Flipper Zero: Hottest Hacking Device?
Big thanks to Lab401 for sending me some cool toys :)
The Flipper Zero must be one of the most in demand hacking tools of 2022. A fantastic RFID / NFC / Infrared and more tool :)
// Discount //
Get a 5% discount using my affiliate link : lab401.com/r?id=42cm8b
and/or use code DAVIDBOMBAL
// Video mentioned //
2 seconds to open a safe: • Wait, what? Only 2 sec...
// Great resources //
Awesome Flipper: github.com/djsime1/awesome-fl...
Bad USB: github.com/nocomp/Flipper_Zer...
// Lab401 //
Twitter: / lab_401
Website: lab401.com/
KZhead: / lab401
// David's SOCIAL //
Discord: / discord
Twitter: / davidbombal
Instagram: / davidbombal
LinkedIn: / davidbombal
Facebook: / davidbombal.co
TikTok: / davidbombal
KZhead Main Channel: / davidbombal
KZhead Tech Channel: / @davidbombaltech
KZhead Clips Channel: / @davidbombalofficialclips
KZhead Shorts Channel: / @davidbombalshorts
Apple Podcast: davidbombal.wiki/applepodcast
Spotify Podcast: open.spotify.com/show/3f6k6gE...
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// ATTRIBUTIONS //
Hackerland by Twin Musicom is licensed under a Creative Commons Attribution 4.0 licence. creativecommons.org/licenses/...
Source: www.twinmusicom.org/song/292/h...
Artist: www.twinmusicom.org
flipper zero
flipper
flipperzero
hack
hacking
rfid
nfc
bluetooth
infrared
radio
gpio
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#flipperzero #hack #hacking
Like it or not, this stuff being public and available will only work to allow people to learn the vulnerabilities of their technology so they can better secure it. The most dangerous hacking devices are the ones not known of much by the public or at all. Like the Stingray phone trackers used by police for some time before they were exposed.
or tiktok skids making people lives worse for stupid likes and validation online
Apparently in the USA a shipment was intercepted by customs but then released to the public.
Where's the 2nd comment bad YT?
@@kevinslattery5748 youtube like to shadowban comments sometimes for whatever reason. They make it so it looks like the comment went through on your end but nobody else can actually see it. That might be why it’s bugged.
@@nemod.8310 No, it's not thar crazy. What is crazy is that safe maker employing inherently unsafe tech for an application that demands high security. The safe is effectively worthless.
My favorite part is the programmer put so much effort into the dolphin animations.
duh because its such a bs device lol you need the other device for it to properly work. it needs to be able to read a device to use its properties....
Thumbs up from dolphin!
YET HE SAYS IT STILL NEEDS TO BR REBOOTED OFTEN
That's another feature that made me buy one!
Looks like some old Pokedex animations.
Feels like the video started as "this thing is dangerous!" but as the video goes on it's more like "hey this thing is kinda handy" lol
I love the UI on that thing, cute yet so incredibly powerful
the dolphin is a good choice
i wanna get it just for the UI alone tbh. (and then mainly use it as a secondary backup remote or near radio keyring)
The ui is just a dolphin and scrolling text. Just say you like the dolphin; the text is soo effortless.
@@lonnpton5239 It's genius, dolphin was perfect choice because of echolocation and sounds
@@ArcYT yes and its big brain
Just wanted to share how my AirTag smart wallet saved me from an RFID hack. Its built-in RFID-blocking shield protected my cards, and the Find My app on my iPhone helps me locate my wallet.
Could you share an example of how it saved you from such an attack? It would be helpful to hear a specific instance of how the RFID-blocking shield worked for you. Thanks
@@olegj285 sure bro, a few weeks ago, I was at a busy mall and felt a strange sensation in my pocket. After checking my wallet, I realized that someone was trying to scan my credit cards using zero flipper
@@Adamlogen12 Wow, that's crazy! I'm glad your Air Tag smart wallet protected your cards from that kind of attack. By the way, where did you get your AirTag smart wallet? I'm interested in investing in one myself, and I'm curious about where people are finding the best quality
thanks 🙏🏻 found them!
