CCcam.cfg: configuration settings and parameters in 2026

Filecccam cfg is the single point of configuration for the entire daemon: client connections, local cards, server ports, access rights. If even one parameter is written incorrectly, CCcam either does not start at all or hangs in CONNECTING and remains silent. In this article, I will break down the format line by line, with real examples and explanations of each field.

What is the CCcam.cfg file and where is it located

Upon startup, the daemon searches for the config in several paths. The priority order is fixed: first/usr/keys/CCcam.cfg, then/var/etc/CCcam.cfg, then/etc/CCcam.cfg. This is a common trap: you edit/etc/CCcam.cfg, but you have an outdated file on your receiver in/usr/keys/ — and all edits are silently ignored. Check all three paths before making any changes.

After each edit, a restart of the daemon is required. On Enigma2 systems, this is usually/etc/init.d/CCcam restart orkillall -HUP CCcam. Simply saving the file is not enough — the config is read only at startup.

File location on different images (Enigma2, OpenATV, Linux)

On OpenATV and most Enigma2 images, the working path is/etc/CCcam.cfg. On some older images for Dreambox, the file is expected in/var/etc/CCcam.cfg. On a clean Linux server (Debian, Ubuntu), the daemon most often looks in/etc/CCcam.cfg, but it depends on how the package was built. Check the daemon startup line in/etc/init.d/CCcam orsystemd units — the path to the config is usually explicitly specified with the key-c.

Access rights and file encoding

The file must be readable by the daemon. Standard permissions —chmod 644 for the file itself and755 for the directory. If CCcam is run as root, this is not critical, but on configured systems with a separate user, permission mismatches will kill the startup without any clear errors.

Encoding — strictly UTF-8 without BOM. Line endings — only LF (Unix style), not CRLF. This is one of the most common reasons why the config "does not apply" after editing in Notepad or any other Windows editor. The file looks fine to the eye, but inside it has CRLF — and CCcam cannot parse the lines. Use Notepad++ with explicitly set "Unix (LF)", VS Code, ordos2unix CCcam.cfg directly on the receiver.

BOM (Byte Order Mark at the beginning of the file) — another silent killer. UTF-8 with BOM looks like regular text, but the first three bytes of the file will beEF BB BF, and the config parser will not recognize the first line.

How CCcam.cfg differs from CCcam.channelinfo and CCcam.providers

CCcam.channelinfo contains the mapping SID→channel name — this is purely cosmetic for the web interface, it does not affect the operation of the shares.CCcam.providers defines provider descriptions by CAID. Both files are optional. Without them, CCcam works fine, just in WebInfo channels will be shown without names.

Syntax of CCcam.cfg lines: C, N, F, L

Each line in the file starts with a type (letter and colon), followed by parameters separated by spaces. Empty lines and lines with# at the beginning — are comments and are ignored. An extra space at the beginning of the line, a tab instead of a space, or a space before the colon — and the line is not recognized. The CCcam parser does not forgive deviations from the format.

Client line C: host port username password

This is the most common line incccam cfg — connecting to a remote card server.

C: server.example.com 12000 mylogin mypassword yes no { 0:0:2 }

Let's break down each field:

  • server.example.com — hostname or IP of the server
  • 12000 — port (standard for CCcam, but can be anything)
  • mylogin — username
  • mypassword — password
  • yes (first boolean) —wantemus: whether to request EMU cards from the server. Almost alwaysno on the client side — if you setyes, the server can send emulated cards, which is mostly useless
  • no (second boolean) —resharing the card back / reshare: whether to allow forwarding cards from this server to your peers.yes opens re-export,no blocks. If unsure — set tono
  • { 0:0:2 } — an optional SID/CAID filter in curly braces. In this example, it restricts the connection to cards with a hop level no higher than 2

Two duplicate C-lines with the same host:port — a direct path to conflict. CCcam will try to open two connections to one server with the same credentials, the server will likely drop one of them, and you will see constant reconnections.

Line N (Newcamd) and DES key parameters

Line N is used for connecting via the Newcamd protocol — it is used by some OScam servers and old Newcs servers.

N: server.example.com 15000 mylogin mypassword 01 02 03 04 05 06 07 08 09 10 11 12 13 14

After the password comes a 14-byte DES key in hex — two characters per byte separated by spaces. The key must exactly match what is set on the server. The standard test key is all01 or00, but on production servers it is always unique. If the key does not match — authorization will fail without a clear explanation in the log.

Local lines F and card sharing with peers

Line F creates a local account — that is, it allows a specific user to connect to your CCcam server.

F: peerlogin peerpassword yes { 0:0:2 }

The first two fields are the peer's login and password. The boolean value — whether to allow the peer to reshare your card further. In curly braces — hop limit and CAID filter. There can be multiple F lines — one for each peer.

Line L — a local card, inserted physically or through an emulator. The format depends on the version of CCcam, in most cases, it is generated automatically when a card is detected and is not edited manually.

