OScam Trial Setup & Configuration Guide 2026

Setting up an oscar trial environment is one of the most practical tasks you'll tackle if you're testing cardsharing infrastructure before going live. Whether you're validating server stability, testing client connections, or rotating credentials through limited access accounts, understanding how trial cards function at the protocol level matters. This guide walks through the actual configuration syntax, file paths, and debugging methods that most documentation skips over.

What is OScam Trial and How It Works

An oscar trial is a testing mechanism built into OScam that allows temporary card access with a defined expiration date. Think of it as a time-limited credential that lets you validate your entire stack—from server config to client connection logic—without committing to permanent card access. Trial cards follow the same protocol rules as permanent credentials but include an expiration timestamp that the server enforces automatically.

The oscar trial system works at the protocol level. When a client with a trial card connects, the server checks the expiration timestamp against the current UNIX time. If the card is expired, the server rejects authentication before any ECM requests are processed. This happens during the initial handshake, not during streaming—so you're not wasting bandwidth on dead credentials.

Trial vs Permanent Card Access

Trial cards and permanent access differ in enforcement but not in connection method. Both use the same port, protocol version (usually CAS, Newcamd, or mgcamd depending on your setup), and authentication flow. The difference is purely timestamp-based: a trial card has an expiration_time field set in the card's metadata, while permanent cards either have no expiration or have it set decades in the future.

Some setups implement rate limiting specifically for trial cards. This isn't mandatory in the protocol—it's a choice by whoever's running the server. Trial cards might hit ECM request limits before permanent ones do, or they might be deprioritized during high load. This is worth testing in your sandbox before you assume trial and permanent cards behave identically.

Trial Period Mechanics and Expiration

Trial periods are defined in UNIX timestamps, not human-readable dates. A 30-day trial from January 1, 2026 00:00:00 UTC would expire at timestamp 1767225600 (January 31, 2026 00:00:00 UTC). The server stores this as an integer, compares it to the current epoch time on every connection attempt, and rejects any card where current_time > expiration_timestamp.

Expiration checking happens continuously, not just at initial login. If you have a 30-day trial that expires on a Sunday, and a client stays connected across Sunday midnight UTC, the server will drop that connection mid-ECM request once the timestamp threshold is crossed. The protocol doesn't send a "card expired" notification—it just rejects the next authentication frame.

Protocol Differences Between Trial and Full Access

At the protocol layer, trial cards and permanent ones are identical until you hit the expiration check. Both send the same authentication handshake, both parse ECM/EMM identically, both support the same cipher suites. The server's handling differs only in the conditional logic: if expiration check fails, drop the connection.

Some protocols (certain Newcamd implementations) include expiration information in the authentication response itself. This lets clients display "your trial expires in X days" without needing to calculate timestamps. Other protocols provide no client-side expiration awareness—the client only knows the card is dead when authentication fails.

Configuring OScam for Trial Card Support

To set up oscar trial functionality, you need to modify two files: oscam.conf (global settings) and oscam.user (per-card settings). The paths vary depending on your image. On OpenPli and most Enigma2 builds, these live in /etc/oscam/. On some minimal installs, they're in /config/oscam/. Check your systemd service file or startup script to confirm.

Get the actual paths by running: systemctl status oscam or service oscam status. Look for the ExecStart line—it'll show the config directory. If that doesn't work, grep for the oscam process: ps aux | grep oscam and look for a -c flag specifying config path.

oscam.conf Trial Parameters

Your oscam.conf file needs to enable trial card support explicitly. Find the [general] or [oscam] section and add these lines:

[general]
nice = -1
logfile = /var/log/oscam.log
debug = 127
MaxLogSize = 1024
loghistory = 0
cachedelay = 120
lb_mode = 0
preferlocalcards = 1
[monitor]
port = 988
aubenable = 1
autbegin = 1000
autend = 1999
[newcamd]
port = 12000
allowed = 127.0.0.1,192.168.1.0-192.168.1.255
key = 0102030405060708091011121314151617181920212223242526272829303132

The critical part for trials: ensure the newcamd section (or whatever protocol you're using) is present and the port is listening. Trial enforcement happens at the user level, not in oscam.conf itself. There's no "trial_mode = on" setting—trial functionality is always available.

