1 | #include "globals.h" |
---|
2 | #ifdef READER_VIACCESS |
---|
3 | #include "oscam-aes.h" |
---|
4 | #include "oscam-time.h" |
---|
5 | #include "oscam-emm.h" |
---|
6 | #include "reader-common.h" |
---|
7 | #include "cscrypt/des.h" |
---|
8 | #include "oscam-work.h" |
---|
9 | |
---|
10 | struct geo_cache |
---|
11 | { |
---|
12 | uint32_t provid; |
---|
13 | uint8_t geo[256]; |
---|
14 | uint8_t geo_len; |
---|
15 | int32_t number_ecm; |
---|
16 | }; |
---|
17 | |
---|
18 | struct viaccess_data |
---|
19 | { |
---|
20 | struct geo_cache last_geo; |
---|
21 | uint8_t availkeys[CS_MAXPROV][16]; |
---|
22 | }; |
---|
23 | |
---|
24 | struct via_date |
---|
25 | { |
---|
26 | uint16_t day_s : 5; |
---|
27 | uint16_t month_s : 4; |
---|
28 | uint16_t year_s : 7; |
---|
29 | |
---|
30 | uint16_t day_e : 5; |
---|
31 | uint16_t month_e : 4; |
---|
32 | uint16_t year_e : 7; |
---|
33 | }; |
---|
34 | |
---|
35 | static void parse_via_date(const uchar *buf, struct via_date *vd, int32_t fend) |
---|
36 | { |
---|
37 | uint16_t date; |
---|
38 | |
---|
39 | date = (buf[0] << 8) | buf[1]; |
---|
40 | vd->day_s = date & 0x1f; |
---|
41 | vd->month_s = (date >> 5) & 0x0f; |
---|
42 | vd->year_s = (date >> 9) & 0x7f; |
---|
43 | |
---|
44 | if(fend) |
---|
45 | { |
---|
46 | date = (buf[2] << 8) | buf[3]; |
---|
47 | vd->day_e = date & 0x1f; |
---|
48 | vd->month_e = (date >> 5) & 0x0f; |
---|
49 | vd->year_e = (date >> 9) & 0x7f; |
---|
50 | } |
---|
51 | } |
---|
52 | |
---|
53 | //static void get_via_data(const uchar *b, int32_t l, time_t *start_t, time_t *end_t, uchar *cls) |
---|
54 | //{ |
---|
55 | // int32_t i, j; |
---|
56 | // struct via_date vd; |
---|
57 | // struct tm tm; |
---|
58 | // memset(&vd, 0, sizeof(struct via_date)); |
---|
59 | // |
---|
60 | // // b -> via date (4 uint8_ts) |
---|
61 | // b+=4; |
---|
62 | // l-=4; |
---|
63 | // |
---|
64 | // j=l-1; |
---|
65 | // for (; j>=0; j--) |
---|
66 | // for (i=0; i<8; i++) |
---|
67 | // if (b[j] & (1 << (i&7))) |
---|
68 | // { |
---|
69 | // parse_via_date(b-4, &vd, 1); |
---|
70 | // *cls=(l-(j+1))*8+i; |
---|
71 | // } |
---|
72 | // |
---|
73 | // memset(&tm, 0, sizeof(struct tm)); |
---|
74 | // tm.tm_year = vd.year_s + 80; //via year starts in 1980, tm_year starts in 1900 |
---|
75 | // tm.tm_mon = vd.month_s - 1; // january is 0 in tm_mon |
---|
76 | // tm.tm_mday = vd.day_s; |
---|
77 | // *start_t = mktime(&tm); |
---|
78 | // |
---|
79 | // tm.tm_year = vd.year_e + 80; |
---|
80 | // tm.tm_mon = vd.month_e - 1; |
---|
81 | // tm.tm_mday = vd.day_e; |
---|
82 | // *end_t = mktime(&tm); |
---|
83 | // |
---|
84 | //} |
---|
85 | struct emm_rass *find_rabuf(struct s_client *client, int32_t provid, uint8_t nano, int8_t add) |
---|
86 | { |
---|
87 | struct emm_rass *e; |
---|
88 | LL_ITER it; |
---|
89 | |
---|
90 | if(!client->ra_buf) |
---|
91 | { |
---|
92 | client->ra_buf = ll_create("client->ra_buf"); |
---|
93 | } |
---|
94 | |
---|
95 | it = ll_iter_create(client->ra_buf); |
---|
96 | |
---|
97 | while((e = ll_iter_next(&it)) != NULL) |
---|
98 | { |
---|
99 | if(!add && e->provid == provid && e->emmlen != 0) { return e; } |
---|
100 | if(add && e->provid == provid && e->emm[0] == nano) { return e; } |
---|
101 | } |
---|
102 | if(!add) return NULL; |
---|
103 | |
---|
104 | if(!cs_malloc(&e, sizeof(struct emm_rass))) |
---|
105 | { return NULL; } |
---|
106 | e->provid = provid; |
---|
107 | ll_append(client->ra_buf, e); |
---|
108 | return e; |
---|
109 | } |
---|
110 | |
---|
111 | static void show_class(struct s_reader *reader, const char *p, uint32_t provid, const uchar *b, int32_t l) |
---|
112 | { |
---|
113 | int32_t i, j; |
---|
114 | |
---|
115 | // b -> via date (4 uint8_ts) |
---|
116 | b += 4; |
---|
117 | l -= 4; |
---|
118 | |
---|
119 | j = l - 1; |
---|
120 | for(; j >= 0; j--) |
---|
121 | for(i = 0; i < 8; i++) |
---|
122 | if(b[j] & (1 << (i & 7))) |
---|
123 | { |
---|
124 | uchar cls; |
---|
125 | struct via_date vd; |
---|
126 | parse_via_date(b - 4, &vd, 1); |
---|
127 | cls = (l - (j + 1)) * 8 + i; |
---|
128 | if(p) |
---|
129 | { |
---|
130 | rdr_log(reader, "%sclass: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", p, cls, |
---|
131 | vd.year_s + 1980, vd.month_s, vd.day_s, |
---|
132 | vd.year_e + 1980, vd.month_e, vd.day_e); |
---|
133 | } |
---|
134 | else |
---|
135 | { |
---|
136 | rdr_log(reader, "class: %02X, expiry date: %04d/%02d/%02d - %04d/%02d/%02d", cls, |
---|
137 | vd.year_s + 1980, vd.month_s, vd.day_s, |
---|
138 | vd.year_e + 1980, vd.month_e, vd.day_e); |
---|
139 | |
---|
140 | time_t start_t, end_t; |
---|
141 | struct tm tm; |
---|
142 | //convert time: |
---|
143 | memset(&tm, 0, sizeof(tm)); |
---|
144 | tm.tm_year = vd.year_s + 80; //via year starts in 1980, tm_year starts in 1900 |
---|
145 | tm.tm_mon = vd.month_s - 1; // january is 0 in tm_mon |
---|
146 | tm.tm_mday = vd.day_s; |
---|
147 | start_t = cs_timegm(&tm); |
---|
148 | |
---|
149 | tm.tm_year = vd.year_e + 80; //via year starts in 1980, tm_year starts in 1900 |
---|
150 | tm.tm_mon = vd.month_e - 1; // january is 0 in tm_mon |
---|
151 | tm.tm_mday = vd.day_e; |
---|
152 | end_t = cs_timegm(&tm); |
---|
153 | |
---|
154 | cs_add_entitlement(reader, reader->caid, provid, cls, cls, start_t, end_t, 5, 1); |
---|
155 | } |
---|
156 | } |
---|
157 | } |
---|
158 | |
---|
159 | static int8_t add_find_class(struct s_reader *reader, uint32_t provid, const uchar *b, int32_t l, int8_t add) |
---|
160 | { |
---|
161 | int32_t i, j, freshdate = 0; |
---|
162 | |
---|
163 | // b -> via date (4 uint8_ts) |
---|
164 | b += 4; |
---|
165 | l -= 4; |
---|
166 | |
---|
167 | j = l - 1; |
---|
168 | for(; j >= 0; j--) |
---|
169 | for(i = 0; i < 8; i++) |
---|
170 | if(b[j] & (1 << (i & 7))) |
---|
171 | { |
---|
172 | uchar cls; |
---|
173 | cls = (l - (j + 1)) * 8 + i; |
---|
174 | if(cs_add_entitlement(reader, reader->caid, provid, cls, cls, 0, 0, 5, 0) == NULL && !add) |
---|
175 | { |
---|
176 | rdr_log(reader, "provid %06X class %02X not found", provid, cls); |
---|
177 | freshdate = 1; |
---|
178 | } |
---|
179 | else |
---|
180 | { |
---|
181 | if(!add) |
---|
182 | { |
---|
183 | rdr_log(reader, "provid %06X has matching class %02X", provid, cls); |
---|
184 | } |
---|
185 | struct via_date vd; |
---|
186 | parse_via_date(b - 4, &vd, 1); |
---|
187 | time_t start_t, end_t; |
---|
188 | struct tm tm; |
---|
189 | //convert time: |
---|
190 | memset(&tm, 0, sizeof(tm)); |
---|
191 | tm.tm_year = vd.year_s + 80; //via year starts in 1980, tm_year starts in 1900 |
---|
192 | tm.tm_mon = vd.month_s - 1; // january is 0 in tm_mon |
---|
193 | tm.tm_mday = vd.day_s; |
---|
194 | start_t = cs_timegm(&tm); |
---|
195 | |
---|
196 | tm.tm_year = vd.year_e + 80; //via year starts in 1980, tm_year starts in 1900 |
---|
197 | tm.tm_mon = vd.month_e - 1; // january is 0 in tm_mon |
---|
198 | tm.tm_mday = vd.day_e; |
---|
199 | end_t = cs_timegm(&tm); |
---|
200 | |
---|
201 | if(cs_add_entitlement(reader, reader->caid, provid, cls, cls, start_t, end_t, 5, add) != NULL) |
---|
202 | { |
---|
203 | if(!add) |
---|
204 | { |
---|
205 | rdr_log(reader, "class %02X provid %06X has already this daterange or newer entitled", cls, provid); |
---|
206 | } |
---|
207 | } |
---|
208 | else |
---|
209 | { |
---|
210 | freshdate = 1; |
---|
211 | } |
---|
212 | } |
---|
213 | } |
---|
214 | if(freshdate == 0) return -2; |
---|
215 | return 1; // emmdate is fresh! |
---|
216 | } |
---|
217 | |
---|
218 | static void show_subs(struct s_reader *reader, const uchar *emm) |
---|
219 | { |
---|
220 | // emm -> A9, A6, B6 |
---|
221 | |
---|
222 | switch(emm[0]) |
---|
223 | { |
---|
224 | case 0xA9: |
---|
225 | show_class(reader, "nano A9: ", 0, emm + 2, emm[1]); |
---|
226 | break; |
---|
227 | /* |
---|
228 | { |
---|
229 | int32_t i, j, byts; |
---|
230 | const uchar *oemm; |
---|
231 | |
---|
232 | oemm = emm; |
---|
233 | byts = emm[1]-4; |
---|
234 | emm+=6; |
---|
235 | |
---|
236 | j=byts-1; |
---|
237 | for( ; j>=0; j-- ) |
---|
238 | for( i=0; i<8; i++ ) |
---|
239 | if( emm[j] & (1 << (i&7)) ) |
---|
240 | { |
---|
241 | uchar cls; |
---|
242 | struct via_date vd; |
---|
243 | parse_via_date(emm-4, &vd, 1); |
---|
244 | cls=(byts-(j+1))*8+i; |
---|
245 | rdr_log(reader, "%sclass %02X: expiry date: %02d/%02d/%04d - %02d/%02d/%04d", |
---|
246 | fnano?"nano A9: ":"", cls, |
---|
247 | vd.day_s, vd.month_s, vd.year_s+1980, |
---|
248 | vd.day_e, vd.month_e, vd.year_e+1980); |
---|
249 | } |
---|
250 | break; |
---|
251 | } |
---|
252 | */ |
---|
253 | case 0xA6: |
---|
254 | { |
---|
255 | char szGeo[256]; |
---|
256 | |
---|
257 | memset(szGeo, 0, 256); |
---|
258 | strncpy(szGeo, (char *)emm + 2, emm[1]); |
---|
259 | rdr_log(reader, "nano A6: geo %s", szGeo); |
---|
260 | break; |
---|
261 | } |
---|
262 | case 0xB6: |
---|
263 | { |
---|
264 | uchar m; // modexp |
---|
265 | struct via_date vd; |
---|
266 | |
---|
267 | m = emm[emm[1] + 1]; |
---|
268 | parse_via_date(emm + 2, &vd, 0); |
---|
269 | rdr_log(reader, "nano B6: modexp %d%d%d%d%d%d: %02d/%02d/%04d", (m & 0x20) ? 1 : 0, |
---|
270 | (m & 0x10) ? 1 : 0, (m & 0x08) ? 1 : 0, (m & 0x04) ? 1 : 0, (m & 0x02) ? 1 : 0, (m & 0x01) ? 1 : 0, |
---|
271 | vd.day_s, vd.month_s, vd.year_s + 1980); |
---|
272 | break; |
---|
273 | } |
---|
274 | } |
---|
275 | } |
---|
276 | |
---|
277 | static int32_t chk_prov(struct s_reader *reader, uchar *id, uchar keynr) |
---|
278 | { |
---|
279 | struct viaccess_data *csystem_data = reader->csystem_data; |
---|
280 | int32_t i, j, rc; |
---|
281 | for(rc = i = 0; (!rc) && (i < reader->nprov); i++) |
---|
282 | if(!memcmp(&reader->prid[i][1], id, 3)) |
---|
283 | for(j = 0; (!rc) && (j < 16); j++) |
---|
284 | if(csystem_data->availkeys[i][j] == keynr) |
---|
285 | { rc = 1; } |
---|
286 | return (rc); |
---|
287 | } |
---|
288 | |
---|
289 | static int32_t get_maturity(struct s_reader *reader) |
---|
290 | { |
---|
291 | /* retrieve maturity rating on the card */ |
---|
292 | |
---|
293 | def_resp; |
---|
294 | |
---|
295 | uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data |
---|
296 | uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data |
---|
297 | |
---|
298 | insac[2]=0x06; write_cmd(insac, NULL); // request maturity rating |
---|
299 | insb8[4]=0x02; write_cmd(insb8, NULL); // read maturity rating nano + len |
---|
300 | insb8[4]=cta_res[1]; write_cmd(insb8, NULL); // read maturity rating |
---|
301 | |
---|
302 | reader->maturity= cta_res[cta_lr - 3] & 0x0F; |
---|
303 | if (reader->maturity<0xF) |
---|
304 | { |
---|
305 | rdr_log(reader, "Maturity level [%X]= older than %i years", reader->maturity, reader->maturity); |
---|
306 | } |
---|
307 | else |
---|
308 | { |
---|
309 | rdr_log(reader, "Maturity level [%X]=no age limit", reader->maturity); |
---|
310 | } |
---|
311 | return 0; |
---|
312 | } |
---|
313 | |
---|
314 | static int32_t unlock_parental(struct s_reader *reader) |
---|
315 | { |
---|
316 | /* disabling parental lock. assuming pin "0000" if no pin code is provided in the config */ |
---|
317 | |
---|
318 | static const uchar inDPL[] = {0xca, 0x24, 0x02, 0x00, 0x09}; |
---|
319 | uchar cmDPL[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0F}; |
---|
320 | def_resp; |
---|
321 | |
---|
322 | if(strcmp(reader->pincode, "none")) |
---|
323 | { |
---|
324 | rdr_log(reader, "Using PIN %s", reader->pincode); |
---|
325 | // the pin need to be coded in bcd, so we need to convert from ascii to bcd, so '1234' -> 0x12 0x34 |
---|
326 | cmDPL[6] = ((reader->pincode[0] - 0x30) << 4) | ((reader->pincode[1] - 0x30) & 0x0f); |
---|
327 | cmDPL[7] = ((reader->pincode[2] - 0x30) << 4) | ((reader->pincode[3] - 0x30) & 0x0f); |
---|
328 | } |
---|
329 | else |
---|
330 | { |
---|
331 | rdr_log(reader, "Using PIN 0000!"); |
---|
332 | } |
---|
333 | write_cmd(inDPL, cmDPL); |
---|
334 | if(!(cta_res[cta_lr - 2] == 0x90 && cta_res[cta_lr - 1] == 0)) |
---|
335 | { |
---|
336 | if(strcmp(reader->pincode, "none")) |
---|
337 | { |
---|
338 | rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used %s!", reader->pincode); |
---|
339 | } |
---|
340 | else |
---|
341 | { |
---|
342 | rdr_log(reader, "Can't disable parental lock. Wrong PIN? OSCam used 0000!"); |
---|
343 | } |
---|
344 | } |
---|
345 | else |
---|
346 | { |
---|
347 | rdr_log(reader, "Parental lock disabled"); |
---|
348 | get_maturity(reader); |
---|
349 | } |
---|
350 | |
---|
351 | return 0; |
---|
352 | } |
---|
353 | |
---|
354 | int32_t hdSurEncBasicCrypt_D2_0F_11(int32_t Value, int32_t XorVal) |
---|
355 | { |
---|
356 | int32_t i = (Value << 13) - Value + 0x1B59; |
---|
357 | i = (i * Value) + 0x07CF; |
---|
358 | return (i ^ XorVal); |
---|
359 | } |
---|
360 | |
---|
361 | int32_t hdSurEncCryptLookup_D2_0F_11(uint8_t Value, uint8_t AddrInd) |
---|
362 | { |
---|
363 | static const uint8_t lookup[] = |
---|
364 | { |
---|
365 | 0x94, 0xB2, 0xA9, 0x79, 0xC4, 0xC7, 0x0D, 0x36, 0x6F, 0x24, 0x11, 0xD1, 0xDB, 0x59, 0xD2, 0xA5, |
---|
366 | 0xE1, 0x00, 0xD4, 0x97, 0xA3, 0x2B, 0x11, 0xFA, 0x5F, 0xF1, 0xC1, 0x44, 0xBF, 0x9B, 0x5A, 0xC8, |
---|
367 | 0xF1, 0xE1, 0x99, 0x82, 0x0E, 0xB2, 0x01, 0x09, 0x0C, 0xC8, 0xB3, 0x3B, 0xD1, 0x80, 0x50, 0xE8, |
---|
368 | 0xF5, 0x52, 0x4C, 0xE6, 0x82, 0xAC, 0x58, 0x40, 0xD4, 0x71, 0x87, 0x52, 0x06, 0xEA, 0xA6, 0x27, |
---|
369 | 0xB7, 0xFE, 0x6C, 0x49, 0x47, 0x3B, 0x70, 0x6C, 0xEB, 0xCD, 0xC5, 0x0B, 0x8C, 0x31, 0x29, 0x42, |
---|
370 | 0x4E, 0x10, 0x2B, 0x2D, 0x46, 0xEC, 0x39, 0xA3, 0x90, 0x4B, 0x25, 0x60, 0x9C, 0x62, 0xD4, 0x20, |
---|
371 | 0xF6, 0x16, 0xA8, 0x9C, 0xE4, 0x20, 0xED, 0xC7, 0xBA, 0x5E, 0xB6, 0x4E, 0x03, 0x15, 0xA6, 0xF6, |
---|
372 | 0x23, 0x98, 0x32, 0xC0, 0xAE, 0xA3, 0xFD, 0xD3, 0x7F, 0xF8, 0xED, 0xF0, 0x29, 0x29, 0x12, 0xB3, |
---|
373 | 0xB7, 0x58, 0xAD, 0xA2, 0x58, 0x2C, 0x70, 0x1B, 0xA4, 0x25, 0xE8, 0xA5, 0x43, 0xF1, 0xB9, 0x8F, |
---|
374 | 0x1E, 0x3B, 0x10, 0xDF, 0x52, 0xFE, 0x58, 0x29, 0xAD, 0x3F, 0x99, 0x4D, 0xDF, 0xD2, 0x08, 0x06, |
---|
375 | 0xA1, 0x1C, 0x66, 0x29, 0x26, 0x80, 0x52, 0x8A, 0x5A, 0x73, 0xE7, 0xDF, 0xC1, 0xC4, 0x47, 0x82, |
---|
376 | 0xAB, 0x5C, 0x32, 0xAE, 0x96, 0x04, 0x2B, 0xC3, 0x2D, 0x5A, 0xD2, 0xB0, 0x64, 0x88, 0x97, 0xBF, |
---|
377 | 0x7E, 0x99, 0x60, 0xCC, 0x63, 0x76, 0x66, 0xE9, 0x9A, 0x3D, 0xBB, 0xF7, 0x7F, 0xE4, 0x7C, 0x3F, |
---|
378 | 0xB8, 0x4D, 0x10, 0x8D, 0x2A, 0xEA, 0x3C, 0xD3, 0x03, 0x74, 0xE6, 0x46, 0xC0, 0x29, 0xAE, 0xB0, |
---|
379 | 0x79, 0xBE, 0xCB, 0x18, 0x34, 0xBE, 0x5A, 0xE9, 0x19, 0x8F, 0xA3, 0x8F, 0xD6, 0x6A, 0x6C, 0x88, |
---|
380 | 0x1E, 0x21, 0x08, 0x15, 0xC4, 0xE7, 0xE6, 0xBA, 0x97, 0x9C, 0x4F, 0x89, 0x9F, 0x1A, 0x67, 0x4F, |
---|
381 | 0xC0, 0xD5, 0x72, 0x51, 0x16, 0xB4, 0xD3, 0x8A, 0x1F, 0xE3, 0x92, 0x02, 0x7F, 0x59, 0x56, 0x8F, |
---|
382 | 0x07, 0x8D, 0xC1, 0xC2, 0x42, 0x69, 0x3C, 0xA6, 0xBF, 0x3D, 0xDF, 0x0D, 0xAA, 0x4F, 0x7E, 0x80, |
---|
383 | 0x07, 0x11, 0xE2, 0x94, 0x19, 0x9B, 0x16, 0x26, 0x1A, 0x46, 0x09, 0x0D, 0xB5, 0xB8, 0x8E, 0x01, |
---|
384 | 0x9C, 0xFE, 0x09, 0xB3, 0x60, 0xC2, 0xAE, 0x50, 0x3C, 0x68, 0x75, 0x4A, 0x57, 0xD8, 0x4F, 0xD7, |
---|
385 | 0xA2, 0x76, 0x2C, 0xC1, 0xA2, 0x23, 0xBC, 0x54, 0x2A, 0xDD, 0xF3, 0xDD, 0xA7, 0x34, 0xF7, 0x5C, |
---|
386 | 0xF4, 0x86, 0x23, 0x48, 0x7C, 0x3F, 0x05, 0x40, 0x0E, 0xB0, 0xE5, 0xEB, 0x3E, 0xDF, 0x6A, 0x83, |
---|
387 | 0x65, 0xA0, 0xB2, 0x06, 0xD1, 0x40, 0x79, 0x0D, 0xDE, 0x95, 0x84, 0x96, 0x87, 0x6F, 0xCE, 0x48, |
---|
388 | 0x24, 0x13, 0x0B, 0xF5, 0xC7, 0xF5, 0xA8, 0x7F, 0x2E, 0xC7, 0xE1, 0xBA, 0xAE, 0x2B, 0xF7, 0xF0, |
---|
389 | 0x8E, 0xF7, 0x54, 0x0B, 0xF0, 0xD2, 0x41, 0x81, 0x68, 0x3B, 0x1E, 0x35, 0xAB, 0xD9, 0x2B, 0x46, |
---|
390 | 0x57, 0xE8, 0x53, 0xDF, 0xDE, 0x10, 0xEF, 0xCB, 0x4C, 0xE0, 0x52, 0x18, 0x2C, 0x4E, 0xB9, 0x20, |
---|
391 | 0xE9, 0x7E, 0x85, 0xDF, 0x75, 0x32, 0xE6, 0x10, 0xE9, 0x9C, 0x7B, 0x2E, 0x4C, 0xDA, 0x46, 0xE6, |
---|
392 | 0xCC, 0x77, 0x36, 0x1D, 0x4A, 0x15, 0xF5, 0x32, 0x18, 0x6B, 0x7E, 0xAA, 0xCC, 0x97, 0xCC, 0xD1, |
---|
393 | 0x2F, 0xE5, 0x58, 0x03, 0x35, 0x35, 0x3D, 0xA0, 0x2B, 0x13, 0x3A, 0x65, 0xFF, 0x24, 0x72, 0xCF, |
---|
394 | 0xA7, 0x6D, 0x52, 0x55, 0xF6, 0xC2, 0x30, 0x23, 0x7D, 0x9B, 0x9E, 0xB0, 0x94, 0x02, 0xAD, 0x60, |
---|
395 | 0x8A, 0x9F, 0xBC, 0xC8, 0xE4, 0x2B, 0x92, 0x96, 0xF5, 0xAE, 0x04, 0xA4, 0x33, 0x0C, 0x90, 0x67, |
---|
396 | 0xF0, 0xB9, 0x1E, 0x7E, 0xBE, 0x02, 0x18, 0xB2, 0x03, 0xB6, 0x40, 0xBF, 0x05, 0xE3, 0x76, 0x98, |
---|
397 | 0x21, 0x38, 0xC9, 0x5F, 0xD3, 0x51, 0x8B, 0x43, 0x0B, 0x1A, 0x0B, 0xF9, 0x3C, 0x21, 0x6C, 0x3D, |
---|
398 | 0xB8, 0xA0, 0x57, 0xCA, 0x68, 0xCD, 0x1E, 0xD2, 0x2C, 0x50, 0xEE, 0xC0, 0xDF, 0x25, 0x88, 0x52, |
---|
399 | 0x37, 0xE1, 0x44, 0xC6, 0x76, 0x3B, 0x91, 0x95, 0x86, 0x76, 0x87, 0x49, 0x21, 0x93, 0x44, 0x0A, |
---|
400 | 0x52, 0xB9, 0x2D, 0x2B, 0xE3, 0x1D, 0xB0, 0xE4, 0x98, 0xC6, 0xEE, 0x3D, 0x96, 0x53, 0x4B, 0xFF, |
---|
401 | 0x39, 0x00, 0xD5, 0x42, 0x7E, 0xE1, 0x4C, 0x6F, 0xD5, 0xB7, 0xE6, 0x99, 0x2A, 0x5B, 0x67, 0xEE, |
---|
402 | 0x3E, 0xBA, 0xF7, 0xEC, 0x43, 0x2A, 0x1C, 0xB6, 0xB5, 0x04, 0x26, 0x59, 0xB1, 0x4C, 0x17, 0xCC, |
---|
403 | 0x83, 0xB9, 0x00, 0x3E, 0x36, 0x91, 0x90, 0xF7, 0x5E, 0x38, 0xDC, 0xE4, 0x15, 0xC7, 0x67, 0xF0, |
---|
404 | 0xCA, 0xC8, 0xD2, 0x91, 0x5D, 0x74, 0xAC, 0x97, 0x56, 0x36, 0x1A, 0x82, 0x0A, 0xAA, 0xB4, 0x4E, |
---|
405 | 0xBF, 0x29, 0x5C, 0xBF, 0x58, 0xB3, 0x97, 0xF9, 0xEB, 0x7C, 0x85, 0xB4, 0xA5, 0x13, 0x2F, 0xD1, |
---|
406 | 0xDE, 0x1C, 0xEC, 0x97, 0xDD, 0xE2, 0x39, 0xE4, 0xFB, 0x0A, 0x02, 0xE0, 0xC3, 0xBA, 0x39, 0x79, |
---|
407 | 0xAA, 0x1C, 0x37, 0x75, 0x25, 0x54, 0xBE, 0x85, 0x74, 0x2C, 0xFA, 0x0C, 0xFA, 0x50, 0xF6, 0xBE, |
---|
408 | 0x9F, 0x2A, 0x53, 0x7C, 0x27, 0x46, 0x68, 0x2D, 0x74, 0x2B, 0x46, 0xDA, 0xF5, 0x07, 0x95, 0x09, |
---|
409 | 0x6A, 0x91, 0xB7, 0xB1, 0x34, 0x07, 0x5F, 0xEA, 0xBE, 0x0F, 0x87, 0x28, 0x68, 0x97, 0x43, 0x77, |
---|
410 | 0xD5, 0x38, 0x2B, 0x11, 0x11, 0x4F, 0xD9, 0x75, 0x5E, 0xE1, 0x06, 0xA0, 0x3B, 0xAC, 0x32, 0xFE, |
---|
411 | 0xBF, 0x73, 0x59, 0x5B, 0xA2, 0xA8, 0x7E, 0x10, 0x4C, 0x6E, 0x78, 0xF0, 0x4A, 0x4E, 0x95, 0xD6, |
---|
412 | 0xDD, 0x05, 0x7A, 0xBB, 0xF1, 0xEB, 0xA8, 0xA4, 0x5D, 0x91, 0xF0, 0xED, 0xDB, 0xB8, 0x01, 0x41, |
---|
413 | 0xF8, 0x97, 0x7F, 0xC3, 0x91, 0x53, 0xBF, 0xE9, 0xEA, 0x33, 0x1F, 0xDC, 0xA6, 0xE6, 0x8D, 0xCB, |
---|
414 | 0x75, 0xD0, 0x69, 0xD0, 0xA4, 0x59, 0xA5, 0x02, 0xFC, 0x60, 0x0D, 0x6A, 0xA0, 0x05, 0x1A, 0x54, |
---|
415 | 0x8A, 0xA7, 0x57, 0xA3, 0xF0, 0x90, 0x8A, 0xD5, 0x6F, 0x1E, 0x2E, 0x10, 0x9A, 0x93, 0x2B, 0x51, |
---|
416 | 0x2C, 0xFD, 0x99, 0xE5, 0x9B, 0x5D, 0xB2, 0xA7, 0x37, 0x99, 0x26, 0x35, 0xCA, 0xDD, 0x22, 0x19, |
---|
417 | 0x59, 0x2A, 0xB0, 0x99, 0x23, 0xDF, 0xA7, 0xA9, 0x85, 0x12, 0xCF, 0xBF, 0xFC, 0x74, 0x80, 0x87, |
---|
418 | 0xE1, 0x97, 0xD0, 0xF9, 0xEF, 0x5F, 0x1B, 0x45, 0xF7, 0x76, 0xDB, 0x66, 0x39, 0x05, 0x43, 0x06, |
---|
419 | 0xA9, 0x9F, 0x2E, 0x14, 0x9F, 0x1C, 0x0C, 0x1F, 0xD5, 0xD9, 0xA4, 0x8D, 0x18, 0x6F, 0x08, 0x53, |
---|
420 | 0x0B, 0x92, 0x9A, 0x0C, 0xEA, 0x4C, 0xE4, 0x1D, 0x9E, 0x9A, 0x51, 0xB8, 0x7E, 0x2D, 0xE7, 0x3C, |
---|
421 | 0xFF, 0x84, 0x5C, 0xBF, 0x8F, 0x8C, 0x89, 0x09, 0x1B, 0x7E, 0x4B, 0xE7, 0x85, 0xEC, 0x04, 0xB5, |
---|
422 | 0x20, 0x18, 0x1E, 0x55, 0xD5, 0x5B, 0xAC, 0xC6, 0x25, 0x5A, 0xA1, 0x81, 0xC1, 0x31, 0x9C, 0xF5, |
---|
423 | 0xB5, 0x54, 0x07, 0x65, 0x0A, 0x5B, 0x90, 0x06, 0x4F, 0x84, 0xB2, 0x7F, 0xD1, 0xAD, 0x16, 0x81, |
---|
424 | 0x25, 0xAF, 0xAF, 0xE2, 0x03, 0xA9, 0x1F, 0x13, 0x02, 0x5D, 0x54, 0x89, 0xCD, 0x44, 0x51, 0xEB, |
---|
425 | 0xA4, 0x2B, 0xBD, 0x47, 0xB0, 0xB6, 0x27, 0x1D, 0x9B, 0x14, 0x6F, 0xBF, 0xCD, 0x59, 0xBC, 0x0A, |
---|
426 | 0x37, 0xA8, 0x74, 0x7D, 0x16, 0x90, 0x28, 0xD5, 0x94, 0xC3, 0xE4, 0x23, 0xC4, 0x98, 0x91, 0xCE, |
---|
427 | 0x55, 0xBD, 0x21, 0x3B, 0x84, 0xBD, 0x44, 0x3C, 0xF9, 0xCD, 0x37, 0x43, 0x4A, 0xC6, 0x8C, 0x23, |
---|
428 | 0x04, 0x28, 0x63, 0x7A, 0x03, 0x85, 0xD2, 0x46, 0x93, 0xCA, 0xFE, 0xC3, 0x83, 0x0B, 0x13, 0xCC, |
---|
429 | 0x5D, 0xCB, 0xBA, 0xCA, 0x68, 0xAB, 0x05, 0xF7, 0xEC, 0x4A, 0x9C, 0x0F, 0xD5, 0xC4, 0x5A, 0xA5, |
---|
430 | 0xA0, 0x04, 0x41, 0x6A, 0xF6, 0xEF, 0x16, 0x9B, 0x69, 0x38, 0xF6, 0x2D, 0xAA, 0xEB, 0x2D, 0xE2, |
---|
431 | 0x82, 0xA2, 0x9F, 0x6F, 0xBD, 0x2A, 0xE3, 0x66, 0x6B, 0x21, 0xDA, 0x56, 0xAD, 0x82, 0x2B, 0x93, |
---|
432 | 0xF3, 0x25, 0xEA, 0xFC, 0xFD, 0xFD, 0x1B, 0xA9, 0xFC, 0xB8, 0xC6, 0x98, 0x45, 0xF2, 0x70, 0x03, |
---|
433 | 0x4A, 0x9C, 0x60, 0x82, 0x65, 0xB6, 0x68, 0x4C, 0xE7, 0x41, 0x10, 0x9D, 0x59, 0x40, 0x03, 0x02, |
---|
434 | 0x07, 0x12, 0x33, 0xAF, 0x79, 0xE1, 0xC4, 0xEB, 0xB8, 0xCE, 0x6A, 0x90, 0x72, 0x61, 0x5D, 0x56, |
---|
435 | 0xC7, 0x59, 0x31, 0xCB, 0x45, 0x2D, 0x42, 0x9F, 0x10, 0x1D, 0x09, 0x63, 0x59, 0x8C, 0x6C, 0xDB, |
---|
436 | 0x11, 0xCF, 0xA1, 0xDF, 0x5F, 0x4D, 0xDF, 0xB4, 0xC3, 0x82, 0xEE, 0x58, 0x16, 0xB4, 0x74, 0xFA, |
---|
437 | 0xBE, 0x11, 0x9C, 0x1E, 0x98, 0x29, 0xDE, 0xE3, 0xE5, 0x9E, 0xCF, 0xD7, 0x91, 0x0A, 0xA3, 0xA4, |
---|
438 | 0x42, 0xA1, 0x95, 0x09, 0x9E, 0x16, 0xD5, 0xA8, 0x24, 0x56, 0x5B, 0x23, 0xC8, 0x56, 0x4C, 0xCB, |
---|
439 | 0x89, 0x18, 0x69, 0xEB, 0x0C, 0x1F, 0xC0, 0x41, 0x5C, 0x63, 0x04, 0x68, 0xB2, 0x0F, 0x3F, 0x88, |
---|
440 | 0x36, 0xDD, 0x23, 0x4D, 0x4C, 0xC0, 0x81, 0xE3, 0xE9, 0xAD, 0xE0, 0x27, 0xD5, 0xE5, 0x46, 0xEB, |
---|
441 | 0xFF, 0x32, 0xA2, 0xB7, 0x14, 0x64, 0x0B, 0x6D, 0x1B, 0xE5, 0xD8, 0xAE, 0x9D, 0xE8, 0x55, 0xB9, |
---|
442 | 0x52, 0x70, 0x59, 0xB8, 0x72, 0x92, 0x69, 0x37, 0x95, 0x61, 0x0A, 0xE5, 0xF6, 0x55, 0x97, 0x1D, |
---|
443 | 0xBF, 0xF7, 0x29, 0x77, 0x0F, 0x72, 0x80, 0xB2, 0x7E, 0x56, 0xBF, 0xFD, 0xE9, 0xF5, 0x9B, 0x62, |
---|
444 | 0xE9, 0xBD, 0x0B, 0xC2, 0x07, 0x55, 0x31, 0x4C, 0x57, 0x3A, 0x05, 0xB9, 0x27, 0x41, 0x4A, 0xC3, |
---|
445 | 0xEC, 0x72, 0x20, 0xB3, 0x0C, 0xF9, 0xD9, 0x3A, 0x14, 0x6A, 0x03, 0x44, 0x6A, 0xF1, 0x41, 0x55, |
---|
446 | 0x7F, 0x81, 0xC2, 0x04, 0xA8, 0x05, 0xB9, 0x49, 0x2E, 0x43, 0xC4, 0x00, 0x87, 0x86, 0x04, 0xAC, |
---|
447 | 0xAF, 0x73, 0x78, 0x0E, 0xA4, 0x43, 0x5B, 0x36, 0xA2, 0x8F, 0x9C, 0xF7, 0x66, 0x4A, 0x5A, 0x09, |
---|
448 | 0x6B, 0xAA, 0x69, 0x6F, 0xB1, 0x20, 0x0D, 0x56, 0x85, 0x0A, 0x5E, 0x06, 0xBF, 0xE2, 0x32, 0xB4, |
---|
449 | 0x5C, 0x46, 0x33, 0x0D, 0x27, 0xA3, 0x6B, 0xE1, 0xB2, 0x6A, 0x7D, 0x4A, 0xA7, 0x81, 0x0F, 0x2B, |
---|
450 | 0x16, 0x7C, 0x51, 0xD6, 0xC0, 0x3D, 0xB9, 0xFE, 0xB4, 0x66, 0xC4, 0xB6, 0x54, 0x53, 0x67, 0xDA, |
---|
451 | 0x70, 0x96, 0x9A, 0x0A, 0x07, 0x1A, 0x26, 0xBA, 0x85, 0x50, 0xF5, 0x27, 0x53, 0x9C, 0x3A, 0x94, |
---|
452 | 0x0A, 0x7D, 0xDB, 0xE1, 0xC3, 0xE3, 0x6A, 0x3E, 0x9E, 0xD5, 0x13, 0x0A, 0xA3, 0xD2, 0x21, 0x75, |
---|
453 | 0x79, 0x17, 0x26, 0xAC, 0x48, 0x5F, 0x3D, 0xE1, 0x7D, 0xA4, 0xB1, 0x56, 0x0F, 0x92, 0x2C, 0x60, |
---|
454 | 0xE6, 0xCB, 0x87, 0x35, 0xB8, 0x75, 0xC3, 0xA2, 0x03, 0x50, 0x4B, 0xA2, 0x6E, 0x01, 0xE1, 0xDD, |
---|
455 | 0x87, 0xA5, 0x33, 0xC6, 0x2F, 0xA2, 0x41, 0xFC, 0x72, 0x98, 0xA2, 0x69, 0x4C, 0x3F, 0xF0, 0x53, |
---|
456 | 0xF5, 0x41, 0x2B, 0x23, 0x24, 0x3B, 0xCE, 0x9D, 0x39, 0x31, 0x17, 0x08, 0xE1, 0x3F, 0x5F, 0xFB, |
---|
457 | 0x00, 0xFA, 0xF1, 0xE3, 0xE1, 0x7B, 0x0C, 0xDF, 0x8D, 0xA2, 0xC4, 0xCD, 0x62, 0x3D, 0xAE, 0xC7, |
---|
458 | 0x48, 0x09, 0x1C, 0x66, 0xCB, 0x0E, 0x23, 0xE8, 0x1B, 0x9F, 0x1B, 0xCB, 0xF8, 0x14, 0xC3, 0x34, |
---|
459 | 0x91, 0x32, 0x2B, 0x39, 0x1C, 0xBA, 0x1C, 0xA0, 0x19, 0xF2, 0x57, 0x9D, 0x78, 0x00, 0x55, 0x1F, |
---|
460 | 0x15, 0x12, 0x9A, 0xA2, 0xF2, 0xC2, 0xB7, 0x4E, 0xEA, 0x46, 0x01, 0xC2, 0xE9, 0x76, 0xBF, 0xDE, |
---|
461 | 0xCF, 0x8B, 0xC7, 0x50, 0x80, 0xEE, 0x46, 0x91, 0x93, 0x1E, 0x5C, 0x48, 0x5D, 0xC8, 0xC8, 0x63, |
---|
462 | 0xD1, 0x89, 0x02, 0x29, 0xE9, 0x90, 0x9F, 0x0B, 0x0A, 0x1A, 0x44, 0x17, 0xE7, 0x4E, 0xAD, 0x58, |
---|
463 | 0x55, 0xF8, 0x38, 0xF6, 0x4F, 0xD8, 0x1C, 0x7E, 0x25, 0x9B, 0x59, 0x16, 0xBC, 0x65, 0x24, 0xC5, |
---|
464 | 0xA7, 0x56, 0xE5, 0x20, 0x3F, 0xD9, 0x27, 0xE0, 0x32, 0x24, 0xE1, 0x7B, 0xE1, 0x32, 0xEA, 0xF4, |
---|
465 | 0xFE, 0xD9, 0xA5, 0xFF, 0x35, 0xAE, 0xA9, 0x1B, 0x38, 0x28, 0x6A, 0xC0, 0x1A, 0x42, 0xD9, 0x5E, |
---|
466 | 0x14, 0x2C, 0xC2, 0x2D, 0x9B, 0x94, 0x5B, 0xCF, 0x83, 0x30, 0xB9, 0x06, 0xAF, 0x4B, 0xD7, 0xF6, |
---|
467 | 0x38, 0x7C, 0xFF, 0xB4, 0xA5, 0x1A, 0xA0, 0xE9, 0xF3, 0x01, 0xE3, 0x97, 0xC4, 0xA9, 0x57, 0xF5, |
---|
468 | 0xB9, 0x96, 0xA7, 0xA3, 0xB8, 0x10, 0x0E, 0xFB, 0x1D, 0x39, 0x44, 0x16, 0x97, 0x94, 0x3E, 0x5F, |
---|
469 | 0xAF, 0x0F, 0xE3, 0x99, 0xDC, 0xA0, 0xE9, 0x8D, 0x26, 0x2B, 0xD9, 0xAE, 0xEC, 0x4C, 0x4F, 0x09, |
---|
470 | 0x86, 0x7E, 0x7B, 0xC3, 0xE3, 0xC6, 0x17, 0xAE, 0x30, 0x9C, 0x31, 0xD1, 0x84, 0x47, 0xAF, 0xCB, |
---|
471 | 0xEA, 0x69, 0x2A, 0x08, 0x3E, 0x13, 0x00, 0xDE, 0xF6, 0x4A, 0x42, 0xD3, 0xBE, 0x33, 0xD9, 0x50, |
---|
472 | 0x6B, 0x8D, 0x59, 0x12, 0x1A, 0xD3, 0xA7, 0x7C, 0x0A, 0xE7, 0x87, 0x47, 0xCA, 0xAA, 0x33, 0xFD, |
---|
473 | 0xC1, 0xF6, 0x28, 0xC1, 0x62, 0xA2, 0x4C, 0x79, 0x83, 0x48, 0x86, 0x0E, 0xA4, 0x67, 0x34, 0x95, |
---|
474 | 0xAE, 0x7D, 0xD6, 0xEE, 0x91, 0x05, 0x35, 0x91, 0xE8, 0x34, 0x39, 0xA3, 0xE5, 0xE6, 0x80, 0x53, |
---|
475 | 0x76, 0x1F, 0x94, 0xA0, 0xF6, 0xA5, 0x41, 0x79, 0x82, 0xD3, 0xB0, 0x1F, 0xCE, 0xE1, 0x86, 0x64, |
---|
476 | 0x65, 0x0C, 0x8D, 0xD6, 0xFA, 0xC1, 0x10, 0x6C, 0x07, 0xD5, 0xF0, 0x77, 0x65, 0xB9, 0x0C, 0xBD, |
---|
477 | 0xAE, 0x2D, 0x62, 0x6C, 0x42, 0x7E, 0x2A, 0xBE, 0x5F, 0xC1, 0x17, 0x3B, 0x07, 0xFF, 0x5E, 0xD7, |
---|
478 | 0x31, 0x52, 0x26, 0x2F, 0x9F, 0x12, 0xD8, 0x2E, 0xA3, 0xF5, 0xB5, 0xD2, 0xFC, 0x6E, 0x08, 0x1F, |
---|
479 | 0xC8, 0x93, 0xA1, 0xEB, 0xF9, 0x13, 0x1D, 0x1F, 0x98, 0x5E, 0xB0, 0x0C, 0x65, 0x6C, 0xAE, 0x07, |
---|
480 | 0x78, 0xF8, 0x12, 0xD2, 0xD1, 0x1E, 0x77, 0x5C, 0x24, 0x62, 0xE5, 0x94, 0xD6, 0x6A, 0x8E, 0xD0, |
---|
481 | 0x72, 0x59, 0xDA, 0x48, 0x38, 0x2F, 0x31, 0x75, 0x0C, 0x52, 0xF0, 0x0C, 0x8F, 0x5C, 0xE9, 0x5E, |
---|
482 | 0x5A, 0x94, 0xE8, 0xD2, 0x80, 0xF8, 0x4F, 0xE7, 0xAA, 0x6C, 0xBE, 0x47, 0xFB, 0xDD, 0x57, 0x0A, |
---|
483 | 0xD8, 0x5E, 0xCC, 0x0D, 0x8F, 0x42, 0x5E, 0xDC, 0x5D, 0x95, 0x95, 0x60, 0x9B, 0x6F, 0x05, 0x5E, |
---|
484 | 0x08, 0x45, 0x91, 0xE4, 0xB8, 0x06, 0xB1, 0xF2, 0xC0, 0xD7, 0xE3, 0x47, 0xB7, 0x38, 0x08, 0xA8, |
---|
