Damn, I always thought that the fingerprint data was encoded somehow and never left the sensor hardware itself! OS-level access to the imagery seems like a security risk, but also opens some interesting possibilities for alternative uses.
As noted in the article I reversed the protocol for a related Goodix device (which was on Intel so used actual SGX instead of the white-box): I used the firmware update system to insert additional vulnerabilities in the sensor firmware and extract the PSK from that side.
7 comments
[ 3.1 ms ] story [ 26.1 ms ] threadI did a talk about it here: https://www.youtube.com/watch?v=IyjUY-xvFw4
That's cool the raw data image GIMP
Wow, i expect them using hardcoded PSK, with PSK is flashed in factory.