Flipper Zero: Hottest Hacking Device?

Поделиться
HTML-код
  • Опубликовано: 24 дек 2024

Комментарии • 4,3 тыс.

  • @oa5828
    @oa5828 2 года назад +7257

    Like it or not, this stuff being public and available will only work to allow people to learn the vulnerabilities of their technology so they can better secure it. The most dangerous hacking devices are the ones not known of much by the public or at all. Like the Stingray phone trackers used by police for some time before they were exposed.

    • @wtfdoiputhere
      @wtfdoiputhere 2 года назад +2

      or tiktok skids making people lives worse for stupid likes and validation online

    • @raylopez99
      @raylopez99 2 года назад +137

      Apparently in the USA a shipment was intercepted by customs but then released to the public.

    • @kevinslattery5748
      @kevinslattery5748 2 года назад +27

      Where's the 2nd comment bad YT?

    • @Crozzzbonez0
      @Crozzzbonez0 2 года назад +194

      @@kevinslattery5748 youtube like to shadowban comments sometimes for whatever reason. They make it so it looks like the comment went through on your end but nobody else can actually see it. That might be why it’s bugged.

    • @kevinslattery5748
      @kevinslattery5748 2 года назад +98

      @@nemod.8310 No, it's not thar crazy. What is crazy is that safe maker employing inherently unsafe tech for an application that demands high security.
      The safe is effectively worthless.

  • @SoloKyoto
    @SoloKyoto 2 года назад +4344

    My favorite part is the programmer put so much effort into the dolphin animations.

    • @leflyxdvd
      @leflyxdvd 2 года назад +47

      duh because its such a bs device lol you need the other device for it to properly work. it needs to be able to read a device to use its properties....

    • @raksh9
      @raksh9 2 года назад +45

      Thumbs up from dolphin!

    • @operationscomputer1478
      @operationscomputer1478 2 года назад +8

      YET HE SAYS IT STILL NEEDS TO BR REBOOTED OFTEN

    • @edgaromar9196
      @edgaromar9196 2 года назад +7

      That's another feature that made me buy one!

    • @kaelthunderhoof5619
      @kaelthunderhoof5619 2 года назад +40

      Looks like some old Pokedex animations.

  • @preethamuppar5540
    @preethamuppar5540 3 месяца назад +294

    The efficiency of this *Deep web experts on the WEB* is next level. To juggle walk throughs of various angles on the topic delivered to-camera, different content per topic from various folks underneath the umbrella of the track list of the larger big band concert itself is engaging and refined. To make a dense access like this so digestible is really something. Awesome work *Deep web experts on the WEB* !!

  • @filipbronola536
    @filipbronola536 2 года назад +2127

    I love the UI on that thing, cute yet so incredibly powerful

    • @lonnpton5239
      @lonnpton5239 2 года назад +103

      the dolphin is a good choice

    • @generic6099
      @generic6099 2 года назад +55

      i wanna get it just for the UI alone tbh.
      (and then mainly use it as a secondary backup remote or near radio keyring)

    • @peteypete9357
      @peteypete9357 2 года назад +7

      The ui is just a dolphin and scrolling text. Just say you like the dolphin; the text is soo effortless.

    • @ArcYT
      @ArcYT 2 года назад +45

      @@lonnpton5239 It's genius, dolphin was perfect choice because of echolocation and sounds

    • @lonnpton5239
      @lonnpton5239 2 года назад +10

      @@ArcYT yes and its big brain

  • @MartialGlobe
    @MartialGlobe 2 года назад +1184

    When something like this gets to the public, I always wonder what kind of devices are out there that we haven't even had a glimpse of yet

    • @tigreactivo517
      @tigreactivo517 2 года назад +1

      Tons. You don't even want to see the ones the government has.

    • @MartialGlobe
      @MartialGlobe 2 года назад +31

      @@tigreactivo517 I mean that the predator drone was a thing in the early 1990s is already frightening enough - tbh I feel like I don't even wanna know

    • @eckoofthebat44
      @eckoofthebat44 2 года назад +55

      Like the USB cables with hacking software in the cable

    • @parallellevels5881
      @parallellevels5881 2 года назад +2

      So many!!

    • @UmiZoomR
      @UmiZoomR 2 года назад +12

      Universal remotes are pretty high tech, the infrared is straight bussing yo

  • @sventhesuperstud5858
    @sventhesuperstud5858 2 года назад +2370

    As an engineer, the newest piece of tech in my house is a printer and I keep a loaded handgun incase it does something unexpected lol

    • @Datwaltuhdawg
      @Datwaltuhdawg 2 года назад +210

      "Low on ink"

    • @midgardo4
      @midgardo4 2 года назад +91

      Can never trust those printers 🤣

    • @RawHeat100
      @RawHeat100 2 года назад +39

      damn right brother stay woke lol

    • @cirelancaster
      @cirelancaster 2 года назад +55

      It's been awhile since I've heard that joke

    • @charlest1121
      @charlest1121 2 года назад +30

      I’m watching RUclips on my printer too!

  • @8instantramen
    @8instantramen 2 года назад +1272

    Say what you want about the device but I love the charm and personality it has in its software. Now that’s someone who puts love in their product

    • @roastytoasty8559
      @roastytoasty8559 2 года назад +14

      i wonder what the minds of the people who create these devices are like.

    • @svenjorgensenn8418
      @svenjorgensenn8418 2 года назад +1

      @@roastytoasty8559 the are black hats who think it's white

    • @ALCRAN2010
      @ALCRAN2010 2 года назад +68

      @@roastytoasty8559 smart. They are smart

    • @jesseroberts1041
      @jesseroberts1041 2 года назад

      @@ALCRAN2010 But extreme degenerates too. Smart degenerates, which isn’t a great combo.

    • @SoroBoio
      @SoroBoio 2 года назад +4

      @@kitplaysmore7554 absolutely dangerous?💀 bro it's not what you think it is, it's definitely not dangerou

  • @BalaBugdale
    @BalaBugdale 5 месяцев назад

    Hey ppl, I'm a retired computer/IT person, Yet I still find *sentinel Recover* so informative and straight forward. Thanks for your advise and helping the people...........Great work and love watching.

  • @zeke3327
    @zeke3327 2 года назад +80

    I was looking at this piece of tech when they stated their kickstarter. It sounded like a great idea but was really ambitious at the time. I'm glad they were able to actually bring something to market.

  • @jaredflynn3750
    @jaredflynn3750 2 года назад +1674

    Stuff like this is why I'll never go for the whole "smart house" thing where everything including your damn coffee maker is a computer or connected to the net. Too many vulnerabilities too many exploits too many surveillance devices.

    • @Belnick6666
      @Belnick6666 2 года назад +100

      just imagine the chaos when we start using nano bots for health issues.....just use this and tell them to stop the heart or something lol

    • @cjramseyer
      @cjramseyer 2 года назад +83

      Having a Smarthome IS NOT the problem. Using devices that depnd on a cloud or internet connection is the problem. Everything demonstrated here is interesting, but all requireschaving relatively close proximity. The point being, a smarthome is nothing to be afraid of, but make sure that devices that only need local access for control. Not Alexa and Google Home, and know how the devices can be controlled.

    • @jaredflynn3750
      @jaredflynn3750 2 года назад +10

      @@cjramseyer I'm just sketched out by any kind of wireless devices because it means they can still be manipulated by other Wireless signals people always find a way to exploit any kind of remote connectivity even if it's not connected to the internet directly necessarily

    • @ok.ok.5735
      @ok.ok.5735 2 года назад +3

      True you could catch someone’s house on fire or rob it while they are away or worse if you think too hard about it. But I would agree that’ll not catch on with me either for the reasons you stated

    • @succesful01
      @succesful01 2 года назад +11

      You got a phone ? Too late

  • @GloriousGrunt
    @GloriousGrunt 2 года назад +234

    Feels like the video started as "this thing is dangerous!" but as the video goes on it's more like "hey this thing is kinda handy" lol

  • @dougfoster445
    @dougfoster445 Год назад +12

    I am a college teacher that teaches electricity. I bought this today and was playing around with it in class with my students. They loved it and actually really learned alot about the importance of EM frequencies.

    • @1989TaylorsVersiom
      @1989TaylorsVersiom 6 месяцев назад +1

      Thats actually really cool. Awesome! 🫶💙🫶

  • @syckles
    @syckles 2 года назад +1238

    This is basically the real life equivalent of Batman's hacking tool from the Arkham games.

    • @rickeydart3040
      @rickeydart3040 2 года назад +44

      Man, it sure is convenient all these passwords are a single word.

    • @mandybaker8544
      @mandybaker8544 2 года назад +1

      Right!

