Closed68
セキュリティキーとの通信を眺めながら CTAP の仕様を眺める
inabajunmrmac の USB パケットを wireshark でキャプチャする場合 SIP を無効化する必要がある
inabajunmrM1 だと XHC20 じゃないらしい
inabajunmrXHC0 指定で wireshark を起動する、でキャプチャできた
inabajunmrこれを試してみる
inabajunmrPID を合わせる必要がありそうだけど自分の yubikey のバージョンがわからない
inabajunmraaguid: b92c3f9a-c014-4056-887f-140a2501163b
Security Key By Yubico とある
inabajunmrhttps://support.yubico.com/hc/en-us/articles/360016614920-YubiKey-USB-ID-Values いわく
PID: 0x0120
らしい
inabajunmrVID は yubico の場合 0x1050 で固定
inabajunmrlua スクリプトの VID/PID of Yubikey のところだけ書き換える
inabajunmrパースされた
inabajunmr一旦このシリーズを全部読む
inabajunmrlua が動いたり動かなかったりしてよくわからんけど、多分これが INIT
ffffffff860008a09dea738c46372700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ここが nonce
a09dea738c463727
多分レスポンスがこれ
ffffffff860011a09dea738c46372700c50001020502040500000000000000000000000000000000000000000000000000000000000000000000000000000000
src と dest の関係がなんかわからん
inabajunmrffffffff
86
0011
a09dea738c463727
00c50001
02
05
02
04
05
00000000000000000000000000000000000000000000000000000000000000000000000000000000
00c50001 から始まるパケットがあるはず
inabajunmr00c50001900001040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
00c50001
90
0001
04
0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
CMD が 90 なので CTAPHID_CBOR
inabajunmr04 はなんだろう
inabajunmr後続で送られる CBOR の種類?
inabajunmr後続はこれ
00c500019000bf00aa0183665532465f5632684649444f5f325f306c4649444f5f325f315f50524502826b6372656450726f746563746b686d61632d73656372
めんどいので適当パーサーを書く
inabajunmrfunction p(hex) {
var CID = hex.slice(hex.s, 8);
var CMD = hex.slice(8, 10);
var LEN = hex.slice(10, 14);
var REMAIN = hex.slice(14);
console.log(`CID ${CID}\nCMD ${CMD}\nLEN ${LEN}\nREMAIN ${REMAIN}`);
}
CID 00c50001 CMD 90 LEN 00bf REMAIN 00aa0183665532465f5632684649444f5f325f306c4649444f5f325f315f50524502826b6372656450726f746563746b686d61632d73656372
続きのパケットはフォーマットが別か
inabajunmr00c500010065740350b92c3f9ac0144056887f140a2501163b04a562726bf5627570f564706c6174f469636c69656e7450696ef57563726564656e7469616c4d
00c5000101676d7450726576696577f5051904b006810107080818800981637573620a82a263616c672664747970656a7075626c69632d6b6579a263616c6727
00c500010264747970656a7075626c69632d6b657900000000000000000000000000000000000000000000000000000000000000000000000000000000000000
くっつけるとこう
00aa0183665532465f5632684649444f5f325f306c4649444f5f325f315f50524502826b6372656450726f746563746b686d61632d73656372
65740350b92c3f9ac0144056887f140a2501163b04a562726bf5627570f564706c6174f469636c69656e7450696ef57563726564656e7469616c4d
676d7450726576696577f5051904b006810107080818800981637573620a82a263616c672664747970656a7075626c69632d6b6579a263616c6727
64747970656a7075626c69632d6b657900000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ペイロードだけ切り取るとこう
