| Yubico Forum https://forum.yubico.com/ |
|
| Q: Explanation of applets on NEO https://forum.yubico.com/viewtopic.php?f=26&t=1299 |
Page 1 of 2 |
| Author: | martinpaljak [ Mon Jan 20, 2014 9:46 pm ] |
| Post subject: | Q: Explanation of applets on NEO |
Hello. I just got my NEO device. What is on it? What is safe to delete? * A000000527200101 - something NEO specific, where are details? * D2760000850101 - NDEF - is there source ? * D27600012401* - OpenPGP * A000000527210101 - ykneo-oath * A000000308000010000100 - PIV - is there source? Code: AID: A0 00 00 00 03 00 00 00 (|........|)
ISD OP_READY: Security Domain, Card lock, Card terminate, Default selected, CVM (PIN) management AID: A0 00 00 05 27 20 01 01 (|....' ..|) App SELECTABLE: (NONE) AID: D2 76 00 00 85 01 01 (|.v.....|) App SELECTABLE: (NONE) AID: D2 76 00 01 24 01 02 00 00 00 00 00 00 01 00 00 (|.v..$...........|) App SELECTABLE: (NONE) AID: A0 00 00 03 08 00 00 10 00 01 00 (|...........|) App SELECTABLE: (NONE) AID: A0 00 00 05 27 21 01 01 (|....'!..|) App SELECTABLE: (NONE) AID: A0 00 00 00 03 53 50 (|.....SP|) ExM LOADED: (NONE) A0 00 00 00 03 53 50 41 (|.....SPA|) AID: A0 00 00 05 27 20 01 (|....' .|) ExM LOADED: (NONE) D2 76 00 00 85 01 01 (|.v.....|) A0 00 00 05 27 20 01 01 (|....' ..|) AID: D2 76 00 01 24 01 (|.v..$.|) ExM LOADED: (NONE) D2 76 00 01 24 01 02 00 00 00 00 00 00 01 00 00 (|.v..$...........|) AID: A0 00 00 03 08 (|.....|) ExM LOADED: (NONE) A0 00 00 03 08 00 00 10 00 01 00 (|...........|) AID: A0 00 00 05 27 21 01 (|....'!.|) ExM LOADED: (NONE) A0 00 00 05 27 21 01 01 (|....'!..|) |
|
| Author: | Tom [ Tue Jan 21, 2014 9:03 am ] |
| Post subject: | Re: Q: Explanation of applets on NEO |
martinpaljak wrote: Hello. I just got my NEO device. What is on it? What is safe to delete? * A000000527200101 - something NEO specific, where are details? * D2760000850101 - NDEF - is there source ? * D27600012401* - OpenPGP * A000000527210101 - ykneo-oath * A000000308000010000100 - PIV - is there source? 1) No details, Its the NEO applet 2) NDEF part of the NEO applet, no source 5) NO source for the PIV, its a 10$ applet you can buy from https://store.yubico.com |
|
| Author: | martinpaljak [ Tue Jan 21, 2014 9:20 am ] |
| Post subject: | Re: Q: Explanation of applets on NEO |
Tom wrote: martinpaljak wrote: Hello. I just got my NEO device. What is on it? What is safe to delete? * A000000527200101 - something NEO specific, where are details? * D2760000850101 - NDEF - is there source ? * D27600012401* - OpenPGP * A000000527210101 - ykneo-oath * A000000308000010000100 - PIV - is there source? 1) No details, Its the NEO applet 2) NDEF part of the NEO applet, no source 5) NO source for the PIV, its a 10$ applet you can buy from https://store.yubico.com Okay, before I go trying, can for example NEO applet be deleted and what happens if I do that? what exactly does it do? "Used for management something-something" would be enough. |
|
| Author: | Tom [ Tue Jan 21, 2014 9:34 am ] |
| Post subject: | Re: Q: Explanation of applets on NEO |
Hello Again, No, you should not touch that applet unless you want to brick your device. |
|
| Author: | martinpaljak [ Tue Jan 21, 2014 11:33 am ] |
| Post subject: | Re: Q: Explanation of applets on NEO |
Tom wrote: Hello Again, No, you should not touch that applet unless you want to brick your device. OK, we're getting somewhere. What will I brick? The whole device? The "press button for character stream" feature? The GlobalPlatform portion of the device becomes locked? The CCID device disappears? The NFC part gets deactivated? Some more details would be really nice, thanks you. |
|
| Author: | Tom [ Tue Jan 21, 2014 1:09 pm ] |
| Post subject: | Re: Q: Explanation of applets on NEO |
