Add newcamd protocol support.

ChangeLog

@@ -10,6 +10,7 @@ xxxx-xx-xx : Version next
  * Add --output-nit-pass (-y) to enable NIT pass through.
  * Add --output-eit-pass (-w) to enable EIT (EPG) pass through.
  * Add --output-tdt-pass (-x) to enable TDT/TOT pass through.
+ * Add support for newcamd CAMD protocol.
 
 2011-11-18 : Version 4.0
  * Set CAMD sockets NODELAY to avoid OSCAM errors when many packets are sent.

Makefile

@@ -40,11 +40,12 @@ tsdecrypt_SRC = data.c \
  util.c \
  camd.c \
  camd-cs378x.c \
+ camd-newcamd.c \
  process.c \
  tables.c \
  notify.c \
  tsdecrypt.c
-tsdecrypt_LIBS = -lcrypto -ldvbcsa -lpthread
+tsdecrypt_LIBS = -lcrypt -lcrypto -ldvbcsa -lpthread
 tsdecrypt_OBJS = $(FUNCS_LIB) $(TS_LIB) $(tsdecrypt_SRC:.c=.o)
 
 CLEAN_OBJS = tsdecrypt $(tsdecrypt_SRC:.c=.{o,d})

README

@@ -2,8 +2,8 @@ tsdecrypt
 =========
 tsdecrypt reads incoming mpeg transport stream over UDP/RTP and then
 decrypts it using libdvbcsa and keys obtained from OSCAM or similar cam
-server. tsdecrypt communicates with CAM server using camd35 over tcp
-protocol also known as cs378x.
+server. tsdecrypt communicates with CAM server using cs378x (camd35 over
+tcp) protocol or newcamd protocol.
 
 License
 =======
@@ -58,9 +58,13 @@ CA options:
  -C --caid <caid>           | Set CAID. Default: Taken from --ca-system.
 
 CAMD server options:
+ -A --camd-proto <proto>    | Set CAMD network protocol.
+                            . Valid protocols are: CS378X (default) and NEWCAMD
  -s --camd-server <addr>    | Set CAMD server ip_address:port (1.2.3.4:2233).
  -U --camd-user <user>      | Set CAMD server user. Default: user
  -P --camd-pass <pass>      | Set CAMD server password. Default: pass
+ -B --camd-des-key <key>    | Set DES key for newcamd protocol.
+                            . Default: 0102030405060708091011121314
 
 EMM options:
  -e --emm                   | Enable sending EMM's to CAMD. Default: disabled

