NFC Error in YubiKey communication

[thechubbypanda]

• Yubico Authenticator version: 2.2.0
• Operating system and version: Android 10 (Note 9)
• YubiKey model and version: 5 NFC
• Bug description summary: Authenticator app does not recognize key

Steps to reproduce

Hold key on NFC reader location while app is open

Expected result

App authenticates key

Actual results

Error toast message

[jeantil]

related to https://github.com/Yubico/yubioath-android/issues/127, make sure you try the procedure in https://github.com/Yubico/yubioath-android/issues/120 too

[werd4311]

Any progress on this issue?

It's pretty obvious from the one-star play store app reviews at this point that it simply doesn't work at all with current Android devices. This is not an isolated issue.

[banderson5144]

Just bought a YubiKey 5 NFC yesterday and I am seeing this issue on a Pixel 6 Pro. It works when I put it in the USB C port, but NFC tap says Error in YubiKey Communication

[AdamVe]

Hi everyone, we are sorry to hear you have issues with your Yubikeys and the NFC functionality in Yubico Authenticator. The version 2.2.0 should be compatible with Android versions 4.4 to 12 and the NFC communication should be working if the device supports it.

Here are some general tips for using Yubikeys and NFC:

• know where the NFC antenna is located in the device and tap the key at that place (For Pixel 6 Pro, the antenna is just below the G logo, see here: https://support.google.com/pixelphone/answer/7157629?hl=en#zippy=%2Cpixel-pro)

  • hold your Yubikey as close to the NFC antenna until your phone vibrates
  • if you use any phone case, try also without if it makes difference
  • if you have a chance, see if NFC works with a different tag or phone
  • try to read your Yubikey with a NFC tag reader app

If you still have troubles with NFC, please add an adb logcat message to this conversation.

[banderson5144]

@AdamVe so when I tap it with or without the case on and don't have the Yubico Authenticator app open, it opens up Chrome to the Yubico validation website.

Also when I use the NXP TagInfo app, it is able to read the entire contents of the YubiKey.

However, it is only when I open the Yubico Authenticator app is where I have the Error in communication problem.

For the adb logcat you are requesting, do I just hook it up to my computer and run that command from the CLI? (Please provide an example if you can)

[banderson5144]

I am also experiencing the same issue on a Pixel 2XL

[AdamVe]

Hi and thank you for the updated information! Let's see if we get any info with the logcat. It needs a bit of setup on you machine though.

1. install the needed tools on your machine (https://developer.android.com/studio#command-tools)
2. connect the phone with with usb cable (if you are on Android 11+ you can also setup Wifi connection) and enable the Developer Options -> USB Debugging / Wireless debugging
3. run abd logcat in your shell, and you should see all the phone is logging
4. reproduce the issue with Yubikey and stop the adb logcat command. see if you can find any error close to the output related to nfc, yubioath or yubikey

You can find information about how to install the tools in this page: https://developer.android.com/studio/command-line. More information about logcat: https://developer.android.com/studio/command-line/logcat

I am also experiencing the same issue on a Pixel 2XL

Could you, please share the Android version of the Pixel 6 Pro as well as the Pixel 2 XL.

[banderson5144]

@AdamVe Here is the logcat https://pastebin.com/c9w7YcEv (had to put it there since I couldn't paste the entire log)

I ran this on my Pixel 2XL. It is running Android 11 Build Number RP1A.201005.004.A1

Also here is the result from the NXP Tag Info app:

