tsdecrypt(1)
NAME
tsdecrypt - Decrypt mpeg transport stream.
SYNOPSIS
tsdecrypt [options]
DESCRIPTION
tsdecrypt reads incoming mpeg transport stream over UDP/RTP or file and then decrypts it by after retriving code words from OSCAM or similar CAMD server. tsdecrypt communicates with CAM server using cs378x (camd35 over tcp) protocol or newcamd protocol.
OPTIONS
MAIN OPTIONS
-i, --ident <ident>
Set ident that will be used when logging to syslog. The
preferred format for the ident is PROVIDER/CHANNEL.
-d, --daemon <pidfile>
When started become a daemon and write pid file to <pidfile>.
-N, --notify-program <program>
Execute <program> when predefined events happen. In order for
this option to work --ident should also be used.
You can use notify-script.example file as notification program
and an example on how to create your own notification script.
See EVENTS section for detailed description of the events.
-S, --syslog
Write log messages to local syslog.
-l, --syslog-host <addr>
Set syslog host. tsdecrypt sends messages to this host over tcp
in syslog compatible format. syslog-ng was tested as receiving
syslog server.
-L, --syslog-port <port>
Syslog server port. The default value is 514.
-F, --log-file <filename>
Write logging data to <filename>. This option can be used along
with syslog.
-D, --debug <level>
Set message debug level. Currently there are five message
levels. 0 = default messages, 1 = show PSI tables, 2 = show
EMMs 3 = show duplicate ECMs, 4 = packet debug. 5 = packet debug
+ mpeg ts packet dump. Setting higher level enables the levels
bellow.
-j, --pid-report
When this option is used, tsdecrypt on exit reports how much
packets were received on each PID.
-b, --bench
Bechmark the CSA decryption. The benchmark is single threaded.
If you want to fully test your CPU, run couple of tsdecrypts in
parallel.
-V, --version
Show program version.
-h, --help
Show program help.
INPUT OPTIONS
-I, --input <source>
Where to read from. tsdecrypt supports input from file (-I
file://file.ts), IPv4 multicast/unicast addresses (-I
224.0.0.1:5000) or IPv6 multicast/unicast addresses (-I
[ff01::1111]:5000). By default tsdecrypt reads from stdin.
-1, --input-source <ipaddr>
Set multicast input source address using
IP_ADD_SOURCE_MEMBERSHIP. This works only for IPv4 multicast.
The default value is 0.0.0.0 (do not apply source filtering).
-R, --input-rtp
When reading from multicast assume the input is RTP stream.
NOTE: No RTP processing/reordering of packets is done. The 12
byte RTP header is just stripped out and the stream is then
processed as normal mpeg transport stream over UDP multicast.
-z, --input-ignore-disc
Do not report input discontinuity or RTP discontinuity errors.
-M, --input-service <service_id>
Choose the service id. This option must be used when the input
is MPTS in order to select the correct service (program). If the
input is MPTS and --input-service is not used, tsdecrypt chooses
the last service listed in PAT.
-T, --input-buffer <miliseconds>
Use this option to delay the decoding for certain amount of
milliseconds. This allows tsdecrypt to decode services even if
OSCAM returns code word too late. For example SkyUK sends code
words ~700 ms before it starts using them. This means that if
OSCAM is unable to return code word in less than 700 ms the
decryption will fail for a small amount of time. Setting
--input-buffer 1000 will solve the problem in this case.
-W, --input-dump <filename>
Save input stream in <filename>. If the input is RTP, the file
will contain the data without RTP headers (pure mpeg transport
stream). Easiest way to save the input is using command line
like the following:
tsdecrypt -I 239.78.78.78:5000 -O /dev/null -s 0.0.0.0 -W
file.ts
OUTPUT OPTIONS
-O, --output <dest>
Output decrypted stream to <dest>. The destination can be IPv4
multicast address (-O 239.0.0.1:5000), IPv6 mulicast address (-O
[ff01::2222]:5000), hostname that resolves to IPv4/IPv6 address
(-O example.com:5000) or file. When the output is file, the
file name should be prefixed with file:// (-O file://out.ts)if
it doesn't contain / symbol. The default output is stdout.
