Changeset 501 for trunk/reader-dre.c


Ignore:
Timestamp:
Nov 12, 2009, 10:53:02 AM (10 years ago)
Author:
dingo35
Message:

Fix Drecrypt 2 EMM (new Platforma card 0x14) + cleanup code

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/reader-dre.c

    r498 r501  
    170170  case 0x15:
    171171    card = "Platforma HD / DW old";
    172     reader[ridx].caid[0] = 0x4ae1;  //TODO not sure
     172    reader[ridx].caid[0] = 0x4ae1;
    173173    mode = 51;
    174174    break;          //59 type card
    175175  default:
    176176    card = "Unknown";
    177     reader[ridx].caid[0] = 0x4ae1;  //TODO: what is sensible value here?
     177    reader[ridx].caid[0] = 0x4ae1;
    178178    mode = 51;
    179179    break;
     
    249249    return 0;           //fatal error
    250250
    251 
    252   /* Unknown function 51
    253      59
    254      23 51 82 3B 05 00 4A D4 CA
    255      A3 1D A2
    256      DF 95 29 90 65 E1 95 B8 1C 91 87 C8 B5 CB 62 2F
    257      09
    258      F7 BC 18 BA 14  some byte seems to be missing !?!
    259 
    260      ANOTHER INS is the same except last line:
    261      EF C7 1D 4C E3 14 last byte stays the same = provider byte???
    262 
    263      response: DW info retour
    264      59 12 D2 8E 7A FE BA 6C DF 31 49
    265      1A 8F 34
    266      98 48 42 CE 0D DE
    267      90 00 */
    268 
    269 
    270   //memcpy(&reader[ridx].prid[i][2], cta_res, 2);
    271 
    272 //############### PLAYGROUND ////
    273 
    274 //from bbs, provider = 15???
    275 //static uchar ecmtest[] = { 0x51, 0x01, 0x56, 0x00, 0x00, 0x48, 0xC6, 0xF0, 0x19, 0x01, 0xD4, 0xDF, 0x4F, 0xD7, 0x91, 0x55, 0x68, 0x02, 0x72, 0xF7, 0x98, 0x28, 0xBD, 0x78, 0x8E, 0x4E, 0xE8, 0xED, 0x0B, 0x51, 0xBF, 0xA4, 0x4E, 0x15 };
    276 //from log, works:
    277 //static uchar ecmtest[] = { 0x51, 0x02, 0x56, 0x05, 0x00, 0x4A, 0xE3, 0x9C, 0xDA, 0xC1, 0x71, 0x21, 0x06, 0xF0, 0x14, 0xA7, 0x0E, 0x89, 0xDA, 0xC9, 0xD7, 0xFD, 0xB9, 0x06, 0xFD, 0xD5, 0x1E, 0x2A, 0xA3, 0xB5, 0xA0, 0x82, 0x11, 0x14 };
    278 /*  static uchar ecmtest[] =
    279     { 0x51, 0x03, 0x56, 0x05, 0x00, 0x4A, 0xE4, 0x58, 0x02, 0x8B, 0xAE, 0x42, 0xEE, 0xE2, 0x6A, 0x7F, 0x51, 0xE0, 0x7D,
    280 0xCE, 0x20, 0x8A, 0x24, 0xE8, 0xBA, 0xA6, 0xC3, 0xCB, 0x35, 0x45, 0x35, 0x52, 0x94, 0x14 };
    281 */
    282 //from platforma itself through dvbviewer
    283 /*
    284   static uchar ecmtest[] =
    285     { 0x51, 0x02, 0x56, 0x00, 0x00, 0x4A, 0xEC, 0x00, 0xAA, 0x31, 0x39, 0x06, 0x57, 0x94, 0x55, 0x1D, 0x23, 0x52, 0x88,
    286 0x3D, 0xA8, 0x62, 0xDC, 0xA2, 0x98, 0xD7, 0xAB, 0x0D, 0x80, 0x60, 0x15, 0xF5, 0x07, 0x14 };
    287 */
    288   //from redirected dvbviewer
    289   static uchar ecmtest[] =
    290     { 0x51, 0x02, 0x56, 0x00, 0x00, 0x4A, 0xEC, 0x3B, 0xF6, 0x56, 0x5A, 0x43, 0x95, 0x43, 0x05, 0x02, 0xBB, 0x46, 0x22,
    291     0x27, 0xEF, 0x33, 0xF4, 0xA9, 0xD0, 0x65, 0xDB, 0x57, 0x8F, 0x8F, 0x7C, 0x19, 0x36, 0x14
    292   };
    293 
    294 //rest: 0x93, 0x36, 0x58, 0xC9
    295 
    296 
    297   //ecmcmd51[33]=provider; //FIXME part of signatur
    298 
    299 //int hans, index, save;
    300 //for (index=1; index<3; index++) {
    301 //  save = ecmtest[index];
    302 //  for (hans=0; hans<256; hans++) {
    303 //   ecmtest[index] = hans;
    304 //    if ((dre_cmd(ecmtest)))
    305 //  }
    306 //  ecmtest[index] = save;
    307 //}
    308 /*
    309   EMM_PACKET *eptmp;
    310   eptmp = malloc (sizeof (EMM_PACKET));
    311 //  static unsigned char tempser[] = { 0, 0, 0xC8, 0x4D, 0x25, 0x5A };
    312 //  memcpy (reader[ridx].hexserial, tempser, 8);
    313   dre_do_emm (eptmp);
    314   free (eptmp);*/
    315 //############### PLAYGROUND ////
    316251  cs_log ("ready for requests");
    317252  return (1);
     