    • @Primeval-Frost
      @Primeval-Frost 2 года назад +7

      Or a sonic screwdriver

    • @afkmh2392
      @afkmh2392 2 года назад +3

      Nothing will ever be as advanced as what Batman has

    • @dave4347
      @dave4347 2 года назад +6

      Does it come in black?

  • @jas_bataille
    @jas_bataille 2 года назад +1036

    This guy : "See that's bad idea"
    The lockpicking lawyer : "Here we have a demonstration of the hardest way to open this safe. Now I am going to use a fork..."

    • @vasiovasio
      @vasiovasio 2 года назад +49

      Fork?!? Cmon, just a paperclip is enough!

    • @SuperSayinSolidSnek
      @SuperSayinSolidSnek 2 года назад +60

      Opening a lock with it's own packaging will always be a highlight to me

    • @m4inline
      @m4inline 2 года назад +9

      With a tomato.

    • @XxXKillJoyXxX
      @XxXKillJoyXxX 2 года назад +9

      With this spec of dust

    • @Atombombz7
      @Atombombz7 2 года назад +5

      Ive seen em break into a car using nothing but his shoelace its wild

  • @XxNightmare128xX
    @XxNightmare128xX 2 года назад +50

    For about $200 this seems like a pretty awesome master controller for all my devices

  • @misterkaos.357
    @misterkaos.357 2 года назад +995

    Who knew something so adorable could be so dangerous!

    • @Narites
      @Narites 2 года назад +25

      I know right. I told my mom its just a toy and she trusted me because it looked like one, i bought it and i do many things with it

    • @Mr_cheese..
      @Mr_cheese.. 2 года назад +25

      @@Narites 🤨

    • @Chino0420
      @Chino0420 2 года назад +18

      @@Narites imma tell your mommy..

    • @kaelthunderhoof5619
      @kaelthunderhoof5619 2 года назад +45

      @@Narites mom's cabinet starts vibrating.

    • @Beans2231
      @Beans2231 2 года назад +5

      @@kaelthunderhoof5619 🤣🤣🤣🤣

  • @leonardoguerrero444
    @leonardoguerrero444 2 года назад +280

    This is really useful for many things as well. I saw someone copy a card onto some of those blue tags, so they can have extra keys to their appartment building, for family and etc

    • @pwntwtf
      @pwntwtf 2 года назад +12

      I was thinking how useful it would be to have a spare set of apartment keys, or a garage key in case you ever lose or forget yours. It definitely has its uses that don't involve doing bad.

    • @Lothar526
      @Lothar526 2 года назад +4

      well u can always make an extra copy of the key where you get the first one

    • @burymeinversace
      @burymeinversace 2 года назад +18

      @@Lothar526 a lot of apartments charge you $50+ for extras

    • @Lothar526
      @Lothar526 2 года назад +5

      @@burymeinversace really? wow thats a lot! im not from the US.

    • @ryansinclaire8463
      @ryansinclaire8463 2 года назад +3

      @@pwntwtf Or every remote in your house. Id take it everywhere, seems super useful in a pretty small size.

  • @SagarKumar-o1m9p
    @SagarKumar-o1m9p 5 месяцев назад

    The efficiency of this *sentinel Recover* is next level. To juggle walk throughs of various angles on the topic delivered to-camera, differnet content per topic from various folks underneath the umbrella of the track list of the larger big band concert itself is engaging and refined. To make a dense taccess like this so digestible is really something. Awesome work *sentinel Recover* !!

  • @traceyevans2757
    @traceyevans2757 2 года назад +145

    It’s like a personal master key. I’d use it for exactly that

  • @Jesterponed
    @Jesterponed 2 года назад +6

    I've been waiting to see more of the flipper. I tried pre-ordering one on the website and for some reason I was not able to. If it's perchable right now I would buy as many as I can. This is such a useful tool. I had a friend who had one and he let me test it out and he can bypass almost anything.

  • @blindsniper35
    @blindsniper35 2 года назад +436

    Problem with RFID blockers is a lot of them work all right until somebody puts a parking garage overhead scan unit in a laptop bag. A lot of blockers can be read straight through with such a device, it just depends on how sophisticated of an attacker you're worried about.

    • @madhurindian
      @madhurindian 2 года назад +5

      Hmm, possible solution?

    • @PySnek
      @PySnek 2 года назад +92

      @@madhurindian faraday cage

    • @zaa1414
      @zaa1414 2 года назад +31

      Would the issue there be the device in the bag's signal is too strong for the bag to contain?
      Man I wish I had goggles that let me see as much of the electromagnetic spectrum as possible at once.

    • @zaa1414
      @zaa1414 2 года назад +15

      I have an app that visualizes some radio and microwave signals and I have a thermal cam, seeing UV spectrum can be done too but I'd like to integrate it all into one view

    • @blindsniper35
      @blindsniper35 2 года назад +26

      @@zaa1414 I'm referencing a defcon presentation. I can't remember exactly who was presenting, anyways it's was made into a portable rig that they put into a laptop bag. It didn't really need a ton of power and it was set up to dump the credentials of every tag it could interrogate. It's definitely the sort of thing pen testers make.
      No it would be quite unpleasant to be around any sort of RF source strong enough/(at the right frequencys) to damage the materials in a laptop bag. Let me put it this way, the microwave heats things using radio waves (at about 2.4 GHz) using something like a kilowatt of power. The food containers in the microwave are made out of very similar materials as a laptop bag.
      Those readers are probably operating at something like 1 watt at the absolute maximum maybe 5 at a much lower frequency. There's Federal limits on what you're allowed to put out into the radio spectrum. I have absolutely no idea how much power you would have to output at that frequency to get material degradation and a laptop bag. but I know I don't want to be near it.(I think it would probably be easier to measure it in power substations)

  • @vishnuvardhan489
    @vishnuvardhan489 5 месяцев назад

    The efficiency of this *TECH SAFE GUARDIAN* is next level. To juggle walk throughs of various angles on the topic delivered to-camera, differnet content per topic from various folks underneath the umbrella of the track list of the larger big band concert itself is engaging and refined. To make a dense access like this so digestible is really something. Awesome work james!!

  • @ksousajr
    @ksousajr 2 года назад +6

    Just placed my order using your code, hopefully you get a kickback from it.. Love your content, it's hard to find someone who's willing to ask the right questions to the right people and share what they've gained from it.. You Rock David!

  • @SakaraCoyfox
    @SakaraCoyfox 2 года назад +73

    That's actually kinda scary that these things are just kinda out in the wild, but that also means that more people like you are able to teach us more about them so we know how to protect ourselves.

    • @Flaggyt
      @Flaggyt Год назад +10

      There is absolutely nothing special special with this thing, RFID scanners/copiers/writers are available for decades, same as the universal remote controllers. And it can mimic a wireless keyboard/mouse. *Facepalm.
      The only difference is that this looks like a toy with a dolphin animation.
      And notice this thing only works if you have the master RFID tag in your possession to copy it. You could do that ten years ago with cheaper hardware.
      Notice the lack of mass creditcard scanning scams in the last ten years. You can scan my creditcard but you can't use that for paying anywhere so it is useless, but hey you can open my hotel safe after I let you scan my creditcard ofcourse and I let you in my hotel room wafter I told which room... in which hotel.
      This thing is total bullshit and it's only function is scamming wannabee "hackers" who don't have a clue out of their money.

    • @Death4500
      @Death4500 Год назад +4

      I have one these I use to copy my car fobs , my tv remote and troll my coworkers by changing tv channels.

  • @DOGMA1138
    @DOGMA1138 2 года назад +142

    You should've explicitly mentioned that this doesn't allow you to clone payment cards, the CSN/UID of the credit card have nothing to do with contactless payments, Flipper Zero cannot access the bankcard data. Contactless payments requires a fully encrypted handshake where the PoS sends an encryption key which is encrypted or signed using the a key held by the issuer the card would only transmit the card details if it successfully decrypts/authenticates the PoS key and those details would ofc be encrypted using the PoS keys.
    Whilst "contactless skimming" is possible it's only possible with valid PoS terminals, unfortunately it's fairly easy to get the PoS contactless reader and account needed for it and the scams rely on flaws in the KYC processes of payment processors such as Square to achieve it.
    Contactless EMV transactions are by far the most secure method of transaction we have right now even more so than chip and pin and there are no known direct attacks that impact these trasnactions.

    • @4Abaddon4
      @4Abaddon4 2 года назад +14

      This, and it's also nothing new. I can even copy or emulate nfc uid with my smartphone.
      Much more interesting ist the convince to copy 433 MHz signals often used by garage doors and such

    • @edenjung9816
      @edenjung9816 2 года назад +1

      Damn.
      I was commenting above that i could Just save my Bankcard on the Flipper and use that instead of carrying the cards.