485 | 0x58, 0xE4, 0x55, 0xFC, 0xE2, 0x37, 0x1F, 0x38, 0xA2, 0x18, 0x9E, 0xC2, 0x0F, 0x90, 0x14, 0x20, |
---|
486 | 0x50, 0xD1, 0xD0, 0xAB, 0x36, 0x7F, 0xAA, 0x03, 0x1C, 0xE6, 0x0A, 0xF9, 0x8E, 0x41, 0xDB, 0x32, |
---|
487 | 0x1C, 0x68, 0xA0, 0xA0, 0xED, 0x4A, 0xF4, 0x4B, 0x09, 0xD0, 0xF0, 0x01, 0x8B, 0x17, 0x44, 0xE1, |
---|
488 | 0xEA, 0xC5, 0x9D, 0x3B, 0x37, 0x7A, 0x68, 0xF1, 0x78, 0x46, 0xCF, 0xB6, 0x57, 0xDB, 0x4B, 0x5C, |
---|
489 | 0x03, 0xE1, 0x9D, 0xC0, 0x37, 0x55, 0x8D, 0x03, 0xFB, 0x6A, 0x00, 0x82, 0x19, 0xD1, 0xC0, 0x76, |
---|
490 | 0x97, 0xEE, 0xC9, 0xAD, 0x0D, 0x72, 0x0B, 0xE9, 0xA8, 0x09, 0x92, 0x03, 0xA4, 0xAA, 0x2C, 0xCF, |
---|
491 | 0xFD, 0xDE, 0x86, 0xD0, 0x06, 0x4A, 0xAE, 0x7E, 0xC1, 0xB8, 0x2A, 0x4E, 0x9F, 0xA3, 0x5E, 0x8C, |
---|
492 | 0x12, 0x40, 0x74, 0x38, 0xE7, 0xEA, 0xB0, 0x51, 0xC2, 0xB9, 0x6D, 0x4A, 0x50, 0xBF, 0x59, 0x9C, |
---|
493 | 0x05, 0xB2, 0x42, 0xE2, 0x0F, 0x71, 0x44, 0xDB, 0x97, 0x0B, 0xD0, 0xDB, 0x44, 0x1F, 0x9A, 0x3B, |
---|
494 | 0x18, 0x2A, 0x7B, 0xD9, 0x03, 0x83, 0x0B, 0xCF, 0x27, 0x20, 0x43, 0xA6, 0x42, 0xED, 0x89, 0x63, |
---|
495 | 0xDB, 0x2D, 0x27, 0xC2, 0x3B, 0xE6, 0x0D, 0x3E, 0xB6, 0x96, 0x33, 0x70, 0xA6, 0xF3, 0xF5, 0x56, |
---|
496 | 0xEA, 0xEB, 0xF1, 0xE7, 0xD8, 0xCB, 0x04, 0x48, 0x99, 0x4C, 0x00, 0xA4, 0x2A, 0xA5, 0x8A, 0xF1, |
---|
497 | 0x58, 0xD5, 0x17, 0x4C, 0xC5, 0x88, 0x06, 0x8F, 0xA6, 0x67, 0xA6, 0x14, 0xC7, 0xB9, 0xE0, 0x86, |
---|
498 | 0xAC, 0x67, 0xFD, 0xB3, 0x5B, 0x3E, 0xDF, 0x03, 0xFD, 0xC8, 0xC4, 0x4A, 0x32, 0x78, 0x6B, 0xD1, |
---|
499 | 0xC1, 0xE2, 0x36, 0x9D, 0x0B, 0xF2, 0x54, 0x25, 0xB8, 0xB7, 0xB2, 0x10, 0x7A, 0xA6, 0x79, 0x52, |
---|
500 | 0xC2, 0xEE, 0x98, 0xA5, 0x3D, 0xF0, 0x07, 0x8D, 0x25, 0xC3, 0xAC, 0xFD, 0xCF, 0x83, 0x98, 0x80, |
---|
501 | 0x56, 0x95, 0xC4, 0x14, 0xA2, 0xA5, 0x93, 0xFE, 0x24, 0x59, 0x44, 0x73, 0xDF, 0xD6, 0x47, 0xDA, |
---|
502 | 0x22, 0x3A, 0x82, 0xC5, 0xD1, 0x59, 0x40, 0x9D, 0x0C, 0x1A, 0xB7, 0x79, 0x45, 0x9A, 0xF8, 0x6D, |
---|
503 | 0x5A, 0x5C, 0xC2, 0x80, 0xFC, 0xAA, 0x8A, 0xA4, 0xFE, 0x68, 0x61, 0x7D, 0xFE, 0x2C, 0x36, 0xE3, |
---|
504 | 0xE0, 0x59, 0x28, 0x40, 0x79, 0xAD, 0x2D, 0x28, 0x12, 0x30, 0xFC, 0x56, 0x2E, 0x1D, 0xEC, 0x48, |
---|
505 | 0x3A, 0xF0, 0xC5, 0x6C, 0x31, 0xE0, 0x2E, 0xB3, 0x91, 0x70, 0xB9, 0x9E, 0xBD, 0xE7, 0x96, 0x58, |
---|
506 | 0xCB, 0xBC, 0x1C, 0xE4, 0xC7, 0x78, 0xC7, 0x1E, 0x39, 0xDB, 0xB8, 0x77, 0x50, 0xB7, 0x65, 0x20, |
---|
507 | 0x04, 0x16, 0x8B, 0xFC, 0x66, 0xC4, 0x6D, 0x05, 0x8C, 0x3C, 0xB6, 0x32, 0x2F, 0xDE, 0xC3, 0x6F, |
---|
508 | 0xFC, 0x82, 0x06, 0x02, 0x87, 0x47, 0xFD, 0xD8, 0xDA, 0x75, 0xE0, 0x4E, 0x8C, 0x40, 0x00, 0xB2, |
---|
509 | 0x9B, 0x35, 0x78, 0xA4, 0x61, 0x64, 0x96, 0x62, 0x37, 0xF6, 0x3E, 0x39, 0xFA, 0x14, 0x5B, 0xC4, |
---|
510 | 0x70, 0x17, 0xDC, 0x0C, 0x9E, 0x31, 0x82, 0x2C, 0x63, 0xCC, 0x8A, 0x43, 0x7C, 0x69, 0x12, 0x05, |
---|
511 | 0x18, 0xA3, 0x62, 0xCC, 0xA2, 0x13, 0x96, 0x25, 0xA6, 0x1B, 0xF2, 0x10, 0xC8, 0x73, 0x4F, 0xCB, |
---|
512 | 0x80, 0xCA, 0xAF, 0x73, 0xC9, 0x78, 0xB1, 0xAE, 0x87, 0xB8, 0xDF, 0x50, 0xD3, 0x55, 0x1E, 0x3A, |
---|
513 | 0x81, 0xF6, 0x84, 0xD6, 0x57, 0x36, 0xCF, 0x38, 0xB7, 0xBC, 0xBC, 0x1E, 0x48, 0x62, 0x9F, 0x0F, |
---|
514 | 0x0C, 0xE5, 0xF0, 0x63, 0x33, 0xE6, 0x59, 0x6B, 0x1E, 0xE6, 0x1C, 0x8A, 0xF9, 0xDD, 0x6B, 0xA3, |
---|
515 | 0xDC, 0x02, 0x4A, 0x2F, 0x8C, 0x6A, 0x8D, 0x16, 0x7E, 0x2F, 0xF1, 0x75, 0xD5, 0x15, 0x93, 0x07, |
---|
516 | 0x27, 0xD9, 0x6F, 0x1A, 0x5D, 0x43, 0xF3, 0x47, 0xC4, 0xED, 0xAD, 0x05, 0x9F, 0xEC, 0x8F, 0xD0, |
---|
517 | 0xBE, 0xB5, 0x58, 0xF4, 0xF6, 0xBE, 0x08, 0x73, 0x96, 0x19, 0x05, 0x25, 0xEC, 0x3D, 0x26, 0xF4, |
---|
518 | 0x93, 0xDB, 0x9F, 0x56, 0x48, 0x4C, 0xBC, 0xD0, 0x02, 0x59, 0xD1, 0x40, 0x4C, 0xA6, 0x06, 0x41, |
---|
519 | 0xE8, 0x7D, 0x47, 0xAE, 0x3A, 0x9E, 0x1A, 0x71, 0x52, 0xD4, 0x67, 0xC1, 0x14, 0x7E, 0x40, 0x6F, |
---|
520 | 0x1C, 0x75, 0x30, 0x7B, 0x70, 0x3A, 0xE0, 0x37, 0xB7, 0x41, 0x7F, 0xCB, 0x4A, 0xBA, 0xA7, 0xCE, |
---|
521 | 0x56, 0x54, 0xC5, 0x46, 0x65, 0x6F, 0xB4, 0xB6, 0xF0, 0x57, 0xCE, 0x2E, 0x4F, 0xA9, 0xF0, 0x14, |
---|
522 | 0x50, 0xC3, 0x30, 0xC5, 0xBA, 0xE1, 0x5E, 0xD6, 0xDC, 0xC5, 0x78, 0x55, 0x32, 0xAA, 0xCB, 0x29, |
---|
523 | 0x35, 0x81, 0x46, 0x5E, 0x92, 0xE7, 0xDE, 0xCC, 0x92, 0x29, 0x86, 0xE0, 0x8F, 0x91, 0x3C, 0x74, |
---|
524 | 0x97, 0x79, 0x63, 0x97, 0x4A, 0xCC, 0x88, 0xB5, 0xA3, 0x7A, 0xF0, 0xF0, 0x33, 0x87, 0xCD, 0xBD |
---|
525 | }; |
---|
526 | uint8_t b = Value ^ hdSurEncBasicCrypt_D2_0F_11(Value, lookup[(((AddrInd * 2) + 0) * 256) + Value]); |
---|
527 | return (Value ^ hdSurEncBasicCrypt_D2_0F_11(b, lookup[(((AddrInd * 2) + 1) * 256) + b])); |
---|
528 | } |
---|
529 | |
---|
530 | void hdSurEncPhase1_D2_0F_11(uint8_t *CWs) |
---|
531 | { |
---|
532 | static const uint8_t lookup1[] = |
---|
533 | { |
---|
534 | 0x16, 0x71, 0xCA, 0x14, 0xC4, 0xF4, 0xA3, 0x5A, 0x9D, 0x5F, 0x85, 0x8B, 0xA6, 0x77, 0xFD, 0x3C, |
---|
535 | 0x5F, 0x13, 0x2A, 0x5F, 0x61, 0x36, 0xE4, 0xDC, 0x0D, 0x82, 0x92, 0xC5, 0x25, 0xE1, 0x7A, 0x1C, |
---|
536 | 0x29, 0x19, 0x94, 0x2F, 0xC5, 0xD2, 0xDC, 0xBA, 0x86, 0x60, 0x64, 0x60, 0x86, 0x92, 0xA3, 0x4E, |
---|
537 | 0x3D, 0x9B, 0xCC, 0x16, 0xBB, 0xBA, 0xD2, 0xF0, 0x6A, 0xD3, 0x2F, 0x07, 0x75, 0xBD, 0x28, 0xDB |
---|
538 | }; |
---|
539 | static const int8_t lookup2[] = {1, -1, -1, 1, -1, 2, 1, -2, -1, 1, 2, -2, 1, -2, -2, 4}; |
---|
540 | static const int8_t CAddrIndex[] = {0, 1, 3, 4}; |
---|
541 | int32_t i, j, i1, i2, i3; |
---|
542 | |
---|
543 | for(i = 3; i >= 0; --i) |
---|
544 | { |
---|
545 | for(j = 0; j <= 15; ++j) |
---|
546 | { |
---|
547 | CWs[j] = CWs[j] ^ hdSurEncBasicCrypt_D2_0F_11(j , lookup1 [(16 * i) + j]); |
---|
548 | } |
---|
549 | |
---|
550 | uint8_t Buffer[16]; |
---|
551 | uint32_t k; |
---|
552 | for(i1 = 0; i1 <= 3; ++i1) |
---|
553 | { |
---|
554 | for(i2 = 0; i2 <= 3; ++i2) |
---|
555 | { |
---|
556 | k = 0; |
---|
557 | for(i3 = 0; i3 <= 3; ++i3) |
---|
558 | { |
---|
559 | k = k + (CWs[(i2 * 4) + i3] * lookup2[(i3 * 4) + i1]); |
---|
560 | Buffer[(i2 * 4) + i1] = (uint8_t)k; |
---|
561 | } |
---|
562 | } |
---|
563 | } |
---|
564 | memcpy(CWs, Buffer, 16); |
---|
565 | |
---|
566 | // CW positions are mixed around here |
---|
567 | uint8_t a4[4]; |
---|
568 | for(i1 = 1; i1 <= 3; ++i1) |
---|
569 | { |
---|
570 | for(i2 = 0; i2 <= 3; ++i2) |
---|
571 | { |
---|
572 | a4[i2] = i1 + (i2 * 4); |
---|
573 | } |
---|
574 | for(i2 = 0; i2 <= i1 - 1; ++i2) // the given code in Func1_3 seems to be wrong here(3 instead of i1-1)! |
---|
575 | { |
---|
576 | uint8_t tmp = CWs[a4[0]]; |
---|
577 | for(i3 = 1; i3 <= 3; ++i3) |
---|
578 | { |
---|
579 | CWs[a4[i3 - 1]] = CWs[a4[i3]]; |
---|
580 | } |
---|
581 | CWs[a4[3]] = tmp; |
---|
582 | } |
---|
583 | } |
---|
584 | |
---|
585 | for(i1 = 0; i1 <= 15; ++i1) |
---|
586 | { |
---|
587 | CWs[i1] = hdSurEncCryptLookup_D2_0F_11(CWs[i1], CAddrIndex[i1 & 3]); |
---|
588 | } |
---|
589 | } |
---|
590 | } |
---|
591 | |
---|
592 | void hdSurEncPhase2_D2_0F_11_sub(uint8_t *CWa, uint8_t *CWb, uint8_t AddrInd) |
---|
593 | { |
---|
594 | uint8_t Buffer[8]; |
---|
595 | uint8_t tmp, i; |
---|
596 | for(i = 0; i <= 7; ++i) |
---|
597 | { |
---|
598 | Buffer[i] = hdSurEncCryptLookup_D2_0F_11(CWb[i], AddrInd); |
---|
599 | } |
---|
600 | |
---|
601 | // some bitshifting |
---|
602 | tmp = Buffer[7]; |
---|
603 | for(i = 7; i >= 1; --i) |
---|
604 | { |
---|
605 | Buffer[i] = ((Buffer[1] >> 4) & 0xFF) | ((Buffer[i - 1] << 4) & 0xFF); |
---|
606 | } |
---|
607 | Buffer[0] = ((Buffer[0] >> 4) & 0xFF) | ((tmp << 4) & 0xFF); |
---|
608 | |
---|
609 | // saving the result |
---|
610 | for(i = 0; i <= 7; ++i) |
---|
611 | { |
---|
612 | CWa[i] = CWa[i] ^ Buffer[i]; |
---|
613 | } |
---|
614 | } |
---|
615 | |
---|
616 | void hdSurEncPhase2_D2_0F_11(uint8_t *CWs) |
---|
617 | { |
---|
618 | hdSurEncPhase2_D2_0F_11_sub(CWs, CWs + 8, 0); |
---|
619 | hdSurEncPhase2_D2_0F_11_sub(CWs + 8, CWs, 1); |
---|
620 | hdSurEncPhase2_D2_0F_11_sub(CWs, CWs + 8, 2); |
---|
621 | hdSurEncPhase2_D2_0F_11_sub(CWs + 8, CWs, 3); |
---|
622 | hdSurEncPhase2_D2_0F_11_sub(CWs, CWs + 8, 4); |
---|
623 | } |
---|
624 | |
---|
625 | void CommonMain_1_D2_13_15(const uint8_t *datain, uint8_t *dataout) |
---|
626 | { |
---|
627 | const uint8_t Tab3[88] = { |
---|
628 | 0x1B,0x12,0x12,0x0C,0x12,0x0C,0x0C,0x08,0x09,0x09,0x06,0x06,0x06,0x06,0x04,0x04, |
---|
629 | 0x08,0x04,0x04,0x02,0x04,0x02,0x02,0x01,0x09,0x06,0x09,0x06,0x06,0x04,0x06,0x04, |
---|
630 | 0x03,0x03,0x03,0x03,0x02,0x02,0x02,0x02,0x04,0x04,0x02,0x02,0x02,0x02,0x01,0x01, |
---|
631 | 0x09,0x06,0x06,0x04,0x09,0x06,0x06,0x04,0x03,0x03,0x02,0x02,0x03,0x03,0x02,0x02, |
---|
632 | 0x04,0x02,0x04,0x02,0x02,0x01,0x02,0x01,0x03,0x02,0x03,0x02,0x03,0x02,0x03,0x02, |
---|
633 | 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01 }; |
---|
634 | |
---|
635 | int i1,i2; |
---|
636 | unsigned long bb; |
---|
637 | |
---|
638 | for (i1 = 0; i1 < 11; i1++) |
---|
639 | { |
---|
640 | bb = 0; |
---|
641 | for (i2 = 0; i2 < 8; i2++) |
---|
642 | { bb += (Tab3[(i1 * 8) + i2] * datain[i2]); } |
---|
643 | dataout[i1] = (bb & 0xFF); |
---|
644 | } |
---|
645 | } |
---|
646 | |
---|
647 | |
---|
648 | unsigned short CommonMain_2_D2_13_15(const uint8_t *data, const unsigned long num) |
---|
649 | { |
---|
650 | unsigned long bb1, bb2; |
---|
651 | |
---|
652 | bb1 = num >> 3; |
---|
653 | bb2 = (data[bb1] << 24) + (data[bb1 + 1] << 16) + (data[bb1 + 2] << 8); |
---|
654 | return ((bb2 >> (21 - (num & 7))) & 0x7FF); |
---|
655 | } |
---|
656 | |
---|
657 | void CommonMain_3_D2_13_15(uint8_t *data0, uint8_t *data1, int nbrloop) |
---|
658 | { |
---|
659 | int i; |
---|
660 | unsigned long bb1, bb2; |
---|
661 | |
---|
662 | bb1 = 0; |
---|
663 | bb2 = 0; |
---|
664 | for (i = nbrloop - 1; i >= 0; i--) |
---|
665 | { |
---|
666 | bb1 += (data0[i] * 2) + data1[i]; |
---|
667 | bb2 += data0[i] + data1[i]; |
---|
668 | data0[i] = (bb1 & 0xFF); |
---|
669 | data1[i] = (bb2 & 0xFF); |
---|
670 | bb1 >>= 8; |
---|
671 | bb2 >>= 8; |
---|
672 | } |
---|
673 | } |
---|
674 | |
---|
675 | void CommonMain_D2_13_15(const uint8_t *datain, uint8_t *dataout, int loopval) |
---|
676 | { |
---|
677 | |
---|
678 | const uint8_t Tab0_Comp[0x800] = { |
---|
679 | 0x54,0x75,0x01,0x0C,0x7C,0xE2,0xC3,0xC2,0x5E,0x13,0x26,0xCA,0xB2,0xCD,0xB8,0x3D, |
---|
680 | 0x02,0x2C,0xE4,0x19,0x41,0x3D,0xE4,0x0F,0xEC,0xF1,0x45,0x83,0xE2,0xE2,0x72,0xF9, |
---|
681 | 0xCD,0x75,0x1E,0x41,0xCC,0x0C,0x1F,0x39,0x87,0x9B,0x46,0xFF,0x68,0x1F,0x00,0xD8, |
---|
682 | 0x41,0x82,0xCA,0xC6,0xEF,0x87,0x90,0xA2,0x7E,0xD9,0xDE,0xC8,0x25,0xEA,0xC9,0x75, |
---|
683 | 0x6E,0x18,0x81,0xD8,0x5A,0xA6,0x74,0x05,0xAF,0xAE,0xE0,0x4F,0x85,0xAD,0x94,0xF6, |
---|
684 | 0x45,0xF4,0xF5,0x55,0xA8,0xEB,0xEC,0xDB,0x6C,0xFF,0x2F,0xC2,0xC3,0x7D,0x93,0xE6, |
---|
685 | 0xF5,0x31,0x96,0xB7,0x9A,0xDB,0xE5,0x76,0x66,0xFB,0xDD,0xBC,0x19,0x18,0x42,0xC6, |
---|
686 | 0x36,0xCD,0x46,0x33,0xEA,0xF1,0x4C,0xC0,0x72,0x07,0xCD,0x61,0xCE,0x0E,0x08,0x01, |
---|
687 | 0xA3,0xFA,0x84,0x21,0xF2,0x43,0x37,0x1C,0xDE,0x25,0x8A,0x1A,0xF4,0xBB,0x40,0xF3, |
---|
688 | 0x53,0xFE,0x17,0x60,0x91,0x6D,0x7B,0x6D,0x5F,0x1C,0x15,0x73,0xCC,0x6E,0x73,0x46, |
---|
689 | 0x27,0x73,0xA3,0x10,0x16,0x32,0xB3,0x39,0x45,0xA6,0x55,0xE7,0x91,0x32,0x24,0xC8, |
---|
690 | 0xAE,0xAF,0x1B,0x28,0x69,0x22,0x2F,0xE9,0x77,0x72,0xBF,0x4B,0x8B,0x07,0x82,0x31, |
---|
691 | 0xB0,0x95,0x10,0x78,0x9F,0xC5,0xF3,0x73,0xE1,0xF8,0x36,0x84,0xFE,0x1B,0x92,0xB2, |
---|
692 | 0xE6,0xA5,0xCE,0xDA,0x56,0x48,0x52,0x77,0x9D,0x9D,0x8E,0x37,0x4B,0xC8,0x35,0x7E, |
---|
693 | 0xB9,0x5D,0xA4,0xAE,0x3F,0xD0,0xAA,0x60,0xA8,0x4C,0x85,0x49,0xF6,0x0C,0x27,0xE8, |
---|
694 | 0x94,0x84,0xA0,0xAA,0x06,0x4D,0xAC,0x58,0x8B,0x61,0x29,0x3D,0x68,0x25,0xD3,0xD3, |
---|
695 | 0x8E,0xA1,0xE0,0x71,0xBF,0x21,0x0C,0xC7,0x18,0x19,0xF1,0x25,0x98,0x5F,0x79,0x5E, |
---|
696 | 0x51,0xBA,0x8C,0x2F,0x52,0x43,0xF3,0x5A,0xE3,0x58,0x97,0x64,0x23,0xE0,0x44,0x4F, |
---|
697 | 0x30,0x2A,0xE0,0x16,0x8D,0x4D,0xD1,0x1F,0x7B,0xC9,0xC5,0x74,0x11,0x23,0x5D,0x95, |
---|
698 | 0xAC,0x7F,0x2E,0x30,0xBE,0x2D,0xE3,0xB5,0xC6,0xA7,0x69,0x99,0x1F,0x18,0x3C,0x96, |
---|
699 | 0x30,0x45,0x99,0x71,0x28,0x08,0x3C,0xF7,0x37,0x4F,0x6A,0xD6,0xAE,0x9B,0x57,0xC1, |
---|
700 | 0xCC,0x2C,0xE2,0x0F,0x7D,0x66,0xF4,0x36,0x0C,0x3B,0x35,0xF6,0x28,0x03,0xA3,0x7A, |
---|
701 | 0x83,0x15,0xF5,0x61,0x5E,0xE8,0xB7,0xD8,0x54,0x33,0x93,0x63,0x80,0x40,0x43,0xD0, |
---|
702 | 0x9C,0xAA,0x3A,0x98,0x50,0xD2,0xB8,0x80,0x5D,0x16,0xDF,0x1C,0x03,0xAA,0x87,0xC7, |
---|
703 | 0x63,0xA5,0x8D,0xA9,0x2E,0xFB,0x4F,0x7C,0x2B,0xF5,0xF9,0x57,0xB5,0x90,0xD8,0x75, |
---|
704 | 0xAB,0x81,0x4C,0x1B,0xAF,0x6C,0x0E,0xCB,0xB1,0x4F,0xD3,0xE3,0x69,0x18,0x8C,0x7A, |
---|
705 | 0x3C,0xE1,0x11,0x86,0x47,0x78,0x11,0xA0,0xD4,0x28,0xC3,0x0D,0xAC,0xC6,0x17,0xA1, |
---|
706 | 0x32,0x9F,0x8F,0x42,0xD9,0x3F,0x66,0xD7,0x2D,0x87,0x7B,0x65,0xD3,0xD6,0x90,0x83, |
---|
707 | 0xA2,0x75,0xE8,0x98,0x90,0x9D,0xDE,0x81,0x9E,0x3D,0xE4,0xA9,0xE4,0x0B,0xBC,0xBA, |
---|
708 | 0x96,0xDD,0x05,0xCA,0xAE,0x78,0x69,0x24,0xDB,0xA7,0x3E,0x7A,0x3B,0xB4,0xC4,0x59, |
---|
