Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
public:smartcard:yubikey [2016-01-23 09:44] petrspublic:smartcard:yubikey [2016-12-01 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Yubikey ====== ====== Yubikey ======
  
-  * Types: Yubikey 4, Yubikey 4 Nano, Yubikey Nano +  * Types: Yubikey 4, Yubikey 4 Nano, Yubikey Nano (obatined from amazon 01/2016) 
-  * Switch to CCID modeYubikey Neo Manager +    * https://www.yubico.com/products/yubikey-hardware/yubikey4/ 
-    * process with pictures+  * Switch to CCID mode 
 +    * Yubikey Neo Manager https://developers.yubico.com/yubikey-neo-manager/Releases/ 
 +  * Yubikey Neo is no more shipped with developer keys 
 +    * https://www.yubico.com/2014/07/yubikey-neo-updates/ 
 +    * "YubiKey NEOs that have shipped from July 1st 2014, starting with serial number 3,000,000,", also "2624253 to 2624449 and 2624801 to 2625499" 
 +  * Yubikey 4 is not JavaCard at all (probably)
  
 ===== GPShell upload ===== ===== GPShell upload =====
Line 9: Line 14:
 Upload JavaCard applet via GPShell. Used script: Upload JavaCard applet via GPShell. Used script:
  
-<code yubikeyinstall.txt>+<code yubikeyinstall.txt>
   mode_211   mode_211
   enable_trace   enable_trace
Line 22: Line 27:
   card_disconnect    card_disconnect 
   release_context   release_context
-<code>  +</code>  
  
-<code> +Resulting trace with cryptogram verification failed error: 
-h:\Documents\Develop\AlgTest\AlgTest_JavaCard\!card_uploaders>GPShell.exe instal +<code c
-lAlgTest_Yubikey.txt+>GPShell.exe yubikeyinstall.txt
 mode_211 mode_211
 enable_trace enable_trace
Line 51: Line 56:
 ram failed.) ram failed.)
 </code> </code>
 +
 +<code c>
 +>GPShell.exe yubikeyinstall.txt
 +mode_211
 +enable_trace
 +establish_context
 +card_connect
 +* reader name Yubico Yubikey 4 CCID 0
 +select -AID a000000003000000
 +Command --> 00A4040008A000000003000000
 +Wrapped command --> 00A4040008A000000003000000
 +Response <-- 6A82
 +select_application() returns 0x80216A82 (6A82: The application to be selected co
 +uld not be found.)
 +</code>
 +
 +===== GlobalPlatformPro =====
 +
 +Used tool: GlobalPlatformPro by Martin Paljak https://github.com/martinpaljak/GlobalPlatformPro
 +
 +
 +==== Obtain CPLC info ====
 +
 +<code c>
 +>gp -info -verbose
 +Reader: Yubico Yubikey NEO CCID 0
 +ATR: 3BFC1300008131FE15597562696B65794E454F7233E1
 +More information about your card:
 +    http://smartcard-atr.appspot.com/parse?ATR=3BFC1300008131FE15597562696B65794
 +E454F7233E1
 +
 +Auto-detected ISD AID: A000000003000000
 +***** Card info:
 +Card CPLC:
 +ICFabricator: 4790
 +ICType: 5168
 +OperatingSystemID: 4791
 +OperatingSystemReleaseDate: 1210
 +OperatingSystemReleaseLevel: 3800
 +ICFabricationDate: 4317
 +ICSerialNumber: 02720893
 +ICBatchIdentifier: 2800
 +ICModuleFabricator: 4812
 +ICModulePackagingDate: 4324
 +ICCManufacturer: 0000
 +ICEmbeddingDate: 0000
 +ICPrePersonalizer: 1215
 +ICPrePersonalizationEquipmentDate: 1532
 +ICPrePersonalizationEquipmentID: 37323038
 +ICPersonalizer: 0000
 +ICPersonalizationDate: 0000
 +ICPersonalizationEquipmentID: 00000000
 +***** CARD DATA
 +GlobalPlatform card
 +Version: 2.1.1
 +TAG3: 1.2.840.114283.3
 +SCP version: SCP_02_55
 +TAG5: 1.3.656.840.100.2.1.3
 +TAG6: 1.3.6.1.4.1.42.2.110.1.2
 +***** KEY INFO
 +VER:2 ID:1 TYPE:DES3 LEN:16
 +VER:2 ID:2 TYPE:DES3 LEN:16
 +VER:2 ID:3 TYPE:DES3 LEN:16
 +</code>
 +
 +<code c>
 +>gp -info -verbose
 +Reader: Yubico Yubikey 4 CCID 0
 +ATR: 3BF81300008131FE15597562696B657934D4
 +More information about your card:
 +    http://smartcard-atr.appspot.com/parse?ATR=3BF81300008131FE15597562696B65793
 +4D4
 +
 +***** Card info:
 +GET DATA(CPLC) returned SW: 6D00
 +NO CPLC
 +***** CARD DATA
 +NO CARD DATA
 +***** KEY INFO
 +GET DATA(Key Information Template) not supported
 +</code>
 +
 +==== List applets ====
 +
 +List applets (gp -list -verbose). Note that same result optioned with -emv option:
 +<code c>
 +>gp -list -verbose
 +Reader: Yubico Yubikey NEO CCID 0
 +ATR: 3BFC1300008131FE15597562696B65794E454F7233E1
 +More information about your card:
 +    http://smartcard-atr.appspot.com/parse?ATR=3BFC1300008131FE15597562696B65794
 +E454F7233E1
 +
 +Auto-detected ISD AID: A000000003000000
 +Host challenge: 502D016B551CC8B5
 +Card challenge: 0002C7333C9DE8A3
 +Card reports SCP02 with version 2 keys
 +Master keys:
 +Version 0
 +ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
 +MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
 +KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
 +Sequnce counter: 0002
 +Derived session keys:
 +Version 0
 +ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:ADC1163BA2A147FBB84BF44C8676FB7D
 +MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:3E06B1C8FCFD788A573B9A9889D0CA50
 +KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:FC01096B6DB13ADEE0D4CB61D03FD3AA
 +openkms.gp.GPException: STRICT WARNING: Card cryptogram invalid!
 +Card: C0F743CBF8907B77
 +Host: 851B1DA65E331000
 +!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
 +        at openkms.gp.GlobalPlatform.printStrictWarning(GlobalPlatform.java:156)
 +
 +        at openkms.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:471)
 +        at openkms.gp.GPTool.main(GPTool.java:348)
 +</code>
 +
 +<code c>
 +>gp -list -verbose
 +Reader: Yubico Yubikey 4 U2F+CCID 0
 +ATR: 3BF81300008131FE15597562696B657934D4
 +More information about your card:
 +    http://smartcard-atr.appspot.com/parse?ATR=3BF81300008131FE15597562696B65793
 +4D4
 +
 +Exception in thread "main" java.lang.IllegalStateException: No selected ISD!
 +        at openkms.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:319)
 +        at openkms.gp.GPTool.main(GPTool.java:348)
 +
 +</code>
 +