diff --git a/reader-videoguard2.c b/reader-videoguard2.c
index 4f523cc40..8f620339f 100644
--- a/reader-videoguard2.c
+++ b/reader-videoguard2.c
@@ -1244,7 +1244,7 @@ static int32_t videoguard2_do_ecm(struct s_reader *reader, const ECM_REQUEST *er
uint8_t buff_0F[6] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t buff_56[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
uint8_t buff_55[1] = { 0x00 };
- uint8_t tag, t_len;
+ uint8_t tag, t_len, tag_56_set;
uint8_t *t_body;
int32_t payloadLen = rbuff[4];
int32_t ind = 8 + 6; // +8 (CW1), +2 (cw checksum) + 2 (tier used) +2 (result byte)
@@ -1274,6 +1274,9 @@ static int32_t videoguard2_do_ecm(struct s_reader *reader, const ECM_REQUEST *er
break;
case 0x56: // tag data for astro
+ if(memcmp(buff_56, t_body, 8) != 0){
+ tag_56_set = 1;
+ }
memcpy(buff_56, t_body, 8);
break;
@@ -1369,12 +1372,14 @@ static int32_t videoguard2_do_ecm(struct s_reader *reader, const ECM_REQUEST *er
if((buff_55[0] >> 1) & 1) //case 55_01 xx where bit1==1, unique Pairing
{
rdr_log_dbg(reader, D_READER, "classD3 ins54: CW is crypted, trying to decrypt unique pairing mode 0x%02X", buff_55[0]);
- if(er->ecm[0] & 1){ //log crypted CW
- rdr_log_dbg(reader, D_READER, "crypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]);
+ if(tag_56_set){ //log crypted CW
+ rdr_log_dbg(reader, D_READER, "crypted AES CW is: %02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7], buff_56[0], buff_56[1], buff_56[2], buff_56[3], buff_56[4], buff_56[5], buff_56[6], buff_56[7]);
+ } else if(er->ecm[0] & 1){
+ rdr_log_dbg(reader, D_READER, "crypted (3)DES CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]);
} else {
- rdr_log_dbg(reader, D_READER, "crypted CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]);
+ rdr_log_dbg(reader, D_READER, "crypted (3)DES CW is: %02X%02X%02X%02X%02X%02X%02X%02X0000000000000000", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]);
}
- if((reader->k1_unique[16] == 0x08) || (reader->k1_unique[16] == 0x10)) //check k1 for unique pairing mode is DES(8 bytes) or 3DES(16 bytes) long
+ if((reader->k1_unique[16] == 0x08) || (reader->k1_unique[16] == 0x10)) //check k1 for unique pairing mode is DES(8 bytes) or 3DES/AES(16 bytes) long
{
if(reader->k1_unique[16] == 0x08){
rdr_log_dbg(reader, D_READER, "use k1(DES) for CW decryption in unique pairing mode");
@@ -1382,8 +1387,18 @@ static int32_t videoguard2_do_ecm(struct s_reader *reader, const ECM_REQUEST *er
}
else
{
- rdr_log_dbg(reader, D_READER, "use k1(3DES) for CW decryption in unique pairing mode");
- des_ecb3_decrypt(ea->cw, reader->k1_unique);
+ if (tag_56_set){
+ rdr_log_dbg(reader, D_READER, "use k1(AES) for CW decryption in unique pairing mode");
+ AES_set_decrypt_key(reader->k1_unique, 128, &(csystem_data->astrokey));
+ uint8_t buffer[0x10];
+ memcpy(buffer, rbuff + 5, 8);
+ memcpy(buffer + 8, buff_56, 8);
+ AES_decrypt(buffer, buffer, &(csystem_data->astrokey));
+ memcpy(ea->cw + 0, buffer, 8); // copy calculated CW in right place
+ } else {
+ rdr_log_dbg(reader, D_READER, "use k1(3DES) for CW decryption in unique pairing mode");
+ des_ecb3_decrypt(ea->cw, reader->k1_unique);
+ }
}
if(er->ecm[0] & 1){ //log decrypted CW
rdr_log_dbg(reader, D_READER, "decrypted CW is: 0000000000000000%02X%02X%02X%02X%02X%02X%02X%02X", ea->cw[0], ea->cw[1], ea->cw[2], ea->cw[3], ea->cw[4], ea->cw[5], ea->cw[6], ea->cw[7]);
www.digital-eliteboard.com
www.digital-eliteboard.com