camd-newcamd.c

@@ -0,0 +1,420 @@
+/*
+ * newcamd protocol
+ * Most of the code is copied from getstream's newcamd protocol implementation.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301, USA.
+ */
+
+#define _XOPEN_SOURCE 700 // Needed to pull crypt() from unistd.h
+#define _GNU_SOURCE 1 // Needed to pull crypt_r() from crypt.h
+
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <crypt.h>
+
+#include <openssl/des.h>
+
+#include "libfuncs/libfuncs.h"
+
+#include "data.h"
+#include "util.h"
+#include "camd.h"
+
+#define NEWCAMD_PROTO_VER      525
+#define NEWCAMD_HDR_LEN        8
+#define NEWCAMD_FIRST_CMD_NO   0xe0
+
+typedef enum {
+	MSG_CLIENT_2_SERVER_LOGIN = NEWCAMD_FIRST_CMD_NO,
+	MSG_CLIENT_2_SERVER_LOGIN_ACK,
+	MSG_CLIENT_2_SERVER_LOGIN_NAK,
+	MSG_CARD_DATA_REQ,
+	MSG_CARD_DATA,
+	MSG_SERVER_2_CLIENT_NAME,
+	MSG_SERVER_2_CLIENT_NAME_ACK,
+	MSG_SERVER_2_CLIENT_NAME_NAK,
+	MSG_SERVER_2_CLIENT_LOGIN,
+	MSG_SERVER_2_CLIENT_LOGIN_ACK,
+	MSG_SERVER_2_CLIENT_LOGIN_NAK,
+	MSG_ADMIN,
+	MSG_ADMIN_ACK,
+	MSG_ADMIN_LOGIN,
+	MSG_ADMIN_LOGIN_ACK,
+	MSG_ADMIN_LOGIN_NAK,
+	MSG_ADMIN_COMMAND,
+	MSG_ADMIN_COMMAND_ACK,
+	MSG_ADMIN_COMMAND_NAK,
+	MSG_KEEPALIVE = NEWCAMD_FIRST_CMD_NO + 0x1d
+} net_msg_type_t;
+
+static void set_odd_parity(uint8_t *key) {
+	DES_set_odd_parity((DES_cblock *)&key[0]);
+	DES_set_odd_parity((DES_cblock *)&key[8]);
+}
+
+static void des_schedule_key(triple_des_t *td) {
+	DES_key_sched((DES_cblock *)&td->des_key[0],&td->ks1);
+	DES_key_sched((DES_cblock *)&td->des_key[8],&td->ks2);
+}
+
+static void des_key_spread(triple_des_t *td, uint8_t *normal) {
+	td->des_key[0]  =   normal[0] & 0xfe;
+	td->des_key[1]  = ((normal[0] << 7) | (normal[1] >> 1)) & 0xfe;
+	td->des_key[2]  = ((normal[1] << 6) | (normal[2] >> 2)) & 0xfe;
+	td->des_key[3]  = ((normal[2] << 5) | (normal[3] >> 3)) & 0xfe;
+	td->des_key[4]  = ((normal[3] << 4) | (normal[4] >> 4)) & 0xfe;
+	td->des_key[5]  = ((normal[4] << 3) | (normal[5] >> 5)) & 0xfe;
+	td->des_key[6]  = ((normal[5] << 2) | (normal[6] >> 6)) & 0xfe;
+	td->des_key[7]  =   normal[6] << 1;
+	td->des_key[8]  =   normal[7] & 0xfe;
+	td->des_key[9]  = ((normal[7] << 7)  | (normal[8] >> 1)) & 0xfe;
+	td->des_key[10] = ((normal[8] << 6)  | (normal[9] >> 2)) & 0xfe;
+	td->des_key[11] = ((normal[9] << 5)  | (normal[10] >> 3)) & 0xfe;
+	td->des_key[12] = ((normal[10] << 4) | (normal[11] >> 4)) & 0xfe;
+	td->des_key[13] = ((normal[11] << 3) | (normal[12] >> 5)) & 0xfe;
+	td->des_key[14] = ((normal[12] << 2) | (normal[13] >> 6)) & 0xfe;
+	td->des_key[15] =   normal[13] << 1;
+	set_odd_parity(td->des_key);
+};
+
+static uint8_t xor_sum(const uint8_t *mem, int len) {
+	uint8_t cs = 0;
+	while (len > 0) {
+		cs ^= *mem++;
+		len--;
+	}
+	return cs;
+}
+
+static int pad_message(uint8_t *data, int len) {
+	DES_cblock padBytes;
+	uint8_t noPadBytes = (8 - ((len - 1) % 8)) % 8;
+	if (len + noPadBytes + 1 >= NEWCAMD_MSG_SIZE - 8)
+		return -1;
+	DES_random_key(&padBytes);
+	memcpy(data + len, padBytes, noPadBytes);
+	len += noPadBytes;
+	data[len] = xor_sum(data + 2, len - 2);
