NFC compatibility with phones

[Zjemm]

Hi,

I finally received a solo USB A and a solo tab USB C

They both work when plugged in and pressing the key on my laptop. But now I want to test nfc on my Android phone but I can't seem to get it working.

Nfc works on the phone because I pay with nfc at shops.

How can I test nfc on my Android with for example GitHub or Gmail.

I also installed a nfc app that can read nfc chips. So when I scan my bank card it read the chip. But with to solo, nothing happens.

Any advise?

[gillesw]

I have the same trouble : NFC doesn't work on solo tap USB-C OnePlus 6T A6013_41-190528 build (latest)

[Zjemm]

For me it's the OnePlus 3T Android 9.0.3

[martinpaljak]

I get 6f00 (generic exception) with tap version on the u2f coffe test site with android. It also is “looping” so seems to sort of crash the connection repeatedly.

[fmeum]

Not working on the OnePlus 5, although it works with YubiKeys and my Solo Tap passes the FIDO test suite with an external NFC reader.

[Zjemm]

Alright so at least im not the only one. So this must be something. Or maybe a combination with OnePlus

[mrvantage]

Similar problems here on my OnePlus 3. I am able to read the solo tap using the NXP taginfo app, but only without the sleeve on.

I've tried using the keys with https://u2f.bin.coffee, but I was unable to register it via NFC

[martinpaljak]

@mrvantage what was the error on the test website?

[Tumeez]

I also thought that my Solo Tap's are broken, because no react with Oneplus 3. They already know that problem, because I contact them to directly.

tl:dr Solo Tap NFC doesn't work with my Oneplus 3

[Zjemm]

Well now there is also a GitHub issue, so more people can see

[Mincka]

Same thing here, I contacted Solo on Twitter but no more answers...

Got response: { "errorCode": 1, "errorMessage": "Low level error 0x6f00" } on https://u2f.bin.coffee/ Not working on https://webauthn.io/ neither (with or without rubber protection). Looks ok on NXP TagInfo.

Tested on Samsung Galaxy A8 (SM-A530F) with Android 9 / One UI 1.0 up-to-date. Same issue with multiple keys (Type-A or Type-C).

Also tested on Samsung A5 2016 after NFC read, same error. No NFC field activation at all on Honor 8 and Samsung Galaxy S9. Powered by a USB-C port from a laptop: same error in the JavaScript response on the mobile.

The key is said to be "up-to-date" on update.solokeys.com but I also tried to force reflash it. Tried multiple times, with multiple keys, everywhere on the back. 🙁

They work as expected when plugged to a USB port, but the NFC is not.

[manuel-domke]

So until now there were only reports regarding "OnePlus" branded smartphones.

If this affects more manufacturers (or Solo Tap's), I guess there is a bigger issue,Hopefully they can fix it it the firmware.

Are there any smartphones where it is confirmed working? I have a Tap, but no other NFC-capable device (yet). But maybe I can get hands on some colleague's phones...

[Mincka]

A colleague told me that he paired his Solo Tap USB-A, plugged on his laptop, to his Google account (nothing new at this stage).

Then, he told me that he managed to authenticate on Google, on his phone (A5 2017), using NFC (on the second try).

Still, he has the same error message (Low level error 0x6f00) on https://u2f.bin.coffee/.

[Mincka]

Oh, some progress here... I was unable to test the same scenario since I cannot pair my Solo Tap USB-C on my laptop because I have no USB-C or adapter.

However, it made me think that I did not try to combine a U2F registering through USB and an authentication through NFC on https://u2f.bin.coffee/... And it worked, on the third try... 🎉

I tried again and it never works on the first time, but still, the sign in is working at some point. However, the registering over NFC never work. Hope it helps...

I guess it could be related to the maximum delay authorized for the operations on Android. Conor was taking about that during the campaign.

Tap is particularly challenging to make because it needs to operate passively. This means it must harvest the power solely from the NFC field. [...] To be able to efficiently harvest enough power, using this external NFC chip isn’t enough. There also needs to be an antenna. [...]

But even with a good antenna, there were still some issues. The design couldn’t harvest enough power to run at 100% speed, so I had to run it at about 50% speed. Consequently the register and authenticate would take longer to compute (about 1.0s, and 0.5s). These seems fine but Android NFC FIDO requests timeout after about 0.5s. So register wouldn’t work and authenticate worked sometimes.

I was stuck at this for a while. I kept running through these steps.

1. Try to improvement antenna to get more power.
2. Make code faster.
3. Experiment with different settings on microcontroller.

Eventually I improved it enough and now it works quite well :D.

