CCcam lines: setting up C-line and F-line on the receiver

If you received a line likeC: my.server.net 12000 user1 pass1 and don't know where to insert it and why the status isn't turning green — this article is for you. CCcam lines look simple, but there are many nuances: format, file encoding, paths on different Enigma2 images, access rights. We will go through everything in order — from the anatomy of the line to diagnostics via telnet.

What are CCcam lines and what does the line consist of

CCcam — a protocolcard sharing, where a physical smart card inserted into the server shares decryption keys (ECM responses) over the network. The client receives these responses and decodes the stream without having their own card. This is exactly what cccam lines are for — configuration lines that are written in the CCcam.cfg file or its equivalent in OScam.

The CCcam protocol and the principle of card sharing

A receiver with a CCcam emulator (or OScam with a reader type cccam) acts as a client. It connects to the server where your login is registered and receives ECM responses for the required CAID in real-time. All traffic goes over TCP through port 12000 by default.

The delay between the request and the response is the ECM time. It determines whether the picture will be smooth or start to freeze. More on this in the section about quality diagnostics.

Breaking down the fields of the C-line in order

The standard client line looks like this:

C: my.server.net 12000 user1 pass1

Breaking down the fields:

  • C: — the type of line, client connection (Client line). The colon and space are mandatory.
  • my.server.net — the server host, IP or domain name. DNS name is preferable if the server has a dynamic IP.
  • 12000 — port. By default 12000, but the server can use any other.
  • user1 — login, case-sensitive.User1 anduser1 — different accounts.
  • pass1 — password, also case-sensitive.

Optionally, the line may contain extended parameters:

C: my.server.net 12000 user1 pass1 no { 0 0 0 }

The flagno prohibits sharing from this client to other clients. The block{ 0 0 0 } sets share limits: maximum hops, downhops, and uphops. Zeros mean "no restrictions." For most client configurations, these parameters can be omitted.

How C-line differs from N-line and F-line

Confusion here is common. Here is a clear distinction:

  • C-line — client line. You write it down to connect to someone else's server.
  • F-line — friend line, server line. It is written on the CCcam server to register a client who is allowed access. Format:F: username password. This is what the server gives you along with the C-line.
  • N-line — newcamd protocol line, a completely different protocol. The format is fundamentally different:N: host port username password deskey, where deskey is a 14-byte encryption key. It should not be confused with CCcam.

What the parameters after the host and port mean

Some providers send lines with additional blocks — for example, with CAID restrictions or explicit share-level indications. If you see something non-standard after the password — do not delete it without understanding. It is better to first check if the daemon actually starts with this line in the logs.

Where to write lines: CCcam.cfg and paths on the receiver

This is the place where most stumble. There are several paths depending on the image and build.

Location of CCcam.cfg in Enigma2

Main paths for different builds:

  • /var/etc/CCcam.cfg — standard for most modern Enigma2 images (OpenATV, OpenVision, OpenPLi).
  • /etc/CCcam.cfg — found in older builds and some Dreambox receivers.
  • /usr/keys/CCcam.cfg — used on receivers with an alternative key manager, for example, in some builds for VU+.
  • /etc/tuxbox/config/CCcam.cfg — rarely, but found in historical builds for Dreambox DM800.

If unsure — perform a search:find / -name "CCcam.cfg" 2>/dev/null. You will find it in a second.

File structure and order of lines

The CCcam.cfg file is text-based, each directive on its own line. Order: first server settings (BIND PORT, etc.), then C-line. Example of a minimal working config:

SERVER LISTEN PORT : 12000

Two moments that silently ruin the configuration. The first — encoding with BOM. If you edited the file in Windows Notepad and saved it as UTF-8 with BOM, the CCcam daemon quietly does not read the first line. Use Notepad++ with explicit selection of "UTF-8 without BOM" or any Linux editor. The second — line endings CRLF (Windows). Convert viados2unix /var/etc/CCcam.cfg.

Permissions are also important:chmod 644 /var/etc/CCcam.cfg. If the file is unreadable for the daemon — there will be no connection.

Configuring the same line in OScam via server

OScam works differently — it does not have a single CCcam.cfg. Client connection to the CCcam server is configured in the file/etc/oscam/oscam.server through the reader block:

[reader]

Fieldcaid restricts the reader to only the necessary systems — this is a good practice, reduces unnecessary requests.group must match the group in oscam.user for your clients.ccchop — is analogous to hop restriction, 2 means to accept cards no deeper than the second hop.

The OScam web interface is by default available on port 8888 (or 83 in some builds). The status of the reader is also visible in real time there.

Applying changes and restarting the daemon

After editing CCcam.cfg, the daemon needs to be restarted. Options:

# Hard kill with restart via init.d

For OScam, restart via the web interface (section "Restart") or with the commandkillall -HUP oscam — this is a softer option that re-reads the configs without fully dropping connections.

Connection diagnostics: why the line is not active

Configured, restarted, but the status still doesn't turn green. Here is an algorithm that works.

