NEW VERSION!
with plastic smartcards!The CAS presented here refers to a single SimulCrypt encryption algorithm. In order to be able to use TVCAS smartcards in conjunction with subscriber equipment, Conax support (here exchange protocol for 9600 baud) has been implemented. I have tested and successfully working the modules depicted below...
They all work the same way, the only difference is in the label. Smartcards are shared in oscam/wicard with typical config for conax, however, a request counter is implemented that allows you to open no more than two channels at a time. If the limit is exceeded, the card goes to not found and will be block for a 7 days. The limit of two channels is due to the fact that in nature there are prefixes that allow you to record another when watching one channel.
TVCAS FEATURES
config.php file.
Example API-request:
http://tvcas.local/api.php?api_key=mysecretkey123&serial_no=2100000000&set[name]=Jack%20London&set[info]=Sepapaya%20st.1-23&set[pair]=0&set[start]=1234567890&set[finish]=1234567890&set[access_criteria]=00000001Example API-answer:
{"serial_no":"2100000000","name":"Ivan Petrov","info":"Zelyonaya street 123-234","access_criteria":"01010101","pair":"0","start":"1586693700","finish":"1589285580"}NOT_VALID_API_KEY — api_key not in accordance with config.phpSMARDCARD_NOT_FOUND — smartcard not found in database TVCAS;UNKNOWN_SET_PARAMETER — one or more parameters are unknown;ACCESS_CRITERIA_ERROR — access_criteria different from range 00000000-FFFFFFFF;PAIR_ERROR — pair different from template (may be 1 or 0);START_ERROR — different from template UNIX (10 digits)FINISH_ERROR — different from template UNIX (10 digits)
TVCAS block diagram
Principle of operation
Two connections are established between the MUX-scrambler (on the Astra 5.65 diagram) and TVCAS-MUX is connected to the shared ECMG port (connect 1), and EMMG is connected to the MUX port (connect 2).
Connect 1 is required to transmit the ECM packet. MUX generates the keys CW1 and CW2, gives them to the ECMG generator, and the latter transmits a scripted packet (ECM), which is subsequently included in the stream with a specific PID. This encrypted package contains three main parameters: current time, keys (CW1 and CW2) and Access Criteria (within this CAS, this is a sign of a package TV-program). The ECM package is intended for all smartcards.
ECM-packet TVCAS
Connect 2 serves for the transmission of EMM packets. EMMG generates packets for each smartcard (if its status is active) and transfers it to MUX. Thus, each EMM package is intended only for a specific smartcard.
EMM-packet TVCAS
Data is encrypted using an algorithm similar to Triple DES (3DES-ECB). It uses a Feistel network and a multi-round bit shift. The secret here is only the KEY. Without it, it is not possible to decrypt the package. The keys are in the TVCAS server database and on the programmed smart cards. If everything is safe with smartcards - fuses are protected against reading code and memory, then it is much more difficult with the server - worry about the security of keys, starting from personnel, ending with using only a local machine for this purpose without access to the Internet!
Install TVCAS-server
TVCAS server installation is recommended on last Debian with PHP7 and MariaDB. Install the packages necessary for the system to work.apt-get install mc sudo apache2 php libapache2-mod-php mariadb-server php-mysql/etc/sudoers file next lines:
www-data ALL=(ALL) NOPASSWD: /usr/bin/perl
www-data ALL=(ALL) NOPASSWD: /var/www/html/cas/bin/ecmg.php
www-data ALL=(ALL) NOPASSWD: /var/www/html/cas/bin/emmg.php
www-data ALL=(ALL) NOPASSWD: /bin/kill
www-data ALL=(ALL) NOPASSWD: /bin/rm
www-data ALL=(ALL) NOPASSWD: /usr/bin/tailservice sudo restart/etc/crontab file (dont forget about the carriage transfer [ENTER] at the end of the line):
*/1 * * * * root /var/www/html/cas/bin/cron1min.php &rm -rf /var/www/html
wget https://tvcas.com/tvcas3.tar.gz
tar -C /var/www -xf tvcas3.tar.gz
rm tvcas3.tar.gz
root@tvcas:~# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3253192
Server version: 10.3.18-MariaDB-0+deb10u1 Debian 10
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE USER 'tvcas'@'localhost' IDENTIFIED BY 'tvmastercas';
Query OK, 0 rows affected (0.003 sec)
MariaDB [(none)]> CREATE DATABASE tvcas CHARACTER SET utf8 COLLATE utf8_general_ci;
Query OK, 1 row affected (0.007 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON tvcas.* TO 'tvcas'@'localhost';
Query OK, 1 row affected (0.007 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 1 row affected (0.002 sec)
MariaDB [(none)]> Ctrl-C -- exit!