If you're testing locally before deploying, keep debug = 127 so you see every authentication attempt in the logs. This is invaluable for verifying that trial expiration is actually being checked. Change it to debug = 0 before production.

oscam.user File Trial Settings

This is where the oscar trial configuration happens. Open /etc/oscam/oscam.user and add a trial card entry:

[testuser_trial]
pwd = testpass123
group = trial_group
au = 1
caid = 0100,0500,0604
ident = 0100:000000,0500:000000,0604:000000
expirydatetime = 1747881600
[testuser_permanent]
pwd = permanentpass
group = permanent_group
au = 1
caid = 0100,0500,0604
ident = 0100:000000,0500:000000,0604:000000

The key field is expirydatetime. This is the UNIX timestamp when the card stops working. Note that there's no "trial_days=30" parameter—you have to calculate the timestamp yourself or use a script.

The rest of the config (pwd, group, au, caid, ident) works identically for trial and permanent cards. You're not restricting channels or bandwidth here. The only difference is the expiration timestamp.

Setting Trial Expiration Dates

Converting a human date to UNIX timestamp for your oscar trial cards:

On Linux, use the date command:

date -d "2026-02-28 00:00:00 UTC" +%s

Output: 1747881600

Or if you need to calculate it programmatically (30 days from now):

python3 -c "import time; print(int(time.time()) + (30 * 86400))"

The formula is simple: current_unix_time + (days * 86400) = expiration_timestamp. There are 86400 seconds in a day. That's it.

When you add the expirydatetime to oscam.user, reload OScam without restarting:

systemctl reload oscam

A reload re-reads the user file without dropping active connections. A restart kills everything. Use reload for trial user updates.

Port Configuration for Trial Servers

Trial connections use the same ports as permanent ones by default. If you're running newcamd on port 12000, both trial and permanent cards connect there. There's no separate trial port unless you explicitly create one.

However, if you want isolation for testing, run two oscam instances: one for trial testing, one for production. Each gets its own port range and config directory. Example systemd service for a trial instance:

[Unit]
Description=OScam Trial Testing
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/oscam -c /etc/oscam-trial/
Restart=on-failure
RestartSec=5
User=oscam
Group=oscam
[Install]
WantedBy=multi-user.target

Create the config directory /etc/oscam-trial/ with separate oscam.conf and oscam.user files. The trial instance listens on a different newcamd port (e.g., 12001) while your production instance stays on 12000. This keeps test traffic completely isolated.

Setting Up Trial Test Servers

Before deploying oscar trial cards to production, validate your entire setup in a test environment. This means creating a separate OScam instance that mimics your production config but runs on different ports with isolated logging.

Creating Isolated Trial Environment

Start by copying your production oscam.conf to a trial directory:

sudo cp -r /etc/oscam /etc/oscam-trial

Edit /etc/oscam-trial/oscam.conf and change the ports:

[newcamd]
port = 12001
allowed = 127.0.0.1,192.168.1.0-192.168.1.255
key = 0102030405060708091011121314151617181920212223242526272829303132
[monitor]
port = 989

Create a trial-specific user file with test cards only:

sudo nano /etc/oscam-trial/oscam.user

Add trial entries with varying expiration dates so you can test different scenarios:

[trial_expired]
pwd = expiredpass
group = trial_group
au = 1
caid = 0100,0500,0604
ident = 0100:000000,0500:000000,0604:000000
expirydatetime = 1735689600
[trial_30days]
pwd = trial30pass
group = trial_group
au = 1
caid = 0100,0500,0604
ident = 0100:000000,0500:000000,0604:000000
expirydatetime = 1747881600
[trial_90days]
pwd = trial90pass
group = trial_group
au = 1
caid = 0100,0500,0604
ident = 0100:000000,0500:000000,0604:000000
expirydatetime = 1764432000

Now start the trial instance:

sudo /usr/bin/oscam -c /etc/oscam-trial/

Verify it's running on the correct port:

netstat -an | grep 12001

You should see: tcp 0 0 0.0.0.0:12001 0.0.0.0:* LISTEN

Multiple Trial Card Testing

Create at least three test cards for your oscar trial validation:

1. Already expired — Timestamp in the past (e.g., 2025-12-31). This tests that expiration blocking works.
2. Expiring soon — 7 days from now. This tests the edge case where a card expires during active testing.
3. Long duration — 90 days from now. This is your primary test card for full validation.