709 | 0x61,0xD2,0xF2,0xE3,0x99,0x8F,0x8F,0x8A,0x82,0x33,0xB8,0x17,0x5E,0x7A,0x32,0x41, |
---|
710 | 0x10,0x8D,0xC2,0xEF,0xAA,0xF8,0x5A,0xF7,0xD2,0x1D,0xC0,0xCB,0x5E,0xB7,0x8A,0x78, |
---|
711 | 0x49,0x42,0xEB,0x19,0x1B,0x61,0xA0,0x77,0x5A,0xF4,0x6D,0x55,0xDA,0xEB,0xCE,0x4E, |
---|
712 | 0xB8,0xE6,0x32,0xD7,0x51,0x3F,0x73,0x14,0x34,0x6E,0x38,0xD6,0xA7,0x28,0x87,0x4A, |
---|
713 | 0x59,0xCA,0x1C,0x80,0xB5,0x8C,0x9D,0x94,0xCB,0xFE,0x29,0x41,0xE5,0x69,0xCF,0xFD, |
---|
714 | 0x0B,0xE1,0x7C,0xA1,0x70,0x12,0x76,0x43,0xDA,0xB9,0xD4,0xC3,0x31,0xBC,0x94,0x77, |
---|
715 | 0x04,0xB4,0x1C,0xAA,0xEC,0x6F,0xA5,0x12,0x9D,0x6F,0x34,0x65,0x77,0xA0,0xD2,0x6F, |
---|
716 | 0x60,0xC6,0x47,0xC2,0xDF,0x6A,0x10,0x53,0xD4,0xBA,0xF3,0xB7,0x38,0x79,0x63,0xC9, |
---|
717 | 0xD4,0x77,0xBC,0x54,0xE9,0x79,0x42,0xD5,0xE0,0x71,0xE7,0x9E,0x5A,0x62,0x0C,0xAD, |
---|
718 | 0x01,0x09,0xA8,0x9F,0x8E,0x67,0x4A,0x30,0xA4,0xB1,0x08,0xFC,0x0A,0xEA,0x7A,0x1D, |
---|
719 | 0x4C,0x4A,0x21,0xDE,0x00,0xD7,0x41,0x98,0x6B,0x38,0x50,0x3E,0x1F,0x25,0x06,0xE3, |
---|
720 | 0x6C,0xA3,0x84,0x5B,0xC1,0xED,0x47,0xDD,0xB3,0x83,0x46,0x72,0x69,0xCE,0x72,0x04, |
---|
721 | 0x43,0x67,0x3A,0x19,0xD9,0x0A,0xF7,0x43,0x88,0xCA,0xC7,0x31,0x34,0x21,0x4E,0x4C, |
---|
722 | 0xE8,0xD1,0x70,0x00,0xBD,0xB1,0xB6,0x76,0x6F,0x5B,0xF9,0xF5,0xF4,0x19,0x20,0x21, |
---|
723 | 0xC1,0xF0,0x11,0x36,0x66,0xAB,0x15,0xBD,0x69,0x92,0xC6,0x46,0xDE,0xDC,0xE9,0x9A, |
---|
724 | 0xF8,0x6C,0x15,0x29,0x15,0xA6,0x35,0x3E,0x08,0xE5,0x90,0x62,0x9F,0x86,0x56,0x83, |
---|
725 | 0x5D,0x60,0x0D,0x22,0x77,0xA7,0x60,0x9B,0x26,0x80,0x16,0x67,0xB4,0x46,0xBF,0x74, |
---|
726 | 0x55,0x92,0x5B,0x34,0xFF,0xC8,0x28,0x37,0xFF,0x14,0x62,0xFA,0xBD,0x03,0x78,0x04, |
---|
727 | 0x1B,0x65,0x7F,0x99,0x05,0x27,0x14,0xC0,0x06,0x4D,0x4B,0x0E,0x98,0x34,0x6A,0xB3, |
---|
728 | 0xA1,0xFE,0xBC,0x45,0x7D,0x52,0x50,0x0E,0x2C,0xFB,0x91,0xF5,0xFB,0x2A,0xB7,0xD9, |
---|
729 | 0xB8,0xB8,0x54,0x31,0x81,0x03,0x93,0x2C,0xE1,0x5C,0xB9,0x2C,0xE8,0x38,0xC0,0xA7, |
---|
730 | 0x58,0x18,0x92,0xC5,0x8B,0xEF,0x1E,0x33,0xA4,0xBA,0x86,0x2B,0xE9,0xEE,0xB1,0xDF, |
---|
731 | 0xAB,0xB8,0x48,0xDA,0x84,0xF1,0x68,0x05,0x4E,0xDE,0xB5,0x9E,0x88,0x12,0xC9,0x60, |
---|
732 | 0x50,0x58,0x56,0x9D,0x26,0x84,0xB6,0x1A,0xE6,0x4B,0x40,0x94,0x6D,0xE9,0x1D,0x0D, |
---|
733 | 0x8A,0xF9,0x2A,0xB5,0xBC,0xDB,0x06,0x8F,0x13,0x7E,0x1D,0x1C,0xC7,0xFD,0x8F,0x78, |
---|
734 | 0x55,0x3F,0x16,0x84,0x48,0xDA,0x1A,0xD1,0x93,0x95,0x20,0x58,0x92,0x39,0xF6,0x73, |
---|
735 | 0x4E,0x9E,0x7B,0x70,0xFC,0x1E,0x5B,0x20,0x48,0x96,0xB3,0x7C,0x50,0x09,0x5B,0x61, |
---|
736 | 0x57,0x97,0x36,0x04,0x29,0x2C,0x32,0x8E,0x93,0x4A,0x45,0xFA,0xD5,0x24,0x14,0x1A, |
---|
737 | 0x28,0x9C,0x1A,0x71,0xAE,0x85,0x4B,0x26,0x79,0x99,0x65,0xD0,0x07,0x98,0xED,0xC9, |
---|
738 | 0x1B,0x39,0x57,0x5B,0xDB,0x3D,0x87,0x69,0x66,0x9B,0x03,0x23,0x54,0x6B,0x4B,0xAC, |
---|
739 | 0x6E,0x7A,0x25,0x1E,0xB6,0x97,0xCF,0x1D,0x07,0xCB,0x2A,0x3E,0x85,0x02,0x93,0x31, |
---|
740 | 0x12,0x27,0xF0,0xA6,0x6D,0x0F,0x9A,0xB6,0xFC,0x22,0x79,0x6C,0x77,0xFD,0x3F,0xDC, |
---|
741 | 0x19,0xD0,0xDF,0xBD,0x9E,0xE0,0xBE,0x20,0x13,0xA3,0x0A,0x0B,0x22,0xF2,0xC8,0x6B, |
---|
742 | 0xA1,0xDD,0x6C,0x67,0xB3,0xFD,0x71,0xC2,0x7B,0x08,0x3B,0xF1,0x37,0xB5,0x0F,0x86, |
---|
743 | 0xFA,0xA9,0xE9,0x42,0xD1,0xE8,0xCD,0x05,0xEF,0xD3,0xCC,0x0B,0x70,0x51,0x5B,0x97, |
---|
744 | 0x06,0xC4,0x9D,0x88,0x11,0x3E,0x99,0x9F,0xBE,0x76,0x8C,0x8D,0xE6,0xBA,0xDA,0x48, |
---|
745 | 0xD0,0x04,0x86,0x4F,0xA9,0xC6,0xB0,0xED,0xA4,0x94,0x46,0x96,0x27,0xEE,0x9F,0xBD, |
---|
746 | 0xDA,0x9B,0x3D,0x11,0x80,0xD3,0x7B,0x5A,0x48,0x94,0xE5,0xCC,0x48,0xEA,0xE4,0x18, |
---|
747 | 0xDF,0x51,0xB3,0x02,0x57,0x20,0x4B,0x0F,0x07,0xFF,0x41,0x33,0x0F,0x6B,0x2E,0xAA, |
---|
748 | 0xDE,0xB2,0x56,0xF7,0xFB,0xA2,0x48,0x3C,0x97,0x1A,0x64,0x2C,0xD1,0x74,0x40,0xCF, |
---|
749 | 0x65,0x7F,0x14,0x08,0x59,0xC4,0x35,0xD3,0x8A,0x0F,0xFD,0x71,0x7A,0x71,0xAC,0x2D, |
---|
750 | 0xF3,0xFD,0x7B,0x12,0x5F,0xC0,0xBC,0x4E,0x96,0x12,0xF2,0x8E,0x41,0x84,0x01,0x0F, |
---|
751 | 0xED,0x7B,0xC1,0xB9,0x39,0x03,0x35,0x40,0x49,0x53,0xB8,0xB4,0x6B,0xA6,0xE7,0x0A, |
---|
752 | 0x14,0xBB,0x29,0x16,0xEC,0x2A,0x3A,0xD6,0x09,0xBB,0x5C,0x20,0xF8,0x09,0xFD,0x86, |
---|
753 | 0xC4,0x25,0x09,0x85,0x0B,0xD5,0xD8,0x51,0xB1,0xA2,0xCB,0xDC,0xC4,0xDD,0x34,0xDF, |
---|
754 | 0xE2,0x85,0xA9,0xCC,0x4E,0x66,0x51,0xFA,0x9C,0x4D,0xB7,0x1E,0x3E,0x49,0x34,0x9C, |
---|
755 | 0x21,0x66,0x07,0x44,0xB2,0xEC,0x73,0xC5,0xBB,0x27,0x9A,0xA5,0x91,0x5A,0xB9,0x9F, |
---|
756 | 0xBE,0xC8,0xA2,0x27,0x89,0x21,0xA7,0xEE,0x50,0x4D,0x43,0x50,0x67,0xC2,0x3B,0x7C, |
---|
757 | 0x20,0x0B,0x95,0x40,0xBE,0xEA,0xB5,0xD9,0x82,0xD7,0x9C,0xB5,0x21,0xAD,0xA6,0xF9, |
---|
758 | 0x70,0xEA,0xCD,0x04,0xDD,0x58,0x91,0x89,0xB2,0xA9,0xF9,0xB4,0x12,0xA2,0x63,0x89, |
---|
759 | 0x40,0x8E,0xEA,0x62,0xEE,0x0B,0x01,0x82,0x6F,0xB3,0x5E,0x5C,0x36,0xBE,0xF4,0x97, |
---|
760 | 0x2C,0xCF,0x96,0x7C,0x0D,0xAD,0x62,0xCE,0xD4,0x38,0xC5,0x32,0x02,0x24,0x57,0x27, |
---|
761 | 0xE0,0xCF,0x56,0xA5,0x72,0x6D,0x90,0x89,0x2D,0x4C,0x34,0xF6,0x1D,0xDD,0x88,0x5E, |
---|
762 | 0x7A,0x23,0xE3,0x6F,0x42,0xA3,0xD9,0x58,0x7E,0xE3,0x52,0x74,0x57,0x63,0xB7,0xB2, |
---|
763 | 0xC1,0xA3,0x30,0x92,0x2E,0xB0,0x91,0x01,0x13,0x36,0x9A,0x6A,0xA7,0x5B,0x3C,0x07, |
---|
764 | 0xFB,0xD8,0x1E,0x7E,0xCF,0x49,0xAB,0x3F,0xCA,0xCE,0x74,0x40,0x54,0x8D,0x83,0x61, |
---|
765 | 0xCA,0xC3,0x76,0x59,0x5C,0x9F,0x49,0x8A,0x7D,0xD1,0x17,0x9C,0xA4,0xDB,0xB9,0x16, |
---|
766 | 0x4D,0x64,0xF7,0xC7,0xF0,0x24,0xE7,0x00,0xB6,0x98,0xD5,0x8B,0x54,0xCB,0x1E,0x8B, |
---|
767 | 0xA2,0x2B,0x7D,0x50,0x51,0x8A,0xF0,0xEF,0x47,0xAE,0xD0,0xD6,0xA0,0x42,0x8A,0xD8, |
---|
768 | 0x22,0xAF,0x02,0x99,0x4A,0xE0,0x8D,0x8D,0xBF,0x11,0x05,0xA4,0xC4,0x9D,0xB3,0x89, |
---|
769 | 0xB4,0x4C,0xC9,0xF7,0x4D,0xC5,0x2A,0x35,0x95,0x30,0xF3,0x0E,0x2F,0xEC,0x6E,0x3A, |
---|
770 | 0x8B,0x05,0x76,0xED,0x1A,0x7C,0xC0,0xE7,0x22,0xCB,0x59,0xFF,0xE6,0x37,0x78,0x44, |
---|
771 | 0xD4,0xEE,0xAD,0xD7,0xBD,0x2E,0xB7,0x6A,0xA4,0x4E,0x0E,0xFB,0xB0,0xF5,0xCB,0x87, |
---|
772 | 0xCF,0xC3,0x18,0x64,0x6F,0x26,0x5C,0xD7,0x16,0xC8,0x7F,0xAB,0x29,0xC4,0xBA,0xFF, |
---|
773 | 0xCD,0x1C,0xE4,0x3A,0xF2,0xEB,0x6A,0x38,0xE4,0x65,0xC2,0x33,0x03,0x26,0x7D,0x9B, |
---|
774 | 0x7E,0x1D,0x83,0x00,0x04,0x2D,0x2B,0x5F,0xFE,0x39,0x7E,0xF1,0x3C,0xA2,0x8C,0x52, |
---|
775 | 0x95,0xBF,0x46,0x81,0x24,0x44,0xF8,0x10,0xC3,0x87,0x8E,0x64,0x80,0x17,0x44,0xE2, |
---|
776 | 0x8B,0xD1,0x3C,0x4A,0xE2,0x1F,0xA9,0xDE,0x75,0x13,0xFC,0x2E,0x86,0x0A,0x5C,0x5F, |
---|
777 | 0x92,0x2B,0x92,0x2D,0x2A,0xEC,0xD2,0x5C,0x82,0x6B,0x76,0x1E,0xED,0xE6,0x56,0xF7, |
---|
778 | 0xD2,0xDB,0x96,0x68,0x02,0x68,0x99,0x49,0xEE,0x88,0x66,0xCE,0x5D,0x08,0x88,0xA8, |
---|
779 | 0xB9,0x24,0xB0,0xB4,0xDC,0xA6,0xC9,0xD8,0x68,0x80,0xBF,0x6B,0x32,0x57,0x7F,0x91, |
---|
780 | 0x0E,0x37,0x59,0xF6,0x76,0xD2,0xC5,0x0B,0xF3,0x23,0xBF,0x38,0x52,0x0D,0x97,0x81, |
---|
781 | 0x17,0xBB,0x9A,0xC2,0x55,0x44,0x72,0xCE,0xEE,0xFA,0xBB,0xDA,0xAB,0xB0,0x09,0xEA, |
---|
782 | 0xDB,0xBF,0x45,0x95,0x07,0x88,0xD4,0xD2,0x0D,0x2E,0x15,0x31,0xBE,0x6A,0xF4,0xEF, |
---|
783 | 0xA3,0x7D,0x22,0x81,0x3B,0xA8,0x83,0xF9,0x42,0xE5,0x9B,0x79,0x01,0xF5,0xDC,0x19, |
---|
784 | 0x64,0xEB,0x47,0x67,0xAF,0xA4,0xB2,0xAE,0xF8,0xF9,0x4D,0x63,0xAD,0x54,0xE1,0x02, |
---|
785 | 0x56,0x89,0x4E,0x0A,0xE8,0x3E,0x03,0xFA,0x33,0x61,0x58,0x80,0x64,0x55,0x3C,0x8C, |
---|
786 | 0x2A,0x3D,0x70,0x3E,0xE5,0xC1,0xA7,0x75,0xFC,0x91,0x75,0x05,0x8C,0x6E,0x3A,0x74, |
---|
787 | 0x10,0xF1,0x30,0xE6,0xF6,0xF7,0xAB,0x6C,0xB1,0x2B,0xF0,0x2F,0x13,0x6E,0xD4,0x0A, |
---|
788 | 0x64,0x29,0xF8,0xBB,0xA1,0xAA,0x55,0x09,0x93,0x47,0x2F,0x8C,0x7D,0xF1,0x2D,0x81, |
---|
789 | 0xFE,0x78,0xFC,0xEE,0x3F,0xDD,0x49,0xDC,0x0D,0x52,0x5C,0x3B,0x8F,0x08,0xB0,0xDF, |
---|
790 | 0xDC,0xFC,0xBE,0x5F,0x3B,0x53,0x82,0xE2,0xBD,0x6D,0x5D,0xF2,0x8D,0xFB,0x5A,0x1D, |
---|
791 | 0x15,0x1B,0xE4,0xB1,0x56,0x06,0x1A,0xF8,0x9C,0xB9,0x44,0xF2,0xD9,0xF4,0xB2,0x00, |
---|
792 | 0x9A,0x94,0x62,0x33,0x7E,0x0A,0xB0,0x0C,0xD5,0xEF,0x8E,0xA8,0xEB,0x47,0xE9,0x20, |
---|
793 | 0xA8,0x68,0xEF,0x53,0xA0,0x59,0x1B,0xA0,0x2B,0xC5,0x2B,0x30,0xB6,0x5D,0xAB,0xB4, |
---|
794 | 0x5F,0x86,0x71,0x95,0x89,0xFC,0xC7,0x9A,0xC3,0xED,0x82,0xA0,0x3D,0x73,0xC1,0x36, |
---|
795 | 0x01,0x5F,0x9E,0xD7,0xE3,0xC0,0x62,0x74,0xED,0x13,0xB6,0xD6,0xD5,0x37,0x17,0xE1, |
---|
796 | 0x39,0xC7,0x6D,0x31,0xBA,0x02,0xAF,0xD5,0xCC,0x51,0xA8,0x09,0x3F,0x00,0x4A,0x8F, |
---|
797 | 0xA6,0x23,0x13,0x88,0xCD,0x1F,0x38,0x60,0xE7,0xE7,0x53,0xDC,0x65,0xE8,0x53,0x26, |
---|
798 | 0xBB,0xE1,0x1F,0x65,0xF0,0xAD,0x53,0x3B,0xBD,0xAD,0x97,0xAC,0xD1,0xA5,0xD0,0xE9, |
---|
799 | 0xEB,0xD6,0x11,0xD5,0x00,0xDF,0x72,0x9C,0xCC,0x7F,0xD3,0x67,0xA1,0x3A,0x79,0xE1, |
---|
800 | 0x85,0x70,0xE5,0x43,0xC9,0x28,0xA5,0x2F,0x9E,0xE7,0xFE,0xEB,0x14,0x10,0x23,0xC7, |
---|
801 | 0xAF,0xB1,0x24,0xC8,0xE5,0x44,0x6F,0x4C,0x04,0xEC,0xC1,0xF0,0x23,0x1C,0xF6,0xAC, |
---|
802 | 0xAF,0xC4,0x0E,0x2D,0x59,0x39,0x47,0xA9,0x9E,0xD9,0x2E,0x79,0xBA,0xFE,0x4F,0x12, |
---|
803 | 0x7F,0x63,0x7F,0x62,0x67,0x7C,0x52,0x2F,0xCA,0x8B,0x6B,0x4F,0x10,0x8F,0x14,0xC6, |
---|
804 | 0xA1,0x9B,0x45,0x15,0x90,0x63,0x22,0x5D,0x68,0x4B,0xCF,0xFA,0x6A,0x06,0xF0,0x26, |
---|
805 | 0xAC,0x6C,0x3A,0x89,0x25,0xF3,0x5E,0x90,0x06,0x93,0xB6,0x35,0x0D,0x85,0x60,0x98, |
---|
806 | 0xBC,0x6E,0xF2,0xA5,0x17,0x29,0x70,0xD6,0xFF,0x0C,0xD0,0xC0,0x35,0xD7,0x4A,0xFD }; |
---|
807 | |
---|
808 | |
---|
809 | const uint8_t Tab1_Comp[11*8] = { |
---|
810 | 0x70,0x49,0xD7,0xE3,0xDF,0x3C,0x96,0x03,0x2A,0x70,0x82,0xA6,0x5F,0xDE,0xCC,0x0C, |
---|
811 | 0x2A,0x62,0x2A,0x3E,0xA4,0x0C,0x0A,0xAB,0x4F,0x06,0x5D,0xD4,0x14,0xAA,0xE1,0xC3, |
---|
812 | 0x96,0xDA,0x16,0x36,0x45,0x3C,0x63,0xC2,0x97,0x71,0x87,0xAB,0xFA,0xB2,0xFC,0xD6, |
---|
813 | 0x8F,0x85,0xC9,0x04,0x56,0xBA,0xEB,0x3F,0x42,0x9F,0xCB,0x66,0x55,0x45,0x1C,0x96, |
---|
814 | 0xFF,0x4D,0x35,0xDF,0x88,0x0E,0xDC,0xC8,0x4E,0x3F,0x81,0x74,0xD8,0x77,0x4C,0x8E, |
---|
815 | 0x00,0xC0,0x64,0x83,0x4E,0xBB,0xF0,0xB1 }; |
---|
816 | |
---|
817 | unsigned short buff8[8]; |
---|
818 | uint8_t buff11[11+1]; // +1 to avoid func2 bug |
---|
819 | int i1, i2; |
---|
820 | buff11[11] = 0; |
---|
821 | |
---|
822 | CommonMain_1_D2_13_15(datain, buff11); |
---|
823 | for (i1 = 0; i1 < 11; i1++) |
---|
824 | { buff11[i1] ^= Tab1_Comp[(loopval * 11) + i1]; } |
---|
825 | |
---|
826 | for (i1 = 0; i1 < 8; i1++) |
---|
827 | { buff8[i1] = CommonMain_2_D2_13_15(buff11, i1 * 11); } |
---|
828 | |
---|
829 | for (i1 = 0; i1 < 8; i1++) |
---|
830 | { dataout[i1] = Tab0_Comp[buff8[i1]]; } |
---|
831 | |
---|
832 | i1 = 1; |
---|
833 | while (i1 < 8) |
---|
834 | { |
---|
835 | i2 = 0 ; |
---|
836 | while (i2 < 8) |
---|
837 | { |
---|
838 | CommonMain_3_D2_13_15(&dataout[i2], &dataout[i1 + i2], i1); |
---|
839 | i2 += (i1 * 2); |
---|
840 | } |
---|
841 | i1 *= 2; |
---|
842 | } |
---|
843 | } |
---|
844 | |
---|
845 | void Common_D2_13_15(uint8_t *cw0, const uint8_t *cw1, int loopval) |
---|
846 | { |
---|
847 | int i; |
---|
848 | uint8_t buff8[8]; |
---|
849 | |
---|
850 | CommonMain_D2_13_15(cw1, buff8, loopval); |
---|
851 | for (i = 0; i < 8; i++) |
---|
852 | { cw0[i] ^= buff8[i]; } |
---|
853 | } |
---|
854 | |
---|
855 | void ExchangeCWs(uint8_t *cw0, uint8_t *cw1) |
---|
856 | { |
---|
857 | int i; |
---|
858 | uint8_t b; |
---|
859 | |
---|
860 | for (i = 0; i < 8; i++) |
---|
861 | { |
---|
862 | b = cw1[i]; |
---|
863 | cw1[i] = cw0[i]; |
---|
864 | cw0[i] = b; |
---|
865 | } |
---|
866 | } |
---|
867 | |
---|
868 | |
---|
869 | void hdSurEncPhase1_D2_13_15(uint8_t *cws) |
---|
870 | { |
---|
871 | int i; |
---|
872 | |
---|
873 | for (i = 0; i <= 7; i++) |
---|
874 | { |
---|
875 | // Possible code |
---|
876 | if ((i & 1)==0) |
---|
877 | Common_D2_13_15((uint8_t *) &cws[0], (uint8_t *) &cws[8], i); |
---|
878 | else |
---|
879 | Common_D2_13_15((uint8_t *) &cws[8], (uint8_t *) &cws[0], i); |
---|
880 | // Other possible code |
---|
881 | //Common_D2_13_15((uint8_t *) &cws[0], (uint8_t *) &cws[8], i); |
---|
882 | //ExchangeCWs((uint8_t *) &cws[0], (uint8_t *) &cws[8]); |
---|
883 | } |
---|
884 | ExchangeCWs((uint8_t *) &cws[0], (uint8_t *) &cws[8]); |
---|
885 | } |
---|
886 | |
---|
887 | void hdSurEncPhase2_D2_13_15(uint8_t *cws) |
---|
888 | { |
---|
889 | int i; |
---|
890 | |
---|
891 | for (i = 7; i >= 0; i--) |
---|
892 | { |
---|
893 | // Possible code |
---|
894 | if ((i & 1)==0) |
---|
895 | Common_D2_13_15((uint8_t *) &cws[8], (uint8_t *) &cws[0], i); |
---|
896 | else |
---|
897 | Common_D2_13_15((uint8_t *) &cws[0], (uint8_t *) &cws[8], i); |
---|
898 | // Other possible code |
---|
899 | //Common_D2_13_15((uint8_t *) &cws[0], (uint8_t *) &cws[8], i); |
---|
900 | //ExchangeCWs((uint8_t *) &cws[0], (uint8_t *) &cws[8]); |
---|
901 | } |
---|
902 | ExchangeCWs((uint8_t *) &cws[8], (uint8_t *) &cws[0]); |
---|
903 | } |
---|
904 | |
---|
905 | |
---|
906 | static int32_t viaccess_card_init(struct s_reader *reader, ATR *newatr) |
---|
907 | { |
---|
908 | get_atr; |
---|
909 | def_resp; |
---|
910 | int32_t i; |
---|
911 | uchar buf[256]; |
---|
912 | uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data |
---|
913 | uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data |
---|
