Connect OScam and CCcam using Newcamd protocol
You will have to edit or create three files: oscam.conf, oscam.user and CCcam.cfg!
oscam.conf:
[newcamd]
Key = 0102030405060708091011121314
Port = 34000@0b00:000000 #this is example for MTV Unlimited or any other Conax card that have 0b00 caid!
oscam.user:
[account]
User = test
Pwd = test2
Group = x #same as in oscam.server file
AU = xxx #same as in oscam.server file
CCcam.cfg:
N: 127.0.0.1 34000 test test2 01 02 03 04 05 06 07 08 09 10 11 12 13 14 256
First number is IP address of your OScam server. 127.0.0.1 is used when you have CCcam and OScam on same server or receiver. If you have OScam installed somewhere else, then use regular IP (192.168.1.x). Then there is port number (34000) and username(test)/password(test2).
At the end there are a bunch of strange numbers (01 02 03 04 05 06 07 08 09 10 11 12 13 14). They are always the same, do not change them!! You can also optionally add 256 at the end of N line. This means that your card will show as local card in CCcam. This trick is quite popular these days because many cards can be read in OScam only!
Newcamd Extended protocol also exists but its not supported within OScam. This protocol is better than ordinary Newcamd, because it supports more CAIDs per port. Because of this issue, ordinary Newcamd is not very user friendly!
For discussion please visit this thread:
https://www.satnigmo.com/forum/index.php?threads/oscam-to-cccam-newcamd-protocol.542/
For other “connect” tutorials, visit these links:
Connect OScam with CCcam using Camd35 protocol
You will have to edit or create three files: oscam.conf, oscam.user and CCcam.cfg!
oscam.conf:
[cs357x] #DO NOT USE [camd35] as this is obsolete in newer oscams!
port = 15991 #this is an example, you can use different numbers
serverip = 192.168.1.11 #this is your IP of your server where you have your OScam running!
oscam.user:
[account]
User = test
Pwd = test2
Group = x #same as in oscam.server file
AU = xxx #same as in oscam.server file. You can use this universal settings: AU=1
CCcam.cfg:
L: 192.168.1.11 15991 test test2 0b00 000000 256
First number is IP address of your server. In my case its 192.168.1.11, you can also use 127.0.0.1 if you have CCcam and OScam running on the same receiver or server. Then there are port number (15991) and username(test)/password(test2).
At the end there is CAID number and provider ID of your package and you can also optionally add 256. This means that your card will show as local in CCcam. Same trick as with Newcamd protocol! Pretty neat, right?
Camd35 is considered to be better than Newcamd. The biggest limitation of Newcamd is that it only support one caid per port. For every caid you need to create different port. Pretty annoying! Camd35 on the other hand support more caids per port.
For discussion please visit this thread here:
https://www.satnigmo.com/forum/index.php?threads/oscam-to-cccam-camd35-protocol.543/
For other “connect” tutorials, visit these links:
CCcam Smartcard SID Assign
Here is example for MTV Unlimited card. You need to put the line (located below) in CCcam.cfg and restart CCcam. Using Cccam 2.1.2 or any newer version is obligatory! Older versions do not support this feature.
SMARTCARD SID ASSIGN : /dev/ttyUSBx 0 { 6FF3, 6FEE, 6FEF, 6FF1, 6FF0, 6FFF }
You can change /dev/ttyUSBx to anything you want. If you have internal reader than change to /dev/sci0
SMARTCARD SID ASSIGN : /dev/sci0 0 { 6FF3, 6FEE, 6FEF, 6FF1, 6FF0, 6FFF }
How to use CCcam
To add new user you have to put an F line in the CCcam.cfg file (this file is located in /etc/ directory on your linux receiver or server). Here is an example of F line:
F: user password 3 1 0 { 0:0:5 }
Client gets all our cards at max distance (hops) of 3! He has the right to use our emu keys “1”, for NO rights to emu keys change this number to “0”. He has NO AU rights “0”, for AU rights change this number to “1”. Furthermore he has the right to re-share all our cards 4 more times { 0:0:5 }. When numbers are { 0:0:1 }, he can only watch himself and he has no re-share rights! Using 0:0:5 configuration is NOT RECOMMENDED, i recommend using 0:0:2.
My recommendation for F line is:
F: user password 1 0 0 { 0:0:2 } or this one:
F: user password 0 0 0 { 0:0:2 }
1) First number (1) means your client gets all your local cards + cards that you have on your hop 1 list. Last number (2) means that your client can reshare your cards 1 more time!
2) First number (0) means your client gets only your local cards. Last number (2) means that your client can reshare your cards 1 more time!
Lets talk about CCcam port setting now. You can set port number by changing this rule:
# SERVER LISTEN PORT: 12000 into SERVER LISTEN PORT: 14322 or any number you want.
I really recommend that you change CCcam port, this is for your safety!!
If you want to connect to someone else CCcam server you have to add a C line that looks like this:
C: ip/dyndns_server port user password yes
In the end it should look something like this:
C: tralala.dyndns.com 13555 youarethebest blablabla yes
The yes on the end means that you get EMU keys from that CCcam server. I recommend that you use “no” at the end of the C line.
