CCcam reshare: configuration of C/F lines and protocol
If you have set up a CCcam server and connected to several peers, sooner or later the question arises: how to properly organizeCCcam reshare: configuration so that the cards go to your clients instead of turning the network into a mess of loops and freezes. Let's break it down step by step — from the mechanics of hop to the actual config in/var/etc/CCcam.cfg.
What is reshare in CCcam and how does hop/depth work
Reshare is when your server takes a card received from a remote peer and distributes it further to its clients. That is, you not only consume cards from above but also transmit them down the chain. The mechanism is simple, but configuring it without understanding the hop parameters means running into problems.
The principle of resharing: from card to client through peers
The scheme looks like this: the provider has a physical reader with a card → your server connects to its CCcam server → your clients connect to you. The card is physically located at the source, and only ECM requests and CW responses (Control Words) go down the chain. Reshare is the transmission of these CW from your server to clients who are not connected to the source themselves.
The hop parameter: what do the values 0, 1, 2 mean
Hop is a counter of the "jumps" of the card from the source to the current node. A card inserted into a physical reader on the server hashop 0 (local). When you receive it through a C line from a peer — it comes to you ashop 1. If you distribute it to your client, for them it is alreadyhop 2. Each jump adds ECM delay — usually from 50 to 150 ms per node, depending on the hardware and load.
Depth and why it limits the chain
Depth is the maximum allowable hop value at which the card can still be distributed further. If the depth is 2, a card with hop 2 will not go to the next client. The parameter is set through downhops in the F line. It determines how deeply the card can "sink" down the distribution chain from your server.
How reshare differs from direct access to the card (local)
A local card (hop 0) is what you have in the reader directly on the server. It is the fastest, with minimal ECM time. A reshared card always goes through the network, and each node adds time. Providers often impose a limit on the maximum hop — for example, they do not accept cards with hop higher than 3. This is not a whim, but a protection against degradation of the ECM signal in long chains.
Configuring reshare in the CCcam.cfg file: F lines and values
All CCcam reshare configuration comes down to two types of lines in the config: C lines (client) receive cards from a peer, F lines (friend) distribute cards to their clients. They cannot be confused — these are fundamentally different directions of flow.
Location of the config: /var/etc/CCcam.cfg
The main config is located at/var/etc/CCcam.cfg. On some Linux distributions, you may encounter/etc/CCcam.cfg or/usr/local/etc/CCcam.cfg — it depends on how the package is built. Always check the actual path viaps aux | grep CCcam — there will be the key-c indicating the file.
Structure of the F line: F: { username password downhops uphops }
The format is as follows:
F: username password downhops uphops
username andpassword — the credentials of the client connecting to your server.downhops — how many levels the client can share your card further to their clients.uphops — how many levels of cards from the client you accept in exchange (in mutual sharing). A value of 1 for downhops means that the client receives the card and can pass it down to one more level. A value of 0 means the card is received but not shared further.
Global RESHARE directive and local per-user
You can globally enable reshare with a directive at the beginning of the config:
RESHARE: 1
This allows sharing by default for all F lines. But it can be overridden at the specific user level by adding before their F line:
RESHARE: 0
Then this specific user will not receive cards for further sharing, even if global RESHARE is enabled. The per-user setting overrides the global one — this is convenient when you have a mixed client base.
The parameter 'F: user pass 1 0' — share only your cards without receiving
The lineF: clientuser pass123 1 0 means: the client receives cards and can share them one more level down (downhops=1), but you do not accept anything from them (uphops=0). This is a typical scheme for one-way resharing — when you have cards, you share them, but do not want anything in return.
Example block for resharing a specific card
A working example of a minimal config with a C line for receiving and an F line for sharing:
# Receiving a card from a peer
After any changes to the config — be sure to restart the daemon. Via init.d:/etc/init.d/CCcam restart. Or forcefully:kill -9 $(pidof CCcam)&& CCcam. Without a restart, changes do not take effect — this is not nginx with reload.
Limiting and filtering resharing by cards and providers
Sharing all cards with everyone is a bad idea. Especially if you have local cards that should not go into reshare, or if you want to limit sharing by specific CAID.
Sharing only needed CAID/provid through F: { caid:provid }
CCcam supports filtering by CAID and provider directly in the F line. Syntax:
F: username password 1 0 { caid:provid }
For example, to share only Viasat cards (CAID 0x0500) from provider 0x040E00:
F: viaclient viapass 1 0 { 0500:040E00 }
You can list several separated by commas. Anything that does not match the filter will not be seen by the client — even if you have other cards on the server.
