Provided by: tsdecrypt_10.0-2build2_amd64 bug

NAME

       tsdecrypt - Decrypt mpeg transport stream.

SYNOPSIS

       tsdecrypt [options]

DESCRIPTION

       tsdecrypt  reads  incoming mpeg transport stream over UDP/RTP or file and then decrypts it
       by after retriving code words from OSCAM or similar CAMD  server.  tsdecrypt  communicates
       with CAM server using cs378x (camd35 over tcp) protocol or newcamd protocol.

OPTIONS

       MAIN OPTIONS

       -i, --ident <ident>
              Set  ident  that  will be used when logging to syslog. The preferred format for the
              ident is PROVIDER/CHANNEL.

       -d, --daemon <pidfile>
              When started become a daemon and write pid file to <pidfile>.

       -N, --notify-program <program>
              Execute <program> when predefined events happen. In order for this option  to  work
              --ident should also be used.

              You  can  use  notify-script.example file as notification program and an example on
              how to create your own notification script.

              See EVENTS section for detailed description of the events.

       -S, --syslog
              Write log messages to local syslog.

       -l, --syslog-host <addr>
              Set syslog host.  tsdecrypt  sends  messages  to  this  host  over  tcp  in  syslog
              compatible format. syslog-ng was tested as receiving syslog server.

       -L, --syslog-port <port>
              Syslog server port. The default value is 514.

       -F, --log-file <filename>
              Write logging data to <filename>. This option can be used along with syslog.

       -D, --debug <level>
              Set  message  debug  level.  Currently  there are five message levels.  0 = default
              messages, 1 = show PSI tables, 2 = show EMMs 3 = show duplicate ECMs,  4  =  packet
              debug.  5  =  packet debug + mpeg ts packet dump.  Setting higher level enables the
              levels bellow.

       -j, --pid-report
              When this option is used, tsdecrypt on exit reports how much packets were  received
              on each PID.

       -b, --bench
              Bechmark  the  CSA  decryption.  The  benchmark is single threaded.  If you want to
              fully test your CPU, run couple of tsdecrypts in parallel.

       -V, --version
              Show program version.

       -h, --help
              Show program help.

       INPUT OPTIONS

       -I, --input <source>
              Where to read from. tsdecrypt supports input from file  (-I  file://file.ts),  IPv4
              multicast/unicast addresses (-I 224.0.0.1:5000) or IPv6 multicast/unicast addresses
              (-I [ff01::1111]:5000). By default tsdecrypt reads from stdin.

       -1, --input-source <ipaddr>
              Set multicast input source address using IP_ADD_SOURCE_MEMBERSHIP. This works  only
              for IPv4 multicast. The default value is 0.0.0.0 (do not apply source filtering).

       -R, --input-rtp
              When  reading  from  multicast  assume  the  input  is  RTP  stream.  NOTE:  No RTP
              processing/reordering of packets is done. The 12 byte RTP header is  just  stripped
              out  and  the  stream  is  then  processed as normal mpeg transport stream over UDP
              multicast.

       -z, --input-ignore-disc
              Do not report input discontinuity or RTP discontinuity errors.

       -M, --input-service <service_id>
              Choose the service id. This option must be used when the input is MPTS in order  to
              select  the  correct service (program). If the input is MPTS and --input-service is
              not used, tsdecrypt chooses the last service listed in PAT.

       -T, --input-buffer <miliseconds>
              Use this option to delay the decoding for  certain  amount  of  milliseconds.  This
              allows  tsdecrypt to decode services even if OSCAM returns code word too late.  For
              example SkyUK sends code words ~700 ms before it starts using them. This means that
              if OSCAM is unable to return code word in less than 700 ms the decryption will fail
              for a small amount of time. Setting --input-buffer 1000 will solve the  problem  in
              this case.

       -W, --input-dump <filename>
              Save  input  stream  in  <filename>. If the input is RTP, the file will contain the
              data without RTP headers (pure mpeg transport stream).  Easiest  way  to  save  the
              input is using command line like the following:

              tsdecrypt -I 239.78.78.78:5000 -O /dev/null -s 0.0.0.0 -W file.ts

       OUTPUT OPTIONS

       -O, --output <dest>
              Output  decrypted  stream  to <dest>. The destination can be IPv4 multicast address
              (-O 239.0.0.1:5000), IPv6 mulicast address (-O  [ff01::2222]:5000),  hostname  that
              resolves  to  IPv4/IPv6  address (-O example.com:5000) or file.  When the output is
              file, the file name should be prefixed with file:// (-O file://out.ts)if it doesn't
              contain / symbol. The default output is stdout.