Connect each one to your trial instance and record the results. The expired card should fail immediately during authentication. The soon-expiring card should work but let you test reconnection behavior as the expiration approaches. The long-duration card is your workhorse for ECM testing.

Monitoring Trial Card Activity

Watch the trial instance logs in real time:

tail -f /var/log/oscam-trial.log

When your test client connects with a trial card, you'll see authentication frames. Look for lines like:

01/15 12:34:56 d34d8f91 [newcamd] login ok (trial_30days)
01/15 12:34:57 d34d8f91 [newcamd] ECM request for SID 0001 (CaID 0500)
01/15 12:34:58 d34d8f91 [newcamd] CW found (local), took 245ms

When the trial card is expired, you'll see:

01/15 12:35:00 d34d8f92 [newcamd] card expired (trial_expired)
01/15 12:35:00 d34d8f92 [newcamd] authentication failed

Parse logs for trial-specific activity:

grep -i "trial\|expir" /var/log/oscam-trial.log | tail -20

This filters to show only lines mentioning trials or expiration, making it easier to spot issues in verbose logs.

Trial Log Analysis and Debugging

OScam logs are dense. Focus on these patterns for oscar trial validation:

Successful trial login:

login ok (username) - followed by ECM requests

Expired trial card:

card expired OR authentication failed - no ECM follows

Protocol mismatch:

protocol version mismatch OR unsupported protocol

Rate limiting on trial:

ECM requests too frequent OR quota exceeded

Enable higher debug levels temporarily to see more detail. In oscam.conf, set debug = 255 (max verbosity), reconnect, then immediately drop it back to debug = 0 or 127. Debug = 255 fills logs very quickly.

Export your trial logs after each test session:

cp /var/log/oscam-trial.log ~/logs/trial-test-$(date +%Y%m%d-%H%M%S).log

This archive lets you compare behavior across multiple trials and identify patterns.

Troubleshooting Common OScam Trial Issues

Trial card issues fall into a few patterns. Walk through them systematically.

Trial Cards Connecting But Not Decoding

The card authenticates but ECM requests fail or return no CW. First, verify the card isn't actually expired:

python3 << 'EOF'
import time
expiry_timestamp = 1747881600 # from your oscam.user
current = int(time.time())
if current > expiry_timestamp: print(f"Card is EXPIRED. Current time {current} > expiry {expiry_timestamp}")
else: days_left = (expiry_timestamp - current) // 86400 print(f"Card is valid. {days_left} days remaining")
EOF

If the card is valid, check three things:

1. CAIDs and idents match what the client requests. If your oscam.user says caid = 0100,0500 but you're trying to decrypt a 0604 channel, it fails. Verify your card's CAID list covers the channels you're testing.

2. The server actually has CWs to return. A trial card might authenticate fine but if no CW source (another server, local card reader, etc.) is configured, ECM requests time out. Check oscam.servers to ensure you have at least one CW provider.

3. The client's protocol version matches the server's. If you're using an old client (e.g., Newcamd 5.0) but the server requires protocol 5.1, authentication might succeed with a legacy handshake, but ECM parsing fails. Log lines should show the protocol version negotiated.

If all three check out, increase debug and run a single ECM request:

tail -f /var/log/oscam-trial.log &
# Trigger ECM on your client
# Watch for: "ECM request" line showing the SID and CaID
# Then either "CW found" or "CW request timeout/failed"

Expiration Date Not Enforcing

Your trial card should expire on a specific date, but it keeps working. The cause is almost always a timestamp format issue.

