Need help with Validity91?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

228 Stars 19 Forks BSD 3-Clause "New" or "Revised" License 31 Commits 7 Opened issues


Reverse engineering the Validity 138a:0091 fingerprint sensor (Dell XPS 15/13 2016-2017 9X50 and 9X60)

Services available


Need anything else?

Contributors list

# 46,796
28 commits
# 7,423
Arch Li...
1 commit

Validity 91

This project aims at reverse engineering the protocol of the Validity 138a:0091 fingerprint sensor that is found on the XPS 15 9560, XPS 13 9360 and potentially other laptops. Apart from a few edge cases, this part is done. Yay! The reverse engineering the sensor for the XPS 15 9570 is out of scope but being done in a different repository.

Unfortunately, the matching algorithm used in the previous libfprint driver doesn't work with this sensor. They seem to rely on a single high quality image to do the matching, something that is never obtained. See this issue for more details.

This sensor should be pretty straightforward to reverse engineer since apparently it doesn't encrypt the traffic between the sensor and the OS. A big thanks to Nikita Mikhailov, from whom I learned that it is likely just unencrypted traffic. They are working on a similar project for a sensor that has encryption capabilities

Wireshark was used to sniff through traffic sent to and from the USB.


| Task | Status | |:-----------------------------------------------------------|:------------------------------------| | Create a script that dumps the output from others' laptops | Done | | Find the size of the image | 112✕112 image | | Find the initialization commands | WOMM | | Find the commands required for putting the sensor to sleep | WOMM | | Learn how to integrate with libfprint | Getting there | | Detect when finger is on the sensor | WOMM | | Detect when finger is taken off (is it possible?) | WOOM | | Develop a new fingerprint matching algorithm | 112x112 is too small for the previous one |

Getting started

Running prototype

You can use ~~conda~~ (not until 3.7 comes out because i decided to use

) if you like, but I provided a
that should make it easy to use pipenv.

Installing pipenv

  1. pkcon install pipsi
  2. pipsi install pipenv

Run the script

Change to the project directory, and run 1.

pipenv install
sudo make permissions
pipenv run python3

Or you may choose to run it within spyder 3.

pipenv run spyder3
4. Open the
file 5. Run it within Spyder

Wireshark development

The main strategy is to use Wireshark and a Windows Guest OS running in VirtualBox to capture all the traffic between a working Windows implementation and the sensor. I don't really think this is SUPER necessary. I was able to obtain a dump of the enrollment process on windows. 1. Install libusb:

pkcon install libusb-devel
3. Install Wireshark:
pkcon install wireshark
1. Set it up to capture USB output 2. Use
to find what USB bus the fingerprint sensor is connected to: 1.
Bus 001 Device 003: ID 138a:0091 Validity Sensors, Inc.
4. Install VirtualBox:
pkcon install VirtualBox
5. Install VirtualBox Extension Pack 6. Allow VirtualBox to run off your existing Windows partition * Warning, I kinda got activation warnings from Microsoft. I think they might be related to doing this. It might be more prudent to have a separate virtual drive running an unactivated version of Windows 10 but I just don't have the hard drive space for it. 7. Run Windows10, and capture the fingerprint output.

Add your user to the

group so you can share the USB devices:
sudo usermod -a -G vboxusers $USER

you might need

sudo make wireshark

to set the correct wireshark permissions for USB sniffing. You might want to use a wireshark filter like:

usb.addr == "1.6.0" || usb.addr == "1.6.1" || usb.addr == "1.6.2" || usb.addr == "1.6.3" || usb.addr == "1.6.4"

Helping out

This code doesn't send anything to the cloud. But, if you want to help develop this, considering sharing the difference in your dump file,

. I don't think it contains any personal information. As far as I know, I don't dump the fingerprint data.

I think the easiest way is to post a diff on Pastebin:

git diff dump.txt
and copy the output.

Let me know if you got a semblance of a fingerprint from the script.

Reverse engineering

So I am working off a single dump using my VirtualBox and Windows10 trying to log on to my computer. I'll try to share a new dump file from the enrollment procedure.

That should teach us how to detect when a finger is taken off too. But honestly, I don't know how to do this without making my fingerprints public on the web...

Here is a sample from the script from the side of my fingers: sample


Gitter chat

Similar projects

  • Validity90 works on doing this for sensors with encrypted traffic.
  • libfprint-vsf0090 Apparently made a PPA for fprint with the validity 0090 sensor
  • libfprint did this a while back for many sensors. Apparently we need to work toward this

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.