    320255int dre_do_ecm (ECM_REQUEST * er)
    321256{
    322   //
    323   //cmd41 is not known for card provider 0x14 ???
    324257  if (mode == 41) {
    325258    static uchar ecmcmd41[] = { 0x41,
     
    337270    if ((dre_cmd (ecmcmd41))) { //ecm request
    338271      if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
    339     return (0);     //exit if response is not 90 00 //TODO: if response is 9027 ppv mode is possible!
     272    return 0;       //exit if response is not 90 00
    340273      memcpy (er->cw, cta_res + 11, 8);
    341274      memcpy (er->cw + 8, cta_res + 3, 8);
     
    346279  else {
    347280
    348     //cmd51 is used for provider 0x14
    349281    static uchar ecmcmd51[] = { 0x51, 0x02, 0x56, 0x05, 0x00, 0x4A, 0xE3,   //fixed header?
    350282      0x9C, 0xDA,       //first three nibbles count up, fourth nibble counts down; all ECMs sent twice
     
    355287    };
    356288    memcpy (ecmcmd51 + 1, er->ecm + 5, 0x21);
    357     //cs_log ("DEBUG: ECM: %s", cs_hexdump (0, er->ecm, er->ecm[2] + 3));
    358289    cs_debug ("DEBUG: unused ECM info front:%s", cs_hexdump (0, er->ecm, 5));
    359290    cs_debug ("DEBUG: unused ECM info back:%s", cs_hexdump (0, er->ecm + 37, 4));
     
    361292    if ((dre_cmd (ecmcmd51))) { //ecm request
    362293      if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
    363     return (0);     //exit if response is not 90 00 //TODO: if response is 9027 ppv mode is possible!
    364       //memcpy(er->cw,cta_res+3,16);
    365       //or swap bytes:
     294    return 0;       //exit if response is not 90 00
    366295      memcpy (er->cw, cta_res + 11, 8);
    367296      memcpy (er->cw + 8, cta_res + 3, 8);
    368 
    369       //  return 0; //FIXME only used for testing CWs
    370297      return 1;
    371298    }
     
