Cardsharing: setting up CCcam and OScam in 2026
If you are engaged in cardsharing, setting up CCcam OScam is the first topic you will need to thoroughly understand. An incorrect config, a closed port, or time desynchronization ruins everything. Here we will analyze each line, each parameter — without fluff and without advertising other services.
What is cardsharing and how does it work
The essence is simple: your receiver cannot decrypt the encrypted stream by itself — it does not have a physical smart card with a subscription. Instead, it sends a request (ECM) to a remote server where the card is available. The server decrypts and returns the Control Word — an 8-byte key. The receiver uses it to decode the picture.
The entire process takes milliseconds. If the delay exceeds ~400 ms — the screen starts to break up. It is fundamentally important to understand this before any setup.
How it works: ECM, CW, and Control Word
ECM (Entitlement Control Message) — an encrypted packet within the DVB stream that changes every 10–30 seconds depending on the broadcaster. The server receives the ECM, processes it through the physical card, obtains the Control Word, and sends it back to the client.
Control Word is the decryption key. Two CWs are transmitted simultaneously: even and odd, to ensure smooth switching. If even one arrives late — freeze.
Roles of the client and server
The server is a machine with a physical card (or several). The client is a receiver without a card that connects to the server via one of the protocols. In Enigma2, roles can change: the same OScam can act as both a client and a server simultaneously, forwarding CW further (resharing).
The chain can be longer: client → intermediate server → server with the card. Each jump is called a hop. The more hops, the higher the delay. A good line operates on hop 1–2, no more.
How CCcam, newcamd, and CS378x protocols differ
CCcam is a proprietary protocol from the namesake emulator. The port is chosen arbitrarily (in the C: line), most often 12000–12100. It is encrypted but not an open standard.
Newcamd operates on port 10000–10010 by default, old and widespread. It performs worse with modern encryption systems like Nagravision 3.
CS378x (also known as Camd35) — a UDP protocol, port 15000 by default. It is faster than newcamd but less common among providers. It is natively supported in OScam through the [cs378x] section.
Setting up the CCcam client on Enigma2
For those who are new to cardsharing, it is better to start with CCcam as a client. Simpler config, clear logic, fewer files.
Installing the package and location of CCcam.cfg
On most Enigma2 images (OpenATV, OpenPLi, OpenViX), CCcam is installed via the package manager or manually through ipkg/opkg:
opkg install CCcam
The config is located in/etc/CCcam.cfg. On some images — in/var/etc/CCcam.cfg. This is a common trap: you edit one file, but the softcam reads another. You can check which one is being used with the command:
ps | grep CCcam
And see with which parameter the daemon was started. If the path is different — changes in/etc/CCcam.cfg are simply ignored.
Syntax of the C: line (host port user pass)
The format of the CCcam client line looks like this:
C: hostname.example.com 12000 myuser mypassword no { 0:0:1 }
Field breakdown:
- C: — type of line, client connection
- hostname.example.com — server address (IP or domain)
- 12000 — port specified by the provider
- myuser / mypassword — credentials
- no — resharing:
noprohibits,yesor a number — allows N hops - { 0:0:1 } — optional filter by CAID:Provider:ServiceID;
0:0:1means all services
You can add several C: lines in a row — CCcam will try them in order. This works as failover, but only if the first server is completely unavailable, not just slow.
Status check via web interface on port 16001
After starting, CCcam raises the web interface on port 16001. Open in the browser:
http://192.168.1.100:16001
There you can see: connected servers, number of hops, status (CONNECTED / OFFLINE), list of available cards with CAID. If the server shows OFFLINE — check the logs and verify the port.
Restarting the daemon via:
/etc/init.d/softcam stop
Or shorter:/etc/init.d/softcam restart. On some softcam images — this is just a wrapper over a specific emulator.
Configuring the OScam server and client
OScam — another level. Open source, support for dozens of protocols, detailed logging. To understand cardsharing, configuring CCcam OScam in the context of OScam requires working with several configuration files simultaneously.