+	return len + 1;
+}
+
+static const uint8_t *triple_des_encrypt(triple_des_t *td, uint8_t *data, int len, uint8_t *crypted) {
+	DES_cblock ivec;
+	DES_random_key(&ivec);
+	memcpy(crypted + len, ivec, sizeof(ivec));
+	DES_ede2_cbc_encrypt(data + 2, crypted + 2, len - 2, &td->ks1, &td->ks2, (DES_cblock *)ivec, DES_ENCRYPT);
+	return crypted;
+}
+
+static void triple_des_decrypt(triple_des_t *td, uint8_t *data, int len) {
+	if ((len-2) % 8 || (len-2) < 16)
+		return;
+	DES_cblock ivec;
+	len -= sizeof(ivec);
+	memcpy(ivec, data+len, sizeof(ivec));
+	DES_ede2_cbc_encrypt(data+2, data+2, len-2, &td->ks1, &td->ks2, (DES_cblock *)ivec, DES_DECRYPT);
+}
+
+static void prepare_login_key(struct camd *c, const uint8_t *rkey) {
+	unsigned int i;
+	uint8_t tmpkey[14];
+	for(i = 0; i < sizeof(tmpkey); i++)
+		tmpkey[i] = rkey[i] ^ c->newcamd.bin_des_key[i];
+	des_key_spread(&c->newcamd.td_key, tmpkey);
+}
+
+static int newcamd_connect(struct camd *c);
+
+static uint8_t newcamd_send_msg(struct camd *c, const uint8_t *data, int data_len, uint16_t service_id, uint8_t useMsgId) {
+	uint8_t netbuf[NEWCAMD_MSG_SIZE];
+
+	if (newcamd_connect(c) < 0)
+		return 0;
+
+	if (data_len < 3 || (data_len + NEWCAMD_HDR_LEN + 4) > NEWCAMD_MSG_SIZE) {
+		ts_LOGf("ERR | [%s] Bad message size.\n", c->ops.ident);
+		return 0; // false
+	}
+
+	memset(&netbuf[2], 0, NEWCAMD_HDR_LEN + 2);
+	memcpy(&netbuf[NEWCAMD_HDR_LEN + 4], data, data_len);
+
+	netbuf[NEWCAMD_HDR_LEN + 4 + 1] = (data[1] & 0xF0) | (((data_len - 3) >> 8) & 0x0F);
+	netbuf[NEWCAMD_HDR_LEN + 4 + 2] = (data_len - 3) & 0xFF;
+
+	data_len += 4;
+	netbuf[4] = service_id >> 8;
+	netbuf[5] = service_id & 0xFF;
+
+	data_len += NEWCAMD_HDR_LEN;
+
+	if (useMsgId) {
+		c->newcamd.msg_id++;
+		netbuf[2] = c->newcamd.msg_id >> 8;
+		netbuf[3] = c->newcamd.msg_id & 0xFF;
+	}
+
+	if ((data_len = pad_message(netbuf, data_len)) < 0) {
+		ts_LOGf("ERR | [%s] Pad_message failed.\n", c->ops.ident);
+		return 0;
+	}
+
+	if ((data = triple_des_encrypt(&c->newcamd.td_key, netbuf, data_len, netbuf)) == 0) {
+		ts_LOGf("ERR | [%s] Encrypt failed.\n", c->ops.ident);
+		return 0;
+	}
+
+	data_len += sizeof(DES_cblock);
+	netbuf[0] = (data_len - 2) >> 8;
+	netbuf[1] = (data_len - 2) & 0xFF;
+
+	return fdwrite(c->server_fd, (char *)netbuf, data_len);
+}
+
+static int newcamd_recv_msg(struct camd *c, uint8_t *data, uint8_t useMsgId) {
+	uint8_t *netbuf = c->newcamd.buf;
+
+	if (fdread(c->server_fd, (char *)netbuf, 2) != 2) {
+		ts_LOGf("ERR | [%s] Failed to read message.\n", c->ops.ident);
+		return 0;
+	}
+
+	int mlen = ((netbuf[0] << 8) | netbuf[1]) & 0xFFFF;
+	if (mlen > NEWCAMD_MSG_SIZE - 2) {
+		ts_LOGf("ERR | [%s] Buffer overflow [mlen = %d]\n", c->ops.ident, mlen);
+		return 0;
+	}
+
+	if (fdread(c->server_fd, (char *)netbuf+2, mlen) != mlen) {
+		ts_LOGf("ERR | [%s] Failed to read message.\n", c->ops.ident);
+		return 0;
+	}
+
+	mlen += 2;
+	triple_des_decrypt(&c->newcamd.td_key, netbuf, mlen);
+	mlen -= sizeof(DES_cblock);
+	if (xor_sum(netbuf + 2, mlen - 2)) {