    • @jetseverschuren
      @jetseverschuren 2 года назад

      That's not quite accurate. Bank cards will happily send lots of information to anyone that asks (the EMV spec is public, if you're interested). POS systems do use RSA and signed keys, but only to verify the card is who it says who it is, so cloning is still impossible

    • @DOGMA1138
      @DOGMA1138 2 года назад +4

      @@edenjung9816 You can't and if ever a device like that would be available you wouldn't want too unless it's an approved contactless payment device such as your phone or smart watch.
      Cloning cards is still a criminal offense even if they are your own cards.
      This would eventually get noticed in store and on public transport and cops can get called and good luck explaining to them what a Flipper Zero is.
      And even the criminal case would go no where when your issuer finds out you'll be fucked and good luck getting a chargeback ruled in your favor ever again for your entire life that is if you would be able to get another card issued.

    • @DOGMA1138
      @DOGMA1138 2 года назад +5

      ​@@jetseverschuren It's quite accurate, no cardholder data is ever sent over the wire before the card authenticates the PoS and any cardholder data sent by the card is always encrypted.
      If you have control over a PoS that has access to issuer keys or the issuer network and can trigger a contactless transaction and the PoS does not uses P2PE you will get enough CHD to make additional transactions but cloning the EMV chip is impossible.
      However I don't know of any contactless PoS's at least that are attainable to regular merchants that do not employ P2PE which means that the merchant never sees any CHD at all as all the transactions would be end to end encrypted and tokenized.
      Older Chip and Pin PoSs were not required to use P2PE however most if not all EMV terminals from the last 5 or so years are P2PE terminals.
      Some of the larger merchants such as huge retailers might have been allowed to retrofit their PoSs with contactless payments without it being P2PE but any retrofits I've seen were usually a separate payment channel and were P2PE.
      All the "IOT" card readers such as those from Square and SumUp and the likes are all P2PE so you can only do charge skimming on those since as an attacker you'll never see any card holder details.

  • @b98a4c37
    @b98a4c37 2 года назад +47

    UID emulation is not nearly enough to emulate a yubikey's cryptographic functionality. You would need to extract private key information which requires much more extreme tactics. If you were using your yubikey merely as an RFID tag this would work, but that's not what people use yubikeys for

    • @MaksKCS
      @MaksKCS 2 года назад +7

      Yeah I was dumbfounded when he even suggested bypassing yubikeys 2fa

  • @AstralPhnx
    @AstralPhnx 2 года назад +28

    Can we just talk about how cool that cute little interface is? I love the attention to detail

  • @Mocxing
    @Mocxing 2 года назад +175

    Honestly I love the UI so much, what a cute and unsuspecting dolphin!

    • @jas_bataille
      @jas_bataille 2 года назад +8

      The dolphin isn't a random choice. They can be some of the most cruel animals. They can hunt, torture, and rape their own species or other.

    • @Mocxing
      @Mocxing 2 года назад +3

      oh I know about the "other species" part with some of the hentai I've seen where the dolphin is "connected" to an anime girl~ yup!

    • @ZVLIAN
      @ZVLIAN 2 года назад +7

      @@Mocxing bruh

    • @wrongtown
      @wrongtown 2 года назад

      He's always so MAD at me though 😅

    • @mrcoco3562
      @mrcoco3562 2 года назад +1

      It's copyright from Gameshark

  • @NoName-zz9ls
    @NoName-zz9ls 2 года назад +555

    Pentesting aside, this device seems really useful to just have around

    • @edenjung9816
      @edenjung9816 2 года назад +51

      I could simply save all my cards on it and Not carry them around with me. That would be cool.

    • @olkazzshitpostvod9578
      @olkazzshitpostvod9578 2 года назад +22

      the problem is that spending 170$ just for something you are going to use times to times is annoying

    • @doop00
      @doop00 2 года назад +8

      I was thinking the same, like the big boom of universal remotes in the 90's.

    • @kazi_
      @kazi_ 2 года назад +26

      @@edenjung9816 you can already do that in your phone

    • @libertyprime9307
      @libertyprime9307 2 года назад +24

      Do you guys not have phones?

  • @deafomega
    @deafomega 2 года назад +23

    I remember having homebrew on my PSP that used the IR to be a universal remote. Same method to train it so I had all my friends remotes saved as different profiles. Then I didn't have to look around for one when we were chillin. It was great at home as well, since we had so many IR remotes. I could quickly switch from playing my game over to other tasks, similar to ALT + Tab on PC.

  • @ooltimu
    @ooltimu 2 года назад +46

    You can read only what's public from the credit card's rfid and that's usually what is already physically written on the card (except the CVC of course). You can do this with any phone supporting rfid (most of them nowadays), but that's not actually cloning the card. The chip on the card is a minicomputer with cryptographic capabilities and that allows to make payments secure.

    • @ooltimu
      @ooltimu 2 года назад +9

      @@Username-2 watched only 1 or 2 videos from this channel and he doesn't seem so knowledgeable... or maybe it's just for views and interaction

    • @brakahiphop
      @brakahiphop Год назад

      What you said

  • @lescoe
    @lescoe 2 года назад +200

    I wish more people realized security is a placebo. Literally everything is vulnerable, even people. Thank you for this video.

    • @raduradu334
      @raduradu334 2 года назад +2

      Putin is not

    • @azultequila5114
      @azultequila5114 2 года назад

      Even you

    • @Xerion404
      @Xerion404 2 года назад +4

      Especially people

    • @hummingbird_saltalamakia
      @hummingbird_saltalamakia 2 года назад +16

      I would say especially people.
      Security is a placebo...
      Okay, so don't lock your doors, might as well just leave them open in that case.
      There are certainly things that can be and are secure in the world.

    • @stedmangg
      @stedmangg 2 года назад +2

      @@hummingbird_saltalamakia Exactly. Some people just wanna sound smart.

  • @MalcomHeavy
    @MalcomHeavy 2 года назад +1216

    I was originally extremely concerned about this piece of tech.
    Now, having learned about it, it's not as threatening as it looked. You have to have access to the original key sets and cards to copy for the ball to even start rolling.
    Just be careful with your wallet, as we have all been told since the dawn of wallets.

    • @0525ohhwell
      @0525ohhwell 2 года назад +86

      Yeah, that's my take as well. Not nearly as impressive as I expected.

    • @RhythmEmotions
      @RhythmEmotions 2 года назад +53

      Couldn't you just stand in a crowd and scan people's pockets that have wallet's in to get the card info ?

    • @MalcomHeavy
      @MalcomHeavy 2 года назад +19

      @@RhythmEmotions Yes. There wouldn't be anything stopping someone from doing that.
      That's why it's important to have an RFID blocking wallet. Do keep in mind that with this device, you would need to have the device extremely close to a card to copy the data.
      Many people carry multiple cards in their wallets. It would be very difficult for someone to know what card they are copying without removing the card from the wallet and scanning it.
      For example. Someone could be touching the device to someone's back pocket, and be copying someone's bus pass, or someone's hotel room key instead of their credit or debit cards.

    • @RhythmEmotions
      @RhythmEmotions 2 года назад +5

      @@gimme0cookies as long as this device doesn't become like the device on prison break lol

    • @RhythmEmotions
      @RhythmEmotions 2 года назад +2

      @@MalcomHeavy definitely buying an RFD wallet lol

  • @AbsolemLNG
    @AbsolemLNG 2 года назад +18

    None of this is that wild but having it all in one device is pretty neat.

  • @DareToBeDeviant
    @DareToBeDeviant 2 года назад +14

    If a safe doesn't have a knob/lever/keyhole then it's likely going to give the user problems. With that said, the safe used in this demo can be considered complete garbage even before David did anything to it. Casually shopping for "safe" devices online (7 years now?) has resulted in hundreds of negative comments regarding 1) junk quality, 2) the inability to open the thing even with proper clearance [a huge complaint with biometric fingerprint scanners], and 3) sometimes opening way too easily due to bad firmware or flawed physical internals. I think once upon a time Sentry had a model that could be opened with proper magnet placement, no code required.
    My primary has a digital pad, a separate battery backup box, keys, and can be alarmed. Get yourself something with any combination of these features and bolt it to the wall/floor.

  • @kingjer125
    @kingjer125 2 года назад +245

    I know this is a stupid use but for someone that has a bunch of keycards for work or for personal use it would be cool to have one device I can use to unlock everything, as well as a good trick to have a random rfid card I use unlock something unexpectedly.

    • @ocavant
      @ocavant 2 года назад +44

      This is exactly why I bought one. So I can make a new one and not have to pay $35 each time to the company for a new card. Oh, and all the other cool things it does will be worth the hundred and change.