File structure: oscam.conf, oscam.server, oscam.user
All configs are in one directory. Typical paths:
/etc/tuxbox/config/oscam/— on older Enigma2 images/var/etc/oscam/— OpenATV, OpenPLi/etc/oscam/— if installed manually
Three main files:
oscam.conf— global settings, webif, server protocolsoscam.server— description of readers (sources of CW: cards, network connections)oscam.user— users to whom we grant access
Sections [cccam] and [webif] (port 8888)
Minimum workingoscam.conf:
[global]
Section[cccam] makes OScam a CCcam protocol server — clients with CCcam or another OScam will be able to connect to port 12000. Section[webif] raises the browser interface on 8888 — the most useful tool for diagnostics.
If OScam works only as a client (it connects to the server), the section[cccam] inoscam.conf can be removed.
Configuring reader and converting C: line to OScam
Each CW source is a reader inoscam.server. To connect to the CCcam server, we write:
[reader]
The parametergroup links the reader with users fromoscam.user. A user withgroup = 1 will gain access to the cards of this reader. This allows for routing: one user sees one CAID, another sees different ones.
Example entry inoscam.user:
[account]
The parameterau = 1 allows for automatic entitlement updates — without it, some channels may disappear after the broadcaster changes keys.
Diagnostics and solving typical errors
Most problems with cardsharing CCcam OScam setup are either incorrect configuration or network issues. Rarely, there are bugs in the software itself. We always start with the logs.
Reading logs of oscam and statuses CONNECTED/OFFLINE
Live log stream of OScam:
tail -f /tmp/oscam.log
Looking for lines with the reader's name. The normal picture looks like this:
2026/01/15 14:23:01 myserver CONNECTED to hostname.example.com (12000)
Problematic:
2026/01/15 14:23:01 myserver OFFLINE: Connection refused
“Connection refused” — port is closed or the server is not listening. “Connection timed out” — packets are not reaching at all, most likely due to a firewall or incorrect IP.
FREEZE errors, the picture breaks up, no entitlements
FREEZE is the most common complaint. Reasons in descending order of probability:
- High CW latency: the log shows “CW: OK (800 ms)” — too long, the norm is up to 300–400 ms
- Time desynchronization: if the time on the receiver differs from the server by more than 60 seconds, ECM starts to be rejected. Check:
dateon the receiver and compare with the real time. Fix: set up NTP viantpdate pool.ntp.org - Incorrect hop/distance: the server gives the card, but with hop 5 — add to the config
cccmaxhops = 3or higher - Connection limit: connected a second receiver — the first dropped. The provider limits to one active session
“No entitlements” means that the card on the server does not have rights for the requested channel. Either the subscription has expired, or the CAID does not match.
Problems with ports, NAT, and firewall
Check port availability from the receiver:
telnet hostname.example.com 12000
Or via netcat, if telnet is not installed:
nc -zv hostname.example.com 12000
If the connection cannot be established — the problem is network-related, not in the config. Look further: iptables on the server, port forwarding on the provider's router, possible port blocking by the ISP.
A separate story — server behind NAT. If your OScam server is at home behind a router, the client outside will not be able to reach it without port forwarding. You need to create a rule in the router: external port 12000 → internal IP of the server: 12000. Otherwise, the connection will only be outgoing, there will be no incoming clients.
Another nuance: the local card in the reader may conflict with the network reader in terms of priority. OScam uses the parametercaid andpriority in the reader's config. If the physical card has the same CAID as the network reader, OScam will go to the one with the lower numerical priority (0 = highest). Explicitly set priorities throughpriority inoscam.server.
How to choose a reliable cardsharing provider (criteria)
I won't name specific names here — the market changes quickly, and a recommendation today may be garbage tomorrow. But the selection criteria are stable.
Stability of uptime and ECM response time
The key indicator is the response time of the Control Word. A good server responds in 50–150 ms. Tolerable up to 300 ms. Above that, regular freezes are guaranteed.
Ping to the server is an indirect indicator. A server 30 ms away from you and a server 200 ms away will give different ECM times under the same load. Check the real ping:ping hostname.example.com. If it's more than 100 ms, it's already bad for critical channels.
The server uptime should be above 99% per month. Downtimes from 2–4 AM are one thing; daytime outages of 30 minutes are another. A good provider offers a status page or a Telegram channel with a history of incidents.
