CTAP2_vku2f_jc305u3_aaaa_ez100pu

# CTAP2_vku2f_jc305u3_aaaa_ez100pu ###### tags: `fido` ## links [download packets](https://drive.google.com/file/d/1cERP4uHi_BcVobqJNIJPQPG888cHBupo/view?usp=sharing) [vku2f](https://github.com/josh20170311/vk_u2f_applet_with_gradle_plugin) [fido2.0 spec. 8.2.nfc](https://fidoalliance.org/specs/fido-v2.0-ps-20190130/fido-client-to-authenticator-protocol-v2.0-ps-20190130.html#nfc) [CBOR playground](https://cbor.me/) ## applet install 1. download vku2f 2. use intelliJ to open the project 3. build javacard 4. install applet by cmd 1. open cmd by admin 1. change directory to the location of cap file 1. gp --install applet.cap 5. put certificate 1. copy the command in the cert.txt 1. run the command ## command structure ![](https://i.imgur.com/YmzrrDW.png) ![](https://i.imgur.com/0mbkX3k.png) ![](https://i.imgur.com/sEefjx7.png) ## register ```= >> 00a40400 08 a0000006472f0001 # 2279 << 4649444f5f325f30 9000 // "FIDO_2_0" # 2282 >> 80100000 01 04 // 0x04 authenticatorGetInfo # 2283 << 00a40181684649444f5f325f30035074 # 2296 65737461616775696466666666666604 a362726bf5627570f5627576f5051904 b0 9000 >> 90100000 f0 // short chaining mode # 2297 // 0x01 authenticatorMakeCredential 01a50158203d0146 876d4b885c16c98f 59905d9f9b9460a5 2a00e5f19ddf942f 5d5de357c202a262 69646b7765626175 74686e2e696f646e 616d656b77656261 7574686e2e696f03 a36269644aa9aa10 0000000000000064 6e616d6564626262 626b646973706c61 794e616d65646262 6262048aa263616c 672664747970656a 7075626c69632d6b 6579a263616c6738 2264747970656a70 75626c69632d6b65 79a263616c673823 64747970656a7075 626c69632d6b6579 a263616c67390100 64747970656a7075 626c69632d6b6579 a263616c67390101 64747970656a7075 626c69632d6b6579 a263616c67390102 << 9000 # 2334 >> 80100000 71 # 2335 64747970656a7075 626c69632d6b6579 a263616c67382464 747970656a707562 6c69632d6b6579a2 63616c6738256474 7970656a7075626c 69632d6b6579a263 616c673826647479 70656a7075626c69 632d6b6579a26361 6c67276474797065 6a7075626c69632d 6b657907a1627576 f5 << # 2504 00a301667061636b 656402589474a6ea 9213c99c2f74b224 92b320cf40262a94 c1a950a0397f2925 0b60841ef0450000 0000746573746161 6775696466666666 66660010f7b03c09 e37832cccc265dcf 80ea9953a5010203 2620012158200fbc 9942afa40bcc804d d09097f430d8f18b 8e16e2c8a341c963 c14286a568f42258 206941f1dcf5dd85 2a36d6c803b82b52 bc3870b59fbcfb93 80f9498ccdcc65c2 4203a363616c6726 6373696758473045 0221008c3cee4056 652a660f4abb92ef 679cdc0b0289b1c0 bfac05ff3d5a07bf 1e535902205549a6 67309e0449892385 3aa913f17875eb50 b61ce7cd8719f2e8 5f2b702d84637835 63815901 >> # 2505 << 40308201 6100 # 2508 >> 80c0 0000 00 # 2509 << # 2530 3c3081e4a0030201 02020a4790128000 1155957352300a06 082a8648ce3d0403 0230173115301306 03550403130c476e 756262792050696c 6f74301e170d3132 3038313431383239 33325a170d313330 3831343138323933 325a3031312f302d 0603550403132650 696c6f74476e7562 62792d302e342e31 2d34373930313238 3030303131353539 3537333532305930 1306072a8648ce3d 020106082a8648ce 3d03010703420004 8d617e65c9508e64 bcc5673ac82a6799 da3c1446682c258c 463fffdf58dfd2fa 3e6c378b53d795c4 a4dffb4199edd786 2f23abaf0203b4b8 911ba0569994e101 300a06082a8648ce 3d04030203470030 44022060 >> # 2531 << cdb6061e 613d # 2534 >> 80c0 0000 3d # 2535 << # 2558 9c22262d1aac1d96 d8c70829b2366531 dda268832cb836bc d30dfa0220631b14 59f09e6330055722 c8d89b7f48883b90 89b88d60d1d97959 02b30410df 9000 >> 80120100 00 // fido applet deslection # 2559 (defined in fido CTAP2.1) << 9000 # 2586 ``` ### decoded response (0x04)getInfo ```=json { 1: ["FIDO_2_0"], 3: 'testaaguidffffff', 4: { "rk": true, "up": true, "uv": true }, 5: 1200 } ``` ### decoded command (0x01)makeCredential ```=json { 1: h '3D0146876D4B885C16C98F59905D9F9B9460A52A00E5F19DDF942F5D5DE357C2', 2: { "id": "webauthn.io", "name": "webauthn.io" }, 3: { "id": h 'A9AA1000000000000000', "name": "bbbb", "displayName": "bbbb" }, 4: [{"alg": -7, "type": "public-key" }, {"alg": -35, "type": "public-key" }, {"alg": -36, "type": "public-key" }, {"alg": -257, "type": "public-key" }, {"alg": -258, "type": "public-key" }, {"alg": -259, "type": "public-key" }, {"alg": -37, "type": "public-key" }, {"alg": -38, "type": "public-key" }, {"alg": -39, "type": "public-key" }, {"alg": -8, "type": "public-key" }], 7: { "uv": true } } ``` ### decoded response(0x01)makeCredential ```=json 0, { // attestation statement format 1: "packed", // authenticator data 2: h '74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF0 // rpid hash 45 //flag 00000000 //counter 74657374616167756964666666666666 //aaguid 0010 // keypair handle length F7B03C09E37832CCCC265DCF80EA9953 // keypair handle A5 //COSE 01 02 03 26 20 01 21 58 20 0FBC9942AFA40BCC804DD09097F430D8F18B8E16E2C8A341C963C14286A568F422 58 20 6941F1DCF5DD852A36D6C803B82B52BC3870B59FBCFB9380F9498CCDCC65C242', // attestation statement 3: { // 加密演算法 "alg": -7, // 簽章 "sig": h '30450221008C3CEE4056652A660F4ABB92EF679CDC0B0289B1C0BFAC05FF3D5A07BF1E535902205549A667309E04498923853AA913F17875EB50B61CE7CD8719F2E85F2B702D84', // 憑證 "x5c": [h '3082013C3081E4A003020102020A47901280001155957352300A06082A8648CE3D0403023017311530130603550403130C476E756262792050696C6F74301E170D3132303831343138323933325A170D3133303831343138323933325A3031312F302D0603550403132650696C6F74476E756262792D302E342E312D34373930313238303030313135353935373335323059301306072A8648CE3D020106082A8648CE3D030107034200048D617E65C9508E64BCC5673AC82A6799DA3C1446682C258C463FFFDF58DFD2FA3E6C378B53D795C4A4DFFB4199EDD7862F23ABAF0203B4B8911BA0569994E101300A06082A8648CE3D0403020347003044022060CDB6061E9C22262D1AAC1D96D8C70829B2366531DDA268832CB836BCD30DFA0220631B1459F09E6330055722C8D89B7F48883B9089B88D60D1D9795902B30410DF'] } } ``` ![](https://i.imgur.com/UTilsQT.png) ## login ``` >> 00a40400 08 a0000006472f0001 # 4985 << 4649444f5f325f30 9000 // "FIDO_2_0" # 4988 >> 80100000 01 04 // 0x04 authenticatorGetInfo # 4989 << # 5022 00a4018168464944 4f5f325f30035074 // 0x00 CTAP1_ERR_SUCCESS, CTAP2_OK 6573746161677569 6466666666666604 a362726bf5627570 f5627576f5051904 b0 9000 >> 80100000 70 # 5025 02a4016b77656261 7574686e2e696f02 // 0x02 authenticatorGetAssertion 58206d4d592ebb36 798ddbded27a3963 b5464ce3fbf6881c 0e52bffb03b0e0a9 2cf00381a2626964 582006af11460056 ea13ce199ecf35ca d90c2f46e28ae993 21917b4697d07c62 3c9064747970656a 7075626c69632d6b 657905a1627570f4 <<2e 9000 # 5102 // 0x2E CTAP2_ERR_NO_CREDENTIALS No valid credentials provided. >> 80100000 5f # 5103 02a4016b77656261 