    • @the_seeker.entity9206
      @the_seeker.entity9206 2 года назад +30

      Only safety thing is it does become a master key for your life for anyone malicious

    • @steve00alt70
      @steve00alt70 2 года назад +3

      @@ocavant what if the delivery companies know what these are and then make it illegal?

    • @GswervinTV
      @GswervinTV 2 года назад +8

      Sounds like the mark of the beast

    • @revengeof1307
      @revengeof1307 2 года назад +1

      @@GswervinTV but its not because nothing is being put into your skin.

  • @definite11
    @definite11 2 года назад +149

    Imagine the dangers if a driver thru worker had one of these

    • @tankprohp
      @tankprohp 2 года назад +11

      Pay in cash no issue

    • @sh4rdz.
      @sh4rdz. 2 года назад +3

      wym lol dont hand them your card

    • @davidyong2129
      @davidyong2129 2 года назад +33

      You could work at McDonald’s for one day and retire lol

    • @xfy123
      @xfy123 2 года назад +11

      You don't need this to read cards legit any smartphone whit NFC can read and save card info

    • @haveyouseengeorgehennen
      @haveyouseengeorgehennen 2 года назад +7

      You don't need to give them your card, they pass you the reader, pay cash in places you find sketchy and you should be using credit cards instead of debit's by now.

  • @jasoncrandall
    @jasoncrandall 2 года назад +77

    Credit card to operate a hotel room safe? I’ve never seen this before.

    • @vasiovasio
      @vasiovasio 2 года назад +14

      Bad ideas Everywhere! :)

    • @ro.7427
      @ro.7427 2 года назад +12

      It has been around for years but has always been a bad idea

  • @manastudu6729
    @manastudu6729 5 месяцев назад

    It just kept glitching on me when i tried this video tutorial. Thank you for this video firstly & Secondly thank you *sentinel Recover* I can’t get to the part of video selfie meeting you was a blessing in disguise. Keep up with the good work a lot of people will be needing your assistance in the nearest future.

  • @TheCrash0veride
    @TheCrash0veride 2 года назад +230

    I saw the kickstarter campaign and figured it would be something that would be quickly banned or never allowed. After they blew wayyyy past the goal I ended up snagging one on preorder. After having it a short while I ended up jumping on a restock early on and now have a backup. But being an A/V- IT tech this thing is extremely valuable. When you setup customers with a universal remote they lose the individual device remotes that are sometime still needed. But I have every ir device I would ever need in my pocket. I was able to bypass the need to buy expensive programmed rfid badges, as I now just buy cheap t5577 tags that can emulate a range or rfid protocols and write them for the employees. The bad usb for automated installation of programs for remote assistance for IT clients. I’ve even copied the company garage door with the subghz. This thing is extremely powerful and even more so with custom firmware. And it’s cool to see you made a very informative video on it. I love your content and it has helped stuff me further down the rabbit hole of cyber security. But as a yubikey user myself I’m happy to say, That it can read/copy/emulate it, but it sees it as an unkown and assumes it’s nfc type a so the phone won’t read it as a key. Or at all in the app.

    • @binary_badg3r
      @binary_badg3r 2 года назад

      Why/how would this be banned?

    • @TheCrash0veride
      @TheCrash0veride 2 года назад +12

      @@binary_badg3r i was a noob when it first hit on kickstarter. It was marketed as a “hacking multi tool” I just figured with it’s power and ease of use it would have been something that the fcc would’ve pushed back on. But I guess I was thinking they were gonna act more like the atf and a cool gun. But in the end I realized it’s basically treated like a computer. Sure it had the potential to do a lot of bad. But it all depends on the intentions of the user.

    • @slickstretch6391
      @slickstretch6391 2 года назад +6

      @@TheCrash0veride Kinda like guns. Or drugs.

    • @thePyiott
      @thePyiott 2 года назад +4

      @@TheCrash0veride yeah its not hi tech by any means. You can make your own with parts from your local supermarket. It's open source to so you don't really have to do any coding

    • @TheCrash0veride
      @TheCrash0veride 2 года назад +5

      @@thePyiott I wish I could find components like these at my local supermarket. Radio shack died over here so there’s no electronic hobby stores anywhere now. They want to do away with the right to repair.

  • @jas_bataille
    @jas_bataille 2 года назад +57

    Honestly I'll buy one just because I can have a single device to do all those things. I'd copy my own remotes and cards, and use it to copy remotes in hotel rooms and so on. There are a ton cool legal and smart uses of this to copy the tools you would normally have access too into a single device.

    • @andrew3606
      @andrew3606 2 года назад +8

      Please do not put your own credit cards into this device dude

    • @yeenking
      @yeenking 2 года назад

      @@andrew3606 why?

    • @andrew3606
      @andrew3606 2 года назад +3

      @@yeenking Because the company that makes these would have your credit card info to use or sell

    • @yeenking
      @yeenking 2 года назад +4

      @@andrew3606 but how? This device isn't online

    • @andrew3606
      @andrew3606 2 года назад +12

      @@yeenking He synced the devices data to his phone in the video

  • @joemck74
    @joemck74 2 года назад +9

    If Flipper can be remote controlled than all somebody has to do is get it into your bag or glovebox or whatever, then they can use the various functions to suck everything they want out of your wallet/car/key-fob etc, then they just have to get the Flipper back - with probably won't be too hard of they 've cloned your keys.

  • @com-nm2ik
    @com-nm2ik 2 года назад +26

    For the rfid you can use just a phone with nfc, for the IR you can also just use your phone, bluetooth you can also with a phone with bluetooth. Unfortunatly, I dont know if there is a way to use a phone as a bad usb, but bad usbs are pretty cheap, you can buy one for less than 15$

    • @TheEudaemonicPlague
      @TheEudaemonicPlague 2 года назад +1

      That's pretty much what I was thinking. My old Galaxy S5, I think, has everything I need, other than the software it'd need...but I do have an IR remote program on it, which is the primary reason I keep it, since newer Galaxy S phones don't have IR anymore. I've had fun with using the remote app at bars, especially when someone decides to put some garbage on the nearest TV.
      I hadn't heard of "bad USB" devices before, but then, my interest in such things has waned over the decades. I suppose I'll have to look into the subject, now I'm aware of it.

    • @davidbombal
      @davidbombal  2 года назад +4

      The Flipper Zero supports a range of features including the capture and replay of Sub 1 Ghz signals. You would need a PandwaRF or another device to capture and replay these types of signals with an Android phone. In the first part of the video I showed some clips about what others have done with the Flipper Zero (unlock cars, open boom gate, tesla etc), but as mentioned I did not show all it's capabilities in this video. See their website for more features such as iButton, GPIO etc

    • @com-nm2ik
      @com-nm2ik 2 года назад

      @@davidbombal yeah, I know that, I just saw lots of people saying that they whould like something like this gadget, I was just showing that they don't need to spend that much money to accomplish the examples that you showed on the video. The tech in that gadget is amazing, but for most people a phone whould be better xD

  • @JL-gg5ib
    @JL-gg5ib 2 года назад +149

    We used to do this with Android phones when RFID reader apps first hit the App Store. You can do pretty much all of this on an android phone

    • @mathew1979
      @mathew1979 2 года назад +7

      With kali lunex lol

    • @ChrisSmithy
      @ChrisSmithy 2 года назад +30

      You can do most of it on an iPhone too. I don’t understand the fuss about this product, it’s all stuff that has been done for years with much cheaper products or often with the phones we all carry every day anyway. Seems like a complete waste of money to me.

    • @maniaksgaming6739
      @maniaksgaming6739 2 года назад +13

      @@ChrisSmithysimply say your broke with out saying your broke 😂

    • @ChrisSmithy
      @ChrisSmithy 2 года назад +41

      @@maniaksgaming6739 haha. Nice try. More accurately, I’m someone in the trade who understands these products need to be disposable or more undetectable.

    • @Scumbag138
      @Scumbag138 2 года назад +1

      @@ChrisSmithy Can you give examples as to how? Do you need a rooted phone? I've been trying to emulate some work cards and tried a few apps, can't seem to find anything to emulate. I have Android

  • @mrbrent62
    @mrbrent62 2 года назад +4

    If you have normal access to a building where everyone uses rfid to access it. You can walk in close enough to another employee and gain access to the building. So you do have to be careful.

  • @PinkiKumari-ww8lj
    @PinkiKumari-ww8lj 3 месяца назад

    There is no doubt that you will rise fast at the apex of your career *THE TECH SAFE GUARDIAN* . Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of Impossible by becoming PRO at tackling Problems. You Rock!

