|
@@ -39,10 +39,6 @@ static int connect_to(struct in_addr ip, int port) {
|
39
|
39
|
return fd;
|
40
|
40
|
}
|
41
|
41
|
|
42
|
|
-// 4 auth header, 20 header size, 256 max data size, 16 potential padding
|
43
|
|
-#define HDR_LEN (20)
|
44
|
|
-#define BUF_SIZE (4 + HDR_LEN + 256 + 16)
|
45
|
|
-
|
46
|
42
|
static void camd35_init_auth(struct camd35 *c) {
|
47
|
43
|
unsigned char dump[16];
|
48
|
44
|
|
|
@@ -93,7 +89,7 @@ static int camd35_recv(struct camd35 *c, uint8_t *data, int *data_len) {
|
93
|
89
|
|
94
|
90
|
static uint8_t *camd35_recv_cw(struct camd35 *c) {
|
95
|
91
|
static uint8_t invalid_cw[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
96
|
|
- uint8_t data[BUF_SIZE];
|
|
92
|
+ uint8_t *data = c->buf;
|
97
|
93
|
int data_len = 0;
|
98
|
94
|
|
99
|
95
|
NEXT:
|
|
@@ -130,61 +126,60 @@ NEXT:
|
130
|
126
|
#undef ERR
|
131
|
127
|
|
132
|
128
|
|
133
|
|
-static int camd35_send(struct camd35 *c, uint8_t *data, uint8_t data_len) {
|
134
|
|
- unsigned int i;
|
135
|
|
- uint8_t buf[BUF_SIZE];
|
136
|
|
- uint8_t *bdata = buf + 4;
|
|
129
|
+static int camd35_send_buf(struct camd35 *c, int data_len) {
|
|
130
|
+ int i;
|
|
131
|
+ uint8_t *bdata = c->buf + 4; // Leave space for auth token
|
137
|
132
|
|
138
|
133
|
camd35_connect(c);
|
139
|
134
|
camd35_init_auth(c);
|
140
|
135
|
|
141
|
|
- init_4b(c->auth_token, buf); // Put authentication token
|
142
|
|
- memcpy(bdata, data, data_len); // Put data
|
|
136
|
+ memmove(bdata, c->buf, data_len); // Move data
|
|
137
|
+ init_4b(c->auth_token, c->buf); // Put authentication token
|
143
|
138
|
|
144
|
139
|
for (i = 0; i < data_len; i += 16) // Encrypt payload
|
145
|
|
- AES_encrypt(data + i, bdata + i, &c->aes_encrypt_key);
|
|
140
|
+ AES_encrypt(bdata + i, bdata + i, &c->aes_encrypt_key);
|
146
|
141
|
|
147
|
|
- return fdwrite(c->server_fd, (char *)buf, data_len + 4);
|
|
142
|
+ int written = fdwrite(c->server_fd, (char *)c->buf, data_len + 4);
|
|
143
|
+ return written;
|
148
|
144
|
}
|
149
|
145
|
|
150
|
|
-static void camd35_buf_init(struct camd35 *c, uint8_t *buf, uint8_t *data, uint8_t data_len) {
|
151
|
|
- memset(buf, 0, HDR_LEN); // Reset header
|
152
|
|
- memset(buf + HDR_LEN, 0xff, BUF_SIZE - HDR_LEN); // Reset data
|
153
|
|
- buf[1] = data_len; // Data length
|
154
|
|
- init_4b(crc32(0L, data, data_len), buf + 4); // Data CRC is at buf[4]
|
155
|
|
- memcpy(buf + HDR_LEN, data, data_len); // Copy data to buf
|
|
146
|
+static void camd35_buf_init(struct camd35 *c, uint8_t *data, int data_len) {
|
|
147
|
+ memset(c->buf, 0, CAMD35_HDR_LEN); // Reset header
|
|
148
|
+ memset(c->buf + CAMD35_HDR_LEN, 0xff, CAMD35_BUF_LEN - CAMD35_HDR_LEN); // Reset data
|
|
149
|
+ c->buf[1] = data_len; // Data length
|
|
150
|
+ init_4b(crc32(0L, data, data_len), c->buf + 4); // Data CRC is at buf[4]
|
|
151
|
+ memcpy(c->buf + CAMD35_HDR_LEN, data, data_len); // Copy data to buf
|
156
|
152
|
}
|
157
|
153
|
|
158
|
154
|
int camd35_send_ecm(struct camd35 *c, uint16_t service_id, uint16_t ca_id, uint16_t idx, uint8_t *data, uint8_t data_len) {
|
159
|
|
- uint8_t buf[BUF_SIZE];
|
160
|
155
|
uint32_t provider_id = 0;
|
161
|
|
- int to_send = boundary(4, HDR_LEN + data_len);
|
|
156
|
+ int to_send = boundary(4, CAMD35_HDR_LEN + data_len);
|
162
|
157
|
|
163
|
|
- camd35_buf_init(c, buf, data, data_len);
|
|
158
|
+ camd35_buf_init(c, data, (int)data_len);
|
164
|
159
|
|
165
|
|
- buf[0] = 0x00; // CMD ECM request
|
166
|
|
- init_2b(service_id , buf + 8);
|
167
|
|
- init_2b(ca_id , buf + 10);
|
168
|
|
- init_4b(provider_id, buf + 12);
|
169
|
|
- init_2b(idx , buf + 16);
|
170
|
|
- buf[18] = 0xff;
|
171
|
|
- buf[19] = 0xff;
|
|
160
|
+ c->buf[0] = 0x00; // CMD ECM request
|
|
161
|
+ init_2b(service_id , c->buf + 8);
|
|
162
|
+ init_2b(ca_id , c->buf + 10);
|
|
163
|
+ init_4b(provider_id, c->buf + 12);
|
|
164
|
+ init_2b(idx , c->buf + 16);
|
|
165
|
+ c->buf[18] = 0xff;
|
|
166
|
+ c->buf[19] = 0xff;
|
|
167
|
+
|
|
168
|
+ camd35_send_buf(c, to_send);
|
172
|
169
|
|
173
|
|
- camd35_send(c, buf, to_send);
|
174
|
170
|
camd35_recv_cw(c);
|
175
|
171
|
return 0;
|
176
|
172
|
}
|
177
|
173
|
|
178
|
174
|
int camd35_send_emm(struct camd35 *c, uint16_t ca_id, uint8_t *data, uint8_t data_len) {
|
179
|
|
- uint8_t buf[BUF_SIZE];
|
180
|
175
|
uint32_t prov_id = 0;
|
181
|
|
- int to_send = boundary(4, data_len + HDR_LEN);
|
|
176
|
+ int to_send = boundary(4, CAMD35_HDR_LEN + data_len);
|
182
|
177
|
|
183
|
|
- camd35_buf_init(c, buf, data, data_len);
|
|
178
|
+ camd35_buf_init(c, data, (int)data_len);
|
184
|
179
|
|
185
|
|
- buf[0] = 0x06; // CMD incomming EMM
|
186
|
|
- init_2b(ca_id , buf + 10);
|
187
|
|
- init_4b(prov_id, buf + 12);
|
|
180
|
+ c->buf[0] = 0x06; // CMD incomming EMM
|
|
181
|
+ init_2b(ca_id , c->buf + 10);
|
|
182
|
+ init_4b(prov_id, c->buf + 12);
|
188
|
183
|
|
189
|
|
- return camd35_send(c, buf, to_send);
|
|
184
|
+ return camd35_send_buf(c, to_send);
|
190
|
185
|
}
|