Fuckin bots are unreal anymore. 🤦🏻
Who knew something so adorable could be so dangerous!
I know right. I told my mom its just a toy and she trusted me because it looked like one, i bought it and i do many things with it
@@Pheus11 🤨
@@Pheus11 imma tell your mommy..
@@Pheus11 mom's cabinet starts vibrating.
@@kaelthunderhoof5619 🤣🤣🤣🤣
Thanks David. Excellent review and excellent product. Your video underscores the need for storing RFI devices inside some sort of RFI blocking devices, be they wrappers and bags.
When something like this gets to the public, I always wonder what kind of devices are out there that we haven't even had a glimpse of yet
Tons. You don't even want to see the ones the government has.
@@tigreactivo517 I mean that the predator drone was a thing in the early 1990s is already frightening enough - tbh I feel like I don't even wanna know
Like the USB cables with hacking software in the cable
So many!!
Universal remotes are pretty high tech, the infrared is straight bussing yo
Say what you want about the device but I love the charm and personality it has in its software. Now that’s someone who puts love in their product
i wonder what the minds of the people who create these devices are like.
@@roastytoasty8559 the are black hats who think it's white
@@roastytoasty8559 smart. They are smart
@@ALCRAN2010 But extreme degenerates too. Smart degenerates, which isn’t a great combo.
@@kitplaysmore7554 absolutely dangerous?💀 bro it's not what you think it is, it's definitely not dangerou
As an engineer, the newest piece of tech in my house is a printer and I keep a loaded handgun incase it does something unexpected lol
"Low on ink"
Can never trust those printers 🤣
damn right brother stay woke lol
It's been awhile since I've heard that joke
I’m watching KZhead on my printer too!
I remember having homebrew on my PSP that used the IR to be a universal remote. Same method to train it so I had all my friends remotes saved as different profiles. Then I didn't have to look around for one when we were chillin. It was great at home as well, since we had so many IR remotes. I could quickly switch from playing my game over to other tasks, similar to ALT + Tab on PC.
David what a joy to come across your informative video - RFID protector going on my shopping list!
This is basically the real life equivalent of Batman's hacking tool from the Arkham games.
Man, it sure is convenient all these passwords are a single word.
Right!
Or a sonic screwdriver
Nothing will ever be as advanced as what Batman has
Does it come in black?
Stuff like this is why I'll never go for the whole "smart house" thing where everything including your damn coffee maker is a computer or connected to the net. Too many vulnerabilities too many exploits too many surveillance devices.
just imagine the chaos when we start using nano bots for health issues.....just use this and tell them to stop the heart or something lol
Having a Smarthome IS NOT the problem. Using devices that depnd on a cloud or internet connection is the problem. Everything demonstrated here is interesting, but all requireschaving relatively close proximity. The point being, a smarthome is nothing to be afraid of, but make sure that devices that only need local access for control. Not Alexa and Google Home, and know how the devices can be controlled.
@@cjramseyer I'm just sketched out by any kind of wireless devices because it means they can still be manipulated by other Wireless signals people always find a way to exploit any kind of remote connectivity even if it's not connected to the internet directly necessarily
True you could catch someone’s house on fire or rob it while they are away or worse if you think too hard about it. But I would agree that’ll not catch on with me either for the reasons you stated
You got a phone ? Too late
I know this is a stupid use but for someone that has a bunch of keycards for work or for personal use it would be cool to have one device I can use to unlock everything, as well as a good trick to have a random rfid card I use unlock something unexpectedly.
This is exactly why I bought one. So I can make a new one and not have to pay $35 each time to the company for a new card. Oh, and all the other cool things it does will be worth the hundred and change.
Only safety thing is it does become a master key for your life for anyone malicious
@@ocavant what if the delivery companies know what these are and then make it illegal?
Sounds like the mark of the beast
@@GswervinTV but its not because nothing is being put into your skin.
I was looking at this piece of tech when they stated their kickstarter. It sounded like a great idea but was really ambitious at the time. I'm glad they were able to actually bring something to market.