    376303int dre_do_emm (EMM_PACKET * ep)
    377304{
    378   //return 0;                   //FIXME STUB
    379   /*
    380      uchar emmtest[] = { 0x87, 0x00, 0x8C, 0xC8, 0x4D, 0x25, 0x5A, 0x02, 0xA9, 0xA5, 0x34, 0x31, 0xAB, 0x9C, 0x9B, 0x59,
    381      0x5D, 0x47, 0x95, 0xB3, 0xB1, 0x61, 0x47, 0xE6, 0x85, 0xE0, 0x17, 0xC8, 0x25, 0x70, 0x59, 0x73,
    382      0x12, 0x1F, 0x2B, 0x9B, 0x02, 0x5A, 0x9D, 0x3A, 0x05, 0x56, 0x85, 0x58, 0x00, 0xC8, 0x4D, 0x25,
    383      0x5A, 0x06, 0x02, 0x23, 0xB4, 0x37, 0x1E, 0xE0, 0x7E, 0x59, 0xFC, 0x38, 0xCA, 0x13, 0x21, 0x0D,
    384      0x3E, 0x09, 0xDF, 0xB4, 0x45, 0x6C, 0x99, 0x7E, 0x3E, 0xDA, 0xA4, 0xC7, 0xB9, 0x7B, 0xAB, 0x4A,
    385      0xB5, 0xE2, 0x1D, 0xA3, 0xCD, 0x03, 0xAF, 0xDA, 0xBA, 0xEA, 0x3B, 0x85, 0x58, 0x00, 0xC8, 0x4D,
    386      0x25, 0x5A, 0x05, 0xF4, 0xAF, 0x8B, 0x8F, 0x2F, 0x6C, 0xF2, 0x43, 0x8C, 0x86, 0x03, 0xFD, 0x1C,
    387      0xDF, 0x7A, 0xE4, 0xB6, 0x0B, 0xF9, 0x70, 0x72, 0xFC, 0x2A, 0xEC, 0x0F, 0x6D, 0x8D, 0x82, 0xC6,
    388      0x4C, 0x16, 0x81, 0xDC, 0xC9, 0x3C, 0x34, 0x84, 0x35, 0x9A, 0xA7, 0xED, 0xB1, 0x39, 0xBC
    389      }; //UNIQE EMM
    390    */
    391  /*
    392   uchar emmtest[] = { 0x89, 0x00, 0x68, 0x00, 0x4D, 0x56, 0x85, 0x58, 0x01, 0x00, 0x00, 0x00, 0x00, 0x06, 0x29, 0x58,
    393     0x89, 0x04, 0x3A, 0xEE, 0x15, 0xB1, 0x38, 0x4A, 0x75, 0x5A, 0x21, 0xEE, 0x4D, 0x37, 0xF3, 0x53,
    394     0xF8, 0xAC, 0x1F, 0x8D, 0xEA, 0xDF, 0x12, 0x73, 0x00, 0x69, 0xBB, 0x67, 0x5D, 0x8A, 0x96, 0x2D,
    395     0x1C, 0x08, 0xEB, 0xF1, 0xCA, 0x40, 0x3B, 0x85, 0x58, 0x01, 0x00, 0x00, 0x00, 0x00, 0x05, 0x85,
    396     0xF2, 0xE1, 0xD9, 0x86, 0xEA, 0x19, 0x6A, 0xEF, 0x3B, 0x9D, 0x0C, 0xEA, 0xF3, 0x7B, 0x74, 0xE5,
    397     0xF7, 0x4F, 0xD6, 0x9C, 0x85, 0x6C, 0x7E, 0x79, 0xDF, 0x18, 0xD1, 0xC3, 0x54, 0xA9, 0x47, 0xCB,
    398     0xAC, 0xB6, 0x18, 0x71, 0xC8, 0x69, 0x6B, 0x10, 0xFF, 0x9D, 0x11
    399   };                //GLOBAL EMM???
    400 
    401   memcpy (ep->emm, emmtest, 0x8f);*/
    402305
    403306  int emm_length = ((ep->emm[1] & 0x0f) << 8) + ep->emm[2];
     
    405308  cs_ddump (ep->emm, emm_length + 3, "EMM:");
    406309  ep->type = ep->emm[0];
    407   //cs_debug ("ep->type%x", ep->type);
    408310
    409311  if (mode == 51) {
     
    416318      if ((dre_cmd (emmcmd52)))
    417319    if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
    418       return (0);       //exit if response is not 90 00
    419     }
    420   }
    421 
     320      return 0;     //exit if response is not 90 00
     321    }
     322  }
    422323  else {
    423 
    424324    static uchar emmcmd42[] =
    425325      { 0x42, 0x85, 0x58, 0x01, 0xC8, 0x00, 0x00, 0x00, 0x05, 0xB8, 0x0C, 0xBD, 0x7B, 0x07, 0x04, 0xC8,
     
    429329      0x56, 0x58, 0x11
    430330    };
    431 /*
    432     if (memcmp (ep->emm + 9, reader[ridx].sa[0], 1)) {  //in case of SHARED EMM, only first byte has to match?
    433       cs_log ("EMM: Shared update did not match; EMM SA:%02X%02X%02X%02X, Reader SA:%s.", ep->emm[9], ep->emm[10],
    434           ep->emm[11], ep->emm[12], cs_hexdump (0, reader[ridx].sa[0], 4));
    435       return (0);
    436     }
    437     else {
    438       cs_log ("EMM: Shared update matched for EMM SA %02X%02X%02X%02X.", ep->emm[9], ep->emm[19], ep->emm[11],
    439           ep->emm[12]);
    440     } */
    441     /*
    442        01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16
    443        88 00 68 C8 4D 56 85 58 01 C8 00 00 00 05 B8 0C
    444 
    445        17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 --
    446        BD 7B 07 04 C8 77 31 95 F2 30 B7 E9 EE 0F 81 39
    447 
    448        33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 --
    449        1C 1F A9 11 3E E5 0E 8E 50 A4 31 BB 01 00 D6 AF
    450 
    451        49 50 51 52 53 54X55 56 57 58 59 60 61 62 63 64 --
    452        69 60 04 70 3A 91 3B 85 58 01 C8 00 00 00 05 B1
    453 
    454        65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 --
    455        3F BF A0 05 6E BD AB 0A 70 77 30 C2 AC EC 06 C2
    456 
    457        81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 --
    458        3D 47 50 8D B1 77 68 62 6B 26 6B CE A9 EF 1B 6A
    459 
    460        97 98 99 00 01 02 03 04 05 06 07 08 09 10 11 12 --
    461        DF 7B 39 52 A4 5A 0E B0 A6 ED 7B DC 82 3C AE A3
    462 
    463        Here we have:
    464 
    465        Bytes ...
    466        01 (88) - EMM filter can be a value 87
    467        03 (68) - length of data EMM
    468        04 (C8) - the number of SA for the filter (C8 - is a map)
    469        06 (56) - index kriptodannyh (56/3B alternate) are likely key number
    470 
    471        07 (85) - choice of algorithm (8x - MSP / 4x - Atmel), in the cards until only 85
    472        08 (01) - the type of EMM (00 - EMM_U, solo / 01 - EMM_S, group)
    473        10 - 13 (C8 00 00 00) - here only for SA EMM_S
    474        14 (05) - additional flags
    475        15 - 54 (V8. .. 91) own body EMM, information about the key.
    476        55 (3B) may be a checksum.
    477 
    478        Bytes 56 - 104 - for the second key.
    479        Appointment of the remaining bytes is unknown.
    480      */
    481331    memcpy (emmcmd42 + 1, ep->emm + 6, 48);
    482332    emmcmd42[51] = provider;
     
