NodeID in OScam: Find, Set & Fix It (2026 Guide)
If you're troubleshooting a CCcam peer link that keeps dropping or never authenticates, there's a decent chance the problem is the nodeid in OScam. Not your DES key. Not your CAID list. The NodeID — an 8-byte identifier that lives in the handshake and that most setup guides gloss over completely. This article covers what it actually is, where to find it, how to force a specific value, and how to diagnose the handshake failures that come from getting it wrong.
What NodeID Actually Is in OScam
The NodeID is a 16-character hexadecimal value — 8 bytes — that every CCcam node broadcasts during the initial handshake. When two peers connect, they exchange NodeIDs so each side can identify the other uniquely. That identity check is also what prevents looping: if your own NodeID shows up in a peer's forwarded chain, OScam knows the card request is about to loop back to its origin and kills it.
This is a protocol-level concept, specific to the cccam and cccam2 reader types in OScam. It has nothing to do with CAID, provider IDs, or conditional access structures. Confusing NodeID with those is a separate problem — the handshake happens before any card negotiation even starts.
The Role of NodeID in the CCcam Protocol Handshake
When a CCcam client connects to a server, the two sides go through a structured login exchange. After the initial hash-based challenge, each peer announces its NodeID. The server uses that value to track the session, route ECM replies back to the right client, and detect topology loops. A mismatch at this stage — where the server doesn't like what it sees — results in an immediate connection drop, often before any authentication error is logged.
8-Byte Hexadecimal Format Explained
Eight bytes means 64 bits, written as exactly 16 hex characters. A valid NodeID looks like 0102030405060708 or A1B2C3D4E5F60708. No 0x prefix. No spaces. No colons. OScam's parser is not forgiving about formatting — a value entered as 0x0102030405060708 or 01 02 03 04 05 06 07 08 will silently fail to parse, and OScam will fall back to its auto-generated value, which may not be what your peer expects.
Hex case doesn't matter to the parser, but OScam logs print NodeIDs in uppercase. If a peer's software is case-sensitive on its end (some older CCcam builds were), matching case can save you a frustrating half-hour.
NodeID vs. Hostname, Username, and DES Key
These are four completely separate fields and they do completely separate jobs. The hostname and port tell OScam where to connect. The username and password authenticate the account. The DES key (where the peer uses one) encrypts the session stream. The NodeID identifies the node itself at the protocol level. You can have two accounts on the same server — different usernames, same NodeID if the server assigns one per node rather than per account. Changing your username does nothing to your NodeID.
Where OScam Derives Its Default NodeID From
OScam generates a NodeID at first startup if you haven't set one. The exact derivation depends on the OScam build, but it's typically based on system-level entropy — hardware addresses, process IDs, or /dev/urandom output. The generated value gets printed to the log and stays stable across restarts as long as nothing in the derivation source changes. Fresh install, config rebuild, or a full wipe of the OScam state directory? Expect a new NodeID, which breaks any peer that had pinned your old value.
Where to Find and Read Your NodeID in OScam
Three places to look: the startup log, the WebIF, and oscam.server directly. Start with the log — it's the most reliable source for what OScam is actually advertising right now.
Reading It from the OScam Startup Log
Every time OScam starts with a CCcam-type reader configured, it logs a line like this:
cccam: nodeid=A1B2C3D4E5F60708Grep for it. Default log paths are /var/log/oscam/oscam.log on most distros, or whatever you've set with logfile= in oscam.conf — sometimes /tmp/oscam.log on embedded hardware. The command:
grep -i nodeid /var/log/oscam/oscam.logThat pulls every NodeID-related line. If you're running OScam on a Dreambox or similar box where logs go to /tmp, adjust the path accordingly. You want the line logged right at startup, not a stale line from three reboots ago — check the timestamp.
Checking the WebIF Status Page
Open the OScam WebIF (default port 8888), go to Readers, and click on the specific CCcam-type reader. The reader detail page shows the NodeID OScam is advertising to that peer. This is useful because you can check it without touching the config at all, and it reflects the live running state rather than what's in the file.
The cccam_nodeid Line in oscam.server
Inside /etc/oscam/oscam.server, a CCcam reader block with an explicit NodeID set looks like this:
[reader]
label = mypeer
protocol = cccam
device = peer.example.net,12000
user = myusername
password = mypassword
cccam_nodeid = A1B2C3D4E5F60708The cccam_nodeid key is what forces OScam to advertise a specific value to that peer rather than using its auto-generated one. This is the primary fix when a peer expects a pinned NodeID.
