Flipper Zero: Hottest Hacking Device?

Рет қаралды 7,152,502

Жыл бұрын

Big thanks to Lab401 for sending me some cool toys :)
The Flipper Zero must be one of the most in demand hacking tools of 2022. A fantastic RFID / NFC / Infrared and more tool :)
// Discount //
Get a 5% discount using my affiliate link : lab401.com/r?id=42cm8b
and/or use code DAVIDBOMBAL
// Video mentioned //
2 seconds to open a safe: • Wait, what? Only 2 sec...
// Great resources //
Awesome Flipper: github.com/djsime1/awesome-fl...
Bad USB: github.com/nocomp/Flipper_Zer...
// Lab401 //
Twitter: / lab_401
Website: lab401.com/
KZfaq: / lab401
// David's SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
KZfaq Main Channel: / davidbombal
KZfaq Tech Channel: / @davidbombaltech
KZfaq Clips Channel: / @davidbombalofficialclips
KZfaq Shorts Channel: / @davidbombalshorts
Apple Podcast: davidbombal.wiki/applepodcast
Spotify Podcast: open.spotify.com/show/3f6k6gE...
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// ATTRIBUTIONS //
Hackerland by Twin Musicom is licensed under a Creative Commons Attribution 4.0 licence. creativecommons.org/licenses/...
Source: www.twinmusicom.org/song/292/h...
Artist: www.twinmusicom.org
flipper zero
flipper
flipperzero
hack
hacking
rfid
nfc
bluetooth
infrared
radio
gpio
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#flipperzero #hack #hacking

Пікірлер: 4 200

@SoloKyoto Жыл бұрын

My favorite part is the programmer put so much effort into the dolphin animations.

@leflyxdvd Жыл бұрын

duh because its such a bs device lol you need the other device for it to properly work. it needs to be able to read a device to use its properties....

@raksh9 Жыл бұрын

Thumbs up from dolphin!

@operationscomputer1478 Жыл бұрын

YET HE SAYS IT STILL NEEDS TO BR REBOOTED OFTEN

@edgaromar9196 Жыл бұрын

That's another feature that made me buy one!

@kaelthunderhoof5619 Жыл бұрын

Looks like some old Pokedex animations.

@oa5828 Жыл бұрын

Like it or not, this stuff being public and available will only work to allow people to learn the vulnerabilities of their technology so they can better secure it. The most dangerous hacking devices are the ones not known of much by the public or at all. Like the Stingray phone trackers used by police for some time before they were exposed.

@unknownlordd Жыл бұрын

or tiktok skids making people lives worse for stupid likes and validation online

@raylopez99 Жыл бұрын

Apparently in the USA a shipment was intercepted by customs but then released to the public.

@kevinslattery5748 Жыл бұрын

Where's the 2nd comment bad YT?

@Crozzzbonez0 Жыл бұрын

@@kevinslattery5748 youtube like to shadowban comments sometimes for whatever reason. They make it so it looks like the comment went through on your end but nobody else can actually see it. That might be why it’s bugged.

@kevinslattery5748 Жыл бұрын

@@nemod.8310 No, it's not thar crazy. What is crazy is that safe maker employing inherently unsafe tech for an application that demands high security. The safe is effectively worthless.

@misterkaos.357 Жыл бұрын

Who knew something so adorable could be so dangerous!

@Pheus11 Жыл бұрын

I know right. I told my mom its just a toy and she trusted me because it looked like one, i bought it and i do many things with it

@Mr_cheese.. Жыл бұрын

@@Pheus11 🤨

@Chino0420 Жыл бұрын

@@Pheus11 imma tell your mommy..

@kaelthunderhoof5619 Жыл бұрын

@@Pheus11 mom's cabinet starts vibrating.

@Beans2231 Жыл бұрын

@@kaelthunderhoof5619 🤣🤣🤣🤣

@filipbronola536 Жыл бұрын

I love the UI on that thing, cute yet so incredibly powerful

@lonnpton5239 Жыл бұрын

the dolphin is a good choice

@generic6099 Жыл бұрын

i wanna get it just for the UI alone tbh. (and then mainly use it as a secondary backup remote or near radio keyring)

@peteypete9357 Жыл бұрын

The ui is just a dolphin and scrolling text. Just say you like the dolphin; the text is soo effortless.

@ArcYT Жыл бұрын

@@lonnpton5239 It's genius, dolphin was perfect choice because of echolocation and sounds

@lonnpton5239 Жыл бұрын

@@ArcYT yes and its big brain

@Adamlogen12 Жыл бұрын

Just wanted to share how my AirTag smart wallet saved me from an RFID hack. Its built-in RFID-blocking shield protected my cards, and the Find My app on my iPhone helps me locate my wallet.

@olegj285 Жыл бұрын

Could you share an example of how it saved you from such an attack? It would be helpful to hear a specific instance of how the RFID-blocking shield worked for you. Thanks

@Adamlogen12 Жыл бұрын

@@olegj285 sure bro, a few weeks ago, I was at a busy mall and felt a strange sensation in my pocket. After checking my wallet, I realized that someone was trying to scan my credit cards using zero flipper

@olegj285 Жыл бұрын

@@Adamlogen12 Wow, that's crazy! I'm glad your Air Tag smart wallet protected your cards from that kind of attack. By the way, where did you get your AirTag smart wallet? I'm interested in investing in one myself, and I'm curious about where people are finding the best quality

@olegj285 Жыл бұрын

thanks 🙏🏻 found them!

@OxaudioPhilly Жыл бұрын

Fuckin bots are unreal anymore. 🤦🏻

@GloriousGrunt Жыл бұрын

Feels like the video started as "this thing is dangerous!" but as the video goes on it's more like "hey this thing is kinda handy" lol

@8instantramen Жыл бұрын

Say what you want about the device but I love the charm and personality it has in its software. Now that’s someone who puts love in their product

@roastytoasty8559 Жыл бұрын

i wonder what the minds of the people who create these devices are like.

@svenjorgensenn8418 Жыл бұрын

@@roastytoasty8559 the are black hats who think it's white

@ALCRAN2010 Жыл бұрын

@@roastytoasty8559 smart. They are smart

@jesseroberts1041 Жыл бұрын

@@ALCRAN2010 But extreme degenerates too. Smart degenerates, which isn’t a great combo.

