Fix for ACR122U Time Extension

Using GlobalPlatformPro (results are similar with or without sudo), here is the result of running the following command twice:

Downloads/GlobalPlatformPro/tool on  master 
➜ gp -list
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
Failed to open secure channel: Card cryptogram invalid!
Received: F5A9F347E33856EF
Expected: 77F785346F01911B
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
Read more from https://github.com/martinpaljak/GlobalPlatformPro/wiki/Keys

Downloads/GlobalPlatformPro/tool on  master took 2s 
➜ gp -list
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
Failed to open secure channel: Card cryptogram invalid!
Received: FF2B95C089165D39
Expected: 7BD935F5FAE9B80F
!!! DO NOT RE-TRY THE SAME COMMAND/KEYS OR YOU MAY BRICK YOUR CARD !!!
Read more from https://github.com/martinpaljak/GlobalPlatformPro/wiki/Keys

Don’t run that command again. Bad idea, as it says.

Try GP -a apdu -v -d

➜ gp -a 00a4040006D2760001240100 -v -d
# 
# gp -a 00a4040006D2760001240100 -v -d
SCardConnect("Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00", T=*) -> T=1, 3B80800101
# GlobalPlatformPro v20.07.04-2-gc360b3e
# Running on Linux 5.4.0-40-generic amd64, Java 1.8.0_252 by Private Build
A>> T=1 (4+0006) 00A40400 06 D27600012401 00
A<< (0000+2) (34ms) 9000
A>> T=1 (4+0000) 00A40400 00 
A<< (0018+2) (18ms) 6F108408A000000151000000A5049F6501FF 9000
[DEBUG] GPSession - Auto-detected ISD: A000000151000000
Warning: no keys given, defaulting to 404142434445464748494A4B4C4D4E4F
SCardDisconnect("Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00", true) tx:17/rx:22

oh, i meant gp -a 00a4040006D2760001240100 -v -d

edited ^

Ok, great!

That means the app is responding correctly. It’s gpg having trouble.

Have you installed these packages (names for debian but should match other distributions):
pcscd scdaemon pcsc-tools

they’re needed for gpg to use smartcards.
Once installed, run pcsc_scan with your implant on the reader

Yes, I had them installed. Yubikeys have been working with the Feitian R502-CL this whole time. I verified they were installed.

GlobalPlatformPro/tool/target on  master took 3s 
➜ pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
 
Sun Jul 12 17:08:56 2020
 Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
  Event number: 0
  Card state: Card removed, 
   
Sun Jul 12 17:08:57 2020
 Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
  Event number: 1
  Card state: Card inserted, 
  ATR: 3B 80 80 01 01

ATR: 3B 80 80 01 01
+ TS = 3B --> Direct Convention
+ T0 = 80, Y(1): 1000, K: 0 (historical bytes)
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 
-----
  TD(2) = 01 --> Y(i+1) = 0000, Protocol T = 1 
-----
+ Historical bytes: 
+ TCK = 01 (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 80 80 01 01
	ISO 14443 Type B without historical bytes
	Electronic Passport
	Spanish passport (2012)
	Canadian Passport
	Venez_Prox
   
Sun Jul 12 17:09:11 2020
 Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
  Event number: 2
  Card state: Card removed, 
 -   

What happens when you tap the Yubikey for pcsc-scan?

GlobalPlatformPro/tool/target on  master took 23s 
➜ pcsc_scan
Using reader plug'n play mechanism
Scanning present readers...
0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
 
Sun Jul 12 17:15:16 2020
 Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
  Event number: 0
  Card state: Card removed, 
   
Sun Jul 12 17:15:19 2020
 Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
  Event number: 1
  Card state: Card inserted, 
  ATR: 3B 8C 80 01 59 75 62 69 6B 65 79 4E 45 4F 72 33 58

ATR: 3B 8C 80 01 59 75 62 69 6B 65 79 4E 45 4F 72 33 58
+ TS = 3B --> Direct Convention
+ T0 = 8C, Y(1): 1000, K: 12 (historical bytes)
  TD(1) = 80 --> Y(i+1) = 1000, Protocol T = 0 
-----
  TD(2) = 01 --> Y(i+1) = 0000, Protocol T = 1 
-----
+ Historical bytes: 59 75 62 69 6B 65 79 4E 45 4F 72 33
  Category indicator byte: 59 (proprietary format)
+ TCK = 58 (correct checksum)

Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 8C 80 01 59 75 62 69 6B 65 79 4E 45 4F 72 33 58
	Yubikey Neo
   
Sun Jul 12 17:15:23 2020
 Reader 0: Feitian 502-CL [R502 Contactless Reader] (D861D6B8140005CA) 00 00
  Event number: 2
  Card state: Card removed, 
 -

Can you try gpg --card-edit with your implant on the reader (it won’t wait for you until you’re actually authenticating)

GlobalPlatformPro/tool/target on  master took 16s 
➜ gpg --card-edit

gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

gpg/card> fetch
gpg: selecting card failed: No such device
gpg: error retrieving URL from card: No such device

gpg/card> help
quit           quit this menu
admin          show admin commands
help           show this help
list           list all available data
fetch          fetch the key specified in the card URL
passwd         menu to change or unblock the PIN
verify         verify the PIN and list all data
unblock        unblock the PIN using a Reset Code

gpg/card> passwd
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device

gpg/card> 
gpg: signal Interrupt caught ... exiting

I’ll be honest, i’ve never had that issue at all - but I use Windows for this mainly.

I’m wondering if it doesn’t even try to run the APDU select if scdaemon can’t detect it is a card with the OpenPGP app on it?

I have Windows, too. What should I try? I just hate Windows. A lot. ;^)

I use Kleopatra (installed with gpg for windows) on Windows and it seems to work pretty well.

All I want to do is put my existing PGP keys on my implant. It looks like Kleopatra dumbs things down and generates new ones. Yes, it does read the implant, but this is useless for my needs. OpenKeychain can do the same, but what good is having a one-off PGP key implanted in my arm?

This has proven to be pretty frustrating over the past few months I’ve been trying to do this. Thanks, @fraggersparks for your help so far.

1 Like

ah, if you want to put existing keys on, you can use gpg on Windows cmd too - same format and sounds like it’ll work this time.

Using Windows, I was able to successfully flash my Signing and Encryption 2048 keys. For some reason, Windows refuses to accept that my Authentication subkey is valid. A Debian VM I’m using on Windows accepts the secret key (indicated by the ssb prefix to the key vs sub). Even when I replace the contents of the Windows %APPDATA%\GnuPG\ directory with the Linux version, Windows says either “no secret key” or “unusable” secret key.

What this shows me is that:

  1. It is possible to flash existing keys onto a Vivokey Flex One using a Feitian R502-CL on Windows if the keys are 2048 RSA.
  2. There’s something about the base Linux gpg app that doesn’t like the combination of wireless readers and Vivokey Flex One.
  3. Windows is still a steaming pile of trash.

Thanks, @fraggersparks. I can at least use this for pass and email signing on the phone, now.

@amal, for your records, a partial victory.

Ordered May 15, received today. 2 1/2 months to ship 400 mi away… That must be some kind of record :slight_smile:

I’ll see if the R502-CLs are any good when I get back home tonite.

EDIT: and… they’re kind of shit really. Good thing they weren’t expensive. Straight to the drawer of forgotten electronics they go… The ACR-122U is still king :slight_smile: