7 comments

[ 3.1 ms ] story [ 26.1 ms ] thread
Damn, I always thought that the fingerprint data was encoded somehow and never left the sensor hardware itself! OS-level access to the imagery seems like a security risk, but also opens some interesting possibilities for alternative uses.
As noted in the article I reversed the protocol for a related Goodix device (which was on Intel so used actual SGX instead of the white-box): I used the firmware update system to insert additional vulnerabilities in the sensor firmware and extract the PSK from that side.

I did a talk about it here: https://www.youtube.com/watch?v=IyjUY-xvFw4

Author here, didn't expect to see this on HN today! If you've got any questions, shoot!
The real work ha underneath the software eg. I can't write a camera driver but thankfully someone else can

That's cool the raw data image GIMP

I didn't follow the byte ordering of the image format at the end. Anyone have an explanation?
> It then proceeds to generate a new, random, PSK and sends it to the device. This represents a trust-on-first-use security model.

Wow, i expect them using hardcoded PSK, with PSK is flashed in factory.