Cannot make unencrypted partition READ/WRITE

kuba · November 30, 2018, 9:22am

Hello,
I’m trying to make the unencrypted partition read/write (to make it bootable linux with CA capabilities) and it doesn’t allow me to saying “Wrong PIN”. I’m quite sure the PIN is correct as I use it for unlocking and locking the encypted volume.
Can you help please?
thanks, Kuba

kuba · November 30, 2018, 9:26am

Stick: Nitrokey storage 16GB
OS: Ubuntu 18.04
App version: 1.2.1
Firmware version: 0.53

nitroalex · November 30, 2018, 1:54pm

Hi,

the PIN you need to set read-write or read-only is the Admin PIN which is supposed to be different than the one used for unlocking the encrypted volume (=User PIN). So you probably used the wrong PIN, I guess?

Kind regards
Alex

kuba · December 3, 2018, 10:15am

Hello Alex,
the application asks for User PIN. I’ve tried admin pin and it doesn’t work either.
What is weird, that although application says “Wrong PIN”, the retry counter on the PIN doesn’t change.
Attaching logs from nitrokey-app:

Clicked on Unlock

[Mon Dec  3 12:12:38 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:38 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Contents:
Command ID:	GET_DEVICE_STATUS
CRC:	849bc4ef
Payload:
Empty Payload.
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	=> GET_DEVICE_STATUS
...
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	<= GET_DEVICE_STATUS 0 1
[Mon Dec  3 12:12:38 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_DEVICE_STATUS hex: 2e
Last command CRC:	849bc4ef
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	6dee3393
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	18
 pod.storage_status.command_id: 	2e
 pod.storage_status.device_status: 	01
 pod.storage_status.progress_bar_value: 	00
Payload:
 transmission_data.dissect():	_padding:
0000	00 00 00 00 00 00 00 00 00 00 00 00 00 18 2e 01   ................
0010	00 00 -- -- -- -- -- -- -- -- -- -- -- -- -- --   ..
 (int) SendCounter_u8:	0
 (int) SendDataType_u8:	3
 (int) FollowBytesFlag_u8:	0
 (int) SendSize_u8:	28

 MagicNumber_StickConfig_u16:	13080
 (int) ReadWriteFlagUncryptedVolume_u8:	1
 (int) ReadWriteFlagCryptedVolume_u8:	0
 (int) ReadWriteFlagHiddenVolume_u8:	0
 (int) VersionInfo_au8[1]:	53
 (int) VersionInfo_au8[3]:	0
 (int) FirmwareLocked_u8:	0
 (int) NewSDCardFound_u8:	1
 (int) NewSDCardFound_st.NewCard:	1
 (int) NewSDCardFound_st.Counter:	0
 (int) SDFillWithRandomChars_u8:	1
 ActiveSD_CardID_u32:	611953187
 (int) VolumeActiceFlag_u8:	1
 (int) VolumeActiceFlag_st.unencrypted:	1
 (int) VolumeActiceFlag_st.encrypted:	0
 (int) VolumeActiceFlag_st.hidden:	0
 (int) NewSmartCardFound_u8:	0
 (int) UserPwRetryCount:	3
 (int) AdminPwRetryCount:	3
 ActiveSmartCardID_u32:	327680
 (int) StickKeysNotInitiated:	0

[Mon Dec  3 12:12:38 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:38 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Contents:
Command ID:	GET_PASSWORD_RETRY_COUNT
CRC:	bc3ac292
Payload:
Empty Payload.
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	=> GET_PASSWORD_RETRY_COUNT
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	<= GET_PASSWORD_RETRY_COUNT 0 0
[Mon Dec  3 12:12:38 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_PASSWORD_RETRY_COUNT hex: 9
Last command CRC:	bc3ac292
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	4c192358
Payload:
 password_retry_count	3

[Mon Dec  3 12:12:38 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:38 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Contents:
Command ID:	GET_DEVICE_STATUS
CRC:	849bc4ef
Payload:
Empty Payload.
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	=> GET_DEVICE_STATUS
..
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	<= GET_DEVICE_STATUS 0 1
[Mon Dec  3 12:12:38 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_DEVICE_STATUS hex: 2e
Last command CRC:	849bc4ef
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	3b793376
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	19
 pod.storage_status.command_id: 	2e
 pod.storage_status.device_status: 	01
 pod.storage_status.progress_bar_value: 	00
Payload:
 transmission_data.dissect():	_padding:
0000	00 00 00 00 00 00 00 00 00 00 00 00 00 19 2e 01   ................
0010	00 00 -- -- -- -- -- -- -- -- -- -- -- -- -- --   ..
 (int) SendCounter_u8:	0
 (int) SendDataType_u8:	3
 (int) FollowBytesFlag_u8:	0
 (int) SendSize_u8:	28

 MagicNumber_StickConfig_u16:	13080
 (int) ReadWriteFlagUncryptedVolume_u8:	1
 (int) ReadWriteFlagCryptedVolume_u8:	0
 (int) ReadWriteFlagHiddenVolume_u8:	0
 (int) VersionInfo_au8[1]:	53
 (int) VersionInfo_au8[3]:	0
 (int) FirmwareLocked_u8:	0
 (int) NewSDCardFound_u8:	1
 (int) NewSDCardFound_st.NewCard:	1
 (int) NewSDCardFound_st.Counter:	0
 (int) SDFillWithRandomChars_u8:	1
 ActiveSD_CardID_u32:	611953187
 (int) VolumeActiceFlag_u8:	1
 (int) VolumeActiceFlag_st.unencrypted:	1
 (int) VolumeActiceFlag_st.encrypted:	0
 (int) VolumeActiceFlag_st.hidden:	0
 (int) NewSmartCardFound_u8:	0
 (int) UserPwRetryCount:	3
 (int) AdminPwRetryCount:	3
 ActiveSmartCardID_u32:	327680
 (int) StickKeysNotInitiated:	0