00aa0183665532465f5632684649444f5f325f306c4649444f5f325f315f50524502826b6372656450726f746563746b686d61632d7365637265740350b92c3f9ac0144056887f140a2501163b04a562726bf5627570f564706c6174f469636c69656e7450696ef57563726564656e7469616c4d676d7450726576696577f5051904b006810107080818800981637573620a82a263616c672664747970656a7075626c69632d6b6579a263616c672764747970656a7075626c69632d6b6579
最初の 1 byte はステータスとのことなので、 それを抜いて CBOR パースするとこう https://cbor.me/
{1: ["U2F_V2", "FIDO_2_0"], 2: ["hmac-secret"], 3: h'F8A011F38C0A4D15800617111F9EDC7D', 4: {"rk": true, "up": true, "plat": false, "clientPin": false}, 5: 1200, 6: [1]}
ここまででブラウザが Authenticator におめーなにできんのか教えろって感じか
inabajunmrHID が全然わからんのでなんか遊べるものを作ろうと思うと分かる必要がありそう
inabajunmrauthenticatorSection.requireResidentKey を指定しないとなんかピンの登録が求められるな
inabajunmrなんかリセットして residentkey じゃなくしたら求められなくなった
inabajunmrリセットしていいキーかどうかみるのにこれつかった
inabajunmrこのあとのペイロード、またいきなり CBOR なんだけどなんだろう
inabajunmr00c8000b9000c101a4015820a1f1ce43043a764a3b38539c0a0764a07533469e3a2963fe17fb18a9114f0d7f02a262696474696e6162616a756e6d722e676974
CID 00c8000b
CMD 90
LEN 00c1
REMAIN 01a4015820a1f1ce43043a764a3b38539c0a0764a07533469e3a2963fe17fb18a9114f0d7f02a262696474696e6162616a756e6d722e676974
00c8000b006875622e696f646e616d656441636d6503a36269645820d4cba25325c510f66f77c98639fdbaa5d5138fa06c9b5f352788caf17afcfaa8646e616d
00c8000b016578186a6f686e2e702e736d697468406578616d706c652e636f6d6b646973706c61794e616d656d4a6f686e20502e20536d6974680481a263616c
00c8000b02672664747970656a7075626c69632d6b65790000000000000000000000000000000000000000000000000000000000000000000000000000000000
cbor
a4015820a1f1ce43043a764a3b38539c0a0764a07533469e3a2963fe17fb18a9114f0d7f02a262696474696e6162616a756e6d722e6769746875622e696f646e616d656441636d6503a36269645820d4cba25325c510f66f77c98639fdbaa5d5138fa06c9b5f352788caf17afcfaa8646e616d6578186a6f686e2e702e736d697468406578616d706c652e636f6d6b646973706c61794e616d656d4a6f686e20502e20536d6974680481a263616c672664747970656a7075626c69632d6b6579
{1: h'A1F1CE43043A764A3B38539C0A0764A07533469E3A2963FE17FB18A9114F0D7F', 2: {"id": "inabajunmr.github.io", "name": "Acme"}, 3: {"id": h'D4CBA25325C510F66F77C98639FDBAA5D5138FA06C9B5F352788CAF17AFCFAA8', "name": "john.p.smith@example.com", "displayName": "John P. Smith"}, 4: [{"alg": -7, "type": "public-key"}]}
これが authenticatorMakeCredential か
inabajunmr次
00c8000bbb0001020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
CID 00c8000b
CMD bb
LEN 0001
REMAIN 020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
bb ってなんだ
inabajunmrCTAPHID_KEEPALIVE らしい
inabajunmrThis command code is sent while processing a CTAPHID_MSG. It should be sent at least every 100ms and whenever the status changes.
