More fun with fingerprints

dpfp driver and library are progressing steadily, hoping to make an initial release within the next few days.

Looking for hardware hackers

I’d like to thank Joaquin Custodio for donating a Digital Persona U.are.U 4000B fingerprint reader, which completes my collection of every type of product in the range! It will be interesting to finally confirm whether there are any differences at all between the 4000B device and the MS hardware.

Actually, Joaquin sent me a total of 7 UareU 4000B readers! 6 of them are incomplete: no chassis or cable, and they have defects in the glass surface.

These standalone units are intended for distribution to interested hardware hackers. There is some persistant and flashable memory on the device (some form of EEPROM) as well as a central IC. There is also an easily accessible 15-pin interface to the board.

It’s not clear if dumping the device memory contents will prove useful, but it’s an interesting possibility. If anyone is interested and has access to the kind of equipment needed to hack on this kind of thing, please send me an email and I’ll send you a device. Joaquin also tells me that there are plenty more units available.

Encryption, round 2

I was sent the URL to Black Hat Europe‘s list of accepted papers. Particularly interesting is a paper titled Hacking fingerprint Scanners – Why Microsoft’s Fingerprint Reader Is Not a Security Feature.

The speaker, Mikko Kiviharju, made the same discovery that the fingerprints from the Microsoft devices are not encrypted at all, and will be talking about ways that the lack of encryption can be used to fool the system.

After reading that blurb, I found Mikko’s email address and sent him an email detailing my findings with the encryption control bit in the device firmware.

Naturally, Mikko was interested and is now investigating the encryption mechanism in use. And he’s quite the man for the job:

Mikko Kiviharhju has worked several years as a research scientist in the fields of data security and cryptology within Finnish government.

There’s not much to report yet, I am sending Mikko the various logs we have so that he can perform further analysis. So far, he has identified a possible bug in the encryption algorithm: 3 rows of every encrypted image are never encrypted. You can see this clearly in the image I posted last time. That is slightly weird.

10 Responses to “More fun with fingerprints”

  1. Alan Says:

    Hi, is there a way of getting Mikko’s paper on fingerprint scanners ? Download, email ?


  2. Riky Says:

    i buy one U are U 4000 sensor, first i have the installation CD, but now the CD is broken because my stupid brother, please help me

    Model No. : URU4S-U1
    Part No. : 50006-001
    Rev. : 101
    Serial No. : 46811985

    please help me, i need software for my device
    please help me………

  3. Kiran Alamgir Says:

    See I am newbie forgive me

    I want to upload the digital persona firmware to my MS device but I still want to use that on windows

    Only want to upload for encryption and SDK purposes

    Help is apprecited and thanked

    Mail me at kiran.alamgir @

  4. MrChris Says:

    Where can I get the Password Manager for my DigitalPersona 4000 USB Scanner? I dont have the Microsoft One.

    I tried the DigitalPersona Password Manager from M$ website but the drivers packaged with it dont work. And when using the drivers from I can get winxp to see the device but cant install the password manager from M$, it says it cant be installed with the digitalpersona scanner.

    Many thanks,


  5. maitrey Says:

    Send U.are.U 4000 driver file

  6. Bob Says:

    I aquired a few UareU 4000 finger scanners (damaged cases, cut wires, basically useless for real world use, but something to play with).

    Have you found anyway to use it without the original software? I have no intention of buying the software, just to play around with it.

  7. christine Says:

    can you help me where to dowload the driver of DigitalPersona U.are.U 4000B driver for free because i lost the cd… T_T

  8. Download Says:



  9. Torrent Says:



  10. download Says:


    dsd’s weblog » Blog Archive » More fun with fingerprints

Leave a Reply

You must be logged in to post a comment.