Yubico Forum :: View topic - [SOLVED] Windows phone 8 and Yubikey Neo

Yubico Forum https://forum.yubico.com/

[SOLVED] Windows phone 8 and Yubikey Neo https://forum.yubico.com/viewtopic.php?f=26&t=1032	Page 1 of 5

Author:	trondat [ Wed Apr 10, 2013 1:28 pm ]
Post subject:	[SOLVED] Windows phone 8 and Yubikey Neo
Hi, I have been using the standard Yubikey for a while With Our Cisco ASA Device and YubiRadius. This has been working really well. I now wanted to get this to work with our Windows 8 Phones ( Nokia Lumia 920) and I aquried 2 Yubikey NEOs to test this out. So far I have not gotten the Nokia Lumia 920 to read the NEO. It detects the key , but it does not want to read the content. I have used the "Personalization Tool" to test With different NDEF configs but nothing changes. Are there any special configuration that allows the Nokia Lumia 920 to read the keys ?. The Nokia Lumia should be able to read standard NDEF tags. Trond

Author:	Tom [ Wed Apr 10, 2013 3:00 pm ]
Post subject:	Re: [QUESTION] Windows phone 8 and Yubikey Neo
Hello, Resist a few days, we're a building a script to help our customer with this. (please come back to this post in 1 week if you do not get a reply) -Tom.

Author:	SirJ [ Wed Apr 24, 2013 2:38 pm ]
Post subject:	Re: [QUESTION] Windows phone 8 and Yubikey Neo
Hey, Tom how is it going with the script you were referring to? Any progress on NEO and Windows Phone 8? Thanks Sergey

Author:

Tom [ Thu Apr 25, 2013 7:29 am ]

Post subject:

Re: [QUESTION] Windows phone 8 and Yubikey Neo

Hello,

good that you came back. Yes we have a temporary fix which address the limitation of the NFC stack of current implementations on windows phones.

Set the NEO in -m82 (remember to re-insert the NEO after and disable all other smart card readers) and execute the attached script.

you will need GlobalPlatform GPShell to execute it "root@brokenpc$: gpshell gp_wp8fix"

let me know if it worked for you.

Attachments:

File comment: Windows Phone 8 NFC Fix

gp_wp8fix.zip [319 Bytes]
Downloaded 802 times

Author:	SirJ [ Thu Apr 25, 2013 5:46 pm ]
Post subject:	Re: [SOLVED] Windows phone 8 and Yubikey Neo
It took me some time to figure out and do the -m82 you've mentioned - I am using Windows, besides, I've had no idea what the whole 'set in -m82' meant I've had to build the ykpesonolize under a VM running Ubuntu which I had to install and fire up, then build the binary itself and execute the command. I was not successful in building the gpshell binary though, so I've executed that in Windows after pulling the NEO and plugging it back in. Here is the output: C:\GPShell-1.4.4>GPShell.exe gp_wp8fix mode_211 enable_trace establish_context card_connect open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4 f -enc_key 404142434445464748494a4b4c4d4e4f Command --> 80CA006600 Wrapped command --> 80CA006600 Response <-- 6A80 GP211_get_secure_channel_protocol_details() returns 0x80206A80 (6A80: Wrong data / Incorrect values in command data.) I guess something is wrong here.

Author:	Tom [ Mon Apr 29, 2013 7:27 am ]
Post subject:	Re: [SOLVED] Windows phone 8 and Yubikey Neo
Hello, Follow the initial part of this tutorial to enable the NEO in smart card mode (the -m82 option) and reboot the key. http://www.yubico.com/2012/12/yubikey-n ... te-device/ or http://www.yubico.com/2012/12/yubikey-neo-openpgp/ after enabling the SmartCard part of the NEO please test that the key is read correctly (windows or linux depending where you want to execute the gpshell) prompt$ gpg --card-status this will list some stuff about the key if it worked out. If it cannot read the card it will inform you. You will need GPG installed. Then download the windows binaries contained in the .ZIP file for GlobalPlatform / GPShell - GlobaPlatform - GPShell - Yubico Script prompt$ GPShell gp_wp8fix It is very important that you first inspect your system settings, and disable any other smartcard reader that could be installed in your computer/laptop. Often users are not aware that their laptop features another reader which will lock prevent access to the NEO. a successful execution should look something similar to this: Code: >GPShell gp_wp8fix mode_211 enable_trace establish_context card_connect open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4 f -enc_key 404142434445464748494a4b4c4d4e4f Command --> 80CA006600 Wrapped command --> 80CA006600 Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864 886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012 A026E01029000 Command --> 80500000081A84D8A71DA6312000 Wrapped command --> 80500000081A84D8A71DA6312000 Response <-- 00002341006150964751FF020002598DD3961BFD83469EDDF0458E9A9000 Command --> 8482010010DB0DA823D55A433EDA979468CC916327 Wrapped command --> 8482010010DB0DA823D55A433EDA979468CC916327 Response <-- 9000 send_apdu -sc 1 -APDU 80e2800007df3504a5034420 Command --> 80E2800007DF3504A5034420 Wrapped command --> 84E280000FDF3504A503442043ABAA333EAC9EFE Response <-- 9000 send_APDU() returns 0x80209000 (9000: Success. No error.) card_disconnect release_context

Author:	SirJ [ Tue Apr 30, 2013 2:04 pm ]
Post subject:	Re: [SOLVED] Windows phone 8 and Yubikey Neo
I do have other smart card readers on my laptop and I believe that is the source of my problems as the error message is now different. I'm using Windows 8, so I've disabled all smart card readers visible in the device manager, inserted my NEO and see Microsoft Usbccid (WUDF) appear under the Smart Card readers section in Device Manager. I then execute the script and it seems it can not connect to the card. I've tried stepping through the script directly in the shell with different -reader options, no luck. I guess I'll have to try this on some other PC/OS. Code: C:\Users\sirj\GPShell-1.4.4>GPShell.exe gp_wp8fix_win mode_211 enable_trace establish_context card_connect card_connect() returns 0x00000016 ( . )

Author:	SirJ [ Wed May 15, 2013 8:25 pm ]
Post subject:	Re: [SOLVED] Windows phone 8 and Yubikey Neo
Hey Tom I've been able to get the script to run correctly (or so it seems) and get the same type of output as you've given as an example. Lastpass has updated their Windows Phone client by this time and it now asks for Yubikey authentication as well as the desktop version. The problem though remains the same - my Lumia 920 does not do anything when Neo is within NFC range. It gives a sound when I'm on the start screen, but nothing happens. When the dialog window of LastPass asks for a Yubikey I can't even get it to sound like that. Is there anything else that must be done after the script to make this magic work? Thanks

Author:	Tom [ Thu May 16, 2013 7:35 am ]
Post subject:	Re: [SOLVED] Windows phone 8 and Yubikey Neo
Hello, Did you configured the URL correctly for the NDEF with the cross-platform-personalization tool? There should be a tutorial on this forum, and for sure on LastPass forum on how to configure the NEO correctly for LastPass. Also, did you disabled the smartcard part of the NEO after the fix? Switching to mode 0 - zero ? Because we have had a report that the fix is lost every time you disable the interface, thus you should leave the NEO in -m82

Author:	SirJ [ Thu May 16, 2013 5:13 pm ]
Post subject:	Re: [SOLVED] Windows phone 8 and Yubikey Neo
Thanks Tom! You've nailed it. Keeping -m82 did the trick! Now there is no way to walk around Yubikey on the way to my Lastpass Vault. Paranoid mode=off

Page 1 of 5	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/