232 | if(pmap & (1 << i))
|
---|
233 | {
|
---|
234 | if(set_provider_info(reader, i) == ERROR)
|
---|
235 | { return ERROR; }
|
---|
236 | else
|
---|
237 | { snprintf((char *) buf + strlen((char *)buf), sizeof(buf) - strlen((char *)buf), ",%04X", b2i(2, &reader->prid[i][2])); }
|
---|
238 | }
|
---|
239 |
|
---|
240 | rdr_log(reader, "providers: %d (%s)", reader->nprov, buf + 1);
|
---|
241 | // Unlock parental control
|
---|
242 | if(cfg.ulparent != 0)
|
---|
243 | {
|
---|
244 | unlock_parental(reader);
|
---|
245 | }
|
---|
246 | else
|
---|
247 | {
|
---|
248 | rdr_log(reader, "parental locked");
|
---|
249 | }
|
---|
250 | rdr_log(reader, "ready for requests");
|
---|
251 | return OK;
|
---|
252 | }
|
---|
253 |
|
---|
254 | static int32_t get_prov_index(struct s_reader *rdr, const uint8_t *provid) //returns provider id or -1 if not found
|
---|
255 | {
|
---|
256 | int32_t prov;
|
---|
257 | for(prov = 0; prov < rdr->nprov; prov++) //search for provider index
|
---|
258 | if(!memcmp(provid, &rdr->prid[prov][2], 2))
|
---|
259 | { return (prov); }
|
---|
260 | return (-1);
|
---|
261 | }
|
---|
262 |
|
---|
263 | // CDS seca2/3 solution
|
---|
264 | static int32_t seca_do_ecm(struct s_reader *reader, const ECM_REQUEST *er, struct s_ecm_answer *ea)
|
---|
265 | {
|
---|
266 | if(er->ecm[3] == 0x00 && er->ecm[4] == 0x6a) //provid006A=CDS NL uses seca2 and nagra/mediaguard3 crypt on same caid/provid only ecmpid is different
|
---|
267 | {
|
---|
268 | int32_t ecm_type = reader->secatype; // default assume ecmtype same as cardtype in reader
|
---|
269 | if(er->ecm[8] == 0x00){ //this is a mediaguard3 ecm request
|
---|
270 | ecm_type = 3; //flag it!
|
---|
271 | }
|
---|
272 | if((er->ecm[8] == 0x10) && (er->ecm[9] == 0x01)){ //this is a seca2 ecm request
|
---|
273 | ecm_type = 2; //flag it!
|
---|
274 | }
|
---|
275 | if(ecm_type != reader->secatype){ //only accept ecmrequest for right card!
|
---|
276 | return ERROR;
|
---|
277 | }
|
---|
278 | }
|
---|
279 | if(er->ecm[5] == 0x01){
|
---|
280 | rdr_log(reader, "WARNING: NANO01 used and card is giving encoded controlword instead of plain controlword!");
|
---|
281 | }
|
---|
282 | def_resp;
|
---|
283 | unsigned char ins3c[] = { 0xc1, 0x3c, 0x00, 0x00, 0x00 }; // coding cw
|
---|
284 | unsigned char ins3a[] = { 0xc1, 0x3a, 0x00, 0x00, 0x10 }; // decoding cw
|
---|
285 | int32_t i;
|
---|
286 |
|
---|
287 | if((i = get_prov_index(reader, er->ecm + 3)) == -1) // if provider not found
|
---|
288 | {
|
---|
289 | snprintf(ea->msglog, MSGLOGSIZE, "provider not found");
|
---|
290 | return ERROR;
|
---|
291 | }
|
---|
292 |
|
---|
293 | struct seca_data *csystem_data = reader->csystem_data;
|
---|
294 | if((er->ecm[7] & 0x0F) != 0x0E && !csystem_data->valid_provider[i]) // if expired and not using OP Key 0E
