[Gnuk-users] Bricked FST-01 running tip-of-tree gnuk
Mike Tsao
mike at sowbug.com
Wed Jan 10 07:09:19 UTC 2018
My FST-01 is in a state where it can't be unblocked using gpg, nor can it
be reflashed using an SWD connection. Here is my story.
I ordered two FST-01 devices from SeeedStudio. They arrived today. I
inserted one into my Linux machine and updated the firmware to the latest
version using this guide:
https://raymii.org/s/tutorials/FST-01_firmware_upgrade_via_usb.html. The
most recent commit was this:
commit 4ff0b3c5f896750a14b6a5d1853ac9246ecc506e
Author: NIIBE Yutaka <gniibe at fsij.org>
Date: Tue Jan 9 09:39:42 2018 +0900
tests: Fix for card readers.
gpg2 --card-status seemed to work fine, and usb_strings.py reported version
1.2.7:
$ ./tool/usb_strings.py
Vendor: Free Software Initiative of Japan
Product: Gnuk Token
Serial: FSIJ-1.2.7-87061942
Revision: release/1.2.7-3-g4ff0b3c
Config: FST_01:dfu=no:debug=no:pinpad=no:certdo=no:factory_reset=no
Sys: 1.0
I then began configuring the device as a normal OpenPGP smart card. I set
the admin PIN, reset code, and user PIN. I then attempted a "keytocard"
operation with my existing RSA-4096 encryption key, but when I was prompted
for the admin PIN, it failed. I entered it again, being careful that it was
the same one that I had set minutes earlier. It didn't work. I eventually
locked myself out of the device:
$ gpg2 --card-status
Reader ...........: 234B:0000:FSIJ-1.2.7-87061942:0
Application ID ...: D276000124010200FFFE870619420000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 87061942
Name of cardholder: Mike Tsao
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : https://keybase.io/sowbug/key.asc
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa4096 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 0 3 0
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]
I concluded that I would have to reflash the device using stlinkv2.py -u,
but it gave an unexpected error:
$ sudo ./tool/stlinkv2.py -u
ST-Link/V2 version info: 2 29 7
Change ST-Link/V2 mode 0002 -> 0002
Core does not halt, try API V2 halt.
ValueError('Status of core is not halt.', 128)
I attempted to connect to the device using a Windows machine and the
official STM STLink utility. It didn't work. I then connected to the second
FST-01, which was still new. The Windows STLink utility recognized it.
usb_strings.py also recognizes it:
$ ./tool/usb_strings.py
Vendor: Free Software Initiative of Japan
Product: FSIJ USB Token
Serial: FSIJ-1.0.1-50FF6E06
Revision: release/1.0.1
Config: FST_01:dfu=no:debug=no:pinpad=no:certdo=yes:keygen=yes
Sys: 1.0
At this point I know the following:
- My ST-Link v2 programmer works.
- My jumper connections are correct.
- The second FST-01 is able to talk to the ST-Link programmer and utility.
- The first FST-01 is not able to connect to the ST-Link or be reflashed.
- I believe I fell victim to the issue where PINs cannot be set until the
FST-01 has at least one key loaded on it (I read about this after making
the mistake).
- I do not understand why the first FST-01 no longer responds to the
ST-Link SWD connection.
- I built the gnuk software with its defaults, so it doesn't have the
factory reset option.
- My FST-01 is now useless, because it is running gnuk with PIN retry
counter : 0 3 0
What can I do to unbrick this device?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20180110/2c30d091/attachment-0001.html>
More information about the gnuk-users
mailing list