Re: Protocol

[Francesco Zuliani]

Hi,

I did some more in depth analysis of my UsbSnoop logs ...
Below my findings:

First of all my lines contain 292 fields.
Apparently I'm able to get an image out of them using columns
up to 264, even though column 201-264 seem to represent some
"other part" of the fingerprint ...

> every 47 lines - the 48th in 2 times longer
as I said in last email this number in my case is every 49 lines
(except the first time)

> column 4 - all the time increases (from 00 to BC)
I see it increasing too, but in my case range is [0x00-0xef].
Most of the time it increases every "8" lines, but not always,
(sometimes even a single line suffices)

> Column 6 - virtually all starts at C
In my log this is a number fluctuating roughly between [0xe0-0xff]

> Column 7 - almost all (all?) starts at 9
In my log this is number is 'a'

> column 207 - zeros
Yes

> column 208 - almost all zeros
on 3 different logs:
389 "non-zeros" out of a total of 1686 data (23%)
823 "non-zeros" out of a total of 1754 data (46%)
606 "non-zeros" out of a total of 1120 data (54%)

> Columns 273, 274, 275, 276 - 14 03 XX 00
in my logs XX = 0x71 always

> column 277 - full match from column 4
Yes

> column 278 - full match from column 5
Not at all :(

> column, 279, 280, 281 - from about the 100-200th row - 05 05 C8
in my logs at the end they change again...

> column 282 - all XX
in my logs this is always 0x00 ... regalrdless of value in column 275

> column, 283, 284 - the first 31 line - FF FF
yes

> column 285 - all 02
Yes

> between the end of the logic affected by the first columns and the
> beginning of the following - 200 columns = width of image - 200
> pixels.
> I wrote a test application - and the suspicion was confirmed - I saw
> my fingerprint (but in a blue color ;)

as I said I can use also columns from 200-264.

They clearly appear as fingerprints, but from a different part of the finger.
(apparently unrelated to 0-200)

Not sure whether your was a joke, ... you know your images are "blue"
by construction. :)

> Of course, we need more work - there were a lot of clear-that
> meaningful data. But the beginning has been made.

I'm also playing with your proto .... :)
I'll let you know my results.

Francesco

[Syabitov Damir]

I found something strange in protocol replaying...
I have a linux box. In linux installed Virtualbox with XP guest. In XP
installed Validity driver. Sensor does not work in XP (ha-ha), BUT:
sensor replies to the validity driver similar to replies, given to
linux. Is driver use some of vista features? M$ make something non-rfc
again? Now, i want to make another test: 1) Install Vista in VirtualBox
and run it under linux.
2) Run XP guest in Vista host.

[Damir Syabitov]

Next tests:
Linux host - Vista guest -- device does not work, responses
similar to test app

Vista host - Any guest - VirtualBox error - can't detach device
from host (E_INVALIDARG)

Any ideas?

[Francesco Zuliani]

Hi All,

> Next tests:
> Linux host - Vista guest -- device does not work, responses
> similar to test app
>
> Vista host - Any guest - VirtualBox error - can't detach device
> from host (E_INVALIDARG)
>
> Any ideas?

Don't know how much this helps but:
- I succeded installing Windows7 in a Virtualized QEMU+KVM environment.

- I assigned the FingerPrint usb device of the host (Linux Fedora12) to
the Win7 guest Machine.

- I installed drivers and DigitalPersona SW in the virtualized Win7.

- I'm able to enroll my finger and log in the system

My next step is to "record" the traffic going thru the USB device,
and try a re-play.

Don't hesitate to write if you need more details.

Francesco

[Francesco Zuliani]

Hi All,

> Don't know how much this helps but:
> - I succeded installing Windows7 in a Virtualized QEMU+KVM environment.
>
> - I assigned the FingerPrint usb device of the host (Linux Fedora12) to
> the Win7 guest Machine.
>
> - I installed drivers and DigitalPersona SW in the virtualized Win7.
>
> - I'm able to enroll my finger and log in the system
>
> My next step is to "record" the traffic going thru the USB device,
> and try a re-play.

Recording step is completed:
I.e.
- I mounted debugfs filesystem (mount -t debugfs none /sys/kernel/debug)
- Fedora 12 has usbmon compiled-in the default kernel
- Verified usb bus of Validity FingerPrint (Vendor=138a)
cat /proc/bus/usb/devices | less
...
T: Bus=06 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 2 Spd=12 MxCh= 0
D: Ver= 1.10 Cls=ff(vend.) Sub=00 Prot=ff MxPS= 8 #Cfgs= 1
P: Vendor=138a ProdID=0001 Rev= 3.72

- started logging bus6 with
cat /sys/kernel/debug/usb/usbmon/6u > /tmp/1.mon.out

- started qemu+kvm win7 machine

- used qemu-monitor mode to add usb_device
Ctrl-Alt-2
usb_add host:138a:0001

- swiped my finger (3 times .... the first 2 were not "recognized")

- stopped logging (Ctrl-C on cat command)

Francesco

[Syabitov Damir]

Super! Do you use gtalk?

[Francesco Zuliani]

Hi All,

> Recording step is completed:

I've done some analisys of the logs obtained via usbmon.

Things seem different from previous UsbSnoop sniffed log.
(but maybe my scripts are not working properly)

I can still find lines starting with "01fe".
Most of the line have 287 elements long.
Every 3 or 4 lines I've 414 elements ???

I don't have the nice "double" lines every 47 one !!!

None of the other regularities seem confirmed ...

The image I get out of the data seems mostly uncorrect ...

I hope something is wrong with my analysis ... :)

Francesco

[Dane Shea]

Hey guys,

have you had anymore progress on this?

On Feb 26, 10:59 pm, Francesco Zuliani <francesco.zuli...@gmail.com>
wrote:

[Dane Shea]

btw, let's try to keep the google code repo updated with the latest
code. Just in case somebody wants to jump in on development. I get
emails every now and then.