Wireshark better at decoding CCID protocol
In 2014 I wrote CCID USB spy using Wireshark to show how to use Wireshark to dissect CCID frames. CCID is the protocol used to communicate to a USB smart card reader.
Some frames were not dissected correctly or not dissected at all so it was not easy to understand what was hapenning. In the present case the CCID frames Set Parameters and the reader answer were not dissected.
I submitted a Wireshark patch to allow the decoding of these CCID frames. My merge request is available at https://gitlab.com/wireshark/wireshark/-/merge_requests/8994 and has been merged upstream.
Before
Using Wireshark 4.0.6 from Debian 12 bookworm (Debian stable when I write this) I have:
for the command
PC_to_RDR_SetParameters
sent to the reader:
The data in abProtocolDataStructure
(5 bytes in this case) are
displayed as an hex dump (Data: 1100000a00). But you do not get more
information.
for the answer RDR_to_PC_Parameters from the reader:
Here the data in abProtocolDataStructure
are not even displayed in hex.
After
You need to use the development release 4.1.0 of Wireshark to have my patch included. I will use the macOS version of Wireshark just because I can. You then have (for the same USB traffic dump):
for the command
PC_to_RDR_SetParameters
sent to the reader:
The 5 bytes of abProtocolDataStructure
are dissected.
Protocol Data Structure for Protocol T=0 Fi/Di selecting clock rate: 0x11 Convention used: 0x00 Extra Guardtime between two characters: 0x00 WI for T= 0 used to define WWT: 0x0a ICC Clock Stop Support: 0x00
for the answer
RDR_to_PC_Parameters
from the reader:
Again the 5 bytes of abProtocolDataStructure
are also dissected.
In this case the 5 bytes are identical in the command and the answer since the reader replies with what is acceptable for it.
Conclusion
I used Wireshark to study the USB CCID communication on Windows. I
needed to have the PC_to_RDR_SetParameters
dissected to know what
the Windows driver was sending as configuration.
It was my first Wireshark patch and merge request. The code was easier to modify than I planned. Great Free Software programs are easy to modify and that is a real pleasure to work with such Free Software projects. I could not have done that with a proprietary software.