tsdecrypt reads and decrypts CSA encrypted incoming mpeg transport stream over UDP/RTP using code words obtained from OSCAM or similar CAM server. tsdecrypt communicates with CAM server using cs378x (camd35 over tcp) protocol or newcamd protocol. https://georgi.unixsol.org/programs/tsdecrypt/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

tsdecrypt.1 11KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287
  1. .TH TSDECRYPT "1" "April 2012" "tsdecrypt 8.1" "User Commands"
  2. .SH NAME
  3. tsdecrypt \- Decrypt mpeg transport stream.
  4. .SH SYNOPSIS
  5. .B tsdecrypt
  6. [\fIoptions\fR]
  7. .SH DESCRIPTION
  8. tsdecrypt reads incoming mpeg transport stream over UDP/RTP or file and
  9. then decrypts it by after retriving code words from OSCAM or similar
  10. CAMD server. tsdecrypt communicates with CAM server using cs378x (camd35
  11. over tcp) protocol or newcamd protocol.
  12. .SH OPTIONS
  13. .TP
  14. .SH MAIN OPTIONS
  15. .PP
  16. .TP
  17. \fB\-i\fR, \fB\-\-ident\fR <ident>
  18. Set ident that will be used when logging to syslog. The preferred format
  19. for the ident is PROVIDER/CHANNEL.
  20. .TP
  21. \fB\-d\fR, \fB\-\-daemon\fR <pidfile>
  22. When started become a daemon and write pid file to <pidfile>.
  23. .TP
  24. \fB\-N\fR, \fB\-\-notify\-program\fR <program>
  25. Execute \fB<program>\fR when predefined events happen. In order for
  26. this option to work \fB\-\-ident\fR should also be used.
  27. You can use \fBnotify\-script.example\fR file as notification program
  28. and an example on how to create your own notification script.
  29. See \fBEVENTS\fR section for detailed description of the events.
  30. .TP
  31. \fB\-S\fR, \fB\-\-syslog\fR
  32. Write log messages to local syslog.
  33. .TP
  34. \fB\-l\fR, \fB\-\-syslog\-host\fR <addr>
  35. Set syslog host. tsdecrypt sends messages to this host over tcp in
  36. syslog compatible format. syslog\-ng was tested as receiving syslog server.
  37. .TP
  38. \fB\-L\fR, \fB\-\-syslog\-port\fR <port>
  39. Syslog server port. The default value is \fB514\fR.
  40. .TP
  41. \fB\-F\fR, \fB\-\-log\-file\fR <filename>
  42. Write logging data to <filename>. This option can be used along with syslog.
  43. .TP
  44. \fB\-D\fR, \fB\-\-debug\fR <level>
  45. Set message debug level. Currently there are five message levels.
  46. 0 = default messages, 1 = show PSI tables, 2 = show EMMs 3 = show
  47. duplicate ECMs, 4 = packet debug. 5 = packet debug + mpeg ts packet
  48. dump.
  49. Setting higher level enables the levels bellow.
  50. .TP
  51. \fB\-j\fR, \fB\-\-pid\-report\fR
  52. When this option is used, tsdecrypt on exit reports how much packets
  53. were received on each PID.
  54. .TP
  55. \fB\-b\fR, \fB\-\-bench\fR
  56. Bechmark the CSA decryption. The benchmark is single threaded.
  57. If you want to fully test your CPU, run couple of tsdecrypts in parallel.
  58. .TP
  59. \fB\-V\fR, \fB\-\-version\fR
  60. Show program version.
  61. .TP
  62. \fB\-h\fR, \fB\-\-help\fR
  63. Show program help.
  64. .TP
  65. .SH INPUT OPTIONS
  66. .PP
  67. .TP
  68. \fB\-I\fR, \fB\-\-input\fR <source>
  69. Where to read from. tsdecrypt supports input from files (\-I file.ts or \-I \-)
  70. or multicast (\-I 224.0.0.1:5000). By default tsdecrypt reads from \fBstdin\fR.