|
---|
295 | {
|
---|
296 | snprintf(ea->msglog, MSGLOGSIZE, "provider expired");
|
---|
297 | return ERROR;
|
---|
298 | }
|
---|
299 |
|
---|
300 | ins3c[2] = i;
|
---|
301 | ins3c[3] = er->ecm[7]; //key nr
|
---|
302 | ins3c[4] = (((er->ecm[1] & 0x0f) << 8) | er->ecm[2]) - 0x05;
|
---|
303 | int32_t try = 1;
|
---|
304 | int32_t ret;
|
---|
305 | do
|
---|
306 | {
|
---|
307 | if(try > 1)
|
---|
308 | snprintf(ea->msglog, MSGLOGSIZE, "ins3c try nr %i", try);
|
---|
309 | write_cmd(ins3c, er->ecm + 8); //ecm request
|
---|
310 | unsigned char ins30[] = { 0xC1, 0x30, 0x00, 0x02, 0x09 };
|
---|
311 | unsigned char ins30data[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF };
|
---|
312 | /* We need to use a token */
|
---|
313 | if(cta_res[0] == 0x90 && cta_res[1] == 0x1a)
|
---|
314 | {
|
---|
315 | write_cmd(ins30, ins30data);
|
---|
316 | write_cmd(ins3c, er->ecm + 8); //ecm request
|
---|
317 | }
|
---|
318 | ret = (((cta_res[0] != 0x90) && (cta_res[0] != 0x93) && (cta_res[0] != 0x96)) || ((cta_res[1] != 0x00) && (cta_res[1] != 0x02)));
|
---|
319 | // Handle all not initial 90 00 ecm of with a get decoding cw does avoid the need off card reset after a lot off them
|
---|
320 | // the try ++ has been removed as it triggers the anti share mode off seca cards due to not recorded extra ecm's by rate limiter
|
---|
321 | if((cta_res[0] == 0x93) && (cta_res[1] == 0x02))
|
---|
322 | {
|
---|
323 | write_cmd(ins3a, NULL); //get cw
|
---|
324 | snprintf(ea->msglog, MSGLOGSIZE, "unsubscribed 93 02");
|
---|
325 | return ERROR;
|
---|
326 | }; // exit if unsubscribed
|
---|
327 | if((cta_res[0] == 0x96) && (cta_res[1] == 0x00))
|
---|
328 | {
|
---|
329 | write_cmd(ins3a, NULL); //get cw
|
---|
330 | snprintf(ea->msglog, MSGLOGSIZE, "fake 96 00 ecm");
|
---|
331 | return ERROR;
|
---|
332 | }; //exit if fake 96 00 ecm
|
---|
333 | if(ret)
|
---|
334 | {
|
---|
335 | snprintf(ea->msglog, MSGLOGSIZE, "%s ins3c card res: %02x %02x", reader->label, cta_res[0] , cta_res[1]);
|
---|
336 | write_cmd(ins3a, NULL); //get cw
|
---|
337 | return ERROR;
|
---|
338 | }; //exit on other's then 96 00 or 93 02
|
---|
339 | }
|
---|
340 | while((try < 2) && (ret));
|
---|
341 | if(ret)
|
---|
342 | { return ERROR; }
|
---|
343 |
|
---|
344 | write_cmd(ins3a, NULL); //get cw's
|
---|
345 | if((cta_res[16] != 0x90) || (cta_res[17] != 0x00))
|
---|
346 | {
|
---|
347 | snprintf(ea->msglog, MSGLOGSIZE, "ins3a card response: %02x %02x", cta_res[16] , cta_res[17]);
|
---|
348 | return ERROR;
|
---|
349 | };// exit if response not 90 00
|
---|
350 | //TODO: if response is 9027 ppv mode is possible!
|
---|
351 | if (er->ecm[5]==0x01 && ((reader->card_atr[9] & 0X0F) == 10)){ // seca3: nano 01 in effect?
