Yubico Forum https://forum.yubico.com/ |
|
[SOLVED] Windows phone 8 and Yubikey Neo https://forum.yubico.com/viewtopic.php?f=26&t=1032 |
Page 1 of 5 |
Author: | trondat [ Wed Apr 10, 2013 1:28 pm ] |
Post subject: | [SOLVED] Windows phone 8 and Yubikey Neo |
Hi, I have been using the standard Yubikey for a while With Our Cisco ASA Device and YubiRadius. This has been working really well. I now wanted to get this to work with our Windows 8 Phones ( Nokia Lumia 920) and I aquried 2 Yubikey NEOs to test this out. So far I have not gotten the Nokia Lumia 920 to read the NEO. It detects the key , but it does not want to read the content. I have used the "Personalization Tool" to test With different NDEF configs but nothing changes. Are there any special configuration that allows the Nokia Lumia 920 to read the keys ?. The Nokia Lumia should be able to read standard NDEF tags. Trond |
Author: | Tom [ Wed Apr 10, 2013 3:00 pm ] |
Post subject: | Re: [QUESTION] Windows phone 8 and Yubikey Neo |
Hello, Resist a few days, we're a building a script to help our customer with this. (please come back to this post in 1 week if you do not get a reply) -Tom. |
Author: | SirJ [ Wed Apr 24, 2013 2:38 pm ] |
Post subject: | Re: [QUESTION] Windows phone 8 and Yubikey Neo |
Hey, Tom how is it going with the script you were referring to? Any progress on NEO and Windows Phone 8? Thanks Sergey |
Author: | Tom [ Thu Apr 25, 2013 7:29 am ] | ||
Post subject: | Re: [QUESTION] Windows phone 8 and Yubikey Neo | ||
Hello, good that you came back. Yes we have a temporary fix which address the limitation of the NFC stack of current implementations on windows phones. Set the NEO in -m82 (remember to re-insert the NEO after and disable all other smart card readers) and execute the attached script. you will need GlobalPlatform GPShell to execute it "root@brokenpc$: gpshell gp_wp8fix" let me know if it worked for you.
|
Author: | SirJ [ Thu Apr 25, 2013 5:46 pm ] |
Post subject: | Re: [SOLVED] Windows phone 8 and Yubikey Neo |
It took me some time to figure out and do the -m82 you've mentioned - I am using Windows, besides, I've had no idea what the whole 'set in -m82' meant I've had to build the ykpesonolize under a VM running Ubuntu which I had to install and fire up, then build the binary itself and execute the command. I was not successful in building the gpshell binary though, so I've executed that in Windows after pulling the NEO and plugging it back in. Here is the output: C:\GPShell-1.4.4>GPShell.exe gp_wp8fix mode_211 enable_trace establish_context card_connect open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4 f -enc_key 404142434445464748494a4b4c4d4e4f Command --> 80CA006600 Wrapped command --> 80CA006600 Response <-- 6A80 GP211_get_secure_channel_protocol_details() returns 0x80206A80 (6A80: Wrong data / Incorrect values in command data.) I guess something is wrong here. |
Author: | Tom [ Mon Apr 29, 2013 7:27 am ] |
Post subject: | Re: [SOLVED] Windows phone 8 and Yubikey Neo |
Hello, Follow the initial part of this tutorial to enable the NEO in smart card mode (the -m82 option) and reboot the key. http://www.yubico.com/2012/12/yubikey-n ... te-device/ or http://www.yubico.com/2012/12/yubikey-neo-openpgp/ after enabling the SmartCard part of the NEO please test that the key is read correctly (windows or linux depending where you want to execute the gpshell) prompt$ gpg --card-status this will list some stuff about the key if it worked out. If it cannot read the card it will inform you. You will need GPG installed. Then download the windows binaries contained in the .ZIP file for GlobalPlatform / GPShell - GlobaPlatform - GPShell - Yubico Script prompt$ GPShell gp_wp8fix It is very important that you first inspect your system settings, and disable any other smartcard reader that could be installed in your computer/laptop. Often users are not aware that their laptop features another reader which will lock prevent access to the NEO. a successful execution should look something similar to this: Code: >GPShell gp_wp8fix
mode_211 enable_trace establish_context card_connect open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4 f -enc_key 404142434445464748494a4b4c4d4e4f Command --> 80CA006600 Wrapped command --> 80CA006600 Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864 886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012 A026E01029000 Command --> 80500000081A84D8A71DA6312000 Wrapped command --> 80500000081A84D8A71DA6312000 Response <-- 00002341006150964751FF020002598DD3961BFD83469EDDF0458E9A9000 Command --> 8482010010DB0DA823D55A433EDA979468CC916327 Wrapped command --> 8482010010DB0DA823D55A433EDA979468CC916327 Response <-- 9000 send_apdu -sc 1 -APDU 80e2800007df3504a5034420 Command --> 80E2800007DF3504A5034420 Wrapped command --> 84E280000FDF3504A503442043ABAA333EAC9EFE Response <-- 9000 send_APDU() returns 0x80209000 (9000: Success. No error.) card_disconnect release_context |
Author: | SirJ [ Tue Apr 30, 2013 2:04 pm ] |
Post subject: | Re: [SOLVED] Windows phone 8 and Yubikey Neo |
I do have other smart card readers on my laptop and I believe that is the source of my problems as the error message is now different. I'm using Windows 8, so I've disabled all smart card readers visible in the device manager, inserted my NEO and see Microsoft Usbccid (WUDF) appear under the Smart Card readers section in Device Manager. I then execute the script and it seems it can not connect to the card. I've tried stepping through the script directly in the shell with different -reader options, no luck. I guess I'll have to try this on some other PC/OS. Code: C:\Users\sirj\GPShell-1.4.4>GPShell.exe gp_wp8fix_win
mode_211 enable_trace establish_context card_connect card_connect() returns 0x00000016 ( . ) |
Author: | SirJ [ Wed May 15, 2013 8:25 pm ] |
Post subject: | Re: [SOLVED] Windows phone 8 and Yubikey Neo |
Hey Tom I've been able to get the script to run correctly (or so it seems) and get the same type of output as you've given as an example. Lastpass has updated their Windows Phone client by this time and it now asks for Yubikey authentication as well as the desktop version. The problem though remains the same - my Lumia 920 does not do anything when Neo is within NFC range. It gives a sound when I'm on the start screen, but nothing happens. When the dialog window of LastPass asks for a Yubikey I can't even get it to sound like that. Is there anything else that must be done after the script to make this magic work? Thanks |
Author: | Tom [ Thu May 16, 2013 7:35 am ] |
Post subject: | Re: [SOLVED] Windows phone 8 and Yubikey Neo |
Hello, Did you configured the URL correctly for the NDEF with the cross-platform-personalization tool? There should be a tutorial on this forum, and for sure on LastPass forum on how to configure the NEO correctly for LastPass. Also, did you disabled the smartcard part of the NEO after the fix? Switching to mode 0 - zero ? Because we have had a report that the fix is lost every time you disable the interface, thus you should leave the NEO in -m82 |
Author: | SirJ [ Thu May 16, 2013 5:13 pm ] |
Post subject: | Re: [SOLVED] Windows phone 8 and Yubikey Neo |
Thanks Tom! You've nailed it. Keeping -m82 did the trick! Now there is no way to walk around Yubikey on the way to my Lastpass Vault. Paranoid mode=off |
Page 1 of 5 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |