Free Software Projects

Over the past 20 years or so, I have been involved in many Free Software projects. To some I only contributed, others I founded or co-founded.

Active Projects


lnstat is the Linux network statistics program. It is a generic tool that can be used to monitor software performance counters inside the Linux network stack, such as the routing code or the connection tracking code.

lnstat is now maintained as part of the iproute2 package, see


ulogd is the Userspace Logging Daemon of the netfilter/iptables packet filtering subsystem of the Linux kernel network stack.

The ipt_ULOG and later the xt_LOG target inside the kernel captures (the header or entire payoload of) those packets that are deemed to be logged by the packet filter policy.

ulogd then runs as userspace daemon and receives those packets. It can interpret the packets, and log them to a variety of output formats, including text files, SQL databases and syslog.

ulogd is maintained as part of the netfilter project, see


ulogd2 (2.x) is a re-implementation of ulogd (1.x) code, providing a more generalized, modular and modern approach.

In addition to dealing with individual packets to be logged, ulogd2 can also perform flow-based (rather: Connection based) logging, which is very useful to reduce the amount of logging data as well as the bandwidth require for passing the logging information.

ulogd2 is maintained as part of the netfilter project, see


sam7dfu is a device-side implementation of the USB Device Firmware Upgrade specification, specifically for the Atmel AT91SAM7 microcontroller family.

In a sam7dfu baesd project, you include both the main application and sam7dfu inside your devices' firmware. The software can then switche into DFU mode based on the respective control commands received from host-side DFU software, such as dfu-util.


dfu-util is a C-language host-side implementation of the USB Device Firmware Upgrade specification. You can use it to program any USB device compliant with that specification.

It was originally developed as counterpart to sam7dfu, which in turn was part of the OpenPCD project.

However, dfu-util was later also used in OpenMoko and continues to live, as many USB device manufacturers chose to produce DFU compatible devices.

The project is now maintained at


netfilter/iptables is the packet filtering / firewalling subsystem of the Linux 2.4.x, 2.6.x, 3.x and 4.x.

The kernel-side code is part of Linux itself, as available from and many other sources.

The userspace utilities like iptables are all available from the netfilter/iptables homepage.

nf_log + libnetfilter_log

This is the mechanism by which to-be-logged packets are transported between the kernel-level packet filter code and the userspace process for logging.

It is maintained at

nf_queue + libnetfilter_queue

This is a mechanism by which kerel-level processing of packets can be interrupted, packets sent to a userspace process for further inspection and/or modifications, and subsequently re-inserted into the kernel.

This is useful for applications like transparent proxying, or for implementing conntrack / nat helpers in userspace rather than inside the kernel.

It is maintained at


This is a small Linux command line utility that can be used to (re)program the Ethernet (MAC) address stored in the EEPROM attached to an RTL8168 Ethernet chip.

The source code can be obtaned from:


This is a small Linux program that can be usded to set the system clock based on the clock received from a GPS receiver (via gpsd), particularly when a system is first booted. It is similar in purpose to ntpdate, but of course obtains time not from ntp but from the GPS receiver.

This is particularly useful for RTC-less systems without network connectivity, which come up with a completely wrong system clock that needs to be properly set as soon as th GPS receiver finally has acquired a signal.

I asked the ntp hackers if they were interested in merging it into the official code base, and their response was (summarized) that with a then-future release of ntpd this would no longer be needed. So the gpsdate program remains an external utility.

The source code can be obtained from


This is a Python module implementing a client against the Deutsche Post Internetmarke online franking API. You can use it to generate combined address + franking labels that can be used instead of stamps for mailing both German domestic as well as international letters, including registered letters.

Inactive Projects


asis is the Asynchronous Streaming Imap Synchronizer. I wrote it in 2001, when I moved to Brazil, but still had my IMAP servers in Germany.

At that time, the latencies on those links were often quite high, possibly still including one or even two satellite links.

All existing softare I tried failed to efficiently synchronize hundreds of mailboxes with each up to tens or even hundreds of thousands of e-mails. The reason is quite simple: They were always synchronously waiting for a response from the server for each message, rather than asynchronously streaming as many commands as possible and then matching the corresponding responses.

That's why I wrote asis, which was an extended version if isync.

The project is unmaintained for a long time as I moved back to Germany and didn't really have a strong need for this software anymore. Today I would suggest using offlineimap instead.


The project was established to research security flaws in the DECT (Digital European Cordless Telephony) system.

The project homepage ist at


When buying a Quad G5 PowerPC and running Linux on it, the fans were always running at full speed. I hacked a bit in order to have a modified version of the therm_pm72.c driver. However, my code was not merged but Ben Herrenschmidt made a different implementation.


grouter (the router) was a small embedded Linux distribution specially for embedded Linux based routers, based on wdist/wisp-dist. I worked on it in 2004 but it is long abandoned.


This was my 2004 attempt to implement a deamon handling IPFIX (IP Flow Exchange) data, including data generated by the connection tracking based accounting (ct_acct) that I introduced into netfilter/iptables.

The project is incomplete and abandoned. Similar functionality has not been fully implemented, but should eventually become part of ulogd2.