|
---|
352 | rdr_log(reader, "Received an encrypted controlword from the card that needs postprocessing by the receiver!");
|
---|
353 | if(reader->disablecrccws == 0){
|
---|
354 | reader->disablecrccws = 1;
|
---|
355 | rdr_log(reader, "WARNING: Encrypted controlwords detected-> disabling controlword crc checking!");
|
---|
356 | }
|
---|
357 | }
|
---|
358 | memcpy(ea->cw, cta_res, 16);
|
---|
359 | return OK;
|
---|
360 | }
|
---|
361 |
|
---|
362 | static int32_t seca_get_emm_type(EMM_PACKET *ep, struct s_reader *rdr) //returns 1 if shared emm matches SA, unique emm matches serial, or global or unknown
|
---|
363 | {
|
---|
364 | rdr_debug_mask(rdr, D_EMM, "Entered seca_get_emm_type ep->emm[0]=%i", ep->emm[0]);
|
---|
365 | int32_t i;
|
---|
366 | char tmp_dbg[25];
|
---|
367 | switch(ep->emm[0])
|
---|
368 | {
|
---|
369 | case 0x82:
|
---|
370 | ep->type = UNIQUE;
|
---|
371 | memset(ep->hexserial, 0, 8);
|
---|
372 | memcpy(ep->hexserial, ep->emm + 3, 6);
|
---|
373 | rdr_debug_mask_sensitive(rdr, D_EMM, "UNIQUE , ep->hexserial = {%s}", cs_hexdump(1, ep->hexserial, 6, tmp_dbg, sizeof(tmp_dbg)));
|
---|
374 | rdr_debug_mask_sensitive(rdr, D_EMM, "UNIQUE , rdr->hexserial = {%s}", cs_hexdump(1, rdr->hexserial, 6, tmp_dbg, sizeof(tmp_dbg)));
|
---|
375 | return (!memcmp(rdr->hexserial, ep->hexserial, 6));
|
---|
376 | break;
|
---|
377 |
|
---|
378 | case 0x84:
|
---|
379 | ep->type = SHARED;
|
---|
380 | memset(ep->hexserial, 0, 8);
|
---|
381 | memcpy(ep->hexserial, ep->emm + 5, 3); //dont include custom byte; this way the network also knows SA
|
---|
382 | i = get_prov_index(rdr, ep->emm + 3);
|
---|
383 | rdr_debug_mask_sensitive(rdr, D_EMM, "SHARED, ep->hexserial = {%s}", cs_hexdump(1, ep->hexserial, 3, tmp_dbg, sizeof(tmp_dbg)));
|
---|
384 | if(i == -1) //provider not found on this card
|
---|
385 | { return 0; } //do not pass this EMM
|
---|
386 | rdr_debug_mask_sensitive(rdr, D_EMM, "SHARED, rdr->sa[%i] = {%s}", i, cs_hexdump(1, rdr->sa[i], 3, tmp_dbg, sizeof(tmp_dbg)));
|
---|
387 | return (!memcmp(rdr->sa[i], ep->hexserial, 3));
|
---|
388 | break;
|
---|
389 |
|
---|
390 | // Unknown EMM types, but allready subbmited to dev's
|
---|
391 | // FIXME: Drop EMM's until there are implemented
|
---|
392 | case 0x83:
|
---|
393 | ep->type = GLOBAL;
|
---|
394 | rdr_debug_mask(rdr, D_EMM, "GLOBAL, PROVID: %04X", (ep->emm[3] << 8) | ep->emm[4]);
|
---|
395 | return 1;
|
---|
396 | /* EMM-G manadge ppv by provid
|
---|
397 | 83 00 74 33 41 04 70 00 BF 20 A1 15 48 1B 88 FF
|
---|
398 | CF F5 50 CB 6F E1 26 A2 70 02 8F D0 07 6A 13 F9
|
---|
399 | 50 F9 61 88 FB E4 B8 03 EF 68 C9 54 EB C0 51 2E
|
---|
400 | 9D F9 E1 4A D9 A6 3F 5D 7A 1E B0 6E 3D 9B 93 E7
|
---|
401 | 5A E8 D4 AE 29 B9 37 07 5A 43 C8 F2 DE BD F8 BA
|
---|
402 | 69 DC A4 87 C2 FA 25 87 87 42 47 67 AE B7 1A 54
|
---|
403 | CA F6 B7 EC 15 0A 67 1C 59 F8 B9 B8 6F 7D 58 94
|
---|
404 | 24 63 17 15 58 1E 59
|
---|
405 | */
|
---|
406 | case 0x88:
|
---|
407 | case 0x89:
|
---|
408 | // EMM-G ?
