Yubikey
Mtgox
The unlock keys for the mtgox yubikey are leaked.
Using yubikey to lock/unlock mate-screensaver
/etc/yubico/call_yubico_cr
#!/usr/bin/env python
import sys
import os
import yubico # install python-yubico
import hmac
import hashlib
config = {
"privkey" : "\xasd PRIVATE KEY \x00",
"serial" : 123456,
"slot" : 2
}
# Look for and initialize the YubiKey
YK = yubico.find_yubikey()
serial = YK.serial()
#print "Version : %s " % YK.version()
#print "Serial : %i" % serial
# Do challenge-response
secret = os.urandom(32)
#print "Sending challenge : %s\n" % repr(secret)
response = YK.challenge_response(secret, slot=config['slot'])
hm = hmac.new(config["privkey"], secret, hashlib.sha1)
#print "Local calc:\n%s\n" % yubico.yubico_util.hexdump(hm.digest())
#print "Response :\n%s\n" % yubico.yubico_util.hexdump(response)
if serial != config["serial"]:
print >>sys.stderr, "Invalid serial %s != %s" % (serial, config['serial'])
sys.exit(2)
elif hm.digest() == response:
sys.exit(0)
else:
print >>sys.stderr, "Invalid response"
sys.exit(1)
/etc/yubico/yubico-unlock.sh
#!/bin/sh
TEST=`dirname $0`/call_yubico_cr
execute() {
export DISPLAY=:0
su -c "bash -c '$*'" XXX___username___XXX
}
case "$ACTION" in
add)
if $TEST; then
execute mate-screensaver-command --deactivate
execute mate-screensaver-command --poke
else
execute mate-screensaver-command --activate
fi
;;
remove)
execute mate-screensaver-command --activate
;;
*)
$TEST && execute mate-screensaver-command --poke
;;
esac
/etc/udev/rules.d/70-yubikey.rules
ACTION=="add|remove", SUBSYSTEM=="usb", \
ENV{ID_MODEL}=="Yubico_Yubikey_II", \
RUN+="/etc/yubico/yubico-unlock.sh"