This is an old revision of the document!
Yubikey
- Types: Yubikey 4, Yubikey 4 Nano, Yubikey Nano
- Switch to CCID mode: Yubikey Neo Manager
- process with pictures
- Yubikey is no more shipped with developer keys
- “YubiKey NEOs that have shipped from July 1st 2014, starting with serial number 3,000,000,”, also “2624253 to 2624449 and 2624801 to 2625499”
GPShell upload
Upload JavaCard applet via GPShell. Used script:
- yubikeyinstall.txt
mode_211 enable_trace establish_context card_connect select -AID a000000003000000 open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4f -enc_key 404142434445464748494a4b4c4d4e4f #get_status -element 100 #delete -AID 6D7970616330303031 #delete -AID 6D797061636B616731 #install -file AlgTest.cap -nvDataLimit 2000 -instParam 00 card_disconnect release_context
Resulting trace with cryptogram verification failed error:
>GPShell.exe yubikeyinstall.txt mode_211 enable_trace establish_context card_connect * reader name Yubico Yubikey NEO CCID 0 select -AID a000000003000000 Command --> 00A4040008A000000003000000 Wrapped command --> 00A4040008A000000003000000 Response <-- 6F658408A000000003000000A5599F6501FF9F6E06479112103800734A06072A864 886FC6B01600C060A2A864886FC6B02020101630906072A864886FC6B03640B06092A864886FC6B0 40255650B06092B8510864864020103660C060A2B060104012A026E01029000 open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4 f -enc_key 404142434445464748494a4b4c4d4e4f Command --> 80CA006600 Wrapped command --> 80CA006600 Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864 886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012 A026E01029000 Command --> 805000000843D9EC752E07E13200 Wrapped command --> 805000000843D9EC752E07E13200 Response <-- 0000431702720893280002020002C7333C9DE8A3B017C206FA9B091C9000 mutual_authentication() returns 0x80302000 (The verification of the card cryptog ram failed.)
>GPShell.exe yubikeyinstall.txt mode_211 enable_trace establish_context card_connect * reader name Yubico Yubikey 4 CCID 0 select -AID a000000003000000 Command --> 00A4040008A000000003000000 Wrapped command --> 00A4040008A000000003000000 Response <-- 6A82 select_application() returns 0x80216A82 (6A82: The application to be selected co uld not be found.)
GlobalPlatformPro
Used tool: GlobalPlatformPro by Martin Paljak https://github.com/martinpaljak/GlobalPlatformPro
Obtain CPLC info
>gp -info -verbose Reader: Yubico Yubikey NEO CCID 0 ATR: 3BFC1300008131FE15597562696B65794E454F7233E1 More information about your card: http://smartcard-atr.appspot.com/parse?ATR=3BFC1300008131FE15597562696B65794 E454F7233E1 Auto-detected ISD AID: A000000003000000 ***** Card info: Card CPLC: ICFabricator: 4790 ICType: 5168 OperatingSystemID: 4791 OperatingSystemReleaseDate: 1210 OperatingSystemReleaseLevel: 3800 ICFabricationDate: 4317 ICSerialNumber: 02720893 ICBatchIdentifier: 2800 ICModuleFabricator: 4812 ICModulePackagingDate: 4324 ICCManufacturer: 0000 ICEmbeddingDate: 0000 ICPrePersonalizer: 1215 ICPrePersonalizationEquipmentDate: 1532 ICPrePersonalizationEquipmentID: 37323038 ICPersonalizer: 0000 ICPersonalizationDate: 0000 ICPersonalizationEquipmentID: 00000000 ***** CARD DATA GlobalPlatform card Version: 2.1.1 TAG3: 1.2.840.114283.3 SCP version: SCP_02_55 TAG5: 1.3.656.840.100.2.1.3 TAG6: 1.3.6.1.4.1.42.2.110.1.2 ***** KEY INFO VER:2 ID:1 TYPE:DES3 LEN:16 VER:2 ID:2 TYPE:DES3 LEN:16 VER:2 ID:3 TYPE:DES3 LEN:16
>gp -info -verbose Reader: Yubico Yubikey 4 CCID 0 ATR: 3BF81300008131FE15597562696B657934D4 More information about your card: http://smartcard-atr.appspot.com/parse?ATR=3BF81300008131FE15597562696B65793 4D4 ***** Card info: GET DATA(CPLC) returned SW: 6D00 NO CPLC ***** CARD DATA NO CARD DATA ***** KEY INFO GET DATA(Key Information Template) not supported
List applets
List applets (gp -list -verbose). Note that same result optioned with -emv option:
>gp -list -verbose Reader: Yubico Yubikey NEO CCID 0 ATR: 3BFC1300008131FE15597562696B65794E454F7233E1 More information about your card: http://smartcard-atr.appspot.com/parse?ATR=3BFC1300008131FE15597562696B65794 E454F7233E1 Auto-detected ISD AID: A000000003000000 Host challenge: 502D016B551CC8B5 Card challenge: 0002C7333C9DE8A3 Card reports SCP02 with version 2 keys Master keys: Version 0 ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:404142434445464748494A4B4C4D4E4F Sequnce counter: 0002 Derived session keys: Version 0 ENC: Ver:0 ID:0 Type:DES3 Len:16 Value:ADC1163BA2A147FBB84BF44C8676FB7D MAC: Ver:0 ID:0 Type:DES3 Len:16 Value:3E06B1C8FCFD788A573B9A9889D0CA50 KEK: Ver:0 ID:0 Type:DES3 Len:16 Value:FC01096B6DB13ADEE0D4CB61D03FD3AA openkms.gp.GPException: STRICT WARNING: Card cryptogram invalid! Card: C0F743CBF8907B77 Host: 851B1DA65E331000 !!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!! at openkms.gp.GlobalPlatform.printStrictWarning(GlobalPlatform.java:156) at openkms.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:471) at openkms.gp.GPTool.main(GPTool.java:348)
>gp -list -verbose Reader: Yubico Yubikey 4 U2F+CCID 0 ATR: 3BF81300008131FE15597562696B657934D4 More information about your card: http://smartcard-atr.appspot.com/parse?ATR=3BF81300008131FE15597562696B65793 4D4 Exception in thread "main" java.lang.IllegalStateException: No selected ISD! at openkms.gp.GlobalPlatform.openSecureChannel(GlobalPlatform.java:319) at openkms.gp.GPTool.main(GPTool.java:348)