Distribuite by dreambox.chokelive.

com
gbox - Version 1.00pre11
----------------------------------------------------------------------
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
This is an internal beta version, not for public release. It is incomplete,
contains bugs and should not be used by any 'Joe Public' user. If anyone
receives this from someone else and wants to test it, you can do so. I would
only ask that you do not start a discussion and do not distribute this to any
upload servers, nor post any images. If you are not in a position to create your
own image, then you'll only have problems with this software.
Thanks!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

The gbox is:

A. Emulator: Irdeto,Seca,Viaccess,Nagravision,Conax. All with AU

B. Softcam : Irdeto,Seca,Viaccess,Nagravision,Conax,Cryptoworks,NDS
auch alle 2er systeme. All with AU
C. off-air ECM&EMM Log Auswerter.
D. Tool to send ECMs and EMMs to the card via the RS232 port.
E. Multipid logger: multiple ECM and EMM pids can be logged simultaneously
F. Card sharing Client & Server peer to peer, local and internet.
G. Standalone CWserver
H. GSMS Messageing system

The following versions are contained in the Zip:

PPC - Linux api1
Linux api2
Linux api3
Intel X86 Linux api3 (VDR)
dos&windows (Multidec, ProgDVB, MyTheatre, usw.)

The gbox works in direct or indirect mode.

In direct mode, the pmt is written on the trigger of the /var/tmp/pmt.tmp, the
gbox controls all other pids and the cw_write

If no pmt.tmp is found, the gbox will work in indirect mode in which the PMT/CAT
and the ECM/EMM pids are sent to the gbox via UDP, and it sends back the CWs via
UDP.

This mode is API-less and can be used with any application.

direkt indirekt off-air cwserver

PPC - Linux api1 api1 Yes Yes Yes
Linux api2 api2 Yes Yes Yes
Linux api3 api3 Yes Yes Yes
Intel X86 Linux api3 api3 Yes Yes Yes
dos&windows - Yes Yes Yes

UDP Instructions:
UDP port 8003: gbox_out (CW_write, Need_pids)
UDP port 8004: gbox_in (PMT, CAT)
UDP port 8005: gbox_in (pid1 von der Need_pids liste)
UDP port 8006: gbox_in (pid2 von der Need_pids liste)
 UDP port 8007: gbox_in (pid3 von der Need_pids liste)
usw.

CW_Write : 89 CW1 CW2

Example : 89 01 02 03 04 05 06 07 08 10 20 30 40 50 60 70 80

Need_pids: 8A pid_number(1 byte) pid1(2 bytes) pid2(2 bytes) usw ...

Example : 8A 02 10 00 15 00

CAT : 86 01 .....

PMT : 87 02 .....

pidx : 88 pid(2 bytes) len(1 byte) data

Example : 88 15 01 48 81 70 ...

Bei jedem Nee_pids muss der server alle pids >= 8005 schlieáen, und
nach der erhaltenen Liste alle neu ”ffnen.

Irdeto AU
==============================
+ Single Key update
+ multiple Key update - 2 keys
+ multiple Key update - 2 single key update in ein Packet
+ PMK update

A multiple key update - 4 keys I'm not sure about but it should work.

There could be many Prov/PMKs introduced. With debug level 2 all keys are
written, irrespective of whether these are old or new. Therefore all Prov/PMKs
are checked for validity.

If a provider ID of 00 00 00 is supplied, this is tested with every EMM and when

the correct signature is found an update is run.

Seca AU
============================
+ multiple Key update - 3 keys
+ AU over primary MK or primary & secondary MK

In the case of a known key, but not the PPUA and/or key number, the PPUA is
given as 00 00 00. In this case the key is checked for all EMMs and when the
correct hash and signature match the update is run, and thus the PPUA/Key nr is
distributed.

The number of simultaneous 00 00 00 00 keys that can be processed depends on the

speed of the EMM data, although one will always run (?).

Many PPUA/MKs per provider can be used. With debug level 2, all keys are written
irrespective of whether they are new or old. So all the PPUA/MKs can be tested
for validity.

Via AU
====================
+ single Key update
+ multiple key update 2 keys
 + AU ber SA (SRG, SloTV, ...)
+ AU ber UA (SVT, HRT, ... )
+ AU ber issuer

There could be many Prov/PMKs introduced. With debug level 2 all keys are
written, irrespective of whether these are old or new. Therefore all Prov/PMKs
are checked for validity.

