Security key not detected on OS X 10.11

[landaire]

I recently got a yubikey through the GitHub promotion, but it's not being detected. After doing some digging I discovered that the device is simply not supported in ykcore.

Device info:

  Product ID:   0x0120
  Vendor ID:    0x1050
  Version:  4.18
  Speed:    Up to 12 Mb/sec
  Manufacturer: Yubico
  Location ID:  0x14200000 / 9
  Current Available (mA):   1000
  Current Required (mA):    30
  Extra Operating Current (mA): 0

I was able to get the tool to actually attempt to do something with it by adding 0x0120 to the pids in yk_open_first_key and removing the checks on usage and usagePage in _ykusb_open_device located in ykcore_osx.c.

I added some debug statements to the process:

diff --git a/ykcore/ykcore.c b/ykcore/ykcore.c
index 2dfad42..19b9399 100644
--- a/ykcore/ykcore.c
+++ b/ykcore/ykcore.c
@@ -67,7 +67,7 @@ int yk_release(void)

 YK_KEY *yk_open_first_key(void)
 {
-       int pids[] = {YUBIKEY_PID, NEO_OTP_PID, NEO_OTP_CCID_PID,
+       int pids[] = {YUBIKEY_PID, 0x0120, NEO_OTP_PID, NEO_OTP_CCID_PID,
                NEO_OTP_U2F_PID, NEO_OTP_U2F_CCID_PID, YK4_OTP_PID,
                YK4_OTP_U2F_PID, YK4_OTP_CCID_PID, YK4_OTP_U2F_CCID_PID,
                PLUS_U2F_OTP_PID};
diff --git a/ykcore/ykcore_osx.c b/ykcore/ykcore_osx.c
index a07b8d8..7521581 100644
--- a/ykcore/ykcore_osx.c
+++ b/ykcore/ykcore_osx.c
@@ -105,11 +105,15 @@ void *_ykusb_open_device(int vendor_id, int *product_ids, size_t pids_len)
                        long usagePage = _ykosx_getIntProperty( dev, CFSTR( kIOHIDPrimaryUsagePageKey ));
                        long usage = _ykosx_getIntProperty( dev, CFSTR( kIOHIDPrimaryUsageKey ));
                        long devVendorId = _ykosx_getIntProperty( dev, CFSTR( kIOHIDVendorIDKey ));
+
+                       printf("%lx, %lx, %lx\n", usagePage, usage, devVendorId);
                        /* usagePage 1 is generic desktop and usage 6 is keyboard */
-                       if(usagePage == 1 && usage == 6 && devVendorId == vendor_id) {
+                       if( devVendorId == vendor_id) {
                                long devProductId = _ykosx_getIntProperty( dev, CFSTR( kIOHIDProductIDKey ));
                                size_t j;
                                for(j = 0; j < pids_len; j++) {
+                                       printf("product id: %d, target: %ld\n", product_ids[j], devProductId);
+
                                        if(product_ids[j] == devProductId) {
                                                if(yk == NULL) {
                                                        yk = dev;

which spit out:

f1d0, 1, 1050
product id: 16, target: 288
product id: 288, target: 288
1, 2, 5ac
1, 2, 5ac
ff00, 1, 5ac
1, 6, 5ac
1, 2, 5ac
Firmware version 4.1.8 Touch level 256 Unconfigured
A slot must be chosen with -1 or -2.

I'm not sure what this is supposed to be, but I can see that by adding the product ID and removing the usagePage/usage requirements then this is device discovered.

[landaire]

After some further research it looks like usage page 0xf1d0 represents U2F devices, with usage of 0x01. I'm going to create a PR for this. Sources:

https://code.google.com/p/chromium/issues/detail?id=374307 http://comments.gmane.org/gmane.comp.sysutils.systemd.devel/24481

[hcavillones]

fantastic! great work! Cant wait for the merge

[klali]

As I just wrote in pull request #66 this project only knows how to deal with the OTP interface of a YubiKey, the U2F key with product id 0x120 doesn't have an OTP interface so there's nothing this project can do after opening that interface (if you manage to do something that would be very interesting..).