Yubico Forum

Re: [QUESTION] NDEF access via USB

2014-12-22T07:58:50+01:00

Yes, you're entirely correct, the NDEF applet will always respond with the same OTP (until it's re-selected).
The main reason that the NDEF applet returns the same OTP is that it supports chunking by specifying an offset in p1 and p2.

/klas

Statistics: Posted by Klas — Mon Dec 22, 2014 7:58 am

Re: [QUESTION] NDEF access via USB

2014-12-19T22:56:34+01:00

Too bad about not being able to disable NDEF support. That would be a desirable feature for a future version, by the way.

I notice that multiple requests to read 0xE104 yield the same OTP. After which specific command is the OTP generated? Is it when I select 0xE104, or when I read it first?

I also noticed that if I query the OTP directly from the YubicoOTP app (using APDU 00 02 00 00 00) that I can query for many new OTPs successfully for as long as my ykneo is laying on top of the NFC reader. Not really a problem as a reset will probably get similar behavior from the NDEF app... Just pointing it out to anyone who is reading and interested.

Statistics: Posted by darco — Fri Dec 19, 2014 10:56 pm

Re: [QUESTION] NDEF access via USB

2014-12-19T16:33:25+01:00

As you've discovered, if the NDEF is read over a contact interface it requires the button to be touched.

If you read it several times over NFC you'll get the same behaviour as if you touch the button several times in one session, the session counter is incremented for each OTP read.

And to answer #2, no way to completely disable NDEF.

/klas

Statistics: Posted by Klas — Fri Dec 19, 2014 4:33 pm

Re: [QUESTION] NDEF access via USB

2014-12-19T00:42:38+01:00

Well, it seems I answered my first question:

Code:

OpenSC [3F00]> apdu 00 A4 04 00 07 D2 76 00 00 85 01 01 00
Sending: 00 A4 04 00 07 D2 76 00 00 85 01 01 00
Received (SW1=0x90, SW2=0x00)
Success!
OpenSC [3F00]> apdu 00 A4 00 0C 02 E1 03
Sending: 00 A4 00 0C 02 E1 03
Received (SW1=0x90, SW2=0x00)
Success!
OpenSC [3F00]> apdu 00 B0 00 00 0F
Sending: 00 B0 00 00 0F
Received (SW1=0x90, SW2=0x00):
00 0F 20 00 7F 00 7F 04 06 E1 04 00 7F 00 00 .. ......?.....
Success!
OpenSC [3F00]> apdu 00 A4 00 0C 02 E1 04
Sending: 00 A4 00 0C 02 E1 04
Received (SW1=0x90, SW2=0x00)
Success!
OpenSC [3F00]> apdu  00 B0 00 00 02
Sending: 00 B0 00 00 02
Received (SW1=0x69, SW2=0x83)
Failure: Authentication method blocked

It also fails to read the OTP when using the private yubico API (which is what I would expect):

Code:

OpenSC [3F00]> apdu 00 a4 04 00 08 A0 00 00 05 27 20 01 01
Sending: 00 A4 04 00 08 A0 00 00 05 27 20 01 01
Received (SW1=0x90, SW2=0x00):
03 03 00 01 85 07 06 00 00 00 ..........
Success!
OpenSC [3F00]> apdu 00 03 00 00 00
Sending: 00 03 00 00 00
Received (SW1=0x90, SW2=0x00):
03 03 00 01 85 07 ......
Success!
OpenSC [3F00]> apdu 00 02 00 00 00
Sending: 00 02 00 00 00
Received (SW1=0x69, SW2=0x85)
Failure: Not allowed

So, unless I am interpreting these results incorrectly, it seems that you cannot read the OTP value from a slot without performing some sort of user action, either by pressing the button or by NFC NDEF. This is a good thing.

I'm curious if it is possible to read the NDEF multiple times over NFC (without removing and replacing the ykneo), but the security impact of that would be considerably less significant.

Statistics: Posted by darco — Fri Dec 19, 2014 12:42 am

[ANSWERED] NDEF access via USB

2015-01-02T23:02:46+01:00

Question 1: Is it possible for me to select the NDEF app and query it for its value from the USB interface?

Question 2: Can the NDEF feature on the NEO be disabled?

Statistics: Posted by darco — Thu Dec 18, 2014 10:04 pm