** TagInfo scan (version 4.24.8) 2022-02-01 09:29:20 **
Report Type: External

-- IC INFO ------------------------------

# IC manufacturer:
Infineon Technologies AG

# IC type:
Unknown IC implementing ISO/IEC 14443-4

# NFC Forum NDEF-compliant tag:
Type 4 Tag

# Application information:
Global Platform card manager present
Type 4 Tag v2 application present
Yubico NEO key
Yubico OATH app
* Version: 5.4.3
* ID: 0x3F2ECFA8E1E49FA2
* No accounts configured
FIDO U2F app
Personal Identity Verification card (FIPS 201 PIV)
OpenPGP card
* Version: 5.4.3
* Name of cardholder: [unknown]
* Language prefs: [unknown]
* Sex: not announced
* URL of public key: [unknown]
* Login data: [unknown]
0x6E8201374F10D27600012401030400061837624000005F520800730000E00590007F740381012073820110C00A7D000BFE080000FF0000C106010800001100C206010800001100C306010800001100DA06010800001100C407017F7F7F030003C55000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000077489FDE1E2077F20AB6D6CCD487C69F2CBD3EA4C65000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000613B |n..7O..v..$......7b@.._R..s.......t... s.....}...................................................P............................................................wH... w.........,.>..P............................................................................a;|
* Signature counter: 0

-- NDEF ------------------------------

# NFC data set information:
NDEF message containing 1 record
Current message size: 67 bytes
Maximum message size: 125 bytes
NFC data set access: Read & Write

# Record #1: URI record:
Type Name Format: NFC Forum well-known type
Short Record
type: "U"
protocol field: https://
URI field: my.yubico.com/yk/#cccccbbjhhecrgglbenhhtjvhjhthckrrddgkjigibbb
Payload length: 63 bytes
Payload data:

[00] 04 6D 79 2E 79 75 62 69 63 6F 2E 63 6F 6D 2F 79 |.my.yubico.com/y|

[10] 6B 2F 23 63 63 63 63 63 62 62 6A 68 68 65 63 72 |k/#cccccbbjhhecr|

[20] 67 67 6C 62 65 6E 68 68 74 6A 76 68 6A 68 74 68 |gglbenhhtjvhjhth|

[30] 63 6B 72 72 64 64 67 6B 6A 69 67 69 62 62 62    |ckrrddgkjigibbb |

# NDEF message:
[00] D1 01 3F 55 04 6D 79 2E 79 75 62 69 63 6F 2E 63 |..?U.my.yubico.c|

[10] 6F 6D 2F 79 6B 2F 23 63 63 63 63 63 62 62 6A 68 |om/yk/#cccccbbjh|

[20] 68 65 63 72 67 67 6C 62 65 6E 68 68 74 6A 76 68 |hecrgglbenhhtjvh|

[30] 6A 68 74 68 63 6B 72 72 64 64 67 6B 6A 69 67 69 |jhthckrrddgkjigi|

[40] 62 62 62                                        |bbb             |

# Capability Container (CC) file content:
Mapping version 2.0
CC length: 15 bytes
Maximum Le value: 127 bytes
Maximum Lc value: 127 bytes
NDEF File Control TLV:
* Length: 6 bytes
* NDEF file ID: 0xE104
* Maximum NDEF data size: 127 bytes
* NDEF access: Read & Write
[0] 00 0F 20 00 7F 00 7F 04 06 E1 04 00 7F 00 00    |.. ............ |

# Type 4 Tag File Control Information (FCI):
Type 4 Tag v2 application FCI: [none]
CC file FCI: [none]
NDEF file FCI: [none]

# NDEF file contents:
[00] 00 43 D1 01 3F 55 04 6D 79 2E 79 75 62 69 63 6F |.C..?U.my.yubico|

[10] 2E 63 6F 6D 2F 79 6B 2F 23 63 63 63 63 63 62 62 |.com/yk/#cccccbb|

[20] 6A 68 68 65 63 68 74 76 6A 76 63 6B 65 64 6E 69 |jhhechtvjvckedni|

[30] 67 6A 74 68 63 76 68 72 67 69 75 69 68 68 6B 64 |gjthcvhrgiuihhkd|

[40] 67 6B 76 65 75                                  |gkveu           |

-- EXTRA ------------------------------

# ATS historical bytes details:
ISO/IEC 7816-4 coding
Card capabilities: 0x73C021C0
* DF selection methods: (0xC0)
    - By full DF name
    - By partial DF name
* Behaviour of write function: proprietary
* Value 0xFF for the first byte of BER-TLV tag fields:
    - Invalid (used for padding, default value)
* Data unit size: 2 quartets
* Command chaining supported
* Extended Lc and Le fields supported
* Logical channel no. assignment:
    - No logical channels
Card issuer's data: 0x597562694B6579 |YubiKey|