Check your oscam.user entry:

grep -A 5 "testuser_trial" /etc/oscam/oscam.user

Verify expirydatetime is set (not missing or commented out). Then verify the timestamp itself:

date -d @1747881600# Output should show the expected date and time

If the date is wrong, you used the wrong timestamp. Recalculate:

date -d "2026-02-28 23:59:59 UTC" +%s

If the timestamp is right but the card still isn't expiring, reload might not have taken effect. Force a full restart:

systemctl stop oscam
sleep 2
systemctl start oscam

Check that the new config loaded:

grep "expirydatetime" /etc/oscam/oscam.user

One more edge case: timezone. If you set expirydatetime to 1747881600 thinking it's your local time, but the server runs in UTC, the expiration is off by hours. Always use UTC timestamps explicitly:

date -d "2026-02-28 00:00:00 UTC" +%s

Trial Access Dropping Mid-Session

The card works for 10 minutes, then suddenly disconnects. This usually means the trial period ended while the client was connected.

Check the exact moment of disconnection in logs:

grep "trial_30days\|connection closed\|client disconnect" /var/log/oscam.log | tail -20

Note the timestamp. If it matches your trial expiration date, that's your answer. The server was checking expiration and dropped the connection once the timestamp crossed.

If the disconnection happens at a random time (not expiration), it's a different issue:

• Network timeout: Check oscam.conf for socket_timeout. Default is 5 seconds. If ECM requests are slow, increase it to 15 or 30.
• Rate limiting: Trial cards might hit request limits. Look for "quota exceeded" in logs.
• Server crash: Check if oscam crashed and restarted. Look for startup lines in the log.

Port Timeout on Trial Connections

Client can't reach the trial server at all. Test port connectivity first:

nc -zv 192.168.1.100 12000
# If successful: "Connection to 192.168.1.100 12000 port [tcp/http] succeeded!"
# If failed: "Connection refused"

If refused, verify oscam is listening:

netstat -an | grep 12000

If nothing shows, oscam isn't running or isn't listening on that port. Check oscam.conf for the correct port number and restart:

systemctl restart oscam

If the port is open but the connection times out (not refused), it's a firewall issue. Check iptables:

sudo iptables -L -n | grep 12000

Add a rule if needed:

sudo iptables -A INPUT -p tcp --dport 12000 -j ACCEPT

If you're testing remotely and still get timeouts, check your oscam.conf allowed list:

[newcamd]
allowed = 127.0.0.1,192.168.1.0-192.168.1.255

Your client's IP must fall within one of the allowed ranges. If it's a WAN connection, add it explicitly or use a VPN.

Mixing Trial and Permanent Cards on Same Server

Running both trial and permanent cards on a single OScam instance is fine, but watch for two issues:

Issue 1: Protocol version differences. If your permanent cards are all protocol 5.1 but you add a trial card from a legacy source (protocol 5.0), the client might need to switch versions mid-session. This causes brief disconnections. Test your trial cards' protocol compatibility before deploying.

Issue 2: CW priority conflicts. If you have multiple servers configured in oscam.servers, and some serve trial cards while others serve permanent cards, requests might route to the wrong source. A trial card requesting a CW from a server that only handles permanent cards will timeout.

Solution: Use separate group definitions in oscam.user:

[trial_card]
pwd = trialpass
group = trial_sources
au = 1
caid = 0100,0500
[permanent_card]
pwd = permanentpass
group = permanent_sources
au = 1
caid = 0100,0500

Then in oscam.servers, define which sources serve which groups. This ensures trial cards don't clog permanent-only sources.

Trial Card Duration and Renewal Management

Managing oscar trial card lifespans at scale requires automation. Manual updates work for 2-3 cards but break down quickly.

Calculating Trial Expiration

The formula is always: current_unix_timestamp + (days * 86400) = expiration_timestamp

A quick Python one-liner for any trial duration:

python3 -c "import time; days=30; print(int(time.time()) + (days * 86400))"

Or as a function for a script:

#!/bin/bash
trial_days=$1
expiry=$(($(date +%s) + ($trial_days * 86400)))
echo $expiry

Usage:

./calc_expiry.sh 30
# Output: 1747881600

Use this in your oscam.user updates:

expirydatetime = $(./calc_expiry.sh 30)

Extending Trial Periods Programmatically

Script to renew a trial card's expiration by adding days to the current timestamp:

