1 files changed, 63 insertions, 0 deletions

diff --git a/scripts/cccam-version.nse b/scripts/cccam-version.nse
new file mode 100644
index 0000000..a7cdaf7
--- /dev/null
+++ b/scripts/cccam-version.nse
@@ -0,0 +1,63 @@
+local nmap = require "nmap"
+local shortport = require "shortport"
+local formulas = require "formulas"
+
+description = [[
+Detects the CCcam service (software for sharing subscription TV among
+multiple receivers).
+
+The service normally runs on port 12000. It distinguishes
+itself by printing 16 random-looking bytes upon receiving a
+connection.
+
+Because the script attempts to detect "random-looking" bytes, it has a small
+chance of failing to detect the service when the data do not seem random
+enough.]]
+
+categories = {"version"}
+
+author = "David Fifield"
+
+local NUM_TRIALS = 2
+
+local function trial(host, port)
+  local status, data, s
+
+  s = nmap.new_socket()
+  status, data = s:connect(host, port)
+  if not status then
+    return
+  end
+
+  status, data = s:receive_bytes(0)
+  if not status then
+    s:close()
+    return
+  end
+  s:close()
+
+  return data
+end
+
+portrule = shortport.version_port_or_service({10000, 10001, 12000, 12001, 16000, 16001}, "cccam")
+
+function action(host, port)
+  local seen = {}
+
+  -- Try a couple of times to see that the response isn't constant. (But
+  -- more trials also increase the chance that we will reject a legitimate
+  -- cccam service.)
+  for i = 1, NUM_TRIALS do
+    local data
+
+    data = trial(host, port)
+    if not data or seen[data] or #data ~= 16 or not formulas.looksRandom(data) then
+      return
+    end
+    seen[data] = true
+  end
+
+  port.version.name = "cccam"
+  port.version.version = "CCcam DVR card sharing system"
+  nmap.set_port_version(host, port)
+end