«
»

Breaking encryption the easy way

Yesterday, I successfully obtained images my Microsoft fingerprint reader. After cleaning up the driver a little, I decided to try my other device.

A little background:

There are 3 ranges of devices which we believe are all very similar:

  1. Digital Persona UareU 4000
  2. Digital Persona UareU 4000B
  3. Microsoft fingerprint reader (and products containing them)

The 4000B is basically a USB2 version of the 4000, and we think the Microsoft devices include ‘repackaged’ 4000B devices. My driver will hopefully support all 3. I own #1 and #3 and have sniffed logs from all 3 device types in my posession.

I plugged in my UareU 4000, and it sprang into life with my driver. I scanned a fingerprint and it gave me this:

Hmm. The data is very jumbled and is probably encrypted. I checked my logs, and sure enough – the data that comes from the 4000 and 4000B devices is jumbled and doesn’t show the same neat structure in comparison to the MS device.

A while ago, I had compared the 4000B firmware with the firmware for the MS devices. There is just one single bit difference between the two, suggesting that the devices are actually identical, yet the 4000B is sending encrypted data and the MS device is not?

I uploaded the 4000B firmware to my MS device, and sure enough, it then started sending encrypted images too. In other words, we have found the single bit in the firmware which turns encryption on and off.

This still leaves the problem that my 4000 device is still sending encrypted images. The firmware is quite different from the 4000B, but by looking at patterns in the byte data, I made an educated guess where the “encryption bit” would be in the UareU 4000 firmware. I uploaded the modified version to my device, and sure enough, it now sends unencrypted images.

I’m glad it turned out to be so easy.

This entry was posted on Monday, January 30th, 2006 at 6:24 pm and is filed under Fingerprinting, Gentoo. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

83 Responses to “Breaking encryption the easy way”

  1. Maik Says:
    January 30th, 2006 at 7:20 pm

    So I guess there’s no point in trying to crack the “encryption”, which can be done as easily as flipping that bit?

  2. dsd Says:
    January 30th, 2006 at 7:44 pm

    Indeed. Breaking encryption would be a very extreme challenge – it is much more sensible to try and work around it, or find weaknesses in the encryption. However, it would have been more enjoyable if they had made it just a little bit harder… :)

  3. TheMatt Says:
    January 30th, 2006 at 8:24 pm

    I got it! I’m supposed to see a unicorn, right? Oh…

  4. Josiah Ritchie Says:
    January 31st, 2006 at 2:45 pm

    Nice Work! Sounds like it was very useful to have several versions of the device and firmware around.

    TheMatt, your comment made me chuckle. :-)

  5. Sander Souza Says:
    February 1st, 2006 at 2:43 pm

    Its sound good! Soon I can use this to put BioAPI to work w my servers! Great WORK man!

  6. joaquin Says:
    February 1st, 2006 at 11:05 pm

    nice work, then… can you convert a MS fingerprint in a 4000b, changing the firmware???

  7. dsd Says:
    February 1st, 2006 at 11:25 pm

    At this time we have no reason to believe that the MS devices are any different from the UareU 4000B devices, other than:

    - The USB product/vendor ID numbers
    - The products they come bundled in
    - The drivers (and firmware) which come with them

    So, yes, you can “convert” one to the other just by sending the other firmware, as long as you ignore the USB ID’s.

  8. joaquin Says:
    February 2nd, 2006 at 9:30 pm

    Sorry, my level of linux development is very bad. I have installed Ubuntu, i have the linux kernel source code, i try to compile the driver to test it, but i have problems. My question is, the idea is run the dpfp.c or put the dpfp.c in the kernel of my linux and recompile the kernel with dpfp inside? I read all the website before make this stupid question. sorry again

  9. dsd Says:
    February 3rd, 2006 at 7:54 pm

    There is no documentation and this isn’t yet intended for end-users, but here are brief details which should get you going (maybe you could add them to the DriverDownload page of the wiki?)

    Cut the firmware using dpfp-firmware-cutter (should be self explanatory), and put the output file in the hotplug firmware directory.