Falls eine PPUA als 00 00 00 00 angegeben wird, wird dieser MK mit

allen EMM's berpr ft, im falle einer g ltigen Signatur wird das
update ausgef hrt.
See above

Nagra AU
========
Implementation of ROM3, ROM7, ROM10 and ROM11 Card types.
0001 - Dish Networks
0801 - Bell Express VU
2C01 - SABC
4001 - Via Digital
4601 - Euskatel
4801 - TV Cabo
4A01 - MMBN (Asia)
4E01 - Dream TV (Philipines)
5401 - NTL Cable
5A01 - TeleWest Cable
5C01 - C&W/NTL Cable
7001 - Polsat
7401 - Star Digital
9401 - Hong Kong Cable

There's not much to say here - it's completely plug and play. Just leave it in
Autoupdate_mode=Auto. All ROMs, EEPROMs, RAMs, keys etc. are integrated into the
gbox.

Conax AU
========
There could be many Prov/PMKs introduced. With debug level 2 all keys are
written, irrespective of whether these are old or new. Therefore all Prov/PMKs
are checked for validity.
See above

The AU is implemented for complete updates (exp+mod) as well as partial updates

(only exp or only mod).

Gbox Multisystem Softcam

========================
In the gbox is an integrated multisystem softcam. To use this, you will need to
attach a chip card reader to COM1 or COM2 (modem slot on the dbox2).

You can connect a Smartmouse/Phoenix to COM1 or COM2. Or a sc8in1 for up to 8

cards on one COM port. With this it is possible to communicate with up to 8 chip
cards over COM1 or COM2. This way it does not matter which card system is
involved, as all cards and systems can be combined. This would mean 8 Magiccams.

The COM port on the dbox2 is TTL level, to which a sc8in1 can be directly
attached, although not a Smartmouse. To connect a Multicam to COM2 of the dbox2,
please read the file multicam.txt.

Currently, the following cam systems are supported:

 Irdeto allcam - A0x/K0x/S0x/C/D/F/1.x/382/383/384/Z/nonZ/DS9/Xin1
Seca/Mediagard - Original Seca1+Seca2, GW, Fun
Viaccess - Original, GW, Fun
Nagravision - Original, Fun
Cryptoworks - Original
Conax - Original
NDS - Original

All systems with full autoupdate support.

Tested with dbox2(PPC), VDR(intel x86) and Win32(intel x86)

*6MHz test* ECM test EMM test

=========================================================
Irdeto 1.x GW OK OK OK
Irdeto 6in1 Fun OK OK OK
Irdeto DS9 Piccard2 OK OK -
Irdeto Fun C/D383Z OK OK OK
Irdeto Fun C/D/F384Z OK OK OK
Irdeto original C/D/F383Z OK OK OK
Irdeto original C/D/F384 OK OK OK
Irdeto original A01/K01/S01 OK OK OK
Irdeto original A02/K02/S02 OK OK OK
Irdeto2 original OK OK OK
---------------------------------------------------------
Seca Fun OK OK OK
Seca GW OK OK OK
Seca original OK OK OK
Seca2 original OK OK OK
---------------------------------------------------------
Viaccess Fun OK OK OK
Viaccess GW OK OK OK
Viaccess original OK OK OK
Viaccess2 original OK OK OK
---------------------------------------------------------
Nagravision Fun OK OK OK
Nagravision original ROM2 OK OK OK
Nagravision original ROM3 OK OK OK
Nagravision original ROM7 OK OK OK
Nagravision original ROM10 OK OK OK
Nagravision original ROM11 - OK OK
---------------------------------------------------------
Cryptoworks original V1 OK OK OK
Cryptoworks original V2 OK OK OK
Cryptoworks original V3 OK OK OK
---------------------------------------------------------
Conaxis Fun-NagraInConax OK OK -
Conax original OK OK OK
---------------------------------------------------------
NDS original (provider: 0960) OK OK OK
---------------------------------------------------------

(*)With the dbox2 3.579MHz and 6MHz oscillators can be used for all systems.
The software sets the baud rate, the card type and automatically sets all the
parameters. A 6MHz type is recommended, since the card works 68% faster with it
and changes channels more quickly etc. Almost all cards (except Nagra ROM11) run
absolutely reliably.
On a PC with VDR it is recommended to use several quartz (crystals?) together
according to your needs. The delivery specification includes 2 * 6MHz, 2*3.686
and 4*3.579.

The following systems will run with the corresponding crystals

Irdeto 6.0000 MHz
Seca 3.5795 MHz
Viaccess 3.5795 MHz
Nagravision 3.6864 MHz
Cryptoworks 3.5795 MHz
Conax 3.5795 MHz
NDS 3.5795 MHz

In the gbox is an integrated software blocker that allows it to block EMMs.

