CCcam lines: setup, format, and connection in 2026

If you have already installed CCcam or OScam on your receiver and are looking at a line likeC: somehost.net 12000 myuser mypass, not understanding what to insert where and why the channels are not opening — this material is for you. We will break down cccam lines into parts: syntax, configs, diagnostics, and transfer to OScam. No fluff.

What is a CCcam line and what does it consist of

A CCcam line is a connection string that describes the server address, port, username, and password for accessing a shared card. The CCcam protocol operates on a client-server model: the server holds the physical smart card, the client connects and receives decryption keys (ECM) in real-time.

The line looks like this:

C: hostname.example.com 12000 username password

Each field has a meaning. Let's break it down in order.

Format of C-line: C: host port username password

C: — the type marker of the line, indicates to CCcam that this is an incoming connection (Client). The colon is mandatory, and there should be a space after it as well.

hostname/IP — the server address. This can be an IP (for example,91.108.4.55) or a domain name (cards.example.net). If the server operates on a dynamic IP — a DDNS address must be specified, otherwise, the connection will simply drop when the IP changes. This is one of the common reasons why a line suddenly stops working.

port — the TCP port of the server. By default, CCcam uses 12000, but the server can be configured to any other. If the port is non-standard, and your internet provider blocks non-standard ports — that's it, there will be no connection.

username / password — credentials. Case-sensitive.MyUser andmyuser — are different users. A space is a field separator, so a space in the username or password will break the line.

Some implementations support the fifth and sixth parameters — the reshare and want_emu flags. But in the basic format of CCcam.cfg, they are optional and set through F-line or global config settings.

Difference between C-line and N-line (Newcamd) and other lines

N-line is a line of the Newcamd protocol. The syntax is different:

N: hostname port username password deskey caid ident

Newcamd requires a 14-byte DES key and explicit specification of CAID and provider identifier. This is an old protocol that was used even before the widespread adoption of CCcam. OScam supports both, but for most modern distributions, cccam lines are used.

There is also M-line (MGcamd) and Gbox — separate protocols with a different format. Do not confuse them.

Where additional flags (no/yes for reshare) are specified in the line

In the fileCCcam.cfg reshare is managed not at the C-line level, but globally through the directiveRESHARE or at the F-line level (access grant lines for clients). If the server issues a card with reshare = 0, you will not be able to forward it further — and this is normal practice for hop-1 servers.


Where to write the line: CCcam and OScam configuration files

We received the line — now we need to understand where to insert it. It depends on what you have: pure CCcam or OScam.

Path to CCcam.cfg (/var/etc/CCcam.cfg, /usr/keys/CCcam.cfg)

On most Enigma2 images (OpenATV, OpenPLi, OpenVision), the config is located at one of these paths:

  • /var/etc/CCcam.cfg — the most common path on modern images
  • /usr/keys/CCcam.cfg — old images like Gemini or PLi 2.x
  • /etc/tuxbox/config/CCcam.cfg — found on some builds for Dreambox

Open the file via FTP (for example, FileZilla with a connection via the receiver's IP) or directly via SSH. Insert the C-line anywhere in the file — CCcam reads all lines at startup. Comments start with#.

Example of a working fragmentCCcam.cfg:

# Connection to the server

C-line in OScam: section [reader] and protocol = cccam in oscam.server

If you are working through OScam (which is the preferred option for advanced configurations), the C-line is transferred to the file/etc/oscam/oscam.server. The format is completely different:

[reader]

Parametercccversion — this is the version of the CCcam protocol that OScam will present when handshaking with the server. If the server expects a specific version, and you specified another — the connection will be established, but the cards may not come. A typical problem: the server is built for CCcam 2.3.0, and you specify2.0.11 — then you need to manually adjust the value. Try2.1.4 or2.3.0.

cccmaxhops limits the maximum depth of forwards that OScam will accept from this server. Setting it higher than 2 makes little sense.

Restarting the daemon and applying changes

After editing the config, changes are not applied automatically. A restart is needed:

# Via init.d (Enigma2)&& CCcam&

Through the OScam web interface (port 8888), you can perform a "Restart" without SSH. The CCcam webif (port 16001) does not have this function — only a restart through the console.


Server configuration: sharing lines and reshare parameters

If you are not just a client but are sharing cards with others — you need F-lines and the correct reshare configuration. Let's break it down.

