oscam-emu.patch

Index: CMakeLists.txt
===================================================================
--- CMakeLists.txt	(revision 10284)
+++ CMakeLists.txt	(working copy)
@@ -200,6 +200,14 @@
     message(STATUS "  no pthread found. No smartreader ")
 endif (HAVE_PTHREAD)
 
+check_include_file ("execinfo.h" HAVE_EXECINFO)
+if (HAVE_EXECINFO)
+    message(STATUS "  execinfo.h found. Adding backtrace support ")
+    add_definitions ("-DHAVE_EXECINFO_H")
+elseif (HAVE_EXECINFO)
+    message(STATUS "  no execinfo.h found. No backtrace support ")
+endif (HAVE_EXECINFO)
+
 check_include_file ("openssl/aes.h" HAVE_LIBCRYPTO)
 if (HAVE_LIBCRYPTO)
     add_definitions ("-DWITH_LIBCRYPTO=1")
@@ -396,6 +404,13 @@
 # Manage config.h based on command line parameters
 # Manipulate config file based on given parameters and read unset parameters
 
+execute_process (COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/config.sh --enabled WITH_EMU OUTPUT_VARIABLE CONFIG_WITH_EMU OUTPUT_STRIP_TRAILING_WHITESPACE)
+if (CONFIG_WITH_EMU MATCHES "Y" AND NOT WITH_EMU EQUAL 1)
+	add_definitions ("-DWITH_EMU")
+	set (WITH_EMU "1")
+	message(STATUS "  EMU is added by config compiling with EMU")
+endif(CONFIG_WITH_EMU MATCHES "Y" AND NOT WITH_EMU EQUAL 1)
+
 execute_process (COMMAND ${CMAKE_CURRENT_SOURCE_DIR}/config.sh --show-valid OUTPUT_VARIABLE config_vars_string OUTPUT_STRIP_TRAILING_WHITESPACE)
 string(REGEX MATCHALL "[A-Z0-9_]+" config_vars ${config_vars_string})
 
@@ -701,6 +716,22 @@
 
 #--------------------------------------------------------------------------------
 
+if (NOT OSCamOperatingSystem MATCHES "Mac OS X")
+if (NOT DEFINED ENV{ANDROID_NDK})
+if (NOT DEFINED ENV{ANDROID_STANDALONE_TOOLCHAIN})
+  if(WITH_EMU)
+	if(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/SoftCam.Key)
+ 		execute_process(COMMAND cp ${CMAKE_CURRENT_SOURCE_DIR}/SoftCam.Key ${CMAKE_CURRENT_BINARY_DIR}/SoftCam.Key)
+	else(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/SoftCam.Key)
+		execute_process(COMMAND touch ${CMAKE_CURRENT_BINARY_DIR}/SoftCam.Key)
+	endif(EXISTS ${CMAKE_CURRENT_SOURCE_DIR}/SoftCam.Key)
+	execute_process(COMMAND touch ${CMAKE_CURRENT_BINARY_DIR}/utils/SoftCam.Key)
+	set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,--format=binary -Wl,SoftCam.Key -Wl,--format=default" ) 
+ endif(WITH_EMU)
+endif (NOT DEFINED ENV{ANDROID_STANDALONE_TOOLCHAIN})
+endif (NOT DEFINED ENV{ANDROID_NDK})
+endif (NOT OSCamOperatingSystem MATCHES "Mac OS X")
+
 #----------------------- installation -----------------------------
 
 file (GLOB config_files "${CMAKE_CURRENT_SOURCE_DIR}/Distribution/oscam.*")
@@ -789,4 +820,8 @@
  endif(STATICLIBUSB AND NOT LIBUSBDIR)
 endif (HAVE_LIBUSB)
 
+if (WITH_EMU)
+	message(STATUS "  Compile with EMU support")
+endif (WITH_EMU)
+
 message (STATUS "")
Index: config.h
===================================================================
--- config.h	(revision 10284)
+++ config.h	(working copy)
@@ -1,6 +1,7 @@
 #ifndef CONFIG_H_
 #define CONFIG_H_
 
+#define WITH_EMU 1
 #define WEBIF 1
 #define WEBIF_LIVELOG 1
 #define WEBIF_JQUERY 1
Index: config.sh
===================================================================
--- config.sh	(revision 10284)
+++ config.sh	(working copy)
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-addons="WEBIF WEBIF_LIVELOG WEBIF_JQUERY TOUCH WITH_SSL HAVE_DVBAPI IRDETO_GUESSING CS_ANTICASC WITH_DEBUG MODULE_MONITOR WITH_LB CS_CACHEEX CW_CYCLE_CHECK LCDSUPPORT LEDSUPPORT CLOCKFIX IPV6SUPPORT"
+addons="WEBIF WEBIF_LIVELOG WEBIF_JQUERY TOUCH WITH_SSL HAVE_DVBAPI IRDETO_GUESSING CS_ANTICASC WITH_DEBUG MODULE_MONITOR WITH_LB CS_CACHEEX CW_CYCLE_CHECK LCDSUPPORT LEDSUPPORT CLOCKFIX IPV6SUPPORT WITH_EMU"
 protocols="MODULE_CAMD33 MODULE_CAMD35 MODULE_CAMD35_TCP MODULE_NEWCAMD MODULE_CCCAM MODULE_CCCSHARE MODULE_GBOX MODULE_RADEGAST MODULE_SCAM MODULE_SERIAL MODULE_CONSTCW MODULE_PANDORA MODULE_GHTTP"
 readers="READER_NAGRA READER_IRDETO READER_CONAX READER_CRYPTOWORKS READER_SECA READER_VIACCESS READER_VIDEOGUARD READER_DRE READER_TONGFANG READER_BULCRYPT READER_GRIFFIN READER_DGCRYPT"
 card_readers="CARDREADER_PHOENIX CARDREADER_INTERNAL CARDREADER_SC8IN1 CARDREADER_MP35 CARDREADER_SMARGO CARDREADER_DB2COM CARDREADER_STAPI CARDREADER_STINGER"
@@ -23,6 +23,7 @@
 # CONFIG_LEDSUPPORT=n
 CONFIG_CLOCKFIX=y
 # CONFIG_IPV6SUPPORT=n
+CONFIG_WITH_EMU=y
 # CONFIG_MODULE_CAMD33=n
 CONFIG_MODULE_CAMD35=y
 CONFIG_MODULE_CAMD35_TCP=y
@@ -286,12 +287,13 @@
 
 update_deps() {
 	# Calculate dependencies
-	enabled_any $(get_opts readers) $(get_opts card_readers) && enable_opt WITH_CARDREADER >/dev/null
-	disabled_all $(get_opts readers) $(get_opts card_readers) && disable_opt WITH_CARDREADER >/dev/null
+	enabled_any $(get_opts readers) $(get_opts card_readers) WITH_EMU && enable_opt WITH_CARDREADER >/dev/null
+	disabled_all $(get_opts readers) $(get_opts card_readers) WITH_EMU && disable_opt WITH_CARDREADER >/dev/null
 	disabled WEBIF && disable_opt WEBIF_LIVELOG >/dev/null
 	disabled WEBIF && disable_opt WEBIF_JQUERY >/dev/null
 	enabled MODULE_CCCSHARE && enable_opt MODULE_CCCAM >/dev/null
 	enabled_any CARDREADER_DB2COM CARDREADER_MP35 CARDREADER_SC8IN1 CARDREADER_STINGER && enable_opt CARDREADER_PHOENIX >/dev/null
+	enabled WITH_EMU && enable_opt READER_VIACCESS >/dev/null
 }
 
 list_config() {
@@ -332,9 +334,9 @@
 	not_have_flag USE_LIBCRYPTO && echo "CONFIG_LIB_AES=y" || echo "# CONFIG_LIB_AES=n"
 	enabled MODULE_CCCAM && echo "CONFIG_LIB_RC6=y" || echo "# CONFIG_LIB_RC6=n"
 	not_have_flag USE_LIBCRYPTO && enabled MODULE_CCCAM && echo "CONFIG_LIB_SHA1=y" || echo "# CONFIG_LIB_SHA1=n"
-	enabled_any MODULE_NEWCAMD READER_DRE MODULE_SCAM && echo "CONFIG_LIB_DES=y" || echo "# CONFIG_LIB_DES=n"
-	enabled_any MODULE_CCCAM READER_NAGRA READER_SECA && echo "CONFIG_LIB_IDEA=y" || echo "# CONFIG_LIB_IDEA=n"
-	not_have_flag USE_LIBCRYPTO && enabled_any READER_CONAX READER_CRYPTOWORKS READER_NAGRA && echo "CONFIG_LIB_BIGNUM=y" || echo "# CONFIG_LIB_BIGNUM=n"
+	enabled_any MODULE_NEWCAMD READER_DRE MODULE_SCAM WITH_EMU && echo "CONFIG_LIB_DES=y" || echo "# CONFIG_LIB_DES=n"
+	enabled_any MODULE_CCCAM READER_NAGRA READER_SECA WITH_EMU && echo "CONFIG_LIB_IDEA=y" || echo "# CONFIG_LIB_IDEA=n"
+	not_have_flag USE_LIBCRYPTO && enabled_any READER_CONAX READER_CRYPTOWORKS READER_NAGRA WITH_EMU && echo "CONFIG_LIB_BIGNUM=y" || echo "# CONFIG_LIB_BIGNUM=n"
 }
 
 make_config_c() {
@@ -444,6 +446,7 @@
 		LEDSUPPORT			"LED support"							$(check_test "LEDSUPPORT") \
 		CLOCKFIX			"Clockfix (disable on old systems!)"	$(check_test "CLOCKFIX") \
 		IPV6SUPPORT			"IPv6 support (experimental)"			$(check_test "IPV6SUPPORT") \
+		WITH_EMU			"Emulator support"						$(check_test "WITH_EMU") \
 		2> ${tempfile}
 
 	opt=${?}
Index: cscrypt/des.c
===================================================================
--- cscrypt/des.c	(revision 10284)
+++ cscrypt/des.c	(working copy)
@@ -668,3 +668,46 @@
 		xxor(data,8,data,civ[n]);
 	}
 }
+
+void des_ede2_cbc_encrypt(unsigned char *data, const unsigned char *iv, const unsigned char *okey1, const unsigned char *okey2, int len)
+{
+	const uint8_t *civ = iv; 
+	uint8_t key1[8], key2[8];
+	int32_t i; 
+
+	memcpy(key1, okey1, 8);
+	memcpy(key2, okey2, 8);
+	doPC1(key1);
+	doPC1(key2);
+	len&=~7;
+
+	for(i=0; i<len; i+=8) {
+		xxor(&data[i],8,&data[i],civ);
+		civ=&data[i];
+		des(key1,DES_ECS2_CRYPT,&data[i]);
+		des(key2,DES_ECS2_DECRYPT,&data[i]);
+		des(key1,DES_ECS2_CRYPT,&data[i]);
+	}
+}
+
+void des_ede2_cbc_decrypt(unsigned char *data, unsigned char *iv, const unsigned char *okey1, const unsigned char *okey2, int len)
+{
+	uint8_t civ[2][8];
+	uint8_t key1[8], key2[8];
+	int32_t i, n=0;
+
+	memcpy(key1, okey1, 8);
+	memcpy(key2, okey2, 8);
+	doPC1(key1);
+	doPC1(key2);
+	len&=~7;
+
+	memcpy(civ[n],iv,8);
+	for(i=0; i<len; i+=8,data+=8,n^=1) {
+		memcpy(civ[1-n],data,8);
+		des(key1,DES_ECS2_DECRYPT,data);
+		des(key2,DES_ECS2_CRYPT,data);
+		des(key1,DES_ECS2_DECRYPT,data);		
+		xxor(data,8,data,civ[n]);
+	}
+}
Index: cscrypt/des.h
===================================================================
--- cscrypt/des.h	(revision 10284)
+++ cscrypt/des.h	(working copy)
@@ -19,6 +19,8 @@
 	extern int des_decrypt(unsigned char *buffer, int len, unsigned char *deskey);
 	extern unsigned char *des_login_key_get(unsigned char *key1, unsigned char *key2, int len, unsigned char *des16);
 	extern void doPC1(unsigned char data[]);
+	extern void des_ede2_cbc_encrypt(unsigned char *data, const unsigned char *iv, const unsigned char *okey1, const unsigned char *okey2, int len);
+	extern void des_ede2_cbc_decrypt(unsigned char *data, unsigned char *iv, const unsigned char *okey1, const unsigned char *okey2, int len);
 	extern void des(unsigned char key[], unsigned char mode, unsigned char data[]);
 	extern void des_cbc_encrypt(unsigned char *data, const unsigned char *iv, const unsigned char *okey, int len);
 	extern void des_cbc_decrypt(unsigned char *data, unsigned char *iv, const unsigned char *okey, int len);
Index: cscrypt/md5.c
===================================================================
--- cscrypt/md5.c	(revision 10284)
+++ cscrypt/md5.c	(working copy)
@@ -25,13 +25,6 @@
 
 #if !defined(WITH_SSL) && !defined(WITH_LIBCRYPTO)
 
-typedef struct MD5Context
-{
-	uint32_t buf[4];
-	uint32_t bits[2];
-	uint32_t in[16];
-} MD5_CTX;
-
 #ifdef __i386__
 #define byteReverse(a, b)
 #else
@@ -155,7 +148,7 @@
  * Start MD5 accumulation.  Set bit count to 0 and buffer to mysterious
  * initialization constants.
  */
-static void MD5_Init(MD5_CTX *ctx)
+void MD5_Init(MD5_CTX *ctx)
 {
 	ctx->buf[0] = 0x67452301;
 	ctx->buf[1] = 0xefcdab89;
@@ -170,7 +163,7 @@
  * Update context to reflect the concatenation of another buffer full
  * of bytes.
  */
-static void MD5_Update(MD5_CTX *ctx, const unsigned char *buf, unsigned int len)
+void MD5_Update(MD5_CTX *ctx, const unsigned char *buf, unsigned int len)
 {
 	uint32_t t;
 
@@ -219,7 +212,7 @@
  * Final wrapup - pad to 64-byte boundary with the bit pattern
  * 1 0* (64-bit count of bits processed, MSB-first)
  */
-static void MD5_Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
+void MD5_Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx)
 {
 	unsigned count;
 	unsigned char *p;
Index: cscrypt/md5.h
===================================================================
--- cscrypt/md5.h	(revision 10284)
+++ cscrypt/md5.h	(working copy)
@@ -7,8 +7,16 @@
 #define MD5_DIGEST_LENGTH 16
 
 unsigned char *MD5(const unsigned char *input, unsigned long len, unsigned char *output_hash);
-#endif
 
-char *__md5_crypt(const char *text_pass, const char *salt, char *crypted_passwd);
+typedef struct MD5Context {
+	uint32_t buf[4];
+	uint32_t bits[2];
+	uint32_t in[16];
+} MD5_CTX;
 
+void MD5_Init(MD5_CTX *ctx);
+void MD5_Update(MD5_CTX *ctx, const unsigned char *buf, unsigned int len);
+void MD5_Final(unsigned char digest[MD5_DIGEST_LENGTH], MD5_CTX *ctx);
 #endif
+char *__md5_crypt(const char *text_pass, const char *salt, char *crypted_passwd);
+#endif
Index: csctapi/cardreaders.h
===================================================================
--- csctapi/cardreaders.h	(revision 10284)
+++ csctapi/cardreaders.h	(working copy)
@@ -13,5 +13,6 @@
 void cardreader_smartreader(struct s_cardreader *crdr);
 void cardreader_stapi(struct s_cardreader *crdr);
 void cardreader_stinger(struct s_cardreader *crdr);
+void cardreader_emu(struct s_cardreader *crdr);
 
