Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 11:02 am

All times are UTC + 1 hour




Post new topic Reply to topic  [ 41 posts ]  Go to page 1, 2, 3, 4, 5  Next
Author Message
PostPosted: Wed Apr 10, 2013 1:28 pm 
Offline

Joined: Mon Dec 10, 2012 1:52 pm
Posts: 2
Hi,

I have been using the standard Yubikey for a while With Our Cisco ASA Device and YubiRadius. This has been working really well. I now wanted to get this to work with our Windows 8 Phones ( Nokia Lumia 920) and I aquried 2 Yubikey NEOs to test this out. So far I have not gotten the Nokia Lumia 920 to read the NEO. It detects the key , but it does not want to read the content. I have used the "Personalization Tool" to test With different NDEF configs but nothing changes.

Are there any special configuration that allows the Nokia Lumia 920 to read the keys ?. The Nokia Lumia should be able to read standard NDEF tags.

Trond


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Wed Apr 10, 2013 3:00 pm 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Hello,

Resist a few days, we're a building a script to help our customer with this.
(please come back to this post in 1 week if you do not get a reply)


-Tom.

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Wed Apr 24, 2013 2:38 pm 
Offline

Joined: Wed Apr 24, 2013 2:13 pm
Posts: 9
Hey, Tom

how is it going with the script you were referring to? Any progress on NEO and Windows Phone 8?

Thanks
Sergey


Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 25, 2013 7:29 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Hello,

good that you came back. Yes we have a temporary fix which address the limitation of the NFC stack of current implementations on windows phones.

Set the NEO in -m82 (remember to re-insert the NEO after and disable all other smart card readers) and execute the attached script.

you will need GlobalPlatform GPShell to execute it "root@brokenpc$: gpshell gp_wp8fix"

let me know if it worked for you.


Attachments:
File comment: Windows Phone 8 NFC Fix
gp_wp8fix.zip [319 Bytes]
Downloaded 803 times

_________________
-Tom
Top
 Profile  
Reply with quote  
PostPosted: Thu Apr 25, 2013 5:46 pm 
Offline

Joined: Wed Apr 24, 2013 2:13 pm
Posts: 9
It took me some time to figure out and do the -m82 you've mentioned - I am using Windows, besides, I've had no idea what the whole 'set in -m82' meant :)
I've had to build the ykpesonolize under a VM running Ubuntu which I had to install and fire up, then build the binary itself and execute the command. I was not successful in building the gpshell binary though, so I've executed that in Windows after pulling the NEO and plugging it back in. Here is the output:

C:\GPShell-1.4.4>GPShell.exe gp_wp8fix
mode_211
enable_trace
establish_context
card_connect
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 6A80
GP211_get_secure_channel_protocol_details() returns 0x80206A80 (6A80: Wrong data / Incorrect values in command data.)

I guess something is wrong here.


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 29, 2013 7:27 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Hello,

Follow the initial part of this tutorial to enable the NEO in smart card mode (the -m82 option) and reboot the key.
http://www.yubico.com/2012/12/yubikey-n ... te-device/
or
http://www.yubico.com/2012/12/yubikey-neo-openpgp/

after enabling the SmartCard part of the NEO please test that the key is read correctly (windows or linux depending where you want to execute the gpshell)

prompt$ gpg --card-status

this will list some stuff about the key if it worked out. If it cannot read the card it will inform you. You will need GPG installed.

Then download the windows binaries contained in the .ZIP file for GlobalPlatform / GPShell

- GlobaPlatform
- GPShell
- Yubico Script

prompt$ GPShell gp_wp8fix


It is very important that you first inspect your system settings, and disable any other smartcard reader that could be installed in your computer/laptop. Often users are not aware that their laptop features another reader which will lock prevent access to the NEO.


a successful execution should look something similar to this:



Code:
>GPShell gp_wp8fix
mode_211
enable_trace
establish_context
card_connect
open_sc -security 1 -keyind 0 -keyver 0 -mac_key 404142434445464748494a4b4c4d4e4
f -enc_key 404142434445464748494a4b4c4d4e4f
Command --> 80CA006600
Wrapped command --> 80CA006600
Response <-- 664C734A06072A864886FC6B01600C060A2A864886FC6B02020101630906072A864
886FC6B03640B06092A864886FC6B040255650B06092B8510864864020103660C060A2B060104012
A026E01029000
Command --> 80500000081A84D8A71DA6312000
Wrapped command --> 80500000081A84D8A71DA6312000
Response <-- 00002341006150964751FF020002598DD3961BFD83469EDDF0458E9A9000
Command --> 8482010010DB0DA823D55A433EDA979468CC916327
Wrapped command --> 8482010010DB0DA823D55A433EDA979468CC916327
Response <-- 9000
send_apdu -sc 1 -APDU 80e2800007df3504a5034420
Command --> 80E2800007DF3504A5034420
Wrapped command --> 84E280000FDF3504A503442043ABAA333EAC9EFE
Response <-- 9000
send_APDU() returns 0x80209000 (9000: Success. No error.)
card_disconnect
release_context

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Tue Apr 30, 2013 2:04 pm 
Offline

Joined: Wed Apr 24, 2013 2:13 pm
Posts: 9
I do have other smart card readers on my laptop and I believe that is the source of my problems as the error message is now different.
I'm using Windows 8, so I've disabled all smart card readers visible in the device manager, inserted my NEO and see Microsoft Usbccid (WUDF) appear under the Smart Card readers section in Device Manager.

I then execute the script and it seems it can not connect to the card. I've tried stepping through the script directly in the shell with different -reader options, no luck. I guess I'll have to try this on some other PC/OS.

Code:
C:\Users\sirj\GPShell-1.4.4>GPShell.exe gp_wp8fix_win
mode_211
enable_trace
establish_context
card_connect
card_connect() returns 0x00000016 (   .
)


Top
 Profile  
Reply with quote  
PostPosted: Wed May 15, 2013 8:25 pm 
Offline

Joined: Wed Apr 24, 2013 2:13 pm
Posts: 9
Hey Tom

I've been able to get the script to run correctly (or so it seems) and get the same type of output as you've given as an example.
Lastpass has updated their Windows Phone client by this time and it now asks for Yubikey authentication as well as the desktop version.
The problem though remains the same - my Lumia 920 does not do anything when Neo is within NFC range. It gives a sound when I'm on the start screen, but nothing happens. When the dialog window of LastPass asks for a Yubikey I can't even get it to sound like that.
Is there anything else that must be done after the script to make this magic work?

Thanks


Top
 Profile  
Reply with quote  
PostPosted: Thu May 16, 2013 7:35 am 
Offline
Site Admin
Site Admin

Joined: Wed Nov 14, 2012 2:59 pm
Posts: 666
Hello,

Did you configured the URL correctly for the NDEF with the cross-platform-personalization tool?

There should be a tutorial on this forum, and for sure on LastPass forum on how to configure the NEO correctly for LastPass.

Also, did you disabled the smartcard part of the NEO after the fix? Switching to mode 0 - zero ? Because we have had a report that the fix is lost every time you disable the interface, thus you should leave the NEO in -m82

_________________
-Tom


Top
 Profile  
Reply with quote  
PostPosted: Thu May 16, 2013 5:13 pm 
Offline

Joined: Wed Apr 24, 2013 2:13 pm
Posts: 9
Thanks Tom! You've nailed it. Keeping -m82 did the trick!
Now there is no way to walk around Yubikey on the way to my Lastpass Vault.
Paranoid mode=off


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 41 posts ]  Go to page 1, 2, 3, 4, 5  Next

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group