-o, --output-intf <value>
Set multicast output interface. The value can be IPv4 address of
the output interface (default: 0.0.0.0 /any/) or in the case of
IPv6 the interface number (default: -1 /any/).
-t, --output-ttl
Set multicast ttl. The default value is 1.
-g, --output-tos
Set TOS value of output packets. The default is not to set any
specific TOS.
-r, --output-rtp
Enable RTP output. The default output is standard MPEG TS over
UDP, this option enables tsdecrypt to output RTP packets.
-k, --output-rtp-ssrc <ssrc>
-u, --no-output-on-error
Filter all output when there is no valid code word.
-p, --no-output-filter
Disable output filtering. By default the output filter is
enabled and only PAT/PMT/SDT and data packets are left in the
output. Everything else not mentioned in PMT like NIT, EIT, TDT
tables and unknown pids is removed.
-y, --output-nit-pass
Pass through NIT packets when output filtering is enabled.
-w, --output-eit-pass
Pass through EIT (EPG) packets when output filtering is enabled.
-x, --output-tdt-pass
Pass through TDT/TOT packets when output filtering is enabled.
CA OPTIONS
-c, --ca-system <ca_sys>
Process input EMM/ECM from <ca_sys>. Currently tested and
working CA systems are CONAX, CRYPTOWORKS, IRDETO, VIACCESS,
MEDIAGUARD (SECA) and VIDEOGUARD (NDS), NAGRA, BULCRYPT,
GRIFFIN and DGCRYPT. Other supported CA system that you can
choose but is not tested is DRECRYPT. The default <ca_sys> is
CONAX. You can override the default CAS CAIDs by using --caid
parameter.
-C, --caid <caid>
Directly set CAID. This is useful if you have couple of CA
streams from one CA but with different CAIDs or CAS that is
unsupported by --ca-system parameter.
-Y, --const-cw <code_word>
Set constant code word to be used for decryption. The
<code_word> should contain 32 hex chars. For example using
a1a2a3a4a5a6a7a8b1b2b3b4b5b6b7b8 as parameter will set even code
word to a1a2a3a4a5a6a7a8 and odd code word to b1b2b3b4b5b6b7b8.
-Q, --biss-key <biss_key>
Set BISS key to be used for decryption. The <biss_key> should
contain 12 chars (hex). For example 112233445566 is valid BISS
key. If the BISS key contains 16 chars this means that the key
CRC is embeded in the key. These keys are also supported (they
are the same as using constant code word with same code words
for even and odd keys).
CAMD OPTIONS
-A, --camd-proto <protocol>
Set CAMD server protocol. Valid protocols are CS378X and
NEWCAMD. If this option is not used the default protocol is
CS378X (camd35 over tcp).
-s, --camd-server <hostname[:port]>
Set CAMD server address. You can use IPv4/IPv6 address or
hostname. If the port is not set then 2233 is used as default
port. 2233 is the default port for CS378X protocol but for
NEWCAMD protocol you probably should choose other port number.
To set static IPv6 address you have to put in in brackets ([])
for example: [1234::5678]:2233
-U, --camd-user <username>
Set CAMD user name. The default is user.
-P, --camd-pass <password>
Set CAMD user password. The default is pass.
-B, --camd-des-key <des_key>
Set DES key used by NEWCAMD protocol. The default is
0102030405060708091011121314.
-4, --ipv4
Connect to CAMD server using only IPv4 addresses of the server.
IPv6 addresses would be are ignorred.
-6, --ipv6
Connect to CAMD server using only IPv6 addresses of the server.
IPv4 addresses would be are ignorred.
