Edent, 3 months ago

Good news! I can use this #NFC reader to read my #FIDO2 token in Linux!

Bad news! The chip reports that it is locked and cannot be updated!

Frustrating news! There doesn't seem to be a simple way to allow #Firefox to read a #WebAuthN token via NFC.

Perseverance!

plwt, 3 months ago

@Edent I now have a great track by Terrorvision in my head. Thank you!

Are you using a copy of Firefox from Mozilla, or a version packaged by your Linux distro?

#fxhelp

Edent, 3 months ago

@plwt I think the one which came with Pop_OS. Why, does it make a difference?
Currently v122

plwt, 3 months ago

@Edent I do not know what Pop_OS ships with but you might want to try a tarball from Mozilla directly looking at this support question - https://support.mozilla.org/en-US/questions/1412073

(The app armour option is another possibility.)

Edent, 3 months ago

@plwt I can use USB security keys just fine.

I have an NFC only key that I'm trying to use.

plwt, 3 months ago

@Edent Ah, my mistake, apologies.

I have had a look and have found this open bug - https://bugzilla.mozilla.org/show_bug.cgi?id=1669870

Please feel free to add any additional commentary to it if you think it might help.

Edent, 3 months ago

@plwt I'm not sure what more I can add. The bug hasn't been touched in three years. Would a +1 make any difference?

johnmclear, 3 months ago

@Edent have you tried updating the passive device with a phone/android app?

Nxp taginfo is the main app for debug at a high level

Edent, 3 months ago

@johnmclear yeah, I have the NXP apps. They can't write to the NDEF record - saying it is locked.

Edent, 3 months ago

Great news!

If I run this Python script as root on the CLI, I can use my NFC MFA hardware token on Firefox!

https://github.com/BryanJacobs/fido2-hid-bridge

(It is actually rather good once I got it installed).

johnmclear, 3 months ago

@Edent ACS just released a new ACR-esque reader called "walletmate" that will allow you to handle tokenized/merchant based requests such as the experience of Google Wallet/Apple Pay.

This means instead of the request looking like this.

READER: Gimme info > ACTIVE: have tokenized random info

It's

READER: I'm Merchant Terence, gimme the info you got for me. > ACTIVE: have info I have for you.

I'm yet to abstract that yet but it's on my lengthy TODO list and if I get a use case I'll do it

johnmclear, 3 months ago

@Edent Final piece of info but this is vague memory, afaik it has a NXP PN532 IC inside driving most of the NFC functionality but that is blurry and could be wrong.

Damn you covid.

Edent, 3 months ago

@johnmclear thanks!

I'm able to see it in pcsc_scan - and it's showing me the NDEF stuff.

Doesn't work with nfc-tools. Still faffing around with it.

WilliamLeech, 3 months ago

@Edent Yubico security key WebauthN credentials stored via USB are available for use via NFC (and vice versa) rather than there being two separate stores, which I think is a handy to know for debugging

Edent, 3 months ago

@WilliamLeech I'm not using a Yubikey.
I'm using an NFC only product.

freedomofthoughtnews2, 3 months ago

@Edent zionism https://mega.nz/folder/x6snVSZL#CzrjEqHTKs_TOht5Mwgysw/folder/1r8ihaoL https://archive.org/details/JewishRitualMurderRevisitedTheHiddenCultFULLHD The RCMP, CSIS, and THE CIA have been electronically harassing citizens unknowingly with V2k and remote neural monitoring technology in Canada and the United states sound the alarm they refuse to test for it at hospitals it https://minds.com/.../satanic-mind-control-technology... https://targetedjustice.https://rumble.com/v49xdki-dew-waves-from-the-american-government-trying-to-kill-me-in-kelowna-followi.html
https://www.justanswer.com/canada-law/gp1fp-gang-stalked-bc-crown-council.html
https://www.youtube.com/watch?v=vE9iCi9Zm9I
https://archive.org/details/CanadianGovernmentGangstalkingReport2010

tophat, 3 months ago

@Edent Oooo. NFC is a fun technology to mess around with - what type of use case do you have in mind for using NFC on Linux?

Edent, 3 months ago

@tophat
Mostly WebAuthN and local authentication stuff. But happy to hear ideas.

Aegewsh, 3 months ago

@Edent @tophat If you wish to log-in to linux, you can easily do it with Yubico key.

Edent, 3 months ago

@Aegewsh What guide did you follow to get it working for you?

tophat, 3 months ago

@Aegewsh @Edent Definitely been on my mind, to use it with USB rather than NFC however.

Aegewsh, 3 months ago

@tophat You're right USB - never tried with NFC @Edent but if you wish to try Yubikey with USB https://support.yubico.com/hc/en-us/articles/360016649099-Ubuntu-Linux-Login-Guide-U2F - should works for other distros too (probably needs some modifications in tutorial).

Edent, 3 months ago

@Aegewsh I'm not trying to be rude, but I'm specifically looking for help with NFC stuff.

I'm not using a Yubikey, I'm running a FIDO2 JavaCard applet on an NFC-only device.

lopta, 3 months ago

@Edent It's handy to have an ID card with the number printed on it: helps you mask off the characters you don't want.

Edent, 3 months ago

@lopta
I don't really understand what you mean. Sorry!

lopta, 3 months ago (edited 3 months ago)

@Edent Sorry, I thought you had an RFID reader there and not NFC.