TSDECRYPT(1) User Commands TSDECRYPT(1)
NAME
tsdecrypt - Decrypt mpeg transport stream.
SYNOPSIS
tsdecrypt [options]
DESCRIPTION
tsdecrypt reads incoming mpeg transport stream over UDP/RTP or file and then decrypts it by after retriving code words from OSCAM or simi-
lar CAMD server. tsdecrypt communicates with CAM server using cs378x (camd35 over tcp) protocol or newcamd protocol.
OPTIONS
MAIN OPTIONS
-i, --ident <ident>
Set ident that will be used when logging to syslog. The preferred format for the ident is PROVIDER/CHANNEL.
-d, --daemon <pidfile>
When started become a daemon and write pid file to <pidfile>.
-N, --notify-program <program>
Execute <program> when predefined events happen. In order for this option to work --ident should also be used.
You can use notify-script.example file as notification program and an example on how to create your own notification script.
See EVENTS section for detailed description of the events.
-S, --syslog
Write log messages to local syslog.
-l, --syslog-host <addr>
Set syslog host. tsdecrypt sends messages to this host over tcp in syslog compatible format. syslog-ng was tested as receiving sys-
log server.
-L, --syslog-port <port>
Syslog server port. The default value is 514.
-F, --log-file <filename>
Write logging data to <filename>. This option can be used along with syslog.
-D, --debug <level>
Set message debug level. Currently there are five message levels. 0 = default messages, 1 = show PSI tables, 2 = show EMMs 3 = show
duplicate ECMs, 4 = packet debug. 5 = packet debug + mpeg ts packet dump. Setting higher level enables the levels bellow.
-j, --pid-report
When this option is used, tsdecrypt on exit reports how much packets were received on each PID.
-b, --bench
Bechmark the CSA decryption. The benchmark is single threaded. If you want to fully test your CPU, run couple of tsdecrypts in par-
allel.
-V, --version
Show program version.
-h, --help
Show program help.
INPUT OPTIONS
-I, --input <source>
Where to read from. tsdecrypt supports input from files (-I file.ts or -I -) or multicast (-I 224.0.0.1:5000). By default tsdecrypt
reads from stdin.
-R, --input-rtp
When reading from multicast assume the input is RTP stream. NOTE: No RTP processing/reordering of packets is done. The 12 byte RTP
header is just stripped out and the stream is then processed as normal mpeg transport stream over UDP multicast.
-z, --input-ignore-disc
Do not report input discontinuity or RTP discontinuity errors.
-M, --input-service <service_id>
Choose the service id. This option must be used when the input is MPTS in order to select the correct service (program). If the
input is MPTS and --input-service is not used, tsdecrypt chooses the last service listed in PAT.
-T, --input-buffer <miliseconds>
Use this option to delay the decoding for certain amount of milliseconds. This allows tsdecrypt to decode services even if OSCAM
returns code word too late. For example SkyUK sends code words ~700 ms before it starts using them. This means that if OSCAM is
unable to return code word in less than 700 ms the decryption will fail for a small amount of time. Setting --input-buffer 1000 will
solve the problem in this case.
-W, --input-dump <filename>
Save input stream in <filename>. If the input is RTP, the file will contain the data without RTP headers (pure mpeg transport
stream). Easiest way to save the input is using command line like the following:
tsdecrypt -I 239.78.78.78:5000 -O /dev/null -s 0.0.0.0 -W file.ts
OUTPUT OPTIONS
-O, --output <dest>
Output decrypted stream to <dest>. Destination can be multicast address (-O 239.0.0.1:5000) or a file (-O file.ts). The default out-
put is stdout.
-o, --output-intf <addr>
Set multicast output interface.
-t, --output-ttl
Set multicast ttl. The default value is 1.
-g, --output-tos
Set TOS value of output packets. The default is not to set any specific TOS.
-r, --output-rtp
Enable RTP output. The default output is standard MPEG TS over UDP, this option enables tsdecrypt to output RTP packets.
-k, --output-rtp-ssrc <ssrc>
Set RTP SSRC field to <ssrc>. By default is is set to 0.
-p, --no-output-filter
Disable output filtering. By default the output filter is enabled and only PAT/PMT/SDT and data packets are left in the output.
Everything else not mentioned in PMT like NIT, EIT, TDT tables and unknown pids is removed.
-y, --output-nit-pass
Pass through NIT packets when output filtering is enabled.
-w, --output-eit-pass
Pass through EIT (EPG) packets when output filtering is enabled.
-x, --output-tdt-pass
Pass through TDT/TOT packets when output filtering is enabled.
CA OPTIONS
-c, --ca-system <ca_sys>
Process input EMM/ECM from <ca_sys>. Currently tested and working CA systems are CONAX, CRYPTOWORKS, IRDETO, VIACCESS, MEDIAGUARD
(SECA) and VIDEOGUARD (NDS), NAGRA and BULCRYPT. Other supported CA system that you can choose but is not tested is DRECRYPT. The
default <ca_sys> is CONAX. You can override the default CAS CAIDs by using --caid parameter.
