Fidesmo app bug for Apex on iOS / iPhone

amal · September 12, 2022, 7:57pm

At this time, Fidesmo’s app for iPhone has a critical bug in that it will not present you with a “connect services” button once you scan your Apex. To get around this problem, you will need to manually deploy applications.

Once you can your Apex, you should see a screen that says “No connected services” like this;

To deploy applicaitons manually, you will have to go to settings and then turn on manual delivery;

Then on the device screen, tap the Manual Delivery icon

Pick the app ID from the list below and appropriate service ID, like this;

Services

Here is a list of app IDs and service IDs for each;

30c2ea30 - VivoKey SmartPGP
- install - installs the applet
- destroy - removes the applet (ALONG WITH KEYS!)
e819c674 - VivoKey Tesla Keycard
- install - installs the applet
- destroy - removes the applet (ALONG WITH CAR REGISTRATION!)
cc68e88c - VivoKey FIDO (U2F/FIDO2)
- install_u2f - installs the U2F applet
- install_fido2 - installs the BETA of the FIDO2 applet
- destroy - removes the fido applet (removes applet ALONG WITH KEYS!)
61b4b03d - VivoKey NDEF Container
- ndef1k - installs the 1kB size container
- ndef2k - installs the 2kB size container
- ndef4k - installs the 4kB size container
- ndef8k - installs the 8kB size container
- ndef16k - installs the 16kB size container
- destroy - removes the applet (and data!)
61fc54d5 - VivoKey OTP Authenticator
- install - installs the applet
- destroy - removes the applet (AND KEYS!)
2f2e363b - VivoKey HMAC-SHA1
- install - install the applet
- destroy - removes the applet (AND KEY!)

Aemun · September 12, 2022, 8:26pm

Much needed quick tutorial. Quick question though,
What happens to my keys when I remove an applet?

amiedd · September 12, 2022, 8:32pm

Success! Thanks!

amal · September 13, 2022, 1:45am

biokobom · September 16, 2022, 10:47am

Hey, for anyone wanting OTP’s on iPhones, this app: Token2 Companion seems to work with the U2F applet, sith the FIDO2 it seems to have troubles connecting. (Since there is no VivoKey OTP app on iPhone)

Pilgrimsmaster · September 17, 2022, 5:02am

Android Version here

Pilgrimsmaster · December 29, 2022, 8:19pm

3 posts were merged into an existing topic: Vivokey Authenticator on iOS

Dani · November 14, 2023, 3:02pm

Can any one tell me the app ID for “Fidesmo GO: Nordics”?
I tried to install it and there’s no destroy button for it.

Pilgrimsmaster · November 14, 2023, 4:55pm

It sounds like you managed to get GO: Nordic loaded on your phone through Fidesmo, but you can’t remove it, Is that correct?

So you want the Manual deployment info so you can destroy it?

I’m not sure where to find that info from Fidesmo, or if it is even Public, @Amal or @StarGate01 may have that info to hand.

I don’t personally recall seeing the Nordic App in Manual deploy conversations

The best I can do for you is a Link to a StarGate01 post that may point you in the right direction.

https://forum.dangerousthings.com/t/applets-storing-data-using-ndef/15951?u=pilgrimsmaster

My guess is the FlexSecure GitHub

amal · November 14, 2023, 5:12pm

turn on debug mode in the fidesmo app and it will tell you (its d7d13e65), but i don’t know what the removal service id might be… we use “destroy” across the board but it could just as easily be “muffins”… no idea what fidesmo might have used.

Dani · November 14, 2023, 7:53pm

Sorry, too little information, my fault.
I managed to install this applet to my apex flex implant. And now I can’t remove it, as there’s no “destroy” button.

And I want to delete it through manual delivery service.

Dani · November 14, 2023, 8:00pm

And why don’t it have destroy button? What can be the problem?
Should I try “delete” in manual delivery service? Or do I have any other options to destroy the applet?
Thank you for your reply.

amal · November 14, 2023, 11:20pm

So the way Fidesmo works is they have an application ID and a service ID. There’s no specific installation service and no specific removal or destroy service, they are all just services. You can configure each service to do a specific thing, and each service can have its own set of requirements and permissions. The only reason VivoKey applications have a destroy button in the Fidesmo app is that we named our removal service “destroy”.

Likely, the ability to install the Go Nordic app was an oversight of permissions. I guess it’s not supposed to be able to be installed on stuff yet. Because of that, my hunch is that whatever service has been defined to remove or destroy the applet either doesn’t exist yet or has permissions that stop it from being visible to you.

StarGate01 · November 15, 2023, 3:06am

I checked the servers, according to the API data, you should be able to manually deploy “d7d13e65/uninstall” to remove the applet.

Dani · November 15, 2023, 12:35pm

Got it! Thank you very much for this reply! Now it’s getting clearer how this works.

Dani · November 15, 2023, 12:35pm

Great! Thank you, it worked.