CA key updates broken - Smartcard does not get key updates on some providers

[Mike Nix <mnix@…>]

While watching an encrypted channel, decryption stops working. Verbose logging shows the conditional access module reporting the channel is encrypted at the time of failure.

Encryption will not start working until the smartcard is inserted into another decoder, or the channel is viewed with other software.

Reason: MPEGStreamData::CreatePMTSingleProgram strips out all conditional access mpeg descriptors. None of these are put back into the PMT.

This will only be a problem where CA descriptors are used to send key updates on PIDs that are not part of the data stream for the channel being watched. As the PIDs are not enabled, they are never sent to the CAM/smartcard and the card is never updated. The Optus Aurora service on Optus C1 is one such service.

Changing the call to MPEGDescriptor::ParseAndExclude? to a call to MPEGDescriptor::Parse at libs/libmythtv/mpeg/mpegstreamdata.cpp:520 seems to have fixed this for me.

It may be desirable to remove all the CA descriptors and place only one back in, but I think leaving them all in is better as the Aurora service has two entries, and I know that at least for now, BOTH are used (they are transmitting both Irdeto1 and Irdeto2 encryption and the two CA PIDs are used one for each set of keys).

[stuarta]

Can you attached a diff of the changes you have done please?

Stuart

[paulh]

No reply in 7 weeks, Mike it looks like you are going to have to attach the patch as requested by Stuart A. before anyone will look at this even though it looks like a one line fix.

Moving to 0.24

[Mike Nix <mnix@…>]

patch as requested

[Mike Nix <mnix@…>]

The patch I attached seems to fix the daily key updates, but about once/week I am still having to shove the card into a regular decoder to update something. I've just tested the windows software that comes with the decoder (TT S2-3650 with TT-Viewer) and it also updates the card correctly, which rules out any problem with the IRDETO CAM and any hardware - so there are still key updates not getting through with MythTV.

I'll keep looking when I have time....

[Mike Nix <mnix@…>]

It seems that MythTV does not enable PID 1 - Conditional Access Table (CAT) The code also doesn't seem to do anything with the CAT if it receives one.

For testing purposes, I've written code that adds the CA pids in the CAT to the single program PMT so that they are enabled with the CA pids in the PMT. There may be better ways to do this - such as enabling the pids immediately after receiving the CAT, rather than adding them to the PMT.

I will post a patch once I've confirmed that this actually fixes the problem.

[Mike Nix <mnix@…>]

Technically better solution. Also adds CAT caching and processing.

[Mike Nix <mnix@…>]

Second revision of the patch adds handling of the Conditional Access Table.

• Added PID 01 (CAT) to the list of PIDs being listened to at startup/reset.
• CAT Caching - basically a copy/paste/rename of the PAT cache code.
• CA PIDs are not added to the PMT they are added as listening PIDs This is better as we can build the single program PMT and start displaying a picture before the CAT is available, and it won't break if there is no CAT.

I'll have to wait a week or so to make sure this has fixed it, then I'll clean up the code (remove some ifdefs) and post a final patch.

[Mike Nix <mnix@…>]

just an update for anyone watching this.

I have code that works for the key updates, but when I tested it on my master backend it is locking up the backend after 12 hours or so. I am testing to see if it's my patch, or something that came in from cvs.

[stuarta]

Mike,

Are you still seeing lockups occur regularly with this patch applied or not?

Stuart

[mythtv@…]

Around the first of every month, I also have to use the provider (Primacom) supplied decoder to update the CAM.

[robertm]

Don't need any more "Me toos" on this ticket, but could really use an answer to the question about whether there are still lockups with the patch applied.