Yubico Forum
https://forum.yubico.com/

[ANSWERED] NDEF access via USB
https://forum.yubico.com/viewtopic.php?f=26&t=1667
Page 1 of 1

Author:  darco [ Thu Dec 18, 2014 10:04 pm ]
Post subject:  [ANSWERED] NDEF access via USB

Question 1: Is it possible for me to select the NDEF app and query it for its value from the USB interface?

Question 2: Can the NDEF feature on the NEO be disabled?

Author:  darco [ Fri Dec 19, 2014 12:42 am ]
Post subject:  Re: [QUESTION] NDEF access via USB

Well, it seems I answered my first question:
Code:
OpenSC [3F00]> apdu 00 A4 04 00 07 D2 76 00 00 85 01 01 00
Sending: 00 A4 04 00 07 D2 76 00 00 85 01 01 00
Received (SW1=0x90, SW2=0x00)
Success!
OpenSC [3F00]> apdu 00 A4 00 0C 02 E1 03
Sending: 00 A4 00 0C 02 E1 03
Received (SW1=0x90, SW2=0x00)
Success!
OpenSC [3F00]> apdu 00 B0 00 00 0F
Sending: 00 B0 00 00 0F
Received (SW1=0x90, SW2=0x00):
00 0F 20 00 7F 00 7F 04 06 E1 04 00 7F 00 00 .. ......?.....
Success!
OpenSC [3F00]> apdu 00 A4 00 0C 02 E1 04
Sending: 00 A4 00 0C 02 E1 04
Received (SW1=0x90, SW2=0x00)
Success!
OpenSC [3F00]> apdu  00 B0 00 00 02
Sending: 00 B0 00 00 02
Received (SW1=0x69, SW2=0x83)
Failure: Authentication method blocked


It also fails to read the OTP when using the private yubico API (which is what I would expect):
Code:
OpenSC [3F00]> apdu 00 a4 04 00 08 A0 00 00 05 27 20 01 01
Sending: 00 A4 04 00 08 A0 00 00 05 27 20 01 01
Received (SW1=0x90, SW2=0x00):
03 03 00 01 85 07 06 00 00 00 ..........
Success!
OpenSC [3F00]> apdu 00 03 00 00 00
Sending: 00 03 00 00 00
Received (SW1=0x90, SW2=0x00):
03 03 00 01 85 07 ......
Success!
OpenSC [3F00]> apdu 00 02 00 00 00
Sending: 00 02 00 00 00
Received (SW1=0x69, SW2=0x85)
Failure: Not allowed


So, unless I am interpreting these results incorrectly, it seems that you cannot read the OTP value from a slot without performing some sort of user action, either by pressing the button or by NFC NDEF. This is a good thing.

I'm curious if it is possible to read the NDEF multiple times over NFC (without removing and replacing the ykneo), but the security impact of that would be considerably less significant.

Author:  Klas [ Fri Dec 19, 2014 4:33 pm ]
Post subject:  Re: [QUESTION] NDEF access via USB

As you've discovered, if the NDEF is read over a contact interface it requires the button to be touched.

If you read it several times over NFC you'll get the same behaviour as if you touch the button several times in one session, the session counter is incremented for each OTP read.

And to answer #2, no way to completely disable NDEF.

/klas

Author:  darco [ Fri Dec 19, 2014 10:56 pm ]
Post subject:  Re: [QUESTION] NDEF access via USB

Too bad about not being able to disable NDEF support. That would be a desirable feature for a future version, by the way.

I notice that multiple requests to read 0xE104 yield the same OTP. After which specific command is the OTP generated? Is it when I select 0xE104, or when I read it first?

I also noticed that if I query the OTP directly from the YubicoOTP app (using APDU 00 02 00 00 00) that I can query for many new OTPs successfully for as long as my ykneo is laying on top of the NFC reader. Not really a problem as a reset will probably get similar behavior from the NDEF app... Just pointing it out to anyone who is reading and interested.

Author:  Klas [ Mon Dec 22, 2014 7:58 am ]
Post subject:  Re: [QUESTION] NDEF access via USB

Yes, you're entirely correct, the NDEF applet will always respond with the same OTP (until it's re-selected).
The main reason that the NDEF applet returns the same OTP is that it supports chunking by specifying an offset in p1 and p2.

/klas

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/