Ticket #7923 (closed Patch - Bug Fix: fixed)
Opened 2 years ago
Last modified 3 months ago
CA key updates broken - Smartcard does not get key updates on some providers
| Reported by: | Mike Nix <mnix@…> | Owned by: | danielk |
|---|---|---|---|
| Priority: | major | Milestone: | 0.25 |
| Component: | MythTV - DVB | Version: | Master Head |
| Severity: | medium | Keywords: | CA key updates broken |
| Cc: | stuarta | Ticket locked: | no |
Description
While watching an encrypted channel, decryption stops working. Verbose logging shows the conditional access module reporting the channel is encrypted at the time of failure.
Encryption will not start working until the smartcard is inserted into another decoder, or the channel is viewed with other software.
Reason: MPEGStreamData::CreatePMTSingleProgram strips out all conditional access mpeg descriptors. None of these are put back into the PMT.
This will only be a problem where CA descriptors are used to send key updates on PIDs that are not part of the data stream for the channel being watched. As the PIDs are not enabled, they are never sent to the CAM/smartcard and the card is never updated. The Optus Aurora service on Optus C1 is one such service.
Changing the call to MPEGDescriptor::ParseAndExclude? to a call to MPEGDescriptor::Parse at libs/libmythtv/mpeg/mpegstreamdata.cpp:520 seems to have fixed this for me.
It may be desirable to remove all the CA descriptors and place only one back in, but I think leaving them all in is better as the Aurora service has two entries, and I know that at least for now, BOTH are used (they are transmitting both Irdeto1 and Irdeto2 encryption and the two CA PIDs are used one for each set of keys).
Attachments
Change History
comment:1 Changed 2 years ago by stuarta
- Status changed from new to infoneeded_new
- Milestone changed from unknown to 0.23
comment:2 Changed 2 years ago by paulh
- Milestone changed from 0.23 to 0.24
No reply in 7 weeks, Mike it looks like you are going to have to attach the patch as requested by Stuart A. before anyone will look at this even though it looks like a one line fix.
Moving to 0.24
comment:4 Changed 2 years ago by Mike Nix <mnix@…>
The patch I attached seems to fix the daily key updates, but about once/week I am still having to shove the card into a regular decoder to update something. I've just tested the windows software that comes with the decoder (TT S2-3650 with TT-Viewer) and it also updates the card correctly, which rules out any problem with the IRDETO CAM and any hardware - so there are still key updates not getting through with MythTV.
I'll keep looking when I have time....
comment:5 Changed 2 years ago by Mike Nix <mnix@…>
It seems that MythTV does not enable PID 1 - Conditional Access Table (CAT) The code also doesn't seem to do anything with the CAT if it receives one.
For testing purposes, I've written code that adds the CA pids in the CAT to the single program PMT so that they are enabled with the CA pids in the PMT. There may be better ways to do this - such as enabling the pids immediately after receiving the CAT, rather than adding them to the PMT.
I will post a patch once I've confirmed that this actually fixes the problem.
Changed 2 years ago by Mike Nix <mnix@…>
- Attachment ca-key-patch-2.diff added
Technically better solution. Also adds CAT caching and processing.
comment:7 Changed 2 years ago by Mike Nix <mnix@…>
Second revision of the patch adds handling of the Conditional Access Table.
- Added PID 01 (CAT) to the list of PIDs being listened to at startup/reset.
- CAT Caching - basically a copy/paste/rename of the PAT cache code.
- CA PIDs are not added to the PMT they are added as listening PIDs This is better as we can build the single program PMT and start displaying a picture before the CAT is available, and it won't break if there is no CAT.
I'll have to wait a week or so to make sure this has fixed it, then I'll clean up the code (remove some ifdefs) and post a final patch.
comment:8 Changed 2 years ago by Mike Nix <mnix@…>
just an update for anyone watching this.
I have code that works for the key updates, but when I tested it on my master backend it is locking up the backend after 12 hours or so. I am testing to see if it's my patch, or something that came in from cvs.
comment:9 Changed 22 months ago by robertm
- Owner changed from janne to stuarta
- Status changed from new to assigned
comment:10 Changed 22 months ago by stuarta
- Status changed from assigned to infoneeded
Mike,
Are you still seeing lockups occur regularly with this patch applied or not?
Stuart
comment:11 Changed 21 months ago by stuartm
- Status changed from infoneeded to assigned
- Version changed from head to Trunk Head
comment:12 Changed 20 months ago by mythtv@…
Around the first of every month, I also have to use the provider (Primacom) supplied decoder to update the CAM.
comment:13 Changed 20 months ago by robertm
- Milestone changed from 0.24 to 0.25
Don't need any more "Me toos" on this ticket, but could really use an answer to the question about whether there are still lockups with the patch applied.
comment:14 Changed 3 months ago by stuartm
- Owner changed from stuarta to danielk
- Type changed from defect to Patch - Bug Fix
Not a small patch, but pretty contained to the CA code by the looks of it so maybe safe for 0.25 and it's already been pushed for two releases already.
Daniel I'm assigning to you but if you don't have the time to look at it then I'll take it.
comment:15 Changed 3 months ago by Github
- Status changed from assigned to closed
- Resolution set to fixed
Fixes #7923. Listen for CAT changes.
Note I removed the ifdefs. The version that adds the Conditional Access Descriptor to the PMT will break FTA programming. The version that just listens for the streams is safe and is reported to fix the problem. This just commits the safe version.
Branch: master Changeset: 9e6206728a29ba9c4b1c981d56e83aedaf804a7c
Can you attached a diff of the changes you have done please?
Stuart