Vivokey Flex One/Fidesmo Tesla key

I found this project here - https://github.com/javacard-FOSS-applets/gauss-key-card, which appears to be a Javacard applet for emulating a Tesla 3 ISO keyfob.

I am not a Javacard developer and am far from a capable of modifying this code to work for the Vivokey Flex One, but I currently cannot see a reason why this cannot be ported over to Fidesmo, allowing people to install a Tesla key app, rather than an entire implant (that is the size of a Flex One anyways)

I will try and play with getting it installed to my Fidesmo developer card, but I have no idea if it will work.

@amal do you see anything immediately that would prevent this from being used in a Flex One/Fidesmo card?

The biggest thing I am unsure of is that this applet (and Tesla) require large frame sizes commands. This applet requires a frame size of 96 bytes or higher (FSCI value >= 6)

I cannot find any frame size specifications for the JCOP 3 SecID P60 chip that is in the Flex One :confused:

We have a version of this already tested to be working with the Model 3… it was rejected from the Fidesmo app store over fears it would incur the wrath of Tesla… but we have… other plans.

2 Likes

damn, that’s really lame it was rejected from Fidesmo; it infringes on no Testa technologies or patents or copyrights or intellectual property.

In fact, they could block this if they enable key checking, otherwise all this is doing is emulating a tag.
It’s up to Tesla to say “we don’t want you to do this”.

No matter what thought, you can take the compiled applet and install it manually on a Flex One or on a Fidesmo card.

1 Like

I don’t think this is possible due to the RID/AID requirements. I could be wrong… it’s been a long time since I have attempted it, but I don’t think the Fidesmo platform will even allow applet loading if the RID/AID is not permitted. The keycard applet requires a specific AID and the RID prefix is not enabled unless you request it… it was this request that was denied for me.

Incorrect; I’m the person who built the Tesla applet Amal’s discussing. We used Darconeous’ spec (the writer of Gauss), and liased with him on a few points before his applet was released.

The frame sizing is not an issue, i have tested with the component chip of the Flex One. It’s wholly a “politics” thing. Fidesmo only allow their RID or a RID you own/a well-known RID (like OpenPGP’s RID). Exemptions to their RID are at their discretion. We argued it was a well-known one, but they disagreed.

Fidesmo controls the ecosystem; if they say no to an applet, it doesn’t get installed.

You’ll also find Tesla recently released NFC key via phone, with no cert checking.

I was thinking of you manually installed the applet onto the P60 chip in the Fidesmo card directly, bypassing using their platform to install applets. There is still the manual ability to add an applet to a Flex One, I’m not sure about if the Fidesmo cards have a special protection against direct loading though.

Yes and no… Fidesmo controls the master keys for the chip, so only Fidesmo can deploy applets. This is part of the reason why companies are more willing to trust deploying their applets alongside other applets on the chip… because Fidesmo is ensuring the applets are deployed into separate security domains on the chips and bytecode checking them to ensure they aren’t doing anything fishy. Without this assurance, getting bigger companies to even consider deploying applets in this “app store” kind of way to a chip or device would be out of the question.

The down side of course is that you as a customer don’t have your own master keys. That’s why we have it in our partnership contract with Fidesmo that our customers can opt-out… but we don’t have the means to do that yet. In short, opting out would mean removing the applets and resetting master keys to some default. Then you could load your own applets, but you could never go back to Fidesmo with that chip.

So, to get an applet on your VivoKey Flex One (P60 edition), you need to run it through Fidesmo, and if they say no you are out of luck.

3 Likes

So what you’re saying is… we should buy two Flex Ones?.. :smirk::smirk:

2 Likes

No need to now… we have been able to get the Not A Keycard applet published on Fidesmo!

8 Likes

Great work! Extremely excited about the FLEX ONE. I am however squeamish about the installation procedure.

Technically the flex one program is now dead. We are planning on releasing the Apex line instead… it will have at least two implantable form factor options and use a newer, more advanced chip.

2 Likes

So what do us beta testers that paid the 350 for flexone get?

In my opinion, that is probably a question better asked in either of the Vivokey Forums, which you should have access to.
forum.vivokey.com
https://members.vivokey.com/
And maybe a little more nicely worded :wink:

Not my place to say, But, I would suggest, By looking at DT’s track record, you will be looked after :+1:

You know what you get. You’ve already asked about this multiple times, both indirectly and directly, on multiple threads, on multiple forums. To be completely clear: As a Flex One beta customer, you will get your choice of a free Apex device, once they are released for purchase. If you have any further question about this, please review the private Flex One beta forum at http://forum.vivokey.com and comment there if you remain confused.

2 Likes

Point Proven…

3 Likes