Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:54 pm

View unanswered posts | View active topics


Board index » Yubikey » Yubikey NEO

All times are UTC + 1 hour




Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 
  Print view Previous topic | Next topic 
Author Message
Jansen
PostPosted: Tue Jul 09, 2013 5:17 pm 
Offline

Joined: Tue Jul 09, 2013 5:01 pm
Posts: 3
Hi,

for a little project I need to read the yubikey OTP via a NFC reader (identive ADRB). But I am a little confused about what kind of nfc device the yubikey neo is.

The Website says: "Mobile authentication through NFC contactless technology (NDEF type 4)".
The Yubkey Manual [p.39] says: "The NEO emulates a 'Type 4' tag and NFC interrogators that supports this type can get a 'tapand-go' experience."
The Forum says: "The Yubikey NEO emulates a NDEF type 2 tag, i.e. a NFC interogator which scans it think it is a 'smart poster'."

My ideas:
NFC Tag Type is either 2 or 4, which means "Mifare Ultralight" or "NXP DESFire"
NDEF Type is either 2 or 4, don't know what that means (I know what NDEF is)...

So far I am stuck after the first message exchange:

Code:
$ nfc-poll

nfc-poll uses libnfc libnfc-1.7.0-rc7-39-g18fe330
NFC reader: arygon:/dev/ttyUSB0 00V6.6 opened
NFC device will poll during 30000 ms (20 pollings of 300 ms for 5 modulations)
ISO/IEC 14443A (106 kbps) target:
    ATQA (SENS_RES): 00  44 
       UID (NFCID1): 04  3c  4e  de  a5  2f  80 
      SAK (SEL_RES): 28 
                ATS: 78  f7  b1  02  59  75  62  69  6b  65  79  4e  45  4f  72  33 

(I have altered my UID.)

Some hints/push in the right direction would be very useful.

Thanks in advance,
Jan
Top
 Profile  
Reply with quote  

Share On:
Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

hiviah
PostPosted: Wed Jul 10, 2013 4:54 pm 
Offline

Joined: Tue May 28, 2013 1:14 pm
Posts: 26
If the reader is supported by pcsc-lite (which seems it is according to quick search), you could use opensc-tool from OpenSC or rfidiot-cli from RFIDIOt by sending APDUs to Neo.

Example:

Code:
opensc-tool -s "00 A4 04 00 07 D2 76 00 00 85 01 01 00" -s "00 A4 00 0C 02 E1 04" -s "00 B0 00 00 00"


First APDU selects the NDEF application, second APDU selects the file 0xE104 which contains NDEF message, third APDU reads it. Use something like python's nfc.ndef to parse the returned message (note that the message is prefixed with two length bytes, which need to be stripped).

Alternatively via RFIDIOt:

Code:
./rfidiot-cli.py -r 1 apdu 00 a4 04 00 07 "D2760000850101" "00" apdu 00 a4 00 0c 02 "E104" "" apdu 00 b0 00 00 "" "" 00


Note that correctly you should first read the location of the NDEF message from Capability Container (file 0xE103), see NDEF Tag Type 4 docs.

You can read the Capability Container using these APDUs, parse according to docs:

Code:
./rfidiot-cli.py -r 1 apdu 00 a4 04 00 07 "D2760000850101" "00" apdu 00 a4 00 0c 02 "E103" "" apdu 00 b0 00 00 "" "" 00
Top
 Profile  
Reply with quote  
Jansen
PostPosted: Thu Jul 11, 2013 6:20 pm 
Offline

Joined: Tue Jul 09, 2013 5:01 pm
Posts: 3
Hi hiviah, thanks for your answer.

Sadly, I'm still struggling to receive the ndef message.
I cannot get opensc to work, because libpcsc-lite does not seem to support my reader.
Code:
00000008 configfile.l:298:DBGetReaderList() Parsing conf file: /etc/reader.conf.d/libccidtwin
00000088 readerfactory.c:978:RFInitializeReader() Attempting startup of ADRB 00 00 using /usr/lib/pcsc/drivers/serial/libccidtwin.so
00000078 readerfactory.c:868:RFBindFunctions() Loading IFD Handler 3.0
00000029 ifdhandler.c:1840:init_driver() Driver version: 1.4.9
00000486 ifdhandler.c:1857:init_driver() LogLevel: 0x0003
00000008 ifdhandler.c:1868:init_driver() DriverOptions: 0x0000
00000089 ifdhandler.c:83:CreateChannelByNameOrChannel() Lun: 0, device: /dev/ttyUSB0
00001413 ccid_serial.c:744:OpenSerialByName() Set serial port baudrate to 115200 and correct configuration
00001751 ccid_serial.c:252:ReadSerial() Got 0x00
00000009 ccid_serial.c:767:OpenSerialByName() Get firmware failed. Maybe the reader is not connected
00000363 ifdhandler.c:117:CreateChannelByNameOrChannel() failed
00000011 readerfactory.c:1009:RFInitializeReader() Open Port 0x0 Failed (/dev/ttyUSB0)
00000005 readerfactory.c:312:RFAddReader() ADRB init failed.
00000011 readerfactory.c:529:RFRemoveReader() UnrefReader() count was: 1
00000006 readerfactory.c:1029:RFUnInitializeReader() Attempting shutdown of ADRB 00 00.
00000004 readerfactory.c:905:RFUnloadReader() Unloading reader driver.
00000034 pcscdaemon.c:525:main() pcsc-lite 1.8.6 daemon ready.

I've asked Identive for the pcsc driver (I'm unable to find it on their website.).

Rfidiot seems to work with libnfc, but also fails
Code:
$ rfidiot-cli.py -d -R READER_LIBNFC apdu 00 a4 04 00 07 "D2760000850101" "00" apdu 00 a4 00 0c 02 "E104" "" apdu 00 b0 00 00 "" "" 00
*** Warning - no pyscard installed or pcscd not running
2013-07-11 19:13:04,356: DEBUG - Loading libnfc.so.4
2013-07-11 19:13:04,357: DEBUG - libnfc libnfc-1.7.0-rc7-39-g18fe330
2013-07-11 19:13:04,357: DEBUG - NFC Readers:
LibNFC ver libnfc-1.7.0-rc7-39-g18fe330 devices (1):
    No: 0               arygon:/dev/ttyUSB0 00V6.6
2013-07-11 19:13:04,609: DEBUG - Connecting to NFC reader number: None
2013-07-11 19:13:04,725: DEBUG - Opened NFC reader arygon:/dev/ttyUSB0 00V6.6
2013-07-11 19:13:04,726: DEBUG - Initing NFC reader
2013-07-11 19:13:04,893: DEBUG - Configuring NFC reader

rfidiot-cli v0.1 (using RFIDIOt v1.0e)
2013-07-11 19:13:05,153: DEBUG - Powered down field
2013-07-11 19:13:05,183: DEBUG - Powered up field
  Reader: LibNFC arygon:/dev/ttyUSB0 00V6.6


  Sending APDU: 00A4040007D276000085010100

In send_apdu - for libnfc: 00A4040007D276000085010100
2013-07-11 19:13:05,183: DEBUG - Sending 13 byte APDU: 00a4040007d276000085010100
2013-07-11 19:13:05,226: DEBUG - APDU rxlen = -2
2013-07-11 19:13:05,226: ERROR - Error sending/receiving APDU
Traceback (most recent call last):
  File "/usr/local/bin/rfidiot-cli.py", line 155, in <module>
    if card.send_apdu('','','','',cla,ins,p1,p2,lc,data,le):
  File "/usr/local/lib/python2.7/dist-packages/rfidiot/RFIDIOt.py", line 1466, in send_apdu
    self.data = result[0:-4]
TypeError: 'int' object has no attribute '__getitem__'
2013-07-11 19:13:05,229: DEBUG - Deconfiguring NFC reader
2013-07-11 19:13:05,289: DEBUG - Disconnected NFC reader


So i tried to 'manually' send the apus with libnfc's "nfc_initiator_transceive_bytes", because the manual says "The contact-less (NFC) mode of operation is automatically enabled when the device is not plugged into the USB port. In NFC mode, the device exposes a ISO14443A interface, supporting the ISO14443-4 (T=CL) protocol. The command set is identical to the CCID mode of operation." Should this work?

Unitl now, I have had no success, but I'm working on it.
Top
 Profile  
Reply with quote  
hiviah
PostPosted: Tue Aug 06, 2013 4:39 pm 
Offline

Joined: Tue May 28, 2013 1:14 pm
Posts: 26
Jansen wrote:
I've asked Identive for the pcsc driver (I'm unable to find it on their website.).