  • @davidbombal
    @davidbombal  2 года назад +210

    Big thanks to Lab401 for sending me some cool toys :)
    // Discount //
    Get a 5% discount using my affiliate link : lab401.com/r?id=42cm8b
    and/or use code DAVIDBOMBAL
    The Flipper Zero must be one of the most in demand hacking tools of 2022. A fantastic RFID / NFC / Infrared and more tool :)
    Flipper Zero: lab401.com/products/flipper-zero?variant=42927883452646
    // Video mentioned //
    2 seconds to open a safe: ruclips.net/video/X990ZNA2Tog/видео.html
    // Great resources //
    Awesome Flipper: github.com/djsime1/awesome-flipperzero
    Bad USB: github.com/nocomp/Flipper_Zero_Badusb_hack5_payloads
    // Lab401 //
    Twitter: twitter.com/Lab_401
    Website: lab401.com/
    RUclips: ruclips.net/user/lab401
    // David's SOCIAL //
    Discord: discord.gg/davidbombal
    Twitter: twitter.com/davidbombal
    Instagram: instagram.com/davidbombal
    LinkedIn: www.linkedin.com/in/davidbombal
    Facebook: facebook.com/davidbombal.co
    TikTok: tiktok.com/@davidbombal
    RUclips Main Channel: ruclips.net/user/davidbombal
    RUclips Tech Channel: ruclips.net/channel/UCZTIRrENWr_rjVoA7BcUE_A
    RUclips Clips Channel: ruclips.net/channel/UCbY5wGxQgIiAeMdNkW5wM6Q
    RUclips Shorts Channel: ruclips.net/channel/UCEyCubIF0e8MYi1jkgVepKg
    Apple Podcast: davidbombal.wiki/applepodcast
    Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
    // MY STUFF //
    www.amazon.com/shop/davidbombal
    // SPONSORS //
    Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
    flipper zero
    flipper
    flipperzero
    hack
    hacking
    rfid
    nfc
    bluetooth
    infrared
    radio
    gpio

    • @randompotato5761
      @randompotato5761 2 года назад

      Your late old man

    • @darooh9815
      @darooh9815 2 года назад +1

      Glad you got what you backed on kickstarter. Backed 3 items in 2019 never received and Kickstarter does nothing to help nor do the originators reply.

    • @ferdydek
      @ferdydek 2 года назад +1

      Please remember russian products are currently subject to international sanctions.

    • @wakjagner
      @wakjagner 2 года назад

      Good sir, What was the RFID blocker you were using with your cards?

    • @-kingofsaiyannappa-9057
      @-kingofsaiyannappa-9057 2 года назад +2

      Can it run Cyberpunk 2077????

  • @JohnCorrUK
    @JohnCorrUK 2 года назад +8

    David what a joy to come across your informative video - RFID protector going on my shopping list!

  • @lolotrololo2275
    @lolotrololo2275 2 года назад +50

    I wouldn't call this a hacking device, more like a convenience tool. It just combines multiple tools in one device.

    • @Bos_Meong
      @Bos_Meong 2 года назад +1

      yes. It still need the "consent" of both device to be "hacked"

    • @thecoolestofthe834s2
      @thecoolestofthe834s2 2 года назад

      im not pointing this gun at your head im just motivating you powerfully, go back to scamming grandmas pos

    • @exuberant8385
      @exuberant8385 2 года назад +3

      Yes, it is a hacking device with an evil person. Trust no one.

    • @ksnax
      @ksnax 2 года назад +1

      Anything that can take, manipulate, or use technology in ways it was not intended to be used, legal, innovative, or nefariously, is a hack. If one devises a way to warm their flip flops in a toaster without burning their house down before putting them on, it's a hack.

    • @Markustempest
      @Markustempest 2 года назад

      @@Bos_Meong that’s how most hacking works.

  • @timothyhewitt6736
    @timothyhewitt6736 2 года назад +2

    Great sales pitch 👍 for a minute you aalmost had me worried. Nothing your average smartphone can't do 🤣

  • @kuroshm
    @kuroshm 2 года назад +13

    “You can’t get a hold of one”
    …I guess I should open the box that’s been sitting in the corner of my room for the last 4 months

    • @holyapex8195
      @holyapex8195 2 года назад +1

      Ship it? Lol I'll pay I want one like now I have so many devices i can use with this

    • @mschweers
      @mschweers 2 года назад

      Yeah, this got me to dig out my second, unopened one and play with it, because my first is in the glove box of my car. I had lots of plans for it originally, but the pandemic kind of put the kibosh on almost all of them. It's nice to have, but it turns out I don't use it as much as I expected. Still love it, and am very happy I backed it.

  • @ubermind-tim
    @ubermind-tim 2 года назад +79

    Thanks David. Excellent review and excellent product. Your video underscores the need for storing RFI devices inside some sort of RFI blocking devices, be they wrappers and bags.

  • @BluePulseFlyer
    @BluePulseFlyer 2 года назад +7

    Really would love to get my hands on one of these, not for anything malicious but to fulfill the child hood dream of having one remote to do everything like in the TV show Hey Arnold

    • @2k7u
      @2k7u 2 года назад

      Haha there's thewandcompany that used to make epic sonic screwdrivers from doctor who, I had one the 10th doctor's universal controller sonic, epic quality and did a lot of trolling with it, I almost got 12th doctor's sonic which is even betterm had an extra functionality of emmiting IR at random to "guess" what signal a TV for example used to shut it down

  • @paoloposo
    @paoloposo Год назад +1

    I personally don't see view as a new threat - people have been attacking door systems etc like this for years. The difference is, now this technology is placed more easily in the hands of everyone instead of it being restricted to power users or hackers. There is a long history in information technology of trying to achieve security through obscurity. Flipper Zero is merely exposing bad design and bad implementation in a viral way where suddenly, people talk about it. There is no magic, it doesn't suddenly break systems that were secure before. But if it makes people aware of the flaws in many tech products and puts pressure on the manufacturers to put some actual effort into the design of their products, I believe that's a good thing.

  • @marsrocket
    @marsrocket 2 года назад +37

    If you have physical access to the cards you want to emulate, you’re already most of the way to using them anyway. What’s the big deal about an rfid reader?

    • @sadskalmar6714
      @sadskalmar6714 2 года назад +5

      u can scan someone's else card from their pocket for example. So basically someone can grab your card info when standing behind you in a line in store.

    • @JamesPhillipsOfficial
      @JamesPhillipsOfficial 2 года назад +4

      @@sadskalmar6714 not with RFID protected wallet or card case. Yes it's a stealth hack, but it can be prevented. Stop using a "normal" physical wallet

    • @MarionStevensJr
      @MarionStevensJr 2 года назад +2

      @@JamesPhillipsOfficial exactly the point he made early in the video.

    • @raylopez99
      @raylopez99 2 года назад +1

      @@JamesPhillipsOfficial If you believe some in the industry, this is rare. And this (internet): "Most credit card chips are not RFID-capable. Today’s chip-embedded credit cards don’t actually transmit any information that could be captured without inserting the card in a reader."

    • @BoraHorzaGobuchul
      @BoraHorzaGobuchul 2 года назад +1

      @@sadskalmar6714 yeah, good luck with that. You have to know where the card is exactly, and be able to sneakily get the device in close proximity, while the target is moving. All that without raising suspicion in the target and any bystanders. Furthermore, people usually have multiple cards in their wallet, which usually makes reading them via NFC impossible.

  • @DiXDragan
    @DiXDragan 2 года назад +22

    You are NOT reading credit cards, it just reads the UID of the chip. Try using you passport to lock the safe, it's going to work like every other NFC chip. The ID of the chip is always the same and has nothing to do with credit card security or anything similar.

    • @pimas11
      @pimas11 2 года назад +2

      How would you use a passport to lock the safe? Which kinds of passports have NFC or RFID on them? Or do you mean electronic id cards?

    • @DiXDragan
      @DiXDragan 2 года назад

      @@pimas11 All of them that have the ICAO logo.

    • @BlackSlimShady
      @BlackSlimShady 2 года назад +1

      Exactly what I am thinking, its simply a software problem. All of the devices with security issues just need to stop checking that the rfid devices has the same ID, as clearly thats not safe anymore, and start checking that the rfid device contains some sort of secret

  • @NicksAutoThings
    @NicksAutoThings 2 года назад +14

    FYI microcenter has all the parts you need to make your own from scratch (although more bulky)

    • @sweatyearth7458
      @sweatyearth7458 2 года назад +4

      oh i bet they also have the firmware to make the frankenstein device function too!

    • @zoejordan7635
      @zoejordan7635 2 года назад

      What’s the kit called? I just mostly see raspberry pi kits etc

    • @XykuJoxa
      @XykuJoxa 2 года назад +2

      @@sweatyearth7458 You do realize this type of software is primitive right? It can be replicated or just downloaded online.