 #endif
Index: emu-shared.c
===================================================================
--- emu-shared.c	(revision 0)
+++ emu-shared.c	(working copy)
@@ -0,0 +1,2940 @@
+
+#define EMU_MAX_CHAR_KEYNAME 8
+#define EMU_KEY_FILENAME "SoftCam.Key"
+#define EMU_KEY_FILENAME_MAX_LEN 31
+#define EMU_MAX_ECM_LEN 1024
+#define EMU_MAX_EMM_LEN 1024
+
+// Version info
+uint32_t GetOSemuVersion(void)
+{
+	// this should be increased
+	// after every major code change
+	return 710;	
+}
+
+// Key DB
+static char *emu_keyfile_path = NULL;
+
+void set_emu_keyfile_path(char *path)
+{
+	if(emu_keyfile_path != NULL) {
+		free(emu_keyfile_path);	
+	}
+	emu_keyfile_path = (char*)malloc(strlen(path)+1);
+	if(emu_keyfile_path == NULL) {
+		return;
+	}
+	memcpy(emu_keyfile_path, path, strlen(path));
+	emu_keyfile_path[strlen(path)] = 0;
+}
+
+static int32_t CharToBin(uint8_t *out, char *in, uint32_t inLen)
+{
+	uint32_t i, tmp;
+	for(i=0; i<inLen/2; i++) {
+		if(sscanf(in + i*2, "%02X", &tmp) != 1) {
+			return 0;
+		}
+		out[i] = (uint8_t)tmp;
+	}
+	return 1;
+}
+
+typedef struct {
+	char identifier;
+	uint32_t provider;
+	char keyName[EMU_MAX_CHAR_KEYNAME];
+	uint8_t *key;
+	uint32_t keyLength;
+	void *nextKey;
+} KeyData;
+
+typedef struct {
+	KeyData *EmuKeys;
+	uint32_t keyCount;
+	uint32_t keyMax;
+} KeyDataContainer;
+
+static KeyDataContainer CwKeys = { .EmuKeys=NULL, .keyCount=0, .keyMax=0 };
+static KeyDataContainer ViKeys = { .EmuKeys=NULL, .keyCount=0, .keyMax=0 };
+static KeyDataContainer NagraKeys = { .EmuKeys=NULL, .keyCount=0, .keyMax=0 };
+static KeyDataContainer IrdetoKeys = { .EmuKeys=NULL, .keyCount=0, .keyMax=0 };
+static KeyDataContainer NDSKeys = { .EmuKeys=NULL, .keyCount=0, .keyMax=0 };
+static KeyDataContainer BissKeys = { .EmuKeys=NULL, .keyCount=0, .keyMax=0 };
+
+static KeyDataContainer *GetKeyContainer(char identifier)
+{
+	switch(identifier) {
+	case 'W':
+		return &CwKeys;
+	case 'V':
+		return &ViKeys;
+	case 'N':
+		return &NagraKeys;
+	case 'I':
+		return &IrdetoKeys;
+	case 'S':
+		return &NDSKeys;
+	case 'F':
+		return &BissKeys;
+	default:
+		return NULL;
+	}
+}
+
+static void WriteKeyToFile(char identifier, uint32_t provider, char *keyName, uint8_t *key, uint32_t keyLength)
+{
+	char line[1200], dateText[100];
+	uint32_t pathLength;
+    struct dirent *pDirent;
+    DIR *pDir;
+    char *path, *filepath, filename[EMU_KEY_FILENAME_MAX_LEN+1], *keyValue;	
+	FILE *file = NULL;
+	uint8_t fileNameLen = strlen(EMU_KEY_FILENAME);
+	time_t now;
+	struct tm t;
+
+	pathLength = strlen(emu_keyfile_path);
+	path = (char*)malloc(pathLength+1);
+	if(path == NULL) {
+		return;
+	}
+	strncpy(path, emu_keyfile_path, pathLength+1);
+	
+	pathLength = strlen(path);
+	if(pathLength >= fileNameLen && strcasecmp(path+pathLength-fileNameLen, EMU_KEY_FILENAME) == 0) {
+		// cut file name
+		path[pathLength-fileNameLen] = '\0';
+	}
+
+	pathLength = strlen(path);
+	if(path[pathLength-1] == '/' || path[pathLength-1] == '\\') {
+		// cut trailing /
+		path[pathLength-1] = '\0';
+	}
+
+    pDir = opendir(path);
+    if (pDir == NULL) {
+    	cs_log("cannot open key file path: %s", path);
+    	free(path);
+        return;
+    }
+
+    while((pDirent = readdir(pDir)) != NULL) {
+    	if(strcasecmp(pDirent->d_name, EMU_KEY_FILENAME) == 0) {
+    		strncpy(filename, pDirent->d_name, sizeof(filename));
+    		break;
+    	}
+    }
+    closedir(pDir);
+    
+    if(pDirent == NULL) {
+    	strncpy(filename, EMU_KEY_FILENAME, sizeof(filename));
+    }
+    
+    pathLength = strlen(path)+1+strlen(filename)+1;
+	filepath = (char*)malloc(pathLength);
+	if(filepath == NULL) {
+		free(path);
+		return;
+	}
+	snprintf(filepath, pathLength, "%s/%s", path, filename);
+	free(path);
+
+	cs_log("writing key file: %s", filepath);
+	
+	file = fopen(filepath, "a");
+	free(filepath);
+	if(file == NULL) {
+		return;
+	}
+
+	now = time(NULL);
+	localtime_r(&now, &t);
+	strftime(dateText, sizeof(dateText)-1, "%c", &t);
+	
+	keyValue = (char*)malloc((keyLength*2)+1); 
+	if(keyValue == NULL) {
+		return;
+	}		
+	cs_hexdump(0, key, keyLength, keyValue, (keyLength*2)+1);
+	
+	snprintf(line, sizeof(line), "\n%c %06X %s %s ; added by OSEmu %s\n", identifier, provider, keyName, keyValue, dateText);
+	free(keyValue);
+	
+	fwrite(line, strlen(line), 1, file);	
+	fclose(file);
+}
+
+static int32_t SetKey(char identifier, uint32_t provider, char *keyName, uint8_t *key,
+						uint32_t keyLength, uint8_t writeKey)
+{
+	uint32_t i;
+	uint8_t *tmpKey = NULL, *orgKey = NULL;
+	KeyDataContainer *KeyDB;
+	KeyData *tmpKeyData, *newKeyData;
+	identifier = (char)toupper((int)identifier);
+
+	KeyDB = GetKeyContainer(identifier);
+	if(KeyDB == NULL) {
+		return 0;
+	}
+
+	// fix patched mgcamd format for Irdeto
+	if(identifier == 'I' && provider < 0xFFFF) {
+		provider = provider<<8;
+	}
+	
+	// fix checksum for biss keys with a length of 6
+	if(identifier == 'F' && keyLength == 6) {
+		
+		tmpKey = (uint8_t*)malloc(8*sizeof(uint8_t));
+		if(tmpKey == NULL) {
+			return 0;
+		}
+		
+		tmpKey[0] = key[0];
+		tmpKey[1] = key[1];
+		tmpKey[2] = key[2];
+		tmpKey[3] = ((key[0] + key[1] + key[2]) & 0xff);
+		tmpKey[4] = key[3];
+		tmpKey[5] = key[4];
+		tmpKey[6] = key[5];
+		tmpKey[7] = ((key[3] + key[4] + key[5]) & 0xff);	
+		
+		orgKey = key;
+		key = tmpKey;
+		keyLength = 8;
+	}
+
+	for(i=0; i<KeyDB->keyCount; i++) {
+		if(KeyDB->EmuKeys[i].provider != provider) {
+			continue;
+		}
+		if(strcmp(KeyDB->EmuKeys[i].keyName, keyName)) {
+			continue;
+		}
+
+		// allow multiple keys for Irdeto
+		if(identifier == 'I')
+		{
+			// reject duplicates
+			tmpKeyData = &KeyDB->EmuKeys[i];
+			do {
+				if(memcmp(tmpKeyData->key, key, tmpKeyData->keyLength < keyLength ? tmpKeyData->keyLength : keyLength) == 0) {
+					if(tmpKey != NULL) {
+						free(tmpKey);
+					}
+					return 0;
+				}
+				tmpKeyData = (KeyData*)tmpKeyData->nextKey;
+			} while(tmpKeyData != NULL);
+
+			// add new key
+			newKeyData = (KeyData*)malloc(sizeof(KeyData));
+			if(newKeyData == NULL) {
+				if(tmpKey != NULL) {
+					free(tmpKey);
+				}				
+				return 0;
+			}
+			newKeyData->identifier = identifier;
+			newKeyData->provider = provider;
+			if(strlen(keyName) < EMU_MAX_CHAR_KEYNAME) {
+				strncpy(newKeyData->keyName, keyName, EMU_MAX_CHAR_KEYNAME);
+			}
+			else {
+				memcpy(newKeyData->keyName, keyName, EMU_MAX_CHAR_KEYNAME);
+			}
+			newKeyData->keyName[EMU_MAX_CHAR_KEYNAME-1] = 0;
+			newKeyData->key = key;
+			newKeyData->keyLength = keyLength;
+			newKeyData->nextKey = NULL;
+			
+			tmpKeyData = &KeyDB->EmuKeys[i];
+			while(tmpKeyData->nextKey != NULL) {
+				tmpKeyData = (KeyData*)tmpKeyData->nextKey;
+			}			
+			tmpKeyData->nextKey = newKeyData;
+			
+			if(writeKey) {
+				WriteKeyToFile(identifier, provider, keyName, key, keyLength);
+			}
+		}
+		else // identifier != 'I'
+		{
+			free(KeyDB->EmuKeys[i].key);
+			KeyDB->EmuKeys[i].key = key;
+			KeyDB->EmuKeys[i].keyLength = keyLength;
+			
+			if(writeKey) {
+				WriteKeyToFile(identifier, provider, keyName, key, keyLength);
+			}
+		}
+		
+		if(tmpKey != NULL) {
+			free(orgKey);	
+		}
+		return 1;
+	}
+
+	if(KeyDB->keyCount+1 > KeyDB->keyMax) {
+		if(KeyDB->EmuKeys == NULL) {
+			KeyDB->EmuKeys = (KeyData*)malloc(sizeof(KeyData)*(KeyDB->keyMax+64));
+			if(KeyDB->EmuKeys == NULL) {
+				if(tmpKey != NULL) {
+					free(tmpKey);
+				}				
+				return 0;
+			}
+			KeyDB->keyMax+=64;
+		}
+		else {
+			tmpKeyData = (KeyData*)realloc(KeyDB->EmuKeys, sizeof(KeyData)*(KeyDB->keyMax+16));
+			if(tmpKeyData == NULL) {
+				if(tmpKey != NULL) {
+					free(tmpKey);
+				}				
+				return 0;
+			}
+			KeyDB->EmuKeys = tmpKeyData;
+			KeyDB->keyMax+=16;
+		}
+	}
+
+	KeyDB->EmuKeys[KeyDB->keyCount].identifier = identifier;
+	KeyDB->EmuKeys[KeyDB->keyCount].provider = provider;
+	if(strlen(keyName) < EMU_MAX_CHAR_KEYNAME) {
+		strncpy(KeyDB->EmuKeys[KeyDB->keyCount].keyName, keyName, EMU_MAX_CHAR_KEYNAME);
+	}
+	else {
+		memcpy(KeyDB->EmuKeys[KeyDB->keyCount].keyName, keyName, EMU_MAX_CHAR_KEYNAME);
+	}
+	KeyDB->EmuKeys[KeyDB->keyCount].keyName[EMU_MAX_CHAR_KEYNAME-1] = 0;
+	KeyDB->EmuKeys[KeyDB->keyCount].key = key;
+	KeyDB->EmuKeys[KeyDB->keyCount].keyLength = keyLength;
+	KeyDB->EmuKeys[KeyDB->keyCount].nextKey = NULL;
+	KeyDB->keyCount++;
+
+	if(writeKey) {
+		WriteKeyToFile(identifier, provider, keyName, key, keyLength);
+	}
+	
+	if(tmpKey != NULL) {
+		free(orgKey);	
+	}	
+	return 1;
+}
+
+static int32_t FindKey(char identifier, uint32_t provider, char *keyName, uint8_t *key, uint32_t maxKeyLength,
+						uint8_t isCriticalKey, uint8_t keyRef, uint8_t matchLength)
+{
+	uint32_t i;
+	uint8_t j;
+	KeyDataContainer *KeyDB;
+	KeyData *tmpKeyData;
+
+	KeyDB = GetKeyContainer(identifier);
+	if(KeyDB == NULL) {
+		return 0;
+	}
+
+	for(i=0; i<KeyDB->keyCount; i++) {
+		if(KeyDB->EmuKeys[i].provider != provider) {
+			continue;
+		}
+		if(strcmp(KeyDB->EmuKeys[i].keyName, keyName)) {
+			continue;
+		}
+		
+		//matchLength cannot be used when multiple keys are allowed
+		//for a single provider/keyName combination.
+		//Currently this is only the case for Irdeto keys.
+		if(matchLength && KeyDB->EmuKeys[i].keyLength != maxKeyLength) {
+			continue;
+		}
+	
+		tmpKeyData = &KeyDB->EmuKeys[i];
+		
+		j = 0;
+		while(j<keyRef && tmpKeyData->nextKey != NULL) {
+			j++;
+			tmpKeyData = (KeyData*)tmpKeyData->nextKey;
+		}			
+		
+		if(j == keyRef) {
+			memcpy(key, tmpKeyData->key, tmpKeyData->keyLength > maxKeyLength ? maxKeyLength : tmpKeyData->keyLength);
+			if(tmpKeyData->keyLength < maxKeyLength) {
+				memset(key+tmpKeyData->keyLength, 0, maxKeyLength - tmpKeyData->keyLength);
+			}
+			return 1;
+		}
+		else {
+			break;
+		}
+	}
+
+	if(isCriticalKey) {
+		cs_log("[Emu] Key not found: %c %X %s", identifier, provider, keyName);
+	}
+	return 0;
+}
+
+uint8_t read_emu_keyfile(char *opath)
+{
+	char line[1200], keyName[EMU_MAX_CHAR_KEYNAME], keyString[1026];
+	uint32_t pathLength, provider, keyLength;
+	uint8_t *key;
+    struct dirent *pDirent;
+    DIR *pDir;
+    char *path, *filepath, filename[EMU_KEY_FILENAME_MAX_LEN+1];	
+	FILE *file = NULL;
+	char identifier;
+	uint8_t fileNameLen = strlen(EMU_KEY_FILENAME);
+		
+	pathLength = strlen(opath);
+	path = (char*)malloc(pathLength+1);
+	if(path == NULL) {
+		return 0;
+	}
+	strncpy(path, opath, pathLength+1);
+	
+	pathLength = strlen(path);
+	if(pathLength >= fileNameLen && strcasecmp(path+pathLength-fileNameLen, EMU_KEY_FILENAME) == 0) {
+		// cut file name
+		path[pathLength-fileNameLen] = '\0';
+	}
+
+	pathLength = strlen(path);
+	if(path[pathLength-1] == '/' || path[pathLength-1] == '\\') {
+		// cut trailing /
+		path[pathLength-1] = '\0';
+	}
+
+    pDir = opendir(path);
+    if (pDir == NULL) {
+    	cs_log("cannot open key file path: %s", path);
+    	free(path);
+        return 0;
+    }
+
+    while((pDirent = readdir(pDir)) != NULL) {
+    	if(strcasecmp(pDirent->d_name, EMU_KEY_FILENAME) == 0) {
+    		strncpy(filename, pDirent->d_name, sizeof(filename));
+    		break;
+    	}
+    }
+    closedir(pDir);
+    
+    if(pDirent == NULL) {
+    	cs_log("key file not found in: %s", path);
+    	free(path);
+    	return 0;	
+    }
+    
+    pathLength = strlen(path)+1+strlen(filename)+1;
+	filepath = (char*)malloc(pathLength);
+	if(filepath == NULL) {
+		free(path);
+		return 0;
+	}
+	snprintf(filepath, pathLength, "%s/%s", path, filename);
+	free(path);
+
+	cs_log("reading key file: %s", filepath);
+	
+	file = fopen(filepath, "r");
+	free(filepath);
+	if(file == NULL) {
+		return 0;
+	}
+	
+	set_emu_keyfile_path(opath);
+
+	while(fgets(line, 1200, file)) {
+		if(sscanf(line, "%c %8x %7s %1024s", &identifier, &provider, keyName, keyString) != 4) {
+			continue;
+		}
+
+		keyLength = strlen(keyString)/2;
+		key = (uint8_t*)malloc(keyLength);
+		if(key == NULL) {
+			fclose(file);
+			return 0;
+		}
+		
+		CharToBin(key, keyString, strlen(keyString));
+		if(!SetKey(identifier, provider, keyName, key, keyLength, 0)) {
+			free(key);
+		}
+	}
+	fclose(file);
+	
+	return 1;
+}
+
+#if !defined(__APPLE__) && !defined(__ANDROID__)
+extern uint8_t SoftCamKey_Data[]    asm("_binary_SoftCam_Key_start");
+extern uint8_t SoftCamKey_DataEnd[] asm("_binary_SoftCam_Key_end");
+
+void read_emu_keymemory(void)
+{
+	char *keyData, *line, *saveptr, keyName[EMU_MAX_CHAR_KEYNAME], keyString[1026];
+	uint32_t provider, keyLength;
+	uint8_t *key;
+	char identifier;
+
+	keyData = (char*)malloc(SoftCamKey_DataEnd-SoftCamKey_Data+1);
+	if(keyData == NULL) {
+		return;
+	}
+	memcpy(keyData, SoftCamKey_Data, SoftCamKey_DataEnd-SoftCamKey_Data);
+	keyData[SoftCamKey_DataEnd-SoftCamKey_Data] = 0x00;
+
+	line = strtok_r(keyData, "\n", &saveptr);
+	while(line != NULL) {
+		if(sscanf(line, "%c %8x %7s %1024s", &identifier, &provider, keyName, keyString) != 4) {
+			line = strtok_r(NULL, "\n", &saveptr);
+			continue;
+		}
+		keyLength = strlen(keyString)/2;
+		key = (uint8_t*)malloc(keyLength);
+		if(key == NULL) {
+			free(keyData);
+			return;
+		}
+		
+		CharToBin(key, keyString, strlen(keyString));
+		if(!SetKey(identifier, provider, keyName, key, keyLength, 0)) {
+			free(key);
+		}
+		line = strtok_r(NULL, "\n", &saveptr);
+	}
+	free(keyData);
+}
+#endif
+
+// Shared functions
+
+static inline uint16_t GetEcmLen(const uint8_t *ecm)
+{
+	return (((ecm[1] & 0x0f)<< 8) | ecm[2]) +3;
+}
+
+static void ReverseMem(uint8_t *in, int32_t len)
+{
+	uint8_t temp;
+	int32_t i;
+	for(i = 0; i < (len / 2); i++) {
+		temp = in[i];
+		in[i] = in[len - i - 1];
+		in[len - i - 1] = temp;
+	}
+}
+
+static void ReverseMemInOut(uint8_t *out, const uint8_t *in, int32_t n)
+{
+	if(n>0) {
+		out+=n;
+		do {
+			*(--out)=*(in++);
+		}
+		while(--n);
+	}
+}
+
+static int8_t EmuRSAInput(BIGNUM *d, const uint8_t *in, int32_t n, int8_t le)
+{
+	int8_t result = 0;
+
+	if(le) {
+		uint8_t *tmp = (uint8_t *)malloc(sizeof(uint8_t)*n);
+		if(tmp == NULL) {
+			return 0;
+		}
+		ReverseMemInOut(tmp,in,n);
+		result = BN_bin2bn(tmp,n,d)!=0;
+		free(tmp);
+	}
+	else {
+		result = BN_bin2bn(in,n,d)!=0;
+	}
+	return result;
+}
+
+static int32_t EmuRSAOutput(uint8_t *out, int32_t n, BIGNUM *r, int8_t le)
+{
+	int32_t s = BN_num_bytes(r);
+	if(s>n) {
+		uint8_t *buff = (uint8_t *)malloc(sizeof(uint8_t)*s);
+		if(buff == NULL) {
+			return 0;
+		}
+		BN_bn2bin(r,buff);
+		memcpy(out,buff+s-n,n);
+		free(buff);
+	}
+	else if(s<n) {
+		int32_t l=n-s;
+		memset(out,0,l);
+		BN_bn2bin(r,out+l);
+	}
+	else {
+		BN_bn2bin(r,out);
+	}
+	if(le) {
+		ReverseMem(out,n);
+	}
+	return s;
+}
+
+static int32_t EmuRSA(uint8_t *out, const uint8_t *in, int32_t n, BIGNUM *exp, BIGNUM *mod, int8_t le)
+{
+	BN_CTX *ctx;
+	BIGNUM *r, *d;
+	int32_t result = 0;
+
+	ctx = BN_CTX_new();
+	r = BN_new();
+	d = BN_new();
+
+	if(EmuRSAInput(d,in,n,le) && BN_mod_exp(r,d,exp,mod,ctx)) {
+		result = EmuRSAOutput(out,n,r,le);
+	}
+
+	BN_free(d);
+	BN_free(r);
+	BN_CTX_free(ctx);
+	return result;
+}
+
+static inline void xxor(uint8_t *data, int32_t len, const uint8_t *v1, const uint8_t *v2)
+{
+	uint32_t i;
+	switch(len)
+	{
+	case 16:
+		for(i = 8; i < 16; ++i)
+		{
+			data[i] = v1[i] ^ v2[i];
+		}
+	case 8:
+		for(i = 4; i < 8; ++i)
+		{
+			data[i] = v1[i] ^ v2[i];
+		}
+	case 4:
+		for(i = 0; i < 4; ++i)
+		{
+			data[i] = v1[i] ^ v2[i];
+		}
+		break;
+	default:
+		while(len--) { *data++ = *v1++ ^ *v2++; }
+		break;
+	}
+}
+
+static int8_t isValidDCW(uint8_t *dw)
+{
+	if (((dw[0]+dw[1]+dw[2]) & 0xFF) != dw[3]) {
+		return 0;
+	}
+	if (((dw[4]+dw[5]+dw[6]) & 0xFF) != dw[7]) {
+		return 0;
+	}
+	if (((dw[8]+dw[9]+dw[10]) & 0xFF) != dw[11]) {
+		return 0;
+	}
+	if (((dw[12]+dw[13]+dw[14]) & 0xFF) != dw[15]) {
+		return 0;
+	}
+	return 1;
+}
+
+// Cryptoworks EMU
+static int8_t GetCwKey(uint8_t *buf,uint32_t ident, uint8_t keyIndex, uint32_t keyLength, uint8_t isCriticalKey)
+{
+
+	char keyName[EMU_MAX_CHAR_KEYNAME];
+	uint32_t tmp;
+
+	if((ident>>4)== 0xD02A) {
+		keyIndex &=0xFE;    // map to even number key indexes
+	}
+	if((ident>>4)== 0xD00C) {
+		ident = 0x0D00C0;    // map provider C? to C0
+	}
+	else if(keyIndex==6 && ((ident>>8) == 0x0D05)) {
+		ident = 0x0D0504;    // always use provider 04 system key
+	}
+
+	tmp = keyIndex;
+	snprintf(keyName, EMU_MAX_CHAR_KEYNAME, "%.2X", tmp);
+	if(FindKey('W', ident, keyName, buf, keyLength, isCriticalKey, 0, 0)) {
+		return 1;
+	}
+
+	return 0;
+}
+
+static const uint8_t cw_sbox1[64] = {
+	0xD8,0xD7,0x83,0x3D,0x1C,0x8A,0xF0,0xCF,0x72,0x4C,0x4D,0xF2,0xED,0x33,0x16,0xE0,
+	0x8F,0x28,0x7C,0x82,0x62,0x37,0xAF,0x59,0xB7,0xE0,0x00,0x3F,0x09,0x4D,0xF3,0x94,
+	0x16,0xA5,0x58,0x83,0xF2,0x4F,0x67,0x30,0x49,0x72,0xBF,0xCD,0xBE,0x98,0x81,0x7F,
+	0xA5,0xDA,0xA7,0x7F,0x89,0xC8,0x78,0xA7,0x8C,0x05,0x72,0x84,0x52,0x72,0x4D,0x38
+};
+static const uint8_t cw_sbox2[64] = {
+	0xD8,0x35,0x06,0xAB,0xEC,0x40,0x79,0x34,0x17,0xFE,0xEA,0x47,0xA3,0x8F,0xD5,0x48,
+	0x0A,0xBC,0xD5,0x40,0x23,0xD7,0x9F,0xBB,0x7C,0x81,0xA1,0x7A,0x14,0x69,0x6A,0x96,
+	0x47,0xDA,0x7B,0xE8,0xA1,0xBF,0x98,0x46,0xB8,0x41,0x45,0x9E,0x5E,0x20,0xB2,0x35,
+	0xE4,0x2F,0x9A,0xB5,0xDE,0x01,0x65,0xF8,0x0F,0xB2,0xD2,0x45,0x21,0x4E,0x2D,0xDB
+};
+static const uint8_t cw_sbox3[64] = {
+	0xDB,0x59,0xF4,0xEA,0x95,0x8E,0x25,0xD5,0x26,0xF2,0xDA,0x1A,0x4B,0xA8,0x08,0x25,
+	0x46,0x16,0x6B,0xBF,0xAB,0xE0,0xD4,0x1B,0x89,0x05,0x34,0xE5,0x74,0x7B,0xBB,0x44,
+	0xA9,0xC6,0x18,0xBD,0xE6,0x01,0x69,0x5A,0x99,0xE0,0x87,0x61,0x56,0x35,0x76,0x8E,
+	0xF7,0xE8,0x84,0x13,0x04,0x7B,0x9B,0xA6,0x7A,0x1F,0x6B,0x5C,0xA9,0x86,0x54,0xF9
+};
+static const uint8_t cw_sbox4[64] = {
+	0xBC,0xC1,0x41,0xFE,0x42,0xFB,0x3F,0x10,0xB5,0x1C,0xA6,0xC9,0xCF,0x26,0xD1,0x3F,
+	0x02,0x3D,0x19,0x20,0xC1,0xA8,0xBC,0xCF,0x7E,0x92,0x4B,0x67,0xBC,0x47,0x62,0xD0,
+	0x60,0x9A,0x9E,0x45,0x79,0x21,0x89,0xA9,0xC3,0x64,0x74,0x9A,0xBC,0xDB,0x43,0x66,
+	0xDF,0xE3,0x21,0xBE,0x1E,0x16,0x73,0x5D,0xA2,0xCD,0x8C,0x30,0x67,0x34,0x9C,0xCB
+};
+static const uint8_t AND_bit1[8] = {0x00,0x40,0x04,0x80,0x21,0x10,0x02,0x08};
+static const uint8_t AND_bit2[8] = {0x80,0x08,0x01,0x40,0x04,0x20,0x10,0x02};
+static const uint8_t AND_bit3[8] = {0x82,0x40,0x01,0x10,0x00,0x20,0x04,0x08};
+static const uint8_t AND_bit4[8] = {0x02,0x10,0x04,0x40,0x80,0x08,0x01,0x20};
+
+static void CW_SWAP_KEY(uint8_t *key)
+{
+	uint8_t k[8];
+	memcpy(k, key, 8);
+	memcpy(key, key + 8, 8);
+	memcpy(key + 8, k, 8);
+}
+
+static void CW_SWAP_DATA(uint8_t *k)
+{
+	uint8_t d[4];
+	memcpy(d, k + 4, 4);
+	memcpy(k + 4 ,k ,4);
+	memcpy(k, d, 4);
+}
+
+static void CW_DES_ROUND(uint8_t *d, uint8_t *k)
+{
+	uint8_t aa[44] = {1,0,3,1,2,2,3,2,1,3,1,1,3,0,1,2,3,1,3,2,2,0,7,6,5,4,7,6,5,7,6,5,6,7,5,7,5,7,6,6,7,5,4,4};
+	uint8_t bb[44] = {0x80,0x08,0x10,0x02,0x08,0x40,0x01,0x20,0x40,0x80,0x04,0x10,0x04,0x01,0x01,0x02,0x20,0x20,0x02,0x01,
+					  0x80,0x04,0x02,0x02,0x08,0x02,0x10,0x80,0x01,0x20,0x08,0x80,0x01,0x08,0x40,0x01,0x02,0x80,0x10,0x40,0x40,0x10,0x08,0x01
+					 };
+	uint8_t ff[4] = {0x02,0x10,0x04,0x04};
+	uint8_t l[24] = {0,2,4,6,7,5,3,1,4,5,6,7,7,6,5,4,7,4,5,6,4,7,6,5};
+
+	uint8_t des_td[8], i, o, n, c = 1, m = 0, r = 0, *a = aa, *b = bb, *f = ff, *p1 = l, *p2 = l+8, *p3 = l+16;
+
+	for (m = 0; m < 2; m++) {
+		for(i = 0; i < 4; i++) {
+			des_td[*p1++] =
+				(m) ? ((d[*p2++]*2) & 0x3F) | ((d[*p3++] & 0x80) ? 0x01 : 0x00): (d[*p2++]/2) | ((d[*p3++] & 0x01) ? 0x80 : 0x00);
+		}
+	}
+
+	for (i = 0; i < 8; i++) {
+		c = (c) ? 0 : 1;
+		r = (c) ? 6 : 7;
+		n = (i) ? i-1 : 1;
+		o = (c) ? ((k[n] & *f++) ? 1 : 0) : des_td[n];
+		for (m = 1; m < r; m++) {
+			o = (c) ? (o*2) | ((k[*a++] & *b++) ? 0x01 : 0x00) : (o/2) | ((k[*a++] & *b++) ? 0x80 : 0x00);
+		}
+		n = (i) ? n+1 : 0;
+		des_td[n] = (c) ? des_td[n] ^ o : (o ^ des_td[n] )/4;
+	}
+
+	for( i = 0; i < 8; i++) {
+		d[0] ^= (AND_bit1[i] & cw_sbox1[des_td[i]]);
+		d[1] ^= (AND_bit2[i] & cw_sbox2[des_td[i]]);
+		d[2] ^= (AND_bit3[i] & cw_sbox3[des_td[i]]);
+		d[3] ^= (AND_bit4[i] & cw_sbox4[des_td[i]]);
+	}
+
+	CW_SWAP_DATA(d);
+}
+
+static void CW_48_Key(uint8_t *inkey, uint8_t *outkey, uint8_t algotype)
+{
+	uint8_t Round_Counter, i = 8, *key128 = inkey, *key48 = inkey + 0x10;
+	Round_Counter = 7 - (algotype & 7);
+
+	memset(outkey, 0, 16);
+	memcpy(outkey, key48, 6);
+
+	for( ; i > Round_Counter; i--) {
+		if (i > 1) {
+			outkey[i-2] = key128[i];
+		}
+	}
+}
+
+static void CW_LS_DES_KEY(uint8_t *key,uint8_t Rotate_Counter)
+{
+	uint8_t round[] = {1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,1};
+	uint8_t i, n;
+	uint16_t k[8];
+
+	n = round[Rotate_Counter];
+
+	for (i = 0; i < 8; i++) {
+		k[i] = key[i];
+	}
+
+	for (i = 1; i < n + 1; i++) {
+		k[7] = (k[7]*2) | ((k[4] & 0x008) ? 1 : 0);
+		k[6] = (k[6]*2) | ((k[7] & 0xF00) ? 1 : 0);
+		k[7] &=0xff;
+		k[5] = (k[5]*2) | ((k[6] & 0xF00) ? 1 : 0);
+		k[6] &=0xff;
+		k[4] = ((k[4]*2) | ((k[5] & 0xF00) ? 1 : 0)) & 0xFF;
+		k[5] &= 0xff;
+		k[3] = (k[3]*2) | ((k[0] & 0x008) ? 1 : 0);
+		k[2] = (k[2]*2) | ((k[3] & 0xF00) ? 1 : 0);
+		k[3] &= 0xff;
+		k[1] = (k[1]*2) | ((k[2] & 0xF00) ? 1 : 0);
+		k[2] &= 0xff;
+		k[0] = ((k[0]*2) | ((k[1] & 0xF00) ? 1 : 0)) & 0xFF;
+		k[1] &= 0xff;
+	}
+	for (i = 0; i < 8; i++) {
+		key[i] = (uint8_t) k[i];
+	}
+}
+
+static void CW_RS_DES_KEY(uint8_t *k, uint8_t Rotate_Counter)
+{
+	uint8_t i,c;
+	for (i = 1; i < Rotate_Counter+1; i++) {
+		c = (k[3] & 0x10) ? 0x80 : 0;
+		k[3] /= 2;
+		if (k[2] & 1) {
+			k[3] |= 0x80;
+		}
+		k[2] /= 2;
+		if (k[1] & 1) {
+			k[2] |= 0x80;
+		}
+		k[1] /= 2;
+		if (k[0] & 1) {
+			k[1] |= 0x80;
+		}
+		k[0] /= 2;
+		k[0] |= c ;
+		c = (k[7] & 0x10) ? 0x80 : 0;
+		k[7] /= 2;
+		if (k[6] & 1) {
+			k[7] |= 0x80;
+		}
+		k[6] /= 2;
+		if (k[5] & 1) {
+			k[6] |= 0x80;
+		}
+		k[5] /= 2;
+		if (k[4] & 1) {
+			k[5] |= 0x80;
+		}
+		k[4] /= 2;
+		k[4] |= c;
+	}
+}
+
+static void CW_RS_DES_SUBKEY(uint8_t *k, uint8_t Rotate_Counter)
+{
+	uint8_t round[] = {1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1};
+	CW_RS_DES_KEY(k, round[Rotate_Counter]);
+}
+
+static void CW_PREP_KEY(uint8_t *key )
+{
+	uint8_t DES_key[8],j;
+	int32_t Round_Counter = 6,i,a;
+	key[7] = 6;
+	memset(DES_key, 0 , 8);
+	do {
+		a = 7;
+		i = key[7];
+		j = key[Round_Counter];
+		do {
+			DES_key[i] = ( (DES_key[i] * 2) | ((j & 1) ? 1: 0) ) & 0xFF;
+			j /=2;
+			i--;
+			if (i < 0) {
+				i = 6;
+			}
+			a--;
+		}
+		while (a >= 0);
+		key[7] = i;
+		Round_Counter--;
+	}
+	while ( Round_Counter >= 0 );
+	a = DES_key[4];
+	DES_key[4] = DES_key[6];
+	DES_key[6] = a;
+	DES_key[7] = (DES_key[3] * 16) & 0xFF;
+	memcpy(key,DES_key,8);
+	CW_RS_DES_KEY(key,4);
+}
+
+static void CW_L2DES(uint8_t *data, uint8_t *key, uint8_t algo)
+{
+	uint8_t i, k0[22], k1[22];
+	memcpy(k0,key,22);
+	memcpy(k1,key,22);
+	CW_48_Key(k0, k1,algo);
+	CW_PREP_KEY(k1);
+	for (i = 0; i< 2; i++) {
+		CW_LS_DES_KEY( k1,15);
+		CW_DES_ROUND( data ,k1);
+	}
+}
+
+static void CW_R2DES(uint8_t *data, uint8_t *key, uint8_t algo)
+{
+	uint8_t i, k0[22],k1[22];
+	memcpy(k0,key,22);
+	memcpy(k1,key,22);
+	CW_48_Key(k0, k1, algo);
+	CW_PREP_KEY(k1);
+	for (i = 0; i< 2; i++) {
+		CW_LS_DES_KEY(k1,15);
+	}
+	for (i = 0; i< 2; i++) {
+		CW_DES_ROUND( data ,k1);
+		CW_RS_DES_SUBKEY(k1,1);
+	}
+	CW_SWAP_DATA(data);
+}
+
+static void CW_DES(uint8_t *data, uint8_t *inkey, uint8_t m)
+{
+	uint8_t key[22], i;
+	memcpy(key, inkey + 9, 8);
+	CW_PREP_KEY( key );
+	for (i = 16; i > 0; i--) {
+		if (m == 1) {
+			CW_LS_DES_KEY(key, (uint8_t) (i-1));
+		}
+		CW_DES_ROUND( data ,key);
+		if (m == 0) {
+			CW_RS_DES_SUBKEY(key, (uint8_t) (i-1));