Checking the status in the web interface and logs

The CCcam web interface usually hangs on port 16001: openhttp://<ip-receiver>:16001. The status of each C-line is visible there: green — connected, yellow — connecting, red — error. For OScam, see the Readers section on port 8888.

CCcam logs by default go to/tmp/CCcam.log. For OScam, enable debug level in oscam.conf:loglevel = 64, the log will be in/tmp/oscam.log. Check the tail of the file:tail -f /tmp/oscam.log — you will see requests and responses in real time.

Port test via telnet and ping

Before digging into the config — make sure the port is actually accessible from your receiver:

ping my.server.net

Ping passed, but telnet hung — the port is closed or the firewall is blocking it. This often happens with double NAT: your provider is behind CGNAT and blocks outgoing connections to non-standard ports. In this case, ask the provider to allow the connection, or use a server with port 80/443 — they are usually not blocked.

Telnet immediately closed the connection with an error — the port is open, but the login is incorrect or the IP is blocked on the server.

Error decoding: connecting, no card, login failed

Three main states that people come for help:

  • Connecting (endlessly) — TCP connection is not established. Reason: incorrect host/port, firewall, server offline. Check telnet.
  • Login failed — connection exists, but the server rejects authentication. Incorrect login or password (remember about case sensitivity), or your account is deactivated on the server.
  • No cards / Connected, 0 cards — connected successfully, but the required CAID is not available on the server. The picture will be black. Check with the provider which CAIDs they share.

A separate case — the line is active, CAID is present, SD channels work, but HD is freezing. This is already a story about ECM time, not about connection.

Problems with hops and share

Hop — is the number of intermediate servers between the physical card and your receiver. Hop 1 means a direct connection to the server with the real card. Hop 2 — the card is already through one intermediate server (reshare). Hop 3 and above — through two or more intermediaries.

The more hops, the higher the ECM delay. In practice, hop 2 is still tolerable, hop 3+ on HD channels with frequent key changes (HBO, sports packages) — guaranteed freezes. In OScam, the hop level of each sharing resource can be seen in the Shares section.

Another reason for freezes — multiple receivers with one login. Most servers limit one simultaneous connection per account. When a second connection is made, the first session is reset, both clients experience interruptions.

Quality parameters: ECM time, freezes, and stability

What is ECM time and what values are normal

ECM time — the time from the moment of the decryption key request to receiving a response from the server. Measured in milliseconds. Visible in the OScam web interface in the "ECM" column for each channel.

Practical ranges: up to 300 ms — excellent, the picture is smooth; 300–600 ms — normal for most channels; 600–1000 ms — on channels with fast key changes, short blocks will start to appear; above 1000 ms — freezes will be regular, especially on HD and sports broadcasts.

Causes of freezes on sports and HD channels

Sports HD channels, like those with football broadcasts, change ECM keys every 10–30 seconds. If the response from the server does not arrive before the key change — you get a block on the screen. On news SD channels, key changes are less frequent, so they work even at 800 ms.

Main reasons for high ECM time: a large number of hops, overloaded server (too many clients on one card), slow internet channel between your receiver and the server, or a geographically distant server.

Setting reader priorities in OScam

If you have multiple readers (multiple cccam lines or a mixed configuration), OScam allows you to set priorities. In the file/etc/oscam/oscam.services you can bind specific CAIDs and providers to groups of readers. And in oscam.conf, the parameterpreferlocalcards = 1 gives preference to local cards over network ones.

The parameterlb_mode in oscam.conf manages the load balancer. The valuelb_mode = 1 selects the reader with the minimum ECM time based on history. It really works — OScam itself "remembers" which reader responds faster for a specific CAID and directs requests there.

Caching (cache) and cacheex

OScam supports caching ECM responses: if one client has already requested the key for a given event and received a response, the second client will get it from the cache without re-requesting it from the server. This reduces load and response time for repeated requests.

CacheEx — an extended version that exchanges cache between multiple OScam servers over the network. It helps if you have multiple servers in a local network or partners with cacheex peering. But honestly: if you have one client and one server — cacheex will not provide a noticeable effect. It is not worth setting it up for one receiver.

How to choose a source of lines: criteria without names

There will be no names of services here — there are plenty and they change. Instead, here are the criteria by which you can evaluate any source of cccam lines yourself.

What to look for: uptime, local cards, hop 1

The first and foremost — the presence of local cards (hop 1). This means that the physical card is located directly on the server you are connecting to. No intermediaries, minimal ECM time. Ask the provider directly: "Is this local or reshare?"

Server uptime — the second criterion. A server that goes down every week is useless for normal viewing. Normal uptime is 99%+ per month, which means no more than ~7 hours of downtime per month. It is difficult to check this in advance, so a trial period is important.

Also, check that the server covers the CAIDs and packages you need. There are servers with excellent uptime but covering only one satellite or one package. Make sure your channels are there.

