Free CAS
Free Conditional Access System (CAS)

The CAS presented here refers to a single SimulCrypt encryption algorithm. In order to be able to use TVCAS smartcards in conjunction with subscriber equipment, Conax support (here exchange protocol for 9600 baud) has been implemented. I have tested and successfully working the modules depicted below...

CAM modules Conax

They all work the same way, the only difference is in the label. Smartcards are shared in oscam/wicard with typical config for conax, however, a request counter is implemented that allows you to open no more than two channels at a time. If the limit is exceeded, the card goes to not found. The limit of two channels is due to the fact that in nature there are prefixes that allow you to record another when watching one channel.


  • The maximum guaranteed number of subscribers is limited by the speed of the database and is 50K (no longer tested);
  • The number of encoded channels is not limited;
  • Hand-made smartcards on the PIC16F688 (ideally I/ST in the TSSOP14 package) or SilverCard. In Lite version use GoldCard only for experience or test, because due to limited memory they dont allow for good cryptography;
  • The maximum number of realized packages of television programs (classes) - 8;
  • Integration with billing - through the CSV upload file;
  • Simple API for managing smartcard subscriptions. It is implemented through a GET request with a predefined API key in the config.php file.

    Example API-request:
    The set[x] parameters are optional. If they are completely absent, the information on the card in json format will be returned in response. If one or several set[x] parameters were passed, then first these fields will be changed in the database, and then information about this card will be read and returned. Those, json response will contain information already changed, as requested.

    Example API-answer:
    {"serial_no":"2100000000","name":"Ivan Petrov","info":"Zelyonaya street 123-234","access_criteria":"01010101","pair":"0","start":"1586693700","finish":"1589285580"}
    API answer error:
    NOT_VALID_API_KEY — api_key not in accordance with config.php
    SMARDCARD_NOT_FOUND — smartcard not found in database TVCAS;
    UNKNOWN_SET_PARAMETER — one or more parameters are unknown;
    ACCESS_CRITERIA_ERRORaccess_criteria different from template 11111111 (eight characters - allowed «zeros» and «units»);
    PAIR_ERROR — pair different from template (may be 1 or 0);
    START_ERROR — different from template UNIX (10 digits)
    FINISH_ERROR — different from template UNIX (10 digits)
  • TVCAS block diagram

    Block diagram TVCAS

    Principle of operation
    Two connections are established between the MUX-scrambler (on the Astra 5.65 diagram) and TVCAS-MUX is connected to the shared ECMG port (connect 1), and EMMG is connected to the MUX port (connect 2).

    Connect 1 is required to transmit the ECM packet. MUX generates the keys CW1 and CW2, gives them to the ECMG generator, and the latter transmits a scripted packet (ECM), which is subsequently included in the stream with a specific PID. This encrypted package contains three main parameters: current time, keys (CW1 and CW2) and Access Criteria (within this CAS, this is a sign of a package TV-program). The ECM package is intended for all smartcards.

    ECM packet TVCAS
    ECM-packet TVCAS

    Connect 2 serves for the transmission of EMM packets. EMMG generates packets for each smartcard (if its status is active) and transfers it to MUX. Thus, each EMM package is intended only for a specific smartcard.

    EMM packet TVCAS
    EMM-packet TVCAS

    Data is encrypted using an algorithm similar to GOST R. It uses a Feistel network and a multi-round bit shift. There is nothing secret in the algorithm (file /cas/bin/gost.php), on the contrary, according to the Kirkhoffs Principle, the operation of crypto-resistant systems should be known. The secret here is only the KEY. Without it, it is not possible to decrypt the package. The keys are in the TVCAS server database and on the programmed smart cards. If everything is safe with smartcards - fuses are protected against reading code and memory, then it is much more difficult with the server - worry about the security of keys, starting from personnel, ending with using only a local machine for this purpose without access to the Internet!

    Install TVCAS-server

    TVCAS server installation is recommended on last Debian with PHP7 and MariaDB. Install the packages necessary for the system to work.
    apt-get install mc sudo apache2 php libapache2-mod-php mysql-server php-mysql
  • Add to /etc/sudoers file next lines:
    www-data ALL=(ALL) NOPASSWD: /usr/bin/perl
    www-data ALL=(ALL) NOPASSWD: /var/www/html/cas/bin/ecmg.php
    www-data ALL=(ALL) NOPASSWD: /var/www/html/cas/bin/emmg.php
    www-data ALL=(ALL) NOPASSWD: /bin/kill
    www-data ALL=(ALL) NOPASSWD: /bin/rm
    www-data ALL=(ALL) NOPASSWD: /usr/bin/tail
    Run in shell command service sudo restart

  • Add the following lines to the /etc/crontab file (dont forget about the carriage transfer [ENTER] at the end of the line):
    */1 * * * * root /var/www/html/cas/bin/cron1min.php &
  • Download and unpack files to the server (the lines below are also relevant for updating the system):
    rm -rf /var/www/html
    tar -C /var/www -xf tvcas.tar.gz
    rm tvcas.tar.gz
  • Create user, database and import MySQL tables:
    root@tvcas:~# mysql
    Welcome to the MariaDB monitor. Commands end with ; or \g.
    Your MariaDB connection id is 3253192
    Server version: 10.3.18-MariaDB-0+deb10u1 Debian 10

    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

    MariaDB [(none)]> CREATE USER 'tvcas'@'localhost' IDENTIFIED BY 'tvmastercas';
    Query OK, 0 rows affected (0.003 sec)

    MariaDB [(none)]> CREATE DATABASE tvcas CHARACTER SET utf8 COLLATE utf8_general_ci;
    Query OK, 1 row affected (0.007 sec)

