Project

General

Profile

Bug #6059

Patchs for long CAPMTs

Added by Enigma131 enig 13 days ago. Updated 10 days ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Category:
Descrambling
Target version:
-
Start date:
2021-05-30
Due date:
% Done:

0%

Estimated time:
Found in version:
actual git, but seems since long time
Affected Versions:

Description

Hi,
I have discover errors for long CAPMTs (> 256 Bytes) when decrypting via PCMCIA.

First one concerns en50221_send_capmt in files en50221_apps.c and en50221.h :

(en50221_slot_t *slot, const uint8_t *capmt, uint8_t capmtlen);
must be modified to :
(en50221_slot_t *slot, const uint8_t *capmt, uint16_t capmtlen);

Second one concerns en50221_app_pdu_send in file en50221.c :
} else if (datalen < 0x100) {
buf7 = 0x82;
must be modified to :
} else if (datalen < 0x100) {
buf7 = 0x81;

and
} else if (datalen < 0x10000) {
buf7 = 0x83;
must be modified to :
} else if (datalen < 0x10000) {
buf7 = 0x82;

originally posted here : https://tvheadend.org/boards/13/topics/44611?r=44615

History

#1

Updated by Flole Systems 12 days ago

Could you please provide a reference to the relevant part of the specification? I want to make sure we get this fixed properly.

#2

Updated by Enigma131 enig 12 days ago

Thanks for repply.

Look at function en50221_transport_pdu_write in same file concerning datalen encoding ;) this one is correct and works.
en50221_app_pdu_send need to be corrected according, isn't working without believe me.

You can have a look at dvblast github too : https://github.com/videolan/dvblast , file en50221.c, function SetLength
And i_capmt_size have int value

Finally here an example of a long CAPMT (len 0x138) in action, corrected with my patch:

2021-05-27 08:41:24.206 [ TRACE]:en50221: 00 01 A0 82 01 43 01 90 02 00 03 9F 80 32 82 01 .....C.......2..
2021-05-27 08:41:24.206 [ TRACE]:en50221: 38 03 01 2D C7 F0 00 1B E2 63 F0 45 01 09 0F 05 8..-.....c.E....
2021-05-27 08:41:24.206 [ TRACE]:en50221: 00 FC 93 10 01 00 13 01 20 14 03 04 19 58 09 0F ........ ....X..
2021-05-27 08:41:24.206 [ TRACE]:en50221: 05 00 FC 94 10 01 00 13 01 20 14 03 04 19 A8 09 ......... ......
2021-05-27 08:41:24.206 [ TRACE]:en50221: 0F 05 00 FC 97 10 01 00 13 01 20 14 03 04 28 28 .......... ...((
2021-05-27 08:41:24.206 [ TRACE]:en50221: 09 0F 05 00 FC 95 10 01 00 13 01 20 14 03 02 3A ........... ...:
2021-05-27 08:41:24.206 [ TRACE]:en50221: 28 06 E2 64 F0 45 01 09 0F 05 00 FC 93 10 01 00 (..d.E..........
2021-05-27 08:41:24.206 [ TRACE]:en50221: 13 01 20 14 03 04 19 58 09 0F 05 00 FC 94 10 01 .. ....X........
2021-05-27 08:41:24.206 [ TRACE]:en50221: 00 13 01 20 14 03 04 19 A8 09 0F 05 00 FC 97 10 ... ............
2021-05-27 08:41:24.206 [ TRACE]:en50221: 01 00 13 01 20 14 03 04 28 28 09 0F 05 00 FC 95 .... ...((......
2021-05-27 08:41:24.206 [ TRACE]:en50221: 10 01 00 13 01 20 14 03 02 3A 28 06 E2 65 F0 45 ..... ...:(..e.E
2021-05-27 08:41:24.206 [ TRACE]:en50221: 01 09 0F 05 00 FC 93 10 01 00 13 01 20 14 03 04 ............ ...
2021-05-27 08:41:24.206 [ TRACE]:en50221: 19 58 09 0F 05 00 FC 94 10 01 00 13 01 20 14 03 .X........... ..
2021-05-27 08:41:24.206 [ TRACE]:en50221: 04 19 A8 09 0F 05 00 FC 97 10 01 00 13 01 20 14 .............. .
2021-05-27 08:41:24.206 [ TRACE]:en50221: 03 04 28 28 09 0F 05 00 FC 95 10 01 00 13 01 20 ..((...........
2021-05-27 08:41:24.206 [ TRACE]:en50221: 14 03 02 3A 28 06 E2 66 F0 45 01 09 0F 05 00 FC ...:(..f.E......
2021-05-27 08:41:24.206 [ TRACE]:en50221: 93 10 01 00 13 01 20 14 03 04 19 58 09 0F 05 00 ...... ....X....
2021-05-27 08:41:24.206 [ TRACE]:en50221: FC 94 10 01 00 13 01 20 14 03 04 19 A8 09 0F 05 ....... ........
2021-05-27 08:41:24.206 [ TRACE]:en50221: 00 FC 97 10 01 00 13 01 20 14 03 04 28 28 09 0F ........ ...((..
2021-05-27 08:41:24.206 [ TRACE]:en50221: 05 00 FC 95 10 01 00 13 01 20 14 03 02 3A 28 06 ......... ...:(.
2021-05-27 08:41:24.206 [ TRACE]:en50221: E2 67 F0 00 06 E2 68 F0 00 .g....h..
2021-05-27 08:41:24.310 [ TRACE]:en50221: dvbca0: read

#3

Updated by Enigma131 enig 11 days ago

Thanks for the patch, I will try it tomorrow ;)

#4

Updated by Flole Systems 11 days ago

  • Status changed from New to Need feedback

Sorry I wanted to update this bug report aswell but forgot about it. Let me know when you tested it and if it works.

#5

Updated by Enigma131 enig 10 days ago

Patch is working thanks ;)
You have done more changes as me. I don't sure we will have messages above 0x10000 a day, if CAPMT no for sure. Perhaps coding can be reduced but well it works.

I have an other bug but not for CAPMT. I will open a new ticket

#6

Updated by Flole Systems 10 days ago

  • Status changed from Need feedback to Fixed

Well it's complete now so there shouldn't be an issue ever again ;) Nobody knows how long they might get in the future, the protocol allows it so we support it.

Also available in: Atom PDF