In the aftermath of the overly-privacy-invasive legislation after the 9/11 attacks in 2001, governments around the world decided to add a RFID chip into all passports. Little was known to most poeople about the underlying communication technology of 13.56 MHz based magnetic coupling systems (ISO 14443, ISO 15693).

In order to provide a platform for mor applied research with the technology, my friends Milosch, Brita and I set out to develop an open hardware RFID reader for 13.56 MHZ RFID systems - and called it OpenPCD where PCD is a term from the spec (Proximity Coupling Device).

There later was an OpenPCD2 project of which I was no longer part of.


librfid is a C-language software implementation of the various protocol layers of the ISO 15693 and ISO 14443 (A and B) protocol stack. It can be used with a 'dumb reader' on a host PC, or it can be compiled directly into the firmware of a RFID reader such as OpenPCD.

The source code can be obtained via

git clone


libmrtd is an incomplete/abandoned C-language library project implementing access to biometric passports according to the ICAO MRTD (Machine Readable Travel Documents).

The source code can be obtained via

git clone git://


mmio_test is a small tool to measure the latency of memory-mapped I/O on a given computer architecture. What many developers don't know is that they CPU often has to wait/stall for thousands of CPU cycles to wait until a MMIO transaction (like a register read from a peripheral) has been completed. This latency differs based on CPU / chipset / bus architecture, and mmio_test helps to compare different systems in terms of this performance.

A git repository with the code can be found at


After we did OpenPCD for the RFID reader side, there was some work on implementing a simulator for the RFID card side, which is known as OpenPICC. My involvement was much less than in OpenPCD

More information can be found at


EZX is the acronym for a Linux-based Operating system for a certain generation of early Motorola smartphones like the A780, A1200 and others.

With the OpenEZX project I founded, we tried to reverse engineer the proprietary bits in this software and work on a free-software-only replacement. Unfortunately the project never completed, most likely also due to the resources being pulled into OpenMoko.

The project homepage is at


In 2006, before the first iPhone and Android were released, I was involved with the development of system-level software and the electronics of a series of Linux based smartphones called the Neo1973 and Freerunner. All of the software running on the Application Processor (Samsung s3c24xx) was free software, and all aspects of the phone open and hackable.

Unfortunately the window of opportunity to be the first on the market was closing down, and the project was not a commercial success. Still, it was pioneering work in not only how to build Linux based smart phones, but also in terms of how a company could design a product together with the Free Software community.

You can find lots of information about this project at


This was the server-side deamon + client-side library that I created in order to interface the Openmoko GSM baseband processor via AT-commands. There's not much Openmoko specific in it, and it can (and has been) used with other AT-command based GSM/GPRS/UMTS modems.

The source code can be obtained via git:

git clone

Openmoko u-boot

FIXME: git


Similar to OpenEZX, gnufiish tried to bring a Linux based Free Software operating systemt to the Acer glofiish series of phones. Unfortunately it never went beyond the level of porting kernel and/or bootloader.

OpenSC librfid support

FIXME: git


The reveng-tools are some small utilities that I hacked up either myself or from other free sofware bits and pieces in order to help unpacking / reverse-engineering firmware images of Linux based embedded devices.

This was mainly needed in the area of technical GPL license compliance checking.

FIXME: git


The via-chrome-tool is a small command-line utility to dump the current state of the registers of VIA Chrome GPUs on Linux. Useful for development + debugging.

FIXME: git


Airprobe is a collection of free software projects implementing software defined radio (SDR) receivers for the GSM Um radio interface. Using a general purpose SDR hardware like the Ettus USRP and airprobe, GSM signals between phones and base stations could be recorded, demodulated and decoded.

airprobe was the first step towards a lot of GSM security research, including the development of Kraken (the open source A5/1 key cracker) and many other tools for security research on the GSM radio interface.

By now it is mostly abandoned, as better and less expensive options exist, for example by using the burst_ind branch of OsmocomBB.

easyhack / easytool

In Taiwan, there is a a Mifare Classic RFID based payment system called EasyCard. This is not only used for public transport fare payments, but can be used for payments in convenience stores and even department stores. At least at the time of my research, the withdrawals were made only on the card itself and there was no online checking against a central database. So any successful modification to the card itself would make stores accept this form of payment.

Given my prior research into RFID security (with OpenPCD, librfid, OpenPICC, etc.) I investigated this system more closely and discovered I could break it. Using the revere-egnineered structure of the records on the card and pre-existing tools for breaking Mifare, I could manage to p

The resulting research had been presented at the 27C3 conference in December 2010: - Slides - Presentation - Paper summarizing the findings

The software I developed as proof-of-concept for this hack is called easytool.



This is the gnummonks statistical process control software, which I developed around the year 2000. It was used by a mechanical manufacturing company producing card parts by impact extrusion. As part of the quality control / quality assurance process, they needed software to perform what is known in the industry as statistical process control.

The software is a Linux command line application using a ncurses based interface. This was done to keep the requirements and implementation complexity as simple as possible, replacing existing DOS based systems that were no longer supported by the software vendor.