914 | uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer |
---|
915 | uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item |
---|
916 | static const uchar insFAC[] = { 0x87, 0x02, 0x00, 0x00, 0x03 }; // init FAC |
---|
917 | static const uchar FacDat[] = { 0x00, 0x00, 0x28 }; |
---|
918 | static unsigned char ins8702_data[] = { 0x00, 0x00, 0x11}; |
---|
919 | static unsigned char ins8704[] = { 0x87, 0x04, 0x00, 0x00, 0x07 }; |
---|
920 | static unsigned char ins8706[] = { 0x87, 0x06, 0x00, 0x00, 0x04 }; |
---|
921 | |
---|
922 | |
---|
923 | if((atr[1] != 0x77) || ((atr[2] != 0x18) && (atr[2] != 0x11) && (atr[2] != 0x19)) || ((atr[9] != 0x68) && (atr[9] != 0x6C) && (atr[9] != 0x64))) |
---|
924 | { return ERROR; } |
---|
925 | |
---|
926 | write_cmd(insFAC, FacDat); |
---|
927 | if(!(cta_res[cta_lr - 2] == 0x90 && cta_res[cta_lr - 1] == 0)) |
---|
928 | { return ERROR; } |
---|
929 | |
---|
930 | if(!cs_malloc(&reader->csystem_data, sizeof(struct viaccess_data))) |
---|
931 | { return ERROR; } |
---|
932 | struct viaccess_data *csystem_data = reader->csystem_data; |
---|
933 | |
---|
934 | write_cmd(insFAC, ins8702_data); |
---|
935 | if((cta_res[cta_lr - 2] == 0x90) && (cta_res[cta_lr - 1] == 0x00)) |
---|
936 | { |
---|
937 | write_cmd(ins8704, NULL); |
---|
938 | if((cta_res[cta_lr - 2] == 0x90) && (cta_res[cta_lr - 1] == 0x00)) |
---|
939 | { |
---|
940 | write_cmd(ins8706, NULL); |
---|
941 | if((cta_res[cta_lr - 2] == 0x90) && (cta_res[cta_lr - 1] == 0x00)) |
---|
942 | { |
---|
943 | csystem_data->last_geo.number_ecm = (cta_res[2] << 8) | (cta_res[3]); |
---|
944 | rdr_log(reader, "using ecm #%x for long viaccess ecm", csystem_data->last_geo.number_ecm); |
---|
945 | } |
---|
946 | } |
---|
947 | } |
---|
948 | |
---|
949 | |
---|
950 | // switch((atr[atrsize-4]<<8)|atr[atrsize-3]) |
---|
951 | // { |
---|
952 | // case 0x6268: ver="2.3"; break; |
---|
953 | // case 0x6668: ver="2.4(?)"; break; |
---|
954 | // case 0xa268: |
---|
955 | // default: ver="unknown"; break; |
---|
956 | // } |
---|
957 | |
---|
958 | reader->caid = 0x500; |
---|
959 | memset(reader->prid, 0xff, sizeof(reader->prid)); |
---|
960 | insac[2] = 0xa4; |
---|
961 | write_cmd(insac, NULL); // request unique id |
---|
962 | insb8[4] = 0x07; |
---|
963 | write_cmd(insb8, NULL); // read unique id |
---|
964 | memcpy(reader->hexserial, cta_res + 2, 5); |
---|
965 | // rdr_log(reader, "[viaccess-reader] type: Viaccess, ver: %s serial: %llu", ver, b2ll(5, cta_res+2)); |
---|
966 | rdr_log_sensitive(reader, "type: Viaccess (%sstandard atr), caid: %04X, serial: {%llu}", |
---|
967 | atr[9] == 0x68 ? "" : "non-", reader->caid, (unsigned long long) b2ll(5, cta_res + 2)); |
---|
968 | |
---|
969 | i = 0; |
---|
970 | insa4[2] = 0x00; |
---|
971 | write_cmd(insa4, NULL); // select issuer 0 |
---|
972 | buf[0] = 0; |
---|
973 | while((cta_res[cta_lr - 2] == 0x90) && (cta_res[cta_lr - 1] == 0)) |
---|
974 | { |
---|
975 | insc0[4] = 0x1a; |
---|
976 | write_cmd(insc0, NULL); // show provider properties |
---|
977 | cta_res[2] &= 0xF0; |
---|
978 | reader->prid[i][0] = 0; |
---|
979 | memcpy(&reader->prid[i][1], cta_res, 3); |
---|
980 | memcpy(&csystem_data->availkeys[i][0], cta_res + 10, 16); |
---|
981 | snprintf((char *)buf + strlen((char *)buf), sizeof(buf) - strlen((char *)buf), ",%06X", b2i(3, &reader->prid[i][1])); |
---|
982 | //rdr_log(reader, "[viaccess-reader] buf: %s", buf); |
---|
983 | |
---|
984 | insac[2] = 0xa5; |
---|
985 | write_cmd(insac, NULL); // request sa |
---|
986 | insb8[4] = 0x06; |
---|
987 | write_cmd(insb8, NULL); // read sa |
---|
988 | memcpy(&reader->sa[i][0], cta_res + 2, 4); |
---|
989 | |
---|
990 | /* |
---|
991 | insac[2]=0xa7; write_cmd(insac, NULL); // request name |
---|
992 | insb8[4]=0x02; write_cmd(insb8, NULL); // read name nano + len |
---|
993 | l=cta_res[1]; |
---|
994 | insb8[4]=l; write_cmd(insb8, NULL); // read name |
---|
995 | cta_res[l]=0; |
---|
996 | rdr_log(reader, "[viaccess-reader] name: %s", cta_res); |
---|
997 | */ |
---|
998 | |
---|
999 | insa4[2] = 0x02; |
---|
1000 | write_cmd(insa4, NULL); // select next issuer |
---|
1001 | i++; |
---|
1002 | } |
---|
1003 | reader->nprov = i; |
---|
1004 | rdr_log(reader, "providers: %d (%s)", reader->nprov, buf + 1); |
---|
1005 | |
---|
1006 | get_maturity(reader); |
---|
1007 | if(cfg.ulparent) |
---|
1008 | { |
---|
1009 | unlock_parental(reader); |
---|
1010 | } |
---|
1011 | |
---|
1012 | rdr_log(reader, "ready for requests"); |
---|
1013 | return OK; |
---|
1014 | } |
---|
1015 | |
---|
1016 | bool dcw_crc(uchar *dw) |
---|
1017 | { |
---|
1018 | int8_t i; |
---|
1019 | for(i = 0; i < 16; i += 4) if(dw[i + 3] != ((dw[i] + dw[i + 1] + dw[i + 2]) & 0xFF)) { return 0; } |
---|
1020 | return 1; |
---|
1021 | } |
---|
1022 | |
---|
1023 | static int32_t viaccess_do_ecm(struct s_reader *reader, const ECM_REQUEST *er, struct s_ecm_answer *ea) |
---|
1024 | { |
---|
1025 | def_resp; |
---|
1026 | static const unsigned char insa4[] = { 0xca, 0xa4, 0x04, 0x00, 0x03 }; // set provider id |
---|
1027 | unsigned char ins88[] = { 0xca, 0x88, 0x00, 0x00, 0x00 }; // set ecm |
---|
1028 | unsigned char insf8[] = { 0xca, 0xf8, 0x00, 0x00, 0x00 }; // set geographic info |
---|
1029 | static const unsigned char insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x12 }; // read dcw |
---|
1030 | struct viaccess_data *csystem_data = reader->csystem_data; |
---|
1031 | |
---|
1032 | // //XXX what is the 4th uint8_t for ?? |
---|
1033 | int32_t ecm88Len = MIN(MAX_ECM_SIZE - 4, SCT_LEN(er->ecm) - 4); |
---|
1034 | if(ecm88Len < 1) |
---|
1035 | { |
---|
1036 | rdr_log(reader, "ECM: Size of ECM couldn't be correctly calculated."); |
---|
1037 | return ERROR; |
---|
1038 | } |
---|
1039 | uchar ecmData[ecm88Len]; |
---|
1040 | memset(ecmData, 0, ecm88Len); |
---|
1041 | memcpy(ecmData, er->ecm + 4, ecm88Len); |
---|
1042 | uchar *ecm88Data = &ecmData[0]; |
---|
1043 | uint32_t provid = 0; |
---|
1044 | int32_t rc = 0; |
---|
1045 | int32_t hasD2 = 0; |
---|
1046 | uchar hasE0 = 0; |
---|
1047 | int32_t curEcm88len = 0; |
---|
1048 | int32_t nanoLen = 0; |
---|
1049 | uchar *nextEcm; |
---|
1050 | uchar DE04[MAX_ECM_SIZE]; |
---|
1051 | int32_t D2KeyID = 0; |
---|
1052 | int32_t curnumber_ecm = 0; |
---|
1053 | //nanoD2 d2 02 0d 02 -> D2 nano, len 2 |
---|
1054 | // 0b, 0f, 13 -> pre AES decrypt CW |
---|
1055 | // 0d, 11, 15 -> post AES decrypt CW |
---|
1056 | |
---|
1057 | int32_t nanoD2 = 0; // knowns D2 nanos: 0x0b ,0x0d ,0x0f ,0x11, 0x13, 0x15 |
---|
1058 | |
---|
1059 | memset(DE04, 0, sizeof(DE04)); //fix dorcel de04 bug |
---|
1060 | |
---|
1061 | nextEcm = ecm88Data; |
---|
1062 | |
---|
1063 | while(ecm88Len > 0 && !rc) |
---|
1064 | { |
---|
1065 | |
---|
1066 | if(ecm88Data[0] == 0x00 && ecm88Data[1] == 0x00) |
---|
1067 | { |
---|
1068 | // nano 0x00 and len 0x00 aren't valid ... something is obviously wrong with this ecm. |
---|
1069 | rdr_log(reader, "ECM: Invalid ECM structure. Rejecting"); |
---|
1070 | return ERROR; |
---|
1071 | } |
---|
1072 | |
---|
1073 | // 80 33 nano 80 (ecm) + len (33) |
---|
1074 | if(ecm88Data[0] == 0x80) // nano 80, give ecm len |
---|
1075 | { |
---|
1076 | curEcm88len = ecm88Data[1]; |
---|
1077 | nextEcm = ecm88Data + curEcm88len + 2; |
---|
1078 | ecm88Data += 2; |
---|
1079 | ecm88Len -= 2; |
---|
1080 | } |
---|
1081 | |
---|
1082 | if(!curEcm88len) //there was no nano 80 -> simple ecm |
---|
1083 | { |
---|
1084 | curEcm88len = ecm88Len; |
---|
1085 | } |
---|
1086 | |
---|
1087 | // d2 02 0d 02 -> D2 nano, len 2, select the AES key to be used |
---|
1088 | if(ecm88Data[0] == 0xd2) |
---|
1089 | { |
---|
1090 | // test if it needs AES decrypt |
---|
1091 | if(ecm88Data[2] == 0x0b) |
---|
1092 | { |
---|
1093 | nanoD2 = 0x0b; |
---|
1094 | rdr_log_dbg(reader, D_READER, "ECM: nano D2 0x0b"); |
---|
1095 | } |
---|
1096 | if(ecm88Data[2] == 0x0d) |
---|
1097 | { |
---|
1098 | nanoD2 = 0x0d; |
---|
1099 | rdr_log_dbg(reader, D_READER, "ECM: nano D2 0x0d"); |
---|
1100 | } |
---|
1101 | if(ecm88Data[2] == 0x0f) |
---|
1102 | { |
---|
1103 | nanoD2 = 0x0f; |
---|
1104 | rdr_log_dbg(reader, D_READER, "ECM: nano D2 0x0f"); |
---|
1105 | } |
---|
1106 | if(ecm88Data[2] == 0x11) |
---|
1107 | { |
---|
1108 | nanoD2 = 0x11; |
---|
1109 | rdr_log_dbg(reader, D_READER, "ECM: nano D2 0x11"); |
---|
1110 | } |
---|
1111 | if(ecm88Data[2] == 0x13) |
---|
1112 | { |
---|
1113 | nanoD2 = 0x13; |
---|
1114 | rdr_log_dbg(reader, D_READER, "ECM: nano D2 0x13"); |
---|
1115 | } |
---|
1116 | if(ecm88Data[2] == 0x15) |
---|
1117 | { |
---|
1118 | nanoD2 = 0x15; |
---|
1119 | rdr_log_dbg(reader, D_READER, "ECM: nano D2 0x15"); |
---|
1120 | } |
---|
1121 | // use the d2 arguments to get the key # to be used |
---|
1122 | int32_t len = ecm88Data[1] + 2; |
---|
1123 | D2KeyID = ecm88Data[3]; |
---|
1124 | ecm88Data += len; |
---|
1125 | ecm88Len -= len; |
---|
1126 | curEcm88len -= len; |
---|
1127 | hasD2 = 1; |
---|
1128 | } |
---|
1129 | else |
---|
1130 | { hasD2 = 0; } |
---|
1131 | |
---|
1132 | |
---|
1133 | // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here |
---|
1134 | // 09 -> use key #9 |
---|
1135 | // 05 67 00 |
---|
1136 | if((ecm88Data[0] == 0x90 || ecm88Data[0] == 0x40) && (ecm88Data[1] == 0x03 || ecm88Data[1] == 0x07)) |
---|
1137 | { |
---|
1138 | uchar ident[3], keynr; |
---|
1139 | uchar *ecmf8Data = 0; |
---|
1140 | int32_t ecmf8Len = 0; |
---|
1141 | |
---|
1142 | nanoLen = ecm88Data[1] + 2; |
---|
1143 | keynr = ecm88Data[4] & 0x0F; |
---|
1144 | |
---|
1145 | // 40 07 03 0b 00 -> nano 40, len =7 ident 030B00 (tntsat), key #0 <== we're pointing here |
---|
1146 | // 09 -> use key #9 |
---|
1147 | if(nanoLen > 5) |
---|
1148 | { |
---|
1149 | curnumber_ecm = (ecm88Data[6] << 8) | (ecm88Data[7]); |
---|
1150 | rdr_log_dbg(reader, D_READER, "checking if the ecm number (%x) match the card one (%x)", curnumber_ecm, csystem_data->last_geo.number_ecm); |
---|
1151 | // if we have an ecm number we check it. |
---|
1152 | // we can't assume that if the nano len is 5 or more we have an ecm number |
---|
1153 | // as some card don't support this |
---|
1154 | if(csystem_data->last_geo.number_ecm > 0) |
---|
1155 | { |
---|
1156 | if(csystem_data->last_geo.number_ecm == curnumber_ecm && !(ecm88Data[nanoLen - 1] == 0x01)) |
---|
1157 | { |
---|
1158 | keynr = ecm88Data[5]; |
---|
1159 | rdr_log_dbg(reader, D_READER, "keyToUse = %02x, ECM ending with %02x", ecm88Data[5], ecm88Data[nanoLen - 1]); |
---|
1160 | } |
---|
1161 | else |
---|
1162 | { |
---|
1163 | if(ecm88Data[nanoLen - 1] == 0x01) |
---|
1164 | { |
---|
1165 | rdr_log_dbg(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x) for provider %02x%02x%02x", ecm88Data[nanoLen - 1], curnumber_ecm, ecm88Data[2], ecm88Data[3], ecm88Data[4]); |
---|
1166 | } |
---|
1167 | rdr_log_dbg(reader, D_READER, "Skip ECM ending with = %02x for ecm number (%x)", ecm88Data[nanoLen - 1], curnumber_ecm); |
---|
1168 | ecm88Data = nextEcm; |
---|
1169 | ecm88Len -= curEcm88len; |
---|
1170 | continue; //loop to next ecm |
---|
1171 | } |
---|
1172 | } |
---|
1173 | else // long ecm but we don't have an ecm number so we have to try them all. |
---|
1174 | { |
---|
1175 | keynr = ecm88Data[5]; |
---|
1176 | rdr_log_dbg(reader, D_READER, "keyToUse = %02x", ecm88Data[5]); |
---|
1177 | } |
---|
1178 | } |
---|
1179 | |
---|
1180 | memcpy(ident, &ecm88Data[2], sizeof(ident)); |
---|
1181 | provid = b2i(3, ident); |
---|
1182 | ident[2] &= 0xF0; |
---|
1183 | |
---|
1184 | if(hasD2 && reader->aes_list) |
---|
1185 | { |
---|
1186 | // check that we have the AES key to decode the CW |
---|
1187 | // if not there is no need to send the ecm to the card |
---|
1188 | if(!aes_present(reader->aes_list, 0x500, (uint32_t)(provid & 0xFFFFF0) , D2KeyID)) |
---|
1189 | { return ERROR; } |
---|
1190 | } |
---|
1191 | |
---|
1192 | |
---|
1193 | if(!chk_prov(reader, ident, keynr)) |
---|
1194 | { |
---|
1195 | rdr_log_dbg(reader, D_READER, "ECM: provider or key not found on card"); |
---|
1196 | snprintf(ea->msglog, MSGLOGSIZE, "provider(%02x%02x%02x) or key(%d) not found on card", ident[0], ident[1], ident[2], keynr); |
---|
1197 | return ERROR; |
---|
1198 | } |
---|
1199 | |
---|
1200 | ecm88Data += nanoLen; |
---|
1201 | ecm88Len -= nanoLen; |
---|
1202 | curEcm88len -= nanoLen; |
---|
1203 | |
---|
1204 | // DE04 |
---|
1205 | if(ecm88Data[0] == 0xDE && ecm88Data[1] == 0x04) |
---|
1206 | { |
---|
1207 | memcpy(DE04, &ecm88Data[0], 6); |
---|
1208 | ecm88Data += 6; |
---|
1209 | } |
---|
1210 | |
---|
1211 | // E0 (seen so far in logs: E0020002 or E0022002, but not in all cases delivers invalid cw so just detect!) |
---|
1212 | if(ecm88Data[0] == 0xE0 && ecm88Data[1] == 0x02) |
---|
1213 | { |
---|
1214 | rdr_log_dbg(reader, D_READER,"[viaccess-reader] nano E0 ECM detected!"); |
---|
1215 | hasE0=1; |
---|
1216 | } |
---|
1217 | |
---|
1218 | |
---|
1219 | if(csystem_data->last_geo.provid != provid) |
---|
1220 | { |
---|
