Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
public:smartcard:yubikey [2016-01-23 09:40] – created petrspublic:smartcard:yubikey [2016-12-01 13:28] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Yubikey ====== ====== Yubikey ======
  
-  * Types: Yubikey 4, Yubikey 4 Nano, Yubikey Nano +  * Types: Yubikey 4, Yubikey 4 Nano, Yubikey Nano (obatined from amazon 01/2016) 
-  * Switch to CCID modeYubikey Neo Manager +    * https://www.yubico.com/products/yubikey-hardware/yubikey4/ 
-    process with pictures +  * Switch to CCID mode 
-  Upload JavaCard applet +    * Yubikey Neo Manager https://developers.yubico.com/yubikey-neo-manager/Releases/ 
-    * gpshell+  Yubikey Neo is no more shipped with developer keys 
 +    https://www.yubico.com/2014/07/yubikey-neo-updates/ 
 +    * "YubiKey NEOs that have shipped from July 1st 2014, starting with serial number 3,000,000,", also "2624253 to 2624449 and 2624801 to 2625499" 
 +  * Yubikey 4 is not JavaCard at all (probably)
  
 +===== GPShell upload =====
 +
 +Upload JavaCard applet via GPShell. Used script:
 +
 +<code c yubikeyinstall.txt>
   mode_211   mode_211
   enable_trace   enable_trace
Line 19: Line 27:
   card_disconnect    card_disconnect 
   release_context   release_context
 +</code>  
 +
 +Resulting trace with cryptogram verification failed error:
 +<code c>
 +>GPShell.exe yubikeyinstall.txt
 +mode_211
 +enable_trace
 +establish_context
 +card_connect
 +* reader name Yubico Yubikey NEO CCID 0
 +select -AID a000000003000000
 +Command --> 00A4040008A000000003000000
 +Wrapped command --> 00A4040008A000000003000000
 +Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479112103800734A06072A864
 +886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0
 +40255650B06092B8510864864020103660C060A2B060104012A026E01029000
 +open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
 +f -enc_key 404142434445464748494a4b4c4d4e4f
 +Command --> 80CA006600
 +Wrapped command --> 80CA006600
 +Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864
 +886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012
 +A026E01029000
 +Command --> 805000000843D9EC752E07E13200
 +Wrapped command --> 805000000843D9EC752E07E13200
 +Response <-- 0000431702720893280002020002C7333C9DE8A3B017C206FA9B091C9000
 +mutual_authentication() returns 0x80302000 (The verification of the card cryptog
 +ram failed.)
 +</code>
 +
 +<code c>
 +>GPShell.exe yubikeyinstall.txt
 +mode_211
 +enable_trace
 +establish_context
 +card_connect
 +* reader name Yubico Yubikey 4 CCID 0
 +select -AID a000000003000000
 +Command --> 00A4040008A000000003000000
 +Wrapped command --> 00A4040008A000000003000000
 +Response <-- 6A82
 +select_application() returns 0x80216A82 (6A82: The application to be selected co
 +uld not be found.)
 +</code>
 +
 +===== GlobalPlatformPro =====
 +
 +Used tool: GlobalPlatformPro by Martin Paljak https://github.com/martinpaljak/GlobalPlatformPro
 +
 +
 +==== Obtain CPLC info ====
 +
 +<code c>
 +>gp -info -verbose
 +Reader: Yubico Yubikey NEO CCID 0
 +ATR: 3BFC1300008131FE15597562696B65794E454F7233E1
 +More information about your card:
 +    http://smartcard-atr.appspot.com/parse?ATR=3BFC1300008131FE15597562696B65794
 +E454F7233E1
 +
 +Auto-detected ISD AID: A000000003000000
 +***** Card info:
 +Card CPLC:
 +ICFabricator: 4790
 +ICType: 5168
 +OperatingSystemID: 4791
 +OperatingSystemReleaseDate: 1210
 +OperatingSystemReleaseLevel: 3800
 +ICFabricationDate: 4317
 +ICSerialNumber: 02720893
 +ICBatchIdentifier: 2800
 +ICModuleFabricator: 4812
 +ICModulePackagingDate: 4324
 +ICCManufacturer: 0000
 +ICEmbeddingDate: 0000
 +ICPrePersonalizer: 1215
 +ICPrePersonalizationEquipmentDate: 1532
 +ICPrePersonalizationEquipmentID: 37323038
 +ICPersonalizer: 0000
 +ICPersonalizationDate: 0000
 +ICPersonalizationEquipmentID: 00000000
 +***** CARD DATA
 +GlobalPlatform card
 +Version: 2.1.1
 +TAG3: 1.2.840.114283.3
 +SCP version: SCP_02_55
 +TAG5: 1.3.656.840.100.2.1.3
 +TAG6: 1.3.6.1.4.1.42.2.110.1.2
 +***** KEY INFO
 +VER:2 ID:1 TYPE:DES3 LEN:16
 +VER:2 ID:2 TYPE:DES3 LEN:16
 +VER:2 ID:3 TYPE:DES3 LEN:16
 +</code>
 +
 +<code c>
 +>gp -info -verbose
 +Reader: Yubico Yubikey 4 CCID 0
 +ATR: 3BF81300008131FE15597562696B657934D4
 +More information about your card:
 +    http://smartcard-atr.appspot.com/parse?ATR=3BF81300008131FE15597562696B65793
 +4D4
 +
 +***** Card info:
 +GET DATA(CPLC) returned SW: 6D00
 +NO CPLC
 +***** CARD DATA
 +NO CARD DATA
 +***** KEY INFO
 +GET DATA(Key Information Template) not supported
 +</code>
 +
 +==== List applets ====
 +
 +List applets (gp -list -verbose). Note that same result optioned with -emv option:
 +<code c>
 +>gp -list -verbose
 +Reader: Yubico Yubikey NEO CCID 0
 +ATR: 3BFC1300008131FE15597562696B65794E454F7233E1
 +More information about your card:
 +    http://smartcard-atr.appspot.com/parse?ATR=3BFC1300008131FE15597562696B65794
 +E454F7233E1
 +
 +Auto-detected ISD AID: A000000003000000
 +Host challenge: 502D016B551CC8B5
 +Card challenge: 0002C7333C9DE8A3
 +Card reports SCP02 with version 2 keys
 +Master keys:
 +Version 0
 +ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
 +MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
 +KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F
 +Sequnce counter: 0002
 +Derived session keys:
 +Version 0
 +ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:ADC1163BA2A147FBB84BF44C8676FB7D
 +MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:3E06B1C8FCFD788A573B9A9889D0CA50
 +KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:FC01096B6DB13ADEE0D4CB61D03FD3AA
 +openkms.gp.GPException: STRICT WARNING: Card cryptogram invalid!
 +Card: C0F743CBF8907B77
 +Host: 851B1DA65E331000
 +!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
 +        at openkms.gp.GlobalPlatform.printStrictWarning(GlobalPlatform.java:156)
 +
 +        at openkms.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:471)
 +        at openkms.gp.GPTool.main(GPTool.java:348)
 +</code>
 +
 +<code c>
 +>gp -list -verbose
 +Reader: Yubico Yubikey 4 U2F+CCID 0
 +ATR: 3BF81300008131FE15597562696B657934D4
 +More information about your card:
 +    http://smartcard-atr.appspot.com/parse?ATR=3BF81300008131FE15597562696B65793
 +4D4
 +
 +Exception in thread "main" java.lang.IllegalStateException: No selected ISD!
 +        at openkms.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:319)
 +        at openkms.gp.GPTool.main(GPTool.java:348)
 +
 +</code>
 +
 +