solo1
solo1 copied to clipboard
solokeys
NFC compatibility with phones
Hi,
I finally received a solo USB A and a solo tab USB C
They both work when plugged in and pressing the key on my laptop. But now I want to test nfc on my Android phone but I can't seem to get it working.
Nfc works on the phone because I pay with nfc at shops.
How can I test nfc on my Android with for example GitHub or Gmail.
I also installed a nfc app that can read nfc chips. So when I scan my bank card it read the chip. But with to solo, nothing happens.
Any advise?
I have the same trouble : NFC doesn't work on solo tap USB-C OnePlus 6T A6013_41-190528 build (latest)
I get 6f00 (generic exception) with tap version on the u2f coffe test site with android. It also is “looping” so seems to sort of crash the connection repeatedly.
Not working on the OnePlus 5, although it works with YubiKeys and my Solo Tap passes the FIDO test suite with an external NFC reader.
Alright so at least im not the only one. So this must be something. Or maybe a combination with OnePlus
Similar problems here on my OnePlus 3. I am able to read the solo tap using the NXP taginfo app, but only without the sleeve on.
I've tried using the keys with https://u2f.bin.coffee, but I was unable to register it via NFC
I also thought that my Solo Tap's are broken, because no react with Oneplus 3. They already know that problem, because I contact them to directly.
tl:dr Solo Tap NFC doesn't work with my Oneplus 3
Same thing here, I contacted Solo on Twitter but no more answers...
Got response: { "errorCode": 1, "errorMessage": "Low level error 0x6f00" } on https://u2f.bin.coffee/
Not working on https://webauthn.io/ neither (with or without rubber protection).
Looks ok on NXP TagInfo.
Tested on Samsung Galaxy A8 (SM-A530F) with Android 9 / One UI 1.0 up-to-date. Same issue with multiple keys (Type-A or Type-C).
Also tested on Samsung A5 2016 after NFC read, same error. No NFC field activation at all on Honor 8 and Samsung Galaxy S9. Powered by a USB-C port from a laptop: same error in the JavaScript response on the mobile.
The key is said to be "up-to-date" on update.solokeys.com but I also tried to force reflash it. Tried multiple times, with multiple keys, everywhere on the back. 🙁
They work as expected when plugged to a USB port, but the NFC is not.
So until now there were only reports regarding "OnePlus" branded smartphones.
If this affects more manufacturers (or Solo Tap's), I guess there is a bigger issue,Hopefully they can fix it it the firmware.
Are there any smartphones where it is confirmed working? I have a Tap, but no other NFC-capable device (yet). But maybe I can get hands on some colleague's phones...
A colleague told me that he paired his Solo Tap USB-A, plugged on his laptop, to his Google account (nothing new at this stage).
Then, he told me that he managed to authenticate on Google, on his phone (A5 2017), using NFC (on the second try).
Still, he has the same error message (Low level error 0x6f00) on https://u2f.bin.coffee/.
Oh, some progress here... I was unable to test the same scenario since I cannot pair my Solo Tap USB-C on my laptop because I have no USB-C or adapter.
However, it made me think that I did not try to combine a U2F registering through USB and an authentication through NFC on https://u2f.bin.coffee/... And it worked, on the third try... 🎉
I tried again and it never works on the first time, but still, the sign in is working at some point. However, the registering over NFC never work. Hope it helps...
I guess it could be related to the maximum delay authorized for the operations on Android. Conor was taking about that during the campaign.
Tap is particularly challenging to make because it needs to operate passively. This means it must harvest the power solely from the NFC field. [...] To be able to efficiently harvest enough power, using this external NFC chip isn’t enough. There also needs to be an antenna. [...]
But even with a good antenna, there were still some issues. The design couldn’t harvest enough power to run at 100% speed, so I had to run it at about 50% speed. Consequently the register and authenticate would take longer to compute (about 1.0s, and 0.5s). These seems fine but Android NFC FIDO requests timeout after about 0.5s. So register wouldn’t work and authenticate worked sometimes.
