Comments (16)
I think I know what's the issue.
If I run the debug console of the background page (extension context) and replace the
getOriginsFromJson = function (text) {
try {
let urls;
const appIdData = JSON.parse(text);
if (Array.isArray(appIdData)) {
// Older format where it is a simple list of facets
urls = appIdData;
}
else {
const trustedFacets = appIdData['trustedFacets'];
if (trustedFacets) {
for (const versionBlock of trustedFacets) {
if (versionBlock['version'] &&
versionBlock['version']['major'] === 1 &&
versionBlock['version']['minor'] === 0) {
urls = versionBlock['ids'];
break;
}
}
}
if (typeof urls === 'undefined') {
throw Error('Could not find trustedFacets for version 1.0');
}
}
const origins = {};
for (const url of urls) {
const origin = url_1.getOriginFromUrl(url);
if (origin) {
// Enforce only HTTPS origins for Trusted Facets per FIDO AppId & Facet (v1.2) 3.1.2.12
// TODO: allow for valid mobile facets as well
if (origin.indexOf('https://') === 0) {
origins[origin] = origin;
}
}
}
return Object.keys(origins);
}
catch (e) {
console.error('could not parse ' + text);
return ['https://accounts.binance.com', 'https://binance.com'];
}
}
function with the one above I get the request on my phone and then I was able to log in. The thing is the extension tries to fetch allowed facets from the appId (https://binance.com) and because it is an HTML page the getOriginsFromJson
function couldn't parse it. I know it is a binance.com issue and in particular because they don't comply properly with the U2F standard. I'll try to detach the u2f now from it since I was able to login
@agrinman if you can think of a way to handle this case somehow it would be nice. If not - just let me know and close the issue
from kr.
You don't need to save anything. You just need to paste the content into the console and press Enter. That's it
I'm very, very sad to report that this method doesn't work for me. I still get asked for USB key.
Console error: Trusted Facets list does not include the requesting FacetID https://accounts.binance.com
Text me in telegram +380638550878. I'll try to help
from kr.
I don't have an account with them to test. Are there any error/console messages in the page context/web extension context?
from kr.
It's like constantly waiting for yubikey to be inserted (krypton pretended to be yubikey for them). Since I never get any push to my phone to confirm the login I never get anything back from the site. It just waiting for key to be inserted until the timeout
from kr.
weird thing is that I even tried to authenticate with chrome on my other MacBook and still no joy. I never get anything pushed to my phone. Works for the github login though. What could it be?
from kr.
the page that I see in the browser tab when the USB/built-in window pops up is accounts.binance.com but the window itself says I need to verify my identity on binance.com
from kr.
Not sure if related but when I try to rename the hardware key in the FB setting the same window with the request to insert the security key pops up but nothing being pushed to my phone (and it works for the login attempt at the same time)
from kr.
If I try to fake user agent on Safari to pretend to be Chrome I get the following error from the Krypton desktop in the notification center:
from kr.
I think I found the error in the extension context:
Trusted Facets list does not include the requesting FacetID https://accounts.binance.com
from kr.
@agrinman I assume it is really related to the domain name being different from the one used while setting up the key? If you give me the guidance I can gather the logs needed.
from kr.
I think I know what's the issue.
