Skip to main content
Topic: [n00b] Help using bus pirate to hack a fingerprint encrypted USB (Read 510 times) previous topic - next topic

[n00b] Help using bus pirate to hack a fingerprint encrypted USB

Hi, I'm trying to use the Bus Pirate that I just got to hack into a generic Chinese fingerprint encrypted USB drive. If you're wondering why, my landlord sometimes gets me to do odd jobs in exchange for beer. He apparently has bitcoin and ethereum keys on said drive that he bought from eBay and didn't enrol his fingerprint the right way (pressed instead of swiped his finger)..

Apparently you can use the Bus Pirate to connect to the USB drive via UART and send it the open sesame code.
The only thing I had to go off were the resources below, currently I'm trying to solder the leads from the bus pirate onto the USB drive's serial debug points but I have no idea which points to solder. Currently I've only soldered on 5V, GND, TXD and RXD and I can't seem to connect to it with teraterm.
Any idea what else I have to solder? The serial points on the USB drive are DM, CLK, RXD, +5V, DP, IO, TXD, GND


"Bypassing fingerprint identification via command injection"
https://www.youtube.com/watch?v=MCkOhymGDaY&feature=emb_title

"Attacking encrypted USB keys the hard(ware) way"
https://elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way/


The image below isn't mine but it's the exact same fingerprint usb that I have.








Re: [n00b] Help using bus pirate to hack a fingerprint encrypted USB

Reply #1
Serial line signals are TXD (transmit) and RXD (receive); you also need GND as that is the reference. No need to solder +5V as it seems like you are plugging the memory stick anyway. One thing I hate about serial is that direction is not obvious and it's not easy to figure out which direction those labels assume ( who is transmitting and who is receiving?!).

Looking at the picture in the slides and zooming in, it looks like they just connected GND pad to GND pin and TXD pad to TXD pin on Bus Pirate. RXD is not needed as that's for receiving data and you just need to send data to unlock it. If it doesn't work, you can connect RXD pad on the USB stick to TXD pin on Bus Pirate and try again.