Monthly Archives: March 2006

ZD1211 TX operational

After a couple of weeks of head-scratching, I managed to get the rewritten USB-wireless ZD1211 driver transmitting data.

The code has been written for a while, and although it seems to work (the device doesn’t indicate any form of failure), the frames simply weren’t “hitting the air”.

The problem originates from the huge number of undocumented physical registers in the vendor driver. Rather than list all 200 of them in our driver source in the ugly manner which ZyDAS do so, we devised a quick one-line macro to perform the same task:

#define CR(reg)                CTL_REG((reg)*4)

However, it appears that ZyDAS have some trouble counting. A snippet from the vendor driver:

#define        ZD_CR1            0x0004
#define        ZD_CR2            0x0008
#define        ZD_CR3            0x000C
#define        ZD_CR5            0x0010
#define        ZD_CR6            0x0014
#define        ZD_CR7            0x0018
#define        ZD_CR8            0x001C
#define        ZD_CR4            0x0020
#define        ZD_CR9            0x0024

1,2,3,5,6,7,8,4,9… Our macro obviously doesn’t match the unordered nature of those low CR addresses.
After inserting the appropriate hacks into our driver, packets start flying, as confirmed by another wireless card in monitor mode.

Be warned: although we have transmit and receive working to some degree, the driver isn’t ready for users wanting to connect to networks yet.

I’m attending the OSDL Wireless Developer Summit in the first week of April, and I’m hoping that we’ll have a partially usable driver in time for that.

dpfp 0.1

A bit later than anticipated, I have created initial releases for the dpfp project, a driver for DigitalPersona and Microsoft USB fingerprint readers.

My last attempt at the driver/library thing failed – I learned more about the device, and decided I should take a few steps back and work with a different design.

So far, the rewrite is working out, so I’m releasing an early version for people to try. The driver provides a simple character device interface, and the library provides a nice API to that interface. libdpfp includes an example program which you can use to scan your fingerprint to a PGM file.

This isn’t for general usage yet. There are basic instructions in the README file in the dpfp-driver distribution.

If you have questions, please don’t ask them in comments on my weblog, use the mailing list instead. Enjoy!

Mikko Kiviharju’s Black Hat session

Mikko gave his Black Hat Europe presentation about the security issues with Microsoft/DigitalPersona’s fingerprint readers recently, which seems to have been a success.

It has gained media attention, with a few reports floating around in addition to the one I linked to recently. has one of the better ones, including comments from Digital Persona. At least Mikko found one way to get through to them :)

Mikko’s slides are online here and it looks like audio will be published soon on this page. Mikko explains the lack of encryption and references the dpfp project in a few places for some of the discoveries. He also explains some of the device optics and demonstrates how the lack of encryption can be exploited to allow finger replay attacks.

into the real world

After the end of this academic year, I am taking a “year in industry” before returning for a final 2 years of study at The University of Manchester.

For the industrial year, I’ve been fortunate enough to find a position with a company building a product based on open-source. The product is not yet released and everything is being kept quiet, so I’ll have to spare the details for now. The company also contributes back to the community, which makes things even better.

The company is based in Boston, MA, and I’ll be moving out there for the duration. I can’t explain how excited I am about the whole thing. The company is nice and small and has a great working atmosphere, and the product will hit the market soon after I start in September.

Hopefully we’ll have published some marketing material at some point, so that people can gape in awe at the amazing technology :)

you have it measuring ELT

Danny van Dyk pointed out an interesting article about Mikko’s work on the Microsoft fingerprint scanners: Forscher hacken Microsofts Fingerprint Reader.

It’s in German, here’s Google’s English translation: Researchers chop Microsofts finger print reader.

The last paragraph, in real English:

Kiviharju wonders why Microsoft didn’t implement any Encryption. Quote: “Some experts who contacted me were as astonished as I was. It would have been a good product, but in the end, Microsoft screwed it.”