Flipper Zero: Hottest Hacking Device?

Подписаться 2,5 млн

Просмотров 7 млн

50% 1

Big thanks to Lab401 for sending me some cool toys :)
The Flipper Zero must be one of the most in demand hacking tools of 2022. A fantastic RFID / NFC / Infrared and more tool :)
// Discount //
Get a 5% discount using my affiliate link : lab401.com/r?id=42cm8b
and/or use code DAVIDBOMBAL
// Video mentioned //
2 seconds to open a safe: • Wait, what? Only 2 sec...
// Great resources //
Awesome Flipper: github.com/djsime1/awesome-fl...
Bad USB: github.com/nocomp/Flipper_Zer...
// Lab401 //
Twitter: / lab_401
Website: lab401.com/
RU-vid: / lab401
// David's SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
RU-vid Main Channel: / davidbombal
RU-vid Tech Channel: / @davidbombaltech
RU-vid Clips Channel: / @davidbombalofficialclips
RU-vid Shorts Channel: / @davidbombalshorts
Apple Podcast: davidbombal.wiki/applepodcast
Spotify Podcast: open.spotify.com/show/3f6k6gE...
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// ATTRIBUTIONS //
Hackerland by Twin Musicom is licensed under a Creative Commons Attribution 4.0 licence. creativecommons.org/licenses/...
Source: www.twinmusicom.org/song/292/h...
Artist: www.twinmusicom.org
flipper zero
flipper
flipperzero
hack
hacking
rfid
nfc
bluetooth
infrared
radio
gpio
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#flipperzero #hack #hacking

Опубликовано:

20 окт 2022

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 4,2 тыс.

@SoloKyoto Год назад

My favorite part is the programmer put so much effort into the dolphin animations.

@leflyxdvd Год назад

duh because its such a bs device lol you need the other device for it to properly work. it needs to be able to read a device to use its properties....

@raksh9 Год назад

Thumbs up from dolphin!

@operationscomputer1478 Год назад

YET HE SAYS IT STILL NEEDS TO BR REBOOTED OFTEN

@edgaromar9196 Год назад

That's another feature that made me buy one!

@kaelthunderhoof5619 Год назад

Looks like some old Pokedex animations.

@oa5828 Год назад

Like it or not, this stuff being public and available will only work to allow people to learn the vulnerabilities of their technology so they can better secure it. The most dangerous hacking devices are the ones not known of much by the public or at all. Like the Stingray phone trackers used by police for some time before they were exposed.

@unknownlordd Год назад

or tiktok skids making people lives worse for stupid likes and validation online

@raylopez99 Год назад

Apparently in the USA a shipment was intercepted by customs but then released to the public.

@kevinslattery5748 Год назад

Where's the 2nd comment bad YT?

@Crozzzbonez0 Год назад

@@kevinslattery5748 youtube like to shadowban comments sometimes for whatever reason. They make it so it looks like the comment went through on your end but nobody else can actually see it. That might be why it’s bugged.

@kevinslattery5748 Год назад

@@nemod.8310 No, it's not thar crazy. What is crazy is that safe maker employing inherently unsafe tech for an application that demands high security. The safe is effectively worthless.

@GloriousGrunt Год назад

Feels like the video started as "this thing is dangerous!" but as the video goes on it's more like "hey this thing is kinda handy" lol

@misterkaos.357 Год назад

Who knew something so adorable could be so dangerous!

@Pheus11 Год назад

I know right. I told my mom its just a toy and she trusted me because it looked like one, i bought it and i do many things with it

@Mr_cheese.. Год назад

@@Pheus11 🤨

@Chino0420 Год назад

@@Pheus11 imma tell your mommy..

@kaelthunderhoof5619 Год назад

@@Pheus11 mom's cabinet starts vibrating.

@Beans2231 Год назад

@@kaelthunderhoof5619 🤣🤣🤣🤣

@filipbronola536 Год назад

I love the UI on that thing, cute yet so incredibly powerful

@lonnpton5239 Год назад

the dolphin is a good choice

@generic6099 Год назад

i wanna get it just for the UI alone tbh. (and then mainly use it as a secondary backup remote or near radio keyring)

@peteypete9357 Год назад

The ui is just a dolphin and scrolling text. Just say you like the dolphin; the text is soo effortless.

@ArcYT Год назад

@@lonnpton5239 It's genius, dolphin was perfect choice because of echolocation and sounds

@lonnpton5239 Год назад

@@ArcYT yes and its big brain

@8instantramen Год назад

Say what you want about the device but I love the charm and personality it has in its software. Now that’s someone who puts love in their product

@roastytoasty8559 Год назад

i wonder what the minds of the people who create these devices are like.

@svenjorgensenn8418 Год назад

@@roastytoasty8559 the are black hats who think it's white

@ALCRAN2010 Год назад

@@roastytoasty8559 smart. They are smart

@jesseroberts1041 Год назад

@@ALCRAN2010 But extreme degenerates too. Smart degenerates, which isn’t a great combo.

@SoroBoio Год назад

@@kitplaysmore7554 absolutely dangerous?💀 bro it's not what you think it is, it's definitely not dangerou

@MartialGlobe Год назад

When something like this gets to the public, I always wonder what kind of devices are out there that we haven't even had a glimpse of yet

@tigreactivo517 Год назад

Tons. You don't even want to see the ones the government has.

@MartialGlobe Год назад

@@tigreactivo517 I mean that the predator drone was a thing in the early 1990s is already frightening enough - tbh I feel like I don't even wanna know

@eckoofthebat44 Год назад

Like the USB cables with hacking software in the cable

@parallellevels5881 Год назад

So many!!

@UmiZoomR Год назад

Universal remotes are pretty high tech, the infrared is straight bussing yo

@sventhesuperstud5858 Год назад

As an engineer, the newest piece of tech in my house is a printer and I keep a loaded handgun incase it does something unexpected lol

@regularperson9297 Год назад

"Low on ink"

@midgardo4 Год назад

Can never trust those printers 🤣

@RawHeat100 Год назад

damn right brother stay woke lol

@cirelancaster Год назад

It's been awhile since I've heard that joke

@charlest1121 Год назад

I’m watching RU-vid on my printer too!

