Hello,
We are testing our FIDO USB device on various operating systems right now and we are faced with a unique challenge.
On Windows we tested on Chrome and Microsoft Edge and our authenticator works absolutely fine but on macOS/Ubuntu 20.04/iOS/Android we are facing the challenge of a Ghost UserPresence. By that I mean even before I press the button the browser believes that the button is pressed and goes ahead to register my device.
On doing some deeper analysis we see that soon after the Select AID command the browser sends the getInfo command and even if we are responding back with the fact that we do support FIDO 2 it sends a CTAP1 command (starting with a 00)
Here are the logs of the command exchange.
<<00 A4 04 00 09 A0 00 00 06 47 2F 00 01 00 00
>>55 32 46 5F 56 32 90 00
<<80 10 00 00 01 04
>>00 A4 01 82 66 55 32 46 5F 56 32 68 46 49 44 4F 5F 32 5F 30 03 50 41 5B 2E 96 00 F5 4A 81 AE 9A B1 41 BA A4 C1 B3 04 A3 62 72 6B F4 62 75 70 F5 64 70 6C 61 74 F4 05 19 00 F7 90 00
<<80 10 00 00 01 04
>>00 A4 01 82 66 55 32 46 5F 56 32 68 46 49 44 4F 5F 32 5F 30 03 50 41 5B 2E 96 00 F5 4A 81 AE 9A B1 41 BA A4 C1 B3 04 A3 62 72 6B F4 62 75 70 F5 64 70 6C 61 74 F4 05 19 00 F7 90 00
<<00 01 03 00 00 00 40 18 CE E2 3E 35 AD 4C AF E8 D8 67 7F 42 08 77 79 7A EE 28 76 BB 59 82 75 86 F2 11 C3 2B C0 8D BC 74 A6 EA 92 13 C9 9C 2F 74 B2 24 92 B3 20 CF 40 26 2A 94 C1 A9 50 A0 39 7F 29 25 0B 60 84 1E F0
>>05 04 49 62 4B 65 08 AE 7A EE 9F 4F 1F 50 BF 2E 0E C1 2B A2 F4 EE F0 9F 46 E3 23 DB 8D 51 66 2D 18 88 28 97 7A 7E 7C 1C 6B 31 6C 5E 30 9F 2B FC F5 0F 75 6B AD DC 53 8C 87 64 8E 55 91 A2 6A FC 52 A5 40 0C 5C 5F 0F 61 B0 6D B1 40 37 50 70 B9 FA 50 4A 59 3F 01 59 6D BC 96 BC 82 90 03 2D 20 28 5B 65 52 B0 CA E4 8F 08 10 E2 9C 0C FE C6 3D 39 40 65 48 73 88 A3 B4 1F 61 15 E0 A8 DB 1C 5B F2 01 9D 30 82 01 FE 30 82 01 A3 A0 03 02 01 02 02 01 01 30 0A 06 08 2A 86 48 CE 3D 04 03 02 30 4A 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 0B 30 09 06 03 55 04 08 0C 02 55 50 31 0C 30 0A 06 03 55 04 07 0C 03 4B 4E 50 31 10 30 0E 06 03 55 04 0A 0C 07 43 49 52 49 47 48 54 31 0E 30 0C 06 03 55 04 0B 0C 05 53 45 43 49 44 30 1E 17 0D 32 31 30 33 31 30 31 39 34 33 33 32 5A 17 0D 33 31 30 33 30 38 31 39 34 33 33 32 5A 30 6F 31 0B 30 09 06 03 55 04 06 13 02 49 4E 31 0B 30 09 06 03 55 04 08 0C 02 55 50 31 0C 30 0A 06 03 55 04 07 0C 03 4B 4E 50 31 10 30 0E 06 03 55 04 0A 0C 07 43 49 52 49 47 48 54 31 22 30 20 06 03 55 04 0B 0C 19 41 75 74 68 65 6E 74 69 63 61 74 6F 72 20 41 74 74 65 73 74 61 74 69 6F 6E 31 0F 30 0D 06 03 55 04 03 0C 06 59 55 42 49 43 4F 30 59 30 13 06 07 2A 86 48 CE 3D 02 01 06 08 2A 86 48 CE 3D 03 01 07 03 42 00 04 F6 D7 C7 C1 96 16 DF 1B 84 D7 56 B7 86 A0 DD 2E 52 FF 7D A3 88 6C CA 5F 54 B2 B6 33 2F 5B A9 16 D3 A9 90 DF B4 F5 2B 10 D4 A5 D3 FC A7 7B A3 06 6A D6 4B 6F D6 45 EA 1A 54 C7 19 00 D8 86 7B 71 A3 55 30 53 30 1F 06 03 55 1D 23 04 18 30 16 80 14 C3 75 F6 1C 48 FB E7 A8 EE 83 1E 1A 69 D5 97 53 E4 7B EB 13 30 09 06 03 55 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 02 04 F0 30 18 06 03 55 1D 11 04 11 30 0F 82 0D 73 65 72 76 65 72 2E 62 65 72 6C 69 6E 30 0A 06 08 2A 86 48 CE 3D 04 03 02 03 49 00 30 46 02 21 00 B4 E3 C7 D4 9F F5 F2 3B F1 76 EB 57 02 5A 60 6C 89 94 FA 9E D7 CC A9 78 3D 42 11 50 AF A4 51 94 02 21 00 C8 C8 9B DF 4D 4B 80 C3 7D 23 3B E8 F0 ED 48 73 A8 E3 41 DD AA 1D C5 A1 51 62 2E 3D 19 05 B5 AC 30 45 02 21 00 D4 FE 28 98 0D A3 82 97 FE 6D A0 AA BE B9 1B 07 2E 78 F3 D0 09 D9 B7 82 E1 36 3F 36 5F 36 D9 FC 02 20 60 72 14 AE 9F E1 EF 73 31 01 ED F7 7A DC C8 44 A8 FD CA 26 B8 AD 16 83 C4 7C 7B 98 AE E4 FE 06 90 00
Can someone suggest what we might be missing?
Thanks
Neel.