7574686e2e696f02 // 0x02 authenticatorGetAssertion 58206d4d592ebb36 798ddbded27a3963 b5464ce3fbf6881c 0e52bffb03b0e0a9 2cf00381a2626964 50f7b03c09e37832 cccc265dcf80ea99 5364747970656a70 75626c69632d6b65 7905a1627570f4 << # 5176 00a401a262696450 f7b03c09e37832cc // 0x00 CTAP1_ERR_SUCCESS, CTAP2_OK Indicates successful response. cc265dcf80ea9953 64747970656a7075 626c69632d6b6579 02582574a6ea9213 c99c2f74b22492b3 20cf40262a94c1a9 50a0397f29250b60 841ef00100000000 0358483046022100 a4f15c7c6999f694 17f6348cc63ae20c 03403f1d22412b1c 728bd846366f3d50 0221008c3fb6cbb0 a64e92ac1a01b8a6 5368eb42450249b6 f366052098d87412 cff40004a1626964 4a94cf1000000000 000000 9000 >> 80100000 63 # 5177 02a4016b77656261 7574686e2e696f02 // 0x02 authenticatorGetAssertion 58206d4d592ebb36 798ddbded27a3963 b5464ce3fbf6881c 0e52bffb03b0e0a9 2cf00381a2626964 50f7b03c09e37832 cccc265dcf80ea99 5364747970656a70 75626c69632d6b65 7905a2627570f562 7576f5 << # 5276 00a401a262696450 f7b03c09e37832cc // 0x00 CTAP1_ERR_SUCCESS, CTAP2_OK cc265dcf80ea9953 64747970656a7075 626c69632d6b6579 02582574a6ea9213 c99c2f74b22492b3 20cf40262a94c1a9 50a0397f29250b60 841ef00500000001 0358483046022100 e0e34c7e03f0f4a4 c62e518b8f51312e a3bd9ac929423ec0 6b30bbe2fc5acda5 0221008d8c901cca b5862cf56857eacb 987c4028e69e69c4 fa55ca7440f13d15 cc44a404a36b6469 73706c61794e616d 6564616161616269 644a94cf10000000 00000000646e616d 656461616161 9000 >> 8012010000 # 5278 << 9000 # 5292 ``` ### decoded command (0x02) authenticatorGetAssertion # 5025 ```=json { 1: "webauthn.io", 2: h '6D4D592EBB36798DDBDED27A3963B5464CE3FBF6881C0E52BFFB03B0E0A92CF0', 3: [{ "id": h '06AF11460056EA13CE199ECF35CAD90C2F46E28AE99321917B4697D07C623C90', "type": "public-key" }], 5: { "up": false } } ``` ### decoded response (0x02) # 5102 ```=json 2e // 0x2E CTAP2_ERR_NO_CREDENTIALS No valid credentials provided. ``` ### decoded command (0x02) authenticatorGetAssertion # 5103 ```=json { 1: "webauthn.io", 2: h '6D4D592EBB36798DDBDED27A3963B5464CE3FBF6881C0E52BFFB03B0E0A92CF0', 3: [{ "id": h 'F7B03C09E37832CCCC265DCF80EA9953', "type": "public-key" }], 5: { "up": false } } ``` ### decoded response (0x02) # 5176 ```=json { 1: { "id": h 'F7B03C09E37832CCCC265DCF80EA9953', "type": "public-key" }, 2: h '74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF00100000000', 3: h '3046022100A4F15C7C6999F69417F6348CC63AE20C03403F1D22412B1C728BD846366F3D500221008C3FB6CBB0A64E92AC1A01B8A65368EB42450249B6F366052098D87412CFF400', 4: { "id": h '94CF1000000000000000' } } ``` ### decoded command (0x02) authenticatorGetAssertion # 5177 ```=json { 1: "webauthn.io", 2: h '6D4D592EBB36798DDBDED27A3963B5464CE3FBF6881C0E52BFFB03B0E0A92CF0', 3: [{ "id": h 'F7B03C09E37832CCCC265DCF80EA9953', "type": "public-key" }], 5: { "up": true, "uv": true } } ``` ### decoded response (0x02) # 5276 ```=json { 1: { "id": h 'F7B03C09E37832CCCC265DCF80EA9953', "type": "public-key" }, 2: h '74A6EA9213C99C2F74B22492B320CF40262A94C1A950A0397F29250B60841EF00500000001', 3: h '3046022100E0E34C7E03F0F4A4C62E518B8F51312EA3BD9AC929423EC06B30BBE2FC5ACDA50221008D8C901CCAB5862CF56857EACB987C4028E69E69C4FA55CA7440F13D15CC44A4', 4: { "displayName": "aaaa", "id": h '94CF1000000000000000', "name": "aaaa" } } ```