libfprint v0.0.5 supports new MS hardware

A while ago, Microsoft released a new revision to their fingerprint reader product. The new revision includes some extra security and the open source software that I’ve previously written for the earlier models does not work with the new revision as a result.

The newly added security is a challenge-response algorithm, where the device challenges the authenticity of the driver soon after the device is plugged into the computer:

  1. The device sends a 16 byte challenge
  2. The driver sends a 16 byte response

The challenge produced by the device changes on every plugin and is probably just a random number. The driver then receives the challenge, applies a known secret algorithm to it, and sends the resultant data as a response. The device also knows the secret algorithm, and hence knows the correct response that the driver should send back. If the driver does not send back the correct response, the driver is not able to operate the useful functions of the device.

Naturally this poses a challenge for an open source driver implementation – unless we know the secret challenge-response algorithm, we are unable to operate the device. Previously, all reverse engineering of these devices has been done through bus traffic analysis alone (looking at the USB packets sent and received by the official Windows drivers, and making educated guesses as to what each packet means). It would not be practical to attempt to apply the same reverse engineering techniques to determine the secret challenge-response algorithm – we’re effectively talking about breaking 128 bit encryption by analysing a data set…

So, I got in contact with a 3rd party and we performed chinese wall reverse engineering on this particular part of the Microsoft driver. The 3rd party looked at disassembled instruction code of the Windows driver and documented the algorithms without reproducing any of their code. I received the documentation, and produced a clean-room reimplementation of the authentication scheme in my driver.

The secret challenge-response algorithm in use is simply AES with a specific decryption key.

I have released libfprint v0.0.5 which now supports these devices out of the box. Enjoy!

4 Responses to “libfprint v0.0.5 supports new MS hardware”

  1. giacomo Says:

    I don’t have one of these devices, but I can still appreciate your work. Hah, silly M$ trying to lock out FOSS… Thanks!

  2. Kevin Bowling Says:

    Beautiful! The ingenuity of open source never ceases to amaze me. I’m really excited about this project and can’t believe how quickly it is bearing fruit. You’ve already been targeted for inclusion in Fedora 9.

  3. estimated guess Says:

    0×79, 0xac, 0×91, 0×79, 0x5c, 0xa1, 0×47, 0x8e, 0×98, 0xe0, 0x0f, 0x3c, 0×59, 0x8f, 0x5f, 0x4b

  4. rescue a relationship Says:

    rescue a relationship

    dsd’s weblog » Blog Archive » libfprint v0.0.5 supports new MS hardware

Leave a Reply

You must be logged in to post a comment.