@deafomega Год назад

I remember having homebrew on my PSP that used the IR to be a universal remote. Same method to train it so I had all my friends remotes saved as different profiles. Then I didn't have to look around for one when we were chillin. It was great at home as well, since we had so many IR remotes. I could quickly switch from playing my game over to other tasks, similar to ALT + Tab on PC.

@ubermind-tim Год назад

Thanks David. Excellent review and excellent product. Your video underscores the need for storing RFI devices inside some sort of RFI blocking devices, be they wrappers and bags.

@jaredflynn3750 Год назад

Stuff like this is why I'll never go for the whole "smart house" thing where everything including your damn coffee maker is a computer or connected to the net. Too many vulnerabilities too many exploits too many surveillance devices.

@Belnick6666 Год назад

just imagine the chaos when we start using nano bots for health issues.....just use this and tell them to stop the heart or something lol

@cjramseyer Год назад

Having a Smarthome IS NOT the problem. Using devices that depnd on a cloud or internet connection is the problem. Everything demonstrated here is interesting, but all requireschaving relatively close proximity. The point being, a smarthome is nothing to be afraid of, but make sure that devices that only need local access for control. Not Alexa and Google Home, and know how the devices can be controlled.

@jaredflynn3750 Год назад

@@cjramseyer I'm just sketched out by any kind of wireless devices because it means they can still be manipulated by other Wireless signals people always find a way to exploit any kind of remote connectivity even if it's not connected to the internet directly necessarily

@ok.ok.5735 Год назад

True you could catch someone’s house on fire or rob it while they are away or worse if you think too hard about it. But I would agree that’ll not catch on with me either for the reasons you stated

@succesful01 Год назад

You got a phone ? Too late

@Adamlogen12 Год назад

Just wanted to share how my AirTag smart wallet saved me from an RFID hack. Its built-in RFID-blocking shield protected my cards, and the Find My app on my iPhone helps me locate my wallet.

@olegj285 Год назад

Could you share an example of how it saved you from such an attack? It would be helpful to hear a specific instance of how the RFID-blocking shield worked for you. Thanks

@Adamlogen12 Год назад

@@olegj285 sure bro, a few weeks ago, I was at a busy mall and felt a strange sensation in my pocket. After checking my wallet, I realized that someone was trying to scan my credit cards using zero flipper

@olegj285 Год назад

@@Adamlogen12 Wow, that's crazy! I'm glad your Air Tag smart wallet protected your cards from that kind of attack. By the way, where did you get your AirTag smart wallet? I'm interested in investing in one myself, and I'm curious about where people are finding the best quality

@olegj285 Год назад

thanks 🙏🏻 found them!

@OxaudioPhilly Год назад

Fuckin bots are unreal anymore. 🤦🏻

@kingjer125 Год назад

I know this is a stupid use but for someone that has a bunch of keycards for work or for personal use it would be cool to have one device I can use to unlock everything, as well as a good trick to have a random rfid card I use unlock something unexpectedly.

@ocavant Год назад

This is exactly why I bought one. So I can make a new one and not have to pay $35 each time to the company for a new card. Oh, and all the other cool things it does will be worth the hundred and change.

@the_seeker.entity9206 Год назад

Only safety thing is it does become a master key for your life for anyone malicious

@steve00alt70 Год назад

@@ocavant what if the delivery companies know what these are and then make it illegal?

@GswervinTV Год назад

Sounds like the mark of the beast

@revengeof1307 Год назад

@@GswervinTV but its not because nothing is being put into your skin.

@dougfoster445 Год назад

I am a college teacher that teaches electricity. I bought this today and was playing around with it in class with my students. They loved it and actually really learned alot about the importance of EM frequencies.

@syckles Год назад

This is basically the real life equivalent of Batman's hacking tool from the Arkham games.

@rickeydart3040 Год назад

Man, it sure is convenient all these passwords are a single word.

@mandybaker8544 Год назад

Right!

@Primeval-Frost Год назад

Or a sonic screwdriver

@afkmh2392 Год назад

Nothing will ever be as advanced as what Batman has

@dave4347 Год назад

Does it come in black?

@definite11 Год назад

Imagine the dangers if a driver thru worker had one of these

@tankprohp Год назад

Pay in cash no issue

@sh4rdz. Год назад

wym lol dont hand them your card

@davidyong2129 Год назад

You could work at McDonald’s for one day and retire lol

@xfy123 Год назад

You don't need this to read cards legit any smartphone whit NFC can read and save card info

@haveyouseengeorgehennen Год назад

You don't need to give them your card, they pass you the reader, pay cash in places you find sketchy and you should be using credit cards instead of debit's by now.

@b98a4c37 Год назад

UID emulation is not nearly enough to emulate a yubikey's cryptographic functionality. You would need to extract private key information which requires much more extreme tactics. If you were using your yubikey merely as an RFID tag this would work, but that's not what people use yubikeys for

@MaksKCS Год назад

Yeah I was dumbfounded when he even suggested bypassing yubikeys 2fa

@jas_bataille Год назад

This guy : "See that's bad idea" The lockpicking lawyer : "Here we have a demonstration of the hardest way to open this safe. Now I am going to use a fork..."

@vasiovasio Год назад

Fork?!? Cmon, just a paperclip is enough!

@ATSaale Год назад

Opening a lock with it's own packaging will always be a highlight to me

@m4inline Год назад

With a tomato.

@XxXKillJoyXxX Год назад

With this spec of dust

@Atombombz7 Год назад

Ive seen em break into a car using nothing but his shoelace its wild

@leonardoguerrero444 Год назад

This is really useful for many things as well. I saw someone copy a card onto some of those blue tags, so they can have extra keys to their appartment building, for family and etc

@pwntwtf Год назад

I was thinking how useful it would be to have a spare set of apartment keys, or a garage key in case you ever lose or forget yours. It definitely has its uses that don't involve doing bad.