  71. .TP
  72. \fB\-R\fR, \fB\-\-input\-rtp\fR
  73. When reading from multicast assume the input is RTP stream. NOTE: No RTP
  74. processing/reordering of packets is done. The 12 byte RTP header is just
  75. stripped out and the stream is then processed as normal mpeg transport
  76. stream over UDP multicast.
  77. .TP
  78. \fB\-z\fR, \fB\-\-input\-ignore\-disc\fR
  79. Do not report input discontinuity or RTP discontinuity errors.
  80. .TP
  81. \fB\-M\fR, \fB\-\-input\-service\fR <service_id>
  82. Choose the service id. This option must be used when the input is MPTS
  83. in order to select the correct service (program). If the input is MPTS
  84. and \fB\-\-input\-service\fR is not used, tsdecrypt chooses the last service
  85. listed in PAT.
  86. .TP
  87. \fB\-T\fR, \fB\-\-input\-buffer\fR <miliseconds>
  88. Use this option to delay the decoding for certain amount of milliseconds. This
  89. allows tsdecrypt to decode services even if OSCAM returns code word too late.
  90. For example SkyUK sends code words ~700 ms before it starts using them. This
  91. means that if OSCAM is unable to return code word in less than 700 ms the
  92. decryption will fail for a small amount of time. Setting \-\-input\-buffer 1000
  93. will solve the problem in this case.
  94. .TP
  95. \fB\-W\fR, \fB\-\-input\-dump\fR <filename>
  96. Save input stream in <filename>. If the input is RTP, the file will contain
  97. the data without RTP headers (pure mpeg transport stream). Easiest way to
  98. save the input is using command line like the following:
  99. tsdecrypt \-I 239.78.78.78:5000 \-O /dev/null \-s 0.0.0.0 \-W file.ts
  100. .TP
  101. .SH OUTPUT OPTIONS
  102. .PP
  103. .TP
  104. \fB\-O\fR, \fB\-\-output\fR <dest>
  105. Output decrypted stream to <dest>. Destination can be multicast address
  106. (\-O 239.0.0.1:5000) or a file (\-O file.ts). The default output is \fBstdout\fR.
  107. .TP
  108. \fB\-o\fR, \fB\-\-output\-intf\fR <addr>
  109. Set multicast output interface.
  110. .TP
  111. \fB\-t\fR, \fB\-\-output\-ttl\fR
  112. Set multicast ttl. The default value is \fB1\fR.
  113. .TP
  114. \fB\-g\fR, \fB\-\-output\-tos\fR
  115. Set TOS value of output packets. The default is not to set any specific TOS.
  116. .TP
  117. \fB\-r\fR, \fB\-\-output\-rtp\fR
  118. Enable RTP output. The default output is standard MPEG TS over UDP, this
  119. option enables tsdecrypt to output RTP packets.
  120. .TP
  121. \fB\-k\fR, \fB\-\-output\-rtp\-ssrc\fR <ssrc>
  122. .TP
  123. \fB\-u\fR, \fB\-\-no\-output\-on\-error\fR
  124. Filter all output when there is no valid code word.
  125. .TP
  126. \fB\-p\fR, \fB\-\-no\-output\-filter\fR
  127. Disable output filtering. By default the output filter is enabled and only
  128. PAT/PMT/SDT and data packets are left in the output. Everything else not
  129. mentioned in PMT like NIT, EIT, TDT tables and unknown pids is removed.
  130. .TP
  131. \fB\-y\fR, \fB\-\-output\-nit\-pass\fR
  132. Pass through NIT packets when output filtering is enabled.
  133. .TP
  134. \fB\-w\fR, \fB\-\-output\-eit\-pass\fR
  135. Pass through EIT (EPG) packets when output filtering is enabled.
  136. .TP
  137. \fB\-x\fR, \fB\-\-output\-tdt\-pass\fR
  138. Pass through TDT/TOT packets when output filtering is enabled.
  139. .TP
  140. .SH CA OPTIONS
  141. .PP
  142. .TP
  143. \fB\-c\fR, \fB\-\-ca\-system\fR <ca_sys>
  144. Process input EMM/ECM from <ca_sys>. Currently tested and working CA systems
  145. are \fBCONAX\fR, \fBCRYPTOWORKS\fR, \fBIRDETO\fR, \fBVIACCESS\fR, \fBMEDIAGUARD\fR
  146. (\fBSECA\fR) and \fBVIDEOGUARD\fR (\fBNDS\fR), \fBNAGRA\fR and \fBBULCRYPT\fR.