+		}
+	}
+}
+
+static void CW_DEC_ENC(uint8_t *d, uint8_t *k, uint8_t a,uint8_t m)
+{
+	uint8_t n = m & 1;
+	CW_L2DES(d , k, a);
+	CW_DES (d , k, n);
+	CW_R2DES(d , k, a);
+	if (m & 2) {
+		CW_SWAP_KEY(k);
+	}
+}
+
+static void Cryptoworks3DES(uint8_t *data, uint8_t *key)
+{
+	doPC1(key);
+	doPC1(&key[8]);
+	des(key, DES_ECS2_DECRYPT, data);
+	des(&key[8], DES_ECS2_CRYPT, data);
+	des(key, DES_ECS2_DECRYPT, data);
+}
+
+static uint8_t CryptoworksProcessNano80(uint8_t *data, uint32_t caid, int32_t provider, uint8_t *opKey, uint8_t nanoLength, uint8_t nano80Algo)
+{
+	int32_t i, j;
+	uint8_t key[16], desKey[16], t[8], dat1[8], dat2[8], k0D00C000[16];
+	if(nanoLength < 11) {
+		return 0;
+	}
+	if(caid == 0x0D00 && provider != 0xA0 && !GetCwKey(k0D00C000, 0x0D00C0, 0, 16, 1)) {
+		return 0;
+	}
+
+	if(nano80Algo > 1) {
+		return 0;
+	}
+
+	memset(t, 0, 8);
+	memcpy(dat1, data, 8);
+
+	if(caid == 0x0D00 && provider != 0xA0) {
+		memcpy(key, k0D00C000, 16);
+	}
+	else {
+		memcpy(key, opKey, 16);
+	}
+	Cryptoworks3DES(data, key);
+	memcpy(desKey, data, 8);
+
+	memcpy(data, dat1, 8);
+	if(caid == 0x0D00 && provider != 0xA0) {
+		memcpy(key, &k0D00C000[8], 8);
+		memcpy(&key[8], k0D00C000, 8);
+	}
+	else {
+		memcpy(key, &opKey[8], 8);
+		memcpy(&key[8], opKey, 8);
+	}
+	Cryptoworks3DES(data, key);
+	memcpy(&desKey[8], data, 8);
+
+	for(i=8; i+7<nanoLength; i+=8) {
+		memcpy(dat1, &data[i], 8);
+		memcpy(dat2, dat1, 8);
+		memcpy(key, desKey, 16);
+		Cryptoworks3DES(dat1, key);
+		for(j=0; j<8; j++) {
+			dat1[j] ^= t[j];
+		}
+		memcpy(&data[i], dat1, 8);
+		memcpy(t, dat2, 8);
+	}
+
+	return data[10] + 5;
+}
+
+static void CryptoworksSignature(const uint8_t *data, uint32_t length, uint8_t *key, uint8_t *signature)
+{
+	uint32_t i, sigPos;
+	int8_t algo, first;
+
+	algo = data[0] & 7;
+	if(algo == 7) {
+		algo = 6;
+	}
+	memset(signature, 0, 8);
+	first = 1;
+	sigPos = 0;
+	for(i=0; i<length; i++) {
+		signature[sigPos] ^= data[i];
+		sigPos++;
+
+		if(sigPos > 7) {
+			if (first) {
+				CW_L2DES(signature, key, algo);
+			}
+			CW_DES(signature, key, 1);
+
+			sigPos = 0;
+			first = 0;
+		}
+	}
+	if(sigPos > 0) {
+		CW_DES(signature, key, 1);
+	}
+	CW_R2DES(signature, key, algo);
+}
+
+static void CryptoworksDecryptDes(uint8_t *data, uint8_t algo, uint8_t *key)
+{
+	int32_t i;
+	uint8_t k[22], t[8];
+
+	algo &= 7;
+	if(algo<7) {
+		CW_DEC_ENC(data, key, algo, DES_RIGHT);
+	}
+	else {
+		memcpy(k, key, 22);
+		for(i=0; i<3; i++) {
+			CW_DEC_ENC(data, k, algo, i&1);
+			memcpy(t,k,8);
+			memcpy(k,k+8,8);
+			memcpy(k+8,t,8);
+		}
+	}
+}
+
+static int8_t CryptoworksECM(uint32_t caid, uint8_t *ecm, uint8_t *cw)
+{
+	uint32_t ident;
+	uint8_t keyIndex = 0, nanoLength, newEcmLength, key[22], signature[8], nano80Algo = 1;
+	int32_t provider = -1;
+	uint16_t i, j, ecmLen = GetEcmLen(ecm);
+
+	if(ecmLen < 8) {
+		return 1;
+	}
+	if(ecm[7] != ecmLen - 8) {
+		return 1;
+	}
+
+	memset(key, 0, 22);
+
+	for(i = 8; i+1 < ecmLen; i += ecm[i+1] + 2) {
+		if(ecm[i] == 0x83 && i+2 < ecmLen) {
+			provider = ecm[i+2] & 0xFC;
+			keyIndex = ecm[i+2] & 3;
+			keyIndex = keyIndex ? 1 : 0;
+		}
+		else if(ecm[i] == 0x84 && i+3 < ecmLen) {
+			//nano80Provider = ecm[i+2] & 0xFC;
+			//nano80KeyIndex = ecm[i+2] & 3;
+			//nano80KeyIndex = nano80KeyIndex ? 1 : 0;
+			nano80Algo = ecm[i+3];
+		}
+	}
+
+	if(provider < 0) {
+		switch(caid) {
+		case 0x0D00:
+			provider = 0xC0;
+			break;
+		case 0x0D02:
+			provider = 0xA0;
+			break;
+		case 0x0D03:
+			provider = 0x04;
+			break;
+		case 0x0D05:
+			provider = 0x04;
+			break;
+		default:
+			return 1;
+		}
+	}
+
+	ident = (caid << 8) | provider;
+	if(!GetCwKey(key, ident, keyIndex, 16, 1)) {
+		return 2;
+	}
+	if(!GetCwKey(&key[16], ident, 6, 6, 1)) {
+		return 2;
+	}
+
+	for(i = 8; i+1 < ecmLen; i += ecm[i+1] + 2) {
+		if(ecm[i] == 0x80 && i+2+7 < ecmLen && i+2+ecm[i+1] <= ecmLen
+				&& (provider == 0xA0 || provider == 0xC0 || provider == 0xC4 || provider == 0xC8)) {
+			nanoLength = ecm[i+1];
+			newEcmLength = CryptoworksProcessNano80(ecm+i+2, caid, provider, key, nanoLength, nano80Algo);
+			if(newEcmLength == 0 || newEcmLength > ecmLen-(i+2+3)) {
+				return 1;
+			}
+			ecm[i+2+3] = 0x81;
+			ecm[i+2+4] = 0x70;
+			ecm[i+2+5] = newEcmLength;
+			ecm[i+2+6] = 0x81;
+			ecm[i+2+7] = 0xFF;
+			return CryptoworksECM(caid, ecm+i+2+3, cw);
+		}
+	}
+
+	if(ecmLen - 15 < 1) {
+		return 1;
+	}
+	CryptoworksSignature(ecm + 5, ecmLen - 15, key, signature);
+	for(i = 8; i+1 < ecmLen; i += ecm[i+1]+2) {
+		switch(ecm[i]) {
+		case 0xDA:
+		case 0xDB:
+		case 0xDC:
+			if(i+2+ecm[i+1] > ecmLen) {
+				break;
+			}
+			for(j=0; j+7<ecm[i+1]; j+=8) {
+				CryptoworksDecryptDes(&ecm[i+2+j], ecm[5], key);
+			}
+			break;
+		case 0xDF:
+			if(i+2+8 > ecmLen) {
+				break;
+			}
+			if(memcmp(&ecm[i+2], signature, 8)) {
+				return 6;
+			}
+			break;
+		}
+	}
+
+	for(i = 8; i+1 < ecmLen; i += ecm[i+1]+2) {
+		switch(ecm[i]) {
+		case 0xDB:
+			if(i+2+ecm[i+1] <= ecmLen && ecm[i+1]==16) {
+				memcpy(cw, &ecm[i+2], 16);
+				return 0;
+			}
+			break;
+		}
+	}
+
+	return 5;
+}
+
+// SoftNDS EMU
+static const uint8_t nds_const[]= {0x0F,0x1E,0x2D,0x3C,0x4B,0x5A,0x69,0x78,0x87,0x96,0xA5,0xB4,0xC3,0xD2,0xE1,0xF0};
+
+static uint8_t viasat_const[]= {
+	0x15,0x85,0xC5,0xE4,0xB8,0x52,0xEC,0xF7,0xC3,0xD9,0x08,0xBA,0x22,0x4A,0x66,0xF2,
+	0x82,0x15,0x4F,0xB2,0x18,0x48,0x63,0x97,0xDC,0x19,0xD8,0x51,0x9A,0x39,0xFC,0xCA,
+	0x1C,0x24,0xD0,0x65,0xA9,0x66,0x2D,0xD6,0x53,0x3B,0x86,0xBA,0x40,0xEA,0x4C,0x6D,
+	0xD9,0x1E,0x41,0x14,0xFE,0x15,0xAF,0xC3,0x18,0xC5,0xF8,0xA7,0xA8,0x01,0x00,0x01,
+};
+
+static int8_t SoftNDSECM(uint16_t caid, uint8_t *ecm, uint8_t *dw)
+{
+	int32_t i;
+	uint8_t *tDW, irdEcmLen, offsetCw = 0, offsetP2 = 0;
+	uint8_t digest[16], md5_const[64];
+	MD5_CTX mdContext;
+	uint16_t ecmLen = GetEcmLen(ecm);
+	
+	if(ecmLen < 7) {
+		return 1;
+	}
+		
+	if(ecm[3] != 0x00 || ecm[4] != 0x00 || ecm[5] != 0x01) {
+		return 1;
+	}
+	
+	irdEcmLen = ecm[6];	
+	if(irdEcmLen < (10+3+8+4) || irdEcmLen+6 >= ecmLen) {
+		return 1;
+	}
+	
+	for(i=0; 10+i+2 < irdEcmLen; i++) {
+		if(ecm[17+i] == 0x0F && ecm[17+i+1] == 0x40 && ecm[17+i+2] == 0x00) {
+			offsetCw = 17+i+3;
+			offsetP2 = offsetCw+9;
+		}
+	}
+	
+	if(offsetCw == 0 || offsetP2 == 0) {
+		return 1;	
+	}
+	
+	if(offsetP2-7+4 > irdEcmLen) {
+		return 1;	
+	}
+
+	if(caid == 0x090F || caid == 0x093E) {
+		memcpy(md5_const, viasat_const, 64);
+	}
+	else if(!FindKey('S', caid, "00", md5_const, 64, 1, 0, 0)) {
+		return 2;
+	}
+
+	memset(dw,0,16);
+	tDW = &dw[ecm[0]==0x81 ? 8 : 0];
+	
+	MD5_Init(&mdContext);
+	MD5_Update(&mdContext, ecm+7, 10);
+	MD5_Update(&mdContext, ecm+offsetP2, 4);
+	MD5_Update(&mdContext, md5_const, 64);
+	MD5_Update(&mdContext, nds_const, 16);
+	MD5_Final(digest, &mdContext);
+	
+	for (i=0; i<8; i++) {
+		tDW[i] = digest[i+8] ^ ecm[offsetCw+i];
+	}
+
+	if(((tDW[0]+tDW[1]+tDW[2])&0xFF)-tDW[3]) {
+		return 6;
+	}
+	if(((tDW[4]+tDW[5]+tDW[6])&0xFF)-tDW[7]) {
+		return 6;
+	}
+	
+	return 0;
+}
+
+// Viaccess EMU
+static int8_t GetViaKey(uint8_t *buf, uint32_t ident, char keyName, uint32_t keyIndex, uint32_t keyLength, uint8_t isCriticalKey)
+{
+
+	char keyStr[EMU_MAX_CHAR_KEYNAME];
+	snprintf(keyStr, EMU_MAX_CHAR_KEYNAME, "%c%X", keyName, keyIndex);
+	if(FindKey('V', ident, keyStr, buf, keyLength, isCriticalKey, 0, 0)) {
+		return 1;
+	}
+
+	if(ident == 0xD00040 && FindKey('V', 0x030B00, keyStr, buf, keyLength, isCriticalKey, 0, 0)) {
+		return 1;
+	}
+
+	return 0;
+}
+
+static void Via1Mod(const uint8_t* key2, uint8_t* data)
+{
+	int32_t kb, db;
+	for (db=7; db>=0; db--) {
+		for (kb=7; kb>3; kb--) {
+			int32_t a0=kb^db;
+			int32_t pos=7;
+			if (a0&4) {
+				a0^=7;
+				pos^=7;
+			}
+			a0=(a0^(kb&3)) + (kb&3);
+			if (!(a0&4)) {
+				data[db]^=(key2[kb] ^ ((data[kb^pos]*key2[kb^4]) & 0xFF));
+			}
+		}
+	}
+	for (db=0; db<8; db++) {
+		for (kb=0; kb<4; kb++) {
+			int32_t a0=kb^db;
+			int32_t pos=7;
+			if (a0&4) {
+				a0^=7;
+				pos^=7;
+			}
+			a0=(a0^(kb&3)) + (kb&3);
+			if (!(a0&4)) {
+				data[db]^=(key2[kb] ^ ((data[kb^pos]*key2[kb^4]) & 0xFF));
+			}
+		}
+	}
+}
+
+static void Via1Decode(uint8_t *data, uint8_t *key)
+{
+	Via1Mod(key+8, data);
+	des(key, DES_ECM_CRYPT, data);
+	Via1Mod(key+8, data);
+}
+
+static void Via1Hash(uint8_t *data, uint8_t *key)
+{
+	Via1Mod(key+8, data);
+	des(key, DES_ECM_HASH, data);
+	Via1Mod(key+8, data);
+}
+
+static inline void Via1DoHash(uint8_t *hashbuffer, uint8_t *pH, uint8_t data, uint8_t *hashkey)
+{
+	hashbuffer[*pH] ^= data;
+	(*pH)++;
+
+	if(*pH == 8) {
+		Via1Hash(hashbuffer, hashkey);
+		*pH = 0;
+	}
+}
+
+static int8_t Via1Decrypt(uint8_t* ecm, uint8_t* dw, uint32_t ident, uint8_t desKeyIndex)
+{
+	uint8_t work_key[16];
+	uint8_t *data, *des_data1, *des_data2;
+	uint16_t ecmLen = GetEcmLen(ecm);
+	int32_t msg_pos;
+	int32_t encStart = 0, hash_start, i;
+	uint8_t signature[8], hashbuffer[8], prepared_key[16], hashkey[16];
+	uint8_t tmp, k, pH, foundData = 0;
+
+	if (ident == 0) {
+		return 4;
+	}
+	memset(work_key, 0, 16);
+	if(!GetViaKey(work_key, ident, '0', desKeyIndex, 8, 1)) {
+		return 2;
+	}
+
+	if(ecmLen < 11) {
+		return 1;
+	}
+	data = ecm+9;
+	des_data1 = dw;
+	des_data2 = dw+8;
+
+	msg_pos = 0;
+	pH = 0;
+	memset(hashbuffer, 0, sizeof(hashbuffer));
+	memcpy(hashkey, work_key, sizeof(hashkey));
+	memset(signature, 0, 8);
+
+	while(9+msg_pos+2 < ecmLen) {
+		switch (data[msg_pos]) {
+		case 0xea:
+			if(9+msg_pos+2+15 < ecmLen) {
+				encStart = msg_pos + 2;
+				memcpy(des_data1, &data[msg_pos+2], 8);
+				memcpy(des_data2, &data[msg_pos+2+8], 8);
+				foundData |= 1;
+			}
+			break;
+		case 0xf0:
+			if(9+msg_pos+2+7 < ecmLen) {
+				memcpy(signature, &data[msg_pos+2], 8);
+				foundData |= 2;
+			}
+			break;
+		}
+		msg_pos += data[msg_pos+1]+2;
+	}
+
+	if(foundData != 3) {
+		return 1;
+	}
+
+	pH=i=0;
+
+	if(data[0] == 0x9f && 10+data[1] <= ecmLen) {
+		Via1DoHash(hashbuffer, &pH, data[i++], hashkey);
+		Via1DoHash(hashbuffer, &pH, data[i++], hashkey);
+
+		for (hash_start=0; hash_start < data[1]; hash_start++) {
+			Via1DoHash(hashbuffer, &pH, data[i++], hashkey);
+		}
+
+		while (pH != 0) {
+			Via1DoHash(hashbuffer, &pH, 0, hashkey);
+		}
+	}
+
+	if (work_key[7] == 0) {
+		for (; i < encStart + 16; i++) {
+			Via1DoHash(hashbuffer, &pH, data[i], hashkey);
+		}
+		memcpy(prepared_key, work_key, 8);
+	}
+	else {
+		prepared_key[0] = work_key[2];
+		prepared_key[1] = work_key[3];
+		prepared_key[2] = work_key[4];
+		prepared_key[3] = work_key[5];
+		prepared_key[4] = work_key[6];
+		prepared_key[5] = work_key[0];
+		prepared_key[6] = work_key[1];
+		prepared_key[7] = work_key[7];
+		memcpy(prepared_key+8, work_key+8, 8);
+
+		if (work_key[7] & 1) {
+			for (; i < encStart; i++) {
+				Via1DoHash(hashbuffer, &pH, data[i], hashkey);
+			}
+
+			k = ((work_key[7] & 0xf0) == 0) ? 0x5a : 0xa5;
+
+			for (i=0; i<8; i++) {
+				tmp = des_data1[i];
+				des_data1[i] = (k & hashbuffer[pH] ) ^ tmp;
+				Via1DoHash(hashbuffer, &pH, tmp, hashkey);
+			}
+
+			for (i = 0; i < 8; i++) {
+				tmp = des_data2[i];
+				des_data2[i] = (k & hashbuffer[pH] ) ^ tmp;
+				Via1DoHash(hashbuffer, &pH, tmp, hashkey);
+			}
+		}
+		else {
+			for (; i < encStart + 16; i++) {
+				Via1DoHash(hashbuffer, &pH, data[i], hashkey);
+			}
+		}
+	}
+	Via1Decode(des_data1, prepared_key);
+	Via1Decode(des_data2, prepared_key);
+	Via1Hash(hashbuffer, hashkey);
+	if(memcmp(signature, hashbuffer, 8)) {
+		return 6;
+	}
+	return 0;
+}
+
+static int8_t Via26ProcessDw(uint8_t *indata, uint32_t ident, uint8_t desKeyIndex)
+{
+	uint8_t pv1,pv2, i;
+	uint8_t Tmp[8], tmpKey[16], T1Key[300], P1Key[8], KeyDes1[16], KeyDes2[16], XorKey[8];
+
+	if(!GetViaKey(T1Key, ident, 'T', 1, 300, 1)) {
+		return 2;
+	}
+	if(!GetViaKey(P1Key, ident, 'P', 1, 8, 1)) {
+		return 2;
+	}
+	if(!GetViaKey(KeyDes1, ident, 'D', 1, 16, 1)) {
+		return 2;
+	}
+	if(!GetViaKey(KeyDes2, ident, '0', desKeyIndex, 16, 1)) {
+		return 2;
+	}
+	if(!GetViaKey(XorKey, ident, 'X', 1, 8, 1)) {
+		return 2;
+	}
+
+	for (i=0; i<8; i++) {
+		pv1 = indata[i];
+		Tmp[i] = T1Key[pv1];
+	}
+	for (i=0; i<8; i++) {
+		pv1 = P1Key[i];
+		pv2 = Tmp[pv1];
+		indata[i]=pv2;
+	}
+	memcpy(tmpKey, KeyDes1,8);
+	doPC1(tmpKey) ;
+	des(tmpKey, DES_ECS2_CRYPT,indata);
+	for (i=0; i<8; i++) {
+		indata[i] ^= XorKey[i];
+	}
+	memcpy(tmpKey,KeyDes2,16);
+	doPC1(tmpKey);
+	doPC1(tmpKey+8);
+	des(tmpKey,DES_ECS2_DECRYPT,indata);
+	des(tmpKey+8, DES_ECS2_CRYPT,indata);
+	des(tmpKey,DES_ECS2_DECRYPT,indata);
+	for (i=0; i<8; i++) {
+		indata[i] ^= XorKey[i];
+	}
+	memcpy(tmpKey, KeyDes1,8);
+	doPC1(tmpKey);
+	des(tmpKey,DES_ECS2_DECRYPT,indata);
+
+	for (i=0; i<8; i++) {
+		pv1 = indata[i];
+		pv2 = P1Key[i];
+		Tmp[pv2] = pv1;
+	}
+	for (i=0; i<8; i++) {
+		pv1 =  Tmp[i];
+		pv2 =  T1Key[pv1];
+		indata[i] = pv2;
+	}
+	return 0;
+}
+
+static int8_t Via26Decrypt(uint8_t* source, uint8_t* dw, uint32_t ident, uint8_t desKeyIndex)
+{
+	uint8_t tmpData[8], C1[8];
+	uint8_t *pXorVector;
+	int32_t i,j;
+
+	if (ident == 0) {
+		return 4;
+	}
+	if(!GetViaKey(C1, ident, 'C', 1, 8, 1)) {
+		return 2;
+	}
+
+	for (i=0; i<2; i++) {
+		memcpy(tmpData, source+ i*8, 8);
+		Via26ProcessDw(tmpData, ident, desKeyIndex);
+		if (i!=0) {
+			pXorVector = source;
+		}
+		else {
+			pXorVector = &C1[0];
+		}
+		for (j=0; j<8; j++) {
+			dw[i*8+j] = tmpData[j]^pXorVector[j];
+		}
+	}
+	return 0;
+}
+
+static void Via3Core(uint8_t *data, uint8_t Off, uint32_t ident, uint8_t* XorKey, uint8_t* T1Key)
+{
+	uint8_t i;
+	uint32_t lR2, lR3, lR4, lR6, lR7;
+
+	switch (ident) {
+	case 0x032820: {
+		for (i=0; i<4; i++) {
+			data[i]^= XorKey[(Off+i) & 0x07];
+		}
+		lR2 = (data[0]^0xBD)+data[0];
+		lR3 = (data[3]^0xEB)+data[3];
+		lR2 = (lR2-lR3)^data[2];
+		lR3 = ((0x39*data[1])<<2);
+		data[4] = (lR2|lR3)+data[2];
+		lR3 = ((((data[0]+6)^data[0]) | (data[2]<<1))^0x65)+data[0];
+		lR2 = (data[1]^0xED)+data[1];
+		lR7 = ((data[3]+0x29)^data[3])*lR2;
+		data[5] = lR7+lR3;
+		lR2 = ((data[2]^0x33)+data[2]) & 0x0A;
+		lR3 = (data[0]+0xAD)^data[0];
+		lR3 = lR3+lR2;
+		lR2 = data[3]*data[3];
+		lR7 = (lR2 | 1) + data[1];
+		data[6] = (lR3|lR7)+data[1];
+		lR3 = data[1] & 0x07;
+		lR2 = (lR3-data[2]) & (data[0] | lR2 |0x01);
+		data[7] = lR2+data[3];
+		for (i=0; i<4; i++) {
+			data[i+4] = T1Key[data[i+4]];
+		}
+	}
+	break;
+	case 0x030B00: {
+		for (i=0; i<4; i++) {
+			data[i]^= XorKey[(Off+i) & 0x07];
+		}
+		lR6 = (data[3] + 0x6E) ^ data[3];
+		lR6 = (lR6*(data[2] << 1)) + 0x17;
+		lR3 = (data[1] + 0x77) ^ data[1];
+		lR4 = (data[0] + 0xD7) ^ data[0];
+		data[4] = ((lR4 & lR3) | lR6) + data[0];
+		lR4 = ((data[3] + 0x71) ^ data[3]) ^ 0x90;
+		lR6 = (data[1] + 0x1B) ^ data[1];
+		lR4 = (lR4*lR6) ^ data[0];
+		data[5] = (lR4 ^ (data[2] << 1)) + data[1];
+		lR3 = (data[3] * data[3])| 0x01;
+		lR4 = (((data[2] ^ 0x35) + data[2]) | lR3) + data[2];
+		lR6 = data[1] ^ (data[0] + 0x4A);
+		data[6] = lR6 + lR4;
+		lR3 = (data[0] * (data[2] << 1)) | data[1];
+		lR4 = 0xFE - data[3];
+		lR3 = lR4 ^ lR3;
+		data[7] = lR3 + data[3];
+		for (i=0; i<4; i++) {
+			data[4+i] = T1Key[data[4+i]];
+		}
+	}
+	break;
+	default:
+		break;
+	}
+}
+
+static void Via3Fct1(uint8_t *data, uint32_t ident, uint8_t* XorKey, uint8_t* T1Key)
+{
+	uint8_t t;
+	Via3Core(data, 0, ident, XorKey, T1Key);
+
+	switch (ident) {
+	case 0x032820: {
+		t = data[4];
+		data[4] = data[7];
+		data[7] = t;
+	}
+	break;
+	case 0x030B00: {
+		t = data[5];
+		data[5] = data[7];
+		data[7] = t;
+	}
+	break;
+	default:
+		break;
+	}
+}
+
+static void Via3Fct2(uint8_t *data, uint32_t ident, uint8_t* XorKey, uint8_t* T1Key)
+{
+	uint8_t t;
+	Via3Core(data, 4, ident, XorKey, T1Key);
+
+	switch (ident) {
+	case 0x032820: {
+		t = data[4];
+		data[4] = data[7];
+		data[7] = data[5];
+		data[5] = data[6];
+		data[6] = t;
+	}
+	break;
+	case 0x030B00: {
+		t = data[6];
+		data[6] = data[7];
+		data[7] = t;
+	}
+	break;
+	default:
+		break;
+	}
+}
+
+static int8_t Via3ProcessDw(uint8_t *data, uint32_t ident, uint8_t desKeyIndex)
+{
+	uint8_t i;
+	uint8_t tmp[8], tmpKey[16], T1Key[300], P1Key[8], KeyDes[16], XorKey[8];
+
+	if(!GetViaKey(T1Key, ident, 'T', 1, 300, 1)) {
+		return 2;
+	}
+	if(!GetViaKey(P1Key, ident, 'P', 1, 8, 1)) {
+		return 2;
+	}
+	if(!GetViaKey(KeyDes, ident, '0', desKeyIndex, 16, 1)) {
+		return 2;
+	}
+	if(!GetViaKey(XorKey, ident, 'X', 1, 8, 1)) {
+		return 2;
+	}
+
+	for (i=0; i<4; i++) {
+		tmp[i] = data[i+4];
+	}
+	Via3Fct1(tmp, ident, XorKey, T1Key);
+	for (i=0; i<4; i++) {
+		tmp[i] = data[i]^tmp[i+4];
+	}
+	Via3Fct2(tmp, ident, XorKey, T1Key);
+	for (i=0; i<4; i++) {
+		tmp[i]^= XorKey[i+4];
+	}
+	for (i=0; i<4; i++) {
+		data[i] = data[i+4]^tmp[i+4];
+		data[i+4] = tmp[i];
+	}
+	memcpy(tmpKey,KeyDes,16);
+	doPC1(tmpKey);
+	doPC1(tmpKey+8);
+	des(tmpKey, DES_ECS2_DECRYPT, data);
+	des(tmpKey+8, DES_ECS2_CRYPT, data);
+	des(tmpKey, DES_ECS2_DECRYPT, data);
+	for (i=0; i<4; i++) {
+		tmp[i] = data[i+4];
+	}
+	Via3Fct2(tmp, ident, XorKey, T1Key);
+	for (i=0; i<4; i++) {
+		tmp[i] = data[i]^tmp[i+4];
+	}
+	Via3Fct1(tmp, ident, XorKey, T1Key);
+	for (i=0; i<4; i++) {
+		tmp[i]^= XorKey[i];
+	}
+	for (i=0; i<4; i++) {
+		data[i] = data[i+4]^tmp[i+4];
+		data[i+4] = tmp[i];
+	}
+	return 0;
+}
+
+static void Via3FinalMix(uint8_t *dw)
+{
+	uint8_t tmp[4];
+
+	memcpy(tmp, dw, 4);
+	memcpy(dw, dw + 4, 4);
+	memcpy(dw + 4, tmp, 4);
+
+	memcpy(tmp, dw + 8, 4);
+	memcpy(dw + 8, dw + 12, 4);
+	memcpy(dw + 12, tmp, 4);
+}
+
+static int8_t Via3Decrypt(uint8_t* source, uint8_t* dw, uint32_t ident, uint8_t desKeyIndex, uint8_t aesKeyIndex, uint8_t aesMode, int8_t doFinalMix)
+{
+	int8_t aesAfterCore = 0;
+	int8_t needsAES = (aesKeyIndex != 0xFF);
+	uint8_t tmpData[8], C1[8];
+	uint8_t *pXorVector;
+	char aesKey[16];
+	int32_t i, j;
+
+	if(ident == 0) {
+		return 4;
+	}
+	if(!GetViaKey(C1, ident, 'C', 1, 8, 1)) {
+		return 2;
+	}
+	if(needsAES && !GetViaKey((uint8_t*)aesKey, ident, 'E', aesKeyIndex, 16, 1)) {
+		return 2;
+	}
+	if(aesMode==0x0D || aesMode==0x11 || aesMode==0x15) {
+		aesAfterCore = 1;
+	}
+
+	if(needsAES && !aesAfterCore) {
+		if(aesMode == 0x0F) {
+			hdSurEncPhase1_D2_0F_11(source);
+			hdSurEncPhase2_D2_0F_11(source);
+		}
+		else if(aesMode == 0x13) {
+			hdSurEncPhase1_D2_13_15(source);
+		}
+		struct aes_keys aes;
+		aes_set_key(&aes, aesKey);
+		aes_decrypt(&aes, source, 16);
+		if(aesMode == 0x0F) {
+			hdSurEncPhase1_D2_0F_11(source);
+		}
+		else if(aesMode == 0x13) {
+			hdSurEncPhase2_D2_13_15(source);
+		}
+	}
+
+	for(i=0; i<2; i++) {
+		memcpy(tmpData, source+i*8, 8);
+		Via3ProcessDw(tmpData, ident, desKeyIndex);
+		if (i!=0) {
+			pXorVector = source;
+		}
+		else {
+			pXorVector = &C1[0];
+		}
+		for (j=0; j<8; j++) {
+			dw[i*8+j] = tmpData[j]^pXorVector[j];
+		}
+	}
+
+	if(needsAES && aesAfterCore) {
+		if(aesMode == 0x11) {
+			hdSurEncPhase1_D2_0F_11(dw);
+			hdSurEncPhase2_D2_0F_11(dw);
+		}
+		else if(aesMode == 0x15) {
+			hdSurEncPhase1_D2_13_15(dw);
+		}
+		struct aes_keys aes;
+		aes_set_key(&aes, aesKey);
+		aes_decrypt(&aes, dw, 16);
+		if(aesMode == 0x11) {
+			hdSurEncPhase1_D2_0F_11(dw);
+		}
+		if(aesMode == 0x15) {
+			hdSurEncPhase2_D2_13_15(dw);
+		}
+	}
+
+	if(ident == 0x030B00) {
+		if(doFinalMix) {
+			Via3FinalMix(dw);
+		}
+		if(!isValidDCW(dw)) {
+			return 6;
+		}
+	}
+	return 0;
+}
+
+static int8_t ViaccessECM(uint8_t *ecm, uint8_t *dw)
+{
+	uint32_t currentIdent = 0;
+	uint8_t nanoCmd = 0, nanoLen = 0, version = 0, providerKeyLen = 0, desKeyIndex = 0, aesMode = 0, aesKeyIndex = 0xFF;
+	int8_t doFinalMix = 0, result = 1;
+	uint16_t i = 0, keySelectPos = 0, ecmLen = GetEcmLen(ecm);
+
+	for (i=4; i+2<ecmLen; ) {
+		nanoCmd = ecm[i++];
+		nanoLen = ecm[i++];
+		if(i+nanoLen > ecmLen) {
+			return 1;
+		}
+
+		switch (nanoCmd) {
+		case 0x40:
+			if (nanoLen < 0x03) {
+				break;
+			}
+			version = ecm[i];
+			if (nanoLen == 3) {
+				currentIdent=((ecm[i]<<16)|(ecm[i+1]<<8))|(ecm[i+2]&0xF0);
+				desKeyIndex = ecm[i+2]&0x0F;
+				keySelectPos = i+3;
+			}
+			else {
+				currentIdent =(ecm[i]<<16)|(ecm[i+1]<<8)|((ecm[i+2]>>4)&0x0F);
+				desKeyIndex = ecm[i+3];
+				keySelectPos = i+4;
+			}
+			providerKeyLen = nanoLen;
+			break;
+		case 0x90:
+			if (nanoLen < 0x03) {
+				break;
+			}
+			version = ecm[i];
+			currentIdent= ((ecm[i]<<16)|(ecm[i+1]<<8))|(ecm[i+2]&0xF0);
+			desKeyIndex = ecm[i+2]&0x0F;
+			keySelectPos = i+4;
+			if((version == 3) && (nanoLen > 3)) {
+				desKeyIndex = ecm[i+(nanoLen-4)]&0x0F;
+			}
+			providerKeyLen = nanoLen;
+			break;
+		case 0x80:
+			nanoLen = 0;
+			break;
+		case 0xD2:
+			if (nanoLen < 0x02) {
+				break;
+			}
+			aesMode = ecm[i];
+			aesKeyIndex = ecm[i+1];
+			break;
+		case 0xDD:
+			nanoLen = 0;
+			break;
+		case 0xEA:
+			if (nanoLen < 0x10) {
+				break;
+			}
+
+			if (version < 2) {
+				return Via1Decrypt(ecm, dw, currentIdent, desKeyIndex);
+			}
+			else if (version == 2) {
+				return Via26Decrypt(ecm + i, dw, currentIdent, desKeyIndex);
+			}
+			else if (version == 3) {
+				doFinalMix = 0;
+				if (currentIdent == 0x030B00 && providerKeyLen>3) {
+					if(keySelectPos+2 >= ecmLen) {
+						break;
+					}
+					if (ecm[keySelectPos]==0x05 && ecm[keySelectPos+1]==0x67 && (ecm[keySelectPos+2]==0x00 || ecm[keySelectPos+2]==0x01)) {
+						if(ecm[keySelectPos+2]==0x01) {
+							doFinalMix = 1;
+						}
+					}
+					else {
+						break;
+					}
+				}
+				return Via3Decrypt(ecm + i, dw, currentIdent, desKeyIndex, aesKeyIndex, aesMode, doFinalMix);
+			}
+			break;
+		default:
+			break;
+		}
+		i += nanoLen;
+	}
+	return result;
+}
+
+// Nagra EMU
+static int8_t GetNagraKey(uint8_t *buf, uint32_t ident, char keyName, uint32_t keyIndex, uint8_t isCriticalKey)
+{
+	char keyStr[EMU_MAX_CHAR_KEYNAME];
+	snprintf(keyStr, EMU_MAX_CHAR_KEYNAME, "%c%X", keyName, keyIndex);
+	if(FindKey('N', ident, keyStr, buf, keyName == 'M' ? 64 : 16, isCriticalKey, 0, 0)) {
+		return 1;
+	}
+
+	return 0;
+}
+
+static int8_t Nagra2Signature(const uint8_t *vkey, const uint8_t *sig, const uint8_t *msg, int32_t len)
+{
+	uint8_t buff[16];
+	uint8_t iv[8];
+	int32_t i,j;
+
+	memcpy(buff,vkey,sizeof(buff));
+	for(i=0; i+7<len; i+=8) {
+		IDEA_KEY_SCHEDULE ek;
+		idea_set_encrypt_key(buff, &ek);
+		memcpy(buff,buff+8,8);
+		memset(iv,0,sizeof(iv));
+		idea_cbc_encrypt(msg+i,buff+8,8,&ek,iv,IDEA_ENCRYPT);
+		for(j=7; j>=0; j--) {
+			buff[j+8]^=msg[i+j];
+		}
+	}
+	buff[8]&=0x7F;
+	return (memcmp(sig,buff+8,8)==0);
+}
+
+static int8_t DecryptNagra2ECM(uint8_t *in, uint8_t *out, const uint8_t *key, int32_t len, const uint8_t *vkey, uint8_t *keyM)
+{
+	BIGNUM *exp, *mod;
+	uint8_t iv[8];
+	int32_t i = 0, sign = in[0] & 0x80;
+	uint8_t binExp = 3;
+	int8_t result = 1;
+
+	exp = BN_new();
+	mod = BN_new();
+	BN_bin2bn(&binExp, 1, exp);
+	BN_bin2bn(keyM, 64, mod);
+
+	if(EmuRSA(out,in+1,64,exp,mod,1)<=0) {
+		BN_free(exp);
+		BN_free(mod);
+		return 0;
+	}
+	out[63]|=sign;
+	if(len>64) {
+		memcpy(out+64,in+65,len-64);
+	}
+
+	memset(iv,0,sizeof(iv));
+	if(in[0]&0x04) {
+		uint8_t key1[8], key2[8];
+		ReverseMemInOut(key1,&key[0],8);
+		ReverseMemInOut(key2,&key[8],8);
+
+		for(i=7; i>=0; i--) {
+			ReverseMem(out+8*i,8);
+		}
+		des_ede2_cbc_decrypt(out, iv, key1, key2, len);
+		for(i=7; i>=0; i--) {
+			ReverseMem(out+8*i,8);
+		}
+	}
+	else {
+		IDEA_KEY_SCHEDULE ek;
+		idea_set_encrypt_key(key, &ek);
+		idea_cbc_encrypt(out, out, len&~7, &ek, iv, IDEA_DECRYPT);
+	}
+
+	ReverseMem(out,64);