  • @thetruthhurts4147
    @thetruthhurts4147 Год назад

    So fun when everyone and their dog does a flipper zero tutorial and then over night they are being banned from online sales. THANKS SO MUCH FOR THIS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  • @nemesis4tunedagman427
    @nemesis4tunedagman427 2 года назад +6

    I believe your android phone can do most of the stuff that the flipper zero does. You just need it to have nfc and Bluetooth as hardware +Linux or a custom rom for android with open root.

    • @ksnax
      @ksnax 2 года назад

      The remote connection seems like the most unique feature. But otherwise, it's just a handy tool that.

  • @gomergomez1984
    @gomergomez1984 2 года назад +58

    Now someone needs to invent an alarm that goes off if someone is trying to scan your stuff.

    • @picklerick2200
      @picklerick2200 2 года назад +6

      Too many false positives maybe?

    • @ionrael
      @ionrael 2 года назад +2

      everything okey homer's alarm. Sounds every second until something is not okey. But it broke easely

    • @TheNathanTR
      @TheNathanTR 2 года назад +7

      Maybe just ask the guy who is pressing up against your leg trying to make contact with your cards WTF he is doing?

    • @gomergomez1984
      @gomergomez1984 2 года назад +1

      @@TheNathanTR fortunately I live in an area where someone pressing up against me better worry more about what’s on me than other than credit cards…

    • @fujiwara478hp
      @fujiwara478hp 2 года назад

      @@gomergomez1984 found the texan

  • @gtsport3881
    @gtsport3881 2 года назад +9

    At this point I realize the best place to save important stuff is in the mattress 🙃

  • @MdAzad-dc3qt
    @MdAzad-dc3qt 5 месяцев назад

    This channel is the sole exception where I haven't skipped the promo ads. Your finesse in effortlessly integrating promotional content within your videos is genuinely impressive. Sometimes, it takes a moment to recognize that you're endorsing anything; I commend *sentinel Recover* for your adept execution in this aspect

  • @ericrichardson3332
    @ericrichardson3332 2 года назад +46

    The copying of cards and stuff was interesting but not that worrying as it seemed like you have to touch the card with the device before it can read it , if it could read cards at a distance away it would be scarier in my opinion

    • @apotheoz9196
      @apotheoz9196 2 года назад +3

      @@pyro23431 contactless payments are limited to a certain value and each RFID payment code is unique for each transaction. Someone who bumps you could maybe steal your 20-50 bucks but that's way better than actually stealing your card.

    • @GoGrabYourShineBox
      @GoGrabYourShineBox 2 года назад +6

      remember that the next time a waiter walks away with your card.

    • @stevenbjerke2825
      @stevenbjerke2825 Год назад

      Buckle up! search for "Pringles can antenna".

  • @drxym
    @drxym 2 года назад +60

    Probably only works in the most basic cases, e.g. replaying RFID info since most RFIDs and NFC protecting things like banks cards will have challenge / response mechanisms.

    • @meateaw
      @meateaw 2 года назад +33

      Yep, I almost laughed out loud when he said you might be able to emulate yubikey for 2 factor.
      This guy's videos are great, but sometimes you gotta wonder what they think some of this technology they use actually does.

    • @theagent578
      @theagent578 2 года назад

      Interesting. There are videos of people using this thing in place of a credit card successfully. I wonder how they are doing it.

    • @NicholasHorvath
      @NicholasHorvath 2 года назад +5

      @@meateaw He just flops an RFID lock on the table like LOOK guys! I mean come on. flipper nfc/rfid is so limited that besides cloning your mifare tag or nintendo amiibo it's practically worthless

    • @wrongtown
      @wrongtown 2 года назад +2

      @@meateaw Uh, you should look into the device mate. U2F no big deal.

    • @meateaw
      @meateaw 2 года назад

      @@wrongtown exactly, it's a super simple protocol that can't be cloned by copying the NFC because it uses a challenge response mechanism that never shares the private keys.

  • @hinro
    @hinro 2 года назад +25

    I think the bigger security risk here is not noticing someone rubbing up against you then following you around.

    • @randomaccessfemale
      @randomaccessfemale 2 года назад +2

      Yes, but just take it to a local vet. That will take care of it.

    • @hummingbird_saltalamakia
      @hummingbird_saltalamakia 2 года назад +1

      @@randomaccessfemale that's doesn't make any sense

    • @ZeddisDead
      @ZeddisDead 2 года назад

      @@hummingbird_saltalamakia neuter

  • @IOSALive
    @IOSALive 3 месяца назад

    David Bombal, I liked this video because it's awesome!

  • @Aarrax
    @Aarrax 2 года назад +6

    This device i feel could easily be converted or installed into a Android phone i feel to make it less conspicuous. And maybe even expanded upon since it would also be a phone, imagine having kali nethunter and flipper zero run at the same time?

  • @KeithAlumbaugh
    @KeithAlumbaugh 2 года назад +15

    With the non-standard firmware I can capture raw from a car key fob and replay it, but it doesn't actually break the encryption. If you know anything about rolling codes, you know how limited this can be.

    • @BonBaisers
      @BonBaisers 2 года назад +4

      It is called a rolling code. Most of radio doors/parkings/car key fobs are impossible to copy, no worries, you are fine.

    • @autohmae
      @autohmae 2 года назад

      @@BonBaisers I really wonder how a Yubikey works for this (I would expect publlic/private key)

  • @stevegee6494
    @stevegee6494 2 года назад +26

    Man sometimes I think how could anyone do something in a place they're not allowed to be when security cameras are now either decent enough and extremely cheap, very very good and reasonably priced, or expensive but you could zoom in to a detail half a pixel wide at least 130 feet away that was there 8 days ago. But then I see tech like this and understand there's still a balance between offense and defense.

  • @georgemakalatia5616
    @georgemakalatia5616 3 месяца назад

    Thanks for all your time and efforts you really do fantastic JOB for the community !!!!

  • @Wip3ou7
    @Wip3ou7 2 года назад +31

    What happens if you have 2 or 3 credit cards stacked together like they would be in a wallet? Would it still read one or all of them, or would it get confused?

    • @hotwheelz8232
      @hotwheelz8232 2 года назад

      You just need an rfid blocking wallet, protects your cards from any hacks

    • @terminal9660
      @terminal9660 2 года назад +1

      You can select multiple and copy them all. this device seems very useful to have because it just looks like an MP3 player to the unsuspecting eye.

    • @terminal9660
      @terminal9660 2 года назад +1

      By that i mean less likely to be stolen

    • @paulden3158
      @paulden3158 2 года назад

      @@terminal9660 nobody uses mp3 players anymore

    • @terminal9660
      @terminal9660 2 года назад

      @@paulden3158 Precisely. Nobody would want to steal it due to it not looking enticing

  • @multiarray2320
    @multiarray2320 2 года назад +13

    this device is awesome, but i managed to build myself a simpler version with the exact features that i wanted and it was much cheaper and is not restricted (some frequencies got removed from flipper zero). mine costs under 10 bucks and works at least as good as flipper zero (some features are missing of course). thanks for sharing the experience with this device :)

    • @justinschaaf3092
      @justinschaaf3092 2 года назад +4

      Hi, do you mind sharing details?? I'm a computer engineering major and figure I can put one of these together myself as well.., the only ones I can find online are $300! 😰

    • @extinctions810
      @extinctions810 2 года назад +2

      @@justinschaaf3092 I am interested as well.

    • @multiarray2320
      @multiarray2320 2 года назад +8

      the hardest part was programming the microcontroller. flipper zero made the source code open source but i had to figure out a lot of stuff on my own. building it wasnt too hard. you juat need to buy a 1-1000mhz antenna, a rfid reader and a 2.4 ghz antenna and connect the stuff with a decent enough microcontroller. i bought everything from aliexpress and i think it was just 10 bucks for everything. building it took 3 days and programming took about 3 months (with 1-4 hours a day).

    • @AntonioAugusto1010
      @AntonioAugusto1010 2 года назад +2

      @@multiarray2320 so not cheaper when I make $50/hr
      I can just work for a day and buy this

    • @multiarray2320
      @multiarray2320 2 года назад +2

      @@AntonioAugusto1010 yeah its more about the fun and education of making it. but now i could easily mass produce it and it would get cheaper than buying it ;)

  • @TheGreatWasian_
    @TheGreatWasian_ 2 года назад +194

    You can’t open the safe without the original card to copy tho so I feel like the safe is still pretty secure🤣

    • @AncientEvilSaiyan
      @AncientEvilSaiyan 2 года назад +21

      right ! i thought i was the only one who thought this

    • @FUUUUU1111
      @FUUUUU1111 2 года назад +64

      Yeah. This thing is a universal remote + rfid reader/writer and emulator. Why the hell is it considered a hacking device at all? 😂

    • @GhostSenshi
      @GhostSenshi 2 года назад +36

      You walk by the dude and read his card in his pocket.