+		ts_LOGf("ERR | [%s] Checksum error.\n", c->ops.ident);
+		return 0;
+	}
+
+	int retlen = (((netbuf[5 + NEWCAMD_HDR_LEN] << 8) | netbuf[6 + NEWCAMD_HDR_LEN]) & 0x0FFF) + 3;
+
+	if (useMsgId) {
+		uint16_t tmp = ((netbuf[2] << 8) | netbuf[3]) & 0xFFFF;
+		if (c->newcamd.msg_id != tmp) {
+			ts_LOGf("ERR | [%s] Bad msg_id %04X != %04X\n", c->ops.ident, c->newcamd.msg_id, tmp);
+			return -2;
+		}
+	}
+
+	memmove(data, netbuf + 4 + NEWCAMD_HDR_LEN, retlen);
+
+	return retlen;
+}
+
+static uint8_t newcamd_send_cmd(struct camd *c, net_msg_type_t cmd) {
+	uint8_t data[3] = { 0, 0, 0 };
+	data[0] = cmd;
+	return newcamd_send_msg(c, data, sizeof(data), 0, 0);
+}
+
+static int newcamd_recv_cmd(struct camd *c) {
+	uint8_t buffer[NEWCAMD_MSG_SIZE];
+	if (newcamd_recv_msg(c, buffer, 0) != 3)
+		return -1;
+	return buffer[0];
+}
+
+static void newcamd_init_card_data(struct camd *c, struct newcamd *nc, uint8_t *buffer) {
+	int i;
+	char msg_buffer[32];
+
+	nc->caid = (buffer[4] << 8) | buffer[5];
+
+	for(i = 0; i < 8; i++)
+		sprintf(&msg_buffer[i*2], "%02X", buffer[6 + i]);
+
+	ts_LOGf("CAM | [%s] Card info: CAID 0x%04X Admin=%s srvUA=%s\n",
+		c->ops.ident, nc->caid, (buffer[3]==1) ? "YES" : "NO", msg_buffer);
+	memcpy(nc->ua, &buffer[6], 8);
+
+	// Parse providers
+	uint8_t is_ok = 0;
+	nc->num_of_provs = buffer[14];
+	for (i = 0; i < nc->num_of_provs; i++) {
+		if (nc->prov_ident_manual == 0) {
+			memcpy(nc->provs_ident[i], &buffer[15+11*i], 3);
+			memcpy(nc->provs_id[i], &buffer[18+11*i], 8);
+		} else {
+			if (!memcmp(nc->provs_ident[0], &buffer[15+11*i], 3)) {
+				is_ok = 1;
+				memcpy(nc->provs_id[0], &buffer[18+11*i], 8);
+			} else {
+				continue;
+			}
+		}
+		uint8_t debug_idx = (nc->prov_ident_manual == 1) ? 0 : i;
+		ts_LOGf("CAM | [%s] Card info: Provider %d : %02X%02X%02X : %02X%02X%02X%02X%02X%02X%02X%02X\n",
+				c->ops.ident,
+				debug_idx,
+				nc->provs_ident[debug_idx][0], nc->provs_ident[debug_idx][1],
+				nc->provs_ident[debug_idx][2], nc->provs_id[debug_idx][0],
+				nc->provs_id[debug_idx][1], nc->provs_id[debug_idx][2],
+				nc->provs_id[debug_idx][3], nc->provs_id[debug_idx][4],
+				nc->provs_id[debug_idx][5], nc->provs_id[debug_idx][6],
+				nc->provs_id[debug_idx][7]);
+
+		if (nc->prov_ident_manual == 1 && is_ok == 1) {
+			nc->num_of_provs = 1;
+			break;
+		}
+	}
+}
+
+static int newcamd_login(struct camd *c) {
+	uint8_t *buffer = c->newcamd.buf;
+
+	c->newcamd.caid = 0;
+	c->newcamd.msg_id = 0;
+
+	uint8_t rand_data[14];
+	if (fdread(c->server_fd, (char *)rand_data, sizeof(rand_data)) != 14) {
+		ts_LOGf("ERR | [%s] Can't read protocol handshake.\n", c->ops.ident);
+		return 0;
+	}
+
+	struct crypt_data crypt_data;
+	crypt_data.initialized = 0;
+	char *crPasswd = crypt_r(c->pass, "$1$abcdefgh$", &crypt_data);
+
+	const int userLen = strlen(c->user) + 1;
+	const int passLen = strlen(crPasswd) + 1;
+
+	// prepare login message
+	buffer[0] = MSG_CLIENT_2_SERVER_LOGIN;
+	buffer[1] = 0;
+	buffer[2] = userLen + passLen;
+	memcpy(&buffer[3], c->user, userLen);
