cw3000 cardshare howto guide [Archive] - FreeSatFix.com FTA Forums

marly402

02-18-2009, 04:44 AM

Posts: 42
Rep Points: 39
wderbi is known to some

Thumbs up CW4000HD as cardshare client: Success!!!
I posted this on other sites---perhaps CW3000/4000HD owners on this site will find this info useful:
Woohoo!!! I finally got the CW4000HD to work as a cardshare client, which is another step towards expanding the versatility of this awesome receiver. As most of you are aware, the CW3000/4000HD is more like DVB card technology and is not like the standard FTA STB like a Viewsat or Pansat. In that regard, the CW3000/4000HD utilizes a lot of the open-sourced based software for the DVB cards; including the use of vdr-sc for its emu fixes. With that in mind, the CW3000/4000 is subject to go down with provider ECMs much like most other FTAs, but more specifically are vulnerable to attacks based on MECM changes and maprom timer-based attacks that are hardcoded into the various “fixes”.

The advantage of having cardsharing as an option is that the ROM cards are much less vulnerable to MECM and maprom-based attacks. The ROM card has the hardware necessary to make the correct calculations for the correct control words (CWs) needed for decryption, as long as all MECM updates are on the card. Having a good auto-rolling blocker on the card that allows essential MECM updates generally ensures little downtime, but having the blocker or anything other than provider information on the card can leave you open for card-looping ECMs. Fortunately, the trade-off of possible looping of the ROM with cardsharing is that you have very little downtime (if you have a good blocker), and it can be very effective for testing legitimately subscribed N3 cards in the future when the cardserver programs are updated to properly handle the ROM 240/241 cards. Now with that in mind, here we go:

1) First step is to give thanks to all who have provided the tools that we have available for cardsharing already---the butter team for newcs, the wonderful coders of vdr-sc/Open-SASC-ng/EMUNATION etc… and other open-source DVB-card emus that created the necessary libraries/plugins that allow us to take advantage of the cardsharing on the CW3000/4000, and all coders etc, involved with softwares/blockers/ 3Ms for programming the ROM card. Also, I’d like to thank Chavonbravo, AHha, and Pop_eye for their helpful suggestions in getting this worked out.

2) I will not discuss card programming here…you will have to go elsewhere for that. Also, I will mention that not all blockers will work with newcs and cardsharing. In fact, only a few blockers (autoroll and non-autoroll) will work. I don’t mess with card programming or anything illegal like that, but a little birdie told me that WGFB blocker works well and autorolls. You will need to ensure that your card works in the card-server first before attempting anything past this point, and if you already have a cardshare network going, then you are more than halfway there.

3) Familiarize yourself with FTP/Telnet programs for your cardserver and CW3000/4000. For example: If your cardserver is a dreambox, then the latest version of dreambox control center (DCC) is your program. The CW3000/4000 uses WinSCP as the FTP program, and uses PuTtY as the Telnet program. You can download all these programs freely---just Google them. Also, if you put the PuTtY .exe file in the same folder as WinSCP, it can be activated as a sub-routine in WinSCP.

4) For trouble-shooting purposes, it is a good idea to turn on logging on your CW3000/4000. As a default, these options are turned off because the logs can quickly become large and bog down the compact flash on the CW3000/4000. To enable logging on the CW3000/4000:

a.Open WinSCP and log into your CW3/4K.
b.Go into PuTtY and type rwroot in the command line to enable read-write capabilities in the root directory. ***Make sure you remember to disable this when you are complete with this exercise by typing roroot in the command line.
c.Starting from the root directory, go to /usr/local/bin folder and about 1/3 the way down, you will see a file called fix_sc. Open this file and “comment out” (add a # symbol in front of) the lines “clear_sc_entries” and “disable_logging” located at the end of the file. It should look like this when you are done:
Code:

check_hd
#clear_sc_entries
check_adapters
modify_sc_caps
#disable_logging

5) Next, enable logging by going into the “user” profile and “satellite TV” as if you are watching TV. Press the “menu” button on your remote and follow the menu options “system”---“system setup”---“VDR installation”---“7 plugins setup”-“--1 SC (0.9.0 Unknown)”---“message logging”. Change “log file” to yes; “show user messages” yes; and reset all modules to default (it will ask you if you are sure, press OK on your keyboard.) This will send you back to the “SC (0.9.0 Unknown)” menu. In this menu, select “cryptosystem options” and make sure that “cardclient: connect immediately” is set to “yes”. Now you are ready to make changes.

a. Back in WinSCP, browse to the /captive/vdr/plugins/sc folder and disable your EMU (if it is currently working) by renaming the Softcam.Key file to something else like “modSoftcam.Key”. Make sure that you do not delete it!!! Ensure that it is not working by trying to watch TV. Unlike other discussion’s instructions, DO NOT TOUCH OR DISABLE THE ecm.cache file!!!! After many many days of failures, I discovered that this file is critical for decryption during cardsharing as well as software decryption by vdr-sc!!!

b. Browse back to/captive/vdr/plugins/sc folder and rename the cardclient.conf.example file to “cardclient.conf”. Edit this file for setting up the CW3k/4k as a newcamd client by adding the following line:

Code:

newcamd:192.168.1.208:10000:0/1800/FF00:CW4000:CW4000:0102030405060708091011121314

* You don’t have to use CW4000 as the user/passwd; you can use what you want.

**It seems that ONLY FF00 (FF, zero zero) works as a CAID MASK value. I have tried other values, but the CW3k/4k connects to the network, but does not send/receive EMMs/ECMs. I cannot explain why only FF00 works---perhaps someone else can explain that one!