  147. Other supported CA system that you can choose but is not tested is \fBDRECRYPT\fR.
  148. The default \fB<ca_sys>\fR is \fBCONAX\fR. You can override the default CAS CAIDs
  149. by using \fB\-\-caid\fR parameter.
  150. .TP
  151. \fB\-C\fR, \fB\-\-caid\fR <caid>
  152. Directly set CAID. This is useful if you have couple of CA streams from
  153. one CA but with different CAIDs or CAS that is unsupported by \fB\-\-ca\-system\fR
  154. parameter.
  155. .TP
  156. \fB\-Y\fR, \fB\-\-const\-cw\fR <code_word>
  157. Set constant code word to be used for decryption. The \fB<code_word>\fR should
  158. contain 32 hex chars. For example using \fBa1a2a3a4a5a6a7a8b1b2b3b4b5b6b7b8\fR
  159. as parameter will set even code word to \fBa1a2a3a4a5a6a7a8\fR and odd code
  160. word to \fBb1b2b3b4b5b6b7b8\fR.
  161. .TP
  162. \fB\-Q\fR, \fB\-\-biss\-key\fR <biss_key>
  163. Set BISS key to be used for decryption. The \fB<biss_key>\fR should
  164. contain 12 chars (hex). For example \fB112233445566\fR is valid BISS key.
  165. If the BISS key contains 16 chars this means that the key CRC is embeded
  166. in the key. These keys are also supported (they are the same as using
  167. constant code word with same code words for even and odd keys).
  168. .TP
  169. .SH CAMD OPTIONS
  170. .PP
  171. .TP
  172. \fB\-A\fR, \fB\-\-camd\-proto\fR <protocol>
  173. Set CAMD server protocol. Valid protocols are \fBCS378X\fR and \fBNEWCAMD\fR.
  174. If this option is not used the default protocol is \fBCS378X\fR (camd35 over
  175. tcp).
  176. .TP
  177. \fB\-s\fR, \fB\-\-camd\-server\fR <addr[:port]>
  178. Set CAMD server ip and port (10.0.1.1:2233). Is not set default port
  179. is \fB2233\fR. 2233 is the default port CS378X protocol, for NEWCAMD
  180. protocol you probably should choose other port.
  181. .TP
  182. \fB\-U\fR, \fB\-\-camd\-user\fR <username>
  183. Set CAMD user name. The default is \fBuser\fR.
  184. .TP
  185. \fB\-P\fR, \fB\-\-camd\-pass\fR <password>
  186. Set CAMD user password. The default is \fBpass\fR.
  187. .TP
  188. \fB\-B\fR, \fB\-\-camd\-des\-key\fR <des_key>
  189. Set DES key used by NEWCAMD protocol. The default
  190. is \fB0102030405060708091011121314\fR.
  191. .TP
  192. .SH EMM OPTIONS
  193. .PP
  194. .TP
  195. \fB\-e\fR, \fB\-\-emm\fR
  196. Enable sending EMM's to CAMD for processing. By default EMM processing
  197. is \fBdisabled\fR and only ECM are processed.
  198. .TP
  199. \fB\-Z\fR, \fB\-\-emm\-pid\fR <pid>
  200. Set EMM pid manually. This option is useful for services that have
  201. couple of EMM streams from one CA system. Without this option tsdecrypt
  202. always chooses the first stream from the chosen CA system.