+	if(result && EmuRSA(out,out,64,exp,mod,0)<=0) {
+		result = 0;
+	}
+	if(result && vkey && !Nagra2Signature(vkey,out,out+8,len-8)) {
+		result = 0;
+	}
+
+	BN_free(exp);
+	BN_free(mod);
+	return result;
+}
+
+static int8_t Nagra2ECM(uint8_t *ecm, uint8_t *dw)
+{
+	uint32_t ident, identMask, tmp1, tmp2, tmp3;
+	uint8_t cmdLen, ideaKeyNr, *dec, ideaKey[16], vKey[16], m1Key[64], mecmAlgo = 0;
+	int8_t useVerifyKey = 0;
+	int32_t l=0, s;
+	uint16_t i = 0, ecmLen = GetEcmLen(ecm);
+
+	if(ecmLen < 8) {
+		return 1;
+	}
+	cmdLen = ecm[4] - 5;
+	ident = (ecm[5] << 8) + ecm[6];
+	ideaKeyNr = (ecm[7]&0x10)>>4;
+	if(ideaKeyNr) {
+		ideaKeyNr = 1;
+	}
+	if(ident == 1283 || ident == 1285 || ident == 1297) {
+		ident = 1281;
+	}
+	if(cmdLen <= 63 || ecmLen < cmdLen + 10) {
+		return 1;
+	}
+
+	if(!GetNagraKey(ideaKey, ident, '0', ideaKeyNr, 1)) {
+		return 2;
+	}
+	if(GetNagraKey(vKey, ident, 'V', 0, 0)) {
+		useVerifyKey = 1;
+	}
+	if(!GetNagraKey(m1Key, ident, 'M', 1, 1)) {
+		return 2;
+	}
+	ReverseMem(m1Key, 64);
+
+	dec = (uint8_t*)malloc(sizeof(uint8_t)*cmdLen);
+	if(dec == NULL) {
+		return 7;
+	}
+	if(!DecryptNagra2ECM(ecm+9, dec, ideaKey, cmdLen, useVerifyKey?vKey:0, m1Key)) {
+		free(dec);
+		return 1;
+	}
+
+	for(i=(dec[14]&0x10)?16:20; i<cmdLen && l!=3; ) {
+		switch(dec[i]) {
+		case 0x10:
+		case 0x11:
+			if(i+10 < cmdLen && dec[i+1]==0x09) {
+				s = (~dec[i])&1;
+				mecmAlgo = dec[i+2]&0x60;
+				memcpy(dw+(s<<3),&dec[i+3],8);
+				i+=11;
+				l|=(s+1);
+			}
+			else {
+				i++;
+			}
+			break;
+		case 0x00:
+			i+=2;
+			break;
+		case 0x30:
+		case 0x31:
+		case 0x32:
+		case 0x33:
+		case 0x34:
+		case 0x35:
+		case 0x36:
+		case 0xB0:
+			if(i+1 < cmdLen) {
+				i+=dec[i+1]+2;
+			}
+			else {
+				i++;
+			}
+			break;
+		default:
+			i++;
+			continue;
+		}
+	}
+
+	free(dec);
+
+	if(l!=3) {
+		return 1;
+	}
+	if(mecmAlgo>0) {
+		return 1;
+	}
+
+	identMask = ident & 0xFF00;
+	if (identMask == 0x1100 || identMask == 0x500 || identMask == 0x3100) {
+		memcpy(&tmp1, dw, 4);
+		memcpy(&tmp2, dw + 4, 4);
+		memcpy(&tmp3, dw + 12, 4);
+		memcpy(dw, dw + 8, 4);
+		memcpy(dw + 4, &tmp3, 4);
+		memcpy(dw + 8, &tmp1, 4);
+		memcpy(dw + 12, &tmp2, 4);
+	}
+	return 0;
+}
+
+// Irdeto EMU
+static int8_t GetIrdetoKey(uint8_t *buf, uint32_t ident, char keyName, uint32_t keyIndex, uint8_t isCriticalKey, uint8_t *keyRef)
+{
+	char keyStr[EMU_MAX_CHAR_KEYNAME];
+	snprintf(keyStr, EMU_MAX_CHAR_KEYNAME, "%c%X", keyName, keyIndex);
+	if(FindKey('I', ident, keyStr, buf, 16, *keyRef > 0 ? 0 : isCriticalKey, *keyRef, 0)) {
+		(*keyRef)++;
+		return 1;
+	}
+
+	return 0;
+}
+
+static void Irdeto2Encrypt(uint8_t *data, const uint8_t *seed, const uint8_t *okey, int32_t len)
+{
+	const uint8_t *tmp = seed;
+	uint8_t key[16];
+	int32_t i;
+
+	memcpy(key, okey, 16);
+	doPC1(key);
+	doPC1(&key[8]);
+	len&=~7;
+
+	for(i=0; i+7<len; i+=8) {
+		xxor(&data[i],8,&data[i],tmp);
+		tmp=&data[i];
+		des(key,DES_ECS2_CRYPT,&data[i]);
+		des(&key[8],DES_ECS2_DECRYPT,&data[i]);
+		des(key,DES_ECS2_CRYPT,&data[i]);
+	}
+}
+
+static void Irdeto2Decrypt(uint8_t *data, const uint8_t *seed, const uint8_t *okey, int32_t len)
+{
+	uint8_t buf[2][8];
+	uint8_t key[16];
+	int32_t i, n=0;
+
+	memcpy(key, okey, 16);
+	doPC1(key);
+	doPC1(&key[8]);
+	len&=~7;
+
+	memcpy(buf[n],seed,8);
+	for(i=0; i+7<len; i+=8,data+=8,n^=1) {
+		memcpy(buf[1-n],data,8);
+		des(key,DES_ECS2_DECRYPT,data);
+		des(&key[8],DES_ECS2_CRYPT,data);
+		des(key,DES_ECS2_DECRYPT,data);
+		xxor(data,8,data,buf[n]);
+	}
+}
+
+static int8_t Irdeto2CalculateHash(const uint8_t *okey, const uint8_t *iv, const uint8_t *data, int32_t len)
+{
+	uint8_t cbuff[8];
+	uint8_t key[16];
+	int32_t l, y;
+
+	memcpy(key, okey, 16);
+	doPC1(key);
+	doPC1(&key[8]);
+
+	memset(cbuff,0,sizeof(cbuff));
+	len-=8;
+
+	for(y=0; y<len; y+=8) {
+		if(y<len-8) {
+			xxor(cbuff,8,cbuff,&data[y]);
+		}
+		else {
+			l=len-y;
+			xxor(cbuff,l,cbuff,&data[y]);
+			xxor(cbuff+l,8-l,cbuff+l,iv+8);
+		}
+		des(key,DES_ECS2_CRYPT,cbuff);
+		des(&key[8],DES_ECS2_DECRYPT,cbuff);
+		des(key,DES_ECS2_CRYPT,cbuff);
+	}
+
+	return memcmp(cbuff,&data[len],8)==0;
+}
+
+static int8_t Irdeto2ECM(uint16_t caid, uint8_t *oecm, uint8_t *dw)
+{
+	uint8_t keyNr=0, length, end, key[16], okeySeed[16], keySeed[16], keyIV[16], tmp[16];
+	uint32_t i, l, ident;
+	uint8_t key0Ref, keySeedRef, keyIVRef;
+	uint8_t ecmCopy[EMU_MAX_ECM_LEN], *ecm = oecm;
+	uint16_t ecmLen = GetEcmLen(ecm);
+	
+	if(ecmLen < 12) {
+		return 1;
+	}
+	
+	length = ecm[11];
+	keyNr = ecm[9];
+	ident = ecm[8] | caid << 8;
+
+	if(ecmLen < length+12) {
+		return 1;
+	}
+	
+	key0Ref = 0;
+	while(GetIrdetoKey(key, ident, '0', keyNr, 1, &key0Ref)) {
+		keySeedRef = 0;
+		while(GetIrdetoKey(okeySeed, ident, 'M', 1, 1, &keySeedRef)) {
+			keyIVRef = 0;
+			while(GetIrdetoKey(keyIV, ident, 'M', 2, 1, &keyIVRef)) {
+
+				memcpy(keySeed, okeySeed, 16);
+				memcpy(ecmCopy, oecm, ecmLen);
+				ecm = ecmCopy;
+				
+				memset(tmp, 0, 16);
+				Irdeto2Encrypt(keySeed, tmp, key, 16);
+				ecm+=12;
+				Irdeto2Decrypt(ecm, keyIV, keySeed, length);
+				i=(ecm[0]&7)+1;
+				end = length-8 < 0 ? 0 : length-8;
+    			
+				while(i<end) {
+					l = ecm[i+1] ? (ecm[i+1]&0x3F)+2 : 1;
+					switch(ecm[i]) {
+					case 0x10:
+					case 0x50:
+						if(l==0x13 && i<=length-8-l) {
+							Irdeto2Decrypt(&ecm[i+3], keyIV, key, 16);
+						}
+						break;
+					case 0x78:
+						if(l==0x14 && i<=length-8-l) {
+							Irdeto2Decrypt(&ecm[i+4], keyIV, key, 16);
+						}
+						break;
+					}
+					i+=l;
+				}
+    			
+				i=(ecm[0]&7)+1;
+				if(Irdeto2CalculateHash(keySeed, keyIV, ecm-6, length+6)) {
+					while(i<end) {
+						l = ecm[i+1] ? (ecm[i+1]&0x3F)+2 : 1;
+						switch(ecm[i]) {
+						case 0x78:
+							if(l==0x14 && i<=length-8-l) {
+								memcpy(dw, &ecm[i+4], 16);
+								return 0;
+							}
+						}
+						i+=l;
+					}
+				}
+			}
+			if(keyIVRef == 0) {
+				return 2;
+			}				
+		}
+		if(keySeedRef == 0) {
+			return 2;
+		}		
+	}
+	if(key0Ref == 0) {
+		return 2;
+	}
+	
+	return 1;
+}
+
+// BISS Emu
+static int8_t BissECM(uint16_t UNUSED(caid), uint8_t *ecm, uint8_t *dw)
+{
+	uint8_t haveKey1 = 0, haveKey2 = 0;
+	uint16_t sid = 0, pid = 0;
+	uint32_t i;
+	
+	// oscam fake ecm for biss: [sid] ([pid1] [pid2] ... [pidx])
+	uint16_t ecmLen = GetEcmLen(ecm);
+	if(ecmLen < 5) {
+		return 1;
+	}
+	
+	sid = b2i(2, ecm+3);
+	if(ecmLen < 7) {
+		haveKey1 = FindKey('F', sid<<16, "00", dw, 8, 0, 0, 0);
+		haveKey2 = FindKey('F', sid<<16, "01", &dw[8], 8, 0, 0, 0);
+		
+		if(haveKey1 && haveKey2) {return 0;}
+		else if(haveKey1 && !haveKey2) {memcpy(&dw[8], dw, 8); return 0;}
+		else if(!haveKey1 && haveKey2) {memcpy(dw, &dw[8], 8); return 0;}
+	}
+	else {
+		for(i=5; i+1<ecmLen; i+=2) {
+			pid = b2i(2, ecm+i);
+			haveKey1 = FindKey('F', (sid<<16)|pid, "00", dw, 8, 0, 0, 0);
+			haveKey2 = FindKey('F', (sid<<16)|pid, "01", &dw[8], 8, 0, 0, 0);
+		
+			if(haveKey1 && haveKey2) {return 0;}
+			else if(haveKey1 && !haveKey2) {memcpy(&dw[8], dw, 8); return 0;}
+			else if(!haveKey1 && haveKey2) {memcpy(dw, &dw[8], 8); return 0;}
+		}
+	}
+	
+	haveKey1 = FindKey('F', (sid<<16)|0x1FFF, "00", dw, 8, 0, 0, 0);
+	haveKey2 = FindKey('F', (sid<<16)|0x1FFF, "01", &dw[8], 8, 0, 0, 0);
+	
+	if(haveKey1 && haveKey2) {return 0;}
+	else if(haveKey1 && !haveKey2) {memcpy(&dw[8], dw, 8); return 0;}
+	else if(!haveKey1 && haveKey2) {memcpy(dw, &dw[8], 8); return 0;}	
+	
+	return 2;
+}
+
+char* GetProcessECMErrorReason(int8_t result)
+{
+	switch(result) {
+	case 0:
+		return "No error";
+	case 1:
+		return "ECM not supported";
+	case 2:
+		return "Key not found";
+	case 3:
+		return "Nano80 problem";
+	case 4:
+		return "Corrupt data";
+	case 5:
+		return "CW not found";
+	case 6:
+		return "CW checksum error";
+	case 7:
+		return "Out of memory";
+	default:
+		return "Unknown";
+	}
+}
+
+/* Error codes
+0  OK
+1  ECM not supported
+2  Key not found
+3  Nano80 problem
+4  Corrupt data
+5  CW not found
+6  CW checksum error
+7  Out of memory
+*/
+int8_t ProcessECM(uint16_t caid, uint32_t UNUSED(provider), const uint8_t *ecm, uint8_t *dw)
+{
+	int8_t result = 1, i;
+	uint8_t ecmCopy[EMU_MAX_ECM_LEN];
+	uint16_t ecmLen = GetEcmLen(ecm);
+
+	if(ecmLen > EMU_MAX_ECM_LEN) {
+		return 1;
+	}
+	memcpy(ecmCopy, ecm, ecmLen);
+
+	if((caid>>8)==0x0D) {
+		result = CryptoworksECM(caid,ecmCopy,dw);
+	}
+	else if((caid>>8)==0x09) {
+		result = SoftNDSECM(caid,ecmCopy,dw);
+	}
+	else if(caid==0x0500) {
+		result = ViaccessECM(ecmCopy,dw);
+	}
+	else if((caid>>8)==0x18) {
+		result = Nagra2ECM(ecmCopy,dw);
+	}
+	else if((caid>>8)==0x06) {
+		result = Irdeto2ECM(caid,ecmCopy,dw);
+	}
+	else if((caid>>8)==0x26 || caid == 0xFFFF) {
+		result = BissECM(caid,ecmCopy,dw);
+	}
+	
+	// fix dcw checksum
+	if(result == 0) {
+		for(i = 0; i < 16; i += 4) {
+			dw[i + 3] = ((dw[i] + dw[i + 1] + dw[i + 2]) & 0xff);
+		}
+	}
+
+	if(result != 0) {
+		cs_log("[Emu] ECM failed: %s", GetProcessECMErrorReason(result));
+	}
+
+	return result;
+}
+
+// Viaccess EMM EMU
+static int8_t ViaccessEMM(uint8_t *emm, uint32_t *keysAdded)
+{
+	uint8_t nanoCmd = 0, subNanoCmd = 0, *tmp, *newKeyD0, *newEcmKey;
+	uint16_t i = 0, j = 0, k = 0, emmLen = GetEcmLen(emm);
+	uint8_t ecmKeys[6][16], keyD0[2], emmKey[16], emmXorKey[16], provName[17];
+	uint8_t ecmKeyCount = 0, emmKeyIndex = 0, aesMode = 0x0D;
+	uint8_t nanoLen = 0, subNanoLen = 0, haveEmmXorKey = 0, haveNewD0 = 0;
+	uint32_t ui1, ui2, ui3, ecmKeyIndex[6], provider = 0, ecmProvider = 0;
+	char keyName[8], keyValue[36];
+	struct aes_keys aes;
+
+	memset(keyD0, 0, 2);
+	memset(ecmKeyIndex, 0, sizeof(uint32_t)*6);
+
+	for(i=3; i+2<emmLen; ) {
+		nanoCmd = emm[i++];
+		nanoLen = emm[i++];
+		if(i+nanoLen > emmLen) {
+			return 1;
+		}
+		
+		switch(nanoCmd) {
+		case 0x90: {
+			if(nanoLen < 3) {
+				break;
+			}
+			ui1 = emm[i+2];
+			ui2 = emm[i+1];
+			ui3 = emm[i];
+			provider = (ui1 | (ui2 << 8) | (ui3 << 16));
+			if(provider == 0x00D00040) {
+				ecmProvider = 0x030B00;
+			}
+			else {
+				return 1;
+			}
+			break;
+		}
+		case 0xD2: {
+			if(nanoLen < 2) {
+				break;
+			}
+			emmKeyIndex = emm[i+1];
+			break;
+		}
+		case 0x41: {
+			if(nanoLen < 1) {
+				break;
+			}
+			if(!GetViaKey(emmKey, provider, 'M', emmKeyIndex, 16, 1)) {
+				return 2;
+			}
+			memset(provName, 0, 17);
+			memset(emmXorKey, 0, 16);
+			k = nanoLen < 16 ? nanoLen : 16;
+			memcpy(provName, &emm[i], k);
+			aes_set_key(&aes, (char*)emmKey);
+			aes_decrypt(&aes, emmXorKey, 16);
+			for(j=0; j<16; j++) {
+				provName[j] ^= emmXorKey[j];
+			}
+			provName[k] = 0;
+
+			if(strcmp((char*)provName, "TNTSAT") != 0 && strcmp((char*)provName, "TNTSATPRO") != 0
+					&&strcmp((char*)provName, "CSAT V") != 0) {
+				return 1;
+			}
+			break;
+		}
+		case 0xBA: {
+			if(nanoLen < 2) {
+				break;
+			}
+			GetViaKey(keyD0, ecmProvider, 'D', 0, 2, 0);
+			ui1 = (emm[i] << 8) | emm[i+1];
+			if( (uint32_t)((keyD0[0] << 8) | keyD0[1]) < ui1 || (keyD0[0] == 0x00 && keyD0[1] == 0x00)) {
+				keyD0[0] = emm[i];
+				keyD0[1] = emm[i+1];
+				haveNewD0 = 1;
+				break;
+			}
+			return 0;
+		}
+		case 0xBC: {
+			break;
+		}
+		case 0x43: {
+			if(nanoLen < 16) {
+				break;
+			}
+			memcpy(emmXorKey, &emm[i], 16);
+			haveEmmXorKey = 1;
+			break;
+		}
+		case 0x44: {
+			if(nanoLen < 3) {
+				break;
+			}
+			if (!haveEmmXorKey) {
+				memset(emmXorKey, 0, 16);
+			}
+			tmp = (uint8_t*)malloc(((nanoLen/16)+1)*16*sizeof(uint8_t));
+			if(tmp == NULL) {
+				return 7;
+			}
+			memcpy(tmp, &emm[i], nanoLen);
+			aes_set_key(&aes, (char*)emmKey);
+			for(j=0; j<nanoLen; j+=16) {
+				aes_decrypt(&aes, emmXorKey, 16);
+				for(k=0; k<16; k++) {
+					tmp[j+k] ^= emmXorKey[k];
+				}
+			}
+			memcpy(&emm[i-2], tmp, nanoLen);
+			free(tmp);
+			nanoLen = 0;
+			i -= 2;
+			break;
+		}
+		case 0x68: {
+			if(ecmKeyCount > 5) {
+				break;
+			}		
+			for(j=i; j+2<i+nanoLen; ) {
+				subNanoCmd = emm[j++];
+				subNanoLen = emm[j++];
+				if(j+subNanoLen > i+nanoLen) {
+					break;
+				}
+				switch(subNanoCmd) {
+					case 0xD2: {
+						if(nanoLen < 2) {
+							break;
+						}
+						aesMode = emm[j];
+						emmKeyIndex = emm[j+1];
+						break;
+					}
+					case 0x01: {
+						if(nanoLen < 17) {
+							break;
+						}
+						ecmKeyIndex[ecmKeyCount] = emm[j];
+						memcpy(&ecmKeys[ecmKeyCount], &emm[j+1], 16);
+						if(!GetViaKey(emmKey, provider, 'M', emmKeyIndex, 16, 1)) {
+							break;
+						}
+
+						if(aesMode == 0x0F || aesMode == 0x11) {
+							hdSurEncPhase1_D2_0F_11(ecmKeys[ecmKeyCount]);
+							hdSurEncPhase2_D2_0F_11(ecmKeys[ecmKeyCount]);
+						}
+						else if(aesMode == 0x13 || aesMode == 0x15) {
+							hdSurEncPhase1_D2_13_15(ecmKeys[ecmKeyCount]);
+						}						
+						aes_set_key(&aes, (char*)emmKey);
+						aes_decrypt(&aes, ecmKeys[ecmKeyCount], 16);
+						if(aesMode == 0x0F || aesMode == 0x11) {
+							hdSurEncPhase1_D2_0F_11(ecmKeys[ecmKeyCount]);
+						}
+						else if(aesMode == 0x13 || aesMode == 0x15) {
+							hdSurEncPhase2_D2_13_15(ecmKeys[ecmKeyCount]);
+						}
+								
+						ecmKeyCount++;						
+						break;
+					}
+					default:
+						break;
+				}
+				j += subNanoLen;
+			}
+			break;
+		}
+		case 0xF0: {
+			if(nanoLen != 4) {
+				break;
+			}
+			ui1 = ((emm[i+2] << 8) | (emm[i+1] << 16) | (emm[i] << 24) | emm[i+3]);
+			if(fletcher_crc32(emm + 3, emmLen - 11) != ui1) {
+				return 4;
+			}
+
+			if(haveNewD0) {
+				newKeyD0 = (uint8_t*)malloc(sizeof(uint8_t)*2);
+				if(newKeyD0 == NULL) {
+					return 7;
+				}
+				memcpy(newKeyD0, keyD0, 2);
+				if(!SetKey('V', ecmProvider, "D0", newKeyD0, 2, 1)) {
+					free(newKeyD0);
+				}
+				for(j=0; j<ecmKeyCount; j++) {
+					newEcmKey = (uint8_t*)malloc(sizeof(uint8_t)*16);
+					if(newEcmKey == NULL) {
+						return 7;
+					}
+					memcpy(newEcmKey, ecmKeys[j], 16);
+					snprintf(keyName, 8, "E%X", ecmKeyIndex[j]);
+					if(!SetKey('V', ecmProvider, keyName, newEcmKey, 16, 1)) {
+						free(newEcmKey);
+					}
+					(*keysAdded)++;
+					cs_hexdump(0, ecmKeys[j], 16, keyValue, sizeof(keyValue));
+					cs_log("[Emu] Key found in EMM: V %06X %s %s", ecmProvider, keyName, keyValue);
+				}
+			}
+			break;
+		}
+		default:
+			break;
+		}
+		i += nanoLen;
+	}
+	return 0;
+}
+
+// Irdeto2 EMM EMU
+static int8_t Irdeto2DoEMMTypeOP(uint32_t ident, uint8_t *emm, uint8_t *keySeed, uint8_t *keyIV, uint8_t *keyPMK,
+							uint16_t emmLen, uint8_t startOffset, uint8_t length, uint32_t *keysAdded)
+{
+	uint32_t end, i, l;
+	uint8_t tmp[16], *newOpKey;
+	char keyName[8], keyValue[36];
+	
+	memset(tmp, 0, 16);
+	Irdeto2Encrypt(keySeed, tmp, keyPMK, 16);
+	Irdeto2Decrypt(&emm[startOffset], keyIV, keySeed, length);
+	
+	i = 16;
+	end = startOffset + (length-8 < 0 ? 0 : length-8);
+ 			
+	while(i<end) {
+		l = emm[i+1] ? (emm[i+1]&0x3F)+2 : 1;
+		switch(emm[i]) {
+		case 0x10:
+		case 0x50:
+			if(l==0x13 && i<=startOffset+length-8-l) {
+				Irdeto2Decrypt(&emm[i+3], keyIV, keyPMK, 16);
+			}
+			break;
+		case 0x78:
+			if(l==0x14 && i<=startOffset+length-8-l) {
+				Irdeto2Decrypt(&emm[i+4], keyIV, keyPMK, 16);
+			}
+			break;
+		}
+		i+=l;
+	}
+	
+	memmove(emm+6, emm+7, emmLen-7);
+ 			
+	i = 15;
+	end = startOffset + (length-9 < 0 ? 0 : length-9);
+		
+	if(Irdeto2CalculateHash(keySeed, keyIV, emm+3, emmLen-4)) {
+		while(i<end) {
+			l = emm[i+1] ? (emm[i+1]&0x3F)+2 : 1;
+			switch(emm[i]) {
+			case 0x10:
+			case 0x50:
+				if(l==0x13 && i<=startOffset+length-9-l) {
+					newOpKey = (uint8_t*)malloc(sizeof(uint8_t)*16);
+					if(newOpKey == NULL) {
+						return 7;
+					}
+					memcpy(newOpKey, &emm[i+3], 16);
+					snprintf(keyName, 8, "%02X", emm[i+2]>>2);
+					if(!SetKey('I', ident, keyName, newOpKey, 16, 1)) {
+						free(newOpKey);
+					}
+					(*keysAdded)++;
+					cs_hexdump(0, &emm[i+3], 16, keyValue, sizeof(keyValue));
+					cs_log("[Emu] Key found in EMM: I %06X %s %s", ident, keyName, keyValue);
+				}
+			}
+			i+=l;
+		}
+		
+		if(*keysAdded > 0) {
+			return 0;
+		}
+	}
+	
+	return 1;
+}
+
+static int8_t Irdeto2DoEMMTypePMK(uint32_t ident, uint8_t *emm, uint8_t *keySeed, uint8_t *keyIV, uint8_t *keyPMK,
+							uint16_t emmLen, uint8_t startOffset, uint8_t length, uint32_t *keysAdded)
+{
+	uint32_t end, i, l, j;
+	uint8_t *newPmkKey;
+	char keyName[8], keyValue[36];
+	
+	Irdeto2Decrypt(&emm[startOffset], keyIV, keySeed, length);	
+
+	i = 13;
+	end = startOffset + (length-8 < 0 ? 0 : length-8);
+ 			
+	while(i<end) {
+		l = emm[i+1] ? (emm[i+1]&0x3F)+2 : 1;
+		switch(emm[i]) {
+		case 0x10:
+		case 0x50:
+			if(l==0x13 && i<=startOffset+length-8-l) {
+				Irdeto2Decrypt(&emm[i+3], keyIV, keyPMK, 16);
+			}
+			break;
+		case 0x78:
+			if(l==0x14 && i<=startOffset+length-8-l) {
+				Irdeto2Decrypt(&emm[i+4], keyIV, keyPMK, 16);
+			}
+			break;
+		case 0x68:
+			if(l==0x26 && i<=startOffset+length-8-l) {
+				Irdeto2Decrypt(&emm[i+3], keyIV, keyPMK, 16*2);
+			}			
+			break;
+		}
+		i+=l;
+	}
+		
+	memmove(emm+7, emm+9, emmLen-9);
+ 			
+	i = 11;
+	end = startOffset + (length-10 < 0 ? 0 : length-10);
+			
+	if(Irdeto2CalculateHash(keySeed, keyIV, emm+3, emmLen-5)) {
+		while(i<end) {
+			l = emm[i+1] ? (emm[i+1]&0x3F)+2 : 1;
+			switch(emm[i]) {
+			case 0x68:
+				if(l==0x26 && i<=startOffset+length-10-l) {
+					for(j=0; j<2; j++) {
+						newPmkKey = (uint8_t*)malloc(sizeof(uint8_t)*16);
+						if(newPmkKey == NULL) {
+							return 7;
+						}
+						memcpy(newPmkKey, &emm[i+3+j*16], 16);
+						snprintf(keyName, 8, "M%01X", 3+j);
+						if(!SetKey('I', ident, keyName, newPmkKey, 16, 1)) {
+							free(newPmkKey);
+						}
+						(*keysAdded)++;
+						cs_hexdump(0, &emm[i+3+j*16], 16, keyValue, sizeof(keyValue));
+						cs_log("[Emu] Key found in EMM: I %06X %s %s", ident, keyName, keyValue);
+					}
+				}
+			}
+			i+=l;
+		}
+		
+		if(*keysAdded > 0) {
+			return 0;
+		}
+	}
+	
+	return 1;
+}
+
+static const uint8_t fausto_xor[16] = { 0x22, 0x58, 0xBD, 0x85, 0x2E, 0x8E, 0x52, 0x80, 0xA3, 0x79, 0x98, 0x69, 0x68, 0xE2, 0xD8, 0x4D };
+
+static int8_t Irdeto2EMM(uint16_t caid, uint8_t *oemm, uint32_t *keysAdded)
+{
+	uint8_t length, okeySeed[16], keySeed[16], keyIV[16], keyPMK[16], startOffset, emmType;
+	uint32_t ident;
+	uint8_t keySeedRef, keyIVRef, keyPMK0Ref, keyPMK1Ref, keyPMK0ERef, keyPMK1ERef;
+	uint8_t emmCopy[EMU_MAX_EMM_LEN], *emm = oemm;
+	uint16_t emmLen = GetEcmLen(emm);
+	
+	if(emmLen < 11) {
+		return 1;
+	}
+	
+	if(emm[3] == 0xC3 || emm[3] == 0xCB) {
+		emmType = 2;
+		startOffset = 11;
+	}
+	else {
+		emmType = 1;		
+		startOffset = 10;
+	}
+	
+	ident = emm[startOffset-2] | caid << 8;
+	length = emm[startOffset-1];
+
+
+	if(emmLen < length+startOffset) {
+		return 1;
+	}
+	
+	keySeedRef = 0;
+	while(GetIrdetoKey(okeySeed, ident, 'M', emmType == 1 ? 0 : 0xA, 1, &keySeedRef)) {
+		keyIVRef = 0;
+		while(GetIrdetoKey(keyIV, ident, 'M', 2, 1, &keyIVRef)) {
+			
+			keyPMK0Ref = 0;
+			keyPMK1Ref = 0;
+			keyPMK0ERef = 0;
+			keyPMK1ERef = 0;
+									
+			while(GetIrdetoKey(keyPMK, ident, 'M', emmType == 1 ? 3 : 0xB, 1, &keyPMK0Ref)) {
+				memcpy(keySeed, okeySeed, 16);
+				memcpy(emmCopy, oemm, emmLen);
+				emm = emmCopy;
+				if(emmType == 1) {
+					if(Irdeto2DoEMMTypeOP(ident, emm, keySeed, keyIV, keyPMK, emmLen, startOffset, length, keysAdded) == 0) {
+						return 0;	
+					}
+				}
+				else {
+					if(Irdeto2DoEMMTypePMK(ident, emm, keySeed, keyIV, keyPMK, emmLen, startOffset, length, keysAdded) == 0) {
+						return 0;	
+					}					
+				}
+			}
+			
+			if(emmType == 1) {
+				while(GetIrdetoKey(keyPMK, ident, 'M', 4, 1, &keyPMK1Ref)) {
+					memcpy(keySeed, okeySeed, 16);
+					memcpy(emmCopy, oemm, emmLen);
+					emm = emmCopy;
+					if(Irdeto2DoEMMTypeOP(ident, emm, keySeed, keyIV, keyPMK, emmLen, startOffset, length, keysAdded) == 0) {
+						return 0;	
+					}
+				}
+
+				while(GetIrdetoKey(keyPMK, ident, 'M', 5, 1, &keyPMK0ERef)) {
+					xxor(keyPMK, 16, keyPMK, fausto_xor);
+					memcpy(keySeed, okeySeed, 16);
+					memcpy(emmCopy, oemm, emmLen);
+					emm = emmCopy;
+					if(Irdeto2DoEMMTypeOP(ident, emm, keySeed, keyIV, keyPMK, emmLen, startOffset, length, keysAdded) == 0) {
+						return 0;	
+					}
+				}
+				
+				while(GetIrdetoKey(keyPMK, ident, 'M', 6, 1, &keyPMK1ERef)) {
+					xxor(keyPMK, 16, keyPMK, fausto_xor);
+					memcpy(keySeed, okeySeed, 16);
+					memcpy(emmCopy, oemm, emmLen);
+					emm = emmCopy;
+					if(Irdeto2DoEMMTypeOP(ident, emm, keySeed, keyIV, keyPMK, emmLen, startOffset, length, keysAdded) == 0) {
+						return 0;	
+					}
+				}
+			}
+			
+			if(keyPMK0Ref == 0 && keyPMK1Ref == 0 && keyPMK0ERef == 0 && keyPMK1ERef == 0) {
+				return 2;
+			}				
+		}
+		if(keyIVRef == 0) {
+			return 2;
+		}		
+	}
+	if(keySeedRef == 0) {
+		return 2;
+	}
+	
+	return 1;	
+}
+
+int32_t GetIrdeto2Hexserial(uint16_t caid, uint8_t *hexserial)
+{
+	uint32_t i;
+	KeyDataContainer *KeyDB;
+	KeyData *tmpKeyData;
+
+	KeyDB = GetKeyContainer('I');
+	if(KeyDB == NULL) {
+		return 0;
+	}
+
+	for(i=0; i<KeyDB->keyCount; i++) {
+		
+		if(KeyDB->EmuKeys[i].provider>>8 != caid) {
+			continue;
+		}		
+		if(strcmp(KeyDB->EmuKeys[i].keyName, "MC")) {
+			continue;
+		}
+			
+		tmpKeyData = &KeyDB->EmuKeys[i];
+	
+		memcpy(hexserial, tmpKeyData->key, tmpKeyData->keyLength > 2 ? 3 : tmpKeyData->keyLength);
+		return 1;	
+	}	
+	
+	return 0;
+}
+
+char* GetProcessEMMErrorReason(int8_t result)
+{
+	switch(result) {
+	case 0:
+		return "No error";
+	case 1:
+		return "EMM not supported";
+	case 2:
+		return "Key not found";
+	case 3:
+		return "Nano80 problem";
+	case 4:
+		return "Corrupt data";
+	case 5:
+		return "Unknown";
+	case 6:
+		return "Checksum error";
+	case 7:
+		return "Out of memory";
+	default:
+		return "Unknown";
+	}
+}
+
+/* Error codes
+0  OK
+1  EMM not supported
+2  Key not found
+3  Nano80 problem
+4  Corrupt data
+5
+6  Checksum error
+7  Out of memory
+*/
+int8_t ProcessEMM(uint16_t caid, uint32_t UNUSED(provider), const uint8_t *emm, uint32_t *keysAdded)
+{
+	int8_t result = 1;
+	uint8_t emmCopy[EMU_MAX_EMM_LEN];
+	uint16_t emmLen = GetEcmLen(emm);
+
+	if(emmLen > EMU_MAX_EMM_LEN) {
+		return 1;
+	}
+	memcpy(emmCopy, emm, emmLen);
+	*keysAdded = 0;
+
+	if(caid==0x0500) {
+		result = ViaccessEMM(emmCopy, keysAdded);
+	}
+	else if((caid>>8)==0x06) {
+		result = Irdeto2EMM(caid, emmCopy, keysAdded);
+	}
+
+	if(result != 0) {
+		cs_log("[Emu] EMM failed: %s", GetProcessEMMErrorReason(result));
+	}
+
+	return result;
+}
Index: globals.h
===================================================================
--- globals.h	(revision 10284)
+++ globals.h	(working copy)
@@ -288,6 +288,7 @@
 /////////////////// readers that do not reed baudrate setting and timings are guarded by reader itself (large buffer built in): AFTER R_SMART
 #define R_SMART     0x7 // Smartreader+
 #define R_PCSC      0x8 // PCSC
+#define R_EMU       0x17  // Reader emu
 /////////////////// proxy readers after R_CS378X
 #define R_CAMD35    0x20  // Reader cascading camd 3.5x
 #define R_CAMD33    0x21  // Reader cascading camd 3.3x
@@ -678,6 +679,13 @@
 	uint32_t        class;              // the class needed for some systems
 	time_t          start;              // startdate
 	time_t          end;                // enddate
+#ifdef WITH_EMU	
+	bool            isKey;
+	bool            isData;
+	char            name[8];
+	uint8_t         *key;
+	uint32_t        keyLength;
+#endif
 } S_ENTITLEMENT;
 