1221 | csystem_data->last_geo.provid = provid; |
---|
1222 | csystem_data->last_geo.geo_len = 0; |
---|
1223 | csystem_data->last_geo.geo[0] = 0; |
---|
1224 | write_cmd(insa4, ident); // set provider |
---|
1225 | } |
---|
1226 | |
---|
1227 | // Nano D2 0x0b, 0x0f, 0x13 -> pre AES decrypt CW |
---|
1228 | |
---|
1229 | if(hasD2 && (nanoD2 == 0x0b|| nanoD2 == 0x0f|| nanoD2 == 0x13)) |
---|
1230 | { |
---|
1231 | uchar *ecm88DataCW = ecm88Data; |
---|
1232 | int32_t cwStart = 0; |
---|
1233 | //int32_t cwStartRes = 0; |
---|
1234 | int32_t must_exit = 0; |
---|
1235 | // find CW start |
---|
1236 | while(cwStart < curEcm88len - 1 && !must_exit) |
---|
1237 | { |
---|
1238 | if(ecm88Data[cwStart] == 0xEA && ecm88Data[cwStart + 1] == 0x10) |
---|
1239 | { |
---|
1240 | ecm88DataCW = ecm88DataCW + cwStart + 2; |
---|
1241 | must_exit = 1; |
---|
1242 | } |
---|
1243 | cwStart++; |
---|
1244 | } |
---|
1245 | if(nanoD2 == 0x0f) |
---|
1246 | { |
---|
1247 | hdSurEncPhase1_D2_0F_11(ecm88DataCW); |
---|
1248 | hdSurEncPhase2_D2_0F_11(ecm88DataCW); |
---|
1249 | } |
---|
1250 | if(nanoD2 == 0x13) |
---|
1251 | { |
---|
1252 | hdSurEncPhase1_D2_13_15(ecm88DataCW); |
---|
1253 | } |
---|
1254 | |
---|
1255 | // use AES from list to decrypt CW |
---|
1256 | rdr_log_dbg(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x", D2KeyID, (provid & 0xFFFFF0)); |
---|
1257 | if(aes_decrypt_from_list(reader->aes_list, 0x500, (uint32_t)(provid & 0xFFFFF0), D2KeyID, &ecm88DataCW[0], 16) == 0) |
---|
1258 | { snprintf(ea->msglog, MSGLOGSIZE, "Missing AES key(%d)[aka E%X]",D2KeyID, D2KeyID); } |
---|
1259 | if(nanoD2 == 0x0f) |
---|
1260 | { |
---|
1261 | hdSurEncPhase1_D2_0F_11(ecm88DataCW); |
---|
1262 | } |
---|
1263 | if(nanoD2 == 0x13) |
---|
1264 | { |
---|
1265 | hdSurEncPhase2_D2_13_15(ecm88DataCW); |
---|
1266 | } |
---|
1267 | } |
---|
1268 | |
---|
1269 | while(ecm88Len > 1 && ecm88Data[0] < 0xA0) |
---|
1270 | { |
---|
1271 | nanoLen = ecm88Data[1] + 2; |
---|
1272 | if(!ecmf8Data) |
---|
1273 | { ecmf8Data = (uchar *)ecm88Data; } |
---|
1274 | ecmf8Len += nanoLen; |
---|
1275 | ecm88Len -= nanoLen; |
---|
1276 | curEcm88len -= nanoLen; |
---|
1277 | ecm88Data += nanoLen; |
---|
1278 | } |
---|
1279 | if(ecmf8Len) |
---|
1280 | { |
---|
1281 | if(csystem_data->last_geo.geo_len != ecmf8Len || |
---|
1282 | memcmp(csystem_data->last_geo.geo, ecmf8Data, csystem_data->last_geo.geo_len)) |
---|
1283 | { |
---|
1284 | memcpy(csystem_data->last_geo.geo, ecmf8Data, ecmf8Len); |
---|
1285 | csystem_data->last_geo.geo_len = ecmf8Len; |
---|
1286 | insf8[3] = keynr; |
---|
1287 | insf8[4] = ecmf8Len; |
---|
1288 | write_cmd(insf8, ecmf8Data); |
---|
1289 | } |
---|
1290 | } |
---|
1291 | ins88[2] = ecmf8Len ? 1 : 0; |
---|
1292 | ins88[3] = keynr; |
---|
1293 | ins88[4] = (curEcm88len > 0xFF) ? 0x00 : curEcm88len; |
---|
1294 | // |
---|
1295 | // we should check the nano to make sure the ecm is valid |
---|
1296 | // we should look for at least 1 E3 nano, 1 EA nano and the F0 signature nano |
---|
1297 | // |
---|
1298 | // DE04 |
---|
1299 | if(DE04[0] == 0xDE) |
---|
1300 | { |
---|
1301 | uint32_t l = curEcm88len - 6; |
---|
1302 | if(l > MAX_ECM_SIZE || curEcm88len <= 6) //don't known if this is ok... |
---|
1303 | { |
---|
1304 | rdr_log(reader, "ecm invalid/too long! len=%d", curEcm88len); |
---|
1305 | return ERROR; |
---|
1306 | } |
---|
1307 | memcpy(DE04 + 6, (uchar *)ecm88Data, l); |
---|
1308 | write_cmd(ins88, DE04); // request dcw |
---|
1309 | } |
---|
1310 | else |
---|
1311 | { |
---|
1312 | write_cmd(ins88, (uchar *)ecm88Data); // request dcw |
---|
1313 | } |
---|
1314 | // |
---|
1315 | write_cmd(insc0, NULL); // read dcw |
---|
1316 | switch(cta_res[0]) |
---|
1317 | { |
---|
1318 | case 0xe8: // even |
---|
1319 | if(cta_res[1] == 8) |
---|
1320 | { |
---|
1321 | memcpy(ea->cw, cta_res + 2, 8); |
---|
1322 | rc = 1; |
---|
1323 | } |
---|
1324 | break; |
---|
1325 | case 0xe9: // odd |
---|
1326 | if(cta_res[1] == 8) |
---|
1327 | { |
---|
1328 | memcpy(ea->cw + 8, cta_res + 2, 8); |
---|
1329 | rc = 1; |
---|
1330 | } |
---|
1331 | break; |
---|
1332 | case 0xea: // complete |
---|
1333 | if(cta_res[1] == 16) |
---|
1334 | { |
---|
1335 | memcpy(ea->cw, cta_res + 2, 16); |
---|
1336 | rc = 1; |
---|
1337 | } |
---|
1338 | break; |
---|
1339 | |
---|
1340 | default : |
---|
1341 | ecm88Data = nextEcm; |
---|
1342 | ecm88Len -= curEcm88len; |
---|
1343 | rdr_log_dbg(reader, D_READER, "Error: card respondend %02X %02X, trying next ECM", cta_res[0], cta_res[1]); |
---|
1344 | snprintf(ea->msglog, MSGLOGSIZE, "key to use is not the current one, trying next ECM"); |
---|
1345 | } |
---|
1346 | } |
---|
1347 | else |
---|
1348 | { |
---|
1349 | //ecm88Data=nextEcm; |
---|
1350 | //ecm88Len-=curEcm88len; |
---|
1351 | rdr_log_dbg(reader, D_READER, "ECM: Unknown ECM type"); |
---|
1352 | snprintf(ea->msglog, MSGLOGSIZE, "Unknown ECM type"); |
---|
1353 | return ERROR; /*Lets interupt the loop and exit, because we don't know this ECM type.*/ |
---|
1354 | } |
---|
1355 | } |
---|
1356 | |
---|
1357 | // Nano D2 0d, 11, 15 -> post AES decrypt CW |
---|
1358 | |
---|
1359 | if(hasD2 && !dcw_crc(ea->cw) && (nanoD2 == 0x0d || nanoD2 == 0x11 || nanoD2 == 0x15 )) |
---|
1360 | { |
---|
1361 | if(nanoD2 == 0x11) |
---|
1362 | { |
---|
1363 | hdSurEncPhase1_D2_0F_11(ea->cw); |
---|
1364 | hdSurEncPhase2_D2_0F_11(ea->cw); |
---|
1365 | } |
---|
1366 | if(nanoD2 == 0x15) |
---|
1367 | { |
---|
1368 | hdSurEncPhase1_D2_13_15(ea->cw); |
---|
1369 | } |
---|
1370 | rdr_log_dbg(reader, D_READER, "Decoding CW : using AES key id %d for provider %06x", D2KeyID, (provid & 0xFFFFF0)); |
---|
1371 | rc = aes_decrypt_from_list(reader->aes_list, 0x500, (uint32_t)(provid & 0xFFFFF0), D2KeyID, ea->cw, 16); |
---|
1372 | if(rc == 0) |
---|
1373 | { snprintf(ea->msglog, MSGLOGSIZE, "Missing AES key(%d)[aka E%X]",D2KeyID, D2KeyID); } |
---|
1374 | if(nanoD2 == 0x11) |
---|
1375 | { |
---|
1376 | hdSurEncPhase1_D2_0F_11(ea->cw); |
---|
1377 | } |
---|
1378 | if(nanoD2 == 0x15) |
---|
1379 | { |
---|
1380 | hdSurEncPhase2_D2_13_15(ea->cw); |
---|
1381 | } |
---|
1382 | } |
---|
1383 | |
---|
1384 | if ( hasE0 ) |
---|
1385 | { |
---|
1386 | if ( reader->initCA28 ) |
---|
1387 | { |
---|
1388 | rdr_log_dbg(reader, D_READER, "Decrypting nano E0 encrypted cw."); |
---|
1389 | uint8_t returnedcw[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; |
---|
1390 | memcpy(returnedcw,ea->cw,16); |
---|
1391 | // Processing 3DES |
---|
1392 | // Processing even cw |
---|
1393 | des(returnedcw, reader->key_schedule1, 0); //decrypt |
---|
1394 | des(returnedcw, reader->key_schedule2, 1); //crypt |
---|
1395 | des(returnedcw, reader->key_schedule1, 0); //decrypt |
---|
1396 | // Processing odd cw |
---|
1397 | des(returnedcw+8, reader->key_schedule1, 0); //decrypt |
---|
1398 | des(returnedcw+8, reader->key_schedule2, 1); //crypt |
---|
1399 | des(returnedcw+8, reader->key_schedule1, 0); //decrypt |
---|
1400 | |
---|
1401 | // returning value |
---|
1402 | memcpy(ea->cw,returnedcw, 16); |
---|
1403 | } |
---|
1404 | else |
---|
1405 | { |
---|
1406 | snprintf(ea->msglog, MSGLOGSIZE, "Viaccess nano E0 detected, no valid boxkey and deskey defined: no decoding"); |
---|
1407 | } |
---|
1408 | } |
---|
1409 | return (rc ? OK : ERROR); |
---|
1410 | } |
---|
1411 | |
---|
1412 | static int32_t viaccess_get_emm_type(EMM_PACKET *ep, struct s_reader *rdr) |
---|
1413 | { |
---|
1414 | uint32_t provid = 0; |
---|
1415 | rdr_log_dbg(rdr, D_EMM, "Entered viaccess_get_emm_type ep->emm[0]=%02x", ep->emm[0]); |
---|
1416 | |
---|
1417 | if(ep->emm[3] == 0x90 && ep->emm[4] == 0x03) |
---|
1418 | { |
---|
1419 | provid = b2i(3, ep->emm+5); |
---|
1420 | provid &=0xFFFFF0; |
---|
1421 | i2b_buf(4, provid, ep->provid); |
---|
1422 | } |
---|
1423 | |
---|
1424 | switch(ep->emm[0]) |
---|
1425 | { |
---|
1426 | case 0x88: |
---|
1427 | ep->type = UNIQUE; |
---|
1428 | memset(ep->hexserial, 0, 8); |
---|
1429 | memcpy(ep->hexserial, ep->emm + 4, 4); |
---|
1430 | rdr_log_dbg(rdr, D_EMM, "UNIQUE"); |
---|
1431 | if(!is_network_reader(rdr)) |
---|
1432 | { |
---|
1433 | return (!memcmp(rdr->hexserial + 1, ep->hexserial, 4)); // local reader |
---|
1434 | } |
---|
1435 | else |
---|
1436 | { |
---|
1437 | return 1; // let server decide! |
---|
1438 | } |
---|
1439 | |
---|
1440 | case 0x8A: |
---|
1441 | case 0x8B: |
---|
1442 | ep->type = GLOBAL; |
---|
1443 | rdr_log_dbg(rdr, D_EMM, "GLOBAL"); |
---|
1444 | return 1; |
---|
1445 | |
---|
1446 | case 0x8C: |
---|
1447 | case 0x8D: |
---|
1448 | ep->type = SHARED; |
---|
1449 | rdr_log_dbg(rdr, D_EMM, "SHARED (part)"); |
---|
1450 | // We need those packets to pass otherwise we would never |
---|
1451 | // be able to complete EMM reassembly |
---|
1452 | return 1; |
---|
1453 | |
---|
1454 | case 0x8E: |
---|
1455 | ep->type = SHARED; |
---|
1456 | rdr_log_dbg(rdr, D_EMM, "SHARED"); |
---|
1457 | memset(ep->hexserial, 0, 8); |
---|
1458 | memcpy(ep->hexserial, ep->emm + 3, 3); |
---|
1459 | |
---|
1460 | // local reader |
---|
1461 | int8_t i; |
---|
1462 | for(i = 0; i < rdr->nprov; i++) |
---|
1463 | { |
---|
1464 | if(!memcmp(&rdr->prid[i][2], ep->hexserial+1, 2)) |
---|
1465 | { return 1; } |
---|
1466 | |
---|
1467 | return (!memcmp(&rdr->sa[0][0], ep->hexserial, 3)); |
---|
1468 | } |
---|
1469 | |
---|
1470 | default: |
---|
1471 | ep->type = UNKNOWN; |
---|
1472 | rdr_log_dbg(rdr, D_EMM, "UNKNOWN"); |
---|
1473 | return 1; |
---|
1474 | } |
---|
1475 | } |
---|
1476 | |
---|
1477 | static int32_t viaccess_get_emm_filter(struct s_reader *rdr, struct s_csystem_emm_filter **emm_filters, unsigned int *filter_count) |
---|
1478 | { |
---|
1479 | if(*emm_filters == NULL) |
---|
1480 | { |
---|
1481 | bool network = is_network_reader(rdr); |
---|
1482 | int8_t device_emm = ((rdr->deviceemm >0) ? 1 : 0); // set to 1 if device specific emms should be catched too |
---|
1483 | |
---|
1484 | const unsigned int max_filter_count = 4 + ((device_emm != 0 && rdr->nprov > 0) ? 1:0) + (3 * ((rdr->nprov > 0) ? (rdr->nprov - 1) : 0)); |
---|
1485 | |
---|
1486 | if(!cs_malloc(emm_filters, max_filter_count * sizeof(struct s_csystem_emm_filter))) |
---|
1487 | { return ERROR; } |
---|
1488 | |
---|
1489 | struct s_csystem_emm_filter *filters = *emm_filters; |
---|
1490 | *filter_count = 0; |
---|
1491 | |
---|
1492 | int32_t idx = 0; |
---|
1493 | int32_t prov; |
---|
1494 | |
---|
1495 | if(rdr->nprov > 0 && device_emm == 1) |
---|
1496 | { |
---|
1497 | filters[idx].type = EMM_GLOBAL; // 8A or 8B no reassembly needed! |
---|
1498 | filters[idx].enabled = 1; |
---|
1499 | filters[idx].filter[0] = 0x8A; |
---|
1500 | filters[idx].mask[0] = 0xFE; |
---|
1501 | filters[idx].filter[3] = 0x80; // device specific emms |
---|
1502 | filters[idx].mask[3] = 0x80; |
---|
1503 | idx++; |
---|
1504 | } |
---|
1505 | |
---|
1506 | // shared are most important put them on top, define first since viaccess produces a lot of filters! |
---|
1507 | for(prov = 0; (prov < rdr->nprov); prov++) |
---|
1508 | { |
---|
1509 | if((rdr->prid[prov][2] &0xF0) == 0xF0) // skip this not useful provider |
---|
1510 | { |
---|
1511 | continue; |
---|
1512 | } |
---|
1513 | |
---|
1514 | filters[idx].type = EMM_SHARED; // 8C or 8D always first part of shared, second part delivered by 8E! |
---|
1515 | filters[idx].enabled = 1; |
---|
1516 | filters[idx].filter[0] = 0x8C; |
---|
1517 | filters[idx].mask[0] = 0xFE; |
---|
1518 | if(rdr->nprov > 0) |
---|
1519 | { |
---|
1520 | memcpy(&filters[idx].filter[4], &rdr->prid[prov][2], 2); |
---|
1521 | filters[idx].mask[4] = 0xFF; |
---|
1522 | filters[idx].mask[5] = 0xF0; // ignore last digit since this is key on card indicator! |
---|
1523 | } |
---|
1524 | idx++; |
---|
1525 | |
---|
1526 | filters[idx].type = EMM_SHARED; // 8E second part reassembly with 8c/8d needed! |
---|
1527 | filters[idx].enabled = 1; |
---|
1528 | filters[idx].filter[0] = 0x8E; |
---|
1529 | filters[idx].mask[0] = 0xFF; |
---|
1530 | if(rdr->nprov > 0) |
---|
1531 | { |
---|
1532 | memcpy(&filters[idx].filter[1], &rdr->sa[prov][0], 3); |
---|
1533 | memset(&filters[idx].mask[1], 0xFF, 3); |
---|
1534 | } |
---|
1535 | idx++; |
---|
1536 | } |
---|
1537 | |
---|
1538 | // globals are less important, define last since viaccess produces a lot of filters! |
---|
1539 | for(prov = 0; (prov < rdr->nprov); prov++) |
---|
1540 | { |
---|
1541 | if((rdr->prid[prov][2] &0xF0) == 0xF0) // skip this not useful provider |
---|
1542 | { |
---|
1543 | continue; |
---|
1544 | } |
---|
1545 | |
---|
1546 | filters[idx].type = EMM_GLOBAL; // 8A or 8B no reassembly needed! |
---|
1547 | filters[idx].enabled = 1; |
---|
1548 | filters[idx].filter[0] = 0x8A; |
---|
1549 | filters[idx].mask[0] = 0xFE; |
---|
1550 | if(rdr->nprov > 0) |
---|
1551 | { |
---|
1552 | memcpy(&filters[idx].filter[4], &rdr->prid[prov][2], 2); |
---|
1553 | filters[idx].mask[4] = 0xFF; |
---|
1554 | filters[idx].mask[5] = 0xF0; // ignore last digit since this is key on card indicator! |