  203. .TP
  204. \fB\-E\fR, \fB\-\-emm\-only\fR <hierarchy>
  205. Disable ECM processing and stream output. This option is useful if the EMM
  206. stream has very high rate and is interfering with ECM processing. Using
  207. \-\-emm\-only you can run special tsdecrypt dedicated only to card auto update.
  208. .TP
  209. \fB\-f\fR, \fB\-\-emm\-report\-time\fR <seconds>
  210. Set interval for EMM reports. The default is \fB60\fR seconds. Set to \fB0\fR
  211. to disable EMM reports.
  212. .TP
  213. .SH ECM OPTIONS
  214. .PP
  215. .TP
  216. \fB\-X\fR, \fB\-\-ecm\-pid\fR <pid>
  217. Set ECM pid manually. This option is useful for services that have
  218. couple of ECM streams from one CA system. Without this option tsdecrypt
  219. always chooses the first stream from the chosen CA system. Run tsdecrypt
  220. with \-\-debug 2 and look at CA descriptors in PMT to see what CA streams
  221. are available.
  222. .TP
  223. \fB\-H\fR, \fB\-\-ecm\-report\-time\fR <seconds>
  224. Set interval for ECM reports. The default is \fB60\fR seconds. Set to \fB0\fR
  225. to disable ECM reports.
  226. .TP
  227. \fB\-G\fR, \fB\-\-ecm\-irdeto\-type\fR <type>
  228. Set ECM IRDETO type. IRDETO CA send ECMs with different id mixed
  229. into one stream. Only one of the IDs are valid in given time. This
  230. option lets you choose which stream to process. The default stream
  231. type is \fB0\fR.
  232. .TP
  233. \fB\-K\fR, \fB\-\-ecm\-no\-log\fR
  234. Disable logging of ECMs and code words. Code word errors and stats
  235. reports are not affected by this option.
  236. .TP
  237. \fB\-J\fR, \fB\-\-cw\-warn\-time\fR <seconds>
  238. After how much seconds to warn if valid code word was not received.
  239. The default is \fB60\fR seconds. Set to \fB0\fR to disable the warning.
  240. .SH EVENTS
  241. Notification events are sent when \fB\-\-notify\-program\fR and \fB\-\-ident\fR
  242. options are used. The event parameters are set as environmental variables
  243. before executing the external notification program. The variables are:
  244. \fB_TS\fR Unix timestamp of the event.
  245. \fB_IDENT\fR tsdecrypt ident parameter with "/" replaced by "\-".
  246. \fB_MESSAGE_ID\fR Event message id (for example START, STOP, etc...).
  247. \fB_MESSAGE_MSG\fR Event message id with "_" replaced by " ".
  248. \fB_MESSAGE_TEXT\fR Event message text. Human readable event message.
  249. currently defined events are:
  250. \fBSTART\fR tsdecrypt was started.
  251. \fBCODE_WORD_OK\fR Valid code word was received and decryption is
  252. working ok.
  253. \fBNO_CODE_WORD\fR No valid code word was received for X seconds. The
  254. decryption process have been suspended until valid
  255. code word is received.
  256. \fBNO_EMM_RECEIVED\fR No EMM packet have been received for X seconds.
  257. \fBINPUT_TIMEOUT\fR There was no data on the input.
  258. \fBINPUT_OK\fR The data have appeared on the input.
  259. \fBSTOP\fR tsdecrypt was stopped.
  260. See \fBnotify\-script.example\fR for an example on how to create external
  261. notification program.
  262. .SH SEE ALSO
  263. See the README file for more information. If you have questions, remarks,
  264. problems or you just want to contact the developer, write to:
  265. \fIgeorgi@unixsol.org\fP
  266. .TP
  267. For more info, see the website at
  268. .I http://georgi.unixsol.org/programs/tsdecrypt/
  269. .SH AUTHORS
  270. Written by Georgi Chorbadzhiyski <\fBgeorgi@unixsol.org\fR>
  271. .SH LICENSE
  272. This program is free software; you can redistribute it and/or modify it under
  273. the terms of version 2 of the GNU General Public License as published by the
  274. Free Software Foundation.