@Lothar526 Год назад

well u can always make an extra copy of the key where you get the first one

@burymeinversace Год назад

@@Lothar526 a lot of apartments charge you $50+ for extras

@Lothar526 Год назад

@@burymeinversace really? wow thats a lot! im not from the US.

@ryansinclaire8463 Год назад

@@pwntwtf Or every remote in your house. Id take it everywhere, seems super useful in a pretty small size.

@XxNightmare128xX Год назад

For about $200 this seems like a pretty awesome master controller for all my devices

@JohnCorrUK Год назад

David what a joy to come across your informative video - RFID protector going on my shopping list!

@traceyevans2757 Год назад

It’s like a personal master key. I’d use it for exactly that

@Mocxing Год назад

Honestly I love the UI so much, what a cute and unsuspecting dolphin!

@jas_bataille Год назад

The dolphin isn't a random choice. They can be some of the most cruel animals. They can hunt, torture, and rape their own species or other.

@Mocxing Год назад

oh I know about the "other species" part with some of the hentai I've seen where the dolphin is "connected" to an anime girl~ yup!

@ZVLIAN Год назад

@@Mocxing bruh

@wrongtown Год назад

He's always so MAD at me though 😅

@mrcoco3562 Год назад

It's copyright from Gameshark

@MalcomHeavy Год назад

I was originally extremely concerned about this piece of tech. Now, having learned about it, it's not as threatening as it looked. You have to have access to the original key sets and cards to copy for the ball to even start rolling. Just be careful with your wallet, as we have all been told since the dawn of wallets.

@0525ohhwell Год назад

Yeah, that's my take as well. Not nearly as impressive as I expected.

@buckdaman8493 Год назад

If this doesn’t scare you then you must think you’re immune to social engineering attacks .. which means you’re more vulnerable than anyone 😮

@RhythmEmotions Год назад

Couldn't you just stand in a crowd and scan people's pockets that have wallet's in to get the card info ?

@MalcomHeavy Год назад

@@RhythmEmotions Yes. There wouldn't be anything stopping someone from doing that. That's why it's important to have an RFID blocking wallet. Do keep in mind that with this device, you would need to have the device extremely close to a card to copy the data. Many people carry multiple cards in their wallets. It would be very difficult for someone to know what card they are copying without removing the card from the wallet and scanning it. For example. Someone could be touching the device to someone's back pocket, and be copying someone's bus pass, or someone's hotel room key instead of their credit or debit cards.

@RhythmEmotions Год назад

@@gimme0cookies as long as this device doesn't become like the device on prison break lol

@DareToBeDeviant Год назад

If a safe doesn't have a knob/lever/keyhole then it's likely going to give the user problems. With that said, the safe used in this demo can be considered complete garbage even before David did anything to it. Casually shopping for "safe" devices online (7 years now?) has resulted in hundreds of negative comments regarding 1) junk quality, 2) the inability to open the thing even with proper clearance [a huge complaint with biometric fingerprint scanners], and 3) sometimes opening way too easily due to bad firmware or flawed physical internals. I think once upon a time Sentry had a model that could be opened with proper magnet placement, no code required. My primary has a digital pad, a separate battery backup box, keys, and can be alarmed. Get yourself something with any combination of these features and bolt it to the wall/floor.

@juanschmied4676 10 месяцев назад

Thank you, your video is so instructive on security issues and a great tool. Are there other stuff like this ?

@lescoe Год назад

I wish more people realized security is a placebo. Literally everything is vulnerable, even people. Thank you for this video.

@raduradu334 Год назад

Putin is not

@azultequila5114 Год назад

Even you

@Xerion404 Год назад

Especially people

@hummingbird_saltalamakia Год назад

I would say especially people. Security is a placebo... Okay, so don't lock your doors, might as well just leave them open in that case. There are certainly things that can be and are secure in the world.

@stedmangg Год назад

@@hummingbird_saltalamakia Exactly. Some people just wanna sound smart.

@blindsniper35 Год назад

Problem with RFID blockers is a lot of them work all right until somebody puts a parking garage overhead scan unit in a laptop bag. A lot of blockers can be read straight through with such a device, it just depends on how sophisticated of an attacker you're worried about.

@madhurindian Год назад

Hmm, possible solution?

@PySnek Год назад

@@madhurindian faraday cage

@zaa1414 Год назад

Would the issue there be the device in the bag's signal is too strong for the bag to contain? Man I wish I had goggles that let me see as much of the electromagnetic spectrum as possible at once.

@zaa1414 Год назад

I have an app that visualizes some radio and microwave signals and I have a thermal cam, seeing UV spectrum can be done too but I'd like to integrate it all into one view

@blindsniper35 Год назад

@@zaa1414 I'm referencing a defcon presentation. I can't remember exactly who was presenting, anyways it's was made into a portable rig that they put into a laptop bag. It didn't really need a ton of power and it was set up to dump the credentials of every tag it could interrogate. It's definitely the sort of thing pen testers make. No it would be quite unpleasant to be around any sort of RF source strong enough/(at the right frequencys) to damage the materials in a laptop bag. Let me put it this way, the microwave heats things using radio waves (at about 2.4 GHz) using something like a kilowatt of power. The food containers in the microwave are made out of very similar materials as a laptop bag. Those readers are probably operating at something like 1 watt at the absolute maximum maybe 5 at a much lower frequency. There's Federal limits on what you're allowed to put out into the radio spectrum. I have absolutely no idea how much power you would have to output at that frequency to get material degradation and a laptop bag. but I know I don't want to be near it.(I think it would probably be easier to measure it in power substations)

@JL-gg5ib Год назад

We used to do this with Android phones when RFID reader apps first hit the App Store. You can do pretty much all of this on an android phone

@mathew1979 Год назад

With kali lunex lol

@ChrisSmithy Год назад

You can do most of it on an iPhone too. I don’t understand the fuss about this product, it’s all stuff that has been done for years with much cheaper products or often with the phones we all carry every day anyway. Seems like a complete waste of money to me.