       -o, --output-intf <value>
              Set  multicast  output  interface.  The  value  can  be  IPv4 address of the output
              interface  (default: 0.0.0.0 /any/) or in the case of  IPv6  the  interface  number
              (default: -1 /any/).

       -t, --output-ttl
              Set multicast ttl. The default value is 1.

       -g, --output-tos
              Set TOS value of output packets. The default is not to set any specific TOS.

       -r, --output-rtp
              Enable  RTP  output.  The  default output is standard MPEG TS over UDP, this option
              enables tsdecrypt to output RTP packets.

       -k, --output-rtp-ssrc <ssrc>

       -u, --no-output-on-error
              Filter all output when there is no valid code word.

       -p, --no-output-filter
              Disable output filtering.  By  default  the  output  filter  is  enabled  and  only
              PAT/PMT/SDT  and data packets are left in the output. Everything else not mentioned
              in PMT like NIT, EIT, TDT tables and unknown pids is removed.

       -y, --output-nit-pass
              Pass through NIT packets when output filtering is enabled.

       -w, --output-eit-pass
              Pass through EIT (EPG) packets when output filtering is enabled.

       -x, --output-tdt-pass
              Pass through TDT/TOT packets when output filtering is enabled.

       CA OPTIONS

       -c, --ca-system <ca_sys>
              Process input EMM/ECM from <ca_sys>. Currently tested and working  CA  systems  are
              CONAX,  CRYPTOWORKS,  IRDETO,  VIACCESS,  MEDIAGUARD  (SECA)  and VIDEOGUARD (NDS),
              NAGRA, BULCRYPT,
               GRIFFIN and DGCRYPT.  Other supported CA system that you can  choose  but  is  not
              tested  is  DRECRYPT.   The default <ca_sys> is CONAX. You can override the default
              CAS CAIDs by using --caid parameter.

       -C, --caid <caid>
              Directly set CAID. This is useful if you have couple of CA streams from one CA  but
              with different CAIDs or CAS that is unsupported by --ca-system parameter.

       -Y, --const-cw <code_word>
              Set constant code word to be used for decryption. The <code_word> should contain 32
              hex chars. For example using a1a2a3a4a5a6a7a8b1b2b3b4b5b6b7b8 as parameter will set
              even code word to a1a2a3a4a5a6a7a8 and odd code word to b1b2b3b4b5b6b7b8.

       -Q, --biss-key <biss_key>
              Set  BISS  key  to  be  used for decryption. The <biss_key> should contain 12 chars
              (hex). For example 112233445566 is valid BISS key.  If the  BISS  key  contains  16
              chars  this  means  that  the  key  CRC  is embeded in the key. These keys are also
              supported (they are the same as using constant code word with same code  words  for
              even and odd keys).

       CAMD OPTIONS

       -A, --camd-proto <protocol>
              Set  CAMD  server protocol. Valid protocols are CS378X and NEWCAMD.  If this option
              is not used the default protocol is CS378X (camd35 over tcp).

       -s, --camd-server <hostname[:port]>
              Set CAMD server address. You can use IPv4/IPv6 address or hostname. If the port  is
              not  set  then  2233  is  used as default port. 2233 is the default port for CS378X
              protocol but for NEWCAMD protocol you probably should choose other port number.  To
              set  static  IPv6  address  you  have  to  put  in  in  brackets  ([]) for example:
              [1234::5678]:2233

       -U, --camd-user <username>
              Set CAMD user name. The default is user.

       -P, --camd-pass <password>
              Set CAMD user password. The default is pass.

       -B, --camd-des-key <des_key>
              Set DES key used by NEWCAMD protocol. The default is 0102030405060708091011121314.

       -4, --ipv4
              Connect to CAMD server using only IPv4 addresses  of  the  server.  IPv6  addresses
              would be are ignorred.

