Problems reproducing the attack

[forense54]

Hi

My name is Javier and I am very interested in the world of smartphone security.

The article about the brute force attack on fingerprints caught my attention and I have tried to replicate it, but I am having problems using the hardware that I am going to tell you about, in case it can help me.

The "Auto clicker" does not work for me. I have noticed that there are pads on the PCB that do not have any components associated with them. Is it possible that there are some components to be assembled that are not documented?
I have tried the "Raw Capture" option of the "Attacking board". Apparently everything goes well and it creates two images of the fingerprint, one in the "try0" folder and another in "try1", but looking at the .bmp it creates, they are all the same, that is, it always generates the same image, although Let's capture different fingerprints.
I hope you can guide me on what may be happening.

Thank you and congratulations for the work done.

[alohachen]

Hi

My name is Javier and I am very interested in the world of smartphone security.

The article about the brute force attack on fingerprints caught my attention and I have tried to replicate it, but I am having problems using the hardware that I am going to tell you about, in case it can help me.

The "Auto clicker" does not work for me. I have noticed that there are pads on the PCB that do not have any components associated with them. Is it possible that there are some components to be assembled that are not documented? I have tried the "Raw Capture" option of the "Attacking board". Apparently everything goes well and it creates two images of the fingerprint, one in the "try0" folder and another in "try1", but looking at the .bmp it creates, they are all the same, that is, it always generates the same image, although Let's capture different fingerprints. I hope you can guide me on what may be happening.

Thank you and congratulations for the work done.

Sorry for the late reply, and thank you for your interest. Regarding the first question, some empty pad positions are for connecting resistors, but it seems that it can also work by short-circuiting them directly without connecting resistors. A conductive suction cup needs to be installed at the position of the round holes. Also, the longer the wire connecting the "Auto clicker," the better. As for the second question, are you referring to the try0 and try1 collected under the same press? It is normal for the fingerprint patterns of try0 and try1 to be the same, but their exposures are different; try0 is darker, while try1 is brighter.
If you have any more questions, please feel free to ask. Thank you.

[forense54]

Hi
My name is Javier and I am very interested in the world of smartphone security.
The article about the brute force attack on fingerprints caught my attention and I have tried to replicate it, but I am having problems using the hardware that I am going to tell you about, in case it can help me.
The "Auto clicker" does not work for me. I have noticed that there are pads on the PCB that do not have any components associated with them. Is it possible that there are some components to be assembled that are not documented? I have tried the "Raw Capture" option of the "Attacking board". Apparently everything goes well and it creates two images of the fingerprint, one in the "try0" folder and another in "try1", but looking at the .bmp it creates, they are all the same, that is, it always generates the same image, although Let's capture different fingerprints. I hope you can guide me on what may be happening.
Thank you and congratulations for the work done.

Sorry for the late reply, and thank you for your interest. Regarding the first question, some empty pad positions are for connecting resistors, but it seems that it can also work by short-circuiting them directly without connecting resistors. A conductive suction cup needs to be installed at the position of the round holes. Also, the longer the wire connecting the "Auto clicker," the better. As for the second question, are you referring to the try0 and try1 collected under the same press? It is normal for the fingerprint patterns of try0 and try1 to be the same, but their exposures are different; try0 is darker, while try1 is brighter. If you have any more questions, please feel free to ask. Thank you.

Thanks for answering.

I am not referring to the captures saved in try0 and try1, but rather that I capture several different fingerprints and they all generate the same images.

kind regards

[alohachen]

It's strange. I've never been in this situation before. Please check if the jumper cap is used to short-circuit the two pins of RC?

[MohammedArif85]

Hi,
My name is Arif and I am interested in Android security.

The article about the brute force attack on fingerprints caught my attention and I have tried to re-imperilment it, but I am having problems in programming Attacker Board hardware can you help me with resistor value for empty pad positions which are for connecting resistors or it can also work by short-circuiting them directly without connecting resistors for programming the board do I need to short them for burning code in controller and do I need STM Programmer for programming please help me with the details for implementing code I used STM32CubeIDE 1.15.0
I hope you can guide me on what.

Thank you and congratulations for the work done