Reset your YubiKey to factory defaults using gpg-connect-agent

I’m using MacOS for my work, so here is how to reset your YubiKey using gpg-connect-agent. This is not a mine solution, I found this a while ago on github, can’t remember who’s is author, so I saved to my notes, just wanted to share it with you.

# Install gnupg if it's not installed yet
VKAFEDZH-M-2R3C:~ vkafedzh$ brew install gnupg

Insert your YubiKey to USB and run the following command:

gpg-connect-agent <<EOF
/hex
scd serialno
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
scd apdu 00 e6 00 00
scd apdu 00 44 00 00
/echo Yubikey has been successfully reset.
/echo The factory default PINs are 123456 (user) and 12345678 (admin).
EOF

Here is what I have:

VKAFEDZH-M-2R3C:~ vkafedzh$ gpg-connect-agent <<EOF
> /hex
> scd serialno
> scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
> scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
> scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
> scd apdu 00 20 00 81 08 40 40 40 40 40 40 40 40
> scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
> scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
> scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
> scd apdu 00 20 00 83 08 40 40 40 40 40 40 40 40
> scd apdu 00 e6 00 00
> scd apdu 00 44 00 00
> /echo Yubikey has been successfully reset.
> /echo The factory default PINs are 123456 (user) and 12345678 (admin).
> EOF
gpg-connect-agent: no running gpg-agent - starting '/usr/local/Cellar/gnupg/2.2.8/bin/gpg-agent'
gpg-connect-agent: waiting for the agent to come up ... (5s)
gpg-connect-agent: connection to agent established
S SERIALNO XXXXXXXXXXXXXX24010201000607XXXXXXX
OK
D[0000]  69 82                                              i.
OK
D[0000]  69 82                                              i.
OK
D[0000]  69 82                                              i.
OK
D[0000]  69 83                                              i.
OK
D[0000]  69 82                                              i.
OK
D[0000]  69 82                                              i.
OK
D[0000]  69 82                                              i.
OK
D[0000]  69 83                                              i.
OK
D[0000]  90 00                                              ..
OK
D[0000]  90 00                                              ..
OK
Yubikey has been successfully reset.
The factory default PINs are 123456 (user) and 12345678 (admin).

Thanks!

Leave a Reply