@maniaksgaming6739 Год назад

@@ChrisSmithysimply say your broke with out saying your broke 😂

@ChrisSmithy Год назад

@@maniaksgaming6739 haha. Nice try. More accurately, I’m someone in the trade who understands these products need to be disposable or more undetectable.

@AmbianceForAll Год назад

@@ChrisSmithy Can you give examples as to how? Do you need a rooted phone? I've been trying to emulate some work cards and tried a few apps, can't seem to find anything to emulate. I have Android

@joemck74 Год назад

If Flipper can be remote controlled than all somebody has to do is get it into your bag or glovebox or whatever, then they can use the various functions to suck everything they want out of your wallet/car/key-fob etc, then they just have to get the Flipper back - with probably won't be too hard of they 've cloned your keys.

@zeke3327 Год назад

I was looking at this piece of tech when they stated their kickstarter. It sounded like a great idea but was really ambitious at the time. I'm glad they were able to actually bring something to market.

@DOGMA1138 Год назад

You should've explicitly mentioned that this doesn't allow you to clone payment cards, the CSN/UID of the credit card have nothing to do with contactless payments, Flipper Zero cannot access the bankcard data. Contactless payments requires a fully encrypted handshake where the PoS sends an encryption key which is encrypted or signed using the a key held by the issuer the card would only transmit the card details if it successfully decrypts/authenticates the PoS key and those details would ofc be encrypted using the PoS keys. Whilst "contactless skimming" is possible it's only possible with valid PoS terminals, unfortunately it's fairly easy to get the PoS contactless reader and account needed for it and the scams rely on flaws in the KYC processes of payment processors such as Square to achieve it. Contactless EMV transactions are by far the most secure method of transaction we have right now even more so than chip and pin and there are no known direct attacks that impact these trasnactions.

@4Abaddon4 Год назад

This, and it's also nothing new. I can even copy or emulate nfc uid with my smartphone. Much more interesting ist the convince to copy 433 MHz signals often used by garage doors and such

@edenjung9816 Год назад

Damn. I was commenting above that i could Just save my Bankcard on the Flipper and use that instead of carrying the cards.

@jetseverschuren Год назад

That's not quite accurate. Bank cards will happily send lots of information to anyone that asks (the EMV spec is public, if you're interested). POS systems do use RSA and signed keys, but only to verify the card is who it says who it is, so cloning is still impossible

@DOGMA1138 Год назад

@@edenjung9816 You can't and if ever a device like that would be available you wouldn't want too unless it's an approved contactless payment device such as your phone or smart watch. Cloning cards is still a criminal offense even if they are your own cards. This would eventually get noticed in store and on public transport and cops can get called and good luck explaining to them what a Flipper Zero is. And even the criminal case would go no where when your issuer finds out you'll be fucked and good luck getting a chargeback ruled in your favor ever again for your entire life that is if you would be able to get another card issued.

@DOGMA1138 Год назад

@@jetseverschuren It's quite accurate, no cardholder data is ever sent over the wire before the card authenticates the PoS and any cardholder data sent by the card is always encrypted. If you have control over a PoS that has access to issuer keys or the issuer network and can trigger a contactless transaction and the PoS does not uses P2PE you will get enough CHD to make additional transactions but cloning the EMV chip is impossible. However I don't know of any contactless PoS's at least that are attainable to regular merchants that do not employ P2PE which means that the merchant never sees any CHD at all as all the transactions would be end to end encrypted and tokenized. Older Chip and Pin PoSs were not required to use P2PE however most if not all EMV terminals from the last 5 or so years are P2PE terminals. Some of the larger merchants such as huge retailers might have been allowed to retrofit their PoSs with contactless payments without it being P2PE but any retrofits I've seen were usually a separate payment channel and were P2PE. All the "IOT" card readers such as those from Square and SumUp and the likes are all P2PE so you can only do charge skimming on those since as an attacker you'll never see any card holder details.

@spottechnologies 2 месяца назад

One of The Best Part of your videos, Thanks David!

@4wkes64 Год назад

RDIF Read and Write can be done from your phone.. Some phones support IR but you can purchase cheap devices to Read/Send IR Signals..

@NoName-zz9ls Год назад

Pentesting aside, this device seems really useful to just have around

@edenjung9816 Год назад

I could simply save all my cards on it and Not carry them around with me. That would be cool.

@olkazzshitpostvod9578 Год назад

the problem is that spending 170$ just for something you are going to use times to times is annoying

@doop00 Год назад

I was thinking the same, like the big boom of universal remotes in the 90's.

@kazi_ Год назад

@@edenjung9816 you can already do that in your phone

@libertyprime9307 Год назад

Do you guys not have phones?

@ksousajr Год назад

Just placed my order using your code, hopefully you get a kickback from it.. Love your content, it's hard to find someone who's willing to ask the right questions to the right people and share what they've gained from it.. You Rock David!

@timothyhewitt6736 Год назад

Great sales pitch 👍 for a minute you aalmost had me worried. Nothing your average smartphone can't do 🤣

@AstralPhnx Год назад

Can we just talk about how cool that cute little interface is? I love the attention to detail

@stevegee6494 Год назад

Man sometimes I think how could anyone do something in a place they're not allowed to be when security cameras are now either decent enough and extremely cheap, very very good and reasonably priced, or expensive but you could zoom in to a detail half a pixel wide at least 130 feet away that was there 8 days ago. But then I see tech like this and understand there's still a balance between offense and defense.

@sprite7740 Год назад

Reminds me of Dokkaebi from Rainbow Six Siege. That UI is super dope! Other than that it’s a little concerning 😆

@Jesterponed Год назад

I've been waiting to see more of the flipper. I tried pre-ordering one on the website and for some reason I was not able to. If it's perchable right now I would buy as many as I can. This is such a useful tool. I had a friend who had one and he let me test it out and he can bypass almost anything.