Prohibiting resharing of specific cards (sid/ident filters)
Filtering by SID (Service ID) works similarly — through the extended syntax of blocks. But honestly: in pure CCcam, this is implemented weaker than in OScam. If you need fine filtering by SID — it's better to consider OScam conversion (more on this below).
The parameter 'RESHARE: 0' to prohibit further sharing
If you need the client to not be able to share cards at all — setRESHARE: 0 before their F-line and both hop values to 0:
RESHARE: 0
This works like a "dead end" in the chain. The card reaches there and stays there.
The oscam.server file when working through OScam conversion
If part of your network operates through OScam, the resharing setup goes through/etc/oscam/oscam.server and/etc/oscam/oscam.user. Inoscam.server for the cccam reader, the parameter is added:
[reader]
The valuecccreshare = 2 means that OScam will share the received cards up to hop 2. Inoscam.user for each user similarly:
[account]
The hop logic is the same as in CCcam F-lines, but the syntax is different. In a mixed network (some peers on CCcam, some on OScam), this is one of the most common sources of confusion — people set hop on one side and forget to coordinate with the other.
Ports, protocol, and checking reshare operation
Setting up the config is half the battle. It is important to ensure that reshare is actually working, not just looking correct on paper.
The default CCcam port is 12000 and the directive SERVER LISTEN PORT
The standard CCcam port for exchanging with peers is —12000. In the config, it is set by the directive:
SERVER LISTEN PORT: 12000
This port must be open in the firewall and forwarded on the router if the server is behind NAT. The classic case: everything is set up, but the client is behind CGNAT and their port 12000 is not accessible from the outside — reshare from their side simply will not start. You can check the port's availability from an external machine usingnc -zv your.server.ip 12000.
CCcam protocol version 2.x.x and peer compatibility
The CCcam protocol version 2.x.x (currently 2.3.x) is the de facto standard. Compatibility issues arise when one server operates on an old version 2.0.x, while another on 2.3.x. Specifically, this manifests in incorrect transmission of hop values and truncation of the card list. If a peer "sees" fewer cards than it should — check the versions on both sides.
Viewing active cards in the web interface (port 16001)
The CCcam web interface is available on port16001. Open it in a browserhttp://your.server.ip:16001 — there is a tabShares shows all the cards that the server currently sees. For each card, CAID, provider, and the current hop value are displayed. This is the fastest way to ensure that the reshare has been raised and the card has reached the desired level.
If the card is in Shares with hop 1, but the client does not see it — the problem is in the F-line or RESHARE directive. If the card is not in Shares at all — the problem is with the C-line or the connection to the peer.
Diagnostic commands: line status, hop cards, ECM time
View the log in real time:tail -f /tmp/CCcam.log. It shows the ECM time for each request — a normal value is up to 500 ms, anything above 1000 ms is already alarming, above 2000 ms guarantees freezes. In the web interface, the tabECM info shows the average time for each card. If the ECM time for the reshare card is significantly higher than that of the same card from the source — the chain is too long.
Common reshare configuration errors and what DOES NOT work
Let's analyze the anti-patterns — what people most often do wrong.
Looping when two servers are mutually resharing
Classic loop: server A exchanges cards with server B, both with uphops=1. Server A gives a card to server B → B considers it its own and gives it back to server A → A receives the same card with hop increased by one. As a result, duplicates of the same card circulate in the network with different hop values, the load increases, and ECM requests start taking an suboptimal route.
Solution: when mutually exchanging, limit uphops from both sides. If A has a local card with hop 0, then B should accept it with uphops no more than 1, and when giving it back to server A — A should reject cards with hop >= 1 from B (that is, uphops=0 for the reverse direction). Set up mutual exchange asymmetrically — do not copy-paste the same F-line on both servers.
The card does not appear for the client: hop exceeded
If the card is in Shares on the server with hop 2, but the client does not have it — check downhops in the F-line. If downhops=1, the client will receive the card only if it comes with hop no higher than 1 (that is, local card + 1 hop). A card with hop 2 will not pass. Increase downhops to 2 or optimize the chain so that the card comes with a smaller hop.