Groups of EMMs can be blocked according to addressing, EMMs for all cards, for
shared or unique addresses. This is configured in the softcam.cfg

NET Mode
========
NET-mode is intended for:

1. Development/testing (implemented)
The dbox 2 sends each ECM over the network to the PC which then performs the
decryption and sends the CWs to the dbox2, which can be used for decoding.
In the sub-folder /net-mode you will find a small software demo, C source and
executable (cygwin)

2. Networking the dbox2 (implemented)

Networking several dbox2s (living room, bedroom, neighbour…) in order to use all
boxes with one card, so that all boxes can use all available cards.

3. CW & card sharing (in development)

As with point 1, only using a server instead of a PC that communicates over the
internet.

For the NET mode UDP must be initialised

L: { 01 } PC_IP

Server mode: Decode ECM

-----------------------
Decodes an ECM with the emulator, answers with the CWs

Instruction: 0x42 0x15 Client_IP Len CaID PID ECM_data ...

Answer(success) 0x41 0x15 0x10 CW0 ... CW1 ...
Answer(failed) 0x41 0x15 0x00

Client mode: Init NET mode

--------------------------
NET mode init, EMU is disabled (?), dbox2 becomes a client, the ECMs go to the
given IP (server)

Instruction: 0x42 0x12 0x04 Server_IP

Answer(success) 0x41 0x12 0x00

In order to switch back to Net mode, the following entry in gbox_cfg must exist:
G { 02 } // Pure NET Client
 Multipid logger
===============
Multipid logger
In the zip you will find the MultiCaID/MultiPID logger from trilu. To use this,
the following field in the gbox_cfg must be set, L: { 01 } PC_IP in order to
initialise the UDP port.

The implemented UDP (port:8017) instructions are::

Instruction: "B" 0x42
Answer: "A" 0x41
LogDaten: L CaID (2bytes) Pid(2bytes) Len(2bytes) ... Daten n=Len

Structure
===========================================
Instruction Type L„nge Daten=L„nge
0x42 0x?? 0xlen Daten ....

Get cat
=======
Instruction: 0x42 0x01 0x00
Answer: 0x41 0x01 0xLN ......
LN number of Bytes in CAT.

Get pmt
=======
Instruction: 0x42 0x02 0x00
Answer: 0x41 0x02 0xLN ......
LN number of Bytes in PMT.

Get selected pids for logging

=============================
Instruction: 0x42 0x03 0x00
Answer: 0x41 0x03 0xLN 0xA1 0xA2 0xB1 0xB2 ......

LN/2 number pids.

A1A2 first pid
B1B2 second pid
...
..
In case no PIDs are selected: 0x41 0x03 0x00

Selected pids for logging

=========================
Instruction: 0x42 0x04 0xLN 0xA1 0xA2 0xB1 0xB2 ......
Answer: 0x41 0x04 0x00 (OK)

LN/2 Anzahl der pids.

A1A2 first pid
B1B2 second pid
...
..

Get available pids for logging

==============================
Instruction: 0x42 0x05 0x00
Answer: 0x41 0x05 0xLN 0xA1 0xA2 0xA3 0xA4 0xA5 0xB1 0xB2 ...
LN/5 Anzahl der pids.
A1A2 first CaID
A3A4 first pid
A5 Type EMM=0 ; ECM=1
..
Falls keine pids da sind (FTA): 0x41 0x05 0x00

Start Logging
=============
Instruction: 0x42 0xFE 0x00
Answer: 0x41 0xFE 0x00

Stop Logging
============
Instruction: 0x42 0xFF 0x00
Answer: 0x41 0xFF 0x00

PIDs can only be logged that have been read and mapped, thus the cat and pmt are
informative, using the 0x05 to see what is there (?)

Only send commands when logging off !

After each command a reply should arrive. For the log off command you need to
always send two log offs in order to receive an answer - this may be to do with
my test software.

In the folder you will find the logger from trilu and this can log single or
multiple pids (ecm and/or emm).

Card sharing
------------
Cwsharing supports local networks and the internet. A peer to peer network is
built, in which all dboxes communicate with one another directly. This is
designed for performance and security reasons.
With cwsharing it does not matter which dbox2 has what card, and who is using
which sender.
The cwsharing is reasonably optimised, and it should not be a problem to have
more than 100 users for each card.
All cards are supported with sharing.

A few settings:

1. The owner has absolute priority, no matter how many users are attached to
his card and he should not need to use the 'zapping' feature.

