Aiosa
commented
3 years ago Right now I was playing around with it: I was getting the same error when
- you use the referenced NFC writer app, and write first the payload
- then you check if the demo counter works
- then you use the same session of NFC writer to write secret (another URL)
HOTP does not work, only the counter. But if you enter both secret and payload simultaneously and write it just once, it works. IMHO, the writer app writes the payload twice since if you perform the last step with the same session, both tags are on the display, overwriting the HMAC generator instance.
Without much knowledge or insight into the code I think that the last step creates the HMAC generator and when the payload is written again (since the writer keeps it in the write menu as well), it replaces the HMAC generator again with the demo counter. I did not test it much because I don't have time now, will update if I find some more on it...
EDIT: it seems it works only if both tags are written simultaneously, the first record in order must be the secret, the second the payload...weird
petrs
Installation of the applet is successfully done on a JC 3.0.4 card from Idemia (Oberthur), following GP spec 2.2.1.
Any plaintext or URL is saved successfully as the payload and returned to a phone on request.
However, regardless of setting a valid otpauth URL from the Wiki example (otpauth://hotp/crocs@muni.cz?secret=GEZDGNBVGY3TQOJQGEZDGNBVGY3TQOJQ) the code is not being generated, and only the plain incremented counter is returned every time.
Any ideas would be helpful that could lead me to why codes are not being generated on my card.