-C, --caid <caid>
Directly set CAID. This is useful if you have couple of CA streams from one CA but with different CAIDs or CAS that is unsupported
by --ca-system parameter.
-Y, --const-cw <code_word>
Set constant code word to be used for decryption. The <code_word> should contain 32 hex chars. For example using
a1a2a3a4a5a6a7a8b1b2b3b4b5b6b7b8 as parameter will set even code word to a1a2a3a4a5a6a7a8 and odd code word to b1b2b3b4b5b6b7b8.
-Q, --biss-key <biss_key>
Set BISS key to be used for decryption. The <biss_key> should contain 12 chars (hex). For example 112233445566 is valid BISS key.
If the BISS key contains 16 chars this means that the key CRC is embeded in the key. These keys are also supported (they are the
same as using constant code word with same code words for even and odd keys).
CAMD OPTIONS
-A, --camd-proto <protocol>
Set CAMD server protocol. Valid protocols are CS378X and NEWCAMD. If this option is not used the default protocol is CS378X (camd35
over tcp).
-s, --camd-server <addr[:port]>
Set CAMD server ip and port (10.0.1.1:2233). Is not set default port is 2233. 2233 is the default port CS378X protocol, for NEWCAMD
protocol you probably should choose other port.
-U, --camd-user <username>
Set CAMD user name. The default is user.
-P, --camd-pass <password>
Set CAMD user password. The default is pass.
-B, --camd-des-key <des_key>
Set DES key used by NEWCAMD protocol. The default is 0102030405060708091011121314.
EMM OPTIONS
-e, --emm
Enable sending EMM's to CAMD for processing. By default EMM processing is disabled and only ECM are processed.
-Z, --emm-pid <pid>
Set EMM pid manually. This option is useful for services that have couple of EMM streams from one CA system. Without this option
tsdecrypt always chooses the first stream from the chosen CA system.
-E, --emm-only <hierarchy>
Disable ECM processing and stream output. This option is useful if the EMM stream has very high rate and is interfering with ECM
processing. Using --emm-only you can run special tsdecrypt dedicated only to card auto update.
-f, --emm-report-time <seconds>
Set interval for EMM reports. The default is 60 seconds. Set to 0 to disable EMM reports.
ECM OPTIONS
-X, --ecm-pid <pid>
Set ECM pid manually. This option is useful for services that have couple of ECM streams from one CA system. Without this option
tsdecrypt always chooses the first stream from the chosen CA system. Run tsdecrypt with --debug 2 and look at CA descriptors in PMT
to see what CA streams are available.
-H, --ecm-report-time <seconds>
Set interval for ECM reports. The default is 60 seconds. Set to 0 to disable ECM reports.
-G, --ecm-irdeto-type <type>
Set ECM IRDETO type. IRDETO CA send ECMs with different id mixed into one stream. Only one of the IDs are valid in given time. This
option lets you choose which stream to process. The default stream type is 0.
-K, --ecm-no-log
Disable logging of ECMs and code words. Code word errors and stats reports are not affected by this option.
-J, --cw-warn-time <seconds>
After how much seconds to warn if valid code word was not received. The default is 60 seconds. Set to 0 to disable the warning.
EVENTS
Notification events are sent when --notify-program and --ident options are used. The event parameters are set as environmental variables
before executing the external notification program. The variables are:
_TS Unix timestamp of the event.
_IDENT tsdecrypt ident parameter with "/" replaced by "-".
_MESSAGE_ID Event message id (for example START, STOP, etc...).
_MESSAGE_MSG Event message id with "_" replaced by " ".
_MESSAGE_TEXT Event message text. Human readable event message.
currently defined events are:
START tsdecrypt was started.
CODE_WORD_OK Valid code word was received and decryption is
working ok.
NO_CODE_WORD No valid code word was received for X seconds. The
decryption process have been suspended until valid
code word is received.
NO_EMM_RECEIVED No EMM packet have been received for X seconds.
INPUT_TIMEOUT There was no data on the input.
INPUT_OK The data have appeared on the input.
STOP tsdecrypt was stopped.
See notify-script.example for an example on how to create external notification program.
SEE ALSO
See the README file for more information. If you have questions, remarks, problems or you just want to contact the developer, write to:
georgi@unixsol.org
For more info, see the website at
http://georgi.unixsol.org/programs/tsdecrypt/
AUTHORS
Written by Georgi Chorbadzhiyski <georgi@unixsol.org>
LICENSE
This program is free software; you can redistribute it and/or modify it under the terms of version 2 of the GNU General Public License as
published by the Free Software Foundation.
tsdecrypt 8.1 April 2012 TSDECRYPT(1)