|
---|
409 | ep->type = UNKNOWN;
|
---|
410 | return 0;
|
---|
411 |
|
---|
412 | default:
|
---|
413 | ep->type = UNKNOWN;
|
---|
414 | return 1;
|
---|
415 | }
|
---|
416 | }
|
---|
417 |
|
---|
418 | static int32_t seca_get_emm_filter(struct s_reader *rdr, struct s_csystem_emm_filter **emm_filters, unsigned int *filter_count)
|
---|
419 | {
|
---|
420 | if(*emm_filters == NULL)
|
---|
421 | {
|
---|
422 | const unsigned int max_filter_count = 1 + (2 * rdr->nprov);
|
---|
423 | if(!cs_malloc(emm_filters, max_filter_count * sizeof(struct s_csystem_emm_filter)))
|
---|
424 | { return ERROR; }
|
---|
425 |
|
---|
426 | struct s_csystem_emm_filter *filters = *emm_filters;
|
---|
427 | *filter_count = 0;
|
---|
428 |
|
---|
429 | int32_t idx = 0;
|
---|
430 |
|
---|
431 | filters[idx].type = EMM_UNIQUE;
|
---|
432 | filters[idx].enabled = 1;
|
---|
433 | filters[idx].filter[0] = 0x82;
|
---|
434 | filters[idx].mask[0] = 0xFF;
|
---|
435 | memcpy(&filters[idx].filter[1], rdr->hexserial, 6);
|
---|
436 | memset(&filters[idx].mask[1], 0xFF, 6);
|
---|
437 | idx++;
|
---|
438 |
|
---|
439 | int32_t prov;
|
---|
440 | for(prov = 0; prov < rdr->nprov; prov++)
|
---|
441 | {
|
---|
442 | if(!memcmp(rdr->sa[prov], "\x00\x00\x00", 3)) { continue; } // if sa == null skip update by shared & global (provid inactive)
|
---|
443 |
|
---|
444 | filters[idx].type = EMM_GLOBAL; //global by provider
|
---|
445 | filters[idx].enabled = 1;
|
---|
446 | filters[idx].filter[0] = 0x83;
|
---|
447 | filters[idx].mask[0] = 0xFF;
|
---|
448 | memcpy(&filters[idx].filter[1], &rdr->prid[prov][2], 2);
|
---|
449 | memset(&filters[idx].mask[1], 0xFF, 2);
|
---|
450 | idx++;
|
---|
451 |
|
---|
452 | filters[idx].type = EMM_SHARED;
|
---|
453 | filters[idx].enabled = 1;
|
---|
454 | filters[idx].filter[0] = 0x84;
|
---|
455 | filters[idx].mask[0] = 0xFF;
|
---|
456 | memcpy(&filters[idx].filter[1], &rdr->prid[prov][2], 2);
|
---|
457 | memset(&filters[idx].mask[1], 0xFF, 2);
|
---|
458 | memcpy(&filters[idx].filter[3], &rdr->sa[prov], 3);
|
---|
459 | memset(&filters[idx].mask[3], 0xFF, 3);
|
---|
460 | idx++;
|
---|
461 | }
|
---|
462 |
|
---|
463 | *filter_count = idx;
|
---|
464 | }
|
---|
465 |
|
---|
466 | return OK;
|
---|
467 | }
|
---|
468 |
|
---|
469 | static int32_t seca_do_emm(struct s_reader *reader, EMM_PACKET *ep)
|
---|
470 | {
|
---|
471 | def_resp;
|
---|
472 | unsigned char ins40[] = { 0xc1, 0x40, 0x00, 0x00, 0x00 };
|
---|
473 | int32_t i, ins40data_offset;
|
---|
474 | int32_t emm_length = ((ep->emm[1] & 0x0f) << 8) + ep->emm[2];
|
---|
475 | uint8_t *prov_id_ptr;
|
---|
476 |
|
---|
477 | switch(ep->type)
|
---|
478 | {
|
---|
479 | case SHARED:
|
---|
480 | ins40[3] = ep->emm[9];
|
---|
