Protocol

0 views
Skip to first unread message

Dane Shea

unread,
Jan 11, 2010, 4:46:03 PM1/11/10
to vfs101driver
This is currently what we have on the commands that are sent to the
VFS101

PackNum Command CommArgs

XX XX XX XX XX XX XX .. .. ....

GetVersion - 00 00 02 00 , Args - 00

GetParam - 00 00 04 00 , Args - 2 bytes (28 00)

SetParam - 00 00 05 00 , Args - 4 bytes (11 00 08 00) - think first

2 bytes - is param number, and second two bytes - values

Download patch - 00 00 07 00, Args - patch , length unknown

Abort Print- 00 00 0E 00, Args - none

GetConfiguration - 00 00 06 00, Args - none

GetPrint - 00 00 03 00 , Args - 8 bytes length

Poke - 00 00 13 00, Args - 9 bytes length

Peek - 00 00 12 00, Args - ?5 bytes length

sensorSpiTrans - 00 00 14 00, Args - ?7 bytes length.

Sensor response includes command.

We are also fairly certain that the VFS uses endpoint 0x01 as control,
0x81 as IN and 0x82 as out.


The next step is to get this put into some code that can be used for
getting an image dump

Damir Syabitov

unread,
Feb 8, 2010, 7:21:22 AM2/8/10
to vfs101driver
00 00 01 00 - Reset
00 00 02 00 - GetVersion
00 00 03 00 - GetPrint
00 00 04 00 - GetParam
00 00 05 00 - SetParam
00 00 06 00 - GetConfiguration
00 00 07 00 - DownloadPatch
00 00 08 00 - GetRateData
00 00 09 00 - IspRequest
00 00 0A 00 - ProgramFlash
00 00 0B 00 - EraseFlash
00 00 0C 00 - LedStates
00 00 0D 00 - LedEvent
00 00 0E 00 - AbortPrint
00 00 0F 00 - Spare2
00 00 10 00 - Spare3
00 00 11 00 - Spare4
00 00 12 00 - Peek
00 00 13 00 - Poke
00 00 14 00 - SensorSpiTrans
00 00 15 00 - SensorGPIO
00 00 16 00 - GetFingerState

Dane Shea

unread,
Feb 8, 2010, 5:39:22 PM2/8/10
to vfs101driver
Damir said that he retrieved these from sniffing the windows driver,
unfortunately the data that he receives doesn't match the data from
the windows driver. Does anybody have any ideas?

Damir Syabitov

unread,
Feb 9, 2010, 6:17:02 PM2/9/10
to vfs101driver
Good news, guys! I partially decoded image format of a fingerprint.
beginning of the line 01 FE
every 47 lines - the 48th in 2 times longer
column 4 - all the time increases (from 00 to BC)
Column 6 - virtually all starts at C
Column 7 - almost all (all?) starts at 9
column 207 - zeros
column 208 - almost all zeros
Columns 273, 274, 275, 276 - 14 03 XX 00
column 277 - full match from column 4
column 278 - full match from column 5
column, 279, 280, 281 - from about the 100-200th row - 05 05 C8
column 282 - all XX
column, 283, 284 - the first 31 line - FF FF
column 285 - all 02

between the end of the logic affected by the first columns and the
beginning of the following - 200 columns = width of image - 200
pixels.

I wrote a test application - and the suspicion was confirmed - I saw
my fingerprint (but in a blue color ;)

Of course, we need more work - there were a lot of clear-that
meaningful data. But the beginning has been made.

Below is a simple algorithm for rendering.
unsigned char finger[] = "\x01\xfe ... etc
static int draw(){
int imgsize = (int) sizeof(finger) - 1;

int c = 0;
int i = 3;
int y = 0;

for (i; i < imgsize - 1; i++){
if ((finger[i] == 0x01) && (finger[i+1] == 0xFE)){
i+=6;
c = 0;
y++;
} else if (c <= 200){
draw_point(window, c, y, finger[i]); // just
draw pixel
c++;
}
}
}

And probably need to create somewhere temporary svn repository.

Dane Shea

unread,
Feb 9, 2010, 6:22:42 PM2/9/10
to vfs101...@googlegroups.com
Hey Damir,

This sounds like great news!!! I have created a SVN repository on google
code. You should be added as a committer so if you check your
googlecode account you should see it in your projects. Please commit so
we can see the full code.

Thanks,

Dane

Damir Syabitov

unread,
Feb 10, 2010, 2:26:22 AM2/10/10
to vfs101driver
Commited

Francesco Zuliani

unread,
Feb 11, 2010, 4:45:44 PM2/11/10
to vfs101...@googlegroups.com
Wow,

this is incredible news ....

I did some experiments on my own UsbSnoop-ed data.
Attached is a small very-hacky awk scripts that
reads a "UsbSnoop.log" file and dumps a compilable "finger.h" .

I've found some differences with respect to Damir, i.e.:


> every 47 lines - the 48th in 2 times longer

in my dump only the "first" 47 lines are followed by a double-len line.
Then this happens every 48 line, i.e. the 49th lines is double-len.

> every 47 lines - the 48th in 2 times longer
> column 4 - all the time increases (from 00 to BC)
> Column 6 - virtually all starts at C
> Column 7 - almost all (all?) starts at 9
> column 207 - zeros
> column 208 - almost all zeros
> Columns 273, 274, 275, 276 - 14 03 XX 00
> column 277 - full match from column 4
> column 278 - full match from column 5
> column, 279, 280, 281 - from about the 100-200th row - 05 05 C8
> column 282 - all XX
> column, 283, 284 - the first 31 line - FF FF
> column 285 - all 02

I'll soon try to confirm this findings.

> between the end of the logic affected by the first columns and the
> beginning of the following - 200 columns = width of image - 200
> pixels.

I don't understand this sentence ...

> I wrote a test application - and the suspicion was confirmed - I saw
> my fingerprint (but in a blue color ;)

I did see a fingerprint too .... once awk-extracted finger.h was
compiled with Damir small img program. It apparently does not strongly care
about the double-len lines position.

> ...


> And probably need to create somewhere temporary svn repository.

Feel free to add my script in some "utils" directory if you think it could
be useful.

Francesco (aka zullinux)


ana_vfs101.awk
Reply all
Reply to author
Forward
0 new messages