Additional flags: no { } and wantemus

Curly braces at the end of line C or F — an optional block of restrictions. You can write CAID:providerid, hop level, SID list there. Example with multiple filters:

C: server.example.com 12000 user pass no no { 0500:000000 0:0:1 }

Here, only cards with CAID0500 (Viacess), with a maximum hop of 1 are requested. If the braces are empty{ } or completely absent — there are no restrictions, everything that the server provides is accepted.

Wantemus — a specific flag for requesting EMU cards (software emulators). In real client configs, it is almost always set tono. Enablingyes does not break the connection, but creates unnecessary request traffic on the server side.

Server parameters and ports

If you are not just a client, but also sharing a card, server directives are needed in the config. They are written in the same file CCcam.cfg, each on a separate line.

SERVER LISTEN PORT and choosing port 12000+

SERVER LISTEN PORT : 12000

Port 12000 is the de facto standard for CCcam. You can set any port in the range of 1024–65535, but 12000 is what most clients expect by default. This port needs to be opened on the server in the firewall:

iptables -A INPUT -p tcp --dport 12000 -j ACCEPT

If you are behind NAT or your provider issues a grey IP (CGNAT), external peers will not be able to connect without port forwarding on the router. CGNAT is a separate pain — port forwarding won't help, a VPN or tunnel is needed.

ALLOW TO / DENY TO and IP access control

ALLOW TO : 192.168.1.0/24

DirectiveALLOW TO sets a whitelist of IPs or subnets that are allowed to connect.DENY TO — is an explicit ban. IfALLOW TO is not set — all are accepted. If at least oneALLOW TO is set — all other IPs are automatically blocked. The order matters: DENY first, then ALLOW.

This is the first place to look if a peer complains about CONNECTING with the correct login and password — their IP may simply not fall under ALLOW TO.

Reshare, hop, and SID filters parameters

RESHARE : 2

GlobalRESHARE determines how deeply your peers can reshare your card further. A value of 1 means that a peer can share with one more level — and that's it. With a value of 0, re-export is completely prohibited.

The risk of looping is real: if two servers mutually share cards with reshare> 0 without hop limitation, the card will start going in circles. The hop counter increases each time, and eventually CCcam will waste resources processing useless loops. The solution is to limit hop in curly braces in line F and not set the global RESHARE above 2.

WEBINFO LISTEN PORT and monitoring through the browser

WEBINFO LISTEN PORT : 16001

WebInfo is the built-in web interface of CCcam. After starting the daemon, open a browser athttp://<IP_receiver>:16001 and see the status of all connections, card list, ECM time, reconnect counters. This is the fastest way to diagnose a problem without digging into logs.

Port 16001 also needs to be opened in the firewall if you want to monitor from another machine. Leaving WebInfo without a password on a public IP is a bad idea.

Checking operation and typical config errors

The first diagnostic tool is the CCcam log. On Enigma2 systems, it is usually written to/tmp/cccam.log or/var/log/cccam.log. Watch in real time:

tail -f /tmp/cccam.log

The second tool is WebInfo on port 16001. It shows the status of each C-line: CONNECTED (working), CONNECTING (trying to connect), OFFLINE (unavailable).

Reading the CCcam log and connection status

In the log, during a normal start, you will see something like:

[CCcam] connected to server.example.com:12000 as mylogin

If the connection fails — the line will repeat withconnecting to... at equal intervals (usually 30–60 seconds). This is a signal to investigate further.

Errors connecting / no card / ECM timeout

ConstantCONNECTING — closed port on the server, incorrect IP/hostname, blocking by ALLOW TO, or the server is simply down. Check port availability from the receiver:

telnet server.example.com 12000

If telnet does not connect — this is a network issue, not a CCcam config problem.

no card in the log or an empty card list in WebInfo with status CONNECTED means that authorization has passed, but the server did not provide any cards. Either your account does not have access to the cards, or the CAID filter in your C-line is cutting what the server provides.

ECM timeout — the decoding request was sent, but the response did not arrive in time. This may indicate high load on the server, a large hop (the card goes through 5+ servers), or network latency. ECM time above 500 ms is already bad, above 1000 ms — the card is practically unusable.

An extra space in the line is classic. The line C: server.example.com 12000 user pass with a space at the beginning will not be processed. The same goes for a tab instead of a space between parameters.

Conflict of OScam and CCcam on the same port

Running CCcam and OScam on the same device is normal practice. But each daemon must listen on its own port. A typical setup: CCcam on port 12000, OScam on 12001 (or any other).

OScam can connect to CCcam through a special type of readercccam in the file/etc/oscam/oscam.server:

[reader]

If two processes try to occupy port 12000 — the second will simply not start. Check who occupied the port:

ss -tlnp | grep 12000

Or vianetstat -tlnp | grep 12000 on older systems.

How to choose a share source without risks

When the cccam cfg is set up correctly, the quality of the connection entirely depends on the source of the cards. Advertising promises mean nothing here — only measurable metrics matter.

Criteria for a stable source based on logs

ECM time is the main metric. In WebInfo on port 16001, the average response time for each card is visible. A good server provides stable 150–300 ms. If you see 800+ ms with regular spikes — the server is either overloaded or the card is going through too long a chain.

