tsdecrypt
=========
tsdecrypt reads incoming mpeg transport stream over UDP/RTP and then
decrypts it using libdvbcsa and keys obtained from OSCAM or similar cam
server. tsdecrypt communicates with CAM server using cs378x (camd35 over
tcp) protocol or newcamd protocol.

License
=======
tsdecrypt is released under GNU GPL v2.

Installation
============
tsdecrypt depends on two external libraries - openssl and libdvbcsa.
You probably already have openssl installed, libdvbcsa can be downloaded
from http://www.videolan.org/developers/libdvbcsa.html

Documentation
=============
tsdecrypt is controlled using command line parameters. For more information
about the parameters see the man page.

Daemon options:
 -i --ident <server>        | Format PROVIDER/CHANNEL. Default: empty
 -d --daemon <pidfile>      | Daemonize program and write pid file.
 -N --notify-program <prg>  | Execute <prg> to report events. Default: empty

 -S --syslog                | Log messages using syslog.
 -l --syslog-host <host>    | Syslog server address. Default: disabled
 -L --syslog-port <port>    | Syslog server port. Default: 514

Input options:
 -I --input <source>        | Where to read from. File or multicast address.
                            .    -I 224.0.0.1:5000 (multicast receive)
                            .    -I file.ts        (read from file)
                            .    -I -              (read from stdin) (default)
 -R --input-rtp             | Enable RTP input
 -z --input-ignore-disc     | Do not report discontinuty errors in input.
 -M --input-service <srvid> | Choose service id when input is MPTS.
 -W --input-dump <filename> | Save input stream in file.

Output options:
 -O --output <dest>         | Where to send output. File or multicast address.
                            .    -O 239.0.0.1:5000 (multicast send)
                            .    -O file.ts        (write to file)
                            .    -O -              (write to stdout) (default)
 -o --output-intf <addr>    | Set multicast output interface. Default: 0.0.0.0
 -t --output-ttl <ttl>      | Set multicast ttl. Default: 1
 -g --output-tos <tos>      | Set TOS value of output packets. Default: none
 -r --output-rtp            | Enable RTP output.
 -k --output-rtp-ssrc <id>  | Set RTP SSRC. Default: 0
 -p --no-output-filter      | Disable output filtering. Default: enabled
 -y --output-nit-pass       | Pass through NIT.
 -w --output-eit-pass       | Pass through EIT (EPG).
 -x --output-tdt-pass       | Pass through TDT/TOT.

CA options:
 -c --ca-system <ca_sys>    | Process input EMM/ECM from <ca_sys>.
                            | Valid systems are: CONAX (default), CRYPTOWORKS,
                            .   IRDETO, SECA (MEDIAGUARD), VIACCESS,
                            .   VIDEOGUARD (NDS), NAGRA and DRECRYPT.
 -C --caid <caid>           | Set CAID. Default: Taken from --ca-system.

CAMD server options:
 -A --camd-proto <proto>    | Set CAMD network protocol.
                            . Valid protocols are: CS378X (default) and NEWCAMD
 -s --camd-server <addr>    | Set CAMD server ip_address:port (1.2.3.4:2233).
 -U --camd-user <user>      | Set CAMD server user. Default: user
 -P --camd-pass <pass>      | Set CAMD server password. Default: pass
 -B --camd-des-key <key>    | Set DES key for newcamd protocol.
                            . Default: 0102030405060708091011121314

EMM options:
 -e --emm                   | Enable sending EMM's to CAMD. Default: disabled
 -E --emm-only              | Send only EMMs to CAMD, skipping ECMs and without
                            .   decoding the input stream.
 -Z --emm-pid <pid>         | Force EMM pid. Default: none
 -f --emm-report-time <sec> | Report each <sec> seconds how much EMMs have been
                            .   received/processed. Set <sec> to 0 to disable
                            .   the reports. Default: 60 sec

