Liberty BASIC Community Forum
« Yubikey validation »

Welcome Guest. Please Login or Register.
Mar 29th, 2017, 9:35pm


Rules|Home|Help|Search|Recent Posts|Notification


« Previous Topic | Next Topic »
Pages: 1  Notify Send Topic Print
 thread  Author  Topic: Yubikey validation  (Read 179 times)
Chris Iverson
Administrator
ImageImageImageImageImage


member is offline

Avatar

20% Cooler


Homepage PM

Gender: Male
Posts: 2251
xx Yubikey validation
« Thread started on: Mar 1st, 2016, 12:32pm »

So, I picked up a Yubikey on sale at Yubico.com, due to having a Github account. (Make a Github account, get 20% off of any Yubikey!)

Yubikey is a hardware authenticator and smartcard-like device.

Turns out, the default YubiCloud API used to validate keys is really easy to use, even from LB.

If you have a Yubikey, run this, plug the Yubikey in to your computer, and press the button on it.

Code:
clientID = 1 'Replace with your own client ID!
chars$ =  "0123456789abcdef"
modhex$ = "cbdefghijklnrtuv"
Input "Input OTP. (Press button on Yubikey.) >";otp$

For x = 1 to 40
    c$ = mid$(chars$, RandomNumber(1, 16), 1)
    nonce$ = nonce$ + c$
Next x

filename$ = GetTempFileName$()

URL$ = "https://api2.yubico.com/wsapi/2.0/verify?id=";clientID;"&otp=";otp$;"&nonce=";nonce$

Print DownloadToFile(URL$, filename$)

open filename$ for input as #file

while eof(#file) = 0
    line input #file, a$

    if left$(a$, 4) = "otp=" then
        receivedOTP$ = right$(a$, len(a$) - 4)
        if receivedOTP$ = otp$ then OTPMatched = 1
    end if

    if left$(a$, 6) = "nonce=" then
        receivedNonce$ = right$(a$, len(a$) - 6)
        if receivedNonce$ = nonce$ then NonceMatched = 1
    end if

    if left$(a$, 7) = "status=" then
        status$ = right$(a$, len(a$) - 7)
    end if
wend

close #file
kill filename$

modSerial$ = left$(otp$, 12)
serial = hexdec(ModhexToHex$(modSerial$))
Print "Yubikey Serial: ";serial;"(";modSerial$;")"
print "Status: ";status$

If OTPMatched AND NonceMatched AND status$ = "OK" then
    Print "Validated OTP"
Else
    Print "Failed to validate"
End If

end

Function DownloadToFile(URL$, file$)
    Open "URLmon" for DLL as #urlmon

    CallDLL #urlmon, "URLDownloadToFileA",_
    0 as ulong,_
    URL$ as ptr,_
    file$ as ptr,_
    0 as long,_
    0 as ulong,_
    DownloadToFile as ulong

    close #urlmon
End Function

Function ModhexToHex$(val$)
    chars$ =  "0123456789abcdef"
    modhex$ = "cbdefghijklnrtuv"

    For x = 1 to len(val$)
        ModhexToHex$ = ModhexToHex$ + mid$(chars$, instr(modhex$, mid$(val$, x, 1)), 1)
    Next x
End Function

Function RandomNumber(min, max)
    RandomNumber = int( rnd(1) * max) + min
End Function

Function GetTempPath$()
    CallDLL #kernel32, "GetTempPathA",_
    0 as long,_
    _NULL as long,_
    length as long

    buf$ = space$(length)

    CallDLL #kernel32, "GetTempPathA",_
    length as long,_
    buf$ as ptr,_
    ret as long

    GetTempPath$ = buf$
End Function

Function GetTempFileName$()
    TempPath$=GetTempPath$()
    prefix$="ybi"       'up to 3 characters for desired prefix
    TempFile$ = space$(256)+chr$(0)

    calldll #kernel32, "GetTempFileNameA",_
    TempPath$ as ptr,_  'directory for temp file
    prefix$ as ptr,_    'desired prefix for temp filename
    0 as ulong,_        '0=file created,nonzero=you must create file
    TempFile$ as ptr,_  'string buffer to hold qualified path and filename
    result as ulong     'nonzero=success

    GetTempFileName$ = TempFile$
End Function 



This can also be used as a form of copy protection; the first 12 characters of the OTP entered is the Yubikey's serial number. You can compile your program to reject anything other than a specified serial, and then validate the OTP from the serial to make sure it's actually inserted.


When the program is run successfully with a Yubikey, you'll get output like this:

Input OTP. (Press button on Yubikey.) >ccccccfggndvtjrckctjdrbjudhberfjcnejhitkrcub
0
Yubikey Serial: 4545327(ccccccfggndv)
Status: OK
Validated OTP



EDIT: If you're going to be using this in your own code, you should obtain your own YubiCloud API key(free for any Yubikey owner, takes a couple minutes to obtain), and use that instead of the one in the demo here.
« Last Edit: Mar 2nd, 2016, 09:58am by Chris Iverson » User IP Logged

"Do you believe in destiny?" - Pyrrha Nikos, RWBY
"With what wish will your Soul Gem shine?" - Kyubey, Puella Magi Madoka Magica
Brandon Parker
Moderator
ImageImageImageImageImage


member is offline

Avatar




PM

Gender: Male
Posts: 1067
xx Re: Yubikey validation
« Reply #1 on: Mar 2nd, 2016, 09:40am »

Chris,
Thanks for the information! I might try this out myself. Which YubiKey did you purchase?

{:0)

Brandon
User IP Logged

Windows 7 Home Premium 64-bit Intel(R) Quad Core(TM) i5 CPU M 430 @ 2.27GHz 4GB DDR3 RAM
Chris Iverson
Administrator
ImageImageImageImageImage


member is offline

Avatar

20% Cooler


Homepage PM

Gender: Male
Posts: 2251
xx Re: Yubikey validation
« Reply #2 on: Mar 2nd, 2016, 09:57am »

I picked up a Yubikey NEO, for the NFC element, but this should work with any Yubikey that supports Yubikey OTP, which is all of them except for the FIDO U2F security key, which supports U2F validation only.
User IP Logged

"Do you believe in destiny?" - Pyrrha Nikos, RWBY
"With what wish will your Soul Gem shine?" - Kyubey, Puella Magi Madoka Magica
Pages: 1  Notify Send Topic Print
« Previous Topic | Next Topic »

Rules|Home|Help|Search|Recent Posts|Notification

Donate $6.99 for 50,000 Ad-Free Pageviews!

| |

This forum powered for FREE by Conforums ©
Sign up for your own Free Message Board today!
Terms of Service | Privacy Policy | Conforums Support | Parental Controls