You will wipe out the Yubikey part therefore all the functionalities will be lost. It is equivalent in setting it to mode 1, without possibility to revert it. You will get a clean CCID device |
|
| Author: | martinpaljak [ Tue Jan 21, 2014 3:14 pm ] |
| Post subject: | Re: Q: Explanation of applets on NEO |
Okay. So if I remove the applet, the HID feature disappears? Does this mean that there is a way to access the USB layer from the JavaCard environment? Or for example the button? Why can't the capability be restored by uploading the applet again? More questions than answers 
|
|
| Author: | Tom [ Wed Jan 22, 2014 8:09 am ] |
| Post subject: | Re: Q: Explanation of applets on NEO |
The applet is not public, so you wont be able to re-upload it and we would not do that for you. Yes no HID anymore. Please clarify what do you mean by "access usb layer" and button. You wont be able to use the button for any other features that was designed for. Please clarify what you would like to do achieve so it is easier for us to give you an answer. |
|
| Author: | martinpaljak [ Wed Jan 22, 2014 10:30 am ] |
| Post subject: | Re: Q: Explanation of applets on NEO |
Tom wrote: The applet is not public, so you wont be able to re-upload it and we would not do that for you. Yes no HID anymore. Please clarify what do you mean by "access usb layer" and button. You wont be able to use the button for any other features that was designed for. Please clarify what you would like to do achieve so it is easier for us to give you an answer. Okay, so there's the NEO applet and the NDEF applet, that access (contain?) the secrets that yubikey is based on. The interface of the NDEF applet is public (NFC forum). Deleting it will remove the "scan for otp url" feature. I'm trying to figure out: 1. What will happen if I "format" the token via global platform (as you said: I get a standard CCID device with the javacard part in it, which is not bad per se) 2. Why you did not make the "necessary applets" undeletable? Or why can't you re-upload them. 3. If availability of and applet equals the USB HID capability, do you have unadvertised access to the button from JavaCard environment (or you use the javacard chip from the overall device controller? Basically, how it works.) 4. Where is the APDU documentation for the two applets (other than NDEF public part) |
|
| Author: | Klas [ Thu Jan 23, 2014 9:44 am ] |
| Post subject: | Re: Q: Explanation of applets on NEO |
Hello, I'll break in for Tom and answer some of your questions.. | 3. If availability of and applet equals the USB HID capability, do you have unadvertised access to the button from JavaCard environment (or you use the javacard chip from the overall device controller? Basically, how it works.) In mode 1 and 2 (not 81 and 82) an applet can access the state of the touch button, but it requires JCOP tools from NXP. The state of the button can be found with an operation like: IOControlX.getIO(IOControlX.IOID_P3) It's a two-chip design with another chip driving the USB interface and the touch button. | 4. Where is the APDU documentation for the two applets (other than NDEF public part) We don't have any APDU documentation as such, but.. The NDEF applet only supports getting the OTP where there is one command to "select" the CC file (00 a4 00 0c 02 e1 03) or NDEF file (00 a4 00 0c 02 e1 04) and then ins b0 to fetch the selected file. for the YubiKey applet there are 4 commands: ins 0x01 is a YubiKey API request (as used by the yubico personalization tools) with command in p1 ins 0x02 is a request for an OTP with slot in p1 (zero indexed) ins 0x03 is a YubiKey status request ins 0x04 is a request for NDEF (only used by the NDEF applet) /klas |
|
| Page 1 of 2 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|