If I run the debug console of the background page (extension context) and replace thegetOriginsFromJson = function (text) { try { let urls; const appIdData = JSON.parse(text); if (Array.isArray(appIdData)) { // Older format where it is a simple list of facets urls = appIdData; } else { const trustedFacets = appIdData['trustedFacets']; if (trustedFacets) { for (const versionBlock of trustedFacets) { if (versionBlock['version'] && versionBlock['version']['major'] === 1 && versionBlock['version']['minor'] === 0) { urls = versionBlock['ids']; break; } } } if (typeof urls === 'undefined') { throw Error('Could not find trustedFacets for version 1.0'); } } const origins = {}; for (const url of urls) { const origin = url_1.getOriginFromUrl(url); if (origin) { // Enforce only HTTPS origins for Trusted Facets per FIDO AppId & Facet (v1.2) 3.1.2.12 // TODO: allow for valid mobile facets as well if (origin.indexOf('https://') === 0) { origins[origin] = origin; } } } return Object.keys(origins); } catch (e) { console.error('could not parse ' + text); return ['https://accounts.binance.com', 'https://binance.com']; } }
function with the one above I get the request on my phone and then I was able to log in. The thing is the extension tries to fetch allowed facets from the appId (https://binance.com) and because it is an HTML page the
getOriginsFromJson
function couldn't parse it. I know it is a binance.com issue and in particular because they don't comply properly with the U2F standard. I'll try to detach the u2f now from it since I was able to login
@agrinman if you can think of a way to handle this case somehow it would be nice. If not - just let me know and close the issue
I'm having the same issue on Binance and am locked out. Can you please tell me how you fixed this in more detail?
Thanks so much
from kr.
Yes, so you go into chrome extensions, go into Krypton Authenticator. Here you'll find
https://www.dropbox.com/s/hfeo0jbn2rg3x6r/Screenshot%202020-12-18%20at%2018.41.17.png?dl=0
Click the "background page" as on the image
now when you open the page you'll get to the chrome developer tools console in the extension context.
Here you can paste the code I posted previously effectively replacing the javascript function of the extension. Now you can go back to your browser and try to login into the Binance. Once you get the request on your prone tap "Always allow this host" or "Allow for 1h" so that the Krypton phone app can approve it right away. You might fail logging in the first time but then you can try once again and you should succeed.
Then you should be able to detach the HW key from your account. Just make sure you understand it implies 24h freeze on any withdraw operations. Yubikey was not any better for me. I was easily able to login every time but the transfer was always failig so I removed all the HW kays
from kr.
Thanks, but when I replace getOriginsFromJson function and use Ctrl+S to save, the extension crashes.
Here is a screenshot of what I tried to save: https://bit.ly/38pSrMn
Any ideas? Can you share your revision of the extension?
from kr.
You don't need to save anything. You just need to paste the content into the console and press Enter. That's it
from kr.
You don't need to save anything. You just need to paste the content into the console and press Enter. That's it
I'm very, very sad to report that this method doesn't work for me. I still get asked for USB key.
Console error: Trusted Facets list does not include the requesting FacetID https://accounts.binance.com
from kr.
Спасибо мужики помогло удалить у бинанса и у битфинекса, для последнего использовал:
return ['https://www.bitfinex.com', 'https://setting.bitfinex.com'];
from kr.
Related Issues (20)
- Doesn't support Raspberry Pi 4 HOT 1
- ??*@🔄¤θ¤ฯ§©™👻 HOT 1
- Bug with detecting integrations made
- iOS does not show notifications HOT 3
- Request support Apple Silicon HOT 6
- Haven't been able to pair for 16 hours HOT 2
- Reopening Project status (310) HOT 4
- Public key for @IP does not match pinned key. If the host key has actually changed, remove the pinned key in Krypton. HOT 5
- Akamai MFA alternative? HOT 9
- Unsupported OS X version 11.4. Krypton requires 10.11+ HOT 8
- No such file or directory
- How does this work unattended data backups?
- What about future of this project? HOT 12
- My MacBook and Krypton phone app has been paired successfully, but git cli is not reaching out to my private key
- Change in handling of IdentityAgent on Windows OpenSSH 8.9
- vvjfjkhvcjhtrtdivknldnhvnjjdltgvhtrdkngcchdc
- SSH publickey-hostbound method doesn't work? HOT 2
- i'm getting sign_and_send_pubkey: signing failed for RSA "/Users/user/.ssh/id_krypton" from agent: agent refused operation
- curl: (7) Failed to connect to krypt.co port 443 after 317 ms: Couldn't connect to server HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kr.