[Gnuk-users] Bricked FST-01 running tip-of-tree gnuk

Mike Tsao mike at sowbug.com
Wed Jan 10 07:09:19 UTC 2018 

My FST-01 is in a state where it can't be unblocked using gpg, nor can it
be reflashed using an SWD connection. Here is my story.

I ordered two FST-01 devices from SeeedStudio. They arrived today. I
inserted one into my Linux machine and updated the firmware to the latest
version using this guide:
https://raymii.org/s/tutorials/FST-01_firmware_upgrade_via_usb.html. The
most recent commit was this:

commit 4ff0b3c5f896750a14b6a5d1853ac9246ecc506e
Author: NIIBE Yutaka <gniibe at fsij.org>
Date:   Tue Jan 9 09:39:42 2018 +0900

    tests: Fix for card readers.

gpg2 --card-status seemed to work fine, and usb_strings.py reported version
1.2.7:

$ ./tool/usb_strings.py
    Vendor: Free Software Initiative of Japan
   Product: Gnuk Token
    Serial: FSIJ-1.2.7-87061942
  Revision: release/1.2.7-3-g4ff0b3c
    Config: FST_01:dfu=no:debug=no:pinpad=no:certdo=no:factory_reset=no
       Sys: 1.0

I then began configuring the device as a normal OpenPGP smart card. I set
the admin PIN, reset code, and user PIN. I then attempted a "keytocard"
operation with my existing RSA-4096 encryption key, but when I was prompted
for the admin PIN, it failed. I entered it again, being careful that it was
the same one that I had set minutes earlier. It didn't work. I eventually
locked myself out of the device:

$ gpg2 --card-status
Reader ...........: 234B:0000:FSIJ-1.2.7-87061942:0
Application ID ...: D276000124010200FFFE870619420000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 87061942
Name of cardholder: Mike Tsao
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : https://keybase.io/sowbug/key.asc
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa4096 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 0 3 0
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]

I concluded that I would have to reflash the device using stlinkv2.py -u,
but it gave an unexpected error:

$ sudo ./tool/stlinkv2.py -u
ST-Link/V2 version info: 2 29 7
Change ST-Link/V2 mode 0002 -> 0002
Core does not halt, try API V2 halt.
ValueError('Status of core is not halt.', 128)

I attempted to connect to the device using a Windows machine and the
official STM STLink utility. It didn't work. I then connected to the second
FST-01, which was still new. The Windows STLink utility recognized it.
usb_strings.py also recognizes it:

$ ./tool/usb_strings.py
    Vendor: Free Software Initiative of Japan
   Product: FSIJ USB Token
    Serial: FSIJ-1.0.1-50FF6E06
  Revision: release/1.0.1
    Config: FST_01:dfu=no:debug=no:pinpad=no:certdo=yes:keygen=yes
       Sys: 1.0

At this point I know the following:

- My ST-Link v2 programmer works.
- My jumper connections are correct.
- The second FST-01 is able to talk to the ST-Link programmer and utility.
- The first FST-01 is not able to connect to the ST-Link or be reflashed.
- I believe I fell victim to the issue where PINs cannot be set until the
FST-01 has at least one key loaded on it (I read about this after making
the mistake).
- I do not understand why the first FST-01 no longer responds to the
ST-Link SWD connection.
- I built the gnuk software with its defaults, so it doesn't have the
factory reset option.
- My FST-01 is now useless, because it is running gnuk with PIN retry
counter : 0 3 0

What can I do to unbrick this device?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20180110/2c30d091/attachment-0001.html>

More information about the gnuk-users mailing list