***I tried setting up a radegast client using radegast:192.168.1.208:10001:1/1800/FF00 as the line. It seemed like it would start the decoding process, but would only end up crashing newcs running on the dreambox. This may just be a bug, but only FF00 as a CAID MASK caused this issue---but other values such as FFF0 did nothing although it did connect to newcs.
Be sure to save your changes!

6) Now, you must edit the newcs.xml to accept the CW3k/4k as a client. The example that I will provide has a dreambox DM7020 running as a server (named localhost), and two additional DM500s as newcamd clients. The newcs.xml is found in /var/etc/tuxbox folder in pli iolite image on the DM7020. Also in this example, the ROM 102 is in the lower card slot. FEEL FREE TO COPY THE XML TEXT AND PASTE IT INTO YOUR XML FILE. YOU WILL NEED YOUR OWN BOX KEYS!!!! If you are using a different STB as a cardserver, your “reader” settings may be different. Also, you may choose block sa, ua, and ga EMMs.

newcs.xml
Code:

<?xml version="1.0"?>


<newCSconfig>

<globals>

<listening-ip>192.168.1.208</listening-ip>
</globals>

<readers name="Card Readers">
<device>
<name>lower</name>
<type>Sci</type>
<node>/dev/sci0</node>
<mhz>357</mhz> 
<parity>even</parity>
<export>yes</export>
<enabled>yes</enabled>
<blocksa>No</blocksa>
<blockua>No</blockua>
<blockga>No</blockga>
<boxkey>XXXXXXXXXXXXXXXX</boxkey>
<PTShandshake>no</PTShandshake>
<autosid>yes</autosid>
<crypto-special>no</crypto-special>
<carddetect>yes</carddetect>
<newcamd_port>10000</newcamd_port>
<priority>round</priority> 
<sid>
<allow>

<id></id><id></id>
</allow>
<deny>

<id></id>
</deny>
</sid>
</device>

</readers>
<radegastserver>

<enabled>no</enabled>


<port>10001</port>


<allow>
<hostname>all</hostname>
<hostname>localhost</hostname>
<hostname>127.0.0.1</hostname>
<hostname>192.168.1.210</hostname>
</allow>

</radegastserver>
<cache>
<emm>20</emm>
<ecm>-1</ecm>
</cache>
<debug>
<level>spam</level>
<type>init</type>
<output>all</output>
<logfile></logfile>
<console_options></console_options>
<file_options></file_options>
<udp_host>192.168.1.251</udp_host>
<udp_port>1000</udp_port>
<udp_options></udp_options>
<tcp_port>3001</tcp_port>
<tcp_options></tcp_options>
</debug>
<newcamdserver>
<enabled>yes</enabled>
<name>localhost</name>
<deskey>01 02 03 04 05 06 07 08 09 10 11 12 13 14</deskey>
<userfile></userfile>
<user>
<name>localhost</name>
<password>localhost</password>
<allow>lower</allow>
<au>on</au>
</user>
<user>
<name>DM500-2</name>
<password>Ben</password>
<allow>lower</allow>
<au>off</au>
</user>
<user>
<name>DM500</name>
<password>Office</password>
<allow>lower</allow>
<au>off</au>
</user>
<user>
<name>CW4000HD</name>
<password>Master</password>
<allow>lower</allow>
<au>off</au>
</user>
</newcamdserver>

</newCSconfig>

7) After making the changes to the newcs.xml, make sure that you save your changes and restart newcs for the changes to take effect. At this point, you can choose to restart the newcs manually via a telnet program (DCC on the dreambox), and you can view the logging in real time. While viewing the logging information, restart the CW VDR by relogging into the “user” profile and trying to watch TV. You should have success!

Some Key points:As I mentioned above, the ecm.cache file is critical. After you tune to a channel for the first time, vdr-sc pulls this information for a particular SID from the datastream , and stores the “ecm” information for that channel in this file. For quicker channel changing information, vdr-sc then recalls this information from the ecm.cache whenever you tune back to that particular channel at a later time---which makes the channel changes much quicker in subsequent tune-ins. During card sharing on the CW3K/4K, the first time you tune to a channel that does not have the ecm information for that particular SID stored in the ecm.cache file, it may take up to a minute for that channel to come in. However, once the information is saved into the ecm.cache file, subsequent channel changes to that same channel are fast! This is a minor draw back to the cardsharing on the CW3k/4K, and it can be faster or slower depending upon your network speed and the image on your ROM card.

Right now, vdr-sc will not default to card sharing if it goes down during a provider ECM attack. You will once again have to manually enable cardsharing by making sure that the Softcam.key file is disabled (renamed) to force the cardclient plugin to be activated. Perhaps someone who knows linux can modify vdr-sc so that it will default to cardsharing if it cannot retrieve the proper CWs for decryption from the core (software). This would really improve the efficiency of this setup and make it the best of both worlds.

If you install a new fix (ie step up from the 12-06 fix to the 12-14 fix), the install process will add a new softcam.key file and a new “fix_sc” script. You will need to redo steps 4 and 5 to set up the CW3k/4k for cardsharing.

As of now, this set up is about 95% stable. Depending upon your number of clients, network reliability, and ROM card image, you may from time-to-time have newcs just crash and need to be restarted. I have not seen this until I added the CW4000HD to my network, so I am assuming that it is an issue with vdr-sc and newcs playing together nicely. Fortunately, this happens very rarely on my setup (maybe once a day with lots of channel surfing to “new” channels). Perhaps some tweaking with the ecm/emm cache will help this out a bit.

Finally, once you are successful, make sure that you disable vdr-sc logging by undoing step 5 (except do not make changes in the "cryptosystem options" menu), otherwise vdr-sc will become unresponsive with a massive log file. Also make sure that you undo the rwroot command!

I hope this helps!!! Now on to my quest of adding a card reader to the CW4000HD so that it can be a cardserver!!!