@SoroBoio Жыл бұрын

@@kitplaysmore7554 absolutely dangerous?💀 bro it's not what you think it is, it's definitely not dangerou

@MartialGlobe Жыл бұрын

When something like this gets to the public, I always wonder what kind of devices are out there that we haven't even had a glimpse of yet

@tigreactivo517 Жыл бұрын

Tons. You don't even want to see the ones the government has.

@MartialGlobe Жыл бұрын

@@tigreactivo517 I mean that the predator drone was a thing in the early 1990s is already frightening enough - tbh I feel like I don't even wanna know

@eckoofthebat44 Жыл бұрын

Like the USB cables with hacking software in the cable

@parallellevels5881 Жыл бұрын

So many!!

@UmiZoomR Жыл бұрын

Universal remotes are pretty high tech, the infrared is straight bussing yo

@sventhesuperstud5858 Жыл бұрын

As an engineer, the newest piece of tech in my house is a printer and I keep a loaded handgun incase it does something unexpected lol

@regularperson9297 Жыл бұрын

"Low on ink"

@midgardo4 Жыл бұрын

Can never trust those printers 🤣

@RawHeat100 Жыл бұрын

damn right brother stay woke lol

@cirelancaster Жыл бұрын

It's been awhile since I've heard that joke

@charlest1121 Жыл бұрын

I’m watching KZfaq on my printer too!

@ubermind-tim Жыл бұрын

Thanks David. Excellent review and excellent product. Your video underscores the need for storing RFI devices inside some sort of RFI blocking devices, be they wrappers and bags.

@deafomega Жыл бұрын

I remember having homebrew on my PSP that used the IR to be a universal remote. Same method to train it so I had all my friends remotes saved as different profiles. Then I didn't have to look around for one when we were chillin. It was great at home as well, since we had so many IR remotes. I could quickly switch from playing my game over to other tasks, similar to ALT + Tab on PC.

@syckles Жыл бұрын

This is basically the real life equivalent of Batman's hacking tool from the Arkham games.

@rickeydart3040 Жыл бұрын

Man, it sure is convenient all these passwords are a single word.

@mandybaker8544 Жыл бұрын

Right!

@Primeval-Frost Жыл бұрын

Or a sonic screwdriver

@afkmh2392 Жыл бұрын

Nothing will ever be as advanced as what Batman has

@dave4347 Жыл бұрын

Does it come in black?

@jaredflynn3750 Жыл бұрын

Stuff like this is why I'll never go for the whole "smart house" thing where everything including your damn coffee maker is a computer or connected to the net. Too many vulnerabilities too many exploits too many surveillance devices.

@Belnick6666 Жыл бұрын

just imagine the chaos when we start using nano bots for health issues.....just use this and tell them to stop the heart or something lol

@cjramseyer Жыл бұрын

Having a Smarthome IS NOT the problem. Using devices that depnd on a cloud or internet connection is the problem. Everything demonstrated here is interesting, but all requireschaving relatively close proximity. The point being, a smarthome is nothing to be afraid of, but make sure that devices that only need local access for control. Not Alexa and Google Home, and know how the devices can be controlled.

@jaredflynn3750 Жыл бұрын

@@cjramseyer I'm just sketched out by any kind of wireless devices because it means they can still be manipulated by other Wireless signals people always find a way to exploit any kind of remote connectivity even if it's not connected to the internet directly necessarily

@ok.ok.5735 Жыл бұрын

True you could catch someone’s house on fire or rob it while they are away or worse if you think too hard about it. But I would agree that’ll not catch on with me either for the reasons you stated

@succesful01 Жыл бұрын

You got a phone ? Too late

@JohnCorrUK Жыл бұрын

David what a joy to come across your informative video - RFID protector going on my shopping list!

@dougfoster445 Жыл бұрын

I am a college teacher that teaches electricity. I bought this today and was playing around with it in class with my students. They loved it and actually really learned alot about the importance of EM frequencies.

@zeke3327 Жыл бұрын

I was looking at this piece of tech when they stated their kickstarter. It sounded like a great idea but was really ambitious at the time. I'm glad they were able to actually bring something to market.

@davidbombal Жыл бұрын

Big thanks to Lab401 for sending me some cool toys :) // Discount // Get a 5% discount using my affiliate link : lab401.com/r?id=42cm8b and/or use code DAVIDBOMBAL The Flipper Zero must be one of the most in demand hacking tools of 2022. A fantastic RFID / NFC / Infrared and more tool :) Flipper Zero: lab401.com/products/flipper-zero?variant=42927883452646 // Video mentioned // 2 seconds to open a safe: kzfaq.info/get/bejne/jp9pY71_ppi4n5s.html // Great resources // Awesome Flipper: github.com/djsime1/awesome-flipperzero Bad USB: github.com/nocomp/Flipper_Zero_Badusb_hack5_payloads // Lab401 // Twitter: twitter.com/Lab_401 Website: lab401.com/ KZfaq: kzfaq.info // David's SOCIAL // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZfaq Main Channel: kzfaq.info KZfaq Tech Channel: kzfaq.info/love/ZTIRrENWr_rjVoA7BcUE_A KZfaq Clips Channel: kzfaq.info/love/bY5wGxQgIiAeMdNkW5wM6Q KZfaq Shorts Channel: kzfaq.info/love/EyCubIF0e8MYi1jkgVepKg Apple Podcast: davidbombal.wiki/applepodcast Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com flipper zero flipper flipperzero hack hacking rfid nfc bluetooth infrared radio gpio

@randompotato5761 Жыл бұрын

Your late old man

@darooh9815 Жыл бұрын

Glad you got what you backed on kickstarter. Backed 3 items in 2019 never received and Kickstarter does nothing to help nor do the originators reply.

@ferdydek Жыл бұрын

Please remember russian products are currently subject to international sanctions.

@wakjagner Жыл бұрын

Good sir, What was the RFID blocker you were using with your cards?

