Opened 10 years ago

Closed 7 years ago

#7923 closed Patch - Bug Fix (fixed)

CA key updates broken - Smartcard does not get key updates on some providers

Reported by: Mike Nix <mnix@…> Owned by: danielk
Priority: major Milestone: 0.25
Component: MythTV - DVB Version: Master Head
Severity: medium Keywords: CA key updates broken
Cc: Stuart Auchterlonie Ticket locked: no

Description

While watching an encrypted channel, decryption stops working. Verbose logging shows the conditional access module reporting the channel is encrypted at the time of failure.

Encryption will not start working until the smartcard is inserted into another decoder, or the channel is viewed with other software.

Reason: MPEGStreamData::CreatePMTSingleProgram strips out all conditional access mpeg descriptors. None of these are put back into the PMT.

This will only be a problem where CA descriptors are used to send key updates on PIDs that are not part of the data stream for the channel being watched. As the PIDs are not enabled, they are never sent to the CAM/smartcard and the card is never updated. The Optus Aurora service on Optus C1 is one such service.

Changing the call to MPEGDescriptor::ParseAndExclude? to a call to MPEGDescriptor::Parse at libs/libmythtv/mpeg/mpegstreamdata.cpp:520 seems to have fixed this for me.

It may be desirable to remove all the CA descriptors and place only one back in, but I think leaving them all in is better as the Aurora service has two entries, and I know that at least for now, BOTH are used (they are transmitting both Irdeto1 and Irdeto2 encryption and the two CA PIDs are used one for each set of keys).

Attachments (2)

ca-key-patch.diff (861 bytes) - added by Mike Nix <mnix@…> 9 years ago.
patch as requested
ca-key-patch-2.diff (15.0 KB) - added by Mike Nix <mnix@…> 9 years ago.
Technically better solution. Also adds CAT caching and processing.

Download all attachments as: .zip

Change History (17)

comment:1 Changed 10 years ago by Stuart Auchterlonie

Milestone: unknown0.23
Status: newinfoneeded_new

Can you attached a diff of the changes you have done please?

Stuart

comment:2 Changed 9 years ago by paulh

Milestone: 0.230.24

No reply in 7 weeks, Mike it looks like you are going to have to attach the patch as requested by Stuart A. before anyone will look at this even though it looks like a one line fix.

Moving to 0.24

Changed 9 years ago by Mike Nix <mnix@…>

Attachment: ca-key-patch.diff added

patch as requested

comment:3 Changed 9 years ago by stuartm

Status: infoneeded_newnew

comment:4 Changed 9 years ago by Mike Nix <mnix@…>

The patch I attached seems to fix the daily key updates, but about once/week I am still having to shove the card into a regular decoder to update something. I've just tested the windows software that comes with the decoder (TT S2-3650 with TT-Viewer) and it also updates the card correctly, which rules out any problem with the IRDETO CAM and any hardware - so there are still key updates not getting through with MythTV.

I'll keep looking when I have time....

comment:5 Changed 9 years ago by Mike Nix <mnix@…>

It seems that MythTV does not enable PID 1 - Conditional Access Table (CAT) The code also doesn't seem to do anything with the CAT if it receives one.

For testing purposes, I've written code that adds the CA pids in the CAT to the single program PMT so that they are enabled with the CA pids in the PMT. There may be better ways to do this - such as enabling the pids immediately after receiving the CAT, rather than adding them to the PMT.

I will post a patch once I've confirmed that this actually fixes the problem.

comment:6 Changed 9 years ago by Stuart Auchterlonie

Cc: Stuart Auchterlonie added

Changed 9 years ago by Mike Nix <mnix@…>

Attachment: ca-key-patch-2.diff added

Technically better solution. Also adds CAT caching and processing.

comment:7 Changed 9 years ago by Mike Nix <mnix@…>

Second revision of the patch adds handling of the Conditional Access Table.

  • Added PID 01 (CAT) to the list of PIDs being listened to at startup/reset.
  • CAT Caching - basically a copy/paste/rename of the PAT cache code.
  • CA PIDs are not added to the PMT they are added as listening PIDs This is better as we can build the single program PMT and start displaying a picture before the CAT is available, and it won't break if there is no CAT.

I'll have to wait a week or so to make sure this has fixed it, then I'll clean up the code (remove some ifdefs) and post a final patch.

comment:8 Changed 9 years ago by Mike Nix <mnix@…>

just an update for anyone watching this.

I have code that works for the key updates, but when I tested it on my master backend it is locking up the backend after 12 hours or so. I am testing to see if it's my patch, or something that came in from cvs.

comment:9 Changed 9 years ago by robertm

Owner: changed from Janne Grunau to Stuart Auchterlonie
Status: newassigned

comment:10 Changed 9 years ago by Stuart Auchterlonie

Status: assignedinfoneeded

Mike,

Are you still seeing lockups occur regularly with this patch applied or not?

Stuart

comment:11 Changed 9 years ago by stuartm

Status: infoneededassigned
Version: headTrunk Head

comment:12 Changed 9 years ago by mythtv@…

Around the first of every month, I also have to use the provider (Primacom) supplied decoder to update the CAM.

comment:13 Changed 9 years ago by robertm

Milestone: 0.240.25

Don't need any more "Me toos" on this ticket, but could really use an answer to the question about whether there are still lockups with the patch applied.

comment:14 Changed 7 years ago by stuartm

Owner: changed from Stuart Auchterlonie to danielk
Type: defectPatch - Bug Fix

Not a small patch, but pretty contained to the CA code by the looks of it so maybe safe for 0.25 and it's already been pushed for two releases already.

Daniel I'm assigning to you but if you don't have the time to look at it then I'll take it.

comment:15 Changed 7 years ago by Github

Resolution: fixed
Status: assignedclosed

Fixes #7923. Listen for CAT changes.

Note I removed the ifdefs. The version that adds the Conditional Access Descriptor to the PMT will break FTA programming. The version that just listens for the streams is safe and is reported to fix the problem. This just commits the safe version.

Branch: master Changeset: 9e6206728a29ba9c4b1c981d56e83aedaf804a7c

Note: See TracTickets for help on using tickets.