inabajunmr何回か繰り返してステータスが変わると
00c8000bbb0001010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
そしてまた CBOR
CID 00c8000b
CMD 90
LEN 03ee
REMAIN 00a301667061636b65640258c45bf2dcec13407f82da3f2b7af92af0ecd83152c89eefe73700113c44cc21ffa34100000004b92c3f9ac01440
でかくね
00c8000b0056887f140a2501163b0040f64c8b2f2583e7e3074ce703e123769dcd747c51049980ae29b66d9a326df3bd8c453098339cab4f1b088d566dac81a8
00c8000b01c62664da140cde1a5e97a4de0fc79b87a501020326200121582089da5896b690c8620b631a6e2073d78c357e65c63936464d0cf486dbe9a93ae922
00c8000b025820de136fd0f367798541e53faec81b6e8cf5771c34382f41a0520085c72ca87dff03a363616c67266373696758463044022050785270e69053c4
00c8000b035b2c592d77f217f4d453a520952df3663d06cfb8ea89d587022058db0295cbc0f5531401ad52debdad0cd23f823d101325454e127bf3d3fcb52963
00c8000b04783563815902c2308202be308201a6a0030201020204400279a8300d06092a864886f70d01010b0500302e312c302a060355040313235975626963
00c8000b056f2055324620526f6f742043412053657269616c203435373230303633313020170d3134303830313030303030305a180f32303530303930343030
00c8000b06303030305a306f310b300906035504061302534531123010060355040a0c0959756269636f20414231223020060355040b0c1941757468656e7469
00c8000b076361746f72204174746573746174696f6e3128302606035504030c1f59756269636f205532462045452053657269616c2031303733393034303430
00c8000b083059301306072a8648ce3d020106082a8648ce3d030107034200045cb70ea66c13f2bfe0ff9384d0b3432048cda0b6fb87501b729be6cd4d6806ad
00c8000b09e0526676adfdd46f2e51644f1277654f2af0d08f96cc553bb5f14515bfbe9dd0a36c306a302206092b0601040182c40a020415312e332e362e312e
00c8000b0a342e312e34313438322e312e313013060b2b0601040182e51c0201010404030205203021060b2b0601040182e51c01010404120410b92c3f9ac014
00c8000b0b4056887f140a2501163b300c0603551d130101ff04023000300d06092a864886f70d01010b05000382010100b287e44606a8debcc01332f5c6ca90
00c8000b0cce3130260b8f7746205f1ad48eb783a31bcb91068594cad7b5a4dba638137e89d33e2a7fb6b1703572fb08282c9c6c141ad8ef41d7c4aee18c54f5
00c8000b0d8bfdf1c7ffdf7a9210ca3abf0a56f927e355bca472b37b33a6ed5afbb1c2c610308e5ab3ac26bb3d43ceff133ee017b580469d35e69750f24842e6
00c8000b0e6017790d736e04ebbfefe4b6244d1c711db30ef93094ea95e57d9f4d631d549ef3ef09ee5b19c417c24ecd3fb98b50fc2ab57dda67dc9d267a41ad
00c8000b0f7666b5095af8225404d2992c7bdaa73c4ed60ac6764e0c6395d8338504ff95cd21d4aa00334982aeb87326c6be1332f13b12aea4dfe8e9d6f8ddb8
00c8000b10380395f988000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
ペイロード
a301667061636b65640258c45bf2dcec13407f82da3f2b7af92af0ecd83152c89eefe73700113c44cc21ffa34100000004b92c3f9ac01440
56887f140a2501163b0040f64c8b2f2583e7e3074ce703e123769dcd747c51049980ae29b66d9a326df3bd8c453098339cab4f1b088d566dac81a8
c62664da140cde1a5e97a4de0fc79b87a501020326200121582089da5896b690c8620b631a6e2073d78c357e65c63936464d0cf486dbe9a93ae922
5820de136fd0f367798541e53faec81b6e8cf5771c34382f41a0520085c72ca87dff03a363616c67266373696758463044022050785270e69053c4
5b2c592d77f217f4d453a520952df3663d06cfb8ea89d587022058db0295cbc0f5531401ad52debdad0cd23f823d101325454e127bf3d3fcb52963