@TreeSnackz Жыл бұрын

Top tier cannabis strain reviews

@XxNightmare128xX Жыл бұрын

For about $200 this seems like a pretty awesome master controller for all my devices

@juanschmied4676 9 ай бұрын

Thank you, your video is so instructive on security issues and a great tool. Are there other stuff like this ?

@Mocxing Жыл бұрын

Honestly I love the UI so much, what a cute and unsuspecting dolphin!

@jas_bataille Жыл бұрын

The dolphin isn't a random choice. They can be some of the most cruel animals. They can hunt, torture, and rape their own species or other.

@Mocxing Жыл бұрын

oh I know about the "other species" part with some of the hentai I've seen where the dolphin is "connected" to an anime girl~ yup!

@ZVLIAN Жыл бұрын

@@Mocxing bruh

@wrongtown Жыл бұрын

He's always so MAD at me though 😅

@mrcoco3562 Жыл бұрын

It's copyright from Gameshark

@definite11 Жыл бұрын

Imagine the dangers if a driver thru worker had one of these

@tankprohp Жыл бұрын

Pay in cash no issue

@sh4rdz. Жыл бұрын

wym lol dont hand them your card

@davidyong2129 Жыл бұрын

You could work at McDonald’s for one day and retire lol

@xfy123 Жыл бұрын

You don't need this to read cards legit any smartphone whit NFC can read and save card info

@haveyouseengeorgehennen Жыл бұрын

You don't need to give them your card, they pass you the reader, pay cash in places you find sketchy and you should be using credit cards instead of debit's by now.

@DareToBeDeviant Жыл бұрын

If a safe doesn't have a knob/lever/keyhole then it's likely going to give the user problems. With that said, the safe used in this demo can be considered complete garbage even before David did anything to it. Casually shopping for "safe" devices online (7 years now?) has resulted in hundreds of negative comments regarding 1) junk quality, 2) the inability to open the thing even with proper clearance [a huge complaint with biometric fingerprint scanners], and 3) sometimes opening way too easily due to bad firmware or flawed physical internals. I think once upon a time Sentry had a model that could be opened with proper magnet placement, no code required. My primary has a digital pad, a separate battery backup box, keys, and can be alarmed. Get yourself something with any combination of these features and bolt it to the wall/floor.

@traceyevans2757 Жыл бұрын

It’s like a personal master key. I’d use it for exactly that

@b98a4c37 Жыл бұрын

UID emulation is not nearly enough to emulate a yubikey's cryptographic functionality. You would need to extract private key information which requires much more extreme tactics. If you were using your yubikey merely as an RFID tag this would work, but that's not what people use yubikeys for

@MaksKCS Жыл бұрын

Yeah I was dumbfounded when he even suggested bypassing yubikeys 2fa

@kingjer125 Жыл бұрын

I know this is a stupid use but for someone that has a bunch of keycards for work or for personal use it would be cool to have one device I can use to unlock everything, as well as a good trick to have a random rfid card I use unlock something unexpectedly.

@ocavant Жыл бұрын

This is exactly why I bought one. So I can make a new one and not have to pay $35 each time to the company for a new card. Oh, and all the other cool things it does will be worth the hundred and change.

@the_seeker.entity9206 Жыл бұрын

Only safety thing is it does become a master key for your life for anyone malicious

@steve00alt70 Жыл бұрын

@@ocavant what if the delivery companies know what these are and then make it illegal?

@GswervinTV Жыл бұрын

Sounds like the mark of the beast

@revengeof1307 Жыл бұрын

@@GswervinTV but its not because nothing is being put into your skin.

@ksousajr Жыл бұрын

Just placed my order using your code, hopefully you get a kickback from it.. Love your content, it's hard to find someone who's willing to ask the right questions to the right people and share what they've gained from it.. You Rock David!

@jas_bataille Жыл бұрын

This guy : "See that's bad idea" The lockpicking lawyer : "Here we have a demonstration of the hardest way to open this safe. Now I am going to use a fork..."

@vasiovasio Жыл бұрын

Fork?!? Cmon, just a paperclip is enough!

@ATSaale Жыл бұрын

Opening a lock with it's own packaging will always be a highlight to me

@m4inline Жыл бұрын

With a tomato.

@XxXKillJoyXxX Жыл бұрын

With this spec of dust

@Atombombz7 Жыл бұрын

Ive seen em break into a car using nothing but his shoelace its wild

@spottechnologies Ай бұрын

One of The Best Part of your videos, Thanks David!

@joemck74 Жыл бұрын

If Flipper can be remote controlled than all somebody has to do is get it into your bag or glovebox or whatever, then they can use the various functions to suck everything they want out of your wallet/car/key-fob etc, then they just have to get the Flipper back - with probably won't be too hard of they 've cloned your keys.

@leonardoguerrero444 Жыл бұрын

This is really useful for many things as well. I saw someone copy a card onto some of those blue tags, so they can have extra keys to their appartment building, for family and etc

@pwntwtf Жыл бұрын

I was thinking how useful it would be to have a spare set of apartment keys, or a garage key in case you ever lose or forget yours. It definitely has its uses that don't involve doing bad.

@Lothar526 Жыл бұрын

well u can always make an extra copy of the key where you get the first one

@burymeinversace Жыл бұрын

@@Lothar526 a lot of apartments charge you $50+ for extras

@Lothar526 Жыл бұрын

@@burymeinversace really? wow thats a lot! im not from the US.

@ryansinclaire8463 Жыл бұрын

@@pwntwtf Or every remote in your house. Id take it everywhere, seems super useful in a pretty small size.

@Jesterponed Жыл бұрын

I've been waiting to see more of the flipper. I tried pre-ordering one on the website and for some reason I was not able to. If it's perchable right now I would buy as many as I can. This is such a useful tool. I had a friend who had one and he let me test it out and he can bypass almost anything.

@4wkes64 Жыл бұрын

RDIF Read and Write can be done from your phone.. Some phones support IR but you can purchase cheap devices to Read/Send IR Signals..

@JL-gg5ib Жыл бұрын

We used to do this with Android phones when RFID reader apps first hit the App Store. You can do pretty much all of this on an android phone

@mathew1979 Жыл бұрын

With kali lunex lol

@ChrisSmithy Жыл бұрын

You can do most of it on an iPhone too. I don’t understand the fuss about this product, it’s all stuff that has been done for years with much cheaper products or often with the phones we all carry every day anyway. Seems like a complete waste of money to me.

