I was chuckling at "Is it possible to clone a bank card?" ... One word "NONCE"! ;D Those who do, they are still just reading the mag-stripe, but those are going the way of the dinosaur and are being phased out. lol
Most places don't even accept Mag-stripes at all if your card has a Chip. Gift cards though are among the few that are still allowed, however that too is even being phased out with some gift-cards that act as a debit or credit card and have a Chip.
Some website doesn’t require the 3 digit number on back of your card!! However , Flipper Zero works! This guy must work for the government! He just trying to discourage
So all the movies about reading a real bank card and paying with it are fake It's really, really complicated! So the question is: why do many countries prevent Flipper zero from being imported to their country 🙄 What are they afraid of? In any case.. very nice 👌 Nice explanation bro👍
Its literally the governments totally misunderstanding how the technology works. Even Amazon banned it for its "card skimming" capabilities even though its not possible to use a Flipper as a credit card.
dude this is one of the best explanations on youtube i've seen so far. if you've got a deep dive understanding yes please yes absolutely make as in depth of a video on nfc as you can. include some good instructionals on how to use nfc as it relates to the flipper and you've got a hit.
Thanks! I spent a lot of time boiling things down. Also if you've seen my other videos, I didn't add a ton of memes because I wanted the content to speak for itself
So how is it that someone can set up a card reader in a gas pump and emulate the card days later? This used to happen to me 2 to 3 times a year until I started paying cash at gas stations.
@@clerkoffice670 First of all, your lack of intellect is showing... A "Chip" doesn't use RFiD. The EVM "Chip" is visible on the front of the card. It is metal and you have to slide the Credit Card in the Point of sale reader and the contacts on the Chip are then read by the reader... You are clearly referring to an RFiD “tag” embedded in the card that propagates credit card information when presented with power (RFiD Reader/NFC Reader). RFiD can absolutely be copied… I never said it couldn’t… 85% of the skimmers in use on gas pumps scan the magnetic strips. That is why I gave that example because it is more likely the case (It has been happening for the past 20 years). Only about 15% of the skimmers on gas pumps use RFiD readers because it is a newer technology (2014). I have been an “Ethical” Hacker for more than 30 years… If you are going to call someone out and say they are wrong you might do a little research first and make sure you know what you are talking about. Watching a few RU-vid videos doesn’t make you an expert on anything...
That sounds odd. You are talking about complexity but how comes that many credit cards are stolen accross the world even without presence of the card ? Because it is just as simple. card can be used to pay offline with just a number, CVC and expiration and it do not need any special authentication so your information are not correct.
Except your assumption is incorrect. You also need the zip code and or billing address. Maybe in some countries you don't need any authentication, but in the USA you are required to either enter the PIN code or billing zip code in order to complete a purchase at most places. Some places might allow for a transaction under $40 but outside of that most payment terminals will ask for one or the other above. Hence Chip and PIN. However, some small gas stations might allow you to just sign after choosing Credit option, but it is becoming less and less common.
@@kingzach74 maybe your experience. But i paid with card in a store. Used only pin on the machine and my card details were used 3000miles away to pay for a holiday in Europe without any address or zip code and all in 10minutes.
Great video, I knew that some cards where encrypted, but I didn't know about the specifics. Great job! I would love a video that goes over SubGHz bruteforcing and AM/FM Radio.
I wouldnt say reading and storing the card info is useless. Yes its the same info you can get from a picture , but key thing is its much faster and can be done without the users knowlege. if they are walking around without any kind of rfid/nfc blockers i can bump into them and the flipper may capture the card. The number and experatipn and possibly the cvv isnt useless. I can use this to make tons of fradulant online purchases thst may not ask for anything beyond this info. There are even old credit card machines that let you type in the card number manually. Everything you said is spot on right you cant emulate a card but i just dont agree that the info from just reading it is useless.
Good explanation, I would recommend you display some simple graphics to aid in your explanations. Typically when describing you refer back to something you mentioned earlier, it would be easier to recall that if you had a something in a graphic you were referring back to
Great vid Sasquatch! +1 for a more in-depth video detailing NFC & RFID. You could also touch very briefly on UHF RFID. All the best to you and the good people here.
Honestly, I think it was mostly clout chasers that were mis-representing it. The Flipper devs specifically made the official firmware so you couldn't save or emulate the bank cards, it was CFW that added that feature and made people think they could actually use it. Don't get me wrong, I love CFW, just saying that I don't think the official devs wanted things misrepresented
Not trying to start an argument here just came here after watching a podcast with Ryan Montgomery with Shawn Ryan. During the segment of Ryan’s EDC he states he could rub up against you and easily steal your card with no problem. He always has his own custom firmware on there is what you mean here as “fresh out the box” flipper can’t do it?
With all due respect to 0day (his hacker handle) but he SERIOUSLY overstates what Flipper can do. I've used every custom firmware, I know the people who write those CFW and know it's limitations. Regardless of what he says, it still can't steal enough information from your credit card to be particularly useful.
Great explanation of these concepts. Thanks for explaining the nuts and bolts of how these things work rather than just putting out a step-by-step. Very helpful.
