Reversing a Fingerprint Reader Protocol (2021)

Summary

TLDR: The sensor uses TLS-PSK over USB. We overwrite the PSK and are able to read images. Scan of not-my-finger. I recently got a new Laptop (Lenovo Ideapad 5 - 15are05). Linux compatibility is quite good, as documented in the Arch Wiki. One part that is not working is the fingerprint reader. In this blog post I describe my approach to reverse engineering the fingerprint reader's windows driver and USB protocol. This results in a python script, capable of streaming images from the sensor at around 15 FPS. Fingerprint recognition, as implemented by for example libfprint, is not available yet. More recently, a Discord community was formed, with the goal to support all kinds of Goodix devices in libfprint. All code can be found in my GitHub Repository tlambertz/goodix-fingerprint-reversing. Contents Getting an overview of the device. The first step is figuring out what sensor I have. It is USB based, as lsusb shows: Bus 003 Device 005: ID 27c6:55a2 Shenzhen Goodix Technology Co.,Ltd. Goodix FingerPrint Device A Goodix sensor with the device id 27c6:55a2. As the main driver for fingerprint scanner support on Linux is libfprint, I check there first. Unfortunately, my device is listed on the Unsupported Devices List. There is not much other information about this specific product id to be found online. I later found a very helpful libfprint issue for a similar device, but only once I had some more keywords to google. @jjjollyjim had already done very similar work, but did not publish his implementation of the protocol. He did however publish a partial wireshark dissector, which came in handy. Logging USB traffic We know that the reader works with Windows, which therefore has to provide a valid driver for the device. This will be very helpful, as we have an 'easy' target to reverse engineer. All we need to do is to reproduce what the Windows driver does in Linux. My first hope was that the protocol is simple, so that a basic driver can be implemented just by examining and ...