@maniaksgaming6739 Жыл бұрын

@@ChrisSmithysimply say your broke with out saying your broke 😂

@ChrisSmithy Жыл бұрын

@@maniaksgaming6739 haha. Nice try. More accurately, I’m someone in the trade who understands these products need to be disposable or more undetectable.

@AmbianceForAll Жыл бұрын

@@ChrisSmithy Can you give examples as to how? Do you need a rooted phone? I've been trying to emulate some work cards and tried a few apps, can't seem to find anything to emulate. I have Android

@lescoe Жыл бұрын

I wish more people realized security is a placebo. Literally everything is vulnerable, even people. Thank you for this video.

@raduradu334 Жыл бұрын

Putin is not

@azultequila5114 Жыл бұрын

Even you

@Xerion404 Жыл бұрын

Especially people

@hummingbird_saltalamakia Жыл бұрын

I would say especially people. Security is a placebo... Okay, so don't lock your doors, might as well just leave them open in that case. There are certainly things that can be and are secure in the world.

@stedmangg Жыл бұрын

@@hummingbird_saltalamakia Exactly. Some people just wanna sound smart.

@AstralPhnx Жыл бұрын

Can we just talk about how cool that cute little interface is? I love the attention to detail

@chrisissun Жыл бұрын

this is the best channel you need to do one on security forensics for KZfaq videos, movie videos or digital art videos

@stevegee6494 Жыл бұрын

Man sometimes I think how could anyone do something in a place they're not allowed to be when security cameras are now either decent enough and extremely cheap, very very good and reasonably priced, or expensive but you could zoom in to a detail half a pixel wide at least 130 feet away that was there 8 days ago. But then I see tech like this and understand there's still a balance between offense and defense.

@AbsolemLNG Жыл бұрын

None of this is that wild but having it all in one device is pretty neat.

@blindsniper35 Жыл бұрын

Problem with RFID blockers is a lot of them work all right until somebody puts a parking garage overhead scan unit in a laptop bag. A lot of blockers can be read straight through with such a device, it just depends on how sophisticated of an attacker you're worried about.

@madhurindian Жыл бұрын

Hmm, possible solution?

@PySnek Жыл бұрын

@@madhurindian faraday cage

@zaa1414 Жыл бұрын

Would the issue there be the device in the bag's signal is too strong for the bag to contain? Man I wish I had goggles that let me see as much of the electromagnetic spectrum as possible at once.

@zaa1414 Жыл бұрын

I have an app that visualizes some radio and microwave signals and I have a thermal cam, seeing UV spectrum can be done too but I'd like to integrate it all into one view

@blindsniper35 Жыл бұрын

@@zaa1414 I'm referencing a defcon presentation. I can't remember exactly who was presenting, anyways it's was made into a portable rig that they put into a laptop bag. It didn't really need a ton of power and it was set up to dump the credentials of every tag it could interrogate. It's definitely the sort of thing pen testers make. No it would be quite unpleasant to be around any sort of RF source strong enough/(at the right frequencys) to damage the materials in a laptop bag. Let me put it this way, the microwave heats things using radio waves (at about 2.4 GHz) using something like a kilowatt of power. The food containers in the microwave are made out of very similar materials as a laptop bag. Those readers are probably operating at something like 1 watt at the absolute maximum maybe 5 at a much lower frequency. There's Federal limits on what you're allowed to put out into the radio spectrum. I have absolutely no idea how much power you would have to output at that frequency to get material degradation and a laptop bag. but I know I don't want to be near it.(I think it would probably be easier to measure it in power substations)

@johna3607 Жыл бұрын

Thank you for helping me learn how to hack other people's property. Your tips are priceless.

@riu18 Жыл бұрын

Thanks man, i need to learn about how to use the flipper zero

@DOGMA1138 Жыл бұрын

You should've explicitly mentioned that this doesn't allow you to clone payment cards, the CSN/UID of the credit card have nothing to do with contactless payments, Flipper Zero cannot access the bankcard data. Contactless payments requires a fully encrypted handshake where the PoS sends an encryption key which is encrypted or signed using the a key held by the issuer the card would only transmit the card details if it successfully decrypts/authenticates the PoS key and those details would ofc be encrypted using the PoS keys. Whilst "contactless skimming" is possible it's only possible with valid PoS terminals, unfortunately it's fairly easy to get the PoS contactless reader and account needed for it and the scams rely on flaws in the KYC processes of payment processors such as Square to achieve it. Contactless EMV transactions are by far the most secure method of transaction we have right now even more so than chip and pin and there are no known direct attacks that impact these trasnactions.

@4Abaddon4 Жыл бұрын

This, and it's also nothing new. I can even copy or emulate nfc uid with my smartphone. Much more interesting ist the convince to copy 433 MHz signals often used by garage doors and such

@edenjung9816 Жыл бұрын

Damn. I was commenting above that i could Just save my Bankcard on the Flipper and use that instead of carrying the cards.

@jetseverschuren Жыл бұрын

That's not quite accurate. Bank cards will happily send lots of information to anyone that asks (the EMV spec is public, if you're interested). POS systems do use RSA and signed keys, but only to verify the card is who it says who it is, so cloning is still impossible

@DOGMA1138 Жыл бұрын

@@edenjung9816 You can't and if ever a device like that would be available you wouldn't want too unless it's an approved contactless payment device such as your phone or smart watch. Cloning cards is still a criminal offense even if they are your own cards. This would eventually get noticed in store and on public transport and cops can get called and good luck explaining to them what a Flipper Zero is. And even the criminal case would go no where when your issuer finds out you'll be fucked and good luck getting a chargeback ruled in your favor ever again for your entire life that is if you would be able to get another card issued.