 struct s_client ;
@@ -1244,7 +1252,7 @@
 	int8_t          fallback;
 	FTAB            fallback_percaid;
 	FTAB            localcards;
-#ifdef MODULE_CAMD35
+#if defined(MODULE_CAMD35) || defined(WITH_EMU)
 	int8_t			via_emm_global;					// to enable global emm viaccess on camd35
 #endif
 #ifdef CS_CACHEEX
Index: Makefile
===================================================================
--- Makefile	(revision 10284)
+++ Makefile	(working copy)
@@ -233,6 +233,18 @@
 SRC-$(CONFIG_MODULE_CCCAM) += module-cccam.c
 SRC-$(CONFIG_MODULE_CCCSHARE) += module-cccshare.c
 SRC-$(CONFIG_MODULE_CONSTCW) += module-constcw.c
+SRC-$(CONFIG_WITH_EMU) += module-emulator.c
+UNAME := $(shell uname -s)
+ifneq ($(UNAME),Darwin)
+ifndef ANDROID_NDK
+ifndef ANDROID_STANDALONE_TOOLCHAIN
+ifeq "$(CONFIG_WITH_EMU)" "y"
+TOUCH_SK := $(shell touch SoftCam.Key)
+override LDFLAGS += -Wl,--format=binary -Wl,SoftCam.Key -Wl,--format=default
+endif
+endif
+endif
+endif
 SRC-$(CONFIG_CS_CACHEEX) += module-csp.c
 SRC-$(CONFIG_CW_CYCLE_CHECK) += module-cw-cycle-check.c
 SRC-$(CONFIG_WITH_AZBOX) += module-dvbapi-azbox.c
Index: module-emulator.c
===================================================================
--- module-emulator.c	(revision 0)
+++ module-emulator.c	(working copy)
@@ -0,0 +1,360 @@
+#include "globals.h"
+#include <stdint.h>
+#include "cscrypt/des.h"
+#include "cscrypt/bn.h"
+#include "cscrypt/idea.h"
+#include "cscrypt/md5.h"
+#include "oscam-aes.h"
+#include "oscam-string.h"
+#include "oscam-config.h"
+
+// from reader-viaccess.c:
+void hdSurEncPhase1_D2_0F_11(uint8_t *CWs);
+void hdSurEncPhase2_D2_0F_11(uint8_t *CWs);
+void hdSurEncPhase1_D2_13_15(uint8_t *cws);
+void hdSurEncPhase2_D2_13_15(uint8_t *cws);
+
+#include "emu-shared.c"
+
+// oscam virtual emu card reader
+#define CS_OK      1
+#define CS_ERROR   0
+
+static int32_t emu_do_ecm(struct s_reader *UNUSED(rdr), const struct ecm_request_t *er, struct s_ecm_answer *ea)
+{
+	if(er->ecmlen < 3) {
+		return CS_ERROR;
+	}
+	
+	if(GetEcmLen(er->ecm) > er->ecmlen) {
+		return CS_ERROR;
+	}
+	
+	if (!ProcessECM(er->caid, er->prid, er->ecm, ea->cw)) {
+		return CS_OK;
+	}
+
+	return CS_ERROR;
+}
+
+static void refresh_entitlements(struct s_reader *reader);
+
+static int32_t emu_do_emm(struct s_reader *rdr, struct emm_packet_t *emm)
+{
+	uint32_t keysAdded = 0;
+
+	if(emm->emmlen < 3) {
+		return CS_ERROR;
+	}
+
+	if(GetEcmLen(emm->emm) > emm->emmlen) {
+		return CS_ERROR;
+	}
+
+	if (!ProcessEMM((emm->caid[0] << 8) | emm->caid[1],
+					(emm->provid[0] << 24) | (emm->provid[1] << 16) | (emm->provid[2] << 8) | emm->provid[3], emm->emm, &keysAdded)) {
+		if(keysAdded > 0) { refresh_entitlements(rdr); }
+		
+		return CS_OK;
+	}
+
+	return CS_ERROR;
+}
+
+static int32_t EMU_Init(struct s_reader *reader);
+
+static int32_t emu_card_info(struct s_reader *rdr) {
+	EMU_Init(rdr);
+	return CS_OK;
+}
+
+static int32_t emu_card_init(struct s_reader *UNUSED(rdr), struct s_ATR *UNUSED(atr)) 
+	{return CS_ERROR;}
+	
+static int32_t emu_get_emm_type(struct emm_packet_t *UNUSED(ep), struct s_reader *UNUSED(rdr))
+	{return CS_ERROR;}
+	
+static int32_t emu_get_emm_filter(struct s_reader *UNUSED(rdr), struct s_csystem_emm_filter **UNUSED(emm_filters), unsigned int *UNUSED(filter_count))
+	{return CS_ERROR;}
+
+void reader_emu(struct s_cardsystem *ph)
+{
+	ph->do_ecm = emu_do_ecm;
+	ph->do_emm = emu_do_emm;
+	ph->card_info = emu_card_info;
+	ph->card_init = emu_card_init;
+	ph->get_emm_type = emu_get_emm_type;
+	ph->get_emm_filter = emu_get_emm_filter;
+	ph->get_tunemm_filter = emu_get_emm_filter;
+	
+	//emm au caids must be listed here
+	ph->caids[0] = 0x090F;
+	ph->caids[1] = 0x0500;
+	ph->caids[2] = 0x1801;
+	ph->caids[3] = 0x0604;
+	ph->caids[4] = 0x2600;
+	ph->caids[5] = 0xFFFF;	
+	ph->desc = "emu";
+}
+
+
+#define CR_OK 0
+#define CR_ERROR 1
+
+static void emu_add_entitlement(struct s_reader *rdr, uint16_t caid, uint32_t provid, uint8_t *key, char *keyName, uint32_t keyLength, uint8_t isData)
+{
+	if(!rdr->ll_entitlements) { rdr->ll_entitlements = ll_create("ll_entitlements"); }
+
+	S_ENTITLEMENT *item;
+	if(cs_malloc(&item, sizeof(S_ENTITLEMENT)))
+	{
+
+		// fill item
+		item->caid = caid;
+		item->provid = provid;
+		item->id = 0;
+		item->class = 0;
+		item->start = 0;
+		item->end = 2147472000;
+		item->type = 0;
+		item->isKey = 1;
+		memcpy(item->name, keyName, 8);
+		item->key = key;
+		item->keyLength = keyLength;
+		item->isData = isData;
+
+		//add item
+		ll_append(rdr->ll_entitlements, item);
+	}
+}
+
+static uint8_t oneByte = 0x01;
+
+static void refresh_entitlements(struct s_reader *reader)
+{
+	uint32_t i;
+	KeyData *tmpKeyData;
+
+	if(reader->ll_entitlements)
+	{ ll_clear_data(reader->ll_entitlements); }
+
+	for(i=0; i<CwKeys.keyCount; i++)
+		emu_add_entitlement(reader, CwKeys.EmuKeys[i].provider>>8, CwKeys.EmuKeys[i].provider&0xFF,
+							CwKeys.EmuKeys[i].key, CwKeys.EmuKeys[i].keyName, CwKeys.EmuKeys[i].keyLength, 0);
+
+	for(i=0; i<ViKeys.keyCount; i++)
+		emu_add_entitlement(reader, 0x500, ViKeys.EmuKeys[i].provider, ViKeys.EmuKeys[i].key, ViKeys.EmuKeys[i].keyName,
+							ViKeys.EmuKeys[i].keyLength, 0);
+
+	for(i=0; i<NagraKeys.keyCount; i++)
+		emu_add_entitlement(reader, 0x1801, NagraKeys.EmuKeys[i].provider, NagraKeys.EmuKeys[i].key, NagraKeys.EmuKeys[i].keyName,
+							NagraKeys.EmuKeys[i].keyLength, 0);
+
+	for(i=0; i<IrdetoKeys.keyCount; i++) {
+		tmpKeyData = &IrdetoKeys.EmuKeys[i];
+		do {
+			emu_add_entitlement(reader, tmpKeyData->provider>>8, tmpKeyData->provider&0xFF, tmpKeyData->key, tmpKeyData->keyName, tmpKeyData->keyLength, 0);	
+			tmpKeyData = (KeyData*)tmpKeyData->nextKey;
+		}
+		while(tmpKeyData!= NULL);		
+	}
+
+	for(i=0; i<NDSKeys.keyCount; i++)
+		emu_add_entitlement(reader, NDSKeys.EmuKeys[i].provider, 0, NDSKeys.EmuKeys[i].key, NDSKeys.EmuKeys[i].keyName, NDSKeys.EmuKeys[i].keyLength, 0);
+
+	emu_add_entitlement(reader, 0x090F, 0, viasat_const, "00", 64, 1);
+	emu_add_entitlement(reader, 0x093E, 0, viasat_const, "00", 64, 1);
+
+	for(i=0; i<BissKeys.keyCount; i++)
+		emu_add_entitlement(reader, 0x2600, BissKeys.EmuKeys[i].provider, BissKeys.EmuKeys[i].key, BissKeys.EmuKeys[i].keyName, BissKeys.EmuKeys[i].keyLength, 0);
+
+	emu_add_entitlement(reader, 0xFFFF, 0, &oneByte, "00", 1, 1);
+}
+
+extern char cs_confdir[128];
+
+static int32_t EMU_Init(struct s_reader *reader)
+{
+	char cVersion[32];
+
+	// set ird2 providers here
+	reader->prid[0][0] = 0x00;
+	reader->prid[0][1] = 0x01;
+	reader->prid[0][2] = 0x02;
+	reader->prid[0][3] = 0x00;
+	reader->nprov = 1;
+	
+	// if no hexserial for irdeto2 au (caid 0604) 
+	// is found in key file, set hexserial to osemu version
+	if(!GetIrdeto2Hexserial(0x0604, reader->hexserial)) {
+		uint32_t version = GetOSemuVersion();
+		uint8_t hversion[2];
+		memset(hversion, 0, 2);
+		snprintf(cVersion, sizeof(cVersion), "%04d", version);
+		CharToBin(hversion, cVersion, 4);
+		reader->hexserial[3] = hversion[0];
+		reader->hexserial[4] = hversion[1];			
+	}
+	
+#if !defined(__APPLE__) && !defined(__ANDROID__)
+	read_emu_keymemory();
+#endif
+
+	set_emu_keyfile_path(cs_confdir);
+
+	if(!read_emu_keyfile(cs_confdir)) {
+		read_emu_keyfile("/var/keys/");
+	}
+
+	refresh_entitlements(reader);
+		
+	return CR_OK;
+}
+
+static int32_t EMU_GetStatus(struct s_reader *UNUSED(reader), int32_t *in) { *in = 1; return CR_OK; }
+static int32_t EMU_Activate(struct s_reader *UNUSED(reader), struct s_ATR *UNUSED(atr)) { return CR_OK; }
+static int32_t EMU_Transmit(struct s_reader *UNUSED(reader), uint8_t *UNUSED(buffer), uint32_t UNUSED(size),
+							uint32_t UNUSED(expectedlen), uint32_t UNUSED(delay), uint32_t UNUSED(timeout)) { return CR_OK; }
+static int32_t EMU_Receive(struct s_reader *UNUSED(reader), uint8_t *UNUSED(buffer), uint32_t UNUSED(size),
+						   uint32_t UNUSED(delay), uint32_t UNUSED(timeout)) { return CR_OK; }
+static int32_t EMU_Close(struct s_reader *UNUSED(reader)) { return CR_OK; }
+static int32_t EMU_write_settings(struct s_reader *UNUSED(reader), struct s_cardreader_settings *UNUSED(s)) { return CR_OK; }								  
+static int32_t EMU_card_write(struct s_reader *UNUSED(pcsc_reader),const uchar *UNUSED(buf) ,uint8_t *UNUSED(cta_res),
+							  uint16_t *UNUSED(cta_lr),int32_t UNUSED(l)) { return CR_OK; }
+static int32_t EMU_set_protocol(struct s_reader *UNUSED(rdr),uint8_t *UNUSED(params),uint32_t *UNUSED(length),
+								uint32_t UNUSED(len_request)) { return CR_OK; }
+						
+void cardreader_emu(struct s_cardreader *crdr)
+{
+	crdr->desc           = "emu";
+	crdr->typ            = R_EMU;
+	crdr->skip_extra_atr_parsing = 1;
+	crdr->reader_init    = EMU_Init;
+	crdr->get_status     = EMU_GetStatus;
+	crdr->activate       = EMU_Activate;
+	crdr->transmit       = EMU_Transmit;
+	crdr->receive        = EMU_Receive;
+	crdr->close          = EMU_Close;
+	crdr->write_settings = EMU_write_settings;
+	crdr->card_write     = EMU_card_write;
+	crdr->set_protocol   = EMU_set_protocol;
+}
+
+void add_emu_reader(void)
+{
+	LL_ITER itr;
+	struct s_reader *rdr;
+	int8_t haveEmuReader = 0;
+	char *emuName = "emulator";
+
+	itr = ll_iter_create(configured_readers);
+	while((rdr = ll_iter_next(&itr)))
+	{
+		if(rdr->typ == R_EMU) {
+			haveEmuReader = 1;
+			break;
+		}
+	}
+
+	rdr = NULL;
+
+	if(!haveEmuReader) {
+		if(!cs_malloc(&rdr, sizeof(struct s_reader))) { return; }
+		reader_set_defaults(rdr);
+
+		rdr->enable = 1;
+		rdr->typ = R_EMU;
+		strncpy(rdr->label, emuName, strlen(emuName));
+		strncpy(rdr->device, emuName, strlen(emuName));
+		rdr->ctab.caid[0] = 0x0D00;
+		rdr->ctab.caid[1] = 0x0D02;
+		rdr->ctab.caid[2] = 0x0D03;
+		rdr->ctab.caid[3] = 0x0D05;
+		rdr->ctab.caid[4] = 0x090F;
+		rdr->ctab.caid[5] = 0x0500;
+		rdr->ctab.caid[6] = 0x1801;
+		rdr->ctab.caid[7] = 0x0604;
+		rdr->ctab.caid[8] = 0x2600;
+		rdr->ctab.caid[9] = 0xFFFF;
+
+		rdr->ftab.nfilts = 10;
+		rdr->ftab.filts[0].caid = 0x0D00;
+		rdr->ftab.filts[0].prids[0] = 0x000000;
+		rdr->ftab.filts[0].prids[1] = 0x000004;
+		rdr->ftab.filts[0].prids[2] = 0x000010;
+		rdr->ftab.filts[0].prids[3] = 0x000014;
+		rdr->ftab.filts[0].prids[4] = 0x000020;
+		rdr->ftab.filts[0].prids[5] = 0x0000C0;
+		rdr->ftab.filts[0].prids[6] = 0x0000C4;
+		rdr->ftab.filts[0].prids[7] = 0x0000CC;
+		rdr->ftab.filts[0].nprids = 8;
+		rdr->ftab.filts[1].caid = 0x0D02;
+		rdr->ftab.filts[1].prids[0] = 0x000000;
+		rdr->ftab.filts[1].prids[1] = 0x00008C;
+		rdr->ftab.filts[1].prids[2] = 0x0000A0;
+		rdr->ftab.filts[1].prids[3] = 0x0000A4;
+		rdr->ftab.filts[1].prids[4] = 0x0000A8;
+		rdr->ftab.filts[1].nprids = 5;
+		rdr->ftab.filts[2].caid = 0x0D03;
+		rdr->ftab.filts[2].prids[0] = 0x000000;
+		rdr->ftab.filts[2].prids[1] = 0x000004;
+		rdr->ftab.filts[2].prids[2] = 0x000008;
+		rdr->ftab.filts[2].prids[3] = 0x000024;
+		rdr->ftab.filts[2].prids[4] = 0x000028;
+		rdr->ftab.filts[2].nprids = 5;
+		rdr->ftab.filts[3].caid = 0x0D05;
+		rdr->ftab.filts[3].prids[0] = 0x000000;
+		rdr->ftab.filts[3].prids[1] = 0x000004;
+		rdr->ftab.filts[3].prids[2] = 0x000010;
+		rdr->ftab.filts[3].nprids = 3;
+		rdr->ftab.filts[4].caid = 0x090F;
+		rdr->ftab.filts[4].prids[0] = 0x000000;
+		rdr->ftab.filts[4].nprids = 1;
+		rdr->ftab.filts[5].caid = 0x0500;
+		rdr->ftab.filts[5].prids[0] = 0x000000;
+		rdr->ftab.filts[5].prids[1] = 0x030B00;
+		rdr->ftab.filts[5].prids[2] = 0x023800;
+		rdr->ftab.filts[5].prids[3] = 0x021110;
+		rdr->ftab.filts[5].prids[4] = 0x007400;
+		rdr->ftab.filts[5].prids[5] = 0x007800;
+		rdr->ftab.filts[5].nprids = 6;
+		rdr->ftab.filts[6].caid = 0x1801;
+		rdr->ftab.filts[6].prids[0] = 0x000000;
+		rdr->ftab.filts[6].prids[1] = 0x007301;
+		rdr->ftab.filts[6].nprids = 2;
+		rdr->ftab.filts[7].caid = 0x0604;
+		rdr->ftab.filts[7].prids[0] = 0x000000;
+		rdr->ftab.filts[7].nprids = 1;
+		rdr->ftab.filts[8].caid = 0x2600;
+		rdr->ftab.filts[8].prids[0] = 0x000000;
+		rdr->ftab.filts[8].nprids = 1;
+		rdr->ftab.filts[9].caid = 0xFFFF;
+		rdr->ftab.filts[9].prids[0] = 0x000000;
+		rdr->ftab.filts[9].nprids = 1;
+	
+		// for tntsat (caid 0500)
+		rdr->auprovid = 0x030B00;
+		
+		// for bulsat (caid 0604)
+		//rdr->auprovid = 0x010200;
+		
+		rdr->cachemm = 1;
+		rdr->rewritemm = 1;
+		rdr->logemm = 2;
+
+		rdr->grp = 0x1ULL;
+		
+		cardreader_emu(&rdr->crdr);
+
+		reader_fixups_fn(rdr);
+		ll_append(configured_readers, rdr);
+	}
+
+#ifdef HAVE_DVBAPI
+	if(cfg.dvbapi_enabled && cfg.dvbapi_delayer < 60) {
+		cfg.dvbapi_delayer = 60;
+	}
+#endif
+	
+	cs_log("[Emu] OSEmu (built-in) version %d", GetOSemuVersion());
+}
Index: module-stat.c
===================================================================
--- module-stat.c	(revision 10284)
+++ module-stat.c	(working copy)
@@ -836,7 +836,7 @@
 