2. Each dbox2 only communicates directly with the dbox2s listed in the
cwshare.cfg

3. According to the IP entry in the cwshare.cfg, there are two codes:

Code 1 - this IP allows my card data to be distributed to x groups of friends
Code 2 - this IP allows my foreign card data to be distributed to x groups of
friends

If the user A has the cryptocard and the user B is his friend (with an entry in
the cwshare.cfg), then user B can also use user A's cryptocard. If user C is a
friend of user B, he can also use user A's card, as long as he has allowed it
(code 1>1). If user D is a friend of user C, he can also use user A's card (if
he has allowed it = code 1>2) and so on.
Important: every dbox2 only communicates with those nominated as friends, with
the ECMs and CWs going from dbox2 to dbox2 until the limit is reached.

4. All files are completely encrypted so even headers are not recognisable

Install:

a. If you want to go into the internet, you should have a look at dyndns.org
and set up an account. Activate dyndns in your router, so that it registers with
dyndns.org whenever you go online.

b. Make sure you give the Gateway and Nameserver in the network configuration
of the dbox.

c. On the router the referenced ports to the dbox2 need to be opened so that it
can transmit the incoming data. This is called 'port forwarding' and is not
necessary for local networks, only for the internet!

d. On the local network all boxes must have entries in each cwshare.cfg to
ensure these are always found. Thus any machine can be first to boot and the
next one will always find those that are already on line.

e. Always use MIX MODE and (NON_AU or AUTO_AU)!

When the AU is set to ON, too many EMMs can be sent to the card for the sharing
to manage. Auto AU limits the AU by demand, and switches it back off after a
successful decode. It is recommended to use CW sharing with NON_AU, as the AU
will switch itself on when, for example, the PW is zapped directly, thus it
depends on whether an AU is essential or not (?).

----------------------------------------------------------------------
An example for three boxes in a LAN with one on the internet

# cwshare.cfg --- dbox1 --- Internet and Local Network

#
# My dbox2 (local IP =192.168.0.6)
# password
M: { mydbox2.homeip.net { AA242456 }}
#
# Internet Friends RX TX_Port password cod
D: { friend1.homeip.net { 8200 8200 { B142AB11 { 5 5 }}}}
D: { friend2.homelinux.net { 8200 8200 { 81BFF901 { 5 5 }}}}
#
# other local boxes
D: { 192.168.0.51 { 8200 8200 { AB333441 { 5 5 }}}
D: { 192.168.0.52 { 8200 8200 { BA334B24 { 5 5 }}}

# cwshare.cfg --- dbox2 --- Local Network

# password
M: { 192.168.0.51 { AB333441 }}
#
# other local boxes
D: { 192.168.0.6 { 8200 8200 { AA242456 { 5 5 }}}}
D: { 192.168.0.52 { 8200 8200 { BA334B24 { 5 5 }}}}

# cwshare.cfg --- dbox3 --- Local Network

# password
M: { 192.168.0.52 { BA334B24 }}
#
# other local boxes
D: { 192.168.0.6 { 8200 8200 { AA242456 { 5 5 }}}}
D: { 192.168.0.51 { 8200 8200 { AB333441 { 5 5 }}}}

CWserver
========
If the gbox is not running as a receiver and the /var/tmp/pmt.tmp is not found,
it will run as a CW server. A Phoenix will be used on Com1, or a sc8in1 for up
to 8 cards on com1.

Off-air Decryption
==================

To decrypt the logged ECMs and/or EMMs or to send them to a card, the gbox is
called with 2 arguments:

gbox file caid

Example: gbox seca-ecm.txt 0100

Example: gbox seca-ecm.bin 0100

In the gbox.cfg you can determine whether a decryption should be done via the
emulator (Mode =emu) or the ECMs and EMMs should be sent to the card
(Mode=Softcam).
The ECMs and EMMs can be combined into a text or binary file and in case the log
in the gbox is set to multipid mode, the ECM from various systems can be seen in
the log file. If a sc8in1 is attached to COM1, the ECMs and EMMs are forwarded
to the relevant cards.

With Nagra decryption, there has to be an ECM in the log file as this is used to
check the keys.

GSMS
====
GSMS allows messages to be sent to either a single gbox or all on the network.
Only one file, gsms.txt, is copied to /var/tmp and this is then read in, the
data sent on and the file deleted.
If the IP address 0.0.0.0 is given, the message is sent to all dboxes in the
cwshare.txt file.
The automatic display of GSMS messages on the screen is only available with
Neutrino or Enigma. With VDR you need a plugin or something else (to follow).