@DOGMA1138 Жыл бұрын

@@jetseverschuren It's quite accurate, no cardholder data is ever sent over the wire before the card authenticates the PoS and any cardholder data sent by the card is always encrypted. If you have control over a PoS that has access to issuer keys or the issuer network and can trigger a contactless transaction and the PoS does not uses P2PE you will get enough CHD to make additional transactions but cloning the EMV chip is impossible. However I don't know of any contactless PoS's at least that are attainable to regular merchants that do not employ P2PE which means that the merchant never sees any CHD at all as all the transactions would be end to end encrypted and tokenized. Older Chip and Pin PoSs were not required to use P2PE however most if not all EMV terminals from the last 5 or so years are P2PE terminals. Some of the larger merchants such as huge retailers might have been allowed to retrofit their PoSs with contactless payments without it being P2PE but any retrofits I've seen were usually a separate payment channel and were P2PE. All the "IOT" card readers such as those from Square and SumUp and the likes are all P2PE so you can only do charge skimming on those since as an attacker you'll never see any card holder details.

@NoName-zz9ls Жыл бұрын

Pentesting aside, this device seems really useful to just have around

@edenjung9816 Жыл бұрын

I could simply save all my cards on it and Not carry them around with me. That would be cool.

@olkazzshitpostvod9578 Жыл бұрын

the problem is that spending 170$ just for something you are going to use times to times is annoying

@doop00 Жыл бұрын

I was thinking the same, like the big boom of universal remotes in the 90's.

@kazi_ Жыл бұрын

@@edenjung9816 you can already do that in your phone

@libertyprime9307 Жыл бұрын

Do you guys not have phones?

@sprite7740 Жыл бұрын

Reminds me of Dokkaebi from Rainbow Six Siege. That UI is super dope! Other than that it’s a little concerning 😆

@SakaraCoyfox Жыл бұрын

That's actually kinda scary that these things are just kinda out in the wild, but that also means that more people like you are able to teach us more about them so we know how to protect ourselves.

@Flaggyt Жыл бұрын

There is absolutely nothing special special with this thing, RFID scanners/copiers/writers are available for decades, same as the universal remote controllers. And it can mimic a wireless keyboard/mouse. *Facepalm. The only difference is that this looks like a toy with a dolphin animation. And notice this thing only works if you have the master RFID tag in your possession to copy it. You could do that ten years ago with cheaper hardware. Notice the lack of mass creditcard scanning scams in the last ten years. You can scan my creditcard but you can't use that for paying anywhere so it is useless, but hey you can open my hotel safe after I let you scan my creditcard ofcourse and I let you in my hotel room wafter I told which room... in which hotel. This thing is total bullshit and it's only function is scamming wannabee "hackers" who don't have a clue out of their money.

@Death4500 Жыл бұрын

I have one these I use to copy my car fobs , my tv remote and troll my coworkers by changing tv channels.

@ooltimu Жыл бұрын

You can read only what's public from the credit card's rfid and that's usually what is already physically written on the card (except the CVC of course). You can do this with any phone supporting rfid (most of them nowadays), but that's not actually cloning the card. The chip on the card is a minicomputer with cryptographic capabilities and that allows to make payments secure.

@ooltimu Жыл бұрын

@@Username-2 watched only 1 or 2 videos from this channel and he doesn't seem so knowledgeable... or maybe it's just for views and interaction

@brakahiphop Жыл бұрын

What you said

@MalcomHeavy Жыл бұрын

I was originally extremely concerned about this piece of tech. Now, having learned about it, it's not as threatening as it looked. You have to have access to the original key sets and cards to copy for the ball to even start rolling. Just be careful with your wallet, as we have all been told since the dawn of wallets.

@0525ohhwell Жыл бұрын

Yeah, that's my take as well. Not nearly as impressive as I expected.

@buckdaman8493 Жыл бұрын

If this doesn’t scare you then you must think you’re immune to social engineering attacks .. which means you’re more vulnerable than anyone 😮

@RhythmEmotions Жыл бұрын

Couldn't you just stand in a crowd and scan people's pockets that have wallet's in to get the card info ?

@MalcomHeavy Жыл бұрын

@@RhythmEmotions Yes. There wouldn't be anything stopping someone from doing that. That's why it's important to have an RFID blocking wallet. Do keep in mind that with this device, you would need to have the device extremely close to a card to copy the data. Many people carry multiple cards in their wallets. It would be very difficult for someone to know what card they are copying without removing the card from the wallet and scanning it. For example. Someone could be touching the device to someone's back pocket, and be copying someone's bus pass, or someone's hotel room key instead of their credit or debit cards.

@RhythmEmotions Жыл бұрын

@@gimme0cookies as long as this device doesn't become like the device on prison break lol

@sphaera3809 Жыл бұрын

To open the safe one still needs to know and get a hold on the card used to lock the safe. I personally only use the PIN number and never assume absolute safety. The hotel room safe is more of a deterrent than impenetrable box.

@mrgirth6510 11 ай бұрын

Ordered mine 2 days ago, already shipped out

@trevorsmith5991 Жыл бұрын

This tutorial is amazing and you are really good at teaching !! great job sir !

@timothyhewitt6736 Жыл бұрын

Great sales pitch 👍 for a minute you aalmost had me worried. Nothing your average smartphone can't do 🤣

@abandonedmuse Жыл бұрын

Funny….that’s what we called our POC malware we made at FIU. It worked on ultrasound so we called it Flipper. I came up with the name specifically. Now how plausible is it to do it from far away. This doesn’t look like i would be too scared of going out and someone doing this to my cards. You have to be pretty close to the card. If i had it I would totally use it as a remote. That’s pretty dope for that. 😂

@fuzzymath6240 Жыл бұрын

People use those safes? I always make sure the "do not disturb" is hanging on the door. Cool video!! Thanks for showing this stuff. Where in the past someone had to learn the skill of picking a physical lock, nowadays yikes!!

@jasoncrandall Жыл бұрын

Credit card to operate a hotel room safe? I’ve never seen this before.