 uint16_t get_rdr_caid(struct s_reader *rdr)
 {
-	if(is_network_reader(rdr))
+	if(is_network_reader(rdr) || rdr->typ == R_EMU)
 	{
 		return 0; //reader caid is not real caid
 	}
@@ -1234,7 +1234,7 @@
 		for(ea = er->matching_rdr; ea; ea = ea->next)
 		{
 			rdr = ea->reader;
-			if(is_network_reader(rdr))    //reader caid is not real caid
+			if(is_network_reader(rdr) || rdr->typ == R_EMU)    //reader caid is not real caid
 			{
 				prv = ea;
 				continue; // proxy can convert or reject
Index: module-webif-tpl.c
===================================================================
--- module-webif-tpl.c	(revision 10284)
+++ module-webif-tpl.c	(working copy)
@@ -450,6 +450,7 @@
 											check_conf(WITH_LIBCRYPTO, ptr2);
 											check_conf(WITH_SSL, ptr2);
 											check_conf(WITH_STAPI, ptr2);
+											check_conf(WITH_EMU, ptr2);
 										} // for
 										if(ok == 0)
 										{
Index: module-webif.c
===================================================================
--- module-webif.c	(revision 10284)
+++ module-webif.c	(working copy)
@@ -110,7 +110,8 @@
 #define MNU_CFG_WHITELIST 25
 #define MNU_CFG_RATELIMIT 26
 #define MNU_CFG_FCSS 27
-#define MNU_CFG_TOTAL_ITEMS 28 // sum of items above. Use it for "All inactive" in function calls too.
+#define MNU_CFG_KEY 28
+#define MNU_CFG_TOTAL_ITEMS 29 // sum of items above. Use it for "All inactive" in function calls too.
 
