Two-step browser authentication with a U2F USB token
U2F is an open, universal 2-factor authentication protocol developed by the FIDO Alliance .
The alliance includes Google, PayPal, Lenovo, MasterCard, Microsoft, NXP, Visa and others.
The protocol is supported by Chrome browser from version 38. It works out of the box without drivers in Windows / MacOS / Linux.
')
Currently supported by Google services , LastPass, Wordpress .
The article describes the experience of using the Yubikey NEO token with NFC support and the OpenPGP card, the disadvantages of two-factor SMS authentication.
Why two-step SMS authentication is dangerous
Two-step authentication via SMS or call is very popular now.
Of course, this is convenient, and such additional verification is effective in most cases. To protect against automated attacks, phishing, password recovery, viruses, recovery of lost access and other things.
But in the event that your person becomes the target of professional scammers, an attached phone can play a fatal role. Most often, the phone number to which the account is linked is not a secret, it is usually the main contact number. Almost all services report its first or last digits to anyone who wishes, if you try to regain access to your account. Therefore, to find out the number associated with the account is easy.
Finding out who the number in Russia is designed for is not a big deal. Enough to read the experiment guys from Roem.ru.
Having received the personal data of the owner of the number, the fraudsters draw a fake power of attorney, driver's license or passport, and go to the nearest branch of the cellular operator.
The power to re-issue the SIM card is any ordinary employee of the seediest mobile phone shop.
It's funny that the majority of operators in the subscriber profile do not even have a photo of the owner of the number, although for some reason they passport a passport. That is, it is enough to draw a passport with the same details and paste a suitable photo.
Operators have the option to prohibit the re-issue of a SIM card by proxy, but this is an illusory protection, because the numbers are successfully re-issued with fake driver's licenses and passports.
How to prohibit actions by proxy for Megafon, Beeline, MTS
Megaphone:
moscow.megafon.ru/help/servic...sti.html#21123
To activate the service dial on the phone the command * 105 * 508 # .
Only the owner of the number can turn off the service during a personal visit to the MegaFon salon with an identity document.
Beeline
moskva.beeline.ru/customers/help/safe-beeline/ugrozy-mobilnykh-moshennikov/zapret-deystvyi-po-doverenosti
To establish a ban, you must contact one of the Beeline offices with a passport or by calling 0611.
Mts
When making a personal visit to the office, ask that the comments to the number indicate that only the owner with a passport has the right to perform all actions.
moscow.megafon.ru/help/servic...sti.html#21123
To activate the service dial on the phone the command * 105 * 508 # .
Only the owner of the number can turn off the service during a personal visit to the MegaFon salon with an identity document.
Beeline
moskva.beeline.ru/customers/help/safe-beeline/ugrozy-mobilnykh-moshennikov/zapret-deystvyi-po-doverenosti
To establish a ban, you must contact one of the Beeline offices with a passport or by calling 0611.
Mts
When making a personal visit to the office, ask that the comments to the number indicate that only the owner with a passport has the right to perform all actions.
In Ukraine, the situation is even worse, since most of the numbers are anonymous.
The operator Kyivstar to re-issue the SIM card is required to show the last refill check and give three numbers to which calls were made.
Good services, for example, many banks, retain with the phone number also the IMSI (International Mobile Subscriber Identity) - the unique identifier of the SIM card. If the IMSI has changed, then the number binding is considered to be canceled and the binding procedure must be repeated.
Unfortunately, there are not many such services.
You can check the IMSI of any number using the HLR request smsc.ru/testhlr
The recipe for paranoids: smsc.ru has convenient libraries for Python, PHP, Perl, Ruby, Java, C #, Delphi, C ++, which allow, among other things, to send HLR requests. You can check the IMSI of your numbers, for example, twice a day, and if it changes, you can sound the alarm. At the most expensive tariff, one request costs 0.2 rubles, which is approximately 150 rubles per year for one number. Through the same library, you can send SMS with alarm. Recommend ;)
There are other ways to bypass confirmation via a mobile phone, such as setting up call forwarding, intercepting voice mail, etc. But their description is beyond the scope of this article.
Awesome stories of victims of re-issue of SIM-cards
U2F - FIDO Universal 2nd Factor
As conceived by the U2F, the authenticator is the hardware module: a USB token, a SIM card or an NFC keychain that stores keys and performs cryptographic operations on its own. In this case, the keys are pre-installed during production and never leave the token.
