Yubikey

Mtgox

The unlock keys for the mtgox yubikey are leaked.

Using yubikey to lock/unlock mate-screensaver

/etc/yubico/call_yubico_cr

#!/usr/bin/env python
import sys
import os
import yubico # install python-yubico
import hmac
import hashlib

config = {
    "privkey" : "\xasd PRIVATE KEY \x00",
    "serial"  : 123456,
    "slot"    : 2
}

# Look for and initialize the YubiKey
YK = yubico.find_yubikey()
serial = YK.serial()
#print "Version : %s " % YK.version()
#print "Serial  : %i" % serial

# Do challenge-response
secret = os.urandom(32)
#print "Sending challenge : %s\n" % repr(secret)

response = YK.challenge_response(secret, slot=config['slot'])
hm = hmac.new(config["privkey"], secret, hashlib.sha1)

#print "Local calc:\n%s\n" % yubico.yubico_util.hexdump(hm.digest())
#print "Response :\n%s\n" % yubico.yubico_util.hexdump(response)

if serial != config["serial"]:
    print >>sys.stderr, "Invalid serial %s != %s" % (serial, config['serial'])
    sys.exit(2)
elif hm.digest() == response:
    sys.exit(0)
else:
    print >>sys.stderr, "Invalid response"
    sys.exit(1)

/etc/yubico/yubico-unlock.sh

#!/bin/sh
TEST=`dirname $0`/call_yubico_cr

execute() {
    export DISPLAY=:0
    su -c "bash -c '$*'" XXX___username___XXX
}

case "$ACTION" in
    add)
        if $TEST; then
            execute mate-screensaver-command --deactivate       
            execute mate-screensaver-command --poke
        else
            execute mate-screensaver-command --activate
        fi
        ;;
    remove)
    execute mate-screensaver-command --activate
    ;;
    *)
        $TEST && execute mate-screensaver-command --poke
        ;;
esac

/etc/udev/rules.d/70-yubikey.rules

ACTION=="add|remove", SUBSYSTEM=="usb", \
  ENV{ID_MODEL}=="Yubico_Yubikey_II", \
  RUN+="/etc/yubico/yubico-unlock.sh"