 static void set_status_info_var(struct templatevars *vars, char *varname, int no_data, char *fmt, double value) {
 	if (no_data)
@@ -1761,7 +1762,7 @@
 		chk_reader("services", servicelabels, rdr);
 		chk_reader("lb_whitelist_services", servicelabelslb, rdr);
 
-		if(is_network_reader(rdr))    //physical readers make trouble if re-started
+		if(is_network_reader(rdr) || rdr->typ == R_EMU)    //physical readers make trouble if re-started
 		{
 			restart_cardreader(rdr, 1);
 		}
@@ -2330,6 +2331,9 @@
 	case R_PCSC :
 		tpl_addVar(vars, TPLAPPEND, "READERDEPENDINGCONFIG", tpl_getTpl(vars, "READERCONFIGSTDHWREADERBIT"));
 		break;
+	case R_EMU:		
+		tpl_addVar(vars, TPLAPPEND, "READERDEPENDINGCONFIG", "");
+		break;
 	case R_CAMD35 :
 		tpl_addVar(vars, TPLAPPEND, "READERDEPENDINGCONFIG", tpl_getTpl(vars, "READERCONFIGCAMD35BIT"));
 		break;
@@ -4000,9 +4004,36 @@
 
 					tpl_addVar(vars, TPLAPPEND, "LOGHISTORY", "<BR><BR>New Structure:<BR>");
 					char tbuffer[83];
+#ifdef WITH_EMU					
+					char keyBuffer[1024];
+#endif
 					while((item = ll_iter_next(&itr)))
 					{
+#ifdef WITH_EMU						
+						if(item->isKey) {
+							tpl_addVar(vars, TPLADD, "ENTSTARTDATE", "");
+							tpl_addVar(vars, TPLADD, "ENTENDDATE", "");
+							cs_hexdump(0, item->key, item->keyLength, keyBuffer, sizeof(keyBuffer));
+							tpl_addVar(vars, TPLADD, "ENTEXPIERED", "e_valid");
+							tpl_printf(vars, TPLADD, "ENTCAID", "%04X", item->caid);
+							if(item->caid == 0x2600) {
+								tpl_printf(vars, TPLADD, "ENTPROVID", "%08X", item->provid);
+							}
+							else {
+								tpl_printf(vars, TPLADD, "ENTPROVID", "%06X", item->provid);
+							}
+							tpl_addVar(vars, TPLADD, "ENTID", item->name);
+							tpl_addVar(vars, TPLADD, "ENTCLASS", keyBuffer);
+							if(item->isData) { tpl_addVar(vars, TPLADD, "ENTTYPE", "data"); }
+							else { tpl_addVar(vars, TPLADD, "ENTTYPE", "key"); }
+							tpl_addVar(vars, TPLADD, "ENTRESNAME", "");
 