If a safe doesn't have a knob/lever/keyhole then it's likely going to give the user problems. With that said, the safe used in this demo can be considered complete garbage even before David did anything to it. Casually shopping for "safe" devices online (7 years now?) has resulted in hundreds of negative comments regarding 1) junk quality, 2) the inability to open the thing even with proper clearance [a huge complaint with biometric fingerprint scanners], and 3) sometimes opening way too easily due to bad firmware or flawed physical internals. I think once upon a time Sentry had a model that could be opened with proper magnet placement, no code required. My primary has a digital pad, a separate battery backup box, keys, and can be alarmed. Get yourself something with any combination of these features and bolt it to the wall/floor.
Thank you, your video is so instructive on security issues and a great tool. Are there other stuff like this ?
This guy : "See that's bad idea" The lockpicking lawyer : "Here we have a demonstration of the hardest way to open this safe. Now I am going to use a fork..."
Fork?!? Cmon, just a paperclip is enough!
Opening a lock with it's own packaging will always be a highlight to me
With a tomato.
With this spec of dust
Ive seen em break into a car using nothing but his shoelace its wild
RDIF Read and Write can be done from your phone.. Some phones support IR but you can purchase cheap devices to Read/Send IR Signals..
I am a college teacher that teaches electricity. I bought this today and was playing around with it in class with my students. They loved it and actually really learned alot about the importance of EM frequencies.
This is really useful for many things as well. I saw someone copy a card onto some of those blue tags, so they can have extra keys to their appartment building, for family and etc
I was thinking how useful it would be to have a spare set of apartment keys, or a garage key in case you ever lose or forget yours. It definitely has its uses that don't involve doing bad.
well u can always make an extra copy of the key where you get the first one
@@Lothar526 a lot of apartments charge you $50+ for extras
@@burymeinversace really? wow thats a lot! im not from the US.
@@pwntwtf Or every remote in your house. Id take it everywhere, seems super useful in a pretty small size.
It’s like a personal master key. I’d use it for exactly that
UID emulation is not nearly enough to emulate a yubikey's cryptographic functionality. You would need to extract private key information which requires much more extreme tactics. If you were using your yubikey merely as an RFID tag this would work, but that's not what people use yubikeys for
Yeah I was dumbfounded when he even suggested bypassing yubikeys 2fa
If Flipper can be remote controlled than all somebody has to do is get it into your bag or glovebox or whatever, then they can use the various functions to suck everything they want out of your wallet/car/key-fob etc, then they just have to get the Flipper back - with probably won't be too hard of they 've cloned your keys.
Problem with RFID blockers is a lot of them work all right until somebody puts a parking garage overhead scan unit in a laptop bag. A lot of blockers can be read straight through with such a device, it just depends on how sophisticated of an attacker you're worried about.
Hmm, possible solution?
@@madhurindian faraday cage
Would the issue there be the device in the bag's signal is too strong for the bag to contain? Man I wish I had goggles that let me see as much of the electromagnetic spectrum as possible at once.
I have an app that visualizes some radio and microwave signals and I have a thermal cam, seeing UV spectrum can be done too but I'd like to integrate it all into one view
@@zaa1414 I'm referencing a defcon presentation. I can't remember exactly who was presenting, anyways it's was made into a portable rig that they put into a laptop bag. It didn't really need a ton of power and it was set up to dump the credentials of every tag it could interrogate. It's definitely the sort of thing pen testers make. No it would be quite unpleasant to be around any sort of RF source strong enough/(at the right frequencys) to damage the materials in a laptop bag. Let me put it this way, the microwave heats things using radio waves (at about 2.4 GHz) using something like a kilowatt of power. The food containers in the microwave are made out of very similar materials as a laptop bag. Those readers are probably operating at something like 1 watt at the absolute maximum maybe 5 at a much lower frequency. There's Federal limits on what you're allowed to put out into the radio spectrum. I have absolutely no idea how much power you would have to output at that frequency to get material degradation and a laptop bag. but I know I don't want to be near it.(I think it would probably be easier to measure it in power substations)
Just placed my order using your code, hopefully you get a kickback from it.. Love your content, it's hard to find someone who's willing to ask the right questions to the right people and share what they've gained from it.. You Rock David!