[Mon Dec  3 12:12:38 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:38 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Contents:
Command ID:	GET_USER_PASSWORD_RETRY_COUNT
CRC:	5e595f6e
Payload:
Empty Payload.
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	=> GET_USER_PASSWORD_RETRY_COUNT
[Mon Dec  3 12:12:38 2018][DEBUG_L1]	<= GET_USER_PASSWORD_RETRY_COUNT 0 0
[Mon Dec  3 12:12:38 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:38 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_USER_PASSWORD_RETRY_COUNT hex: f
Last command CRC:	5e595f6e
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	db86a895
Payload:
 password_retry_count	3

I get asked for User PIN here, no matter if I enter user or admin pin, the following happens:

[Mon Dec  3 12:12:45 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:45 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:45 2018][DEBUG]	Contents:
Command ID:	ENABLE_READWRITE_UNCRYPTED_LUN
CRC:	90facdfe
Payload:
 kind:	P
 password:	***********

[Mon Dec  3 12:12:45 2018][DEBUG_L1]	=> ENABLE_READWRITE_UNCRYPTED_LUN
.
[Mon Dec  3 12:12:45 2018][DEBUG_L1]	<= ENABLE_READWRITE_UNCRYPTED_LUN 0 3
[Mon Dec  3 12:12:45 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:45 2018][DEBUG]	Device status:	0 OK
Command ID:	ENABLE_READWRITE_UNCRYPTED_LUN hex: 2a
Last command CRC:	90facdfe
Last command status:	4 STICK10::COMMAND_STATUS::WRONG_PASSWORD
CRC:	25f8adf7
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	1a
 pod.storage_status.command_id: 	2a
 pod.storage_status.device_status: 	03
 pod.storage_status.progress_bar_value: 	00
Payload:
Empty Payload.
[Mon Dec  3 12:12:45 2018][DEBUG_L1]	Throw: CommandFailedException
[Mon Dec  3 12:12:45 2018][DEBUG]	CommandFailedException, status: 4
[Mon Dec  3 12:12:49 2018][DEBUG]	-------------------
[Mon Dec  3 12:12:49 2018][DEBUG]	Outgoing HID packet:
[Mon Dec  3 12:12:49 2018][DEBUG]	Contents:
Command ID:	GET_STATUS
CRC:	ef6eb7df
Payload:
Empty Payload.
[Mon Dec  3 12:12:49 2018][DEBUG_L1]	=> GET_STATUS
[Mon Dec  3 12:12:50 2018][DEBUG_L1]	<= GET_STATUS 0 0
[Mon Dec  3 12:12:50 2018][DEBUG]	Incoming HID packet:
[Mon Dec  3 12:12:50 2018][DEBUG]	Device status:	0 OK
Command ID:	GET_STATUS hex: 0
Last command CRC:	ef6eb7df
Last command status:	0 STICK10::COMMAND_STATUS::OK
CRC:	6e2098ad
Storage stick status (where applicable):
 pod.storage_status.command_counter: 	00
 pod.storage_status.command_id: 	00
 pod.storage_status.device_status: 	00
 pod.storage_status.progress_bar_value: 	00
Payload:
firmware_version:	[1]	01 00 -- -- -- -- -- -- -- -- -- -- -- -- -- --   ..
card_serial_u32:	0
card_serial:	00 00 00 00 -- -- -- -- -- -- -- -- -- -- -- --   ....
general_config:	ff ff ff ff ff -- -- -- -- -- -- -- -- -- -- --   .....
numlock:	ff
capslock:	ff
scrolllock:	ff
enable_user_password:	1
delete_user_password:	1

thanks,
Kuba

Herve5 · December 3, 2018, 6:51pm

Kuba,
could you try on another machine?
I remember having that issue, which was due to a wrong version of the app…
(actually, at this very moment, my main Linux machine just doesn’t work anymore, I deal with it from other machines…)

kuba · December 3, 2018, 7:39pm

Hello,

I couldn’t try it on another machine, but your note on wrong version of the app hinted me to try the latest dev version and it’s working perfectly.

Do you know why there is no support for Ubuntu 18.04 binary? It seems to work perfectly for me, the only thing I had to do besides the standard build instructions was to install qtttools5-dev as per https://stackoverflow.com/questions/51698075/cmake-cannot-find-qt5linguisttools-in-docker-ubuntu-18-04

anyway thank you very much for your hint,
Kuba

jaltfeld · March 23, 2019, 10:40pm

I can reproduce exactly the same behaviour with Nitrokey App 1.2.1 on Ubuntu 18.04 (the Nitrokey App is the default package of Ubuntu 18.04):

User PIN does not work to set the unencrypted partition RW
Error message is “wrong PIN” (even though the user PIN is asked for was entered correctly)
The fail counter for wrong PINs does NOT count down.

The build instructions for the most recent dev version of the Nitrokey App can be found here:

Dear Nitrokey devs, could you please publish an updated Nitrokey App for Ubuntu 18.04 in certain intervals?
Not every user is able (or willing) to build the App.

THX

Herve5 · March 24, 2019, 9:17am

Jaltfeld, the solution for me at the time has been to use the PREVIOUS version of the app (checking carefully that the last one didn’t run anymore, e. g. killing anything nitro on a terminal first)
But I agree it’d be cool if NK could update the repos a bit more frequently…