I wish we can have a way to turn off the hardware encryption too. But at this time, we don't have a firmware that doesn't do encryption to compare to and we don't understand what's in the firmware. Where should we start?
Yes, the encryption is done by the device itself. But is it possible that they write their own algorithm to simulate Windows Crypto API to encrypt the image so that in their windows driver they can use Windows Crypto API to decrypt the image easily? The reason of my guess is that the following functions are called in DPCOper2.dll, DPCrStor.dll and DPFPApi.dll: CryptAcquireContext CryptReleaseContext CryptGenRandom CryptGenKey CryptDestroyKey CryptDeriveKey CryptDecodeObject CryptEncodeObject CryptCreateHash CryptDestroyHash CryptHashData CryptDecrypt CryptEncrypt But it's also very possible that they use these functions for something else that has nothing to do with image decryption. -----Original Message----- From: Daniel Drake [mailto:[email protected]] Sent: Wednesday, May 27, 2009 12:04 PM To: Jeff Yang Cc: Artem Egorkine; [email protected] Subject: Re: [fprint] About DigitalPersona U.are.U 4500 Jeff Yang wrote: > I did compare the USB traces between 4000B and 4500 with 1.3.0 SDK. Like > I mentioned in my previous email, the driver does NOT send any > "firmware" data blob to 4500. It DOES send "firmware" data blob to > 4000B. Now I don't know where to start to figure out how to disable > hardware encryption since we don't know what's in the "firmware" (data > chunk? or compiled binary code? and what the compiler is?). For the 4000B, we did not need to understand the firmware (or even have a filesystem copy of it, in the end) in order to disable encryption. The same could possibly be true for the 4500. > I think > DigitalPersona uses Windows Crypto API for the encryption. I need to do > more study to see if it's possible to decrypt the image. An interesting > thought is how they decrypt the image under Linux? They write some > compatible library to simulate the windows Crypto API? Encryption happens on the device, not on the computer. I am pretty sure that the DigitalPersona device does not run Windows. Therefore they do not use the Windows Crypto API for encryption. And even if they did, I don't think that says anything about the actual encryption scheme being used. Daniel _______________________________________________ fprint mailing list [email protected] http://lists.reactivated.net/mailman/listinfo/fprint