783563815902c2308202be308201a6a0030201020204400279a8300d06092a864886f70d01010b0500302e312c302a060355040313235975626963
6f2055324620526f6f742043412053657269616c203435373230303633313020170d3134303830313030303030305a180f32303530303930343030
303030305a306f310b300906035504061302534531123010060355040a0c0959756269636f20414231223020060355040b0c1941757468656e7469
6361746f72204174746573746174696f6e3128302606035504030c1f59756269636f205532462045452053657269616c2031303733393034303430
3059301306072a8648ce3d020106082a8648ce3d030107034200045cb70ea66c13f2bfe0ff9384d0b3432048cda0b6fb87501b729be6cd4d6806ad
e0526676adfdd46f2e51644f1277654f2af0d08f96cc553bb5f14515bfbe9dd0a36c306a302206092b0601040182c40a020415312e332e362e312e
342e312e34313438322e312e313013060b2b0601040182e51c0201010404030205203021060b2b0601040182e51c01010404120410b92c3f9ac014
4056887f140a2501163b300c0603551d130101ff04023000300d06092a864886f70d01010b05000382010100b287e44606a8debcc01332f5c6ca90
ce3130260b8f7746205f1ad48eb783a31bcb91068594cad7b5a4dba638137e89d33e2a7fb6b1703572fb08282c9c6c141ad8ef41d7c4aee18c54f5
8bfdf1c7ffdf7a9210ca3abf0a56f927e355bca472b37b33a6ed5afbb1c2c610308e5ab3ac26bb3d43ceff133ee017b580469d35e69750f24842e6
6017790d736e04ebbfefe4b6244d1c711db30ef93094ea95e57d9f4d631d549ef3ef09ee5b19c417c24ecd3fb98b50fc2ab57dda67dc9d267a41ad
7666b5095af8225404d2992c7bdaa73c4ed60ac6764e0c6395d8338504ff95cd21d4aa00334982aeb87326c6be1332f13b12aea4dfe8e9d6f8ddb8
380395f988000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
CBOR
{1: "packed", 2: h'5BF2DCEC13407F82DA3F2B7AF92AF0ECD83152C89EEFE73700113C44CC21FFA34100000004B92C3F9AC0144056887F140A2501163B0040F64C8B2F2583E7E3074CE703E123769DCD747C51049980AE29B66D9A326DF3BD8C453098339CAB4F1B088D566DAC81A8C62664DA140CDE1A5E97A4DE0FC79B87A501020326200121582089DA5896B690C8620B631A6E2073D78C357E65C63936464D0CF486DBE9A93AE9225820DE136FD0F367798541E53FAEC81B6E8CF5771C34382F41A0520085C72CA87DFF', 3: {"alg": -7, "sig": h'3044022050785270E69053C45B2C592D77F217F4D453A520952DF3663D06CFB8EA89D587022058DB0295CBC0F5531401AD52DEBDAD0CD23F823D101325454E127BF3D3FCB529', "x5c": [h'308202BE308201A6A0030201020204400279A8300D06092A864886F70D01010B0500302E312C302A0603550403132359756269636F2055324620526F6F742043412053657269616C203435373230303633313020170D3134303830313030303030305A180F32303530303930343030303030305A306F310B300906035504061302534531123010060355040A0C0959756269636F20414231223020060355040B0C1941757468656E74696361746F72204174746573746174696F6E3128302606035504030C1F59756269636F205532462045452053657269616C20313037333930343034303059301306072A8648CE3D020106082A8648CE3D030107034200045CB70EA66C13F2BFE0FF9384D0B3432048CDA0B6FB87501B729BE6CD4D6806ADE0526676ADFDD46F2E51644F1277654F2AF0D08F96CC553BB5F14515BFBE9DD0A36C306A302206092B0601040182C40A020415312E332E362E312E342E312E34313438322E312E313013060B2B0601040182E51C0201010404030205203021060B2B0601040182E51C01010404120410B92C3F9AC0144056887F140A2501163B300C0603551D130101FF04023000300D06092A864886F70D01010B05000382010100B287E44606A8DEBCC01332F5C6CA90CE3130260B8F7746205F1AD48EB783A31BCB91068594CAD7B5A4DBA638137E89D33E2A7FB6B1703572FB08282C9C6C141AD8EF41D7C4AEE18C54F58BFDF1C7FFDF7A9210CA3ABF0A56F927E355BCA472B37B33A6ED5AFBB1C2C610308E5AB3AC26BB3D43CEFF133EE017B580469D35E69750F24842E66017790D736E04EBBFEFE4B6244D1C711DB30EF93094EA95E57D9F4D631D549EF3EF09EE5B19C417C24ECD3FB98B50FC2AB57DDA67DC9D267A41AD7666B5095AF8225404D2992C7BDAA73C4ED60AC6764E0C6395D8338504FF95CD21D4AA00334982AEB87326C6BE1332F13B12AEA4DFE8E9D6F8DDB8380395F988']}}