EMM OPTIONS
-e, --emm
Enable sending EMM's to CAMD for processing. By default EMM
processing is disabled and only ECM are processed.
-Z, --emm-pid <pid>
Set EMM pid manually. This option is useful for services that
have couple of EMM streams from one CA system. Without this
option tsdecrypt always chooses the first stream from the chosen
CA system.
-E, --emm-only
Disable ECM processing and stream output. This option is useful
if the EMM stream has very high rate and is interfering with ECM
processing. Using --emm-only you can run special tsdecrypt
dedicated only to keeping card entitlements up to date.
-f, --emm-report-time <seconds>
Set interval for EMM reports. The default is 60 seconds. Set to
0 to disable EMM reports.
-a, --emm-filter <filter_definition>
Add EMM filter described by <filter_definition>. EMM filters are
useful if you want to limit the number of EMMs that should reach
your CAMD server. The basic <filter_defintion> is
Command/Settings where the commands are: accept_all, reject_all,
accept and reject.
For more information about filtering and for example filters,
please read FILTERING file that comes with tsdecrypt. This
option can be used multiple times to define up to 16 different
filters.
ECM OPTIONS
-X, --ecm-pid <pid>
Set ECM pid manually. This option is useful for services that
have couple of ECM streams from one CA system. Without this
option tsdecrypt always chooses the first stream from the chosen
CA system. Run tsdecrypt with --debug 2 and look at CA
descriptors in PMT to see what CA streams are available.
-v, --ecm-only
Process ECMs but do not decode the input stream. This option is
useful if you just want to populate you OSCAM DCW cache but do
not want to waste CPU time on stream decoding.
-H, --ecm-report-time <seconds>
Set interval for ECM reports. The default is 60 seconds. Set to
0 to disable ECM reports.
-G, --ecm-irdeto-type <int>
Set the index of the IRDETO ECM stream. NOTE: This option is
deprecated, better use --ecm-irdeto-chid.
-2, --ecm-irdeto-chid <int>
IRDETO CA sends ECMs mixed in single stream on single PID. In
order to select the correct ECM stream the so called CHID number
is used. Oscam reports what CHIDs are activated in your card and
tsdecrypt allows you to set the correct CHID number using this
option. tsderypt reports what CHIDs are available in the
incoming ECM stream. The CHID is 16-bit number (0x0000 -
0xffff).
-K, --ecm-no-log
Disable logging of ECMs and code words. Code word errors and
stats reports are not affected by this option.
-J, --cw-warn-time <seconds>
After how much seconds to warn if valid code word was not
received. The default is 60 seconds. Set to 0 to disable the
warning.
-q, --ecm-and-emm-only
Process ECMs and EMMs but do not decode the input stream. This
option combines --ecm-only and --emm-only options. Use it if you
want to populate your OSCAM DCW cache and keep your card
entitlements updated but do not want to waste CPU time on stream
decoding.
DEBUG OPTIONS
-n, --ecm-file <file.txt>
Read ECM from text file and send it to CAMD server for
processing. This option must be used along with --caid and
--input-service options.
The file should be normal text file, the format of the file is
described bellow.
-m, --emm-file <file.txt>
Read EMM from text file and send it to CAMD server for
processing. This option must be used along with --caid and
--input-service options.
Bellow is an example text file, lines starting with # are
ignored and also 0x prefixes are ignored. Any other symbol in
the file is processed as hex number. An example file might look
like this:
# comment
aa bb cc dd ee
ff 01 02 03 04
# Other comment
0x05 0x06 0x07
EVENTS
Notification events are sent when --notify-program and --ident options
are used. The event parameters are set as environmental variables
before executing the external notification program. The variables are:
_TS Unix timestamp of the event.
_IDENT tsdecrypt ident parameter with "/" replaced by "-".
_MESSAGE_ID Event message id (for example START, STOP, etc...).
_MESSAGE_MSG Event message id with "_" replaced by " ".