F-line: F: user password uphops downhops

The F-line is added toCCcam.cfg and creates a user who is allowed to connect to your server:

F: clientuser clientpass 1 0 0 0 0

Fields after the username and password:

  • uphops — how many hop levels "up" the client can see (usually 1)
  • downhops — whether the client is allowed to forward further (0 = not allowed)
  • The other parameters are filters by CAID, ident, provider (0 = no restrictions)

Managing hop and reshare depth

Hop is the number of forwards from the physical card to your receiver. Hop 1 means a direct connection to the server holding the card. Hop 2 — an intermediate server. The higher the hop, the higher the latency and the more unstable the picture on HD channels.

In CCcam.cfg, the global reshare parameter:

RESHARE: 1

A value of 0 means no forwarding at all. 1 — allows forwarding one level down. If you receive a card with hop 1 and reshare = 1, your client will receive it with hop 2.

Security recommendation: do not set reshare higher than 1 unless there is a clear need. The more clients in the chain — the higher the load on the source server and the greater the likelihood that you will be disconnected.

Server port and port forwarding on the router

By default, CCcam listens on port12000. For the web interface —16001. The Telnet interface (if enabled by the directiveALLOW TELNET: yes) — port16000.

If clients connect via the internet and not over the local network — port forwarding on the router is mandatory. This is a standard procedure in the web interface of any router: specify external port 12000 → internal IP of the receiver → port 12000. Without this, the server will be inaccessible from outside the NAT. This explains the situation when the line works locally but does not activate over the internet.

If the provider blocks port 12000 for incoming connections (this happens with mobile operators) — change the port inCCcam.cfg using the directiveSERVER LISTEN PORT: 15000 and update the forwarding on the router.


Diagnostics: why the line is not working

The line is configured, the daemon is running, but the channels do not open. Let's break it down step by step.

Checking the status via the CCcam web interface (port 16001) and OScam (port 8888)

Open in your browserhttp://IP_receiver:16001 — this is the CCcam web interface. In the "Servers" section, look at the status color:

  • Green — connection is active, cards are visible
  • Yellow — connection exists, but no cards (server is empty or CAID does not match)
  • Red — no connection at all

In OScam (http://IP_receiver:8888) go to "Readers" and check the "Status" column. You can also see the number of active cards and the average ECM time in milliseconds.

Log reading: connected, no card, badlogin

The CCcam log is by default written to/tmp/cccamd.log. View in real time:

tail -f /tmp/cccamd.log

Key messages and their meanings:

  • connected to server — TCP connection established
  • login failed orbadlogin — incorrect login or password. Check the case
  • no card available — the server does not have a card for your CAID
  • ECM time: 850ms — too much delay, freezes are inevitable. The norm is up to 400 ms
  • connection closed by server — the server terminated the connection. Reasons: session duplication (you logged in with the same login from another receiver), exceeding the limit, or the server crashed

An important point about duplication: CCcam terminates the old session when a new connection is made with the same login. If one user is used on two receivers simultaneously, the sessions will constantly kill each other.

Telnet and connection check commands

A simple way to check the port availability before loading the entire CCcam:

telnet cards.example.net 12000

If the connection is established and you see binary garbage — the port is open, the server is responding. IfConnection refused — the port is closed or the server is not running. If it just hangs — the firewall silently drops packets (this is worse than an explicit refusal).

On Linux/Windows, you can usenc (netcat):

nc -zv cards.example.net 12000

Another case from practice: the server responds to telnet, the connection is in the log, but the channels do not open. This most often indicates a protocol version mismatch. Inoscam.server try changingcccversion — first2.0.11, then2.1.4, then2.3.0. Restart after each change and check the log.


How to choose a source for lines: technical criteria without advertising

I won't name specific services — it doesn't make sense because the situation changes, and advertising is inappropriate here. Instead, I will provide criteria by which you can evaluate any source of cccam lines yourself.

Stability of hop 1 and low ECM time

Hop 1 is the main criterion. When you are offered cccam lines, clarify: is this direct access to the card or forwarding through an intermediate server? Hop 2 on HD channels with high bitrate (for example, FHD at 11-12 Mbps) almost guarantees periodic freezes.

ECM time is the time it takes for the server to respond to the decryption request. Check it in the OScam webif or in the log. The norm is up to 400 ms. Anything above 600 ms is unstable. Above 1000 ms — channels will freeze with every zapping.