Aborted
root@tvcas:~# mysql -u tvcas -ptvmastercas tvcas < /var/www/html/tvcas.sql
root@tvcas:~# rm /var/www/html/tvcas.sql
WEB INTERFACE
has two entry points. Login for the system administrator (http://tvcas.local/cas, admin/admin), logs are available here, creation of new smartcards, generators and an entrance for the system operator (http://tvcas.local/, oper/oper) - a panel with basic viewing/control functions.Passwords to users can be changed in the file
/var/www/html/includes/config.php:
Config File TVCAS 3
If your PHP is set to the local time zone (
php.ini file), then leave the zone parameter as is. If not, then, for example, for Moscow (Europe/Moscow) 'zone' => "+0300"
Admin Panel TVCAS
For clarity, in the installed «out of the box» system, several cards have already been added and one ECM and EMM generator each. We will leave the programming of smartcards for later, but now we will see how to connect the TVCAS server to Astra 5.65. By the way, version 5.64 will also work, but there are some nuances with EMM cloning, so I recommend 5.65.
ASTRA Setup
The ACCESS CRITERIA parameter is 4 hexadecimal bytes. As mentioned above, the system supports up to 32 TV-packages. If you decompose 4 bytes (for example, 00 00 00 A0) in binary notation, we get 32 bits. Each bit is responsible for belonging to its own packet (for example, 0000 0000 0000 0000 0000 0000 1010 0000). In Astra, the ACCESS CRITERIA parameter corresponds to which packages the channel belongs to, and on the smartcard - which TV-packages are connected to the subscription of this smartcard.
Access Criteria in smartcard TVCAS3
After the settings are done, Astra must be restarted, as the created EMM port is opened only at its start.
If you did everything correctly, then on the generator tabs in the admin panel we will see the connections.
SMARTCARDS
Secure smartcards are used for this version of TVCAS3 - THC20F17BD-V40. Manual here. Blank smartcards you can be ordered through this form.
Two form-factors THC20F17BD-V40
Because these cards are popular with mobile operators as SIM chips, indicate in the order that you need a standard form factor (without a cutout for SIM).
PROGRAMMING THC20F17BD-V40
To program the THC20F17BD-V40 smartcard, you need a standard Phoenix-programmer. You can buy it here or assemble it using this scheme. Settings for the programmer: 5V / 3.57 Mhz. Next step, you need uploader (for Windows or Linux) and CONFIG bin-file from admin panel. Uploader this console application with built-in firmware. After connecting the Phoenix-programmer, determine which COM-port number is assigned to it.
Sources codes: TVCAS3.RAR (the archive has a password. if you are interested in the password contact @unidiag)
root@tvcas:~# wget https://tvcas.com/uploader_x64root@tvcas:~# chmod +x uploader_x64root@tvcas:~# ./uploader_x64 0 210-000-000-4.bin // example. your ttyUSBN (or COMN) look in system
Programming cards in Linux
View info with smartcard
Converter info from BIN-file
ERASER
Eraser for TVCAS3 smartcards