The principle of operation is as follows:
- The user is authorized on the website / in the application using the login-password
- The server checks the credentials and, if they are correct, generates a challenge for the token and sends it to the user program, in this case, the browser
- The browser transfers a chelendzh token that can request, at its discretion, actions from the user. In my case, this is a finger touch to the pad. But it can be, for example, pincode input, biometric verification or none at all
- Token returns a response to the program, which is transmitted to the server
- Authentication complete
Currently, support for U2F is in Google Chrome, starting with version 38. Probably in the near future will be added to FireFox.
Already supported for authorization in Google and Lastpass accounts, there is a plugin for Wordpress, Django and libraries in different languages.
Modules for Linux PAM, OpenSSH and others.
Table of services supporting OTP / U2F authorization - www.dongleauth.info
useful links
Google examples github.com/google/u2f-ref-code
PHP library github.com/Yubico/php-u2flib-server
Library for Ruby github.com/castle/ruby-u2f
Python demo github.com/Yubico/python-u2flib-server
PAM module github.com/Yubico/pam-u2f
PHP library github.com/Yubico/php-u2flib-server
Library for Ruby github.com/castle/ruby-u2f
Python demo github.com/Yubico/python-u2flib-server
PAM module github.com/Yubico/pam-u2f
Personal experience using the Yubikey NEO token
The most advanced U2F devices are manufactured by Yubico.
Distributor in Russia - yubico.ru
I bought the most sophisticated keychain at the moment - Yubikey NEO.
In addition to U2F, he can:
- OpenPGP smartcard - defined as an ICCID reader with an OpenPGP version 2.0 card inserted
- NFC - can be used with smartphones and as a key for access control. It can work as a Mifare Classic card in emulation mode.
- OTP and TimeOTP - is defined as the hid keyboard and by pressing enters a one-time password. Time Based OTP via software applet (replacement google authenticator)
- PIV smartcard - ( Personal Identity Verification ) US state standard smart cards
By default, the device operates in Yubico OTP mode (proprietary protocol of one-time passwords), is defined only as a HID-keyboard and by pressing the button prints one-time passwords based on the device ID.
You need to enable the U2F mode through a proprietary utility that is available under Windows / Mac / Linux.
I chose to enable U2F and ICCID modes to work as an OpenPGP card.
That's all. U2F works immediately, no drivers are required.
You can check the work in the demo application demo.yubico.com/u2f
The binding of a token to a Google account is extremely simple:
After binding the token, it becomes the second factor by default, and you cannot disable the alternative method: either SMS or TOTP.
An alternative second factor, I chose TOTP. I use the TOTP software implementation via 1Password (the same as Google Authenticator, only on the desktop). Yubikey NEO is also able to TOTP, while the key for generating passwords is stored in the token and cannot be retrieved. But since the passwords are generated on the basis of time, you need to keep running the software applet to transfer time to the token, which I did not like.
I also explored other functions of the device.
The OpenPGP card immediately started working with GnuPG 2.0.27 from the gpgtools.org package.
gpg - card-status
Application ID ...: F3427001240104000006010230340000 Version ..........: 2.0 Manufacturer .....: Yubico Serial number ....: 1023034 Name of cardholder: [not set] Language prefs ...: [not set] Sex ..............: unspecified URL of public key : [not set] Login data .......: [not set] Signature PIN ....: forced Key attributes ...: 2048R 2048R 2048R Max. PIN lengths .: 127 127 127 PIN retry counter : 3 3 3 Signature counter : 0 Signature key ....: [none] Encryption key....: [none] Authentication key: [none] General key info..: [none] Card version 2.0, keys only RSA and no longer than 2048 bits.
Using the card is also possible via NFC, for example, on Android using http://www.openkeychain.org/ . The beauty of such a bundle is that all operations with the private key are performed on the card, the key never leaves the card and cannot be retrieved from it.
Unfortunately, the other day, a vulnerability was discovered in the OpenPGP implementation in Yubikey NEO, which allows you to bypass the input of a PIN code and perform a private key operation. And, since the firmware update on devices is prohibited for security reasons, there is no possibility to fix the bug. The company Yubico promises to replace the curves of the glands with everyone.