    Make sure /usr/src/linux points at the compiled sources of your running kernel, and from the dpfp/driver directory, run:
    # make
    # insmod dpfp.ko

    To capture a print, use “cat /dev/dpfp0 > image.pgm”

  10. joaquin Says:
    February 5th, 2006 at 10:14 pm

    Dear Friends,

    I have a lot of problems, because i can’t compile the driver, finally i found that i need a kernel version greater than 2.6.14, because the function zkalloc is in this version or greater, finally i tested the driver with a uru4000,uru4000b and ms, and works fine all the time. Good job.

  11. dsd’s weblog » Blog Archive » More fun with fingerprints Says:
    February 15th, 2006 at 8:24 pm

    [...] dsd’s weblog it’s not you, it’s the e-talking « Breaking encryption the easy way [...]

  12. Anonymous Says:
    February 24th, 2006 at 2:43 pm

    where can i download “dpfp-firmware-cutter”?Thanks!

  13. dsd Says:
    February 24th, 2006 at 6:14 pm

    In SVN, see http://dpfp.berlios.de/wikka.php?wakka=DriverDownload
    Note that the current driver in svn is not usable.

  14. Alan Says:
    February 27th, 2006 at 7:57 pm

    Congratulations on your work so far !
    I’m currently trying to implement a security solution using either Microsoft’s or DigitalPersona and find most of the SDKs available (except griaule’s) are targeted towards the UareU and lack support for Microsoft’s. However, i’m able to get Microsoft’s device at a third of the price of a UareU device.

    Do you know if it’s possible to re-flash Microsoft’s device so it can work as the UareU device, under windows ? My Linux knowledge is scarse, if any, so i feel more comfortable working under windows.

    Regards,
    Alan.

  15. Riky Says:
    March 9th, 2006 at 4:28 am

    i have one U are U 4000 sensor, first i have the installation CD, but now the CD is broken because my stupid brother, please help me

    Model No. : URU4S-U1
    Part No. : 50006-001
    Rev. : 101
    Serial No. : 46811985

    please help me, i need software for my device, to graduate from same university in Indonesia
    Please help me……

  16. chirly Says:
    March 15th, 2006 at 12:03 pm

    how to upload the firmware(u.are.u4000)? and where can i get the tools to upload the firmware? please help me!! Thanks very much!!

  17. dsd Says:
    March 15th, 2006 at 1:49 pm

    Riky, chirly:
    See the homepage, http://dpfp.berlios.de

  18. chirly Says:
    March 15th, 2006 at 3:12 pm

    dsd:
    Nice Work! but where can I find “hotplug firmware directory”?

  19. chirly Says:
    March 15th, 2006 at 3:17 pm

    And how to re-flash the EEPOR? if it can be changed.

  20. chirly Says:
    March 16th, 2006 at 1:24 pm

    dsd:
    help me please!

  21. Kiran Alamgir Says:
    March 20th, 2006 at 5:35 pm

    Please I need a way to upload the firmware of digital persona to MS

    I am using windows currently

  22. Godzilla41 Says:
    April 7th, 2006 at 10:30 pm

    Nice project
    I am form thailand i sale finger print product and interest develop Finger in linux Now i have EDK of A5 Fingerprint product of http://www.zksoftware.com

  23. Adzni Says:
    April 20th, 2006 at 10:23 am

    AMi know know if U are U 4000 can be converted to serial? is there such converter?

  24. Adzni Says:
    April 20th, 2006 at 10:26 am

    May I know know if U are U 4000 can be converted to serial? is there such converter?
    Actually, my project is to make U are U 4000 to be a stand alone sensor by adding Bluetooth feature in it. However, stand alone Bluetooth only support serial. your suggestions are highly appreciated

  25. nathan Says:
    May 17th, 2006 at 6:32 pm

    to change the firmware in windows…

    if starting from scratch.
    1 – unzip MS software. (DP_PM_xxxxx, avail from Microsoft).
    2 – in *driver*, modify the *dpD0Bx01.dll* file (should be around 80kb) in a hex editor.
    3 – modify bit at 0xE9B7 from a 0 to a 1. save it.
    4- plug your MSFR in, and it should ask for drivers. point it to the stuff you unzipped/modified.

    if you already have it installed.
    1 – unplug your MSFP.
    2 – goto windows/system32/
    3 – modify the *dpD0Bx01.dll* file (should be around 80kb) in a hex editor.
    4 – modify bit at 0xE9B7 from a 0 to a 1. save it.
    5 – plug the MSFP back it.