# Global Platform information:
Global Platform version 2.3.1
GP Secure Channel Protocol: 03 option 60
Global Platform card manager
* FCI: 0x6F178408A000000151000000A50B730906072A864886FC6B01 |o.......Q.....s...*.H..k.|

# Card Production Life Cycle data (CPLC):
IC Fabricator: Infineon
IC Type: [unknown]
OS ID: [unknown]
OS release date: [invalid]
OS release level: 0x4F44
IC Fabrication Date: [invalid]
IC Serial Number: 0x7D500573
IC Batch Identifier: 0x2EF4
IC Module Fabricator: [unknown]
IC Module Packaging Date: [invalid]
ICC Manufacturer: [unknown]
IC Embedding Date: [invalid]
IC Pre-Personalizer: [unknown]
IC Pre-Perso. Equipment Date: [invalid]
IC Pre-Perso. Equipment ID: 0xBE108D89
IC Personalizer: [unknown]
IC Personalization Date: [invalid]
IC Perso. Equipment ID: 0x49BE950E
IC Personalizer: [unknown]
IC Personalization Date: [invalid]
IC Perso. Equipment ID: 0x49BE950E

# File Control Information:
Default selected AID
0x6F178408A000000151000000A50B730906072A864886FC6B01 |o.......Q.....s...*.H..k.|
FIDO U2F app
0x5532465F5632 |U2F_V2|

# TagInfo Version:
Version :4.24.8

# Device Info:
Device Model :Google ( Pixel 2 XL )
Android OS Version :11

-- FULL SCAN ------------------------------

# Technologies supported:
ISO/IEC 7816-4 compatible
ISO/IEC 14443-4 (Type A) compatible
ISO/IEC 14443-3 (Type A) compatible

# Android technology information:
Tag description:
* TAG: Tech [android.nfc.tech.IsoDep, android.nfc.tech.NfcA, android.nfc.tech.Ndef]
* Maximum transceive length: 65279 bytes
* Default maximum transceive time-out: 618 ms
* Extended length APDUs supported
* Maximum transceive length: 253 bytes
* Default maximum transceive time-out: 618 ms

# Detailed protocol information:
ID: 27:30:66:18:01:66:30
ATQA: 0x4400
SAK: 0x20
ATS: 0x1278B384008073C021C057597562694B657900
* Max. accepted frame size: 256 bytes (FSCI: 8)
* Supported receive rates:
    - 106, 212, 424 kbit/s (DR: 1, 2, 4)
* Supported send rates:
    - 106, 212, 424 kbit/s (DS: 1, 2, 4)
* Different send and receive rates not supported
* SFGT: 4.833 ms  (SFGI: 4)
* FWT: 77.33 ms  (FWI: 8)
* NAD not supported
* CID not supported
* Historical bytes: 0x8073C021C057597562694B6579 |.s.!.WYubiKey|

--------------------------------------

[AdamVe]

Thanks! Could you check the app settings and turn off "Read NFC NDEF payload" option? If that option is not enabled for you, enable and disable it.

Then try to tap with the key again. Does it make any difference?

I ask for this as your logcat shows following error several times; that part is executed only if you have the settings option enabled.

E yubioath: Error reading NDEF tag.

[banderson5144]

I get this, but this doesn't look like the screen when I plug it in via USB

[AdamVe]

The screen you see is showing a Yubico OTP (one-time password) code which was read through the NFC. If you had OATH codes stored in the key, they would show up under the NFC item:

The NFC/NDEF item you see will be visible only you have have the option "Read NFC NDEF payload" enabled in settings.

Do you still get the "Error in YubiKey Communication" when using NFC?

[banderson5144]

No I don't get that error. So this means it is working as expected yes?

[AdamVe]

Yes. You should be able to add new TOTP/HOTP codes with the blue plus button. The codes will be securely stored in the key and will be available through USB connection as well. You will be able to see them also in the desktop app.