@ooltimu Год назад

You can read only what's public from the credit card's rfid and that's usually what is already physically written on the card (except the CVC of course). You can do this with any phone supporting rfid (most of them nowadays), but that's not actually cloning the card. The chip on the card is a minicomputer with cryptographic capabilities and that allows to make payments secure.

@ooltimu Год назад

@@Username-2 watched only 1 or 2 videos from this channel and he doesn't seem so knowledgeable... or maybe it's just for views and interaction

@brakahiphop Год назад

What you said

@kam8361 Год назад

Great video very educational thanks!

@SakaraCoyfox Год назад

That's actually kinda scary that these things are just kinda out in the wild, but that also means that more people like you are able to teach us more about them so we know how to protect ourselves.

@Flaggyt Год назад

There is absolutely nothing special special with this thing, RFID scanners/copiers/writers are available for decades, same as the universal remote controllers. And it can mimic a wireless keyboard/mouse. *Facepalm. The only difference is that this looks like a toy with a dolphin animation. And notice this thing only works if you have the master RFID tag in your possession to copy it. You could do that ten years ago with cheaper hardware. Notice the lack of mass creditcard scanning scams in the last ten years. You can scan my creditcard but you can't use that for paying anywhere so it is useless, but hey you can open my hotel safe after I let you scan my creditcard ofcourse and I let you in my hotel room wafter I told which room... in which hotel. This thing is total bullshit and it's only function is scamming wannabee "hackers" who don't have a clue out of their money.

@Death4500 Год назад

I have one these I use to copy my car fobs , my tv remote and troll my coworkers by changing tv channels.

@jasoncrandall Год назад

Credit card to operate a hotel room safe? I’ve never seen this before.

@vasiovasio Год назад

Bad ideas Everywhere! :)

@ro.7427 Год назад

It has been around for years but has always been a bad idea

@Athithan_2000 Год назад

It’s literally a Digivice!🤩 Go! Dolphinmon!

@TheCrash0veride Год назад

I saw the kickstarter campaign and figured it would be something that would be quickly banned or never allowed. After they blew wayyyy past the goal I ended up snagging one on preorder. After having it a short while I ended up jumping on a restock early on and now have a backup. But being an A/V- IT tech this thing is extremely valuable. When you setup customers with a universal remote they lose the individual device remotes that are sometime still needed. But I have every ir device I would ever need in my pocket. I was able to bypass the need to buy expensive programmed rfid badges, as I now just buy cheap t5577 tags that can emulate a range or rfid protocols and write them for the employees. The bad usb for automated installation of programs for remote assistance for IT clients. I’ve even copied the company garage door with the subghz. This thing is extremely powerful and even more so with custom firmware. And it’s cool to see you made a very informative video on it. I love your content and it has helped stuff me further down the rabbit hole of cyber security. But as a yubikey user myself I’m happy to say, That it can read/copy/emulate it, but it sees it as an unkown and assumes it’s nfc type a so the phone won’t read it as a key. Or at all in the app.

@binary_badg3r Год назад

Why/how would this be banned?

@TheCrash0veride Год назад

@@binary_badg3r i was a noob when it first hit on kickstarter. It was marketed as a “hacking multi tool” I just figured with it’s power and ease of use it would have been something that the fcc would’ve pushed back on. But I guess I was thinking they were gonna act more like the atf and a cool gun. But in the end I realized it’s basically treated like a computer. Sure it had the potential to do a lot of bad. But it all depends on the intentions of the user.

@slickstretch6391 Год назад

@@TheCrash0veride Kinda like guns. Or drugs.

@thePyiott Год назад

@@TheCrash0veride yeah its not hi tech by any means. You can make your own with parts from your local supermarket. It's open source to so you don't really have to do any coding

@TheCrash0veride Год назад

@@thePyiott I wish I could find components like these at my local supermarket. Radio shack died over here so there’s no electronic hobby stores anywhere now. They want to do away with the right to repair.

@riu18 Год назад

Thanks man, i need to learn about how to use the flipper zero

@jas_bataille Год назад

Honestly I'll buy one just because I can have a single device to do all those things. I'd copy my own remotes and cards, and use it to copy remotes in hotel rooms and so on. There are a ton cool legal and smart uses of this to copy the tools you would normally have access too into a single device.

@andrew3606 Год назад

Please do not put your own credit cards into this device dude

@yeenking Год назад

@@andrew3606 why?

@andrew3606 Год назад

@@yeenking Because the company that makes these would have your credit card info to use or sell

@yeenking Год назад

@@andrew3606 but how? This device isn't online

@andrew3606 Год назад

@@yeenking He synced the devices data to his phone in the video

@AbsolemLNG Год назад

None of this is that wild but having it all in one device is pretty neat.

@chippiko 3 месяца назад

Now, I understand what the function of this tool is. Thanks for explaining

@thetruthhurts4147 Год назад

So fun when everyone and their dog does a flipper zero tutorial and then over night they are being banned from online sales. THANKS SO MUCH FOR THIS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

@kuroshm Год назад

“You can’t get a hold of one” …I guess I should open the box that’s been sitting in the corner of my room for the last 4 months

@holyapex8195 Год назад

Ship it? Lol I'll pay I want one like now I have so many devices i can use with this

@mschweers Год назад

Yeah, this got me to dig out my second, unopened one and play with it, because my first is in the glove box of my car. I had lots of plans for it originally, but the pandemic kind of put the kibosh on almost all of them. It's nice to have, but it turns out I don't use it as much as I expected. Still love it, and am very happy I backed it.

@k62627 Год назад

All I can say is thankfully I backed them on kickstarter and grabbed two of these. The wait was worth it, even with the customs debacle.

@davidbombal Год назад

Looks like there is good news: twitter.com/flipper_zero/status/1582736991069749249?cxt=HHwWgoCq2Yu6gfcrAAAA

@HighHrothgar0 Год назад

Would love to buy one from someone!