    • @leflyxdvd
      @leflyxdvd 2 года назад +41

      @@GhostSenshi pocket, leather, double leather will not let that happen especially with such a small device the reader aint xray my guy.

    • @FriendxA
      @FriendxA 2 года назад +5

      /wooosh

  • @vanithavanitha3924
    @vanithavanitha3924 5 месяцев назад

    Awesome work, *TECH SAFE GUARDIAN* ! It's so satisfying to see you putting in the effort to stop those shady characters. Protecting the public, especially the elderly, from those despicable con artists is crucial. You truly deserve recognition and appreciation for keeping us secure. I'm thrilled for you because you're my sibling. Your accomplishments definitely make you a strong contender for the Nobel Peace Prize. Keep up the outstanding performance!!!!!

  • @sevenhazee
    @sevenhazee 2 года назад +7

    I miss my galaxy S6. I could change tv channels at public places that had a TV. Was hilarious watching how confused everyone was 🤣

  • @joshchouinard
    @joshchouinard 2 года назад +4

    Would a product like this work with ski passes? It would be cool to use this rather than carry around multiple passes.

  • @Showerskittles
    @Showerskittles 2 года назад +4

    I have a rather peculiar question that might be kinda obvious. But if the flipper zero can emulate a card in theory couldn't I use it as a more secure way to store my own personal cards?

    • @Petrolhead912
      @Petrolhead912 2 года назад +1

      I do that already with my iPhone

    • @r0bo11
      @r0bo11 2 года назад +1

      the flipper doesn't store credit card encryption keys. So, no.

  • @Sarat_entertainment
    @Sarat_entertainment 5 месяцев назад

    There is no doubt that you will rise fast at the apex of your career *TECH SAFE GUARDIAN* . Because you are a very intelligent, smart, hard worker and your work ethic par excellence. Keep going People like you take the IM out of IMpossible by becoming PRO at tackling PROblems. You Rock!

  • @a.v.3531
    @a.v.3531 2 года назад +3

    Is it possible to use the app instead of having the actual physical flipper?

  • @zenreeio13IIIIl
    @zenreeio13IIIIl 2 года назад +64

    So if you have access to the key, you can open the lock??? 😱😱😱
    Biggest security problem of 2022!!!

    • @GSTamer
      @GSTamer 2 года назад +6

      This is what i also thought. How is this an security issue?

    • @fungus4024
      @fungus4024 2 года назад +6

      well you need just 1 sec in contact with the key, then you just have it

    • @jimsmith3715
      @jimsmith3715 2 года назад +6

      Yeah, you've always been able to sit next to someone and easily copy their RFID tag and then use a copy of their key 🙄

    • @cancaryan
      @cancaryan 2 года назад +10

      @alekos xainas as with most "hacking", it's social engineering that gets you to the keys, but you're mistaken here about buying stuff online; the RFID signal from a card isn't going to contain card data in an easily accessible way, probably hashed and irretrievable

    • @zenreeio13IIIIl
      @zenreeio13IIIIl 2 года назад +9

      @alekos xainas Say "I don't know what I'm talking about" without saying it:

  • @4wkes64
    @4wkes64 Год назад

    RDIF Read and Write can be done from your phone..
    Some phones support IR but you can purchase cheap devices to Read/Send IR Signals..

  • @Oxim-fz3so
    @Oxim-fz3so 2 года назад +16

    I wonder if keeping 2 rfid cards close together would prevent them from being read

    • @BoraHorzaGobuchul
      @BoraHorzaGobuchul 2 года назад +1

      Well take two cards and try to pay for something. Won't work.

    • @Oxim-fz3so
      @Oxim-fz3so 2 года назад +2

      @@BoraHorzaGobuchul so there is no need for rfid protective wallets, just put 2 cards together. rfid wallet industry hates them for this one simple trick.

  • @CLGPerformance
    @CLGPerformance 2 года назад +4

    HackRF has really taught me a lot about vulnerability of today's devices along with long distant signal testing with a Yagi and location finding of interference signals using 4 antennas and some mixers with LO shifted a few khz on each antenna to get a direction of a signal Fox Hunting RF. It's very handy for testing and can build many things with GNU software to decode signals. Very capable and extensive device. The Dolphin does things a bit quicker and requires less know how which makes it desirable for the lazy ones not wanting to learn how it works🤣 but still handy in a pinch. Hackrf one for the hackrf still needs more options and bugs fixed and it will be more capable in the future.

  • @5wholepizzas284
    @5wholepizzas284 2 года назад +66

    They really just created watch dogs in real life

    • @kyberite
      @kyberite 2 года назад +3

      time to go back to sticks and stones

    • @-_Nuke_-
      @-_Nuke_- 2 года назад +4

      Watch dolphins to be exact :D

    • @userdwna7414
      @userdwna7414 2 года назад

      and not even 5 mins into ur nerds watch dog session it turned into call of duty and ur the one got hunted by cpt price

  • @Adamlogen12
    @Adamlogen12 Год назад +238

    Just wanted to share how my AirTag smart wallet saved me from an RFID hack. Its built-in RFID-blocking shield protected my cards, and the Find My app on my iPhone helps me locate my wallet.

    • @olegj285
      @olegj285 Год назад +1

      Could you share an example of how it saved you from such an attack? It would be helpful to hear a specific instance of how the RFID-blocking shield worked for you. Thanks

    • @Adamlogen12
      @Adamlogen12 Год назад

      @@olegj285 sure bro, a few weeks ago, I was at a busy mall and felt a strange sensation in my pocket. After checking my wallet, I realized that someone was trying to scan my credit cards using zero flipper

    • @olegj285
      @olegj285 Год назад

      @@Adamlogen12 Wow, that's crazy! I'm glad your Air Tag smart wallet protected your cards from that kind of attack. By the way, where did you get your AirTag smart wallet? I'm interested in investing in one myself, and I'm curious about where people are finding the best quality

    • @olegj285
      @olegj285 Год назад

      thanks 🙏🏻 found them!

    • @OxaudioPhilly
      @OxaudioPhilly Год назад +17

      Fuckin bots are unreal anymore. 🤦🏻

  • @Athithan_2000
    @Athithan_2000 Год назад +1

    It’s literally a Digivice!🤩
    Go! Dolphinmon!

  • @LegacyGS
    @LegacyGS 2 года назад +14

    That’s one awesome tool, and the fact it’s called flipper with ascii art makes it so much better

    • @zach4505
      @zach4505 2 года назад +1

      The concept is awesome. The dolphin idea is a reference to the cyborg dolphin from a short story of William Gibson, people might recongize the reference from Johnny Mnemonic.

  • @trevorgoldman594
    @trevorgoldman594 2 года назад +10

    This device is pretty cool and has some amazing capabilities. Regarding the card reader and emulating a cc or key fob - how close do you have to be to the device in order to clone it? As with many vulnerabilities, if you have the original (CC or key fob), why bother cloning? Great video and always a fan of showing people that what you think is safe, probably isn't!

    • @luimu
      @luimu 2 года назад +1

      Well I can definitely think about ways for cloning to be useful. For example let's say you visit a hotel, you can grab the opener card and come back week later to pick up anything you wish from the room from the next visitors with your very own key.

    • @trevorgoldman594
      @trevorgoldman594 2 года назад +1

      @@luimu I absolutely agree that the tool is amazing and has many uses. Hadn't thought of that use case but would hope that hotels encrypt the current guest name with the room number. As always, we security experts can never anticipate all scenarios.

  • @diabloplays9591
    @diabloplays9591 2 года назад +15

    This is kinda scary especially in America where its normal for People to hand their cards to people behind counters

    • @nsanelyslippery
      @nsanelyslippery 2 года назад +3

      There aren’t any places you give someone a card other than restaurants. Every other place has pin pads

    • @ch40skappa64
      @ch40skappa64 2 года назад +3

      You can't use the flipper to clone credit cards and use them, it just saves the credit card number etc.

    • @RohxAirsoft
      @RohxAirsoft 2 года назад

      @@ch40skappa64 he just showed you can clone the RFID for transactions that require just tapping......🤷‍♂️

    • @kek_w6847
      @kek_w6847 2 года назад

      @@RohxAirsoft Try it, at best it will work only one time;)

    • @paoloposo
      @paoloposo Год назад +2

      @@RohxAirsoft Fortunately, that is not how payments work. In the demonstration in this video, the card simply reported its UID to the reader. The problem is that this is all that the safe requires. Smartcards can actually do much more than just report their UID; they can essentially run applications like any other computer and do cryptography, albeit in a much more reduced capacity. In a payment scenario, the terminal and the card would go through some protocol where the card can prove its identity without ever revealing its private key, so that it cannot be cloned.

  • @juanschmied4676
    @juanschmied4676 Год назад +1

    Thank you, your video is so instructive on security issues and a great tool. Are there other stuff like this ?

