Hey there, just one question: what exactly is U2F? What does that abbreviation mean and what is the purpose of that?
Hot! Is there some documentation how to use it with a Flipper Zero?
Not at the moment, but itâs really straightforward. Just connect your flipper via usb and open the app, navigate to any website that supports U2F, and from there you can add the flipper as you would any other hardware U2F token. Hereâs a demo website
Looks great, the first step is also working (some of the time, if Flipper does not decide to break the connection within 3 seconds) but once I get through the first 2 pages (Device not verified, Unknown device ???) I end up at the Playground and then I canât use it to sign in anymore. (This security key can not be used, please try a different one ???)
Yes, this is the right behavior.
- Open the demo.yubico.com website
Part 1/2: Registration â click button [Next] - If your browser is supporting WebAuthn youâll maybe need to confirm some dialogs (Firefox at Linux does have some questions âthe site is asking for extended information about your security keyâ and âthis site wants to create a account with your key. authorize or cancel herâ).
- Now go to your flipper, choose âU2Fâ. Maybe the app complains âalready connected, please disconnect firstâ. This happens when the Flipper is connected with qFlipper, for example.
- The site is waiting for confirmation. On the Flipper display youâll see â(o) OKâ. With a click at the middle button you are confirming you are physically available.
âRegistration completed!â If you come to this point with a youbikey, some information will be provided. But the Flipper is not giving this extended information, right now. âDevice not verified, Unknown deviceâ is fine at this point.
Click on the button [Authenticate].
- Part 2/2: Authentication
Click on the button [Next] - Again on the Flipper display âOKâ will appear, again with a click on the middle button youâll confirm you are physically present.
- With the dropdown âShow technical detailsâ youâll even able to see what the server and the Flipper are talking about.
In my experience, most errors are based on
a. timing. Not fast enough â Timeout
b. Forget to press the button. â Error/Timeout/whatever
The âPlaygroundâ isnât a part of the test. You need a Yubikey account to play around with the other kids. But this is a story for another time.
Turns out that a reset of the Flipper is needed to make the app work more reliable.
Thanks to Spildit: Idea - Implement U2F here? - #8 by Spildit
But even after the reset itâs still not reliable enough, after a minute or so it asks me to connect it to a computer while it is still connected? While this is fine for hobby / educational purposes, I can not recommend the use if Flipper to secure any personal or professional accounts. But I might be able to use it as a backup for my YubiKey.
For me, even after
sudo ./qFlipper-x86_64-1.1.3.AppImage rules install
/dev/hidraw3 device appeared as âroot:root crw-------â device file, effectively blocking non-root user from using it. The entire trick worked fine after I altered the permissions manually (chmod a+rwx /dev/hidraw3 - do not do it in production, please)
Looks like udev rules need more love and care, at least for antique Ubuntu 18.04 that I have
Iâm not completely sure, but I donât think youâll need /dev/hidraw[n] to use U2F.
I have no such antique OS around me (no production environment for 3 days ), but I can check later how the flipper will be listened in U2F mode.
I do think youâll need to start U2F first, than plug USB in. This could be an issue.
This evening Iâve got some time to play around.
The Flipper is not know by the udev. So everybody feel free to write a bug against https://github.com/snapcore/snapd/blob/master/interfaces/builtin/u2f_devices.go ⊠to get the flipper U2F per default supported.
The manual way:
lupus@tori:~$ cat /etc/udev/rules.d/70-snap.flipper.rules
# u2f-devices
# STMicroelectronics U2F Token
KERNEL=="hidraw*", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5741", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", TAG+="snap_firefox_firefox"
Create this file, start ubuntu (or the PC) and replug your flipper â OK.
Maybe idVendor/idProduct needs to be adjusted. Take a look at:
lupus@tori:~$ lsusb |grep -i u2f
Bus 003 Device 007: ID 0483:5741 STMicroelectronics U2F Token
If this donât work for you, take a look at snap connections firefox | grep u2f
, should be something like u2f-devices firefox:u2f-devices -
Or âabout:configâ in the taskbar â search for âwebauthnâ, there shout be *usb be âtrueâ âŠ
Universal 2nd Factor is an open standard that strengthens and simplifies two-factor authentication using specialized Universal Serial Bus or near-field communication devices based on similar security counter technology found in smart cards U2F keys allow users to quickly and securely access any website or online service. To authenticate, the user simply inserts the U2F key into a USB port and then confirms their identity by pressing a button on the key . On smartphones or tablets, the key needs to be placed close to the NFC antennaU2F security keys can be used as an additional method of two-step verification on online services that support the U2F protocol, including