@noomnoom8469 Год назад

Good for you.

@prodbydramatic Год назад

@@HighHrothgar0 same here mine was stolen from car a break in. I saw someone tryin to sell one for 1000

@hank10111111 Год назад

Finally!!! That customs debacle sucked been waiting 2 months

@glitch015 Год назад

great video, what is the RFID blocker card you used on this video?

@sphaera3809 Год назад

To open the safe one still needs to know and get a hold on the card used to lock the safe. I personally only use the PIN number and never assume absolute safety. The hotel room safe is more of a deterrent than impenetrable box.

@gtsport3881 Год назад

At this point I realize the best place to save important stuff is in the mattress 🙃

@BluePulseFlyer Год назад

Really would love to get my hands on one of these, not for anything malicious but to fulfill the child hood dream of having one remote to do everything like in the TV show Hey Arnold

@2k7u Год назад

Haha there's thewandcompany that used to make epic sonic screwdrivers from doctor who, I had one the 10th doctor's universal controller sonic, epic quality and did a lot of trolling with it, I almost got 12th doctor's sonic which is even betterm had an extra functionality of emmiting IR at random to "guess" what signal a TV for example used to shut it down

@abandonedmuse Год назад

Funny….that’s what we called our POC malware we made at FIU. It worked on ultrasound so we called it Flipper. I came up with the name specifically. Now how plausible is it to do it from far away. This doesn’t look like i would be too scared of going out and someone doing this to my cards. You have to be pretty close to the card. If i had it I would totally use it as a remote. That’s pretty dope for that. 😂

@johna3607 Год назад

Thank you for helping me learn how to hack other people's property. Your tips are priceless.

@wonkywonky6307 Год назад

This might just be one of the coolest and most useful products I've ever seen. I'd have it and use it everyday if it weren't so expensive.

@com-nm2ik Год назад

For the rfid you can use just a phone with nfc, for the IR you can also just use your phone, bluetooth you can also with a phone with bluetooth. Unfortunatly, I dont know if there is a way to use a phone as a bad usb.

@BrianG61UK Год назад

@@YachtyBurner I had a phone that could send IR. I used to use it to change the channel on the TV. It couldn't read IR though, only send. The feature was called IR Blaster.

@oBdurate Год назад

@@BrianG61UK Yup, really miss when phones used to have IR blasters like my Galaxy S5. Highly underrated feature with the right apps and now it's almost entirely extinct.

@elmariachi5133 Год назад

Oh, you can get the money value back pretty fast!

@charlesthomas135 Год назад

@@BrianG61UK fortunately IR blasters are remarkably easy to build and code. It was one of the first projects I ever built before going to college for engineering

@gorishokgo5825 Год назад

Guys, just try to bite magnetic locks and similar devices with a shocker ( self defence ) . If nothing happened - try to change the settings/power . It is a 100% simple lock opener

@JohanA-uh1yg Год назад

Thank you for promoting this to 4.4 million people!

@DNA912 Год назад

I'm honestly thinking about getting on for the pragmatic usecases. Like rubber ducky scripts to automate processes, using the infra red as universal remote, using the NFC reading and writing as backup in case I loose a key or card. And the device it self is really cute

@com-nm2ik Год назад

@TheEudaemonicPlague Год назад

That's pretty much what I was thinking. My old Galaxy S5, I think, has everything I need, other than the software it'd need...but I do have an IR remote program on it, which is the primary reason I keep it, since newer Galaxy S phones don't have IR anymore. I've had fun with using the remote app at bars, especially when someone decides to put some garbage on the nearest TV. I hadn't heard of "bad USB" devices before, but then, my interest in such things has waned over the decades. I suppose I'll have to look into the subject, now I'm aware of it.

@davidbombal Год назад

The Flipper Zero supports a range of features including the capture and replay of Sub 1 Ghz signals. You would need a PandwaRF or another device to capture and replay these types of signals with an Android phone. In the first part of the video I showed some clips about what others have done with the Flipper Zero (unlock cars, open boom gate, tesla etc), but as mentioned I did not show all it's capabilities in this video. See their website for more features such as iButton, GPIO etc

@com-nm2ik Год назад

@@davidbombal yeah, I know that, I just saw lots of people saying that they whould like something like this gadget, I was just showing that they don't need to spend that much money to accomplish the examples that you showed on the video. The tech in that gadget is amazing, but for most people a phone whould be better xD

@casualcampaigns Год назад

@@davidbombal Remember when you mislead more than 50% of this comment section into thinking you can clone credit cards with this

@lolotrololo2275 Год назад

I wouldn't call this a hacking device, more like a convenience tool. It just combines multiple tools in one device.

@Bos_Meong Год назад

yes. It still need the "consent" of both device to be "hacked"

@thecoolestofthe834s2 Год назад

im not pointing this gun at your head im just motivating you powerfully, go back to scamming grandmas pos

@exuberant8385 Год назад

Yes, it is a hacking device with an evil person. Trust no one.

@ksnax Год назад

Anything that can take, manipulate, or use technology in ways it was not intended to be used, legal, innovative, or nefariously, is a hack. If one devises a way to warm their flip flops in a toaster without burning their house down before putting them on, it's a hack.

@shenkichin6295 Год назад

@@Bos_Meong that’s how most hacking works.

@figgiefigueroa7372 2 месяца назад

I just love this channel even though I don't understand nothing 😂😂😂😂😂 Just the basics 😂😂 So far, I understand that's a scanner to scan internal codes and open it when you loose your remote?

@chrisissun Год назад

this is the best channel you need to do one on security forensics for RU-vid videos, movie videos or digital art videos

@KingFluffs Год назад

Unrelated note, but this reminds me of the guy who years back, found out a certain area of the UK had secret buttons under the regular ones on street lights near crossings (for the blind) that when pressed, instantly turned the lights red for slightly longer than usual and then bought some auto clickers that he could control via Wifi.