[manuel-domke]

But only on the Galaxy A8? The A5, G9 and "Honor 8" (whatever this is) don't react at all, like described for the OnePlus's ?

[Zjemm]

Don't think it's a OnePlus issue then

[dschuermann]

I received my Solo Tap (+USB-C) and it works in Chrome with Pixel 2XL on https://u2f.hwsecurity.dev and https://webauthn.hwsecurity.dev .

We implemented workarounds for https://github.com/solokeys/solo/issues/214 and https://github.com/solokeys/solo/issues/213 and now it also works with our native SDK from https://hwsecurity.dev

[Mincka]

Exactly same behaviour on u2f.hwsecurity.dev and webauthn.hwsecurity.dev: registration only possible with USB (however error code 1 or NotReadableError) and authentication works about 1 time over 3...

I could accept (tolerate) the need to plug for registration but the authentication rate failure is too high.

At least, the NFC field is activated for my phone, on others, there is no detection at all (these phones work perfectly fine for other NFC devices or badges).

@dschuermann : Do you confirm that you can register and authenticate via NFC without failure? Can you tell which phone(s) you are using?

[conorpp]

I've just done some testing on Pixel, Nexus, Samsung S9, and LG phones. I haven't tried OnePlus.

It seems that a lot of LG phones simply don't support ISO 14443A, which is the NFC protocol used by Tap. The LG phone I used wasn't able to read the NDEF data even while Tap was USB powered. I suspect some OnePlus models have a similar problem.

For Samsung S9, it took me a while to get it to work with a U2F test site via NFC, around 60-120s before a registration succeeded. I couldn't figure out a consistent method for improving that. I think the RF coupling is too poor. I suspect this issue extends to most Samsung devices. NFC-Registering while USB powered I found a firmware bug, but fixing that, it works fine; but no improvement in passive operation. Will push bug fix soon.

Pixel and Nexus 6 devices worked fine. I think recent Motorola and Google devices give the best performance.

I believe most issues stem are stemming from poor RF coupling with some phone models. Using only authentication instead of registering should help since it takes less time and power. If I can find any potential firmware improvements, I'll work on them. In any event, we/@solokeys/team-solokeys are planning a new HW revision, and one of the improvements will be significantly reducing power and timing for passive operation.

[Tumeez]

Will new HW rev be free to us who have a problem at the moment?

[0x0ece]

Personally, I think we have opportunities to fix via firmware upgrade -- if not we'll certainly explore a hw rev. But I'm positive we can optimize the boot, or play with advanced uses of the AMS chip. It'll just require some time to test and explore options.

It's good to collect feedback about non-working devices.

[Zjemm]

I've just done some testing on Pixel, Nexus, Samsung S9, and LG phones. I haven't tried OnePlus.

It seems that a lot of LG phones simply don't support ISO 14443A, which is the NFC protocol used by Tap. The LG phone I used wasn't able to read the NDEF data even while Tap was USB powered. I suspect some OnePlus models have a similar problem.

For Samsung S9, it took me a while to get it to work with a U2F test site via NFC, around 60-120s before a registration succeeded. I couldn't figure out a consistent method for improving that. I think the RF coupling is too poor. I suspect this issue extends to most Samsung devices. NFC-Registering while USB powered I found a firmware bug, but fixing that, it works fine; but no improvement in passive operation. Will push bug fix soon.

Pixel and Nexus 6 devices worked fine. I think recent Motorola and Google devices give the best performance.

I believe most issues stem are stemming from poor RF coupling with some phone models. Using only authentication instead of registering should help since it takes less time and power. If I can find any potential firmware improvements, I'll work on them. In any event, we/@solokeys/team-solokeys are planning a new HW revision, and one of the improvements will be significantly reducing power and timing for passive operation.

i have registered the solo USB-C Tab via usb-c (laptop) on my github account, but still then authentication on the android via NFC (oneplus3t chrome) does not work.

when plugged in to a laptop for power and then trying NFC, it does read the key but auth fails.

seems indeed like a power issue. I hope you guys can fix it via firmware, otherwise NFC is completely useless in my situation

another thing i noticed that when plugging in the tab on my usb-c on my laptop, the led lights up. but when plugging in on my phone it does not. I plugged it into an LG phone and there it did light up and the USB settings popup from android showed as: Power supply (translated from dutch)

my oneplus3t asks me what to to when plugging in a usb-c cable connected to my laptop (charging only, or file transfer e.t.c.) but it does not ask me when plugging in the solokey in the phone. also there is no "power supply" option. so the oneplus does not power the key

so it also seems that the tab via usb-c does not work on the oneplus

[dschuermann]

So, some information how Android does FIDO: Chrome is using Google's proprietary FIDO implementation that is shipped in their Google Play Services. I think, we can do a lot better regarding UX and NFC/USB backend. That's why we implemented our own native FIDO stack on Android. Also, this allows us to support special use cases based on customer requirements (such as PDF signing).