    NOTE: Once you flip that one bit, the MS software will NOT work anymore. You can use GrFinger to verify that the image from the fingerprint ready is now encrypted. (before – fingerprint is visible; after – fingerprint is “noise”)

  26. dsd’s weblog » Blog Archive » libdpfp 0.2.0 released Says:
    August 16th, 2006 at 5:25 pm

    [...] Not requiring firmware avoids the potential distribution issues we had: we don’t have the rights to distribute their firmware. It is now not required because the device stores it, and even brand new devices seem to ship with the firmware already saved on the device. One reason we might need the firmware again is to disable encryption, but I’m reasonably confident we can do that without a firmware image — just waiting for someone who has a device which is encrypting images to come along so that I can test a theory. [...]

  27. dsd’s weblog » Blog Archive » Fingerprinting Says:
    August 30th, 2006 at 3:24 am

    [...] dsd’s weblog friend of the night « Using git-bisect to find buggy kernel patches Breaking encryption the easy way » [...]

  28. joseph Says:
    October 26th, 2006 at 6:42 am

    Hi im implementing an fingerprint enhancement algorithm using partial derivates just as verifinger algorithm, the idea is to continue the fvs project and is my Ms final work, Im working in windows with the C++ builder, Im about to purchase the UrU4000 but digital persona’s peoples told me that to obtain an image i have also to purchase their damn SDK, do anyone knows how to interactuate with the Driver whit out purchasing their SDK ??? guido.pusiol@gmail.com
    thnx

  29. Galerio Says:
    September 13th, 2007 at 9:11 pm

    Well… is there any software that is not Digital Persona that we can use with our MS fingerprint reader? Any better software… Maybe freeware…
    And after having changed the firmware (in the windows dll), can we use software like DigitalPersona PRO?

    Thanks

  30. -zer0- Says:
    October 21st, 2008 at 1:07 am

    i encountered a problem between the digital persona 4000 and 4000b, i developed program where i used the dp 4000 device. i was successfully finished this with grfinger driver (fingercap). the next thing, my company bought dp 4000b device i try to use this as a device to my program but it was not the same as dp 4000. the images output was jumbled or encrypted i think like dsd said.
    the question is what can i do to make the output of dp 4000b the same as dp 4000? i can’t realy understand the way dsd did at his explanation. i hope u can give me the specific way to do it. thank for advance.

  31. Antonio Calo' Says:
    February 9th, 2009 at 5:20 pm

    Have you the latest version of Grfinger.dll compatible with diglital persona 4000b

    i have the same problem (Breaking encryption the easy way)

    I have realized a software using grfinger.dll and the effect or problem is the same that figure

    Please Contact or help me

    Best regards
    Antonio Calo’

  32. Problème de couple Says:
    August 9th, 2014 at 2:11 am

    Problème de couple

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  33. natural acne treatment medicine Says:
    August 17th, 2014 at 9:34 am

    natural acne treatment medicine

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  34. clinically proven skin care products Says:
    August 22nd, 2014 at 1:09 pm

    clinically proven skin care products

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  35. High Performing Teams Says:
    September 17th, 2014 at 7:04 am

    High Performing Teams

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  36. breaking bad heisenberg art Says:
    October 6th, 2014 at 9:28 am

    breaking bad heisenberg art

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  37. lv ルイ ヴィトン バッグ Says:
    October 6th, 2014 at 10:03 am

    lv ルイ ヴィトン バッグ

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  38. loewe ロエベ ショルダーバッグ Says:
    October 7th, 2014 at 4:18 am

    loewe ロエベ ショルダーバッグ

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  39. メンズ フィットネスシューズ Says:
    October 19th, 2014 at 12:15 am