ECM options:
 -X --ecm-pid <pid>         | Force ECM pid. Default: none
 -H --ecm-report-time <sec> | Report each <sec> how much ECMs and CWs have been
                            .   processed/skipped. Set <sec> to 0 to disable
                            .   the reports. Default: 60 sec
 -G --ecm-irdeto-type <int> | Process IRDETO ECMs with type X /0-3/. Default: 0
 -K --ecm-no-log            | Disable ECM and code words logging.
 -J --cw-warn-time <sec>    | Warn if no valid code word has been received.
                            .   Set <sec> to 0 to disable. Default: 60 sec

Misc options:
 -D --debug <level>         | Message debug level.
                            .    0 = default messages
                            .    1 = show PSI tables
                            .    2 = show EMMs
                            .    3 = show duplicate ECMs
                            .    4 = packet debug
                            .    5 = packet debug + packet dump
 -j --pid-report            | Report how much packets were received.
 -b --bench                 | Benchmark decrypton.
 -h --help                  | Show help screen.
 -V --version               | Show program version.

Development
===========
The development is done using git. tsdecrypt repository is hosted
at http://github.com/gfto/tsdecrypt

To clone the repository issue the following commands:

   git clone git://github.com/gfto/tsdecrypt.git
   git submodule init
   git submodule update
   make

The code is developed and tested under modern Linux. It is also
compiled from time to time under OS X but is not tested there.

Updating the code
=================
To update cloned tsdecrypt, go to the directory where the repository
is cloned and run the following commands:

   git fetch origin
   git merge origin/master
   git submodule update
   make distclean all

Examples
========
To get a quick start here are some example command lines. The default
CA system is set to CONAX, you can change it using --ca-system parameter,
see man page or program help for more options.

Examples:

   # Decrypt multicast stream from 239.0.50.11:5000 using 10.0.1.1:2233
   # as camd server and output decrypted result to 239.78.78.78:5000
   tsdecrypt --camd-server 10.0.1.1 \
       --input 239.0.50.11:5000 --output 239.78.78.78:5000

   # Same as above but enable EMM processing
   tsdecrypt --emm --camd-server 10.0.1.1:2233 \
       --input 239.0.50.11:5000 --output 239.78.78.78:5000

   # Same as above but do not filter output stream thus allowing
   # EIT/TOT/NIT, etc tables to passthrough
   tsdecrypt --output-filter --emm -camd-server 10.0.1.1 \
       --input 239.0.50.11:5000 --output 239.78.78.78:5000

   # Read stream over RTP and process VIACCESS encoded channel
   tsdecrypt --ca-system VIACCESS --emm --camd-server 10.0.1.1:2233 \
       --input-rtp --input 239.0.50.11:5000 --output 239.78.78.78:5000


OSCAM cs378x configuration
==========================
In order for tsdecrypt to communicate with OSCAM using cs378x (camd35
over tcp) protocol you can use configuration like the examples bellow.

# Example oscam.user file:
[account]
user     = user
pwd      = pass
group    = 1
au       = 1
uniq     = 0
monlevel = 4

# Example part of oscam.conf file:
[cs378x]
port    = 2233

OSCAM newcamd configuration
===========================
In order for tsdecrypt to communicate with OSCAM using newcamd protocol
you can use configuration like the examples bellow.

# Example oscam.user file
[account]
user     = user
pwd      = pass
group    = 1
au       = 1
uniq     = 0
monlevel = 4
ident    = 0604:000000
caid     = 0604

# Example part of oscam.conf file:
[newcamd]
port     = 1122@0604:000000
serverip = 0.0.0.0
key      = 0102030405060708091011121314

The above example allows tsdecrypt clients using newcamd to retrive keys
from OSCAM serving CAID 0x0604 (Irdeto) on port 1122.


Releases
========
Official releases can be downloaded from tsdecrypt home page which is

   http://georgi.unixsol.org/programs/tsdecrypt/

Contact
=======
For patches, bug reports, complaints and so on send e-mail to

   Georgi Chorbadzhiyski <georgi@unixsol.org>