cbor.me、後ろのいらん値無視して突っ込んでもパースしてくれて楽
inabajunmr中身は見慣れたアレと同じだと思うのでとりあえずスルー
inabajunmr00c8000f90009302a30174696e6162616a756e6d722e6769746875622e696f02582057ac5acf4d7e5640aeb6cd14d65f9c54b60d46d3ad4a3786c2885e9262f4
CID 00c8000f
CMD 90
LEN 0093
REMAIN 02a30174696e6162616a756e6d722e6769746875622e696f02582057ac5acf4d7e5640aeb6cd14d65f9c54b60d46d3ad4a3786c2885e9262f4
00c8000f0049d30381a26269645840f64c8b2f2583e7e3074ce703e123769dcd747c51049980ae29b66d9a326df3bd8c453098339cab4f1b088d566dac81a8c6
00c8000f012664da140cde1a5e97a4de0fc79b8764747970656a7075626c69632d6b657900000000000000000000000000000000000000000000000000000000
{1: "inabajunmr.github.io", 2: h'57AC5ACF4D7E5640AEB6CD14D65F9C54B60D46D3AD4A3786C2885E9262F449D3', 3: [{"id": h'F64C8B2F2583E7E3074CE703E123769DCD747C51049980AE29B66D9A326DF3BD8C453098339CAB4F1B088D566DAC81A8C62664DA140CDE1A5E97A4DE0FC79B87', "type": "public-key"}]}
にアサーションがかえってくると
inabajunmr00c8000fbb0001020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
CID 00c8000f
CMD bb
LEN 0001
REMAIN 020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
これはスルー
inabajunmrここから
00c8000f9000ca00a301a26269645840f64c8b2f2583e7e3074ce703e123769dcd747c51049980ae29b66d9a326df3bd8c453098339cab4f1b088d566dac81a8
CID 00c8000f
CMD 90
LEN 00ca
REMAIN 00a301a26269645840f64c8b2f2583e7e3074ce703e123769dcd747c51049980ae29b66d9a326df3bd8c453098339cab4f1b088d566dac81a8
00c8000f00c62664da140cde1a5e97a4de0fc79b8764747970656a7075626c69632d6b65790258255bf2dcec13407f82da3f2b7af92af0ecd83152c89eefe737
00c8000f0100113c44cc21ffa30100000007035846304402207df39c6b28ad3308b76828c89b5f26e624461567541f18a95e0094f15757156502207e2cb47611
00c8000f02ee26ffbb65c1822efc9c0a9d752062ff4bad9b44946b3703c2d9370000000000000000000000000000000000000000000000000000000000000000
{1: {"id": h'F64C8B2F2583E7E3074CE703E123769DCD747C51049980AE29B66D9A326DF3BD8C453098339CAB4F1B088D566DAC81A8C62664DA140CDE1A5E97A4DE0FC79B87', "type": "public-key"}, 2: h'5BF2DCEC13407F82DA3F2B7AF92AF0ECD83152C89EEFE73700113C44CC21FFA30100000007', 3: h'304402207DF39C6B28AD3308B76828C89B5F26E624461567541F18A95E0094F15757156502207E2CB47611EE26FFBB65C1822EFC9C0A9D752062FF4BAD9B44946B3703C2D937'}
これが authdata と signature
inabajunmrなんとなくの雰囲気がつかめたので CTAP の仕様を読んでいく
inabajunmr- WebAuthn なしで何かをするくんを書く
- USB のことを知る必要がある
- WebAuthn なしで web アプリへの登録、認証を全部やってみる
- USB のことを知る必要がある
- WebAuthn API をフックして取得したパラメーターを Authenticator に対するコマンドに変換して叩いて、レスポンスを WebAuthn API のレスポンスと差し替える、みたいな
inabajunmrとりあえず仕様を読む
inabajunmrwireshark の Dissector をいじって安定して使えるようにしたい気もする
inabajunmr認証器キット系のコードを読みたいという気持ちもある
このスクラップは4ヶ月前にクローズされました