Skip to content

Instantly share code, notes, and snippets.

Avatar
🙃
Chop-chop passwords...

Ackermann Yuriy herrjemand

🙃
Chop-chop passwords...
View GitHub Profile
@herrjemand
herrjemand / apple.metadata3.json
Created May 22, 2022
Unofficial missing attestations
View apple.metadata3.json
{
"description": "UNOFFICIAL Apple Anonymous Attestation WebAuthn FIDO2 Authenticator",
"aaguid": "f24a8e70-d0d3-f82c-2937-32523cc4de5a",
"protocolFamily": "fido2",
"authenticatorVersion": 2,
"upv": [
{
"major": 1,
"minor": 0
}
@herrjemand
herrjemand / platformAuthenticatorAvailable.js
Created Jan 1, 2022
Check if WebAuthn API available, and if platform authenticator is supported
View platformAuthenticatorAvailable.js
const isWebAuthnSupported = () => {
return !!window.PublicKeyCredential
}
const isPlatformAuthenticatorSupported = () => {
if (!isWebAuthnSupported()) {
return Promise.reject(new Error("WebAuthn API is not available"))
}
if (!PublicKeyCredential.isUserVerifyingPlatformAuthenticatorAvailable) {
@herrjemand
herrjemand / verify.apple.attestation.js
Last active Nov 20, 2022
Snippet code to verify apple anonymous attestation
View verify.apple.attestation.js
const crypto = require('crypto');
const base64url = require('base64url');
const cbor = require('cbor');
const asn1 = require('@lapo/asn1js');
const jsrsasign = require('jsrsasign');
/* Apple Webauthn Root
* Original is here https://www.apple.com/certificateauthority/Apple_WebAuthn_Root_CA.pem
*/
let appleWebAuthnRoot = 'MIICEjCCAZmgAwIBAgIQaB0BbHo84wIlpQGUKEdXcTAKBggqhkjOPQQDAzBLMR8wHQYDVQQDDBZBcHBsZSBXZWJBdXRobiBSb290IENBMRMwEQYDVQQKDApBcHBsZSBJbmMuMRMwEQYDVQQIDApDYWxpZm9ybmlhMB4XDTIwMDMxODE4MjEzMloXDTQ1MDMxNTAwMDAwMFowSzEfMB0GA1UEAwwWQXBwbGUgV2ViQXV0aG4gUm9vdCBDQTETMBEGA1UECgwKQXBwbGUgSW5jLjETMBEGA1UECAwKQ2FsaWZvcm5pYTB2MBAGByqGSM49AgEGBSuBBAAiA2IABCJCQ2pTVhzjl4Wo6IhHtMSAzO2cv+H9DQKev3//fG59G11kxu9eI0/7o6V5uShBpe1u6l6mS19S1FEh6yGljnZAJ+2GNP1mi/YK2kSXIuTHjxA/pcoRf7XkOtO4o1qlcaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUJtdk2cV4wlpn0afeaxLQG2PxxtcwDgYDVR0PAQH/BAQDAgEGMAoGCCqGSM49BAMDA2cAMGQCMFrZ+9DsJ1PW9hfNdBywZDsWDbWFp28it1d/5w2RPkRX3Bbn/UbDTNLx7Jr3jAGGiQIwHFj+dJZYUJR786osByBelJYsVZd2GbHQu209b5
@herrjemand
herrjemand / appleanonymousattestationnonce.extension.asn
Last active Jan 1, 2021
Apple Anonymous Attestation ASN1 Schema
View appleanonymousattestationnonce.extension.asn
id-ce-AppleAnonymousAttestation OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) apple(113635) appleDataSecurity(100) appleWebAuthnPolicies(8) 2}
AppleAnonymousAttestation ::= SEQUENCE {
nonce [1] OCTET STRING
}
View WebAuthnRESTHelpers.js
let performGetAssertion = (getAssertionRequest) => {
getAssertionRequest.challenge = base64url.decode(getAssertionRequest.challenge);
if(getAssertionRequest.allowCredentials) { //If RK scenario
for(let allowCred of getAssertionRequest.allowCredentials) {
allowCred.id = base64url.decode(allowCred.id);
}
}
return getAssertionRequest
View keybase.md

Keybase proof

I hereby claim:

  • I am herrjemand on github.
  • I am herrjemand (https://keybase.io/herrjemand) on keybase.
  • I have a public key whose fingerprint is 6050 B0DE 350B 91AB B929 C717 F9E5 3ECE 85D1 7BAD

To claim this, I am signing this object:

View CODESAMPLES.LICENSE
The MIT License (MIT)
Copyright (c) 2018-2019 Yuriy Ackermann
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
View passwordless.MakeCredential.js
document.getElementById('register').addEventListener('submit', function(event) {
event.preventDefault();
let username = this.username.value;
let displayName = this.displayName.value;
startPasswordlessEnrolment({username, displayName})
.then((serverResponse) => {
if(serverResponse.status !== 'startFIDOEnrolmentPasswordless')
throw new Error('Error registering user! Server returned: ' + serverResponse.errorMessage);
View usernameless.GetAssertion.js
document.getElementById('login').addEventListener('submit', function(event) {
event.preventDefault();
return getGetAssertionChallenge()
.then((getAssertionChallenge) => {
/*{
"challenge": "Ld0vp5byLeFZBOpclgKP3BEc8AA4aBewYPlwbkgLh98",
"status": "ok"
}*/
getAssertionChallenge = preformatGetAssertReq(getAssertionChallenge);
View passwordless.GetAssertion.js
document.getElementById('login').addEventListener('submit', function(event) {
event.preventDefault();
let username = this.username.value;
startAuthenticationPasswordless({username})
.then((serverResponse) => {
if(serverResponse.status !== 'startFIDOAuthentication')
throw new Error('Error logging in! Server returned: ' + serverResponse.errorMessage);