---|
1555 | } |
---|
1556 | else if (device_emm == 0) |
---|
1557 | { |
---|
1558 | filters[idx].filter[3] = 0x00; // additional filter to cancel device specific emms |
---|
1559 | filters[idx].mask[3] = 0x80; |
---|
1560 | } |
---|
1561 | idx++; |
---|
1562 | } |
---|
1563 | |
---|
1564 | filters[idx].type = EMM_UNIQUE; |
---|
1565 | filters[idx].enabled = 1; |
---|
1566 | filters[idx].filter[0] = 0x88; |
---|
1567 | filters[idx].mask[0] = 0xFF; |
---|
1568 | if(!network) // network has only 3 digits out of 4 |
---|
1569 | { |
---|
1570 | memcpy(&filters[idx].filter[1], rdr->hexserial + 1, 4); |
---|
1571 | memset(&filters[idx].mask[1], 0xFF, 4); |
---|
1572 | } |
---|
1573 | else |
---|
1574 | { |
---|
1575 | memcpy(&filters[idx].filter[1], rdr->hexserial + 1, 3); |
---|
1576 | memset(&filters[idx].mask[1], 0xFF, 3); |
---|
1577 | } |
---|
1578 | idx++; |
---|
1579 | |
---|
1580 | *filter_count = idx; |
---|
1581 | } |
---|
1582 | |
---|
1583 | return OK; |
---|
1584 | } |
---|
1585 | |
---|
1586 | static int32_t viaccess_do_emm(struct s_reader *reader, EMM_PACKET *ep) |
---|
1587 | { |
---|
1588 | def_resp; |
---|
1589 | static const unsigned char insa4[] = { 0xca, 0xa4, 0x04, 0x00, 0x03 }; // set provider id |
---|
1590 | unsigned char insf0[] = { 0xca, 0xf0, 0x00, 0x01, 0x22 }; // set adf |
---|
1591 | unsigned char insf4[] = { 0xca, 0xf4, 0x00, 0x01, 0x00 }; // set adf, encrypted |
---|
1592 | unsigned char ins18[] = { 0xca, 0x18, 0x01, 0x01, 0x00 }; // set subscription |
---|
1593 | unsigned char ins1c[] = { 0xca, 0x1c, 0x01, 0x01, 0x00 }; // set subscription, encrypted |
---|
1594 | //static const unsigned char insc8[] = { 0xca,0xc8,0x00,0x00,0x02 }; // read extended status |
---|
1595 | // static const unsigned char insc8Data[] = { 0x00,0x00 }; // data for read extended status |
---|
1596 | struct viaccess_data *csystem_data = reader->csystem_data; |
---|
1597 | |
---|
1598 | int32_t emmdatastart = 7; |
---|
1599 | |
---|
1600 | if (ep->emm[1] == 0x01) // emm from cccam |
---|
1601 | { |
---|
1602 | emmdatastart=12; |
---|
1603 | ep->emm[1] = 0x70; // (& 0x0f) of this byte is length, so 0x01 would increase the length by 256 |
---|
1604 | ep->emm[2] -= 1; |
---|
1605 | if (ep->type == SHARED || ep->type == GLOBAL) // build missing 0x90 nano from provider at serial position |
---|
1606 | { |
---|
1607 | memcpy(ep->emm+7, ep->emm+3, 3); |
---|
1608 | ep->emm[5] = 0x90; |
---|
1609 | ep->emm[6] = 0x03; |
---|
1610 | ep->emm[9] |= 0x01; |
---|
1611 | ep->emm[10] = 0x9E; |
---|
1612 | ep->emm[11] = 0x20; |
---|
1613 | emmdatastart = 5; |
---|
1614 | } |
---|
1615 | } |
---|
1616 | |
---|
1617 | if(ep->type == UNIQUE) { emmdatastart++; } |
---|
1618 | if(ep->type == GLOBAL && emmdatastart == 7) { emmdatastart -= 4; } |
---|
1619 | int32_t emmLen = SCT_LEN(ep->emm) - emmdatastart; |
---|
1620 | int32_t rc = 0; |
---|
1621 | |
---|
1622 | rdr_log_dump(reader, ep->emm, emmLen+emmdatastart, "RECEIVED EMM VIACCESS"); |
---|
1623 | |
---|
1624 | int32_t emmUpToEnd; |
---|
1625 | uchar *emmParsed = ep->emm + emmdatastart; |
---|
1626 | int32_t provider_ok = 0; |
---|
1627 | uint32_t emm_provid = 0; |
---|
1628 | uchar keynr = 0; |
---|
1629 | int32_t ins18Len = 0; |
---|
1630 | uchar ins18Data[512]; |
---|
1631 | uchar insData[512]; |
---|
1632 | uchar *nano81Data = 0; |
---|
1633 | uchar *nano91Data = 0; |
---|
1634 | uchar *nano92Data = 0; |
---|
1635 | uchar *nano9EData = 0; |
---|
1636 | uchar *nanoF0Data = 0; |
---|
1637 | uchar *nanoA9Data = 0; |
---|
1638 | |
---|
1639 | for(emmUpToEnd = emmLen; (emmParsed[1] != 0) && (emmUpToEnd > 0); emmUpToEnd -= (2 + emmParsed[1]), emmParsed += (2 + emmParsed[1])) |
---|
1640 | { |
---|
1641 | rdr_log_dump(reader, emmParsed, emmParsed[1] + 2, "NANO"); |
---|
1642 | |
---|
1643 | if(emmParsed[0] == 0x90 && emmParsed[1] == 0x03) |
---|
1644 | { |
---|
1645 | /* identification of the service operator */ |
---|
1646 | |
---|
1647 | uchar soid[3], ident[3], i; |
---|
1648 | |
---|
1649 | for(i = 0; i < 3; i++) |
---|
1650 | { |
---|
1651 | soid[i] = ident[i] = emmParsed[2 + i]; |
---|
1652 | } |
---|
1653 | ident[2] &= 0xF0; |
---|
1654 | emm_provid = b2i(3, ident); |
---|
1655 | keynr = soid[2] & 0x0F; |
---|
1656 | if(chk_prov(reader, ident, keynr)) |
---|
1657 | { |
---|
1658 | provider_ok = 1; |
---|
1659 | } |
---|
1660 | else |
---|
1661 | { |
---|
1662 | rdr_log(reader, "EMM: ignored since provider or key not present on card (%x, %x)", emm_provid, keynr); |
---|
1663 | return SKIPPED; |
---|
1664 | } |
---|
1665 | |
---|
1666 | // check if the provider changes. If yes, set the new one. If not, don't .. card will return an error if we do. |
---|
1667 | if(csystem_data->last_geo.provid != emm_provid) |
---|
1668 | { |
---|
1669 | write_cmd(insa4, ident); |
---|
1670 | if(cta_res[cta_lr - 2] != 0x90 || cta_res[cta_lr - 1] != 0x00) |
---|
1671 | { |
---|
1672 | rdr_log_dump(reader, insa4, 5, "set provider cmd:"); |
---|
1673 | rdr_log_dump(reader, soid, 3, "set provider data:"); |
---|
1674 | rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr - 2], cta_res[cta_lr - 1]); |
---|
1675 | return ERROR; |
---|
1676 | } |
---|
1677 | } |
---|
1678 | // as we are maybe changing the used provider, clear the cache, so the next ecm will re-select the correct one |
---|
1679 | csystem_data->last_geo.provid = 0; |
---|
1680 | csystem_data->last_geo.geo_len = 0; |
---|
1681 | csystem_data->last_geo.geo[0] = 0; |
---|
1682 | |
---|
1683 | } |
---|
1684 | else if(emmParsed[0] == 0x9e && emmParsed[1] == 0x20) |
---|
1685 | { |
---|
1686 | /* adf */ |
---|
1687 | |
---|
1688 | if(!nano91Data) |
---|
1689 | { |
---|
1690 | /* adf is not crypted, so test it */ |
---|
1691 | |
---|
1692 | uchar custwp; |
---|
1693 | uchar *afd; |
---|
1694 | |
---|
1695 | custwp = reader->sa[0][3]; |
---|
1696 | afd = (uchar *)emmParsed + 2; |
---|
1697 | |
---|
1698 | if(afd[31 - custwp / 8] & (1 << (custwp & 7))) |
---|
1699 | { |
---|
1700 | rdr_log_dbg(reader, D_READER, "emm for our card %08X", b2i(4, &reader->sa[0][0])); |
---|
1701 | } |
---|
1702 | else |
---|
1703 | { |
---|
1704 | rdr_log_dbg(reader, D_READER, "emm not suitable for our card %08X", b2i(4, &reader->sa[0][0])); |
---|
1705 | return SKIPPED; |
---|
1706 | } |
---|
1707 | } |
---|
1708 | |
---|
1709 | // memorize |
---|
1710 | nano9EData = emmParsed; |
---|
1711 | |
---|
1712 | } |
---|
1713 | else if(emmParsed[0] == 0x81) |
---|
1714 | { |
---|
1715 | nano81Data = emmParsed; |
---|
1716 | } |
---|
1717 | else if(emmParsed[0] == 0x91 && emmParsed[1] == 0x08) |
---|
1718 | { |
---|
1719 | nano91Data = emmParsed; |
---|
1720 | } |
---|
1721 | else if(emmParsed[0] == 0x92 && emmParsed[1] == 0x08) |
---|
1722 | { |
---|
1723 | nano92Data = emmParsed; |
---|
1724 | } |
---|
1725 | else if(emmParsed[0] == 0xF0 && emmParsed[1] == 0x08) |
---|
1726 | { |
---|
1727 | nanoF0Data = emmParsed; |
---|
1728 | } |
---|
1729 | else if(emmParsed[0] == 0xD8 && emmParsed[2] == 0x45) |
---|
1730 | { |
---|
1731 | uint8_t pos = 4 + emmParsed[3]; |
---|
1732 | char *tmpbuf; |
---|
1733 | if(emmParsed[pos] == 0x46 && ((emmParsed[pos+1] - emmParsed[1]) == pos)) |
---|
1734 | { |
---|
1735 | if(cs_malloc(&tmpbuf, emmParsed[pos+1])) |
---|
1736 | { |
---|
1737 | cs_strncpy(tmpbuf, (char *) emmParsed+pos+2, emmParsed[pos+1]); |
---|
1738 | rdr_log(reader, "Viaccess EMM-text: %s", tmpbuf); |
---|
1739 | NULLFREE(tmpbuf); |
---|
1740 | } |
---|
1741 | } |
---|
1742 | } |
---|
1743 | else |
---|
1744 | { |
---|
1745 | /* other nanos */ |
---|
1746 | show_subs(reader, emmParsed); |
---|
1747 | if(emmParsed[0] == 0xA9 && ep->type == SHARED) // check on shared (reassembled) emm if all classes are present and up to date on card: error 90 40 |
---|
1748 | { |
---|
1749 | if(!emm_provid) |
---|
1750 | { |
---|
1751 | rdr_log(reader, "no provid in shared emm -> skipped!"); |
---|
1752 | return SKIPPED; |
---|
1753 | } |
---|
1754 | |
---|
1755 | int8_t match = add_find_class(reader, emm_provid, emmParsed + 2, emmParsed[1], 0); |
---|
1756 | |
---|
1757 | // seems not all classes have to be present on card to accept the emm |
---|
1758 | /*if(match == -1) |
---|
1759 | { |
---|
1760 | rdr_log(reader, "shared emm provid %06X one or more classes of this emm do not match with your card -> skipped!", emm_provid); |
---|
1761 | return SKIPPED; |
---|
1762 | }*/ |
---|
1763 | |
---|
1764 | if(match == -2) |
---|
1765 | { |
---|
1766 | rdr_log(reader, "shared emm provid %06X all classes have entitlementdate already same or newer -> skipped!", emm_provid); |
---|
1767 | return SKIPPED; |
---|
1768 | } |
---|
1769 | nanoA9Data = emmParsed; |
---|
1770 | } |
---|
1771 | |
---|
1772 | memcpy(ins18Data + ins18Len, emmParsed, emmParsed[1] + 2); |
---|
1773 | ins18Len += emmParsed [1] + 2; |
---|
1774 | } |
---|
1775 | } |
---|
1776 | |
---|
1777 | if(!provider_ok) |
---|
1778 | { |
---|
1779 | rdr_log_dbg(reader, D_READER, "provider not found in emm, continue anyway"); |
---|
1780 | // force key to 1... |
---|
1781 | keynr = 1; |
---|
1782 | ///return ERROR; |
---|
1783 | } |
---|
1784 | |
---|
1785 | if(!nanoF0Data) |
---|
1786 | { |
---|
1787 | rdr_log_dump(reader, ep->emm, ep->emmlen, "can't find 0xf0 in emm..."); |
---|
1788 | return ERROR; // error |
---|
1789 | } |
---|
1790 | |
---|
1791 | if(nano9EData) |
---|
1792 | { |
---|
1793 | if(!nano91Data) |
---|
1794 | { |
---|
1795 | // set adf |
---|
1796 | insf0[3] = keynr; // key |
---|
1797 | insf0[4] = nano9EData[1] + 2; |
---|
1798 | write_cmd(insf0, nano9EData); |
---|
1799 | if(cta_res[cta_lr - 2] != 0x90 || cta_res[cta_lr - 1] != 0x00) |
---|
1800 | { |
---|
1801 | rdr_log_dump(reader, insf0, 5, "set adf cmd:"); |
---|
1802 | rdr_log_dump(reader, nano9EData, insf0[4] , "set adf data:"); |
---|
1803 | rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr - 2], cta_res[cta_lr - 1]); |
---|
1804 | return ERROR; |
---|
1805 | } |
---|
1806 | } |
---|
1807 | else |
---|
1808 | { |
---|
1809 | // set adf crypte |
---|
1810 | insf4[3] = keynr; // key |
---|
1811 | insf4[4] = nano91Data[1] + 2 + nano9EData[1] + 2; |
---|
1812 | memcpy(insData, nano91Data, nano91Data[1] + 2); |
---|
1813 | memcpy(insData + nano91Data[1] + 2, nano9EData, nano9EData[1] + 2); |
---|
1814 | write_cmd(insf4, insData); |
---|
1815 | if((cta_res[cta_lr - 2] != 0x90 && cta_res[cta_lr - 2] != 0x91) || cta_res[cta_lr - 1] != 0x00) |
---|
1816 | { |
---|
1817 | rdr_log_dump(reader, insf4, 5, "set adf encrypted cmd:"); |
---|
1818 | rdr_log_dump(reader, insData, insf4[4], "set adf encrypted data:"); |
---|
1819 | rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr - 2], cta_res[cta_lr - 1]); |
---|
1820 | return ERROR; |
---|
1821 | } |
---|
1822 | } |
---|
1823 | } |
---|
1824 | |
---|
1825 | if(!nano92Data) |
---|
1826 | { |
---|
1827 | // send subscription |
---|
1828 | ins18[2] = nano9EData ? 0x01 : 0x00; // found 9E nano ? |
---|
1829 | ins18[3] = keynr; // key |
---|
1830 | ins18[4] = ins18Len + nanoF0Data[1] + 2; |
---|
1831 | memcpy(insData, ins18Data, ins18Len); |
---|
1832 | memcpy(insData + ins18Len, nanoF0Data, nanoF0Data[1] + 2); |
---|
1833 | write_cmd(ins18, insData); |
---|
1834 | if((cta_res[cta_lr - 2] == 0x90 || cta_res[cta_lr - 2] == 0x91) && cta_res[cta_lr - 1] == 0x00) |
---|
1835 | { |
---|
1836 | if(nanoA9Data) |
---|
1837 | { |
---|
1838 | add_find_class(reader, emm_provid, nanoA9Data + 2, nanoA9Data[1], 1); |
---|
1839 | rdr_log(reader, "Your subscription data was updated."); |
---|
1840 | } |
---|
1841 | rc = 1; // written |
---|
1842 | } |
---|
1843 | else |
---|
1844 | { |
---|
1845 | rdr_log_dump(reader, ins18, 5, "set subscription cmd:"); |
---|
1846 | rdr_log_dump(reader, insData, ins18[4], "set subscription data:"); |
---|
1847 | if(!(cta_res[cta_lr -2] == 0x90 && cta_res[cta_lr - 1] == 0x40)) // dont throw softerror 9040 in log! |
---|
1848 | { |
---|
1849 | rdr_log(reader, "update error: %02X %02X", cta_res[cta_lr - 2], cta_res[cta_lr - 1]); |
---|
1850 | } |
---|
1851 | else |
---|
1852 | { |
---|
1853 | rc = 2; // skipped |
---|
1854 | } |
---|
1855 | } |
---|
1856 | |
---|
1857 | } |
---|
1858 | else |
---|
1859 | { |
---|
1860 | // send subscription encrypted |
---|
1861 | |
---|
1862 | if(!nano81Data) |
---|
1863 | { |
---|
1864 | rdr_log_dump(reader, ep->emm, ep->emmlen, "0x92 found, but can't find 0x81 in emm..."); |
---|
1865 | return ERROR; // error |
---|
1866 | } |
---|
1867 | |
---|
1868 | ins1c[2] = nano9EData ? 0x01 : 0x00; // found 9E nano ? |
---|
1869 | if(ep->type == UNIQUE) { ins1c[2] = 0x02; } |
---|
1870 | ins1c[3] = keynr; // key |
---|
1871 | ins1c[4] = nano92Data[1] + 2 + nano81Data[1] + 2 + nanoF0Data[1] + 2; |
---|
1872 | memcpy(insData, nano92Data, nano92Data[1] + 2); |
---|
1873 | memcpy(insData + nano92Data[1] + 2, nano81Data, nano81Data[1] + 2); |
---|
1874 | memcpy(insData + nano92Data[1] + 2 + nano81Data[1] + 2, nanoF0Data, nanoF0Data[1] + 2); |
---|
1875 | write_cmd(ins1c, insData); |
---|