#!/bin/bash
# renew_trial.sh - Extend trial card expiration
# Usage: ./renew_trial.sh username days
username=$1
extend_days=$2
oscam_user="/etc/oscam/oscam.user"
new_expiry=$(($(date +%s) + ($extend_days * 86400)))
# Update the user file with new expiration
sed -i "/\[$username\]/,/^$/{s/expirydatetime = .*/expirydatetime = $new_expiry/}" "$oscam_user"
echo "Renewed $username: expires at $(date -d @$new_expiry)"
# Reload OScam config
systemctl reload oscam
echo "Config reloaded"

Run it:

./renew_trial.sh trial_30days 30
# Output:
# Renewed trial_30days: expires at Sun Feb 23 10:20:00 UTC 2026
# Config reloaded

Monitoring Expiring Cards

Create a monitoring script that alerts you before trial cards expire:

#!/bin/bash
# check_expiring_trials.sh - Alert on cards expiring in 7 days
oscam_user="/etc/oscam/oscam.user"
alert_days=7
alert_seconds=$((alert_days * 86400))
current_time=$(date +%s)
echo "Checking for trials expiring in next $alert_days days..."
grep "^\[" "$oscam_user" | sed 's/\[//;s/\]//' | while read username; do expiry=$(grep -A 10 "^\[$username\]" "$oscam_user" | grep "expirydatetime" | awk '{print $3}') if [ -z "$expiry" ]; then continue fi time_until=$((expiry - current_time)) if [ $time_until -lt $alert_seconds ] && [ $time_until -gt 0 ]; then days_left=$((time_until / 86400)) echo "WARNING: $username expires in $days_left days ($(date -d @$expiry))" elif [ $time_until -le 0 ]; then echo "ERROR: $username is EXPIRED" fi
done

Run it as a cron job daily:

0 9 * * * /root/check_expiring_trials.sh >> /var/log/trial_check.log 2>&1

This runs every morning at 9 AM and logs any expiring or expired trial cards.

Automated Trial Rotation Scripts

For production environments with many trial cards, automate the rotation. This script cycles through a list of trial users and extends their expiration dates:

#!/bin/bash
# auto_rotate_trials.sh - Extend all trial users by 30 days
oscam_user="/etc/oscam/oscam.user"
extend_days=30
new_expiry=$(($(date +%s) + ($extend_days * 86400)))
# Get all trial users (assuming they're named trial_*)
grep "^\[trial_" "$oscam_user" | sed 's/\[//;s/\]//' | while read username; do sed -i "/\[$username\]/,/^$/{s/expirydatetime = .*/expirydatetime = $new_expiry/}" "$oscam_user" echo "Extended: $username (new expiry: $(date -d @$new_expiry '+%Y-%m-%d'))"
done
systemctl reload oscam
echo "All trial cards rotated and oscam reloaded at $(date)"

Schedule it monthly:

0 0 1 * * /root/auto_rotate_trials.sh >> /var/log/trial_rotation.log 2>&1

First of every month, all trial cards get a fresh 30-day window. This keeps your testing sandbox evergreen.

For per-card rotation (different expiry dates for different cards), use a CSV input:

cat > /root/trial_schedule.csv << 'EOF'
username,days_until_expiry
trial_qa_1,30
trial_qa_2,14
trial_staging,90
EOF
while IFS=',' read username days; do new_expiry=$(($(date +%s) + ($days * 86400))) sed -i "/\[$username\]/,/^$/{s/expirydatetime = .*/expirydatetime = $new_expiry/}" "$oscam_user"
done < /root/trial_schedule.csv
systemctl reload oscam

This lets you stagger expirations so you're not managing all trials at once.

FAQ

grep "trial_" /var/log/oscam.log | grep "login ok" | tail -1
# Output: 01/20 14:32:10 d34d8f91 [newcamd] login ok (trial_30days)

#!/bin/bash
for card in $(grep "^\[trial_" /etc/oscam/oscam.user | sed 's/\[//;s/\]//' ); do last_login=$(grep "$card" /var/log/oscam.log | grep "login ok" | tail -1 | awk '{print $1, $2}') if [ -z "$last_login" ]; then echo "$card: NEVER USED" else echo "$card: Last login at $last_login" fi
done