Channel freezes due to a long hop chain
A long chain is not just a theory. In practice: hop 1 gives ECM time ~200–400 ms, hop 2 — 400–700 ms, hop 3 and above — it's already a gamble. Some channels start freezing at ECM time above 600 ms — especially channels with aggressive EMM or frequent CW changes. Reshare does not "fix" a slow source — if the card at the top gives 800 ms, further down the chain it will be 1200+ and freezes are inevitable.
Why 'F: user pass 0 0' blocks sharing
This is the most common confusion among beginners. The lineF: user pass 0 0 creates a user account, but with zero hops — they will not receive any cards. This is not "a client without a reshare," this is "a client without anything." If you want to give the user cards but prohibit further sharing — useRESHARE: 0 before the line, and leave downhops at 1. Or simply do not add the RESHARE directive, but set downhops=0 — then the client sees the cards but cannot pass them on.
And one more case: peer behind NAT/CGNAT. If the client has port 12000 closed and it is not forwarded — incoming connections to it do not pass. They can connect to your server through an outgoing connection, but they will not be able to raise a reverse channel for reshare. Port forwarding or a VPN tunnel is the only solution.
What do the numbers in the F-line CCcam.cfg mean?
The first number is downhops: how many levels down the client can share the received cards. The second — uphops: how many levels of cards from the client you accept in exchange. Format:F: user pass downhops uphops. A value of 0 in any position means a prohibition on the corresponding action. For example,F: user pass 1 0 — the client receives and can share one more level, but you take nothing from them.
How to share a card with a peer but prohibit them from resharing it further?
SetRESHARE: 0 before their F-line, or set downhops to 0:F: user pass 0 0. But keep in mind —0 0 gives the client cards (they see them), they just cannot pass them on. If you want "sees, uses, does not share" — this is the correct option.
Why is the client's card showing a large hop and the channels are freezing?
Each node in the reshare chain adds ECM delay — usually 50–200 ms per hop. With a hop of 3–4, the total ECM time can exceed 800–1200 ms, causing freezes. Solution: shorten the chain — connect directly to the card source or through fewer intermediate servers. Limit depth through downhops so that the card does not go too deep.
What port is needed for reshare in CCcam?
By default, CCcam uses port12000 for data exchange with peers (directiveSERVER LISTEN PORT: 12000). The web interface is available on port16001. Port 12000 must be opened in iptables/ufw and forwarded on the router if the server is behind NAT.
How to set up reshare in OScam instead of CCcam?
In the file/etc/oscam/oscam.server for the cccam reader, add the parametercccreshare = N, where N is the maximum depth of the reshare. In/etc/oscam/oscam.user the same parametercccreshare is set at the specific user level. The hop logic is identical to CCcam — just a different config syntax.
Why is the card not resharing, even though the F-line is specified?
Check the checklist: 1) the global directiveRESHARE: 1 is present in the config; 2) the C-line is actually receiving the card — visible in the Shares tab with hop > 0; 3) CAID/provid filters in the F-line match what is coming from the peer; 4) the CCcam daemon was restarted after editing the config — changes do not apply without a restart.
Practical checklist for smooth viewing
Even the best CCCam or OSCam line needs two or three simple preparations. Update your receiver firmware, reset the ECM cache once a week and keep 15–20% free space on the USB stick or internal flash so that the reader can store keys without delays.
When tuning a dish, aim for MER/BER reserve: a two‑degree offset or a loose F‑connector often causes the “freezing” that users blame on cardsharing. Keep a short patch cord to test alternative routers, and save two profiles in OSCam — one for TCP, one for UDP — so you can switch instantly if your ISP starts filtering a protocol.
Utgard.tv monitors each hub 24/7, but you can speed up diagnostics by keeping a short log of your receiver actions. Note the time when you changed the channel, which CAID was active and whether you used Wi‑Fi or Ethernet. This tiny “journal” helps engineers reproduce your environment in the lab and return with a solution in minutes instead of hours.
- Keep two line slots enabled: if the first server hits a maintenance window, the second one instantly takes over without re-entering credentials.
- Run a monthly speed and latency test. Stable 1–2 Mbps with ping <80 ms is enough for SD/HD, but if jitter exceeds 20 ms, switch the router to wired mode.
- Save the Utgard.tv status page and Telegram bot @utgard_tv_bot to bookmarks — they publish maintenance notices before SEMrush or uptime monitors raise alerts.