@vasiovasio Жыл бұрын

Bad ideas Everywhere! :)

@ro.7427 Жыл бұрын

It has been around for years but has always been a bad idea

@thetruthhurts4147 11 ай бұрын

So fun when everyone and their dog does a flipper zero tutorial and then over night they are being banned from online sales. THANKS SO MUCH FOR THIS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

@TheCrash0veride Жыл бұрын

I saw the kickstarter campaign and figured it would be something that would be quickly banned or never allowed. After they blew wayyyy past the goal I ended up snagging one on preorder. After having it a short while I ended up jumping on a restock early on and now have a backup. But being an A/V- IT tech this thing is extremely valuable. When you setup customers with a universal remote they lose the individual device remotes that are sometime still needed. But I have every ir device I would ever need in my pocket. I was able to bypass the need to buy expensive programmed rfid badges, as I now just buy cheap t5577 tags that can emulate a range or rfid protocols and write them for the employees. The bad usb for automated installation of programs for remote assistance for IT clients. I’ve even copied the company garage door with the subghz. This thing is extremely powerful and even more so with custom firmware. And it’s cool to see you made a very informative video on it. I love your content and it has helped stuff me further down the rabbit hole of cyber security. But as a yubikey user myself I’m happy to say, That it can read/copy/emulate it, but it sees it as an unkown and assumes it’s nfc type a so the phone won’t read it as a key. Or at all in the app.

@binary_badg3r Жыл бұрын

Why/how would this be banned?

@TheCrash0veride Жыл бұрын

@@binary_badg3r i was a noob when it first hit on kickstarter. It was marketed as a “hacking multi tool” I just figured with it’s power and ease of use it would have been something that the fcc would’ve pushed back on. But I guess I was thinking they were gonna act more like the atf and a cool gun. But in the end I realized it’s basically treated like a computer. Sure it had the potential to do a lot of bad. But it all depends on the intentions of the user.

@slickstretch6391 Жыл бұрын

@@TheCrash0veride Kinda like guns. Or drugs.

@thePyiott Жыл бұрын

@@TheCrash0veride yeah its not hi tech by any means. You can make your own with parts from your local supermarket. It's open source to so you don't really have to do any coding

@TheCrash0veride Жыл бұрын

@@thePyiott I wish I could find components like these at my local supermarket. Radio shack died over here so there’s no electronic hobby stores anywhere now. They want to do away with the right to repair.

@acessford101 Жыл бұрын

I absolutely love my pair of flippers!

@kuroshm Жыл бұрын

“You can’t get a hold of one” …I guess I should open the box that’s been sitting in the corner of my room for the last 4 months

@holyapex8195 Жыл бұрын

Ship it? Lol I'll pay I want one like now I have so many devices i can use with this

@mschweers Жыл бұрын

Yeah, this got me to dig out my second, unopened one and play with it, because my first is in the glove box of my car. I had lots of plans for it originally, but the pandemic kind of put the kibosh on almost all of them. It's nice to have, but it turns out I don't use it as much as I expected. Still love it, and am very happy I backed it.

@chippiko 2 ай бұрын

Now, I understand what the function of this tool is. Thanks for explaining

@JohanA-uh1yg Жыл бұрын

Thank you for promoting this to 4.4 million people!

@E167330 Жыл бұрын

Thank you so much for the information, this is absolutely insane that a single device can do all these things. And even though it is understood that this video is for demonstration only. What comes into mind is: what bad actor or criminal uses this type of device for malicious purposes, what kind of practices or techniques can be applied to defend ourselves from such a variety of attacks, which are kind of in between the physical and information type of attacks. One more time, thank you for your work

@StriderVM Жыл бұрын

Thats why in the smplest terms, use RFID blocking devices in cards you DO NOT want to be scanned in a public setting.

@engineer0239 Жыл бұрын

And you know what? Your phone can probably do all these things too with the correct software.

@barodrinksbeer7484 Жыл бұрын

Most bad actors already have made a device like this. For example I have an rfid reader from a car parking lot, which can scan straight through the a rfid blocker to a mini pi. Even though it takes time to scan then put the data onto a fake card/transmitter, its super easy to do after its done.

@barodrinksbeer7484 Жыл бұрын

@@engineer0239 Im 90% sure you can do this with a default android phone. You used to be able to rfid scan cards and then save that data in google pay.

@_PatrickO Жыл бұрын

It is not insane. It is reality. You only need a few chips to cover all this spectrum. Anyone with minimal motivation can do these same things with freely available consumer electronics. The rfid stuff can likely be done by any cellphone with rfid built in. The issue is not the device, the issue are the vulnerable products multiple industries have ignored for years. They made devices with no security. The real solution is to add on security with a way for the owner of the car and only them to bypass or authenticate. Adding security without an owner bypass or authentication api just increases the chance that a modder trying to do something legal breaks the security to tinker with his owned property. Comma ai is a good example. They need to plugin to the canbus to add self driving features to different models of cars. Toyota slaps on encryption that the owner of the car has no bypass or authentication method for, so their is an effort to break the security which may help thieves. If car makers ensured owners had a bypass to security, then no one would worry about cracking the encryption and less scrupulous people wouldn't get to reuse legal modder bypasses to steal cars. Don't expect fixes because device makers won't give owners apis they can use to bypass security. So as they add security to devices, modders will crack it all.

@jas_bataille Жыл бұрын

Honestly I'll buy one just because I can have a single device to do all those things. I'd copy my own remotes and cards, and use it to copy remotes in hotel rooms and so on. There are a ton cool legal and smart uses of this to copy the tools you would normally have access too into a single device.

@andrew3606 Жыл бұрын

Please do not put your own credit cards into this device dude

@yeenking Жыл бұрын

@@andrew3606 why?

@andrew3606 Жыл бұрын

@@yeenking Because the company that makes these would have your credit card info to use or sell

@yeenking Жыл бұрын

@@andrew3606 but how? This device isn't online

@andrew3606 Жыл бұрын

@@yeenking He synced the devices data to his phone in the video

@DNA912 Жыл бұрын

I'm honestly thinking about getting on for the pragmatic usecases. Like rubber ducky scripts to automate processes, using the infra red as universal remote, using the NFC reading and writing as backup in case I loose a key or card. And the device it self is really cute

@mathiasschmidt9770 Жыл бұрын

Very fascinating. Could you make a video where you explain how the flipper zero works(how the software works) or a video where you code a flipper zero like pc ?

@KingFluffs Жыл бұрын

Unrelated note, but this reminds me of the guy who years back, found out a certain area of the UK had secret buttons under the regular ones on street lights near crossings (for the blind) that when pressed, instantly turned the lights red for slightly longer than usual and then bought some auto clickers that he could control via Wifi.