    489339    if ((dre_cmd (emmcmd42))) { //first emm request
    490340      if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
    491     return (0);     //exit if response is not 90 00
    492 
    493       memcpy (emmcmd42 + 1, ep->emm + 55, 7); //TODO OR next two lines?
     341    return 0;       //exit if response is not 90 00
     342
     343      memcpy (emmcmd42 + 1, ep->emm + 55, 7);   //TODO OR next two lines?
    494344      /*memcpy (emmcmd42 + 1, ep->emm + 55, 7);  //FIXME either I cant count or my EMM log contains errors
    495345         memcpy (emmcmd42 + 8, ep->emm + 67, 41); */
     
    500350      if ((dre_cmd (emmcmd42))) {   //second emm request
    501351    if ((cta_res[cta_lr - 2] != 0x90) || (cta_res[cta_lr - 1] != 0x00))
    502       return (0);       //exit if response is not 90 00
    503     return 1;       //success
     352      return 0;     //exit if response is not 90 00
    504353      }
    505354    }
    506355  }
    507 
    508   /*
    509      0x87, 0x00, 0x8C, ser1, ser2, ser3, ser4, 0x02, 0xA9, 0xA5, 0x34, 0x31, 0xAB, 0x9C, 0x9B, 0x59,
    510      0x5D, 0x47, 0x95, 0xB3, 0xB1, 0x61, 0x47, 0xE6, 0x85, 0xE0, 0x17, 0xC8, 0x25, 0x70, 0x59, 0x73,
    511      0x12, 0x1F, 0x2B, 0x9B, 0x02, 0x5A, 0x9D, 0x3A, 0x05, 0x56, 0x85, 0x58, 0x00, 0xC8, 0x4D, 0x25,
    512      0x5A, 0x06, 0x02, 0x23, 0xB4, 0x37, 0x1E, 0xE0, 0x7E, 0x59, 0xFC, 0x38, 0xCA, 0x13, 0x21, 0x0D,
    513      0x3E, 0x09, 0xDF, 0xB4, 0x45, 0x6C, 0x99, 0x7E, 0x3E, 0xDA, 0xA4, 0xC7, 0xB9, 0x7B, 0xAB, 0x4A,
    514      0xB5, 0xE2, 0x1D, 0xA3, 0xCD, 0x03, 0xAF, 0xDA, 0xBA, 0xEA, 0x3B, 0x85, 0x58, 0x00, 0xC8, 0x4D,
    515      0x25, 0x5A, 0x05, 0xF4, 0xAF, 0x8B, 0x8F, 0x2F, 0x6C, 0xF2, 0x43, 0x8C, 0x86, 0x03, 0xFD, 0x1C,
    516      0xDF, 0x7A, 0xE4, 0xB6, 0x0B, 0xF9, 0x70, 0x72, 0xFC, 0x2A, 0xEC, 0x0F, 0x6D, 0x8D, 0x82, 0xC6,
    517      0x4C, 0x16, 0x81, 0xDC, 0xC9, 0x3C, 0x34, 0x84, 0x35, 0x9A, 0xA7, 0xED, 0xB1, 0x39, 0xBC
    518    */
    519   return 0;
     356  return 1;         //success
    520357}
    521358
Note: See TracChangeset for help on using the changeset viewer.