    MariaDB [(none)]> GRANT ALL PRIVILEGES ON tvcas.* TO 'tvcas'@'localhost';
    Query OK, 1 row affected (0.007 sec)

    MariaDB [(none)]> FLUSH PRIVILEGES;
    Query OK, 1 row affected (0.002 sec)

    MariaDB [(none)]> Ctrl-C -- exit!
    root@tvcas:~# mysql -u tvcas -ptvmastercas tvcas < /var/www/html/tvcas.sql
    root@tvcas:~# rm /var/www/html/tvcas.sql


    has two entry points. Login for the system administrator (http://tvcas.local/cas, admin/admin), logs are available here, creation of new smartcards, generators and an entrance for the system operator (http://tvcas.local/, oper/oper) - a panel with basic viewing/control functions.
    Passwords to users can be changed in the file /var/www/html/includes/config.php:

    config file tvcas
    Config File TVCAS

    If your PHP is set to the local time zone (php.ini file), then leave the zone parameter as is. If not, then, for example, for Moscow (Europe/Moscow)
    'zone' => "+0300"
    Your ECM-key must be unique (24 bytes) in HEX: 2F377C41C9E2AE1EC8F459B18045CB0F7B98CAE3D816767C.
    Admin Panel TVCAS
    Admin Panel TVCAS

    For clarity, in the installed «out of the box» system, several cards have already been added and one ECM and EMM generator each. We will leave the creation and programming of smartcards for later, but now we will see how to connect the TVCAS server to Astra 5.65. By the way, version 5.64 will also work, but there are some nuances with EMM cloning, so I recommend 5.65.
  • ASTRA Setup

    Step 1
    Astra Setup Step 1
    Step 2
    Astra Setup Step 2
    Step 3
    Astra Setup Step 3

    Consider the ACCESS CRITERIA parameter. As mentioned above, he is responsible for packaging. Each figure is its own package. Thus, if you have only three packages, then use only the last three digits. When entering, «0» and «1» are supported. In the figure above, the channel belongs to the «first» packet, if we entered 01010101, then the channel would belong to the «first», «third», «fifth» and «seventh» packets.

    After the settings are done, Astra must be restarted, as the created EMM port is opened only at its start.

    If you did everything correctly, then on the generator tabs in the admin panel we will see the connections.

    Connect 1. ECMG to ASTRA
    Connect 2. ASTRA to EMMG
    If everything worked out for you and works as in the pictures, then we turn to the most interesting, in my opinion.


    The most expensive part in the development of this project was smart cards. Although, the costs were associated precisely with the search for a suitable «empty-card», which could be programmed to fit your needs. I even made several purchases of Java-cards in Canada and America, because sellers claimed that they can custom ATR. But as it turned out the money thrown away. There are some interesting options on ebay, but I think the price tag of $10 apiece is not democratic. Therefore, I decided to develop my own. The cost price without taking into account the work turned out to be about $1.5 pcs. It is likely that with large volumes of purchases in China, you can agree on a discount.

    Circuit diagram

    The smartcard is made on a one-sided fiberglass, about 0.8 mm thick. Billets can be ordered on (download LAY and Gerber). Here you can fill in the project in the gerbera and rotate the printed circuit board in 3D.

    Addition. There is a slight inaccuracy in this printed circuit board. Corners need to have not 90 degrees, but rounded ones. In some CAM modules, because of this, the card is not fully inserted.
    The board contains three parts: a PIC controller, a 0.1 μF power capacitor (SMD-size 0805) and a Schottky barrier diode. The dotted line shows the optional part used for debugging the firmware: in normal operation at 9600 baud (in the Oscam or set-top box), the diode flashes a short flash with an ECM packet and a long flash with an EMM. At a speed of 55800 baud (operation in the CAM module), the diode, on the contrary, lights up continuously, and goes out briefly with ECM and continuously with EMM packets.
    Any PIC controller programmer is suitable for flashing cards. I used the K150, but given that in modern Windows there are more and more problems with COM ports, I will recommend PICKIT2 as stable.

    Please note that on both programmers I soldered the USB cords. I advise you to do the same. Shortening is not necessary, unless you have a laptop, but soldering will not hurt, but only relieve headaches with Chinese connectors.

    When programming a large number of smart cards, you need to make a slot from some card reader. I used MicroUSB EMV. More or less yellow, gilding-like connectors, inspired that this slot will last a long time))). I removed all the radio elements from the board, and soldered the ICSP connector to the socket.

    Mod MicroUSB ENV
    Connect to PICKI2

    You will not find the program for PICKIT2 programmers on the Microchip website, because the company has stopped supporting this device due to Chinese clones. They work, by the way, no worse than the original ones, but they cost several times less. After installing the drivers and starting PicKit2, we see such an interface ...


    If a smart card is connected, the programmer will automatically determine the type of chip. The only thing that needs to be done additionally is to turn on VDD and set the power to 4.8 V. This is necessary for flashing Chinese versions of PICs. Do not judge them strictly - they are not fakes. It's just that the original ones from the store go «clean», and the Chinese ones with some kind of recorded firmware. Reflash easily. Performance checked, nuances not found.

    If you were careful, then in the admin panel opposite each smart card there is a «Download Firmware» icon. When clicking on this link, firmware will be generated from the template /cas/bin/firmware.hex (for silvercard default). If you want use handmade smartcard you must rename file /cas/bin/firmware_688.hex to /cas/bin/firmware.hex

    Download firmware
    Print Labels

    Download the firmware (for each card) and fill it through the programmer into the smart card: File -> Import HEX, then the Write button.

    If you have created smart cards within the last 3 hours, then the «Print labels» button will appear, by clicking on which you can print the card numbers (for example, on self-sticking) and thus mark the stitched cards.

    For more information join to our group:

    ©2018-2020 Copyright by TVCAS.COM