U2F - Not working

Today come my Flipper and I updated it to 0.62.1 via companion app on Ubuntu as per instruction.

I tried to set up it on Google, but it does not seem to work.

When I get prompt in browser:

  • I select U2F from menu
  • Connect USB to computer
  • Flipper change message from “Connect me to computer” to “Connected”
  • I try to click on buttons
  • In browser nothing changes and I get timeout error.

Tested both on Firefox and Chrome, on Google and Youbikey demo page.

Is software broken or do I do something wrongly?

Hm, are you using any adapters or hubs to connect the flipper. They are known to cause issues with USB stuff, so I’d recommend trying a direct connection to your laptop’s USB ports or your PC’s motherboard ports.

Also, can you try doing this on another computer and see if it works there?

I am not using adapters, but directly connecting to front USB3 port(s).

It seems to work on Windows 10, however YubiKey demo site does not provide any details on key.

Does Ubuntu need any additional setup similar to running qFlipper?

Hm, probably so, but I’m afraid you’ll have to figure it out yourself, as I can’t know the specifics of your installation

Well, I am using Ubuntu 18.04, so that may be a problem…

However I found one interesting thing. When connected, Youbikey by lsusb reports that it have:

  • HID Interface
  • Keyboard Interface
  • Chip/SmartCard Interface

While Flipper have only HID Interface. Shouldn’t it also have Chip/SmartCard Interface?

I’m running Ubuntu 22.04 LTS and can confirm this issue. The device show up in lsusb as “STMicroelectronics U2F Token”. I tried to test U2F using: https://u2f.bin.coffee/

This works in Windows 10 but not in Linux/Ubuntu. The Flipper shows that it is connected but does respond to the U2F request in Firefox.

The Flipper is running the RC 0.63.2 firmware.

Seems to be an issue with the newest firmware.
I am currently using cg2-c40e88 (“Unleashed”) and I can’t get U2F working.

https://u2f.bin.coffee/ creates a strange behavior: My flipper disconnects while testing it.

We do not provide support for firmware forks with illegal features here. Please contact your fork’s developer for further help.

This bug is not only present in custom firmware. I’m running the stock firmware and this issue has been present in every firmware version since I received my device.

1 Like

I can confirm this bug in my branch new, stock Flipper running 0.65.2. I’ve got other U2F tokens (Yubikey) that work fine, but the Flipper isn’t recognized for me. Like @R0nald, I am running Ubuntu and see a “STMicroelectronics U2F Token” with lsusb.

It is not a firmwarebug in Flipper, it is somewhere between Ubuntu, Firefox and udev.
The Flipper is not know by the udev. So everybody feel free to write a bug against https://github.com/snapcore/snapd/blob/master/interfaces/builtin/u2f_devices.go … to get the flipper U2F per default supported.

The manual way:

lupus@tori:~$ cat /etc/udev/rules.d/70-snap.flipper.rules 
# u2f-devices
# STMicroelectronics U2F Token
KERNEL=="hidraw*", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="5741", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", TAG+="snap_firefox_firefox"

Create this file, start ubuntu (or the PC) and replug your flipper → OK.
Maybe idVendor/idProduct needs to be adjusted. Take a look at:

lupus@tori:~$ lsusb |grep -i u2f
Bus 003 Device 007: ID 0483:5741 STMicroelectronics U2F Token

If this don’t work for you, take a look at snap connections firefox | grep u2f, should be something like u2f-devices firefox:u2f-devices -
Or ‘about:config’ in the taskbar → search for ‘webauthn’, there shout be *usb be ‘true’ …

Thanks for the pointer re udev rules; I’ve gone ahead and filed a bug on Launchpad, as well as proposing a change to add Flipper’s device and vendor ID to snapd: https://github.com/snapcore/snapd/pull/12134

1 Like

Now I know why it is called ‘BadUSB’. Very bad (aka limited) to write. Because it needs root, I have to add a 10 seconds delay and a ‘warning’. Else the Script will just go on. I know this is scammer/malware strategy, to create a hurry.
On the other side, if the sudo password isn’t entered, you’d just see the lines with a permission denied. Nothing bad happens.

My first BadUSB script is the Fix for U2F in Snaped firefox (ubuntu):
add_u2f-udevrule.txt (790 Bytes)

At first I’ve had some logic, like ‘search for device and take the $PID’ (aka VID="0483" && PID=$(lsusb -d $VID: | awk -F ' ' '{print $6}' | cut -c 6-)), but the " and ’ and \ and so on where too much. Write in a file (many echoes) and execute at the end. But is /temp executeable? Just write in . or better ~?
Even if it is a bad style, I would say the beauty in this solution is the simplicity.