1876 | |
---|
1877 | if((cta_res[cta_lr - 2] == 0x90 || cta_res[cta_lr - 2] == 0x91) && |
---|
1878 | (cta_res[cta_lr - 1] == 0x00 || cta_res[cta_lr - 1] == 0x08)) |
---|
1879 | { |
---|
1880 | rdr_log(reader, "update successfully written"); |
---|
1881 | rc = 1; // written |
---|
1882 | } |
---|
1883 | rc = 1; |
---|
1884 | /* don't return ERROR at this place |
---|
1885 | else { |
---|
1886 | if( cta_res[cta_lr-2]&0x1 ) |
---|
1887 | rdr_log(reader, "update not written. Data already exists or unknown address"); |
---|
1888 | |
---|
1889 | //if( cta_res[cta_lr-2]&0x8 ) { |
---|
1890 | write_cmd(insc8, NULL); |
---|
1891 | if( (cta_res[cta_lr-2]==0x90 && cta_res[cta_lr-1]==0x00) ) { |
---|
1892 | rdr_log(reader, "extended status %02X %02X", cta_res[0], cta_res[1]); |
---|
1893 | } |
---|
1894 | //} |
---|
1895 | return ERROR; |
---|
1896 | } */ |
---|
1897 | |
---|
1898 | } |
---|
1899 | |
---|
1900 | /* |
---|
1901 | Sub Main() |
---|
1902 | Sc.Write("CA A4 04 00 03") |
---|
1903 | RX |
---|
1904 | Sc.Write("02 07 11") |
---|
1905 | RX |
---|
1906 | Sc.Write("CA F0 00 01 22") |
---|
1907 | RX |
---|
1908 | Sc.Write("9E 20") |
---|
1909 | Sc.Write("10 10 08 8A 80 00 04 00 10 10 26 E8 54 80 1E 80") |
---|
1910 | Sc.Write("00 01 00 00 00 00 00 50 00 00 80 02 22 00 08 50") |
---|
1911 | RX |
---|
1912 | Sc.Write("CA 18 01 01 11") |
---|
1913 | RX |
---|
1914 | Sc.Write("A9 05 34 DE 34 FF 80") |
---|
1915 | Sc.Write("F0 08 1A 3E AF B5 2B EE E3 3B") |
---|
1916 | RX |
---|
1917 | |
---|
1918 | End Sub |
---|
1919 | */ |
---|
1920 | return rc; |
---|
1921 | } |
---|
1922 | |
---|
1923 | static int32_t viaccess_card_info(struct s_reader *reader) |
---|
1924 | { |
---|
1925 | def_resp; |
---|
1926 | int32_t i, l; |
---|
1927 | time_t now; |
---|
1928 | struct tm timeinfo; |
---|
1929 | uint16_t tmpdate; |
---|
1930 | uchar insac[] = { 0xca, 0xac, 0x00, 0x00, 0x00 }; // select data |
---|
1931 | uchar insb8[] = { 0xca, 0xb8, 0x00, 0x00, 0x00 }; // read selected data |
---|
1932 | uchar insa4[] = { 0xca, 0xa4, 0x00, 0x00, 0x00 }; // select issuer |
---|
1933 | uchar insc0[] = { 0xca, 0xc0, 0x00, 0x00, 0x00 }; // read data item |
---|
1934 | static const uchar ins24[] = { 0xca, 0x24, 0x00, 0x00, 0x09 }; // set pin |
---|
1935 | |
---|
1936 | uchar cls[] = { 0x00, 0x21, 0xff, 0x9f}; |
---|
1937 | static const uchar pin[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04}; |
---|
1938 | struct viaccess_data *csystem_data = reader->csystem_data; |
---|
1939 | |
---|
1940 | csystem_data->last_geo.provid = 0; |
---|
1941 | csystem_data->last_geo.geo_len = 0; |
---|
1942 | csystem_data->last_geo.geo[0] = 0; |
---|
1943 | |
---|
1944 | rdr_log(reader, "card detected"); |
---|
1945 | |
---|
1946 | cs_clear_entitlement(reader); //reset the entitlements |
---|
1947 | |
---|
1948 | // set pin |
---|
1949 | write_cmd(ins24, pin); |
---|
1950 | |
---|
1951 | insac[2] = 0xa4; |
---|
1952 | write_cmd(insac, NULL); // request unique id |
---|
1953 | insb8[4] = 0x07; |
---|
1954 | write_cmd(insb8, NULL); // read unique id |
---|
1955 | rdr_log_sensitive(reader, "serial: {%llu}", (unsigned long long) b2ll(5, cta_res + 2)); |
---|
1956 | |
---|
1957 | insa4[2] = 0x00; |
---|
1958 | write_cmd(insa4, NULL); // select issuer 0 |
---|
1959 | for(i = 1; (cta_res[cta_lr - 2] == 0x90) && (cta_res[cta_lr - 1] == 0); i++) |
---|
1960 | { |
---|
1961 | uint32_t l_provid, l_sa; |
---|
1962 | uchar l_name[64]; |
---|
1963 | insc0[4] = 0x1a; |
---|
1964 | write_cmd(insc0, NULL); // show provider properties |
---|
1965 | cta_res[2] &= 0xF0; |
---|
1966 | l_provid = b2i(3, cta_res); |
---|
1967 | |
---|
1968 | insac[2] = 0xa5; |
---|
1969 | write_cmd(insac, NULL); // request sa |
---|
1970 | insb8[4] = 0x06; |
---|
1971 | write_cmd(insb8, NULL); // read sa |
---|
1972 | l_sa = b2i(4, cta_res + 2); |
---|
1973 | |
---|
1974 | insac[2] = 0xa7; |
---|
1975 | write_cmd(insac, NULL); // request name |
---|
1976 | insb8[4] = 0x02; |
---|
1977 | write_cmd(insb8, NULL); // read name nano + len |
---|
1978 | l = cta_res[1]; |
---|
1979 | insb8[4] = l; |
---|
1980 | write_cmd(insb8, NULL); // read name |
---|
1981 | cta_res[l] = 0; |
---|
1982 | trim((char *)cta_res); |
---|
1983 | if(cta_res[0]) |
---|
1984 | { snprintf((char *)l_name, sizeof(l_name), ", name: %s", cta_res); } |
---|
1985 | else |
---|
1986 | { l_name[0] = 0; } |
---|
1987 | |
---|
1988 | // read GEO |
---|
1989 | insac[2] = 0xa6; |
---|
1990 | write_cmd(insac, NULL); // request GEO |
---|
1991 | insb8[4] = 0x02; |
---|
1992 | write_cmd(insb8, NULL); // read GEO nano + len |
---|
1993 | l = cta_res[1]; |
---|
1994 | char tmp[l * 3 + 1]; |
---|
1995 | insb8[4] = l; |
---|
1996 | write_cmd(insb8, NULL); // read geo |
---|
1997 | rdr_log_sensitive(reader, "provider: %d, id: {%06X%s}, sa: {%08X}, geo: %s", |
---|
1998 | i, l_provid, l_name, l_sa, (l < 4) ? "empty" : cs_hexdump(1, cta_res, l, tmp, sizeof(tmp))); |
---|
1999 | |
---|
2000 | // read classes subscription |
---|
2001 | insac[2] = 0xa9; |
---|
2002 | insac[4] = 4; |
---|
2003 | if(!reader->read_old_classes) |
---|
2004 | { |
---|
2005 | now = time(NULL) - (24*60*60); |
---|
2006 | cs_gmtime_r(&now, &timeinfo); |
---|
2007 | tmpdate = timeinfo.tm_mday | ((timeinfo.tm_mon + 1) << 5) | ((timeinfo.tm_year - 80) << 9); |
---|
2008 | cls[0] = tmpdate >> 8; |
---|
2009 | cls[1] = tmpdate & 0xff; |
---|
2010 | } |
---|
2011 | write_cmd(insac, cls); // request class subs |
---|
2012 | while((cta_res[cta_lr - 2] == 0x90) && (cta_res[cta_lr - 1] == 0)) |
---|
2013 | { |
---|
2014 | insb8[4] = 0x02; |
---|
2015 | write_cmd(insb8, NULL); // read class subs nano + len |
---|
2016 | if((cta_res[cta_lr - 2] == 0x90) && (cta_res[cta_lr - 1] == 0)) |
---|
2017 | { |
---|
2018 | l = cta_res[1]; |
---|
2019 | insb8[4] = l; |
---|
2020 | write_cmd(insb8, NULL); // read class subs |
---|
2021 | if((cta_res[cta_lr - 2] == 0x90) && |
---|
2022 | (cta_res[cta_lr - 1] == 0x00 || cta_res[cta_lr - 1] == 0x08)) |
---|
2023 | { |
---|
2024 | show_class(reader, NULL, l_provid, cta_res, cta_lr - 2); |
---|
2025 | } |
---|
2026 | } |
---|
2027 | } |
---|
2028 | |
---|
2029 | insac[4] = 0; |
---|
2030 | insa4[2] = 0x02; |
---|
2031 | write_cmd(insa4, NULL); // select next provider |
---|
2032 | } |
---|
2033 | //return ERROR; |
---|
2034 | // Start process init CA 28 |
---|
2035 | reader->initCA28=0; |
---|
2036 | int32_t lenboxkey = reader->boxkey_length; |
---|
2037 | int32_t lendeskey = reader->des_key_length; |
---|
2038 | if ((lenboxkey >= 4) && (lendeskey > 0)) |
---|
2039 | { |
---|
2040 | uchar ins28[] = { 0xCA, 0x28, 0x00, 0x00, 0x04 }; //Init for nanoE0 ca28 |
---|
2041 | ins28[4] = (uchar) lenboxkey; |
---|
2042 | uchar ins28_data[4]; |
---|
2043 | memcpy(ins28_data, reader->boxkey, 4); |
---|
2044 | write_cmd(ins28, ins28_data); // unlock card to reply on E002xxyy |
---|
2045 | if((cta_res[cta_lr - 2] == 0x90) && (cta_res[cta_lr - 1] == 0)) |
---|
2046 | { |
---|
2047 | rdr_log(reader, "CA 28 initialisation successful!"); |
---|
2048 | // init 3DES key |
---|
2049 | des_set_key(reader->des_key, reader->key_schedule1); |
---|
2050 | des_set_key(reader->des_key+8, reader->key_schedule2); |
---|
2051 | reader->initCA28=1; |
---|
2052 | } |
---|
2053 | else |
---|
2054 | { |
---|
2055 | rdr_log(reader, "CA 28 initialisation failed! CA 28 refused"); |
---|
2056 | } |
---|
2057 | } |
---|
2058 | //end process init CA 28 |
---|
2059 | return OK; |
---|
2060 | } |
---|
2061 | |
---|
2062 | static int32_t viaccess_reassemble_emm(struct s_reader *rdr, struct s_client *client, EMM_PACKET *ep) |
---|
2063 | { |
---|
2064 | uint8_t *buffer = ep->emm; |
---|
2065 | int16_t *len = &ep->emmlen; |
---|
2066 | int32_t pos = 0, i; |
---|
2067 | int16_t k; |
---|
2068 | int32_t prov, provid = 0; |
---|
2069 | struct emm_rass *r_emm = NULL; |
---|
2070 | |
---|
2071 | // Viaccess |
---|
2072 | if(*len > 500) { return 0; } |
---|
2073 | |
---|
2074 | switch(buffer[0]) |
---|
2075 | { |
---|
2076 | case 0x8c: |
---|
2077 | case 0x8d: |
---|
2078 | // emm-s part 1 |
---|
2079 | provid = b2i(3, ep->emm+5); // extract provid from emm |
---|
2080 | provid &= 0xFFFFF0; // last digit is dont care |
---|
2081 | r_emm = find_rabuf(client, provid, (uint8_t) buffer[0], 1); |
---|
2082 | if(!r_emm) |
---|
2083 | { |
---|
2084 | cs_log("[viaccess] ERROR: Can't allocate EMM reassembly buffer."); |
---|
2085 | return 0; |
---|
2086 | } |
---|
2087 | if(!memcmp(&r_emm->emm, &buffer[0], *len)) // skip same shared emm, this make sure emmlen isnt replaced. emmlen = 0 means this shared emm has been used for reassembly |
---|
2088 | { |
---|
2089 | return 0; |
---|
2090 | } |
---|
2091 | memset(&r_emm->emm[0], 0, sizeof(r_emm->emm)); // zero it! |
---|
2092 | memcpy(&r_emm->emm[0], &buffer[0], *len); // put the fresh new shared emm |
---|
2093 | r_emm->emmlen = *len; // put the emmlen indicating that this shared emm isnt being reassembled |
---|
2094 | rdr_log_dump_dbg(rdr, D_EMM, r_emm->emm, r_emm->emmlen, "%s: received fresh emm-gh for provid %06X", __func__, provid); |
---|
2095 | return 0; |
---|
2096 | |
---|
2097 | case 0x8e: |
---|
2098 | // emm-s part 2 |
---|
2099 | for(prov = 0; prov < rdr->nprov ; prov++) |
---|
2100 | { |
---|
2101 | if(!memcmp(&buffer[3], &rdr->sa[prov][0], 3)) |
---|
2102 | { |
---|
2103 | //matching sa found! |
---|
2104 | if(is_network_reader(rdr)) |
---|
2105 | { |
---|
2106 | provid = b2i(4, ep->provid); // use provid from emm since we have nothing better! |
---|
2107 | provid &= 0xFFFFF0; // last digit is dont care |
---|
2108 | } |
---|
2109 | else |
---|
2110 | { |
---|
2111 | provid = b2i(4, rdr->prid[prov]); // get corresponding provid from reader since there is no provid in emm payload! |
---|
2112 | provid &= 0xFFFFF0; // last digit is dont care |
---|
2113 | } |
---|
2114 | r_emm = find_rabuf(client, provid, 0, 0); // nano = dont care, the shared 8c or 8d not been written gets returned! |
---|
2115 | if(!r_emm || !r_emm->emmlen) |
---|
2116 | { |
---|
2117 | continue; // match but no emm-gh found for this provider |
---|
2118 | } |
---|
2119 | else |
---|
2120 | { |
---|
2121 | break; // stop searching-> emm-gh found! |
---|
2122 | } |
---|
2123 | } |
---|
2124 | } |
---|
2125 | if(!r_emm || !r_emm->emmlen) { return 0; } // stop -> no emm-gh found! |
---|
2126 | |
---|
2127 | //extract nanos from emm-gh and emm-s |
---|
2128 | uchar emmbuf[512]; |
---|
2129 | |
---|
2130 | rdr_log_dbg(rdr, D_EMM, "%s: start extracting nanos", __func__); |
---|
2131 | //extract from emm-gh |
---|
2132 | for(i = 3; i < r_emm->emmlen; i += r_emm->emm[i + 1] + 2) |
---|
2133 | { |
---|
2134 | //copy nano (length determined by i+1) |
---|
2135 | memcpy(emmbuf + pos, r_emm->emm + i, r_emm->emm[i + 1] + 2); |
---|
2136 | pos += r_emm->emm[i + 1] + 2; |
---|
2137 | } |
---|
2138 | |
---|
2139 | if(buffer[2] == 0x2c) |
---|
2140 | { |
---|
2141 | //add 9E 20 nano + first 32 uint8_ts of emm content |
---|
2142 | memcpy(emmbuf + pos, "\x9E\x20", 2); |
---|
2143 | memcpy(emmbuf + pos + 2, buffer + 7, 32); |
---|
2144 | pos += 34; |
---|
2145 | |
---|
2146 | //add F0 08 nano + 8 subsequent uint8_ts of emm content |
---|
2147 | memcpy(emmbuf + pos, "\xF0\x08", 2); |
---|
2148 | memcpy(emmbuf + pos + 2, buffer + 39, 8); |
---|
2149 | pos += 10; |
---|
2150 | } |
---|
2151 | else |
---|
2152 | { |
---|
2153 | //extract from variable emm-s |
---|
2154 | for(k = 7; k < (*len); k += buffer[k + 1] + 2) |
---|
2155 | { |
---|
2156 | //copy nano (length determined by k+1) |
---|
2157 | memcpy(emmbuf + pos, buffer + k, buffer[k + 1] + 2); |
---|
2158 | pos += buffer[k + 1] + 2; |
---|
2159 | } |
---|
2160 | } |
---|
2161 | |
---|
2162 | rdr_log_dump_dbg(rdr, D_EMM, buffer, *len, "%s: %s emm-s", __func__, (buffer[2] == 0x2c) ? "fixed" : "variable"); |
---|
2163 | |
---|
2164 | emm_sort_nanos(buffer + 7, emmbuf, pos); |
---|
2165 | pos += 7; |
---|
2166 | |
---|
2167 | //calculate emm length and set it on position 2 |
---|
2168 | buffer[2] = pos - 3; |
---|
2169 | |
---|
2170 | rdr_log_dump_dbg(rdr, D_EMM, r_emm->emm, r_emm->emmlen, "%s: emm-gh provid %06X", __func__, provid); |
---|
2171 | rdr_log_dump_dbg(rdr, D_EMM, buffer, pos, "%s: assembled emm", __func__); |
---|
2172 | |
---|
2173 | *len = pos; |
---|
2174 | r_emm->emmlen = 0; // mark this shared 8c or 8d as being used for reassembly and send to reader! |
---|
2175 | break; |
---|
2176 | } |
---|
2177 | return 1; |
---|
2178 | } |
---|
2179 | |
---|
2180 | const struct s_cardsystem reader_viaccess = |
---|
2181 | { |
---|
2182 | .desc = "viaccess", |
---|
2183 | .caids = (uint16_t[]){ 0x05, 0 }, |
---|
2184 | .do_emm_reassembly = viaccess_reassemble_emm, |
---|
2185 | .do_emm = viaccess_do_emm, |
---|
2186 | .do_ecm = viaccess_do_ecm, |
---|
2187 | .card_info = viaccess_card_info, |
---|
2188 | .card_init = viaccess_card_init, |
---|
2189 | .get_emm_type = viaccess_get_emm_type, |
---|
2190 | .get_emm_filter = viaccess_get_emm_filter, |
---|
2191 | }; |
---|
2192 | |
---|
2193 | #endif |
---|