       -6, --ipv6
              Connect  to  CAMD  server  using  only IPv6 addresses of the server. IPv4 addresses
              would be are ignorred.

       EMM OPTIONS

       -e, --emm
              Enable sending EMM's to CAMD for processing. By default EMM processing is  disabled
              and only ECM are processed.

       -Z, --emm-pid <pid>
              Set  EMM  pid  manually. This option is useful for services that have couple of EMM
              streams from one CA system. Without this option tsdecrypt always chooses the  first
              stream from the chosen CA system.

       -E, --emm-only
              Disable  ECM  processing and stream output. This option is useful if the EMM stream
              has very high rate and is interfering with ECM processing. Using --emm-only you can
              run special tsdecrypt dedicated only to keeping card entitlements up to date.

       -f, --emm-report-time <seconds>
              Set  interval  for  EMM reports. The default is 60 seconds. Set to 0 to disable EMM
              reports.

       -a, --emm-filter <filter_definition>
              Add EMM filter described by <filter_definition>. EMM filters are useful if you want
              to  limit  the  number  of  EMMs  that  should  reach  your CAMD server.  The basic
              <filter_defintion>  is  Command/Settings  where  the  commands   are:   accept_all,
              reject_all, accept and reject.

              For more information about filtering and for example filters, please read FILTERING
              file that comes with tsdecrypt. This option can be used multiple times to define up
              to 16 different filters.

       ECM OPTIONS

       -X, --ecm-pid <pid>
              Set  ECM  pid  manually. This option is useful for services that have couple of ECM
              streams from one CA system. Without this option tsdecrypt always chooses the  first
              stream  from  the  chosen  CA  system.  Run tsdecrypt with --debug 2 and look at CA
              descriptors in PMT to see what CA streams are available.

       -v, --ecm-only
              Process ECMs but do not decode the input stream. This option is useful if you  just
              want  to  populate  you OSCAM DCW cache but do not want to waste CPU time on stream
              decoding.

       -H, --ecm-report-time <seconds>
              Set interval for ECM reports. The default is 60 seconds. Set to 0  to  disable  ECM
              reports.

       -G, --ecm-irdeto-type <int>
              Set the index of the IRDETO ECM stream. NOTE: This option is deprecated, better use
              --ecm-irdeto-chid.

       -2, --ecm-irdeto-chid <int>
              IRDETO CA sends ECMs mixed in single stream on single PID. In order to  select  the
              correct  ECM stream the so called CHID number is used. Oscam reports what CHIDs are
              activated in your card and tsdecrypt allows you to  set  the  correct  CHID  number
              using  this  option.  tsderypt reports what CHIDs are available in the incoming ECM
              stream. The CHID is 16-bit number (0x0000 - 0xffff).

       -K, --ecm-no-log
              Disable logging of ECMs and code words. Code word errors and stats reports are  not
              affected by this option.

       -J, --cw-warn-time <seconds>
              After how much seconds to warn if valid code word was not received.  The default is
              60 seconds. Set to 0 to disable the warning.

       -q, --ecm-and-emm-only
              Process ECMs and EMMs but do not decode the  input  stream.  This  option  combines
              --ecm-only  and  --emm-only  options. Use it if you want to populate your OSCAM DCW
              cache and keep your card entitlements updated but do not want to waste CPU time  on
              stream decoding.

       DEBUG OPTIONS

       -n, --ecm-file <file.txt>
              Read ECM from text file and send it to CAMD server for processing. This option must
              be used along with --caid and --input-service options.

              The file should be normal text file, the format of the file is described bellow.

       -m, --emm-file <file.txt>
              Read EMM from text file and send it to CAMD server for processing. This option must
              be used along with --caid and --input-service options.

              Bellow  is  an  example  text  file,  lines starting with # are ignored and also 0x
              prefixes are ignored. Any other symbol in the file is processed as hex  number.  An
              example file might look like this:

                  # comment
                  aa bb cc dd ee
                  ff 01 02 03 04
                  # Other comment
                  0x05 0x06 0x07

EVENTS

       Notification events are sent when --notify-program and --ident options are used. The event
       parameters are set as environmental variables before executing the  external  notification
       program. The variables are:

         _TS             Unix timestamp of the event.
         _IDENT          tsdecrypt ident parameter with "/" replaced by "-".
         _MESSAGE_ID     Event message id (for example START, STOP, etc...).
         _MESSAGE_MSG    Event message id with "_" replaced by " ".
         _MESSAGE_TEXT   Event message text. Human readable event message.

       currently defined events are:

         START           tsdecrypt was started.