Global vs. Per-Reader NodeID Scope
OScam has one system-level NodeID it generates at startup. When you set cccam_nodeid inside a [reader] block, that value is advertised only to that specific peer — it doesn't change what OScam shows to other peers or what its own CCcam server port broadcasts. This per-reader override is intentional and useful when different peers expect different values, but it also means you can end up with readers advertising conflicting NodeIDs if you're not careful.
How to Set or Force a NodeID
The workflow is straightforward. Add cccam_nodeid to the relevant [reader] block, give it a valid 16-hex-character value, and reload the config.
Adding cccam_nodeid to a [reader] Block
Here's a complete working example for a CCcam client reader:
[reader]
label = upstream_peer
protocol = cccam
device = 192.168.1.100,12000
user = clientuser
password = clientpass123
cccam_nodeid = 0A1B2C3D4E5F6071
inactivitytimeout = 30
reconnecttimeout = 10The cccam_nodeid line sits alongside your other reader parameters. No special section header needed — it's just another key in the [reader] block.
Valid Values and Generating a Fresh 8-Byte ID
Any 16 valid hex characters work. If you need to generate a fresh NodeID, the fastest way on Linux:
cat /dev/urandom | head -c 8 | xxd -p | tr '[:lower:]' '[:upper:]'That gives you 8 random bytes in uppercase hex. Alternatively, just type any 16 characters from the set 0-9 and A-F — there's no checksum or validation algorithm to satisfy. The only real requirement is uniqueness across your readers and that it matches whatever the peer expects.
When to Let OScam Auto-Generate vs. Hard-Set
Auto-generate is fine when you're setting up a fresh peer link and neither side has pinned anything yet. Hard-set when: a peer has recorded your NodeID and expects it on reconnect; you've wiped/reinstalled OScam and need to present the same identity; or you're running multiple readers and want predictable, documented NodeIDs across your setup. I always hard-set them. The extra three seconds of config work saves confusion later.
Restart vs. WebIF Live Edit and Config Persistence
If you edit oscam.server directly on disk, OScam needs either a full restart or a config reload (via WebIF under Config > Reload) to pick up the change. If you edit through the WebIF reader form, the WebIF writes the value back to oscam.server — but only when you click Save. If you close the browser tab or navigate away without saving, the change is gone. And if OScam restarts before you save, you're back to the old value. This catches people regularly. Click Save, then verify the value in the file.
Troubleshooting NodeID Handshake Failures
This is where most of the pain lives. The nodeid in OScam causes three distinct failure modes, and the symptoms overlap enough that you need the debug log to tell them apart.
Peer Connects Then Drops Immediately
The TCP connection establishes, a few bytes exchange, then the peer disconnects. No authentication error in OScam's log at normal verbosity. This is almost always a handshake-level rejection. The peer received your NodeID, didn't like it, and closed the connection. Causes: you're advertising OScam's auto-generated NodeID but the peer has your old NodeID pinned from a previous session or install; the NodeID was entered with spaces or a 0x prefix and silently failed to parse; or the peer's software is doing case-sensitive comparison and your value's case doesn't match.
Fix: read your current NodeID from the log, confirm what the peer expects, set cccam_nodeid explicitly to match, restart OScam.
Duplicate NodeID and Self-Loop Rejections
Two distinct problems, both frustrating. If you run multiple readers on one OScam instance and accidentally assign the same cccam_nodeid to two of them, the peers receiving connections from both readers may see what looks like duplicate sessions from the same node and reject or block one of them.
Self-loop rejection is different. If your NodeID happens to match the remote peer's own NodeID — say you copied a value from somewhere and it turned out to be the peer's own identifier — OScam or the peer's CCcam server will detect this as a loop and kill the connection. The log on the server side will often show something like loop detected or nodeid matches local node. Fix: generate a fresh, unique NodeID for your reader. Never reuse a value you got from the peer config itself.
'nodeid not found' and Version Mismatch Log Lines
At higher debug levels you'll occasionally see lines referencing NodeID parsing failures or protocol version mismatches. A nodeid not found type message typically means OScam received a handshake packet that was shorter than expected or malformed — usually a protocol version mismatch between the two ends. OScam's cccam2 protocol variant and basic cccam handle the handshake slightly differently. If the peer is running a CCcam version that expects a different packet structure, the NodeID field may not appear where OScam's parser looks for it.
Check that protocol= in your reader block matches what the peer actually supports. Most modern peers handle cccam2, but some older setups still run basic cccam.
Confirming a Fix with Debug Level Logging
Raise OScam log verbosity before you restart. In the WebIF under Config > Log, set LogLevel to 5 or above, or set cs_debug = 5 in oscam.conf. You can also start OScam from the command line with -d 5 for one-shot debugging. At this level, OScam prints the full CCcam login exchange — you'll see both sides' NodeIDs as they're transmitted.
What to look for in the log after your fix:
cccam: login user=clientuser nodeid=0A1B2C3D4E5F6071
cccam: peer nodeid=FEDCBA9876543210
cccam: handshake okIf you don't see handshake ok, the line above it usually tells you exactly why. After confirming the fix, drop the debug level back down — cs_debug = 5 generates a lot of log traffic under load.
How to Choose a Reliable Peer or Provider (Generically)
Once you've sorted out the nodeid in OScam on your end, the quality of your peer link depends heavily on whoever is on the other side. Here's what to look for.
Criteria: Stable NodeID, Uptime, and Protocol Support
A well-run peer provides you with consistent connection parameters: a fixed hostname or IP, a specific port, a username/password pair, the expected DES key if they use one, and — this is the part most people skip — confirmation of whether their NodeID is stable or whether it rotates. A peer whose NodeID changes on every restart will break your connection each time their server reboots, because your cccam_nodeid will be stale. Ask explicitly before you connect.
Protocol support matters. Confirm whether the peer expects cccam or cccam2. Ask for their CAID and provider list upfront so you're not troubleshooting missing channels after the connection is established. A peer that can't or won't provide this information before you connect is a peer not worth connecting to.
Questions to Ask Before Trusting a Peer Link
Before adding a new peer to your oscam.server, get answers to these:
- Is the connection hostname static, or do they use dynamic DNS that might change?
- Do they require a specific DES key for the session?
- Is their NodeID fixed, or does it regenerate on restart?
- What CCcam protocol version do they run?
- What CAIDs and provider IDs do they carry, and are those values documented somewhere?
Any peer worth connecting to can answer all of these before you copy a single line into your config.
Red Flags in a Card-Sharing Peer Setup
A few things that should make you walk away. If a peer tells you to disable loop detection or suppress NodeID checking on your end — that's a setup designed to hide something about their topology. Loop protection exists for a reason; legitimate peers don't need you to turn it off.
Peers that rotate NodeIDs unpredictably without warning, or that provide no way to confirm the current expected value, will cause you recurring handshake failures with no obvious fix. And any peer that asks to see your full oscam.server config before connecting — including your other peers' credentials — is not asking for a legitimate technical reason.
Frequently Asked Questions
What format must an OScam NodeID be in?
Exactly 8 bytes, written as 16 hexadecimal characters. No spaces, no 0x prefix, no colons or separators. Example: 0102030405060708. OScam's parser is case-insensitive, but logs print NodeIDs in uppercase. If you enter 0x0102030405060708 or 01 02 03 04, the value will silently fail to parse and OScam will use its auto-generated NodeID instead.
Does every OScam reader need its own NodeID?
OScam has one system-level NodeID it advertises by default across its CCcam service. You can override this per reader using cccam_nodeid in the [reader] block. If you run multiple readers, each should have a distinct value — sharing one cccam_nodeid across two readers on the same box can cause collision issues when peers see what appear to be duplicate sessions from the same node.
Where does OScam get its NodeID if I never set one?
OScam auto-generates a NodeID at first startup using system entropy. It prints the value to the log at startup time and reuses the same value on subsequent restarts, as long as nothing in its derivation source changes. A fresh install or full config rebuild will produce a new NodeID, which breaks any peer that had recorded the previous value. You can override it at any time with cccam_nodeid in oscam.server.
Why does my CCcam peer connect and then immediately disconnect?
The most common causes: the peer expected a specific NodeID and you're advertising a different one (often after a reinstall or config wipe); your NodeID matches the remote peer's own NodeID, triggering self-loop protection; or you have a duplicate cccam_nodeid across two readers causing a collision. Raise OScam's debug level to 5, restart, and watch the log for what happens right after the connection is established. The handshake exchange lines will tell you which problem you're hitting.
How do I read the NodeID OScam is currently using?
Two reliable methods. First: grep -i nodeid /var/log/oscam/oscam.log — look for the line logged right at startup, formatted as cccam: nodeid=XXXXXXXXXXXXXXXX. Second: open the WebIF, navigate to Readers, click the CCcam reader in question, and the NodeID is shown on the reader detail page. The WebIF reflects the live running value, so if there's any question about whether a config change took effect, the WebIF is the authoritative answer.
Is the NodeID the same as the DES key or the username?
No — these are three separate fields doing three separate jobs. The NodeID identifies the node during the CCcam handshake. The username and password authenticate the specific account. The DES key (when the peer uses one) encrypts the session stream. You can change your username without affecting your NodeID, and vice versa. In oscam.server they appear as separate keys: user, password, cccam_nodeid, and optionally cccam_deskey.