Testing is simple: switch to a channel with an HD stream, open the OScam webif, tab "ECM". Look at the value in the "Last" column. If it jumps from 200 to 1500 ms — the source is unstable.

Support for necessary caid/providers and local cards

CAID is the identifier of the conditional access system. For example, Viaccess —0500, Nagravision —1800, Irdeto —0600. If the server distributes a card with CAID0500, and your satellite package uses1800 — you will get nothing, although the connection will be green.

Before subscribing (or before testing the free period), clarify the specific CAID and provider identifier. In the OScam webif, this is visible in the "Entitlements" section after a successful connection.

Server uptime and adequate reshare limits

Normal uptime for a serious server is from 99% per month. It is difficult to check this yourself before starting to use it, but an indirect sign is the presence of uptime monitoring on the service page. If it is not there — that is already a signal.

Reshare limits are also important: if the server allows 5 simultaneous forwards for one user, it means you can share the line with 5 receivers or clients. But remember — the longer the chain, the higher the latency for the end clients.

And one more point: check that the uptime specifically concerns the CAID you need. The server may work 99% of the time, but a specific card for your package may have interruptions.


What is the difference between C-line and N-line?

C-line works on the CCcam protocol. N-line works on Newcamd. These are fundamentally different protocols: N-line requires a 14-byte DES key and explicit indication of CAID and provider ident code. Syntax:N: host port user password 14_byte_key. Newcamd is older and used less frequently, but OScam supports both. They cannot be confused — CCcam will not accept N-line as an incoming connection.

What default port does CCcam use?

For card sharing — port12000. For the web interface —16001. Telnet (if enabled) —16000. All this is set inCCcam.cfg through the directivesSERVER LISTEN PORT and similar. When working over the internet, port forwarding on the router is needed — without it, the server will be inaccessible from outside NAT.

Why did the server connect, but the channels do not open?

The green status only means that there is a TCP connection. To open channels, a card with the required CAID is also needed. Typical reasons: the server does not have a card for your satellite package, the card exists but is on hop 2+ and ECM time is above 600 ms, or a specific provider is not included in the sharing. Open OScam webif → Readers → check "Entitlements" and "ECM".

How to write a CCcam C-line in OScam?

In the file/etc/oscam/oscam.server add the block:[reader],label = name,protocol = cccam,device = host,port,user = login,password = password,group = 1. If necessary, addcccversion = 2.0.11 andcccmaxhops = 2. After saving — restart OScam.

What do the hop numbers in the line and log mean?

Hop — the number of servers in the chain from the physical smart card to your receiver. Hop 1 — direct connection to the server with the card, minimal delay. Hop 2 and above — intermediate servers add delay and instability. For HD channels, hop 1 is critical. The hop value can be seen in the CCcam webif in the "Cards" section next to each CAID.

Where is the CCcam.cfg file located?

It depends on the image: on OpenATV, OpenPLi, OpenVision — most often/var/etc/CCcam.cfg. On old images like Gemini —/usr/keys/CCcam.cfg. On Dreambox with tuxbox —/etc/tuxbox/config/CCcam.cfg. After any file modification, a softcam restart is needed:/etc/init.d/softcam restart.

Practical checklist for smooth viewing

Even the best CCCam or OSCam line needs two or three simple preparations. Update your receiver firmware, reset the ECM cache once a week and keep 15–20% free space on the USB stick or internal flash so that the reader can store keys without delays.

When tuning a dish, aim for MER/BER reserve: a two‑degree offset or a loose F‑connector often causes the “freezing” that users blame on cardsharing. Keep a short patch cord to test alternative routers, and save two profiles in OSCam — one for TCP, one for UDP — so you can switch instantly if your ISP starts filtering a protocol.

Utgard.tv monitors each hub 24/7, but you can speed up diagnostics by keeping a short log of your receiver actions. Note the time when you changed the channel, which CAID was active and whether you used Wi‑Fi or Ethernet. This tiny “journal” helps engineers reproduce your environment in the lab and return with a solution in minutes instead of hours.

  • Keep two line slots enabled: if the first server hits a maintenance window, the second one instantly takes over without re-entering credentials.
  • Run a monthly speed and latency test. Stable 1–2 Mbps with ping <80 ms is enough for SD/HD, but if jitter exceeds 20 ms, switch the router to wired mode.
  • Save the Utgard.tv status page and Telegram bot @utgard_tv_bot to bookmarks — they publish maintenance notices before SEMrush or uptime monitors raise alerts.