Yes, retrieving a PEM file/RSA private key from an ird will work. But they could easily revoke that PEM file/RSA private key once it gets leaked.
The reason you don't understand oscam-emu's code is because you don't know coding and C, or because it's not well written?
There are 2 separate operations for biss 2 mode ca:
the ecm algo (just 1 function):
https://github.com/oscam-emu/oscam-patched/blob/master/module-emulator-biss.c#L561
and the emm algo (3-4 functions):
https://github.com/oscam-emu/oscam-patched/blob/master/module-emulator-biss.c#L738
Also there is a function that reads PEM files and creates the ekid for each RSA private key:
https://github.com/oscam-emu/oscam-patched/blob/master/module-emulator-biss.c#L831
I would say that it is pretty much straight forward to understand it, especially if you have the specification along side.
I uploaded a couple of RSA private keys in PEM format, for those who want to play. It's nothing special, everyone can create them with openssl commands, as I said earlier. Just throw them in the same folder where the softcam.key file is and oscam-emu will read them.
https://drive.google.com/file/d/14i4DPZ_2Rnvb96nCvn7o8zuRpX-DRmas/view?usp=sharing
https://drive.google.com/file/d/1HEI1hvRTtrMwhCV-6ejR-da2KoFqMiJq/view?usp=sharing
https://drive.google.com/file/d/1ybqTlrBWRsRJSdQlGMxaVKJOnQe8EtWn/view?usp=sharing
https://drive.google.com/file/d/1if0W4nh8-DbIj9eJWFR8zUz0rT8qbFKm/view?usp=sharing
The naming of the PEM files should be like in these example files and currently only 16 keys are supported (00 to 15). This might change in the future if, hopefully, dozens of such keys are leaked.
EDIT: Also don't forget that there is a wiki available for a couple of months now...
https://github.com/oscam-emu/oscam-patched/wiki/BISS2-mode-CA-config
