Free CAS
Free Conditional Access System (CAS)


with plastic smartcards!

The CAS presented here refers to a single SimulCrypt encryption algorithm. In order to be able to use TVCAS smartcards in conjunction with subscriber equipment, Conax support (here exchange protocol for 9600 baud) has been implemented. I have tested and successfully working the modules depicted below...

CAM modules Conax

They all work the same way, the only difference is in the label. Smartcards are shared in oscam/wicard with typical config for conax, however, a request counter is implemented that allows you to open no more than two channels at a time. If the limit is exceeded, the card goes to not found and will be block for a 7 days. The limit of two channels is due to the fact that in nature there are prefixes that allow you to record another when watching one channel.


  • The maximum guaranteed number of subscribers is limited by the speed of the database and is 50K (no longer tested);
  • The number of encoded channels is not limited;
  • Plastic smartcards THC20F17BD-V40 (are used in bank payment cards, SIM cards);
  • The maximum number of realized packages of television programs (classes) - 32;
  • Integration with billing - through the CSV upload file;
  • Simple API for managing smartcard subscriptions. It is implemented through a GET request with a predefined API key in the config.php file.
  • Maturity rating by PIN-code. Default: G / 1234

    Example API-request:
    The set[x] parameters are optional. If they are completely absent, the information on the card in json format will be returned in response. If one or several set[x] parameters were passed, then first these fields will be changed in the database, and then information about this card will be read and returned. Those, json response will contain information already changed, as requested.

    Example API-answer:
    {"serial_no":"2100000000","name":"Ivan Petrov","info":"Zelyonaya street 123-234","access_criteria":"01010101","pair":"0","start":"1586693700","finish":"1589285580"}
    API answer error:
    NOT_VALID_API_KEY — api_key not in accordance with config.php
    SMARDCARD_NOT_FOUND — smartcard not found in database TVCAS;
    UNKNOWN_SET_PARAMETER — one or more parameters are unknown;
    ACCESS_CRITERIA_ERRORaccess_criteria different from range 00000000-FFFFFFFF;
    PAIR_ERROR — pair different from template (may be 1 or 0);
    START_ERROR — different from template UNIX (10 digits)
    FINISH_ERROR — different from template UNIX (10 digits)
  • TVCAS block diagram

    Block diagram TVCAS

    Principle of operation
    Two connections are established between the MUX-scrambler (on the Astra 5.65 diagram) and TVCAS-MUX is connected to the shared ECMG port (connect 1), and EMMG is connected to the MUX port (connect 2).

    Connect 1 is required to transmit the ECM packet. MUX generates the keys CW1 and CW2, gives them to the ECMG generator, and the latter transmits a scripted packet (ECM), which is subsequently included in the stream with a specific PID. This encrypted package contains three main parameters: current time, keys (CW1 and CW2) and Access Criteria (within this CAS, this is a sign of a package TV-program). The ECM package is intended for all smartcards.

    ECM packet TVCAS
    ECM-packet TVCAS

    Connect 2 serves for the transmission of EMM packets. EMMG generates packets for each smartcard (if its status is active) and transfers it to MUX. Thus, each EMM package is intended only for a specific smartcard.

    EMM packet TVCAS
    EMM-packet TVCAS

    Data is encrypted using an algorithm similar to Triple DES (3DES-ECB). It uses a Feistel network and a multi-round bit shift. The secret here is only the KEY. Without it, it is not possible to decrypt the package. The keys are in the TVCAS server database and on the programmed smart cards. If everything is safe with smartcards - fuses are protected against reading code and memory, then it is much more difficult with the server - worry about the security of keys, starting from personnel, ending with using only a local machine for this purpose without access to the Internet!

    Install TVCAS-server

    TVCAS server installation is recommended on last Debian with PHP7 and MariaDB. Install the packages necessary for the system to work.
    apt-get install mc sudo apache2 php libapache2-mod-php mariadb-server php-mysql
  • Add to /etc/sudoers file next lines:
    www-data ALL=(ALL) NOPASSWD: /usr/bin/perl
    www-data ALL=(ALL) NOPASSWD: /var/www/html/cas/bin/ecmg.php
    www-data ALL=(ALL) NOPASSWD: /var/www/html/cas/bin/emmg.php
    www-data ALL=(ALL) NOPASSWD: /bin/kill
    www-data ALL=(ALL) NOPASSWD: /bin/rm
    www-data ALL=(ALL) NOPASSWD: /usr/bin/tail
    Run in shell command service sudo restart

  • Add the following lines to the /etc/crontab file (dont forget about the carriage transfer [ENTER] at the end of the line):
    */1 * * * * root /var/www/html/cas/bin/cron1min.php &
  • Download and unpack files to the server (the lines below are also relevant for updating the system):
    rm -rf /var/www/html
    tar -C /var/www -xf tvcas3.tar.gz
    rm tvcas3.tar.gz
  • Create user, database and import MySQL tables:
    root@tvcas:~# mysql
    Welcome to the MariaDB monitor. Commands end with ; or \g.
    Your MariaDB connection id is 3253192
    Server version: 10.3.18-MariaDB-0+deb10u1 Debian 10

    Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

    Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

    MariaDB [(none)]> CREATE USER 'tvcas'@'localhost' IDENTIFIED BY 'tvmastercas';
    Query OK, 0 rows affected (0.003 sec)

    MariaDB [(none)]> CREATE DATABASE tvcas CHARACTER SET utf8 COLLATE utf8_general_ci;
    Query OK, 1 row affected (0.007 sec)

    MariaDB [(none)]> GRANT ALL PRIVILEGES ON tvcas.* TO 'tvcas'@'localhost';
    Query OK, 1 row affected (0.007 sec)

    MariaDB [(none)]> FLUSH PRIVILEGES;
    Query OK, 1 row affected (0.002 sec)

    MariaDB [(none)]> Ctrl-C -- exit!
    root@tvcas:~# mysql -u tvcas -ptvmastercas tvcas < /var/www/html/tvcas.sql
    root@tvcas:~# rm /var/www/html/tvcas.sql


    has two entry points. Login for the system administrator (http://tvcas.local/cas, admin/admin), logs are available here, creation of new smartcards, generators and an entrance for the system operator (http://tvcas.local/, oper/oper) - a panel with basic viewing/control functions.
    Passwords to users can be changed in the file /var/www/html/includes/config.php:

    config file tvcas
    Config File TVCAS 3

    If your PHP is set to the local time zone (php.ini file), then leave the zone parameter as is. If not, then, for example, for Moscow (Europe/Moscow)
    'zone' => "+0300"
    Your ECM-key must be unique (32 bytes) in HEX: 221916F3850A06023B020A19FD0DA0ED090B9903BA1622170B0319A52C0009FD.
    Admin Panel TVCAS
    Admin Panel TVCAS

    For clarity, in the installed «out of the box» system, several cards have already been added and one ECM and EMM generator each. We will leave the programming of smartcards for later, but now we will see how to connect the TVCAS server to Astra 5.65. By the way, version 5.64 will also work, but there are some nuances with EMM cloning, so I recommend 5.65.
  • ASTRA Setup

    Step 1
    Astra Setup Step 1
    Step 2
    Astra Setup Step 2
    Step 3
    Astra Setup Step 3

    The ACCESS CRITERIA parameter is 4 hexadecimal bytes. As mentioned above, the system supports up to 32 TV-packages. If you decompose 4 bytes (for example, 00 00 00 A0) in binary notation, we get 32 bits. Each bit is responsible for belonging to its own packet (for example, 0000 0000 0000 0000 0000 0000 1010 0000). In Astra, the ACCESS CRITERIA parameter corresponds to which packages the channel belongs to, and on the smartcard - which TV-packages are connected to the subscription of this smartcard.

    Access Criteria in smartcard TVCAS3

    After the settings are done, Astra must be restarted, as the created EMM port is opened only at its start.

    If you did everything correctly, then on the generator tabs in the admin panel we will see the connections.

    Connect 1. ECMG to ASTRA
    Connect 2. ASTRA to EMMG
    If everything worked out for you and works as in the pictures, then we turn to the most interesting, in my opinion.


    Secure smartcards are used for this version of TVCAS3 - THC20F17BD-V40. Manual here. Blank smartcards you can be ordered through this form.

    Two form-factors THC20F17BD-V40

    Because these cards are popular with mobile operators as SIM chips, indicate in the order that you need a standard form factor (without a cutout for SIM).

    Attention! Cards sold in the PISWORDS Store on Aliexpress cannot be flashed! They are programmed with third-party firmware with ATR=3B9F94801FC38031A073B6A10067CF17125DA6A070A4. Blank cards that are supplied from the factory for firmware must have ATR=3B1F96380503200617020440100007089000 !!! Look video in russian.

    To program the THC20F17BD-V40 smartcard, you need a standard Phoenix-programmer. You can buy it here or assemble it using this scheme. Settings for the programmer: 5V / 3.57 Mhz. Next step, you need uploader (for Windows or Linux) and CONFIG bin-file from admin panel. Uploader this console application with built-in firmware. After connecting the Phoenix-programmer, determine which COM-port number is assigned to it.
    Sources codes: TVCAS3.RAR (the archive has a password. if you are interested in the password contact @unidiag)

    root@tvcas:~# wget
    root@tvcas:~# chmod +x uploader_x64
    root@tvcas:~# ./uploader_x64 0 210-000-000-4.bin // example. your ttyUSBN (or COMN) look in system
    Programming cards
    Programming cards in Linux
    View info with card
    View info with smartcard

    Converter info from BIN-file


    Once a card is programmed, it cannot be reprogrammed in the same way. To reprogram it, its protection must be disabled (in the web administrator panel), then it must be cleared of the old firmware using the ERASER device.
    ERASER device
    Eraser for TVCAS3 smartcards
    When inserting a smartcard with disabled protection, the counter first turns off (one short flash "Process indicator"). if the card has not been removed, after 5 seconds the firmware will be overwritten and it will be blank again (long flash "Process indicator"). This device cannot be public, so if you are interested in purchasing it, please make request.

    Be careful! Don't allow smatcards to be distributed without counter, because such a card can work very quickly and open more than 100 channels.

    For more information join to our group:

    ©2018-2023 Copyright by TVCAS.COM