481 | ins40[4] = emm_length - 0x07;
|
---|
482 | ins40data_offset = 10;
|
---|
483 | prov_id_ptr = ep->emm + 3;
|
---|
484 | break;
|
---|
485 |
|
---|
486 | case UNIQUE:
|
---|
487 | ins40[3] = ep->emm[12];
|
---|
488 | ins40[4] = emm_length - 0x0A;
|
---|
489 | ins40data_offset = 13;
|
---|
490 | prov_id_ptr = ep->emm + 9;
|
---|
491 | break;
|
---|
492 |
|
---|
493 | case GLOBAL:
|
---|
494 | ins40[3] = ep->emm[6];
|
---|
495 | ins40[4] = emm_length - 0x04;
|
---|
496 | ins40data_offset = 7;
|
---|
497 | prov_id_ptr = ep->emm + 3;
|
---|
498 | break;
|
---|
499 |
|
---|
500 | default:
|
---|
501 | rdr_log(reader, "EMM: Congratulations, you have discovered a new EMM on SECA.");
|
---|
502 | rdr_log(reader, "This has not been decoded yet, so send this output to authors:");
|
---|
503 | cs_dump(ep->emm, emm_length + 3, "EMM:");
|
---|
504 | return ERROR;
|
---|
505 | }
|
---|
506 |
|
---|
507 | i = get_prov_index(reader, prov_id_ptr);
|
---|
508 | if(i == -1)
|
---|
509 | {
|
---|
510 | rdr_log(reader, "EMM: provider id not found.");
|
---|
511 | return ERROR;
|
---|
512 | }
|
---|
513 |
|
---|
514 | ins40[2] = (ep->emm[ins40data_offset - 2] & 0xF0) | (i & 0x0F);
|
---|
515 | write_cmd(ins40, ep->emm + ins40data_offset); //emm request
|
---|
516 | if(cta_res[0] == 0x97)
|
---|
517 | {
|
---|
518 | if(!(cta_res[1] & 4)) // date updated
|
---|
519 | { set_provider_info(reader, i); }
|
---|
520 | else
|
---|
521 | { rdr_log(reader, "EMM: Update not necessary."); }
|
---|
522 | return OK; //Update not necessary
|
---|
523 | }
|
---|
524 | if((cta_res[0] == 0x90) && ((cta_res[1] == 0x00) || (cta_res[1] == 0x19)))
|
---|
525 | {
|
---|
526 | if(ep->type == GLOBAL) { return OK; } //do not print new provider info after global emm
|
---|
527 | if(set_provider_info(reader, i) == OK) //after successful EMM, print32_t new provider info
|
---|
528 | { return OK; }
|
---|
529 | }
|
---|
530 | return ERROR;
|
---|
531 | }
|
---|
532 |
|
---|
533 | static int32_t seca_card_info(struct s_reader *reader)
|
---|
534 | {
|
---|
535 |
|
---|
536 | int32_t prov;
|
---|
537 |
|
---|
538 | for(prov = 0; prov < reader->nprov; prov++)
|
---|
539 | {
|
---|
540 | set_provider_info(reader, prov);
|
---|
541 | }
|
---|
542 | return OK;
|
---|
543 | }
|
---|
544 |
|
---|
545 | void reader_seca(struct s_cardsystem *ph)
|
---|
546 | {
|
---|
547 | ph->do_emm = seca_do_emm;
|
---|
548 | ph->do_ecm = seca_do_ecm;
|
---|
549 | ph->card_info = seca_card_info;
|
---|
550 | ph->card_init = seca_card_init;
|
---|
551 | ph->get_emm_type = seca_get_emm_type;
|
---|
552 | ph->get_emm_filter = seca_get_emm_filter;
|
---|
553 | ph->caids[0] = 0x01;
|
---|
554 | ph->desc = "seca";
|
---|
555 | }
|
---|
556 | #endif
|
---|