@DiXDragan Год назад

You are NOT reading credit cards, it just reads the UID of the chip. Try using you passport to lock the safe, it's going to work like every other NFC chip. The ID of the chip is always the same and has nothing to do with credit card security or anything similar.

@pimas11 Год назад

How would you use a passport to lock the safe? Which kinds of passports have NFC or RFID on them? Or do you mean electronic id cards?

@DiXDragan Год назад

@@pimas11 All of them that have the ICAO logo.

@BlackSlimShady Год назад

Exactly what I am thinking, its simply a software problem. All of the devices with security issues just need to stop checking that the rfid devices has the same ID, as clearly thats not safe anymore, and start checking that the rfid device contains some sort of secret

@NordicForgeDev Год назад

Finally I'll have a working universal remote.

@johnfairchild3421 Год назад

Great channel ever. Great entertainment viewing

@sevenhazee Год назад

I miss my galaxy S6. I could change tv channels at public places that had a TV. Was hilarious watching how confused everyone was 🤣

@officialtheory001 Год назад

Lol I think I still got my old one laying around

@freedompioneer4311 Год назад

How could it do this

@trevorsmith5991 Год назад

This tutorial is amazing and you are really good at teaching !! great job sir !

@Huundo Год назад

Damn crazy new garage door opener

@mrgirth6510 Год назад

Ordered mine 2 days ago, already shipped out

@5wholepizzas284 Год назад

They really just created watch dogs in real life

@kyberite Год назад

time to go back to sticks and stones

@-_Nuke_- Год назад

Watch dolphins to be exact :D

@userdwna7414 Год назад

and not even 5 mins into ur nerds watch dog session it turned into call of duty and ur the one got hunted by cpt price

@hinro Год назад

I think the bigger security risk here is not noticing someone rubbing up against you then following you around.

@randomaccessfemale Год назад

Yes, but just take it to a local vet. That will take care of it.

@hummingbird_saltalamakia Год назад

@@randomaccessfemale that's doesn't make any sense

@ZeddisDead Год назад

@@hummingbird_saltalamakia neuter

@GIRLYMECHANIC Год назад

Wow just like James bond and macgyver all in one.. Can't wait to get one and be a super villan opening hotel safes and changing the color of everyones bookshelf leds 😎 I'll bet it even wirelessly wipes the hotel cctv dvr so I never get found out. I heard it also teleports the cash out of your wallet and locates the kill switch in your car.

@mrbrent62 Год назад

If you have normal access to a building where everyone uses rfid to access it. You can walk in close enough to another employee and gain access to the building. So you do have to be careful.

@entimarisangathi2542 Год назад

Keep going with this content huge respect

@davidbombal Год назад

Thanks, will do!

@QuaaludeCharlie Год назад

Thank you very Much .

@mathiasschmidt9770 Год назад

Very fascinating. Could you make a video where you explain how the flipper zero works(how the software works) or a video where you code a flipper zero like pc ?

@sundayoyedele2862 Год назад

Yep. I like you David. Nice, clear and ethical demo. Thank you sir 😊👍🏼

@fuzzymath6240 Год назад

People use those safes? I always make sure the "do not disturb" is hanging on the door. Cool video!! Thanks for showing this stuff. Where in the past someone had to learn the skill of picking a physical lock, nowadays yikes!!

@NicksAutoThings Год назад

FYI microcenter has all the parts you need to make your own from scratch (although more bulky)

@sweatyearth7458 Год назад

oh i bet they also have the firmware to make the frankenstein device function too!

@zoejordan7635 Год назад

What’s the kit called? I just mostly see raspberry pi kits etc

@Xykaru Год назад

@@sweatyearth7458 You do realize this type of software is primitive right? It can be replicated or just downloaded online.

@supitaly Год назад

This reminds me of that scene in iron man when pepper puts the little hacker in the bad guys computer, feels a lot like that

@gomergomez1984 Год назад

Now someone needs to invent an alarm that goes off if someone is trying to scan your stuff.

@picklerick2200 Год назад

Too many false positives maybe?

@ionrael Год назад

everything okey homer's alarm. Sounds every second until something is not okey. But it broke easely

@TheNathanTR Год назад

Maybe just ask the guy who is pressing up against your leg trying to make contact with your cards WTF he is doing?

@gomergomez1984 Год назад

@@TheNathanTR fortunately I live in an area where someone pressing up against me better worry more about what’s on me than other than credit cards…

@supermonkezaza Год назад

@@gomergomez1984 found the texan

@multiarray2320 Год назад

this device is awesome, but i managed to build myself a simpler version with the exact features that i wanted and it was much cheaper and is not restricted (some frequencies got removed from flipper zero). mine costs under 10 bucks and works at least as good as flipper zero (some features are missing of course). thanks for sharing the experience with this device :)

@justinschaaf3092 Год назад

Hi, do you mind sharing details?? I'm a computer engineering major and figure I can put one of these together myself as well.., the only ones I can find online are $300! 😰

@extinctions810 Год назад

@@justinschaaf3092 I am interested as well.

@multiarray2320 Год назад

the hardest part was programming the microcontroller. flipper zero made the source code open source but i had to figure out a lot of stuff on my own. building it wasnt too hard. you juat need to buy a 1-1000mhz antenna, a rfid reader and a 2.4 ghz antenna and connect the stuff with a decent enough microcontroller. i bought everything from aliexpress and i think it was just 10 bucks for everything. building it took 3 days and programming took about 3 months (with 1-4 hours a day).

@AntonioAugusto1010 Год назад

@@multiarray2320 so not cheaper when I make $50/hr I can just work for a day and buy this

@multiarray2320 Год назад

@@AntonioAugusto1010 yeah its more about the fun and education of making it. but now i could easily mass produce it and it would get cheaper than buying it ;)

@TJD_04 3 месяца назад

Just ordered one , Definitely not gonna mess around with it haha

@alexejtolstoy735 Год назад

The design is hilarious! Does Flipper refer to flipping someone/off? It looks like a kids toy and has a childish dolphin(love the dolphins design and animations) but being such an advanced piece of tech😂

@jampskan5690 Год назад

Thank you for producing a video on this and making the flipper even more difficult to acquire for those who already knew about it!