Long story short, I just pushed an update to our FIDO Sample (now version 1.6) on Google Play (could take up to 4 hours until you get it): https://play.google.com/store/apps/details?id=de.cotech.hw.fido.example

You can try our implementation with your phone and report if it works better than Chrome. I would be interested in your results.

Also, for some devices, we show where the best NFC spot is located on the back of your device, this may help:

[Zjemm]

Nice but first we need an nfc fix, because right now nfc does not work on several Android devices

Also can more people confirm when plugged the usbc in a OnePlus, that it does not receive power?

[Mincka]

@dschuermann: After about 100 NFC registering attempts on Galaxy S9: 3 times: "INS_NOT_SUPPORTED", 96 times: vibration but nothing, 1 time: successful registration (really unexpected, first time happening with NFC). Same results when powered from another phone with USB-C.

However, the authentication works better with your app than Chrome, I'd say authentication succeeds about 8 out of 10 attempts.

Side note regarding the app: the key has to be plugged BEFORE taping on buttons (register / authenticate). It does not work if the help message is displayed. It can be a bit confusing. I was expecting to be prompted to plug the key after taping the buttons, not before.

Is there a way to prevent the Android pop-up "Do you allow the app to access Solo 2.3.0?" each time we need to authenticate through USB?

[dschuermann]

@Mincka thanks for your testing, very interesting. I tested the SoloKey Tap successfully on Pixel 2 XL over NFC. I will do a more detailed testing with our different devices next week.

Is there a way to prevent the Android pop-up "Do you allow the app to access Solo 2.3.0?" each time we need to authenticate through USB?

Unfortunately, there is no good way to prevent that pop up. If you would use a single FIDO app, we could register this app on USB Intents using the Intent Filter. Then you could choose "always" and it will no longer ask for permissions later. But already if you use two FIDO apps, the other will need to ask for permission again using the pop up. So we decided against registering on Intent filters to not pollute this list with each FIDO app.

[Mincka]

I notified the Solo team on Twitter on June 18th and still no official message about this specific issue. I bought 5 Solo Tap keys for my teammates and I. Nobody is able to use them with Chrome / Google and NFC, on different phone models. This is the most basic scenario that you expect to work smoothly. The comments on this thread and Twitter show that it's not an isolated issue.

We already waited a lot more than it was usually planned. I was expecting a final product properly tested on a few major phone models by the time. In the end, I would have prefer to wait even more than being sent a non-working product.

I am quite disappointed by the feedback at this stage: "we think that we can improve by flashing firmware" / "we may review the hardware". When? At which cost? Can we expect new hardware revision sent for free if it's not possible to make them work in standard scenarios, even after an hypothetical firmware update?

[merlokk]

@Mincka test #217 please if you have hacker one

[Mincka]

Don't have one but I'll be happy to test if you can provide a signed release.

[merlokk]

unfortunately i cant. but it will be available in several days

[ioanrogers]

Another problem phone: ZTE Axon 7 Cannot read Tap with NFC Tools normally, but can when using USB power.

When trying to register with the FIDO Example app and USB power, the Tap's led turns briefly orange but nothing happens on the phone.

[conorpp]

@Mincka yes many phones were tested during prototyping, but only one particular type of Android phone was used for QA for manufacturing. Plus we discovered a whopping 25%-30% yield issue with the AS3956, the chip we use for NFC. Unfortunately pretty difficult to foresee issues like this.

There are a couple issues we can fix with firmware, like when trying to register when USB powered @ioanrogers. That way at least authenticating passively can work more reliably.

The best we/@solokeys can do at this point is make a new HW revision, with a different microcontroller than was planned for the KS campaign. We can send free replacements to those who can't get Tap to work. I've just started work on this and hope to start a manufacturing run by the end of this year. Will try to get official announcement out soon.

[Zjemm]

@conorpp

That would be great, let's wait for that announcement

[likarum]

@conorpp Great news!

[guillaumedc]

Can't have my keys working over NFC. It's a good news if you can find a replacement soon :-) Waiting for the anoucement too.

[gillesw]

Trying again today on OnePlus 6t with FIDO Example : it works... Both register and authenticate.