+	memcpy(&buffer[3 + userLen], crPasswd, passLen);
+
+	prepare_login_key(c, rand_data);
+	des_schedule_key(&c->newcamd.td_key);
+
+	if (!newcamd_send_msg(c, buffer, buffer[2] + 3, 0, 1) ||
+		newcamd_recv_cmd(c) != MSG_CLIENT_2_SERVER_LOGIN_ACK)
+	{
+		ts_LOGf("ERR | [%s] Login failed. Check user/pass/des-key.\n", c->ops.ident);
+		sleep(1);
+		return 0;
+	}
+
+	// Prepare session key
+	uint8_t tmpkey[14];
+	memcpy(tmpkey, c->newcamd.bin_des_key, sizeof(tmpkey));
+	int i;
+	for(i = 0; i < (passLen - 1); ++i)
+		tmpkey[i % 14] ^= crPasswd[i];
+	des_key_spread(&c->newcamd.td_key, tmpkey);
+	des_schedule_key(&c->newcamd.td_key);
+
+	if (!newcamd_send_cmd(c, MSG_CARD_DATA_REQ) || newcamd_recv_msg(c, buffer, 0) <= 0) {
+		ts_LOGf("ERR | [%s] MSG_CARD_DATA_REQ error.\n", c->ops.ident);
+		return 0;
+	}
+
+	if (buffer[0] == MSG_CARD_DATA) {
+		newcamd_init_card_data(c, &c->newcamd, buffer);
+	} else {
+		ts_LOGf("ERR | [%s] MSG_CARD_DATA response error.\n", c->ops.ident);
+	}
+
+	return 1;
+}
+
+static int newcamd_connect(struct camd *c) {
+	if (c->server_fd < 0) {
+		c->server_fd = camd_tcp_connect(c->server_addr, c->server_port);
+		if (!newcamd_login(c))
+			shutdown_fd(&c->server_fd);
+	}
+	return c->server_fd;
+}
+
+static void newcamd_disconnect(struct camd *c) {
+	shutdown_fd(&c->server_fd);
+}
+
+static int newcamd_reconnect(struct camd *c) {
+	newcamd_disconnect(c);
+	return newcamd_connect(c);
+}
+
+static int newcamd_do_ecm(struct camd *c, struct camd_msg *msg) {
+	return newcamd_send_msg(c, msg->data, msg->data_len, msg->service_id, 1);
+}
+
+static int newcamd_do_emm(struct camd *c, struct camd_msg *msg) {
+	uint8_t *buf = c->newcamd.buf;
+	int ret;
+
+	ret = newcamd_send_msg(c, msg->data, msg->data_len, msg->service_id, 1);
+	if (!ret)
+		return ret;
+
+	int data_len = newcamd_recv_msg(c, buf, 1);
+	if (data_len >= 3) {
+		if (buf[1] & 0x10)
+			return 1; // OK
+		ts_LOGf("ERR | [%s] EMM rejected by card.\n", c->ops.ident);
+	} else {
+		ts_LOGf("ERR | [%s] EMM unexpected server response (data_len=%d, buf[1]=0x%02x).\n",
+			c->ops.ident, data_len, buf[1]);
+	}
+
+	return 0; // Error
+}
+
+static int newcamd_get_cw(struct camd *c, uint16_t *ca_id, uint16_t *idx, uint8_t *cw) {
+	int ret;
+	uint8_t *buf = c->newcamd.buf;
+
+	while((ret = newcamd_recv_msg(c, buf, 1)) == -2)
+		ts_LOGf("ERR | [%s] msg_id sync error. retrying...\n", c->ops.ident);
+
+	if (ret != 19) {
+		if (ret == 3)
+			ts_LOGf("ERR | [%s] Card was not able to decode the channel.\n", c->ops.ident);
+		else
+			ts_LOGf("ERR | [%s] Unexpected CAMD server response (code %d).\n", c->ops.ident, ret);
+		return 0;
+	}
+
+	*ca_id = c->newcamd.caid;
+	*idx   = 0; // FIXME
+	memcpy(cw, c->newcamd.buf + 3, 16);
+	return 1;
+}
+
+void camd_proto_newcamd(struct camd_ops *ops) {
+	strcpy(ops->ident, "newcamd");
+	ops->proto		= CAMD_NEWCAMD;
+	ops->connect	= newcamd_connect;
+	ops->disconnect	= newcamd_disconnect;
+	ops->reconnect	= newcamd_reconnect;
+	ops->do_emm		= newcamd_do_emm;
+	ops->do_ecm		= newcamd_do_ecm;
+	ops->get_cw		= newcamd_get_cw;
+}