  • @jackx5750
    @jackx5750 Год назад +3

    Reaally cool device I'd be interested for the original msrp but I also feel like in terms of hacking, it's pretty impractical seeing as you have to intercept most signals in order to duplicate them. Unless the fuzzing functionality allows you to brute force a signal?

    • @KeyonKey
      @KeyonKey Год назад

      What's fuzzy function mean

    • @jackx5750
      @jackx5750 Год назад

      @@KeyonKey Fuzzing is a type of vulnerability testing in which you throw a bunch of different permuations of inputs to a program or service to see how it responds. In the exploit world it mostly boils down to trying to get a text input in a program to trip up and overflow the memory. They do this by figuring out vulnerabilities in the different functions that get called that work on the text you inputted. if an overflow occurs then the attacker can append "shellcode" to the text which is operating system specific machine code. in the context of fuzzing here I think I meant like brute forcing or running through a bunch of different frequencies on a receiver to see what opens a parking garage gate for example.

  • @nerol9929
    @nerol9929 2 года назад +56

    99% of us are shielded by anonymity. As a result, RFID emulation to access locks will be a highly specific use case of the gadget. However, I am confident that WIFI and Infrared emulation will be its primary application.

    • @johndododoe1411
      @johndododoe1411 2 года назад +14

      When you are out in the physical world, your identity is plainly visible or easily discovered. If this or a similar tool can read your mobile phone number while copying you key fob, they can catalog the keyfob as related to the phone number. A later online search will give them a short list of addresses that the keyfob can open. A ealk through a street or train will gather a pool of victims and they can choose the most valuable for silent break in the next day.

    • @yzrippin
      @yzrippin 2 года назад +2

      I've been locking people out of their Tesla's for the past few months it's fucking hilarious

    • @flummi6966
      @flummi6966 2 года назад +3

      @@yzrippin And then puberty hits

    • @wineweasel
      @wineweasel 2 года назад

      Most tags used for keys are encrypted so this wouldn't work

  • @JamesPhillipsOfficial
    @JamesPhillipsOfficial 2 года назад +8

    To be honest I have seen videos of Android phone performing a "skim" of someone's credit card down a elevator, they just used NFC and the right app. So the tech of this device is not new at all, it's just a different form factor

    • @BoraHorzaGobuchul
      @BoraHorzaGobuchul 2 года назад +3

      Well this device is not just limited to reading/emulating NFC.

    • @JanBebendorf
      @JanBebendorf 2 года назад +3

      ​@@BoraHorzaGobuchul Yep it can also speak BT and USB, like any smartphone can do. Older Samsung devices (Galaxy S4 to S6 for example) that are way cheaper than the flipper could even speak IR in case you want to control your grandma's old TV.

    • @RvLeshrac
      @RvLeshrac 2 года назад +1

      @@JanBebendorf It can also read a fairly wide variety of security devices. Your phone can't read or write an iButton, nor can it access the iButton reader. Your phone may only support a limited set of NFC and/or RFID implementations.

    • @davidbombal
      @davidbombal  2 года назад +5

      The Flipper Zero supports a range of features including the capture and replay of Sub 1 Ghz signals. Please explain how you could get an Android phone to capture and replay Sub-1 GHz signals without a PandwaRF or another device? For example capturing capture car remote signals and replaying those. In the first part of the video I showed some clips about what others have done with the Flipper Zero, but as mentioned I did not show all it's capabilities in this video. See their website for more features such as iButton, GPIO etc

  • @sarikadangarane3076
    @sarikadangarane3076 5 месяцев назад

    We need more immeasurably wise and compassionate humans like you on this planet. Thank you for sharing *sentinel Recover* , James. I bet I'm not alone when I say this video found me at the perfect moment, and there are a lot of things here that I needed to hear right now.

  • @Belnick6666
    @Belnick6666 2 года назад +42

    i do not even want to think how long jail time you would get in my country if you just got caught with a flipper zero on you

    • @ho0t0w1
      @ho0t0w1 2 года назад +2

      Where are you from

    • @nichtdave
      @nichtdave 2 года назад +20

      bro is from north korea or something

    • @nicolasmfa
      @nicolasmfa 2 года назад +2

      How could that be ilegal? The stuff that he showed can be done with your phone if u want

    • @suspiciousstew1169
      @suspiciousstew1169 2 года назад

      @@nicolasmfa There is support for some features, such as copying the nfc details of a card, but probably not the “Emulate UID” feature, from my personal experience.

  • @tommydarko1984
    @tommydarko1984 2 года назад +8

    Could someone emulate the emulator with a second Flipper? Like if you're using it legitimately for ease of use, what's stopping someone from stealing all those scripts?

    • @mrdeej7164
      @mrdeej7164 2 года назад

      Yes and quite easily too

  • @DeeJayBonk
    @DeeJayBonk 2 года назад +10

    The ir remote is enough for me . Used to have a watch that would control anything ir it was awesome 👌

    • @Cobrancrx
      @Cobrancrx 2 года назад

      Casio CMD 10💪

    • @scareyaf
      @scareyaf 2 года назад

      Same with my old mp3 player funny enough lol. Was great fun switching tv's and aircons off at school back in the day.

  • @chrisissun
    @chrisissun Год назад

    this is the best channel you need to do one on security forensics for RUclips videos, movie videos or digital art videos

  • @trebortech
    @trebortech 2 года назад +23

    You received 1 of 3 things from the YubiKey scan.
    1 - YubiOTP code (default) ex. ccccccllfvvibdbtbgttdgdrjnvcebdtgfcdrjrunnjf
    2 - Static password
    3- HOTP code ex. 72345924
    FIDO and PIV would be running a challenge over to be signed by a private key on the YubiKey. The Flipper would not have access to the private key.
    None of the the OTP codes from NFC scan are time based so they all would be valid. If, however, the user used the next code before you, yours would be invalid (except the password).
    Thanks for the video. I was wondering what the all fuss was about this. Seems like the form factor and ease of use in a single package is what it is. I also see that it has some GPIO pins on the top for a few more advance use cases.
    Only critique I have is that you shouldn't leave people hanging on YubiKey security. If you mention something like that you should take the time to close it out immediately or not show the content.

    • @RvLeshrac
      @RvLeshrac 2 года назад +1

      Agreed with the Yubikey.

    • @CodrTV1
      @CodrTV1 2 года назад

      Likewise. TOTP should be safe for the reasons you mention but I’d love to see someone try so we can know for sure.

  • @E167330
    @E167330 2 года назад +74

    Thank you so much for the information, this is absolutely insane that a single device can do all these things. And even though it is understood that this video is for demonstration only. What comes into mind is: what bad actor or criminal uses this type of device for malicious purposes, what kind of practices or techniques can be applied to defend ourselves from such a variety of attacks, which are kind of in between the physical and information type of attacks.
    One more time, thank you for your work

    • @StriderVM
      @StriderVM 2 года назад +2

      Thats why in the smplest terms, use RFID blocking devices in cards you DO NOT want to be scanned in a public setting.

    • @engineer0239
      @engineer0239 2 года назад +22

      And you know what? Your phone can probably do all these things too with the correct software.

    • @barodrinksbeer7484
      @barodrinksbeer7484 2 года назад +4

      Most bad actors already have made a device like this. For example I have an rfid reader from a car parking lot, which can scan straight through the a rfid blocker to a mini pi. Even though it takes time to scan then put the data onto a fake card/transmitter, its super easy to do after its done.

    • @barodrinksbeer7484
      @barodrinksbeer7484 2 года назад +10

      @@engineer0239 Im 90% sure you can do this with a default android phone. You used to be able to rfid scan cards and then save that data in google pay.

    • @_PatrickO
      @_PatrickO 2 года назад +1

      It is not insane. It is reality. You only need a few chips to cover all this spectrum. Anyone with minimal motivation can do these same things with freely available consumer electronics. The rfid stuff can likely be done by any cellphone with rfid built in.
      The issue is not the device, the issue are the vulnerable products multiple industries have ignored for years. They made devices with no security. The real solution is to add on security with a way for the owner of the car and only them to bypass or authenticate. Adding security without an owner bypass or authentication api just increases the chance that a modder trying to do something legal breaks the security to tinker with his owned property. Comma ai is a good example. They need to plugin to the canbus to add self driving features to different models of cars. Toyota slaps on encryption that the owner of the car has no bypass or authentication method for, so their is an effort to break the security which may help thieves. If car makers ensured owners had a bypass to security, then no one would worry about cracking the encryption and less scrupulous people wouldn't get to reuse legal modder bypasses to steal cars.
      Don't expect fixes because device makers won't give owners apis they can use to bypass security. So as they add security to devices, modders will crack it all.