Important!

Blog moved to https://blog.apdu.fr/

I moved my blog from https://ludovicrousseau.blogspot.com/ to https://blog.apdu.fr/ . Why? I wanted to move away from Blogger (owne...

Sunday, October 26, 2014

My Flattr experience

I am a flattr member since August 2010, just 4 years ago.

See my previous blog post about flattr "How to help my projects?".




I added 20€ on my flattr account when I registered in 2010. At that time it was mandatory to add money on its flattr account.

Since that time I allocated a budget of 2€ per month, and I "reinvested" any received fund from flattr users in my flattr account. For the first time I do not have 2€ left on my account for the next month. I only have 0.87€.

Investments

In 4 years of using flattr I invested 2€ each month.
That is 4 years x 2€ per month = 4 x 12 x 2€ = 96€ in total invested in flattr projects I support.

Results as of today (October 2014)

According to flattr:
  • You have done 406 flattrs in total
  • You have given €98.79 in total to 45 creators
  • You have received 195 flattrs in total
  • Other users have 4 subscriptions active for your things
  • You have received €80.36 in total from 53 supporters

The problem

According to flattr: "Creators receive 90% of the money you give."

So 10% of the money you give do NOT got to creators and goes to flattr itself.

It could be fine but the system is closed and unless you are a very famous (and rich) creator you do not withdraw the money from flattr. So the money you receive is used to be given to other creators.

flattr gets 10% of the money you receive. And also 10% on the money you distribute, etc. After a few cycles in the system the money has all "evaporated" into the flattr account.



After 10 cycles, 61% of the money has "evaporated" as flattr taxes and only 39% is still available for creators.

After 24 cycles (2 years) only 9% of the initial money is still distributed to creators.

In that case only flattr is the winner in the story.

These numbers are only for the money your redistribute. If you have 10€ and only distribute 2€ each month then flattr will tax you 10% on the 2€, not on the 10€. But after 5 months at 2€ per month all your 10€ will be redistributed and then taxed.

Decision

flattr is not the good tool, for me, to get rich. So I decided to not inject more real money I think flattr will slowly die.

Getting rich

If you really want to help me get rich, just contact me. I think we can do something more efficient than flattr.

Wednesday, October 8, 2014

CCID USB spy using Wireshark

Sometimes you need to know exactly what is happening at the USB level. You have two options:
  • use a hardware USB analyzer
  • use a software USB analyzer
Since I do not have the budget to buy a hardware USB monitor I will use the software solution.

Wireshark

Since some time, it is possible to use the wonderful Wireshark program to display and analyze USB frames. Wireshark is mainly used for analyzing network packets but it is also possible to display USB packets. Wireshark is even able to display the CCID commands inside the USB packets.



How-to

A documentation is available at USB capture setup and also at Capturing USB data through Wireshark.
This article describes what I did.

Setup the kernel

You first need to load the usbmon kernel module.

$ sudo modprobe usbmon

tshark (a command line tool) should now be able to capture on usbmon interfaces. Check it using:
$ tshark -D
1. eth0
2. any
3. lo (Loopback)
4. nflog
5. nfqueue
6. usbmon1
7. usbmon2

In my case I have 2 USB buses labeled usbmon1 and usbmon2.

Capture the USB frames

Before capturing the USB frames you need to know on which USB bus is connected your device.

Identify the device USB bus

$ lsusb 
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 004: ID 08e6:3437 Gemplus GemPC Twin SmartCard Reader
Bus 002 Device 002: ID 80ee:0021 VirtualBox USB Tablet
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub

In my case the device I want to study is on the bus 002 so I will use usbmon2.

Start the capture

$ tshark -i usbmon2 -w trace1.pcap
Capturing on 'usbmon2'
tshark: The capture session could not be initiated on interface 'usbmon2' (Can't open USB bus file /sys/kernel/debug/usb/usbmon/2t: Permission denied).
Please check to make sure you have sufficient permissions, and that you have the proper interface or pipe specified.

For security reasons tshark refuses to be run as root. So I needed to change some file access rights.

$ sudo chmod +rx /sys/kernel/debug/
$ sudo chmod a+rw /sys/kernel/debug/usb/usbmon/2t

Then (re)start tshark and use Ctrl-C to stop after some traffic has been captured.
$ tshark -i usbmon2 -w trace1.pcap
Capturing on 'usbmon2'
1270 tshark: Can't get packet-drop statistics: Can't open USB stats file /sys/kernel/debug/usb/usbmon/2s: Permission denied
Please report this to the Wireshark developers.
http://bugs.wireshark.org/
(This is not a crash; please do not report it as such.)

Capture analysis

The file trace1.pcap contains the USB frames and can be displayed using the graphical interface of Wireshark.

Enable the CCID decoder

Unless you can read the CCID protocol from hexadecimal, it is a good idea to tell Wireshark to decode the USB frames as USBCCID.
Go in the menu "Analyze" -> "Decode as..." and select USBCCID in the dialog.



Wireshark will then display the USB frames with nice CCID names:


Here you can see a CCID Power On command.
  • The command name is displayed in the top window: "Packet - PC to Reader: ICC Power On"
  • And the content of the command (the 10 last bytes specific to CCID) are documented in the lower window: "Message Type: PC_to_RDR_IccPowerOn (0x62)", etc.

I do not expect every one to use Wireshark to look at CCID frames. But if you have a problem with a CCID reader and wants to know exactly what is happening Wireshark can help you for a very very limited budget (Wireshark is a free software under GNU GPL v2 license).

This blog article is also a way for me to document how to do it for the next time :-)

Conclusion

Wireshark is a great tool.
Linux is a great kernel.
Debian GNU/Linux is a great operating system.