I was stuck at this for a while. I kept running through these steps.
- Try to improvement antenna to get more power.
- Make code faster.
- Experiment with different settings on microcontroller.
Eventually I improved it enough and now it works quite well :D.
But only on the Galaxy A8? The A5, G9 and "Honor 8" (whatever this is) don't react at all, like described for the OnePlus's ?
I received my Solo Tap (+USB-C) and it works in Chrome with Pixel 2XL on https://u2f.hwsecurity.dev and https://webauthn.hwsecurity.dev .
We implemented workarounds for https://github.com/solokeys/solo/issues/214 and https://github.com/solokeys/solo/issues/213 and now it also works with our native SDK from https://hwsecurity.dev
Exactly same behaviour on u2f.hwsecurity.dev and webauthn.hwsecurity.dev: registration only possible with USB (however error code 1 or NotReadableError) and authentication works about 1 time over 3...
I could accept (tolerate) the need to plug for registration but the authentication rate failure is too high.
At least, the NFC field is activated for my phone, on others, there is no detection at all (these phones work perfectly fine for other NFC devices or badges).
@dschuermann : Do you confirm that you can register and authenticate via NFC without failure? Can you tell which phone(s) you are using?
I've just done some testing on Pixel, Nexus, Samsung S9, and LG phones. I haven't tried OnePlus.
It seems that a lot of LG phones simply don't support ISO 14443A, which is the NFC protocol used by Tap. The LG phone I used wasn't able to read the NDEF data even while Tap was USB powered. I suspect some OnePlus models have a similar problem.
For Samsung S9, it took me a while to get it to work with a U2F test site via NFC, around 60-120s before a registration succeeded. I couldn't figure out a consistent method for improving that. I think the RF coupling is too poor. I suspect this issue extends to most Samsung devices. NFC-Registering while USB powered I found a firmware bug, but fixing that, it works fine; but no improvement in passive operation. Will push bug fix soon.
Pixel and Nexus 6 devices worked fine. I think recent Motorola and Google devices give the best performance.
I believe most issues stem are stemming from poor RF coupling with some phone models. Using only authentication instead of registering should help since it takes less time and power. If I can find any potential firmware improvements, I'll work on them. In any event, we/@solokeys/team-solokeys are planning a new HW revision, and one of the improvements will be significantly reducing power and timing for passive operation.
Personally, I think we have opportunities to fix via firmware upgrade -- if not we'll certainly explore a hw rev. But I'm positive we can optimize the boot, or play with advanced uses of the AMS chip. It'll just require some time to test and explore options.
It's good to collect feedback about non-working devices.
I've just done some testing on Pixel, Nexus, Samsung S9, and LG phones. I haven't tried OnePlus.
It seems that a lot of LG phones simply don't support ISO 14443A, which is the NFC protocol used by Tap. The LG phone I used wasn't able to read the NDEF data even while Tap was USB powered. I suspect some OnePlus models have a similar problem.
For Samsung S9, it took me a while to get it to work with a U2F test site via NFC, around 60-120s before a registration succeeded. I couldn't figure out a consistent method for improving that. I think the RF coupling is too poor. I suspect this issue extends to most Samsung devices. NFC-Registering while USB powered I found a firmware bug, but fixing that, it works fine; but no improvement in passive operation. Will push bug fix soon.
Pixel and Nexus 6 devices worked fine. I think recent Motorola and Google devices give the best performance.
