libfprint v0.0.5 supports new MS hardware
A while ago, Microsoft released a new revision to their fingerprint reader product. The new revision includes some extra security and the open source software that I’ve previously written for the earlier models does not work with the new revision as a result.
The newly added security is a challenge-response algorithm, where the device challenges the authenticity of the driver soon after the device is plugged into the computer:
- The device sends a 16 byte challenge
- The driver sends a 16 byte response
The challenge produced by the device changes on every plugin and is probably just a random number. The driver then receives the challenge, applies a known secret algorithm to it, and sends the resultant data as a response. The device also knows the secret algorithm, and hence knows the correct response that the driver should send back. If the driver does not send back the correct response, the driver is not able to operate the useful functions of the device.
Naturally this poses a challenge for an open source driver implementation – unless we know the secret challenge-response algorithm, we are unable to operate the device. Previously, all reverse engineering of these devices has been done through bus traffic analysis alone (looking at the USB packets sent and received by the official Windows drivers, and making educated guesses as to what each packet means). It would not be practical to attempt to apply the same reverse engineering techniques to determine the secret challenge-response algorithm – we’re effectively talking about breaking 128 bit encryption by analysing a data set…
So, I got in contact with a 3rd party and we performed chinese wall reverse engineering on this particular part of the Microsoft driver. The 3rd party looked at disassembled instruction code of the Windows driver and documented the algorithms without reproducing any of their code. I received the documentation, and produced a clean-room reimplementation of the authentication scheme in my driver.
The secret challenge-response algorithm in use is simply AES with a specific decryption key.
I have released libfprint v0.0.5 which now supports these devices out of the box. Enjoy!
December 7th, 2007 at 5:25 pm
I don’t have one of these devices, but I can still appreciate your work. Hah, silly M$ trying to lock out FOSS… Thanks!
December 7th, 2007 at 8:52 pm
Beautiful! The ingenuity of open source never ceases to amaze me. I’m really excited about this project and can’t believe how quickly it is bearing fruit. You’ve already been targeted for inclusion in Fedora 9.
March 12th, 2008 at 3:17 am
0×79, 0xac, 0×91, 0×79, 0x5c, 0xa1, 0×47, 0x8e, 0×98, 0xe0, 0x0f, 0x3c, 0×59, 0x8f, 0x5f, 0x4b
November 24th, 2019 at 2:40 pm
rescue a relationship
dsd’s weblog » Blog Archive » libfprint v0.0.5 supports new MS hardware