@gtsport3881 Жыл бұрын

At this point I realize the best place to save important stuff is in the mattress 🙃

@Huundo Жыл бұрын

Damn crazy new garage door opener

@TJD_04 2 ай бұрын

Just ordered one , Definitely not gonna mess around with it haha

@BluePulseFlyer Жыл бұрын

Really would love to get my hands on one of these, not for anything malicious but to fulfill the child hood dream of having one remote to do everything like in the TV show Hey Arnold

@2k7u Жыл бұрын

Haha there's thewandcompany that used to make epic sonic screwdrivers from doctor who, I had one the 10th doctor's universal controller sonic, epic quality and did a lot of trolling with it, I almost got 12th doctor's sonic which is even betterm had an extra functionality of emmiting IR at random to "guess" what signal a TV for example used to shut it down

@CLGPerformance Жыл бұрын

HackRF has really taught me a lot about vulnerability of today's devices along with long distant signal testing with a Yagi and location finding of interference signals using 4 antennas and some mixers with LO shifted a few khz on each antenna to get a direction of a signal Fox Hunting RF. It's very handy for testing and can build many things with GNU software to decode signals. Very capable and extensive device. The Dolphin does things a bit quicker and requires less know how which makes it desirable for the lazy ones not wanting to learn how it works🤣 but still handy in a pinch. Hackrf one for the hackrf still needs more options and bugs fixed and it will be more capable in the future.

@NordicForgeDev Жыл бұрын

Finally I'll have a working universal remote.

@olypaidhacksontele 7 ай бұрын

*THIS IS WHY YOU'RE SUCH A PURE SOUL WHO ALWAYS LEND HIS HANDS WITH MONEY,I WISH THE WORLD HAS MORE PEOPLE LIKE YOU.WITHOUT YOU I WOULDN'T HAVE SETUP MY BUSINESS SUCCFULLY*

@Aarrax Жыл бұрын

This device i feel could easily be converted or installed into a Android phone i feel to make it less conspicuous. And maybe even expanded upon since it would also be a phone, imagine having kali nethunter and flipper zero run at the same time?

@PenAce Жыл бұрын

Great work David. I also deep-dived into the Flipper. It's a shame you didn't demonstrate the wifi board. What amazing things are possible!

@jerry------olypaidhacksonteleg 7 ай бұрын

*They have high integrity and are extremely knowledgeable in numerous Fields spanning investor relations finance and asset management perhaps most importantly they share out values and philosophies on how to conduct business and drive to their investors*

@martinkoziel9654 Жыл бұрын

@David Bombay does this little device also work as a jammer for smartphones? e.g to influence a phone-connection and put of the connection ?thx for your great work and videos

@NicksAutoThings Жыл бұрын

FYI microcenter has all the parts you need to make your own from scratch (although more bulky)

@sweatyearth7458 Жыл бұрын

oh i bet they also have the firmware to make the frankenstein device function too!

@zoejordan7635 Жыл бұрын

What’s the kit called? I just mostly see raspberry pi kits etc

@Xykaru Жыл бұрын

@@sweatyearth7458 You do realize this type of software is primitive right? It can be replicated or just downloaded online.

@DG-ej5nz Жыл бұрын

I really wish the companies that decide to launch Kickstarter campaigns did a better job at understanding the market. This is a prime example, Flipper Zero has not had stock in a long time (for US customers). In addition, it's the holiday season. At this point, I'm ready for another company to start building and selling these.

@sundayoyedele2862 Жыл бұрын

Yep. I like you David. Nice, clear and ethical demo. Thank you sir 😊👍🏼

@com-nm2ik Жыл бұрын

For the rfid you can use just a phone with nfc, for the IR you can also just use your phone, bluetooth you can also with a phone with bluetooth. Unfortunatly, I dont know if there is a way to use a phone as a bad usb, but bad usbs are pretty cheap, you can buy one for less than 15$

@TheEudaemonicPlague Жыл бұрын

That's pretty much what I was thinking. My old Galaxy S5, I think, has everything I need, other than the software it'd need...but I do have an IR remote program on it, which is the primary reason I keep it, since newer Galaxy S phones don't have IR anymore. I've had fun with using the remote app at bars, especially when someone decides to put some garbage on the nearest TV. I hadn't heard of "bad USB" devices before, but then, my interest in such things has waned over the decades. I suppose I'll have to look into the subject, now I'm aware of it.

@davidbombal Жыл бұрын

The Flipper Zero supports a range of features including the capture and replay of Sub 1 Ghz signals. You would need a PandwaRF or another device to capture and replay these types of signals with an Android phone. In the first part of the video I showed some clips about what others have done with the Flipper Zero (unlock cars, open boom gate, tesla etc), but as mentioned I did not show all it's capabilities in this video. See their website for more features such as iButton, GPIO etc

@com-nm2ik Жыл бұрын

@@davidbombal yeah, I know that, I just saw lots of people saying that they whould like something like this gadget, I was just showing that they don't need to spend that much money to accomplish the examples that you showed on the video. The tech in that gadget is amazing, but for most people a phone whould be better xD

@casualcampaigns Жыл бұрын

@@davidbombal Remember when you mislead more than 50% of this comment section into thinking you can clone credit cards with this

@nemesis4tunedagman427 Жыл бұрын

I believe your android phone can do most of the stuff that the flipper zero does. You just need it to have nfc and Bluetooth as hardware +Linux or a custom rom for android with open root.

@ksnax Жыл бұрын

The remote connection seems like the most unique feature. But otherwise, it's just a handy tool that.

@figgiefigueroa7372 Ай бұрын

I just love this channel even though I don't understand nothing 😂😂😂😂😂 Just the basics 😂😂 So far, I understand that's a scanner to scan internal codes and open it when you loose your remote?

@multiarray2320 Жыл бұрын

this device is awesome, but i managed to build myself a simpler version with the exact features that i wanted and it was much cheaper and is not restricted (some frequencies got removed from flipper zero). mine costs under 10 bucks and works at least as good as flipper zero (some features are missing of course). thanks for sharing the experience with this device :)

@justinschaaf3092 Жыл бұрын

Hi, do you mind sharing details?? I'm a computer engineering major and figure I can put one of these together myself as well.., the only ones I can find online are $300! 😰

@extinctions810 Жыл бұрын

@@justinschaaf3092 I am interested as well.