         CODE_WORD_OK    Valid code word was received and decryption is
                         working ok.

         NO_CODE_WORD    No valid code word was received for X seconds. The
                         decryption process have been suspended until valid
                         code word is received.

         NO_EMM_RECEIVED    No EMM packet have been received for X seconds.

         INPUT_TIMEOUT   There was no data on the input.

         INPUT_OK        The data have appeared on the input.

         STOP            tsdecrypt was stopped.

       See notify-script.example for an example on how to create external notification program.

EXAMPLES

       To  get a quick start here are some example command lines. The default CA system is set to
       CONAX, you can change it using --ca-system parameter.
          # Decrypt multicast stream from 239.0.50.11:5000 using 10.0.1.1:2233
          # as camd server and output decrypted result to 239.78.78.78:5000
          tsdecrypt --camd-server 10.0.1.1 \
              --input 239.0.50.11:5000 --output 239.78.78.78:5000

          # Same as above but enable EMM processing
          tsdecrypt --emm --camd-server 10.0.1.1:2233 \
              --input 239.0.50.11:5000 --output 239.78.78.78:5000

          # Same as above but do not filter output stream thus allowing
          # EIT/TOT/NIT, etc tables to passthrough
          tsdecrypt --no-output-filter --emm --camd-server 10.0.1.1 \
              --input 239.0.50.11:5000 --output 239.78.78.78:5000

          # Choose program/service_id to decrypt. Useful when the input is MPTS
          tsdecrypt --camd-server 10.0.1.1 --input-service 1234 \
              --input 239.0.50.11:5000 --output 239.78.78.78:5000

          # Read stream over RTP and process VIACCESS encoded channel
          tsdecrypt --ca-system VIACCESS --emm --camd-server 10.0.1.1:2233 \
              --input-rtp --input 239.0.50.11:5000 --output 239.78.78.78:5000

          # Decrypt stream encypted with CAID 0x0963 (NDS, sky)
          tsdecrypt --camd-server 10.0.1.1 --ca-system NDS --caid 0x0963 \
              --input 239.0.50.11:5000 --output 239.78.78.78:5000

          # Send only EMMs to OSCAM for CAID 0x0963 (NDS, sky)
          tsdecrypt --camd-server 10.0.1.1 --emm-only --caid 0x0963 \
              --input 239.0.50.11:5000 --output /dev/null

          # Decrypt stream encypted with CAID 0x5581 (Bulcrypt)
          tsdecrypt --camd-server 10.0.1.1 --caid 0x5581 \
              --input 239.0.50.11:5000 --output 239.78.78.78:5000

          # Decrypt BISS encrypted stream
          tsdecrypt --biss-key 0x112233445566 --input 239.0.50.11:5000 \
              --output 239.78.78.78:5000

          # Decrypt file encypted with constant code word
          tsdecrypt --const-cw 0x00000000000000001111111111111111 \
              --input encrypted-file.ts --output file://decrypted-file.ts

          # Send ECM from file
          tsdecrypt --ecm-file ecm.txt --caid 0x5581 --input-service 12345 \
              --camd-server example.com

          # Decrypt IRDETO stream from Raduga (CHID == 0x0015)
          tsdecrypt --input 239.0.50.11:5000 --output 239.78.78.78:5000 \
                    --camd-server example.com \
                    --ca-system IRDETO --caid 0x0652 --ecm-irdeto-chid 0x0015

SEE ALSO

       See the README file for more information. If you have questions, remarks, problems or  you
       just want to contact the developer, write to:
         georgi@unixsol.org

       For more info, see the website at
              http://georgi.unixsol.org/programs/tsdecrypt/

AUTHORS

       Written by Georgi Chorbadzhiyski <georgi@unixsol.org>

LICENSE

       This program is free software; you can redistribute it and/or modify it under the terms of
       version 2 of the GNU General Public License as published by the Free Software Foundation.