@sirmonster76 Год назад

I like David Bombal but now I'm never getting one

@acostasanchez1 Год назад

crybabys

@reveladocientifico Год назад

Exactly! I thought the same thing 😢

@small3687 Год назад

I literally just went online to buy one after seeing this and of course sold out. I see how criminals are obviously going to use this but honestly it's got way more practical time saving applications for anyone that is a DIYer.

@E167330 Год назад

Thank you so much for the information, this is absolutely insane that a single device can do all these things. And even though it is understood that this video is for demonstration only. What comes into mind is: what bad actor or criminal uses this type of device for malicious purposes, what kind of practices or techniques can be applied to defend ourselves from such a variety of attacks, which are kind of in between the physical and information type of attacks. One more time, thank you for your work

@StriderVM Год назад

Thats why in the smplest terms, use RFID blocking devices in cards you DO NOT want to be scanned in a public setting.

@engineer0239 Год назад

And you know what? Your phone can probably do all these things too with the correct software.

@barodrinksbeer7484 Год назад

Most bad actors already have made a device like this. For example I have an rfid reader from a car parking lot, which can scan straight through the a rfid blocker to a mini pi. Even though it takes time to scan then put the data onto a fake card/transmitter, its super easy to do after its done.

@barodrinksbeer7484 Год назад

@@engineer0239 Im 90% sure you can do this with a default android phone. You used to be able to rfid scan cards and then save that data in google pay.

@_PatrickO Год назад

It is not insane. It is reality. You only need a few chips to cover all this spectrum. Anyone with minimal motivation can do these same things with freely available consumer electronics. The rfid stuff can likely be done by any cellphone with rfid built in. The issue is not the device, the issue are the vulnerable products multiple industries have ignored for years. They made devices with no security. The real solution is to add on security with a way for the owner of the car and only them to bypass or authenticate. Adding security without an owner bypass or authentication api just increases the chance that a modder trying to do something legal breaks the security to tinker with his owned property. Comma ai is a good example. They need to plugin to the canbus to add self driving features to different models of cars. Toyota slaps on encryption that the owner of the car has no bypass or authentication method for, so their is an effort to break the security which may help thieves. If car makers ensured owners had a bypass to security, then no one would worry about cracking the encryption and less scrupulous people wouldn't get to reuse legal modder bypasses to steal cars. Don't expect fixes because device makers won't give owners apis they can use to bypass security. So as they add security to devices, modders will crack it all.

@goatreviews Год назад

Can’t wait to get my hands on one to review!

@roc.city.resell Год назад

You can buy them them straight from their website if you wanted to get one

@calltherussian Год назад

@@roc.city.resell no you can't. it doesn't let you.

@kgerben4615 Год назад

@@calltherussian lol do you have eyes? i just got one its right there fool LOL🤡

@kgerben4615 Год назад

@@calltherussian $169

@calltherussian Год назад

@@kgerben4615 no you didn't.

@paoloposo Год назад

I personally don't see view as a new threat - people have been attacking door systems etc like this for years. The difference is, now this technology is placed more easily in the hands of everyone instead of it being restricted to power users or hackers. There is a long history in information technology of trying to achieve security through obscurity. Flipper Zero is merely exposing bad design and bad implementation in a viral way where suddenly, people talk about it. There is no magic, it doesn't suddenly break systems that were secure before. But if it makes people aware of the flaws in many tech products and puts pressure on the manufacturers to put some actual effort into the design of their products, I believe that's a good thing.

@trebortech Год назад

You received 1 of 3 things from the YubiKey scan. 1 - YubiOTP code (default) ex. ccccccllfvvibdbtbgttdgdrjnvcebdtgfcdrjrunnjf 2 - Static password 3- HOTP code ex. 72345924 FIDO and PIV would be running a challenge over to be signed by a private key on the YubiKey. The Flipper would not have access to the private key. None of the the OTP codes from NFC scan are time based so they all would be valid. If, however, the user used the next code before you, yours would be invalid (except the password). Thanks for the video. I was wondering what the all fuss was about this. Seems like the form factor and ease of use in a single package is what it is. I also see that it has some GPIO pins on the top for a few more advance use cases. Only critique I have is that you shouldn't leave people hanging on YubiKey security. If you mention something like that you should take the time to close it out immediately or not show the content.

@RvLeshrac Год назад

Agreed with the Yubikey.

@CodrTV1 Год назад

Likewise. TOTP should be safe for the reasons you mention but I’d love to see someone try so we can know for sure.

@CLGPerformance Год назад

HackRF has really taught me a lot about vulnerability of today's devices along with long distant signal testing with a Yagi and location finding of interference signals using 4 antennas and some mixers with LO shifted a few khz on each antenna to get a direction of a signal Fox Hunting RF. It's very handy for testing and can build many things with GNU software to decode signals. Very capable and extensive device. The Dolphin does things a bit quicker and requires less know how which makes it desirable for the lazy ones not wanting to learn how it works🤣 but still handy in a pinch. Hackrf one for the hackrf still needs more options and bugs fixed and it will be more capable in the future.

@mpiloz8016 Год назад

Lol, I used to live trolling people when I had a phone with IR, I'd turn off TVs in public places, change AC settings, change source on projectors during presentations, all sorts of silly things, I loved the confusion of the person holding the remote 😂

@smudgepost Год назад

It's a convenient tool and useful to consolidate keys but note it won't copy encrypted keys. Also generic RFID copiers can be bought very cheaply. The bad USB however is very handy

@olypaidhacksontele 8 месяцев назад

*THIS IS WHY YOU'RE SUCH A PURE SOUL WHO ALWAYS LEND HIS HANDS WITH MONEY,I WISH THE WORLD HAS MORE PEOPLE LIKE YOU.WITHOUT YOU I WOULDN'T HAVE SETUP MY BUSINESS SUCCFULLY*