I just had a vulnerable firmware version 1.0.8
Mifare Classic emulation is the most incomprehensible function for me. When you try to communicate with her, as with the usual Mifare Classic, the card behaves strangely.
libnfc output with login attempts
$ LIBNFC_LOG_LEVEL=3 ./readmifare1k.py -s 115200 -l /dev/tty.SLAB_USBtoUART debug libnfc.config key: [allow_autoscan], value: [false] debug libnfc.config key: [allow_intrusive_scan], value: [false] debug libnfc.config key: [log_level], value: [1] debug libnfc.config key: [device.name], value: [microBuilder.eu] debug libnfc.config key: [device.connstring], value: [pn532_uart:/dev/tty.SLAB_USBtoUART] debug libnfc.config Unable to open directory: /usr/local/etc/nfc/devices.d debug libnfc.general log_level is set to 3 debug libnfc.general allow_autoscan is set to false debug libnfc.general allow_intrusive_scan is set to false debug libnfc.general 1 device(s) defined by user debug libnfc.general #0 name: "microBuilder.eu", connstring: "pn532_uart:/dev/tty.SLAB_USBtoUART" debug libnfc.driver.pn532_uart Attempt to open: /dev/tty.SLAB_USBtoUART at 115200 baud. debug libnfc.bus.uart Serial port speed requested to be set to 115200 baud. debug libnfc.chip.pn53x Diagnose debug libnfc.chip.pn53x Timeout value: 500 debug libnfc.bus.uart TX: 55 55 00 00 00 00 00 00 00 00 00 00 00 00 00 00 debug libnfc.chip.pn53x SAMConfiguration debug libnfc.chip.pn53x Timeout value: 1000 debug libnfc.bus.uart TX: 00 00 ff 03 fd d4 14 01 17 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 15 debug libnfc.bus.uart RX: 16 00 debug libnfc.bus.uart TX: 00 00 ff 09 f7 d4 00 00 6c 69 62 6e 66 63 be 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 09 f7 debug libnfc.bus.uart RX: d5 01 debug libnfc.bus.uart RX: 00 6c 69 62 6e 66 63 debug libnfc.bus.uart RX: bc 00 debug libnfc.chip.pn53x GetFirmwareVersion debug libnfc.bus.uart TX: 00 00 ff 02 fe d4 02 2a 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 06 fa debug libnfc.bus.uart RX: d5 03 debug libnfc.bus.uart RX: 32 01 06 07 debug libnfc.bus.uart RX: e8 00 debug libnfc.chip.pn53x SetParameters debug libnfc.bus.uart TX: 00 00 ff 03 fd d4 12 14 06 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 13 debug libnfc.bus.uart RX: 18 00 debug libnfc.general "pn532_uart:/dev/tty.SLAB_USBtoUART" (pn532_uart:/dev/tty.SLAB_USBtoUART) has been claimed. debug libnfc.chip.pn53x ReadRegister debug libnfc.bus.uart TX: 00 00 ff 0c f4 d4 06 63 02 63 03 63 0d 63 38 63 3d b0 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 07 f9 debug libnfc.bus.uart RX: d5 07 debug libnfc.bus.uart RX: 00 00 00 00 00 debug libnfc.bus.uart RX: 24 00 debug libnfc.chip.pn53x PN53X_REG_CIU_TxMode (Defines the transmission data rate and framing during transmission) debug libnfc.chip.pn53x PN53X_REG_CIU_RxMode (Defines the transmission data rate and framing during receiving) debug libnfc.chip.pn53x WriteRegister debug libnfc.bus.uart TX: 00 00 ff 08 f8 d4 08 63 02 80 63 03 80 59 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 09 debug libnfc.bus.uart RX: 22 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 00 f9 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 01 f8 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 06 fa d4 32 05 ff ff ff f8 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x ReadRegister debug libnfc.bus.uart TX: 00 00 ff 0e f2 d4 06 63 02 63 03 63 05 63 38 63 3c 63 3d 19 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 08 f8 debug libnfc.bus.uart RX: d5 07 debug libnfc.bus.uart RX: 80 80 00 00 00 00 debug libnfc.bus.uart RX: 24 00 debug libnfc.chip.pn53x PN53X_REG_CIU_TxAuto (Controls the settings of the antenna driver) debug libnfc.chip.pn53x PN53X_REG_CIU_Control (Contains miscellaneous control bits) debug libnfc.chip.pn53x WriteRegister debug libnfc.bus.uart TX: 00 00 ff 08 f8 d4 08 63 05 40 63 3c 10 cd 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 09 debug libnfc.bus.uart RX: 22 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 00 f9 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 06 fa d4 32 05 00 01 02 f2 