192.168.0.51 0 this is a normal test message/this is the second line//and this

the fourth
someip.homelinux.net 0 this is also e normal message
192.168.0.52 1 this will display a popup that will require a/OK pressing, to
disappear

Install
=======
The files from /keys/ (irdeto, seca, via, ...) must be copied to /var/keys

A folder /var/tmp must be available to store temporary files

For different settings please refer to the gbox.cfg and softcam.cfg

VDR:
----

The following driver is used, patched from the root

Patch the VDR with /x86/linux/gbox_VDR.diff

Call the gbox:

./vdr
./gboxx86

With multiple cards the gbox will need to be started several times. A separate
copy of gbox (including keys and config files) should be started for each card.

/var/keys/gbox0/gboxX86
/var/keys/gbox1/gboxX86
/var/keys/gbox2/gboxX86
etc ...

A gbox can control a COM port (with Multicam or sc8in1). If there are two or
more cards in a system, all of them can gain access to their own multicam or
sc8in1 and then the smartcards can be used by all dvb-s cards.

.
Only one gbox can manage the cwshare. We'll call this the master gbox and the
other one a slave.

In the master cwshare.cfg are entries for all other friends and the rest of the
dvb-s cards in the system. With this configuration all slave gboxes should have
their own RX UDP port

Master (4 card example):

M: { 192.168.0.10 { 12345678 }
D: { 192.168.0.10 { 8000 8001 { 12345670 { 5 5 }}}}
D: { 192.168.0.10 { 8000 8002 { 12345671 { 5 5 }}}}
D: { 192.168.0.10 { 8000 8003 { 12345672 { 5 5 }}}}

Bei den slaves:

M: { 192.168.0.10 { 12345670 }
D: { 192.168.0.10 { 8001 8000 { 12345678 { 5 5 }}}}

M: { 192.168.0.10 { 12345671 }
D: { 192.168.0.10 { 8002 8000 { 12345678 { 5 5 }}}}

M: { 192.168.0.10 { 12345672 }
D: { 192.168.0.10 { 8003 8000 { 12345678 { 5 5 }}}}

The softcsa is also not implemented. I do not have a SkyStar and therefore can't
implement or test this.

From /dev/dvb/adapter0/ca0
I only use
Ioctl (ca_handle,CA_SET_DESCR,&ca_descr);
If anyone is interested, could they write a module that opens a device
/dev/dvb/adapter0/ca0 and implements the softcwwrite.

dbox2
-----
Gbox is a daemon that should not be killed by channel changing. It is started
once, and then the channel change is triggered by the writing of the PMT to
/var/tmp/pmt.tmp.

The driver gboxdrv.o must be copied from /lib/modules/2.4.22/misc/, and in

startscript normal with in mode to be installed. For 2.4.22-dbox2 the driver
gboxdrv.o.-dbox2 in gboxdrv.o rename and after /lib/modules/2.4.22-dbox2/misc/
copy.

Windows
-------
The dbox works on Windows only in indirect mode. As an interface (wrapper?)
between DVBcore applications and the gbox the plugin gboxsfriend.dll is used
which is compatible with DVBcore. This sends the PMT&CAT to the gbox on channgel
changes and later the ECMs and EMMs too.

For Multidec compatible applications you will still need to use the wrapper
DVBcore.dll - this allows a dvbcode compatible plugin to be used with a Multidec
API application.

DVBcore.dll should be copied to the Multidec folder and gbossfriend.dll

installed in the \plugins folder under the Multidec folder.

Zapping is slower under Multidec/ProgDVB as the PIDs from Multidec/ProgDVB first

go to the wrapper, then to gboxsfriend and then to the gbox. To accelerate this
we need a Multidec compatible gboxsfriend to be written.

---------------------------------------------------------------------
In der entwicklung dieser Software haben viele Personen teilgenommen.
Manche in guter Absicht, manche unwissentlich, mit Ihrer Arbeit und
Forschung. Das jemand hier aufgef hrt ist, bedeutet nicht das er
irgendetwas mit der gbox direkt zu tun hat.

Freundliche Gr áe und ein groáes danke an:

Campag5242, Chianti_le, Dagobert, denny, dvbtux, Gizm0, hpsp, Luki,

LuckyLooser, nervous, Nirvana, NoClue, Nullahnung, Secuworld, SoldierX,
StillerLeser, TBFT, TaGana, Telefonman, TheBorg, strsh, tmbinc, trilu,
tufler17, Ulster94, zapit_emu.

ohne die, diese Software nicht entstanden w„hre.

Ebenfalls bedanke ich mich bei allen betatestern die mir durch ihre
bugreports sehr geholfen haben haben.

Ein groáes danke auch an das dbox2world Board.

Sorry falls ich jemanden vergessen habe.