camd.h

@@ -31,5 +31,6 @@ void					camd_stop			(struct ts *ts);
 void					camd_process_packet	(struct ts *ts, struct camd_msg *msg);
 
 void					camd_proto_cs378x	(struct camd_ops *ops);
+void					camd_proto_newcamd	(struct camd_ops *ops);
 
 #endif

data.c

@@ -67,6 +67,7 @@ void data_init(struct ts *ts) {
 	ts->camd.key          = &ts->key;
 	strcpy(ts->camd.user, "user");
 	strcpy(ts->camd.pass, "pass");
+	strcpy(ts->camd.newcamd.hex_des_key, "0102030405060708091011121314");
 
 	camd_proto_cs378x(&ts->camd.ops);
 

data.h

@@ -22,6 +22,7 @@
 #include <limits.h>
 
 #include <openssl/aes.h>
+#include <openssl/des.h>
 #include <openssl/md5.h>
 
 #include <dvbcsa/dvbcsa.h>
@@ -77,6 +78,7 @@ struct camd_msg {
 
 enum camd_proto {
 	CAMD_CS378X,
+	CAMD_NEWCAMD,
 };
 
 struct camd_ops {
@@ -99,6 +101,32 @@ struct cs378x {
 	uint16_t		msg_id;
 };
 
+#define DESKEY_LENGTH     28
+#define NEWCAMD_MSG_SIZE  400
+#define NEWCAMD_MAXPROV   32
+
+typedef struct {
+	DES_key_schedule ks1;
+	DES_key_schedule ks2;
+	uint8_t des_key[16];
+} triple_des_t;
+
+struct newcamd {
+	// newcamd private data
+	uint8_t			buf[NEWCAMD_MSG_SIZE];
+	char			hex_des_key[DESKEY_LENGTH + 1];
+	uint8_t			bin_des_key[DESKEY_LENGTH / 2];	// Decoded des_key
+	triple_des_t	td_key;
+	uint16_t		msg_id;
+	// Initialized from CARD INFO command
+	int				caid;
+	uint8_t			ua[8];
+	uint8_t			num_of_provs;
+	uint8_t			provs_ident[NEWCAMD_MAXPROV][3];
+	uint8_t			provs_id[NEWCAMD_MAXPROV][8];
+	uint8_t			prov_ident_manual;
+};
+
 struct camd {
 	int				server_fd;
 	struct in_addr	server_addr;
@@ -118,6 +146,7 @@ struct camd {
 
 	struct camd_ops	ops;
 	struct cs378x	cs378x;
+	struct newcamd	newcamd;
 };
 
 enum io_type {

tsdecrypt.1

@@ -5,9 +5,10 @@ tsdecrypt - Decrypt mpeg transport stream.
 .B tsdecrypt
 [\fIoptions\fR]
 .SH DESCRIPTION
-tsdecrypt reads incoming mpeg transport stream over UDP/RTP and then decrypts it
-using libdvbcsa and keys obtained from OSCAM or similar cam server. tsdecrypt
-communicates with CAM server using camd35 over tcp protocol also known as cs378x.
+tsdecrypt reads incoming mpeg transport stream over UDP/RTP or file and
+then decrypts it using libdvbcsa and keys obtained from OSCAM or similar
+CAMD server. tsdecrypt communicates with CAM server using cs378x (camd35
+over tcp) protocol or newcamd protocol.
 .SH OPTIONS
 .TP
 .SH MAIN OPTIONS
@@ -122,10 +123,15 @@ one CA but with different CAIDs.
 .SH CAMD OPTIONS
 .PP
 .TP
+\fB\-A\fR, \fB\-\-camd\-proto\fR <protocol>
+Set CAMD server protocol. Valid protocols are \fBCS378X\fR and \fBNEWCAMD\fR.
+If this option is not used the default protocol is \fBCS378X\fR (camd35 over
+tcp).
+.TP
 \fB\-s\fR, \fB\-\-camd\-server\fR <addr[:port]>
 Set CAMD server ip and port (10.0.1.1:2233). Is not set default port
-is \fB2233\fR. tsdecrypt is tested and working with OSCAM using cs378x protocol
-(camd35 over tcp).
+is \fB2233\fR. 2233 is the default port CS378X protocol, for NEWCAMD
+protocol you probably should choose other port.
 .TP
 \fB\-U\fR, \fB\-\-camd\-user\fR <username>
 Set CAMD user name. The default is \fBuser\fR.
@@ -133,6 +139,10 @@ Set CAMD user name. The default is \fBuser\fR.
 \fB\-P\fR, \fB\-\-camd\-pass\fR <password>
 Set CAMD user password. The default is \fBpass\fR.
 .TP
+\fB\-B\fR, \fB\-\-camd\-des\-key\fR <des_key>
+Set DES key used by NEWCAMD protocol. The default
+is \fB0102030405060708091011121314\fR.
+.TP
 .SH EMM OPTIONS
 .PP
 .TP

tsdecrypt.c

@@ -103,7 +103,7 @@ void run_benchmark(void) {
 	puts("* Done *");
 }
 
-// Unused short options: ABFQTWYagjkmnqruv0123456789
+// Unused short options: FQTWYagjkmnqruv0123456789
 static const struct option long_options[] = {
 	{ "ident",				required_argument, NULL, 'i' },
 	{ "daemon",				required_argument, NULL, 'd' },
@@ -127,9 +127,12 @@ static const struct option long_options[] = {
 