I believe most issues stem are stemming from poor RF coupling with some phone models. Using only authentication instead of registering should help since it takes less time and power. If I can find any potential firmware improvements, I'll work on them. In any event, we/@solokeys/team-solokeys are planning a new HW revision, and one of the improvements will be significantly reducing power and timing for passive operation.
i have registered the solo USB-C Tab via usb-c (laptop) on my github account, but still then authentication on the android via NFC (oneplus3t chrome) does not work.
when plugged in to a laptop for power and then trying NFC, it does read the key but auth fails.
seems indeed like a power issue. I hope you guys can fix it via firmware, otherwise NFC is completely useless in my situation
another thing i noticed that when plugging in the tab on my usb-c on my laptop, the led lights up. but when plugging in on my phone it does not. I plugged it into an LG phone and there it did light up and the USB settings popup from android showed as: Power supply (translated from dutch)
my oneplus3t asks me what to to when plugging in a usb-c cable connected to my laptop (charging only, or file transfer e.t.c.) but it does not ask me when plugging in the solokey in the phone. also there is no "power supply" option. so the oneplus does not power the key
so it also seems that the tab via usb-c does not work on the oneplus
So, some information how Android does FIDO: Chrome is using Google's proprietary FIDO implementation that is shipped in their Google Play Services. I think, we can do a lot better regarding UX and NFC/USB backend. That's why we implemented our own native FIDO stack on Android. Also, this allows us to support special use cases based on customer requirements (such as PDF signing).
Long story short, I just pushed an update to our FIDO Sample (now version 1.6) on Google Play (could take up to 4 hours until you get it): https://play.google.com/store/apps/details?id=de.cotech.hw.fido.example
You can try our implementation with your phone and report if it works better than Chrome. I would be interested in your results.
Also, for some devices, we show where the best NFC spot is located on the back of your device, this may help:
Nice but first we need an nfc fix, because right now nfc does not work on several Android devices
Also can more people confirm when plugged the usbc in a OnePlus, that it does not receive power?
@dschuermann: After about 100 NFC registering attempts on Galaxy S9: 3 times: "INS_NOT_SUPPORTED", 96 times: vibration but nothing, 1 time: successful registration (really unexpected, first time happening with NFC). Same results when powered from another phone with USB-C.
However, the authentication works better with your app than Chrome, I'd say authentication succeeds about 8 out of 10 attempts.
Side note regarding the app: the key has to be plugged BEFORE taping on buttons (register / authenticate). It does not work if the help message is displayed. It can be a bit confusing. I was expecting to be prompted to plug the key after taping the buttons, not before.
Is there a way to prevent the Android pop-up "Do you allow the app to access Solo 2.3.0?" each time we need to authenticate through USB?
@Mincka thanks for your testing, very interesting. I tested the SoloKey Tap successfully on Pixel 2 XL over NFC. I will do a more detailed testing with our different devices next week.
Is there a way to prevent the Android pop-up "Do you allow the app to access Solo 2.3.0?" each time we need to authenticate through USB?
Unfortunately, there is no good way to prevent that pop up. If you would use a single FIDO app, we could register this app on USB Intents using the Intent Filter. Then you could choose "always" and it will no longer ask for permissions later. But already if you use two FIDO apps, the other will need to ask for permission again using the pop up. So we decided against registering on Intent filters to not pollute this list with each FIDO app.
I notified the Solo team on Twitter on June 18th and still no official message about this specific issue. I bought 5 Solo Tap keys for my teammates and I. Nobody is able to use them with Chrome / Google and NFC, on different phone models. This is the most basic scenario that you expect to work smoothly. The comments on this thread and Twitter show that it's not an isolated issue.
We already waited a lot more than it was usually planned. I was expecting a final product properly tested on a few major phone models by the time. In the end, I would have prefer to wait even more than being sent a non-working product.
I am quite disappointed by the feedback at this stage: "we think that we can improve by flashing firmware" / "we may review the hardware". When? At which cost? Can we expect new hardware revision sent for free if it's not possible to make them work in standard scenarios, even after an hypothetical firmware update?
Don't have one but I'll be happy to test if you can provide a signed release.
Another problem phone: ZTE Axon 7 Cannot read Tap with NFC Tools normally, but can when using USB power.
When trying to register with the FIDO Example app and USB power, the Tap's led turns briefly orange but nothing happens on the phone.