Signs of an unstable source

Red flags that are visible within the first hours of testing:

  • ECM time jumps from 100 to 2000 ms over the course of an hour — the server is overloaded or the channel is unstable.
  • The status "connecting" repeats every few minutes — the server is periodically rebooting or losing connection.
  • Channels appear and disappear in the web interface — unstable upstream at the server itself.
  • HD channels work at night but freeze during prime time — too many clients on one card, the server cannot handle the load.

Legal and technical risks

Card sharing is in a legal gray area in most countries. The essence is that using someone else's card without the consent of the rights holder violates the licensing agreements of broadcasters. In several European countries, this is explicitly criminalized. Technically, legitimate card sharing is considered only when you share your own legal card within your household — for example, between several receivers on one subscription.

There are also technical risks: your IP address is visible to the servercard sharing, traffic is transmitted in plain text (without encryption in basic CCcam), and if the server is compromised, your credentials may leak.

Testing period and verification before use

The normal testing period is from 24 to 72 hours. During this time, you will be able to check both daytime and nighttime loads, and behavior during prime time. During the test, look not only at "works / does not work," but also at ECM time in the OScam web interface — it should be stable, not jumping.

Check specific channels that are important to you personally. The overall status "line is green" does not indicate whether your specific CAID is on the server and at what quality.

What is the format of CCcam C-line?

Standard format:C: host port username password. For example:C: my.server.net 12000 user1 pass1. The colon after C is mandatory, spaces between fields must be single. The login and password are case-sensitive —User1 anduser1 are different. Optionally, at the end, you can add the flagno and the block{ 0 0 0 } for managing resharing, but this is not required for client connection.

What is the difference between C-line and F-line?

The direction is opposite. C-line (Client line) is written on your receiver — it is an instruction "connect to this server with this login." F-line (Friend line) is written on the CCcam server — it is a permission "this user is allowed access." When you take a line from a provider, they add the F-line on their server and send you the corresponding C-line. You only insert the C-line into your CCcam.cfg.

Why does the line show connecting and does not connect?

Order of verification: firstping host — if there is no response, there is a problem with DNS or the server is offline. Thentelnet host 12000 — if it hangs, the port is closed (firewall on the internet provider's or server's side). If telnet disconnects immediately — the port is open, but the login/password is incorrect. Additionally, check the date and time on the receiver — if the time is off, ECM cannot be decrypted and the line may not come up at all.

What port does CCcam use by default?

The CCcam protocol uses port 12000 TCP. The web interface of CCcam itself is usually on 16001. OScam webif — on 8888 or 83 depending on the build. In OScam, the server port is set in the device field of the reader block:device = host,12000. If the receiver is behind a router — make sure that outgoing connections to port 12000 are not blocked. In case of double NAT, a different port (80 or 443) may be required if the provider filters non-standard ports.

What does hop 1 mean and why is it important?

Hop 1 means that your receiver receives ECM responses directly from the server with the physical smart card — without intermediate proxy servers. This results in minimal latency and maximum stability. Hop 2 means the card goes through one intermediate server (reshare), resulting in higher latency. Hop 3 and more — practically guaranteed freezes on HD channels with rapid key changes. For normal viewing, aim for hop 1 or at most hop 2.

Where to insert the CCcam line on the Enigma2 receiver?

In the file/var/etc/CCcam.cfg — this is the standard path for OpenATV, OpenPLi, OpenVision. On older Dreambox it may be/etc/CCcam.cfg, on VU+ with some builds —/usr/keys/CCcam.cfg. After editing, be sure to restart the daemon:killall -9 CCcam&& /etc/init.d/ccam start. If you are using OScam instead of CCcam — write it in/etc/oscam/oscam.server through the block[reader] withprotocol = cccam.

Practical checklist for smooth viewing

Even the best CCCam or OSCam line needs two or three simple preparations. Update your receiver firmware, reset the ECM cache once a week and keep 15–20% free space on the USB stick or internal flash so that the reader can store keys without delays.

When tuning a dish, aim for MER/BER reserve: a two‑degree offset or a loose F‑connector often causes the “freezing” that users blame on cardsharing. Keep a short patch cord to test alternative routers, and save two profiles in OSCam — one for TCP, one for UDP — so you can switch instantly if your ISP starts filtering a protocol.

Utgard.tv monitors each hub 24/7, but you can speed up diagnostics by keeping a short log of your receiver actions. Note the time when you changed the channel, which CAID was active and whether you used Wi‑Fi or Ethernet. This tiny “journal” helps engineers reproduce your environment in the lab and return with a solution in minutes instead of hours.

  • Keep two line slots enabled: if the first server hits a maintenance window, the second one instantly takes over without re-entering credentials.
  • Run a monthly speed and latency test. Stable 1–2 Mbps with ping <80 ms is enough for SD/HD, but if jitter exceeds 20 ms, switch the router to wired mode.
  • Save the Utgard.tv status page and Telegram bot @utgard_tv_bot to bookmarks — they publish maintenance notices before SEMrush or uptime monitors raise alerts.