The reconnection counter in WebInfo is the second indicator. If the connection was recreated dozens of times in a day, this is an unstable source. Good uptime means that reconnections in a week can be counted on fingers.

The hop level of the card is visible in WebInfo and the log. Hop 1–2 means the card is physically on the neighboring server. Hop 5+ means the card has passed through several intermediate nodes, each adding delay and a point of failure.

Signs of a resold or looped server

A looped server is when in WebInfo you see the same map with a hop level that changes with each reconnect. Or when the hop is unexpectedly high (7–10) for what seems to be a direct connection. This means that the map is looping somewhere in the network.

A resold server is evident from periodic drops in ECM time during peak hours. At 20:00–23:00, the response time sharply increases, sometimes by 3–5 times compared to the nighttime figure. This is a direct sign that there is not enough capacity for all clients at the same time.

Another sign is frequent disconnections with immediate recovery. If CCcam reconnects every few minutes but the connection is restored in seconds, it is likely that a limit on parallel sessions is set on the server, and you are regularly kicked off when the limit is exceeded.

Legal and technical limitations

Card sharing involves the transmission of conditional access keys — this violates the subscription terms of most paid broadcasters and is outright prohibited by law in several countries. Technically, the receiver and server may work fine, but the legal risks are borne by the user. This is not a mere formality — providers actively fight against sharing by changing keys and applying anti-sharing algorithms.

From a technical standpoint: do not forget that when using someone else's server, you are transmitting your login, password, and ECM traffic through someone else's infrastructure. The minimum responsible approach is not to use the same passwords in different places and to keep CCcam traffic isolated from the main network.

Frequently asked questions

Where is the CCcam.cfg file located on the Enigma2 receiver?

On most Enigma2 images (OpenATV, OpenPLi, DreamElite), the working path is/etc/CCcam.cfg. On some builds for Dreambox, the file is searched in/var/etc/CCcam.cfg. The highest priority path is/usr/keys/CCcam.cfg: if there is a file there, the daemon will take that one and ignore the others. After any edits, a restart is needed:/etc/init.d/CCcam restart.

What do yes/no mean at the end of the client line C:?

The first value iswantemus: whether to allow requesting EMU cards from the server. Almost alwaysno. The second is permission for re-export: can CCcam give this card back to your peers.no — the card is used only locally,yes — peers will also receive it. If you set the second field toyes on both ends of the connection, there is a risk of looping.

What port does CCcam use by default?

Port 12000 is standard for the CCcam sharing protocol. WebInfo (web interface) by default operates on port 16001. Both ports need to be opened in iptables and forwarded on the router if the receiver is behind NAT:iptables -A INPUT -p tcp --dport 12000 -j ACCEPT. When using CGNAT from the provider, external access without a VPN tunnel is impossible.

Why does the connection hang in the CONNECTING status?

There are several reasons, and they are checked one by one: closed port on the server side (check telnet), incorrect login or password, blocking of your IP by the ALLOW TO directive on the server, protocol mismatch (the server is waiting for Newcamd while you are sending CCcam), and finally — CRLF in the config file after editing in Windows. The last one occurs more often than it seems.

Can CCcam and OScam be run simultaneously?

Yes, this is a normal configuration. The main thing is different ports: CCcam on 12000, OScam on 12001 (or another). OScam connects to CCcam through a reader typecccam in the file/etc/oscam/oscam.server. Two demons on one port — impossible: the second one simply will not start, and the cards will not be given out.

What is reshare and hop in curly braces?

Reshare — the number of times your peers can reshare the card further down the chain. Hop — the current "depth" of the card in the network: a card on a physical reader has hop 1, each subsequent server in the chain adds 1. A high hop increases latency. If two servers mutually share cards with unlimited reshare — a loop occurs, and hop grows infinitely until CCcam starts wasting resources on meaningless requests.

Practical checklist for smooth viewing

Even the best CCCam or OSCam line needs two or three simple preparations. Update your receiver firmware, reset the ECM cache once a week and keep 15–20% free space on the USB stick or internal flash so that the reader can store keys without delays.

When tuning a dish, aim for MER/BER reserve: a two‑degree offset or a loose F‑connector often causes the “freezing” that users blame on cardsharing. Keep a short patch cord to test alternative routers, and save two profiles in OSCam — one for TCP, one for UDP — so you can switch instantly if your ISP starts filtering a protocol.

Utgard.tv monitors each hub 24/7, but you can speed up diagnostics by keeping a short log of your receiver actions. Note the time when you changed the channel, which CAID was active and whether you used Wi‑Fi or Ethernet. This tiny “journal” helps engineers reproduce your environment in the lab and return with a solution in minutes instead of hours.

  • Keep two line slots enabled: if the first server hits a maintenance window, the second one instantly takes over without re-entering credentials.
  • Run a monthly speed and latency test. Stable 1–2 Mbps with ping <80 ms is enough for SD/HD, but if jitter exceeds 20 ms, switch the router to wired mode.
  • Save the Utgard.tv status page and Telegram bot @utgard_tv_bot to bookmarks — they publish maintenance notices before SEMrush or uptime monitors raise alerts.