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x ReadRegister debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 06 63 03 c0 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 03 fd debug libnfc.bus.uart RX: d5 07 debug libnfc.bus.uart RX: 80 debug libnfc.bus.uart RX: a4 00 debug libnfc.chip.pn53x PN53X_REG_CIU_RxMode (Defines the transmission data rate and framing during receiving) debug libnfc.chip.pn53x WriteRegister debug libnfc.bus.uart TX: 00 00 ff 05 fb d4 08 63 03 88 36 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 09 debug libnfc.bus.uart RX: 22 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 01 f8 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 00 f9 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 01 f8 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 00 f9 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 01 f8 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 06 fa d4 32 05 00 01 02 f2 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x InListPassiveTarget debug libnfc.chip.pn53x No timeout debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 4a 01 00 e1 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 20 e0 debug libnfc.bus.uart RX: d5 4b debug libnfc.bus.uart RX: 01 01 00 44 28 07 04 1b 15 4a 0e 35 80 11 78 f7 b1 02 59 75 62 69 6b 65 79 4e 45 4f 72 33 debug libnfc.bus.uart RX: 8e 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 00 f9 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 01 f8 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 06 fa d4 32 05 00 01 02 f2 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x InListPassiveTarget debug libnfc.chip.pn53x No timeout debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 4a 01 00 e1 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 20 e0 debug libnfc.bus.uart RX: d5 4b debug libnfc.bus.uart RX: 01 01 00 44 28 07 04 1b 15 4a 0e 35 80 11 78 f7 b1 02 59 75 62 69 6b 65 79 4e 45 4f 72 33 debug libnfc.bus.uart RX: 8e 00 debug libnfc.chip.pn53x SetParameters debug libnfc.bus.uart TX: 00 00 ff 03 fd d4 12 04 16 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 13 debug libnfc.bus.uart RX: 18 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 00 f9 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 32 01 01 f8 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x RFConfiguration debug libnfc.bus.uart TX: 00 00 ff 06 fa d4 32 05 00 01 02 f2 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 02 fe debug libnfc.bus.uart RX: d5 33 debug libnfc.bus.uart RX: f8 00 debug libnfc.chip.pn53x InListPassiveTarget debug libnfc.chip.pn53x No timeout debug libnfc.bus.uart TX: 00 00 ff 04 fc d4 4a 01 00 e1 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 0f f1 debug libnfc.bus.uart RX: d5 4b debug libnfc.bus.uart RX: 01 01 00 44 28 07 04 1b 15 4a 0e 35 80 debug libnfc.bus.uart RX: 2a 00 debug libnfc.chip.pn53x InDataExchange debug libnfc.bus.uart TX: 00 00 ff 12 ee d4 40 01 60 00 a0 a1 a2 a3 a4 a5 04 1b 15 4a 0e 35 80 7b 00 debug libnfc.bus.uart RX: 00 00 ff 00 ff 00 debug libnfc.chip.pn53x PN53x ACKed debug libnfc.bus.uart RX: 00 00 ff 01 ff debug libnfc.bus.uart RX: 7f 81 00 error libnfc.driver.pn532_uart Application level error detected The card has a 7-byte UID.
ATQA (SENS_RES): 00 44 UID (NFCID1): 04 1b b1 4e f7 00 f1 SAK (SEL_RES): 28 ATS: 78 f7 b1 02 59 75 62 69 6b 65 79 4e 45 4f 72 33 Physically, the RFID tag works quite well, despite the small antenna, the reader in the metro "grasps" from 3 centimeters.
Conclusion
Compared to all the hardware tokens that I used to use, the U2F technology is extremely convenient. No need to mess with importing certificates, installing drivers, no Java applets, and more.
I tested working on Windows 7, Mac OS 10.10 and Ubuntu 14.0.4. In all systems, Chrome immediately picked up the token without installing drivers. In general, deployment seems so simple and clear that even a child can handle it.
And the presence of fully open specifications, plug-ins and libraries will allow you to fasten U2F to any applications.
Source: https://habr.com/ru/post/256579/
All Articles