    メンズ フィットネスシューズ

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  40. http://forum.hoaatiso.info/threads/soikeo-info-cap-nhat-m-u-hop-gap-tuong-lai-hlv-mourinho-se-ro-trong-hom-nay.8056/ Says:
    October 16th, 2018 at 2:05 am

    http://forum.hathuo.info/threads/soikeo-info-cap-nhat-vang-tuc-chui-the-mourinho-de-dinh-an-phat-nang.8959/

    dsd

  41. download Says:
    February 17th, 2019 at 2:38 am

    download

    dsd

  42. 3 Says:
    April 8th, 2019 at 8:45 am

    Download site

    dsd

  43. camiseta camiseta LFP - Liga Says:
    April 10th, 2019 at 5:48 pm

    camiseta camiseta  Borussia Dortmund

    dsd

  44. SereneGlo Cream Says:
    May 30th, 2019 at 11:43 pm

    SereneGlo Review

    dsd

  45. lian.lu Says:
    June 14th, 2019 at 10:33 pm

    lian.lu

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  46. download Says:
    June 20th, 2019 at 11:23 am

    download

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  47. https://medium.com/@hytretehjk/rev-pump-reviews-f6fbb72ac856 Says:
    June 21st, 2019 at 8:13 pm

    https://medium.com/@hytretehjk/rev-pump-reviews-f6fbb72ac856

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  48. https://medium.com/@huthhmitchell43923/does-bio-native-keto-really-work-b3f5366428f0 Says:
    June 21st, 2019 at 8:31 pm

    https://medium.com/@huthhmitchell43923/does-bio-native-keto-really-work-b3f5366428f0

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  49. http://forum.web7229.phsite.eu/entry.php?21-Increase-Penis-Size-Naturally-And-Penis-Size-Facts-And-Male-Enhancement-Studies Says:
    June 24th, 2019 at 1:14 am

    http://forum.web7229.phsite.eu/entry.php?21-Increase-Penis-Size-Naturally-And-Penis-Size-Facts-And-Male-Enhancement-Studies

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  50. https://ejournal.unri.ac.id/index.php/JES/comment/view/13/0/11 Says:
    June 24th, 2019 at 6:35 am

    https://ejournal.unri.ac.id/index.php/JES/comment/view/13/0/11

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  51. http://www.3rdstreet.tv/rdir/httpslimlinicketoorg522325 Says:
    June 24th, 2019 at 11:56 am

    http://www.3rdstreet.tv/rdir/httpslimlinicketoorg522325

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  52. http://ckdrbsa.dothome.co.kr/board_wpRy68/166029 Says:
    June 24th, 2019 at 12:39 pm

    http://ckdrbsa.dothome.co.kr/board_wpRy68/166029

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  53. https://highway2success.org/author/marisaysv92/ Says:
    June 24th, 2019 at 11:45 pm

    https://highway2success.org/author/marisaysv92/

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  54. http://topopticalmart.com/main/index.php?mid=board_boBJ47&document_srl=1559641 Says:
    June 25th, 2019 at 8:24 pm

    http://topopticalmart.com/main/index.php?mid=board_boBJ47&document_srl=1559641

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  55. http://www.ankarahazineleri.com/author/fayhaviland/ Says:
    June 26th, 2019 at 1:57 am

    http://www.ankarahazineleri.com/author/fayhaviland/

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  56. https://www.smore.com/m63y9 Says:
    June 26th, 2019 at 4:54 am

    https://www.smore.com/m63y9

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  57. http://urls.wcl.co.com/primalboostelitepills861718 Says:
    June 26th, 2019 at 10:15 am

    http://urls.wcl.co.com/primalboostelitepills861718

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  58. https://www.academia.edu/39635092/Total_Reaction_CBD_CBD_Oil_Review_Side_Effects_and_More_ Says:
    June 27th, 2019 at 12:00 am

    https://www.academia.edu/39635092/Total_Reaction_CBD_CBD_Oil_Review_Side_Effects_and_More_

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  59. https://medium.com/@hamelahmuhhhy76561586/total-reaction-cbd-oil-review-1f2d0a7409ff Says:
    June 27th, 2019 at 7:02 am

    https://medium.com/@hamelahmuhhhy76561586/total-reaction-cbd-oil-review-1f2d0a7409ff

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  60. Natural Biogenics Forskolin Reviews Says:
    July 1st, 2019 at 8:28 pm

    Natural Biogenics Forskolin Reviews

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  61. Delta Prime Testo Price Says:
    July 2nd, 2019 at 3:07 am

    Delta Prime Testo Price

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  62. Keto Quick Diet Reviews Says:
    July 2nd, 2019 at 2:15 pm

    Keto Quick Diet Reviews

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  63. Derma Vi Cream Ingredients Says:
    July 2nd, 2019 at 2:24 pm

    Derma Vi Cream Ingredients

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  64. imgaphentqing.mihanblog.com Says:
    July 4th, 2019 at 9:15 pm

    imgaphentqing.mihanblog.com

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  65. https://friendsbookindia.com/blog/15792/tips-for-improving-toddler-skin-care/ Says:
    July 4th, 2019 at 9:17 pm

    https://friendsbookindia.com/blog/15792/tips-for-improving-toddler-skin-care/

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  66. http://buzzshare.ca/entry.php?59349-Skin-Care-The-Uncomplicated-strategy-Do-It-Right Says:
    July 5th, 2019 at 12:19 am

    http://buzzshare.ca/entry.php?59349-Skin-Care-The-Uncomplicated-strategy-Do-It-Right

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  67. http://egopvp.com/s/ketochargeplusreview844287 Says:
    July 5th, 2019 at 3:10 am

    http://egopvp.com/s/ketochargeplusreview844287

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  68. http://primoboostketo.com/ Says:
    July 5th, 2019 at 5:21 am

    http://primoboostketo.com/

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  69. http://lettieljz5809.wikidot.com/blog:4 Says:
    July 5th, 2019 at 9:04 am

    http://lettieljz5809.wikidot.com/blog:4

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  70. Keto Charge Says:
    July 5th, 2019 at 9:21 pm

    Keto Charge

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  71. Full Article Says:
    July 6th, 2019 at 4:41 pm

    Full Article

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  72. tasuwhakywha.mihanblog.com's website Says:
    July 7th, 2019 at 12:12 am

    tasuwhakywha.mihanblog.com’s website

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  73. http://www.vinhoscortem.com/index.ph...up-to-4-inches Says:
    July 7th, 2019 at 12:55 am

    http://www.vinhoscortem.com/index.ph…up-to-4-inches

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  74. http://www.temeculavalleybreweries.c...r-skin-healthy Says:
    July 7th, 2019 at 12:58 am

    http://www.temeculavalleybreweries.c…r-skin-healthy

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  75. icofokudun.mihanblog.com Says:
    July 7th, 2019 at 3:57 am

    icofokudun.mihanblog.com

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  76. http://mutionline.com/User-Profile/userId/43103.aspx Says:
    July 7th, 2019 at 4:46 am

    http://mutionline.com/User-Profile/userId/43103.aspx

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  77. http://rooseveltphillip.wikidot.com/blog:3 Says:
    July 7th, 2019 at 6:46 am

    http://rooseveltphillip.wikidot.com/blog:3

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  78. http://www.media-century.com/blogs/post/2315 Says:
    July 7th, 2019 at 2:54 pm

    http://www.media-century.com/blogs/post/2315

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  79. fabrikadialogov.ru Says:
    July 8th, 2019 at 11:39 am

    fabrikadialogov.ru

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  80. http://yanapetri.com/groups/ending-the-cyclical-ketogenic-diet-is-it-necessary-1772298580/ Says:
    July 12th, 2019 at 12:18 am

    http://yanapetri.com/groups/ending-the-cyclical-ketogenic-diet-is-it-necessary-1772298580/

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  81. http://greggkern065.wikidot.com/blog:2 Says:
    July 12th, 2019 at 11:54 am

    http://greggkern065.wikidot.com/blog:2

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  82. http://yalsabadges.ala.org/node/6679 Says:
    July 12th, 2019 at 7:20 pm

    http://yalsabadges.ala.org/node/6679

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

  83. http://www.vinhoscortem.com/index.php/wine-news/cortem-updates/entry/household-treats-for-clear-skin Says:
    July 15th, 2019 at 4:00 pm

    http://www.vinhoscortem.com/index.php/wine-news/cortem-updates/entry/household-treats-for-clear-skin

    dsd’s weblog » Blog Archive » Breaking encryption the easy way

Leave a Reply

You must be logged in to post a comment.