Yubico Forum

Hello.

I just got my NEO device. What is on it? What is safe to delete?

* A000000527200101 - something NEO specific, where are details?
* D2760000850101 - NDEF - is there source ?
* D27600012401* - OpenPGP
* A000000527210101 - ykneo-oath
* A000000308000010000100 - PIV - is there source?

_________________
OpenKMS GlobalPlatform - simple way to manage applications on your NEO
Applet Playground - explore open source JavaCard applications
PGP: 0x307E3452

1) No details, Its the NEO applet
2) NDEF part of the NEO applet, no source
5) NO source for the PIV, its a 10$ applet you can buy from https://store.yubico.com

_________________
-Tom

Okay, before I go trying, can for example NEO applet be deleted and what happens if I do that? what exactly does it do? "Used for management something-something" would be enough.

_________________
OpenKMS GlobalPlatform - simple way to manage applications on your NEO
Applet Playground - explore open source JavaCard applications
PGP: 0x307E3452

Hello Again,

No, you should not touch that applet unless you want to brick your device.

_________________
-Tom

OK, we're getting somewhere. What will I brick? The whole device? The "press button for character stream" feature? The GlobalPlatform portion of the device becomes locked? The CCID device disappears? The NFC part gets deactivated?

Some more details would be really nice, thanks you.

_________________
OpenKMS GlobalPlatform - simple way to manage applications on your NEO
Applet Playground - explore open source JavaCard applications
PGP: 0x307E3452

You will wipe out the Yubikey part therefore all the functionalities will be lost.

It is equivalent in setting it to mode 1, without possibility to revert it. You will get a clean CCID device

_________________
-Tom

Okay. So if I remove the applet, the HID feature disappears? Does this mean that there is a way to access the USB layer from the JavaCard environment? Or for example the button? Why can't the capability be restored by uploading the applet again?

More questions than answers

_________________
OpenKMS GlobalPlatform - simple way to manage applications on your NEO
Applet Playground - explore open source JavaCard applications
PGP: 0x307E3452

The applet is not public, so you wont be able to re-upload it and we would not do that for you.

Yes no HID anymore.

Please clarify what do you mean by "access usb layer" and button. You wont be able to use the button for any other features that was designed for.

Please clarify what you would like to do achieve so it is easier for us to give you an answer.

_________________
-Tom

Okay, so there's the NEO applet and the NDEF applet, that access (contain?) the secrets that yubikey is based on. The interface of the NDEF applet is public (NFC forum). Deleting it will remove the "scan for otp url" feature.

I'm trying to figure out:
1. What will happen if I "format" the token via global platform (as you said: I get a standard CCID device with the javacard part in it, which is not bad per se)
2. Why you did not make the "necessary applets" undeletable? Or why can't you re-upload them.
3. If availability of and applet equals the USB HID capability, do you have unadvertised access to the button from JavaCard environment (or you use the javacard chip from the overall device controller? Basically, how it works.)
4. Where is the APDU documentation for the two applets (other than NDEF public part)

_________________
OpenKMS GlobalPlatform - simple way to manage applications on your NEO
Applet Playground - explore open source JavaCard applications
PGP: 0x307E3452

Hello,

I'll break in for Tom and answer some of your questions..

| 3. If availability of and applet equals the USB HID capability, do you have unadvertised access to the button from JavaCard environment (or you use the javacard chip from the overall device controller? Basically, how it works.)

In mode 1 and 2 (not 81 and 82) an applet can access the state of the touch button, but it requires JCOP tools from NXP. The state of the button can be found with an operation like: IOControlX.getIO(IOControlX.IOID_P3)
It's a two-chip design with another chip driving the USB interface and the touch button.

| 4. Where is the APDU documentation for the two applets (other than NDEF public part)

We don't have any APDU documentation as such, but..
The NDEF applet only supports getting the OTP where there is one command to "select" the CC file (00 a4 00 0c 02 e1 03) or NDEF file (00 a4 00 0c 02 e1 04)
and then ins b0 to fetch the selected file.

for the YubiKey applet there are 4 commands:
ins 0x01 is a YubiKey API request (as used by the yubico personalization tools) with command in p1
ins 0x02 is a request for an OTP with slot in p1 (zero indexed)
ins 0x03 is a YubiKey status request
ins 0x04 is a request for NDEF (only used by the NDEF applet)

/klas