Skip to content

Sprayxe/fp-eh0576

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

20 Commits
ghidra
ghidra
 
 
libfprint
libfprint
 
 
usb_research
usb_research
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Linux support for EgisTec EH576

After installing Linux on my IdeaPad Flex 5 14ALC7 Laptop the fingerprint reader did not work anymore because there was no driver for the EH576 (1c7a:0576) fingerprint reader.

WIP State

Currently the driver still has an "okay" amount of false rejection rates. I am currently using it on Fedora 43 and it works reliably most of the time.

  • ghidra/: Contains the Ghidra project files where I renamed some functions and variables of the EgisTouchFP0576.dll as good as I could. You can get the .dll driver files from the Lenovo download page down below.
  • libfprint/: Contains the driver files for integration into libfprint. I have already created a merge request.
  • usb_research/: Contains the CMake project I used for reverse engineering and testing efforts before I went on to write the libfprint driver.

Thank You

Huge credit goes to Animeshz's efforts on github and on libfprint as those laid the base for this effort. Initial tests proved that the EH575 and the EH576 seem to work similar as by just providing the EH575 packets I was able to occasionally get little data out of mine even though the EH576 is not a swipe sensor.

Reverse Engineering

I was unable to get the fingerprint reader to work in a VM (both Win10 and Win11) and Wireshark USBcap does not allow to be run on Windows-To-Go so I could not use any USB captures from Windows.

Therefore, the rest of the reverse engineering was solely done with static analysis in Ghidra of the EgisTouchFP0576.dll UMDF driver provided by Lenovo. I am no professional "hacker" by any means so I cannot guarantee that this project is 100% correct.

Functionality

As you might already know libfprint is pretty bad at processing small sensors: the EH576 has an output image of 70x57. Therefore I implemented three post-processing steps:

  1. Normalize the image.
  2. Upscale it by a factor of 2 to 140x114.
  3. Put into the center of a 256x256 white canvas.

This seems to be okay enough for libfprint to generate scores and even matches.

The biggest issue beside unreliable matching scores is that the BZ3 threshold has to be reduced to around 10 which is a pretty low threshold and therefore imposes a security risk. While I managed to reach pretty high scores they don't happen often enough to increase it to a higher value (for now?) .

Contributing

If you can help me improve this project feel free to open a pull request.

About

Reverse engineering the EgisTech EH576 (1c7a:0576) fingerprint sensor for the purpose of writing a libfprint driver for Linux.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages