Is my nitrokey a brick now?

ololon111 · May 20, 2019, 8:43pm

Hello, my organization have recently bought some nitrokey devices (nitrokey 2 pro ones). I started to experement with it and decided to reset it with a hex command like described in the FAQ. So I applied this file to the gpg agent [1]. Now my gpg smartcard does not work.

gpg --card-status returns

gpg: selecting openpgp failed: No such device
gpg: OpenPGP card not available: No such device

[1] - https://www.nitrokey.com/sites/default/files/nitrokey-reset.txt

dmesg still detects it like:[ 1116.008178] usb 2-1.5: USB disconnect, device number 5
[ 1151.251659] usb 2-1.5: new full-speed USB device number 6 using ehci-pci
[ 1151.331386] usb 2-1.5: New USB device found, idVendor=20a0, idProduct=4108, bcdDevice= 1.01
[ 1151.331391] usb 2-1.5: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1151.331395] usb 2-1.5: Product: Nitrokey Pro
[ 1151.331399] usb 2-1.5: Manufacturer: Nitrokey

nitrokey-app reset says “wrong admin pin” though (I tried the default one after a hex file application).

scdaemon reports:

scdaemon[18665] DBG: chan_7 → ERR 100696144 No such device

gpg version I use is 2.2.15 (Linux)

Any thougs?

nitroalex · May 21, 2019, 7:05am

Did you try restart all relevant services like scdaemon etc. (or just reboot) and unplug and plugging in the device again? Do you have conflicting applications like OpenSC installed as well? If so please try to remove it for now, as the very same message can appear because of blocking by another application.

In general, the device should be fine. You may start the Nitrokey App. Does the App recognize the device correctly?

ololon111 · May 21, 2019, 1:39pm

hello!

pcscd daemon stopped so this is not the case I use this.
yes, nitrokey can be recognized in the nitrokey app (I am running this as nitrokey-app --admin)
but when I try to change admin/user my current pins reported as invalid ones. (I tried both, pins I remember to set and default ones).

ololon111 · May 21, 2019, 1:57pm

lsusb -vvv with nitrokey

Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               1.10
  bDeviceClass            0 
  bDeviceSubClass         0 
  bDeviceProtocol         0 
  bMaxPacketSize0        64
  idVendor           0x20a0 Clay Logic
  idProduct          0x4108 
  bcdDevice            1.01
  iManufacturer           1 Nitrokey
  iProduct                2 Nitrokey Pro
  iSerial                 3 000000000000000001000000
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength       0x0076
    bNumInterfaces          2
    bConfigurationValue     1
    iConfiguration          0 
    bmAttributes         0x80
      (Bus Powered)
    MaxPower              100mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           1
      bInterfaceClass         3 Human Interface Device
      bInterfaceSubClass      0 
      bInterfaceProtocol      0 
      iInterface              0 
        HID Device Descriptor:
          bLength                 9
          bDescriptorType        33
          bcdHID               1.10
          bCountryCode            0 Not supported
          bNumDescriptors         1
          bDescriptorType        34 Report
          wDescriptorLength      42
          Report Descriptor: (length is 42)
            Item(Global): Usage Page, data= [ 0x00 0xff ] 65280
                            (null)
            Item(Local ): Usage, data= [ 0x01 ] 1
                            (null)
            Item(Main  ): Collection, data= [ 0x01 ] 1
                            Application
            Item(Local ): Usage, data= [ 0x01 ] 1
                            (null)
            Item(Global): Logical Minimum, data= [ 0x00 ] 0
            Item(Global): Logical Maximum, data= [ 0xff 0x00 ] 255
            Item(Global): Report Size, data= [ 0x08 ] 8
            Item(Global): Report Count, data= [ 0x40 ] 64
            Item(Main  ): Input, data= [ 0x02 ] 2
                            Data Variable Absolute No_Wrap Linear
                            Preferred_State No_Null_Position Non_Volatile Bitfield
            Item(Local ): Usage, data= [ 0x02 ] 2
                            (null)
            Item(Global): Logical Minimum, data= [ 0x00 ] 0
            Item(Global): Logical Maximum, data= [ 0xff 0x00 ] 255
            Item(Global): Report Size, data= [ 0x08 ] 8
            Item(Global): Report Count, data= [ 0x40 ] 64
            Item(Main  ): Output, data= [ 0x02 ] 2
                            Data Variable Absolute No_Wrap Linear
                            Preferred_State No_Null_Position Non_Volatile Bitfield
            Item(Local ): Usage, data= [ 0x02 ] 2
                            (null)
            Item(Global): Report Size, data= [ 0x08 ] 8
            Item(Global): Report Count, data= [ 0x40 ] 64
            Item(Main  ): Feature, data= [ 0x02 ] 2
                            Data Variable Absolute No_Wrap Linear
                            Preferred_State No_Null_Position Non_Volatile Bitfield
            Item(Main  ): End Collection, data=none
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x84  EP 4 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0008  1x 8 bytes
        bInterval              10
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        1
      bAlternateSetting       0
      bNumEndpoints           3
      bInterfaceClass        11 Chip/SmartCard
      bInterfaceSubClass      0 
      bInterfaceProtocol      0 
      iInterface              0 
      ChipCard Interface Descriptor:
        bLength                54
        bDescriptorType        33
        bcdCCID              1.10  (Warning: Only accurate for version 1.0)
        nMaxSlotIndex           0
        bVoltageSupport         2  3.0V 
        dwProtocols             2  T=1
        dwDefaultClock       3600
        dwMaxiumumClock      3600
        bNumClockSupported      0
        dwDataRate           9677 bps
        dwMaxDataRate      116129 bps
        bNumDataRatesSupp.      0
        dwMaxIFSD             254
        dwSyncProtocols  00000000 
        dwMechanical     00000000 
        dwFeatures       000104BA
          Auto configuration based on ATR
          Auto voltage selection
          Auto clock change
          Auto baud rate change
          Auto PPS made by CCID
          Auto IFSD exchange
          TPDU level exchange
        dwMaxCCIDMsgLen       271
        bClassGetResponse      00
        bClassEnvelope         00
        wlcdLayout           none
        bPINSupport             0 
        bMaxCCIDBusySlots       1
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval              24
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x02  EP 2 OUT
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x82  EP 2 IN
        bmAttributes            2
          Transfer Type            Bulk
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0040  1x 64 bytes
        bInterval               0
can't get debug descriptor: Resource temporarily unavailable
Device Status:     0x0000
  (Bus Powered)```

ololon111 · May 21, 2019, 4:36pm

ok, we disasambled this by now and figured out that was stm32 chip death (at least part of it)

szszszsz · May 29, 2019, 7:50am

Hi!

Could you describe, how have you found the cause?

I am not convinced the cause here is STM32 chip being broken, as long as it registers in the system (confirmed by the lsusb). I suspect either some misconfiguration on the hosting PC (however device was used successfully there before), or smart card issue.

If you would like to further pursue this issue, could you answer please:

Are other devices working for you on the same PC?
What Linux distribution do you use?
Is red LED flashing constantly after device insertion? (it should not, unless there is a smart card communication issue)
Could you check in the Nitrokey App, what is the firmware version of the affected device? (please see About window)
Could you repeat the tests using gpg2, instead of gpg ? The latter is sometimes added for compatibility reasons, and it might be old GnuPG, which has no access to the device.