@multiarray2320 Жыл бұрын

the hardest part was programming the microcontroller. flipper zero made the source code open source but i had to figure out a lot of stuff on my own. building it wasnt too hard. you juat need to buy a 1-1000mhz antenna, a rfid reader and a 2.4 ghz antenna and connect the stuff with a decent enough microcontroller. i bought everything from aliexpress and i think it was just 10 bucks for everything. building it took 3 days and programming took about 3 months (with 1-4 hours a day).

@AntonioAugusto1010 Жыл бұрын

@@multiarray2320 so not cheaper when I make $50/hr I can just work for a day and buy this

@multiarray2320 Жыл бұрын

@@AntonioAugusto1010 yeah its more about the fun and education of making it. but now i could easily mass produce it and it would get cheaper than buying it ;)

@joshchouinard Жыл бұрын

Would a product like this work with ski passes? It would be cool to use this rather than carry around multiple passes.

@n1vv498 Жыл бұрын

Does it need the original key to “duplicate” the original ones? So, one must have access to the real key for the flipper to be usefull.

@jeranlucas6384 Жыл бұрын

Yes. For the most part. I’ve been researching and there are people who have gotten a hold of fuzzers for RFID keys and stuff. Meaning they can brute force they’re way into unlocking anything that used RFID

@johnfairchild3421 Жыл бұрын

Great channel ever. Great entertainment viewing

@jampskan5690 Жыл бұрын

Thank you for producing a video on this and making the flipper even more difficult to acquire for those who already knew about it!

@sirmonster76 Жыл бұрын

I like David Bombal but now I'm never getting one

@acostasanchez1 Жыл бұрын

crybabys

@reveladocientifico Жыл бұрын

Exactly! I thought the same thing 😢

@small3687 Жыл бұрын

I literally just went online to buy one after seeing this and of course sold out. I see how criminals are obviously going to use this but honestly it's got way more practical time saving applications for anyone that is a DIYer.

@entimarisangathi2542 Жыл бұрын

Keep going with this content huge respect

@davidbombal Жыл бұрын

Thanks, will do!

@QuaaludeCharlie Жыл бұрын

Thank you very Much .

@loneranger5928 Жыл бұрын

So basically the Flipper Zero could clone a Yubico or another security key in transit to the recipient. As there is no RFID Blocking in the envelope / package. Thanks David fo r this i nvaluable information 👍👍

@andrewsmail8307 Жыл бұрын

Elder Scrolls VI is next big thing I waiting for however seeing this cool device and writing my own rubber ducky scripts this has gone to #1 on Christmas list lol. Smart vid. I cancelled the RFID on my card years ago as I watched this being demonstrated on a lecture.

@Miller_Time Ай бұрын

Wut

@mrbrent62 Жыл бұрын

If you have normal access to a building where everyone uses rfid to access it. You can walk in close enough to another employee and gain access to the building. So you do have to be careful.

@GIRLYMECHANIC Жыл бұрын

Wow just like James bond and macgyver all in one.. Can't wait to get one and be a super villan opening hotel safes and changing the color of everyones bookshelf leds 😎 I'll bet it even wirelessly wipes the hotel cctv dvr so I never get found out. I heard it also teleports the cash out of your wallet and locates the kill switch in your car.

@kam8361 Жыл бұрын

Great video very educational thanks!

@wonkywonky6307 Жыл бұрын

This might just be one of the coolest and most useful products I've ever seen. I'd have it and use it everyday if it weren't so expensive.

@com-nm2ik Жыл бұрын

@BrianG61UK Жыл бұрын

@@YachtyBurner I had a phone that could send IR. I used to use it to change the channel on the TV. It couldn't read IR though, only send. The feature was called IR Blaster.

@oBdurate Жыл бұрын

@@BrianG61UK Yup, really miss when phones used to have IR blasters like my Galaxy S5. Highly underrated feature with the right apps and now it's almost entirely extinct.

@elmariachi5133 Жыл бұрын

Oh, you can get the money value back pretty fast!

@charlesthomas135 Жыл бұрын

@@BrianG61UK fortunately IR blasters are remarkably easy to build and code. It was one of the first projects I ever built before going to college for engineering

@DeeJayBonk Жыл бұрын

The ir remote is enough for me . Used to have a watch that would control anything ir it was awesome 👌

@Cobrancrx Жыл бұрын

Casio CMD 10💪

@scareyaf Жыл бұрын

Same with my old mp3 player funny enough lol. Was great fun switching tv's and aircons off at school back in the day.

@ZebbMassiv Жыл бұрын

Scary to even try to obtain one. I bet one would end up on a watch list in the best case scenario.

@shaswatasarkar4133 10 ай бұрын

Whoever made it is a legend

@gorishokgo5825 Жыл бұрын

Guys, just try to bite magnetic locks and similar devices with a shocker ( self defence ) . If nothing happened - try to change the settings/power . It is a 100% simple lock opener

@trevorgoldman594 Жыл бұрын

This device is pretty cool and has some amazing capabilities. Regarding the card reader and emulating a cc or key fob - how close do you have to be to the device in order to clone it? As with many vulnerabilities, if you have the original (CC or key fob), why bother cloning? Great video and always a fan of showing people that what you think is safe, probably isn't!

@luimu Жыл бұрын

Well I can definitely think about ways for cloning to be useful. For example let's say you visit a hotel, you can grab the opener card and come back week later to pick up anything you wish from the room from the next visitors with your very own key.

@trevorgoldman594 Жыл бұрын

@@luimu I absolutely agree that the tool is amazing and has many uses. Hadn't thought of that use case but would hope that hotels encrypt the current guest name with the room number. As always, we security experts can never anticipate all scenarios.

@alexejtolstoy735 Жыл бұрын

The design is hilarious! Does Flipper refer to flipping someone/off? It looks like a kids toy and has a childish dolphin(love the dolphins design and animations) but being such an advanced piece of tech😂