_MESSAGE_TEXT Event message text. Human readable event message.
currently defined events are:
START tsdecrypt was started.
CODE_WORD_OK Valid code word was received and decryption is
working ok.
NO_CODE_WORD No valid code word was received for X seconds. The
decryption process have been suspended until valid
code word is received.
NO_EMM_RECEIVED No EMM packet have been received for X seconds.
INPUT_TIMEOUT There was no data on the input.
INPUT_OK The data have appeared on the input.
STOP tsdecrypt was stopped.
See notify-script.example for an example on how to create external
notification program.
EXAMPLES
To get a quick start here are some example command lines. The default
CA system is set to CONAX, you can change it using --ca-system
parameter.
# Decrypt multicast stream from 239.0.50.11:5000 using 10.0.1.1:2233
# as camd server and output decrypted result to 239.78.78.78:5000
tsdecrypt --camd-server 10.0.1.1 \
--input 239.0.50.11:5000 --output 239.78.78.78:5000
# Same as above but enable EMM processing
tsdecrypt --emm --camd-server 10.0.1.1:2233 \
--input 239.0.50.11:5000 --output 239.78.78.78:5000
# Same as above but do not filter output stream thus allowing
# EIT/TOT/NIT, etc tables to passthrough
tsdecrypt --no-output-filter --emm --camd-server 10.0.1.1 \
--input 239.0.50.11:5000 --output 239.78.78.78:5000
# Choose program/service_id to decrypt. Useful when the input is MPTS
tsdecrypt --camd-server 10.0.1.1 --input-service 1234 \
--input 239.0.50.11:5000 --output 239.78.78.78:5000
# Read stream over RTP and process VIACCESS encoded channel
tsdecrypt --ca-system VIACCESS --emm --camd-server 10.0.1.1:2233 \
--input-rtp --input 239.0.50.11:5000 --output 239.78.78.78:5000
# Decrypt stream encypted with CAID 0x0963 (NDS, sky)
tsdecrypt --camd-server 10.0.1.1 --ca-system NDS --caid 0x0963 \
--input 239.0.50.11:5000 --output 239.78.78.78:5000
# Send only EMMs to OSCAM for CAID 0x0963 (NDS, sky)
tsdecrypt --camd-server 10.0.1.1 --emm-only --caid 0x0963 \
--input 239.0.50.11:5000 --output /dev/null
# Decrypt stream encypted with CAID 0x5581 (Bulcrypt)
tsdecrypt --camd-server 10.0.1.1 --caid 0x5581 \
--input 239.0.50.11:5000 --output 239.78.78.78:5000
# Decrypt BISS encrypted stream
tsdecrypt --biss-key 0x112233445566 --input 239.0.50.11:5000 \
--output 239.78.78.78:5000
# Decrypt file encypted with constant code word
tsdecrypt --const-cw 0x00000000000000001111111111111111 \
--input encrypted-file.ts --output file://decrypted-file.ts
# Send ECM from file
tsdecrypt --ecm-file ecm.txt --caid 0x5581 --input-service 12345 \
--camd-server example.com
# Decrypt IRDETO stream from Raduga (CHID == 0x0015)
tsdecrypt --input 239.0.50.11:5000 --output 239.78.78.78:5000 \
--camd-server example.com \
--ca-system IRDETO --caid 0x0652 --ecm-irdeto-chid 0x0015
SEE ALSO
See the README file for more information. If you have questions,
remarks, problems or you just want to contact the developer, write to:
georgi@unixsol.org
For more info, see the website at
http://georgi.unixsol.org/programs/tsdecrypt/
AUTHORS
Written by Georgi Chorbadzhiyski <georgi@unixsol.org>
LICENSE
This program is free software; you can redistribute it and/or modify it under the terms of version 2 of the GNU General Public License as published by the Free Software Foundation.
Opportunity
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
Free Books
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Education
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.