Thank you! I didn't know how this format would do, but people seem to be responding really well! I'm psyched because this will let me do some more interesting content!
Thank you for making the only realistic video about this topic. I haven’t even watched the video, but just based on the title I already know what you’re gonna say and I’m glad SOMEBODY isn’t capitalizing on hype and uninformed people. People wouldn’t be trying to ban the Flipper if not for all those bs hype videos misrepresenting the “threat” of the flipper and the “vulnerability” of bank cards. Y’all wanna worry about something? Worry about all the card skimmers being found mounted on top of legit terminals at 7-11’s and gas stations. The flipper ain’t stealing your bank cards and it’s certainly not emulating them. People think someone with a flipper is gonna just casually walk past them 5 feet away and have all their card info including CVV, and be able to emulate it at terminals lol.
Thank you, thank you, thank you. I am so sick of content creators doing scare tactic videos for click bait about the flipper. It’s so frustrating to see that nonsense.
Yeah! I've seen several BIG creators completely misrepresenting the Flipper, saying that hey could straight up copy credit cards and I hope this video clears things up!
@@TalkingSasquach Not correct... the Security code is stored on the card as discretionary data (encrypted). It can easily be decrypted. You are correct about the Zip code being required for online transaction. But that is easy to obtain with a few internet searches with all the social media sites. And don't forget social engineering...
I'd really like and appreciate an in depth video explaining NFC. I was a little confused by the way you explained nfc and rfid pertaining to credit cards when you mentioned that bank cards are smart cards/ Java cards that generate a key or secret code similar to 2 factor authentication because I thought that is how emv works. How is it that emv works the exact same way as nfc and rfid? And why is it that nfc and rfid can't be cloned when there are apps like apple pay, and Google pay that allow cards that don't have emv, or nfc to be used contactless? Of course you can't read the card and emulate the emv chip because the emv chip needs to be inserted but what's stopping the card from being cloned and used contactless?
"NONCE" aka 2FA. You can clone the card number, but not the secret key which is used to generate one time authentication tokens (NONCE). Only mag-stripes can be copied fully, but they are currently being phased out.
I have on problem i had my flipper around 2 weeks now and i just updated it but after the update i can't my cc details and i always get unkown iso tag, does anyone know how to fix this?
Recently noticed that scanning my debit/bank/credit cards that it no longer even gives me the number or expiry or currency used and card type. Is there a reason they patched this? It never allowed the ability to save even the information or number and also did not provide the 3 digit number on the back of the card and your pin is safe I thought... I was never able to emulate even my own 25 less dollar tap pay and from what I hear I guess I won't be able to ever store one of my cards on my flipper. Why did they patch this? So glad I watched this video though
Little late to the party and I just got my flipper but in theory someone could scan the data on the card if you left it somewhere, (table of restaurant) and then all they need is your name which is on the card,address and 3 digit and dont need to remember expiration or the long numbers(which would normally be the hard part to remember. Could also implement a bad usb attack on their pc to reverse shell or install a keylogger when they punch their card into amazon or ebay...
So for those who are intending to do wrong.... Whata shame hey, guess you have to do some gritty Intel and dono some how have full access to there phone an bank app ?!? But .. I guess with all that time wasted.. could have been working from 9-5 living an honest life 😅
some of your information is correct but i have noticed you are trying to hide the real capabilities of this device. With the proper CFW you can do anything related to NFC 🤝🏻
@@TalkingSasquach Just wondering, if the flipper can get your credit card number like you said couldn't scammers still replicate the card and use tap payments?
I was reasonably sure the flipper couldn't emulate credit/debit cards when I bought it, however, someone online told me they were able to scan their phone that has Google pay/a few credit cards saved as autopay, and he said he was able to emulate whatever tue default payment method was on his account. I haven't tried emulating mine yet, but I was able to scan my phone and get a reading. What's really got me stumped is the mifare classic keys you were speaking on. My apartment uses mifare of some kind for the doors to the units and I only have one key fob/4 ppl sharing it, so it would be nice if I could just get in with my flipper. Haven't had much luck tho. It reads the key in both nfc and rfid mode, but when I go to emulate the door dosnt open. I let it scan all the sectors and still no luck. So I scanned the reader and got the nonces, then went on my phone and ran mifare key32v and it gathered about 9 or 10 keys. But now what do I do? How do I get thoes keys on my flipper?
Flipper with roguemaster does get the number and expiration date off a bank card If you don’t think anything can be done with the card number and expiration post just the front of your card up. Lol
If I had your numbers your name wouldn’t be hard to find. Some places still don’t require cvv think even Amazon. Sorry I checked and was wrong Amazon does need cvv but still places that don’t.
I've heard people say that many times, but no one can provide a single card that Flipper can steal. Flipper can't gather any more information from your card than a camera can, usually less.
@@Mr_Yod This is true, however I haven't run into a single website that will allow you to use a credit card with just the info thats obtainable through a quick NFC scan. You will at least need the billing zip. People keep saying that they can do it, but no one has provided a website that is actually exploitable.