Nmap Development mailing list archives
Re: Service probe for Cross Match Verifier E fingerprint capture device (need help!)
From: Martin Mačok <martin.macok () underground cz>
Date: Thu, 23 Dec 2004 22:33:38 +0100
On Thu, Dec 23, 2004 at 01:09:18AM +0100, Tomás García-Merás wrote:
http://www.crossmatch.com/products_singlescan_vE.html
Probe TCP VerifierAdvanced q|Query\r\n| ports 1501 match crossmatchverifier m|^Settings\r\nGain\x20(\d+)\r\nContrast\x20(\d+)\r\nTime\x20(\d+)\r\nIllumination\x20(\d+)\r\nProcessed\r\n$| v/Cross Match Technologies Verifier fingerprint capture advanced control port///
Seems OK to me (anyway, you could substitute "\x20" with " ") but you are true that the version string is a bit too long. Regarding those numbers in match ... could we get the version from it? However, there are often some TCP ports that does not respond to any "common" probes and every new specialized probe would slow down the scan for another 5s which is probably unacceptable trade off for now. It will probably make it to the end of nmap-service-probes in a commented out form now (like WWWOFFLEctrlstat Probe) until some port-related optimization kicks in (like "do not send rare probes to non-default ports" or "send general probes only" or similar...) That is just my comment, Fyodor has the final word on it.
*********************************************** The procedure for an application is to open a TCP/IP socket to port 1500 and send the following (ASCII Text): Subscribe followed by a LF character. This can optionally be followed by a "Liftquery" command if the application needs finger sensor notification events. From this point on the unit will send one of 3 messages: "Idle", "Notify" or, optionally, "Lift". *********************************************** *********************************************** If you don't have a fingerprint the device returns an "Idle"; if a new fingerprint image is available it returns "Notify"; and "Lift" if the finger sensor detects that finger has been removed from the platen (this is only sent by the device if the "Liftquery" command was previosly sent). By now, I'm trying with the following probe: Probe TCP Verifier q|Subscribe\r\n|
Shouldn't it be "Subscribe\n" only?
ports 1500 match crossmatchverifier m|^Idle\r\n$| v/Cross Match Technologies Verifier fingerprint capture control port///
My uncompetent guess - are you sure with "\r\n" after the Idle string? Maybe the CR is redundant? Any other character (fe. blank) there? Anyway, shouldn't we expect "Notify" too? If so, use "(Idle|Notify)" instead of "Idle" for that.
But the device does not return any data. If I telnet the device to the port 1500 and type "Subscribe" the device answers normally with "Idle"...
OK, since you have tested it with telnet, you probably verified that it acts upon CR+LF line endings too ... You should try $ echo -en "Subscribe\n" | nc -vvv target 1500 to verify that LF is enough to get a response. Try also $ echo -en "Subscribe\n" | nc -vvv target 1500 | xxd to get all the bytes from the response. You could do the same with adding this Probe to nmap-service-probes but without the match (and running -sV). Martin Mačok IT Security Consultant --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Service probe for Cross Match Verifier E fingerprint capture device (need help!) Tomás García-Merás (Dec 22)
- Re: Service probe for Cross Match Verifier E fingerprint capture device (need help!) Martin Mačok (Dec 23)
- <Possible follow-ups>
- Re: Service probe for Cross Match Verifier E fingerprint capture device (need help!) Tomás García-Merás (Dec 23)