 	{ "ca-system",			required_argument, NULL, 'c' },
 	{ "caid",				required_argument, NULL, 'C' },
+
+	{ "camd-proto",			required_argument, NULL, 'A' },
 	{ "camd-server",		required_argument, NULL, 's' },
 	{ "camd-user",			required_argument, NULL, 'U' },
 	{ "camd-pass",			required_argument, NULL, 'P' },
+	{ "camd-des-key",		required_argument, NULL, 'B' },
 
 	{ "emm",				no_argument,       NULL, 'e' },
 	{ "emm-pid",			required_argument, NULL, 'Z' },
@@ -194,9 +197,13 @@ static void show_help(struct ts *ts) {
 	printf(" -C --caid <caid>           | Set CAID. Default: Taken from --ca-system.\n");
 	printf("\n");
 	printf("CAMD server options:\n");
+	printf(" -A --camd-proto <proto>    | Set CAMD network protocol.\n");
+	printf("                            . Valid protocols are: CS378X (default) and NEWCAMD\n");
 	printf(" -s --camd-server <addr>    | Set CAMD server ip_address:port (1.2.3.4:2233).\n");
 	printf(" -U --camd-user <user>      | Set CAMD server user. Default: %s\n", ts->camd.user);
 	printf(" -P --camd-pass <pass>      | Set CAMD server password. Default: %s\n", ts->camd.pass);
+	printf(" -B --camd-des-key <key>    | Set DES key for newcamd protocol.\n");
+	printf("                            . Default: %s\n", ts->camd.newcamd.hex_des_key);
 	printf("\n");
 	printf("EMM options:\n");
 	printf(" -e --emm                   | Enable sending EMM's to CAMD. Default: %s\n", ts->emm_send ? "enabled" : "disabled");
@@ -255,8 +262,8 @@ static int parse_io_param(struct io *io, char *opt, int open_flags, mode_t open_
 }
 
 static void parse_options(struct ts *ts, int argc, char **argv) {
-	int j, i, ca_err = 0, server_err = 1, input_addr_err = 0, output_addr_err = 0, output_intf_err = 0, ident_err = 0;
-	while ( (j = getopt_long(argc, argv, "i:d:N:Sl:L:I:RzM:O:o:t:pwxyc:C:s:U:P:eZ:Ef:X:H:G:KJ:D:bhV", long_options, NULL)) != -1 ) {
+	int j, i, ca_err = 0, server_err = 1, input_addr_err = 0, output_addr_err = 0, output_intf_err = 0, ident_err = 0, port_set = 0;
+	while ( (j = getopt_long(argc, argv, "i:d:N:Sl:L:I:RzM:O:o:t:pwxyc:C:A:s:U:P:B:eZ:Ef:X:H:G:KJ:D:bhV", long_options, NULL)) != -1 ) {
 		char *p = NULL;
 		switch (j) {
 			case 'i':
@@ -348,11 +355,22 @@ static void parse_options(struct ts *ts, int argc, char **argv) {
 				ts->forced_caid = strtoul(optarg, NULL, 0) & 0xffff;
 				break;
 
+			case 'A':
+				if (strcasecmp(optarg, "cs378x") == 0) {
+					camd_proto_cs378x(&ts->camd.ops);
+				} else if (strcasecmp(optarg, "newcamd") == 0) {
+					camd_proto_newcamd(&ts->camd.ops);
+				} else {
+					fprintf(stderr, "Unknown CAMD protocol: %s\n", optarg);
+					exit(EXIT_FAILURE);
+				}
+				break;
 			case 's':
 				p = strrchr(optarg, ':');
 				if (p) {
 					*p = 0x00;
 					ts->camd.server_port = atoi(p + 1);
+					port_set = 1;
 				}
 				if (inet_aton(optarg, &ts->camd.server_addr) == 0)
 					server_err = 1;
@@ -367,6 +385,14 @@ static void parse_options(struct ts *ts, int argc, char **argv) {
 				strncpy(ts->camd.pass, optarg, sizeof(ts->camd.pass) - 1);
 				ts->camd.pass[sizeof(ts->camd.pass) - 1] = 0;
 				break;
+			case 'B':
+				if (strlen(optarg) != DESKEY_LENGTH) {
+					fprintf(stderr, "ERROR: des key should be %u characters long.\n", DESKEY_LENGTH);
+					exit(EXIT_FAILURE);
+				}
+				strncpy(ts->camd.newcamd.hex_des_key, optarg, sizeof(ts->camd.newcamd.hex_des_key) - 1);
+				ts->camd.newcamd.hex_des_key[sizeof(ts->camd.newcamd.hex_des_key) - 1] = 0;
+				break;
 
 			case 'e':
 				ts->emm_send = !ts->emm_send;
@@ -441,6 +467,15 @@ static void parse_options(struct ts *ts, int argc, char **argv) {
 			fprintf(stderr, "ERROR: Output interface address is invalid.\n");
 		exit(EXIT_FAILURE);
 	}
+	if (decode_hex_string(ts->camd.newcamd.hex_des_key, ts->camd.newcamd.bin_des_key, DESKEY_LENGTH) < 0) {
+		fprintf(stderr, "ERROR: Invalid hex string for des key: %s\n", ts->camd.newcamd.hex_des_key);
+		exit(EXIT_FAILURE);
+	}
+	if (ts->camd.ops.proto == CAMD_NEWCAMD && !port_set) {
+		fprintf(stderr, "ERROR: CAMD server port is not set. Use --camd-server %s:xxxx to set the port.\n", inet_ntoa(ts->camd.server_addr));
+		exit(EXIT_FAILURE);
+	}
+
 	ts_LOGf("Ident      : %s\n", ts->ident[0] ? ts->ident : "*NOT SET*");
 	ts_LOGf("Notify prog: %s\n", ts->notify_program[0] ? ts->notify_program : "*NOT SET*");
 	if (ts->pidfile[0])
@@ -499,9 +534,12 @@ static void parse_options(struct ts *ts, int argc, char **argv) {
 				ts_LOGf("Out filter : Pass through TDT/TOT.\n");
 		}
 	}
-	ts_LOGf("Server addr: tcp://%s:%u/\n", inet_ntoa(ts->camd.server_addr), ts->camd.server_port);
-	ts_LOGf("Server user: %s\n", ts->camd.user);
-	ts_LOGf("Server pass: %s\n", ts->camd.pass);
+	ts_LOGf("CAMD proto : %s\n", ts->camd.ops.ident);
+	ts_LOGf("CAMD addr  : tcp://%s:%u/\n", inet_ntoa(ts->camd.server_addr), ts->camd.server_port);
+	ts_LOGf("CAMD user  : %s\n", ts->camd.user);
+	ts_LOGf("CAMD pass  : %s\n", ts->camd.pass);
+	if (ts->camd.ops.proto == CAMD_NEWCAMD)
+		ts_LOGf("CAMD deskey: %s\n", ts->camd.newcamd.hex_des_key);
 
 	ts_LOGf("TS discont : %s\n", ts->ts_discont ? "report" : "ignore");
 	ts->threaded = !(ts->input.type == FILE_IO && ts->input.fd != 0);

util.c

@@ -135,3 +135,22 @@ void set_thread_name(char *thread_name) {
 }
 
 #endif
+
+static int decode_hex_char(char c) {
+	if ((c >= '0') && (c <= '9')) return c - '0';
+	if ((c >= 'A') && (c <= 'F')) return c - 'A' + 10;
+	if ((c >= 'a') && (c <= 'f')) return c - 'a' + 10;
+	return -1;
+}
+
+int decode_hex_string(char *hex, uint8_t *bin, int asc_len) {
+	int i;
+	for (i = 0; i < asc_len; i += 2) {
+		int n1 = decode_hex_char(hex[i + 0]);
+		int n2 = decode_hex_char(hex[i + 1]);
+		if (n1 == -1 || n2 == -1)
+			return -1;
+		bin[i / 2] = (n1 << 4) | (n2 & 0xf);
+	}
+	return asc_len / 2;
+}

util.h

@@ -26,5 +26,6 @@ uint8_t *init_4b(uint32_t val, uint8_t *b);
 uint8_t *init_4l(uint32_t val, uint8_t *b);
 uint8_t *init_2b(uint32_t val, uint8_t *b);
 void set_thread_name(char *thread_name);
+int decode_hex_string(char *hex, uint8_t *bin, int asc_len);
 
 #endif