I have two readers that are known to be working with pcsc: Omnikey Cardman 5321 (you need IFD driver downloaded from HID site for the RFID part, even for Linux, though) and ACR122T. The ACR122T reader has also PN532 chip usable with libnfc, but also works with pcsc and OpenSC (no extra drivers necessary in Linux).

Jansen wrote:
Rfidiot seems to work with libnfc, but also fails


I've found out the same thing, RFIDIOt doesn't work for sending APDUs with "-R READER_LIBNFC" reader, only with the default "-R READER_PCSC". I guess it's because RFIDIOt is so old, APDU sending might only work with some ancient libnfc version.

If you find a solution on how to send the APDU with libnfc, please post it. I haven't been able to find a working example either. This one thread gets quite close, but not sure if it works yet: http://www.libnfc.org/community/topic/9 ... ing-apdus/
Top
 Profile  
Reply with quote  
hiviah
PostPosted: Thu Aug 22, 2013 5:01 pm 
Offline

Joined: Tue May 28, 2013 1:14 pm
Posts: 26
I think I've finally found a way to do it with libnfc, namely libnfc's pn53x-tamashell scripting tool to send APDUs via low-level commands to PN532. Here's an equivalent of sending two APDUs "00 A4 04 00 07 A0 00 00 05 27 20 01" and "00 01 38 00 09 53 61 6D 70 6C 65 20 23 32". These two APDUs first select AID A0 00 00 05 27 20 01, then invoke HMAC-SHA functionality that I configured on slot 2:

Code:
#poll for card until one is present in reader's field
4a  01  00 
#send APDU to select AID A0 00 00 05 27 20 01
40 01 00 A4 04 00 07 A0 00 00 05 27 20 01
#send APDU to compute HMAC-SHA1 on slot 2, data is 9-bytes long string 53 61 6D 70 6C 65 20 23 32 ("Sample #2" in ASCII)
40 01 00 01 38 00 09 53 61 6D 70 6C 65 20 23 32


Actual response below, "UU ... UU" is where UID is, "xx xx ... xx" is where the HMAC-SHA response is, "90 00" in Rx are ISO-7816 return SW codes meaning "OK":

Code:
$ pn53x-tamashell read-yubikey-hmac-slot-2.tamashell
NFC reader: pn532_spi:/dev/spidev0.0 opened
> #poll for card until one is present in reader's field
> 4a  01  00
Tx: 4a  01  00 
Rx: 01  01  00  44  28  07  UU  UU  UU  UU  UU  UU  UU  11  78  f7  b1  02  59  75  62  69  6b  65  79  4e  45  4f  72  33 
> #send APDU to select AID A0 00 00 05 27 20 01
> 40 01 00 A4 04 00 07 A0 00 00 05 27 20 01
Tx: 40  01  00  a4  04  00  07  a0  00  00  05  27  20  01 
Rx: 00  03  01  00  03  87  07  02  00  00  00  90  00 
> #send APDU to compute HMAC-SHA1 on slot 2
> 40 01 00 01 38 00 09 53 61 6D 70 6C 65 20 23 32
Tx: 40  01  00  01  38  00  09  53  61  6d  70  6c  65  20  23  32 
Rx: 00  xx  xx  xx  xx  xx  xx  xx  xx  xx  xx  xx  xx  xx  xx  xx  xx  xx  xx  xx  xx  90  00 
>
> Bye!


Similarly, the tamashell code for sending the APDUs for reading NFC NDEF Type 4 message would be (I didn't test it as I reprogrammed my Yubikey):

Code:
#poll for card until one is present in reader's field
4a  01  00 
#send APDU to select AID D2 76 00 00 85 01 01 00
40 01 00 A4 04 00 07 D2 76 00 00 85 01 01 00
# select file E104 where the NFC NDEF message usually is - check capability container in E103 for actual location!
40 01 00 A4 00 0C 02 E1 04
#use APDU INS B0 to read the message
40 01 00 B0 00 00 00
Top
 Profile  
Reply with quote  
Jansen
PostPosted: Wed Nov 13, 2013 3:49 am 
Offline

Joined: Tue Jul 09, 2013 5:01 pm
Posts: 3
Hi hiviah,

wow, i'm impressed. Sorry for my late answer. I did not have much time for this project lately and forgot to subscribe to this thread :(. But soon there will be more free time in which i can try your tips.

Thanks again, Jan
Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 6 posts ] 

Board index » Yubikey » Yubikey NEO

All times are UTC + 1 hour


Who is online

Users browsing this forum: Heise IT-Markt [Crawler] and 7 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group