[dschuermann]

Trying again today on OnePlus 6t with FIDO Example : it works... Both register and authenticate.

Great to hear. Does it also work for you with Google Authenticator (when you open Chrome with https://u2f.hwsecurity.dev) ?

[gillesw]

Trying again today on OnePlus 6t with FIDO Example : it works... Both register and authenticate.

Great to hear. Does it also work for you with Google Authenticator (when you open Chrome with https://u2f.hwsecurity.dev) ?

On OnePlus 6T + Chrome, it works with NFC.

Did someone achieve to have NFC work on Surface GO ?

[conorpp]

@gillesw awesome, what did you change?

[gillesw]

Nothing... Except software update on the phone.

That's strange.

I was making tests between surface go and phone with NFC, I accidentally put the phone on the key and bazinga...

Le lun. 22 juil. 2019 à 19:39, Conor Patrick notifications@github.com a écrit :

@gillesw https://github.com/gillesw awesome, what did you change?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/solokeys/solo/issues/209?email_source=notifications&email_token=ABG226YL5QPMINWYLARBMOLQAXWGLA5CNFSM4H3VTOCKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD2QTRUQ#issuecomment-513882322, or mute the thread https://github.com/notifications/unsubscribe-auth/ABG2265NOZ6D3VPF4AXSXU3QAXWGLANCNFSM4H3VTOCA .

[conorpp]

Can you report which version you're on now, and which you were on previously?

[gillesw]

Previously, don't know.

Currently : Build : ONEPLUS A6013_41_190625 Oxygen OS 9.0.15 Kernel 4.9.106-perf+

Chrome 75.0.3770.143 FIDO Example 1.7

[Tumeez]

USB-C and USB-A NFC doesn't work with Oneplus 3, Not even FIDO Example. When I put my Solokey to USB-C and try FIDO Example, it work, but not NFC.

Also when I open Chrome with https://u2f.hwsecurity.dev doesn't work. Not even USB-powered.

RR-O-v6.2.1-20190201-oneplus3-Unofficial-LuisROM Kernel 3.18.124-FrancoKernel Chrome: Newest FIDO Example 1.7

[Mincka]

One month for this issue and still no official announcement. Very disappointed by the lack of support. 😞 I am thinking about asking a refund and just buy a YubiKey 5 NFC.

[conorpp]

@Mincka sorry for delay, expect official announcement this week. In mean time, here is sign up page for customers unable to get Tap working with current phone after many attempts: https://solokeys.us19.list-manage.com/subscribe?u=cc0c298fb99cd136bdec8294b&id=153ce13dc1

Also, can you try updating to the latest firmware? Version 2.4.0 fixes the issues that @dschuermann found. Hopefully it was these issues causing Samsung issues and not power.

# if you haven't already
pip3 install solo-python

solo key update <--secure | --hacker> --yes

Also with this update, you should be able to register via NFC while the key is USB-powered.

[Tumeez]

My test was used newest 2.4.0 firmware.

[GTB3NW]

Hey, I have a OnePlus 6 and initially had issues but worked out what was going on in the end. The antenna on the solokey is not large and the field around the phone is quite small, so you have to place the solokey precisely into the field. So on the oneplus 6, that's behind the camera. When the prompt in android asks you to insert your key or other OTP options, you should be able to press NFC as an option, at which point just briefly tap where the camera is and it will be picked up.

The difference between NFC on payment terminals and a solokey is that the radio on a payment terminal is much larger. Perhaps that's something that can be improved upon in future versions of solokey NFC

[righettod]

Using the FIDO Example application, its work for Register and Authenticate flows using the NFC mode:

• SoloTap Secure USB-C+NFC with firmware 2.4.0
• Android 9.0 on Samsung Galaxy J7

[ioanrogers]

Upgraded firmware to 2.4.0, I can now register and authenticate over NFC on my Axon 7. Thanks!

[balert]

Using Oneplus 3 (Android 9) plus SoloKey USB-A NFC at firmware v2.4.2. I can register and auth via NFC while Solokey is USB powered. Without USB power neither registration nor auth work via NFC.

[Mincka]

I am unable to update anymore with the web version. The current firmware is not detected ("unknown") and the update itself does not do anything. So I need to wait a USB-C / USB-A adapter to attempt to upgrade on a computer.

Today, I discover that Google is now selling their Feitan keys in France and I also received a Yubikey 5 NFC. I wanted to be sure that the issue was not related to my phone. It works perfectly every time and without even touching the back of my phone in NFC (Galaxy A8).

If the Solo update does not fix the issue, I will apply for a replacement with a revised hardware version. Hopefully it will work better.