+							if((strcmp(getParam(params, "hideexpired"), "1") != 0) || (item->end > now))
+								{ tpl_addVar(vars, TPLAPPEND, "READERENTENTRY", tpl_getTpl(vars, "ENTITLEMENTITEMBIT")); }							
+						
+							continue;	
+						}
+#endif											
 						localtime_r(&item->start, &start_t);
 						localtime_r(&item->end, &end_t);
 
@@ -4435,6 +4466,9 @@
 #else
 						filtered = (type == cl->typ);
 #endif
+#ifdef WITH_EMU
+                        if(type == 'e' && cl->typ == 'r' && cl->reader->typ == R_EMU) filtered = 1;
+#endif
 					}
 				}
 
@@ -5776,6 +5810,9 @@
 		{ "oscam.conf",      MNU_CFG_FCONF,     FTYPE_CONFIG },
 		{ "oscam.user",      MNU_CFG_FUSER,     FTYPE_CONFIG },
 		{ "oscam.server",    MNU_CFG_FSERVER,   FTYPE_CONFIG },
+#ifdef WITH_EMU
+		{ "SoftCam.Key",     MNU_CFG_KEY,       FTYPE_CONFIG },
+#endif
 		{ "oscam.services",  MNU_CFG_FSERVICES, FTYPE_CONFIG },
 		{ "oscam.whitelist", MNU_CFG_WHITELIST, FTYPE_CONFIG },
 		{ "oscam.srvid",     MNU_CFG_FSRVID,    FTYPE_CONFIG },
@@ -7162,8 +7199,8 @@
 		memcpy(*result + bufsize, buf2, n);
 		bufsize += n;
 
-		//max request size 100kb
-		if(bufsize > 102400)
+		//max request size 200kb
+		if(bufsize > 204800)
 		{
 			cs_log("error: too much data received from %s", cs_inet_ntoa(in));
 			NULLFREE(*result);
Index: oscam-chk.c
===================================================================
--- oscam-chk.c	(revision 10284)
+++ oscam-chk.c	(working copy)
@@ -711,7 +711,7 @@
 		return 0;
 	}
 
-	if(!is_network_reader(rdr) && ((rdr->caid >> 8) != ((er->caid >> 8) & 0xFF) && (rdr->caid >> 8) != ((er->ocaid >> 8) & 0xFF)))
+	if(!rdr->typ == R_EMU && !is_network_reader(rdr) && ((rdr->caid >> 8) != ((er->caid >> 8) & 0xFF) && (rdr->caid >> 8) != ((er->ocaid >> 8) & 0xFF)))
 	{
 		int i, caid_found = 0;
 		for(i = 0; i < (int)ARRAY_SIZE(rdr->csystem.caids); i++)
@@ -982,7 +982,7 @@
 
 int32_t chk_caid_rdr(struct s_reader *rdr, uint16_t caid)
 {
-	if(is_network_reader(rdr))
+	if(is_network_reader(rdr) || rdr->typ == R_EMU)
 	{
 		return 1; //reader caid is not real caid
 	}
Index: oscam-config-reader.c
===================================================================
--- oscam-config-reader.c	(revision 10284)
+++ oscam-config-reader.c	(working copy)
@@ -332,6 +332,7 @@
 			{ "newcamd",    R_NEWCAMD },
 			{ "newcamd525", R_NEWCAMD },
 			{ "newcamd524", R_NEWCAMD },
+			{ "emu",        R_EMU },
 			{ NULL        , 0 }
 		}, *p;
 		int i;
@@ -956,7 +957,7 @@
 }
 
 
-static void reader_fixups_fn(void *var)
+void reader_fixups_fn(void *var)
 {
 	struct s_reader *rdr = var;
 #ifdef WITH_LB
Index: oscam-config.h
===================================================================
--- oscam-config.h	(revision 10284)
+++ oscam-config.h	(working copy)
@@ -22,6 +22,7 @@
 int32_t free_readerdb(void);
 int32_t write_server(void);
 void    reload_readerdb(void);
+void reader_fixups_fn(void *var);
 
 void    chk_sidtab(char *token, char *value, struct s_sidtab *sidtab);
 int32_t init_sidtab(void);
Index: oscam-emm.c
===================================================================
--- oscam-emm.c	(revision 10284)
+++ oscam-emm.c	(working copy)
@@ -366,6 +366,17 @@
 				continue;
 			}
 		}
+#ifdef WITH_EMU
+		else if(aureader->typ == R_EMU) 
+		{
+			cs = get_cardsystem_by_caid(caid);
+			if(!cs)
+			{
+				rdr_debug_mask(aureader, D_EMM, "unable to find cardsystem for caid %04X", caid);
+				continue;
+			}			
+		}
+#endif		
 		else     // local reader
 		{
 			if(aureader->csystem.active)
Index: oscam-string.c
===================================================================
--- oscam-string.c	(revision 10284)
+++ oscam-string.c	(working copy)
@@ -491,6 +491,62 @@
 	return crc ^ 0xffffffffL;
 }
 
+static uint32_t fletcher_crc_table[256] = {
+	0x00000000, 0x04c11db7, 0x09823b6e, 0x0d4326d9, 0x130476dc, 0x17c56b6b,
+	0x1a864db2, 0x1e475005, 0x2608edb8, 0x22c9f00f, 0x2f8ad6d6, 0x2b4bcb61,
+	0x350c9b64, 0x31cd86d3, 0x3c8ea00a, 0x384fbdbd, 0x4c11db70, 0x48d0c6c7,
+	0x4593e01e, 0x4152fda9, 0x5f15adac, 0x5bd4b01b, 0x569796c2, 0x52568b75,
+	0x6a1936c8, 0x6ed82b7f, 0x639b0da6, 0x675a1011, 0x791d4014, 0x7ddc5da3,
+	0x709f7b7a, 0x745e66cd, 0x9823b6e0, 0x9ce2ab57, 0x91a18d8e, 0x95609039,
+	0x8b27c03c, 0x8fe6dd8b, 0x82a5fb52, 0x8664e6e5, 0xbe2b5b58, 0xbaea46ef,
+	0xb7a96036, 0xb3687d81, 0xad2f2d84, 0xa9ee3033, 0xa4ad16ea, 0xa06c0b5d,
+	0xd4326d90, 0xd0f37027, 0xddb056fe, 0xd9714b49, 0xc7361b4c, 0xc3f706fb,
+	0xceb42022, 0xca753d95, 0xf23a8028, 0xf6fb9d9f, 0xfbb8bb46, 0xff79a6f1,
+	0xe13ef6f4, 0xe5ffeb43, 0xe8bccd9a, 0xec7dd02d, 0x34867077, 0x30476dc0,
+	0x3d044b19, 0x39c556ae, 0x278206ab, 0x23431b1c, 0x2e003dc5, 0x2ac12072,
+	0x128e9dcf, 0x164f8078, 0x1b0ca6a1, 0x1fcdbb16, 0x018aeb13, 0x054bf6a4,
+	0x0808d07d, 0x0cc9cdca, 0x7897ab07, 0x7c56b6b0, 0x71159069, 0x75d48dde,
+	0x6b93dddb, 0x6f52c06c, 0x6211e6b5, 0x66d0fb02, 0x5e9f46bf, 0x5a5e5b08,
+	0x571d7dd1, 0x53dc6066, 0x4d9b3063, 0x495a2dd4, 0x44190b0d, 0x40d816ba,
+	0xaca5c697, 0xa864db20, 0xa527fdf9, 0xa1e6e04e, 0xbfa1b04b, 0xbb60adfc,
+	0xb6238b25, 0xb2e29692, 0x8aad2b2f, 0x8e6c3698, 0x832f1041, 0x87ee0df6,
+	0x99a95df3, 0x9d684044, 0x902b669d, 0x94ea7b2a, 0xe0b41de7, 0xe4750050,
+	0xe9362689, 0xedf73b3e, 0xf3b06b3b, 0xf771768c, 0xfa325055, 0xfef34de2,
+	0xc6bcf05f, 0xc27dede8, 0xcf3ecb31, 0xcbffd686, 0xd5b88683, 0xd1799b34,
+	0xdc3abded, 0xd8fba05a, 0x690ce0ee, 0x6dcdfd59, 0x608edb80, 0x644fc637,
+	0x7a089632, 0x7ec98b85, 0x738aad5c, 0x774bb0eb, 0x4f040d56, 0x4bc510e1,
+	0x46863638, 0x42472b8f, 0x5c007b8a, 0x58c1663d, 0x558240e4, 0x51435d53,
+	0x251d3b9e, 0x21dc2629, 0x2c9f00f0, 0x285e1d47, 0x36194d42, 0x32d850f5,
+	0x3f9b762c, 0x3b5a6b9b, 0x0315d626, 0x07d4cb91, 0x0a97ed48, 0x0e56f0ff,
+	0x1011a0fa, 0x14d0bd4d, 0x19939b94, 0x1d528623, 0xf12f560e, 0xf5ee4bb9,
+	0xf8ad6d60, 0xfc6c70d7, 0xe22b20d2, 0xe6ea3d65, 0xeba91bbc, 0xef68060b,
+	0xd727bbb6, 0xd3e6a601, 0xdea580d8, 0xda649d6f, 0xc423cd6a, 0xc0e2d0dd,
+	0xcda1f604, 0xc960ebb3, 0xbd3e8d7e, 0xb9ff90c9, 0xb4bcb610, 0xb07daba7,
+	0xae3afba2, 0xaafbe615, 0xa7b8c0cc, 0xa379dd7b, 0x9b3660c6, 0x9ff77d71,
+	0x92b45ba8, 0x9675461f, 0x8832161a, 0x8cf30bad, 0x81b02d74, 0x857130c3,
+	0x5d8a9099, 0x594b8d2e, 0x5408abf7, 0x50c9b640, 0x4e8ee645, 0x4a4ffbf2,
+	0x470cdd2b, 0x43cdc09c, 0x7b827d21, 0x7f436096, 0x7200464f, 0x76c15bf8,
+	0x68860bfd, 0x6c47164a, 0x61043093, 0x65c52d24, 0x119b4be9, 0x155a565e,
+	0x18197087, 0x1cd86d30, 0x029f3d35, 0x065e2082, 0x0b1d065b, 0x0fdc1bec,
+	0x3793a651, 0x3352bbe6, 0x3e119d3f, 0x3ad08088, 0x2497d08d, 0x2056cd3a,
+	0x2d15ebe3, 0x29d4f654, 0xc5a92679, 0xc1683bce, 0xcc2b1d17, 0xc8ea00a0,
+	0xd6ad50a5, 0xd26c4d12, 0xdf2f6bcb, 0xdbee767c, 0xe3a1cbc1, 0xe760d676,
+	0xea23f0af, 0xeee2ed18, 0xf0a5bd1d, 0xf464a0aa, 0xf9278673, 0xfde69bc4,
+	0x89b8fd09, 0x8d79e0be, 0x803ac667, 0x84fbdbd0, 0x9abc8bd5, 0x9e7d9662,
+	0x933eb0bb, 0x97ffad0c, 0xafb010b1, 0xab710d06, 0xa6322bdf, 0xa2f33668,
+	0xbcb4666d, 0xb8757bda, 0xb5365d03, 0xb1f740b4};
+
+uint32_t fletcher_crc32(uint8_t *data, uint32_t len)
+{
+	uint32_t i;
+	uint32_t crc = 0xffffffff;
+
+	for (i=0; i<len; i++)
+		crc = (crc << 8) ^ fletcher_crc_table[((crc >> 24) ^ *data++) & 0xff];
+
+	return crc;
+}
+
 static uint16_t ccitt_crc_table [256] =
 {
 	0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50a5,
Index: oscam-string.h
===================================================================
--- oscam-string.h	(revision 10284)
+++ oscam-string.h	(working copy)
@@ -35,6 +35,7 @@
 void get_random_bytes_init(void);
 void get_random_bytes(uint8_t *dst, uint32_t dst_len);
 
+uint32_t fletcher_crc32(uint8_t *data, uint32_t len);
 unsigned long crc32(unsigned long crc, const unsigned char *buf, unsigned int len);
 uint16_t ccitt_crc(uint8_t *data, size_t length, uint16_t seed, uint16_t final);
 uint32_t jhash(const char *key, size_t len);
Index: oscam.c
===================================================================
--- oscam.c	(revision 10284)
+++ oscam.c	(working copy)
@@ -347,6 +347,7 @@
 	write_conf(CW_CYCLE_CHECK, "CW Cycle Check support");
 	write_conf(LCDSUPPORT, "LCD support");
 	write_conf(LEDSUPPORT, "LED support");
+	write_conf(WITH_EMU, "Emulator support");
 	switch (cs_getclocktype()) {
 		case CLOCK_TYPE_UNKNOWN  : write_conf(CLOCKFIX, "Clockfix with UNKNOWN clock"); break;
 		case CLOCK_TYPE_REALTIME : write_conf(CLOCKFIX, "Clockfix with realtime clock"); break;
@@ -1247,6 +1248,10 @@
 	}
 }
 
+#ifdef WITH_EMU
+	void add_emu_reader(void);
+#endif	
+
 int32_t main(int32_t argc, char *argv[])
 {
 	int32_t i, j;
@@ -1389,6 +1394,9 @@
 #ifdef CARDREADER_STINGER
 		cardreader_stinger,
 #endif
+#ifdef WITH_EMU
+		cardreader_emu,
+#endif
 		0
 	};
 
@@ -1460,6 +1468,9 @@
 
 	init_sidtab();
 	init_readerdb();
+#ifdef WITH_EMU
+	add_emu_reader();
+#endif	
 	cfg.account = init_userdb();
 	init_signal();
 	init_srvid();
Index: reader-common.c
===================================================================
--- reader-common.c	(revision 10284)
+++ reader-common.c	(working copy)
@@ -14,6 +14,7 @@
 #include "reader-common.h"
 //#include "csctapi/atr.h"
 #include "csctapi/icc_async.h"
+#include "readers.h"
 
 extern struct s_cardsystem cardsystems[CS_MAX_MOD];
 extern char *RDR_CD_TXT[];
@@ -127,6 +128,19 @@
 static int32_t reader_get_cardsystem(struct s_reader *reader, ATR *atr)
 {
 	int32_t i;
+	
+#ifdef WITH_EMU
+	if(reader->typ == R_EMU)
+	{
+		NULLFREE(reader->csystem_data);
+		reader_emu(&reader->csystem);
+		reader->csystem.active = 1;
+		led_status_found_cardsystem();
+		rdr_log(reader, "found card system %s", reader->csystem.desc);
+		return (reader->csystem.active);
+	}
+#endif
+	
 	for(i = 0; i < CS_MAX_MOD; i++)
 	{
 		if(cardsystems[i].card_init)
Index: reader-viaccess.c
===================================================================
--- reader-viaccess.c	(revision 10284)
+++ reader-viaccess.c	(working copy)
@@ -1337,8 +1337,8 @@
 	if(*emm_filters == NULL)
 	{
 		int8_t max_filter_count = 4;
-#ifdef MODULE_CAMD35
-		if(rdr->typ == R_CAMD35 && rdr->via_emm_global == 1)
+#if defined(MODULE_CAMD35) || defined(WITH_EMU)
+		if((rdr->typ == R_CAMD35 && rdr->via_emm_global == 1) || rdr->typ == R_EMU)
 			{max_filter_count = 6;}
 #endif
 		if(!cs_malloc(emm_filters, max_filter_count * sizeof(struct s_csystem_emm_filter)))
@@ -1348,8 +1348,8 @@
 		*filter_count = 0;
 
 		int32_t idx = 0;
-#ifdef MODULE_CAMD35
-		if(rdr->typ == R_CAMD35 && rdr->via_emm_global == 1)
+#if defined(MODULE_CAMD35) || defined(WITH_EMU)
+		if((rdr->typ == R_CAMD35 && rdr->via_emm_global == 1) || rdr->typ == R_EMU)
 		{ 
 			filters[idx].type = EMM_GLOBAL;
 			filters[idx].enabled   = 1;
Index: readers.h
===================================================================
--- readers.h	(revision 10284)
+++ readers.h	(working copy)
@@ -15,5 +15,6 @@
 void reader_bulcrypt(struct s_cardsystem *);
 void reader_griffin(struct s_cardsystem *);
 void reader_dgcrypt(struct s_cardsystem *);
+void reader_emu(struct s_cardsystem *ph);
 
 #endif
Index: webif/files/menu.html
===================================================================
--- webif/files/menu.html	(revision 10284)
+++ webif/files/menu.html	(working copy)
@@ -9,7 +9,7 @@
 ##TPLFILEMENUANTICASC##
 		<LI CLASS="##CMENUACTIVE20##"><A HREF="files.html?file=logfile">logfile</A></LI>
 		<LI CLASS="##CMENUACTIVE21##"><A HREF="files.html?file=userfile">userfile</A></LI>
-		<LI CLASS="##CMENUACTIVE16## ##CMENUACTIVE18## ##CMENUACTIVE19## ##CMENUACTIVE25## ##CMENUACTIVE26## ##CMENUACTIVE27##"><A HREF="#"  class="drop">other file<b class="subcaret"></b></A>
+		<LI CLASS="##CMENUACTIVE16## ##CMENUACTIVE18## ##CMENUACTIVE19## ##CMENUACTIVE25## ##CMENUACTIVE26## ##CMENUACTIVE27## ##CMENUACTIVE28##"><A HREF="#"  class="drop">other file<b class="subcaret"></b></A>
 			<UL CLASS="dropdown_nav">
 				<LI CLASS="##CMENUACTIVE16##"><A HREF="files.html?file=oscam.services">oscam.services</A></LI>
 				<LI CLASS="##CMENUACTIVE18##"><A HREF="files.html?file=oscam.provid">oscam.provid</A></LI>
@@ -17,6 +17,7 @@
 				<LI CLASS="##CMENUACTIVE25##"><A HREF="files.html?file=oscam.whitelist">oscam.whitelist</A></LI>
 				<LI CLASS="##CMENUACTIVE26##"><A HREF="files.html?file=oscam.ratelimit">oscam.ratelimit</A></LI>
                 ##FILEEDITCSS_SHOW##
+                ##TPLFILEMENUKEY##
 			</UL>
 		</LI>
 	</UL>
Index: webif/files/menu_key.html
===================================================================
--- webif/files/menu_key.html	(revision 0)
+++ webif/files/menu_key.html	(working copy)
@@ -0,0 +1 @@
+			<LI CLASS="##CMENUACTIVE28##"><A HREF="files.html?file=SoftCam.Key">SoftCam.Key</A></LI>
Index: webif/pages_index.txt
===================================================================
--- webif/pages_index.txt	(revision 10284)
+++ webif/pages_index.txt	(working copy)
@@ -111,6 +111,7 @@
 FILEMENU                      files/menu.html
 FILEMENUDVBAPI                files/menu_dvbapi.html                                      HAVE_DVBAPI
 FILEMENUANTICASC              files/menu_anticasc.html                                    CS_ANTICASC
+FILEMENUKEY                   files/menu_key.html                                         WITH_EMU
 
 AUTOCONF                      ghttp/autoconf.html                                         MODULE_GHTTP
 PREAUTOCONF                   ghttp/pre_autoconf.html                                     MODULE_GHTTP