Supported protocols and local cards
It's important to understand which physical cards are on the server. Cards from one operator are one thing; if you have a satellite package from another broadcaster, you need their cards. The CAID of the cards must match those broadcasting the package you are interested in.
Protocol support: at least CCcam and newcamd. It's better if there's OScam-native (CS378x or mgcamd). Some modern encryption systems (for example, Nagravision 3 with NDS) require specific implementations — not every server can handle them.
Trial period and technical support
A normal provider gives a test line for 24–48 hours. During this time, you can really check: stability during prime time (7:00 PM–11:00 PM), behavior when watching multiple channels simultaneously, ECM time on specific packages.
Technical support should answer questions about the config, not just send a template config. If support cannot explain why you have no entitlements, that's a bad sign.
Frequently asked questions
What is the difference between CCcam and OScam?
CCcam is a closed proprietary emulator with its own protocol. The config is simple, setup is quick, but capabilities are limited. OScam is an open-source project that supports dozens of protocols (CCcam, newcamd, CS378x, gbox, and others), detailed logging, and flexible routing through groups. You can run OScam as a server with the CCcam protocol — then regular CCcam clients will connect to it without problems. Many experienced users have switched to OScam precisely because of its diagnostic capabilities.
What port does CCcam use by default?
For key exchange, CCcam uses the port from the C: line — most often it's 12000, but the provider can specify any other. The web interface of CCcam itself operates on port 16001. The web interface of OScam (webif) by default is port 8888, which can be changed in the [webif] section of the oscam.conf file.
Where is the CCcam.cfg configuration file located?
Most often/etc/CCcam.cfg. On some Enigma2 images (for example, some OpenATV builds) —/var/etc/CCcam.cfg. After any changes, a restart of the softcam is required:/etc/init.d/softcam restart. If changes are not applied, check which exact path the running daemon reads throughps | grep CCcam.
Why is the picture breaking up or is there a FREEZE?
There are several reasons. The most common: high response time of the Control Word (over 400 ms), unstable connection to the server, desynchronization of the system time on the receiver (critical — check viadate and configure NTP), incorrect value of hop/cccmaxhops, server overload, or exceeding the limit of simultaneous connections by the provider.
How to check if the client has connected to the server?
In CCcam — open a browser athttp://ip-receiver:16001, where the status of each server (CONNECTED/OFFLINE) and the number of available hops can be seen. In OScam — web interface on port 8888, section Services or Readers, the status of the reader should be CONNECTED. Additionally:tail -f /tmp/oscam.log will show the real picture in real time.
Is cardsharing legal?
Technically, cardsharing your own legal card for home use is a gray area. Using someone else's paid subscriptions violates the terms of the contract with the broadcaster and the laws of most countries. Responsibility lies with both the one who shares someone else's access and the one who uses it. This material is for informational and technical purposes only.
Practical checklist for smooth viewing
Even the best CCCam or OSCam line needs two or three simple preparations. Update your receiver firmware, reset the ECM cache once a week and keep 15–20% free space on the USB stick or internal flash so that the reader can store keys without delays.
When tuning a dish, aim for MER/BER reserve: a two‑degree offset or a loose F‑connector often causes the “freezing” that users blame on cardsharing. Keep a short patch cord to test alternative routers, and save two profiles in OSCam — one for TCP, one for UDP — so you can switch instantly if your ISP starts filtering a protocol.
Utgard.tv monitors each hub 24/7, but you can speed up diagnostics by keeping a short log of your receiver actions. Note the time when you changed the channel, which CAID was active and whether you used Wi‑Fi or Ethernet. This tiny “journal” helps engineers reproduce your environment in the lab and return with a solution in minutes instead of hours.
- Keep two line slots enabled: if the first server hits a maintenance window, the second one instantly takes over without re-entering credentials.
- Run a monthly speed and latency test. Stable 1–2 Mbps with ping <80 ms is enough for SD/HD, but if jitter exceeds 20 ms, switch the router to wired mode.
- Save the Utgard.tv status page and Telegram bot @utgard_tv_bot to bookmarks — they publish maintenance notices before SEMrush or uptime monitors raise alerts.