To connect to a newcamd server you have to add N line:
N: ip/dyndns port user password deskey hops_away
In the end it should look like this:
N: tralala.dyndns.com 13000 blabla tralala 01 02 03 04 05 06 07 08 09 10 11 12 13 14
To connect to a Camd3 server you have to add a L line:
L: IP/dyndns port CAID(4digits) providerID(6digits) hops_away
In the end it should look like this:
N: tralala.dyndns.com 13000 blabla tralala 0500 030b00
These are the basics…. Now i will tell you few more advanced tips!
In case you have 2 local cards and you only want that user get to see 1 card you can do this:
Card 1 = provider CDS 0100 00006A
Card 2 = provider Sky DE 1702 000000
Now you want that user only gets to see your CDS card and not the Sky DE card do the following:
F: user password 1 0 0 { 0:0:3, 0100:00006A:1, 1702:0:0 }
This user gets all cards at maximum distance of 1 hop except 1702 because he has no rights to it. He gets to re-share all our cards(local and virtual) 2 times except for provider 0100 0006A because of :1. Say you want the user to have the right to re-share 0100 0006A 2 times further then change the “:1” into “:3”!
As you can see, you decide what your friend(s) are entitled to see and how many rights they get. If your card is set to reshare level 3 nobody but yourself can change that. WARNING! With the increasing popularity of OScam, these setting does not protect you. OScam can bypass them and users can easly reshare your local cards and all your hops even if your F line is set to:
F: user password 0 0 0 { 0:0:0 }
I know, thats nasty stuff from OScam but we need to live with it.
Another tip…
To control receiving hops just add { 0:0:x } at the end of the C line, where x is the number of hops you want to receive.
C: IP/dyndns port user passwd no { 0:0:2 }
This line only gives me shares from that peer with max count of 2. This means i will receive friends local cards and his hop1 cards. He is maybe also sharing with me his hop2 cards, but its not recommended to use so many hops, because your server can become unstable. Unstable servers are not
And another tip…
You can inrease security if you add additional info to your F lines. I am talking about this:
F: user1 pass2 0 0 0 { 0:0:2 } { } { } tralala.dyndns.org:12000
Adding DNS address at the end of F line protects you against users that are connecting from IP that is not the same as the IP of DNS address that they use. This means that these peers have CCcam server on different location (usually they use VPS). I recommend that you block these users. Do not delete them, just put F:000 000. If you just delete them, you will get flood of failed login attempts and this can cause instability of CCcam!
Thanks to carp95 and to me, admin of SATNIGMO 🙂
Block unwanted users in CCcam (Fail2Ban)
Why is fail2ban useful function? You probably have unwanted users on your CCcam server. Some users can cause CCcam to crash and this can become very annoying. No one wants unstable CCcam!
If you want to see these users (if they exist), you need to add this line in CCcam.cfg:
LOG WARNINGS: /tmp/warnings.txt
Warnings.txt file can become quite large, so it is good idea to have it in tmp folder.
There are two solutions to block unwanted users
1. Block IP directly in your router. If you have router which supports Tomato firmware, find this section in your router webif —> Administration/Scripts/Firewall. Then add this line:
iptables -I FORWARD -d IP of user that is attacking you -j DROP
This only works if user has static IP (usually not). If user does not have static IP, there is another solution, but you need to be using Linux PC as CCcam server. Solution is called Fail2Ban!
If you use Fedora disto install Fail2Ban with this command: yum install fail2ban
If you use Ubuntu distro use: apt-get install fail2ban
Next command you need to use is (use telnet for this):
nano /etc/fail2ban/jail.conf
Look for these lines:
# "ignoreip" can be an IP address, a CIDR mask or a DNS host ignoreip = 127.0.0.1 192.168.1.72 #here you need to put addresses that will be ignored by fail2ban - add IPs of your receivers/clients at home! maxretry = 3
… and add these lines:
[cccam-12000] enabled = true port = 12000 #port of your cccam server. I have 12333 for example. filter = cccam action = iptables[name=CCcam0, port=12000, protocol=tcp] #here you only need to change port to 12333 for example. logpath = /tmp/warnings.txt maxretry = 10 bantime = 6000 #this is in seconds. User will be banned 6000 seconds.
Next command (use telnet):
nano /etc/fail2ban/filter.d/cccam.conf
Add this into cccam.conf file:
# Fail2Ban configuration file # # Author: Cyril Jaquier # # $Revision: 510 $ #
[Definition]
# Option: failregex # Notes.: regex to match the password failures messages in the logfile. The # host must be matched by a group named "host". The tag "" can # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?PS+) # Values: TEXT # failregex = Connection from IP: Login Failed!
# Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. # Values: TEXT # ignoreregex =
Next command is:
/etc/init.d/fail2ban restart
Last command is:
chkconfig fail2ban on
Using this command, fail2ban will start automatically with system start.
Now all CCcam crash problems should be gone. If not, then you have other problems (problematic peer, bad RAM sticks, etc.) If you want to check which IPs are blocked, type this in putty using SSH or telnet:
iptables --list