We used to do this with Android phones when RFID reader apps first hit the App Store. You can do pretty much all of this on an android phone
With kali lunex lol
You can do most of it on an iPhone too. I don’t understand the fuss about this product, it’s all stuff that has been done for years with much cheaper products or often with the phones we all carry every day anyway. Seems like a complete waste of money to me.
@@ChrisSmithysimply say your broke with out saying your broke 😂
@@maniaksgaming6739 haha. Nice try. More accurately, I’m someone in the trade who understands these products need to be disposable or more undetectable.
@@ChrisSmithy Can you give examples as to how? Do you need a rooted phone? I've been trying to emulate some work cards and tried a few apps, can't seem to find anything to emulate. I have Android
Imagine the dangers if a driver thru worker had one of these
Pay in cash no issue
wym lol dont hand them your card
You could work at McDonald’s for one day and retire lol
You don't need this to read cards legit any smartphone whit NFC can read and save card info
You don't need to give them your card, they pass you the reader, pay cash in places you find sketchy and you should be using credit cards instead of debit's by now.
Honestly I love the UI so much, what a cute and unsuspecting dolphin!
The dolphin isn't a random choice. They can be some of the most cruel animals. They can hunt, torture, and rape their own species or other.
oh I know about the "other species" part with some of the hentai I've seen where the dolphin is "connected" to an anime girl~ yup!
@@Mocxing bruh
He's always so MAD at me though 😅
It's copyright from Gameshark
I've been waiting to see more of the flipper. I tried pre-ordering one on the website and for some reason I was not able to. If it's perchable right now I would buy as many as I can. This is such a useful tool. I had a friend who had one and he let me test it out and he can bypass almost anything.
For about $200 this seems like a pretty awesome master controller for all my devices
One of The Best Part of your videos, Thanks David!
You should've explicitly mentioned that this doesn't allow you to clone payment cards, the CSN/UID of the credit card have nothing to do with contactless payments, Flipper Zero cannot access the bankcard data. Contactless payments requires a fully encrypted handshake where the PoS sends an encryption key which is encrypted or signed using the a key held by the issuer the card would only transmit the card details if it successfully decrypts/authenticates the PoS key and those details would ofc be encrypted using the PoS keys. Whilst "contactless skimming" is possible it's only possible with valid PoS terminals, unfortunately it's fairly easy to get the PoS contactless reader and account needed for it and the scams rely on flaws in the KYC processes of payment processors such as Square to achieve it. Contactless EMV transactions are by far the most secure method of transaction we have right now even more so than chip and pin and there are no known direct attacks that impact these trasnactions.
This, and it's also nothing new. I can even copy or emulate nfc uid with my smartphone. Much more interesting ist the convince to copy 433 MHz signals often used by garage doors and such
Damn. I was commenting above that i could Just save my Bankcard on the Flipper and use that instead of carrying the cards.
That's not quite accurate. Bank cards will happily send lots of information to anyone that asks (the EMV spec is public, if you're interested). POS systems do use RSA and signed keys, but only to verify the card is who it says who it is, so cloning is still impossible
@@edenjung9816 You can't and if ever a device like that would be available you wouldn't want too unless it's an approved contactless payment device such as your phone or smart watch. Cloning cards is still a criminal offense even if they are your own cards. This would eventually get noticed in store and on public transport and cops can get called and good luck explaining to them what a Flipper Zero is. And even the criminal case would go no where when your issuer finds out you'll be fucked and good luck getting a chargeback ruled in your favor ever again for your entire life that is if you would be able to get another card issued.
@@jetseverschuren It's quite accurate, no cardholder data is ever sent over the wire before the card authenticates the PoS and any cardholder data sent by the card is always encrypted. If you have control over a PoS that has access to issuer keys or the issuer network and can trigger a contactless transaction and the PoS does not uses P2PE you will get enough CHD to make additional transactions but cloning the EMV chip is impossible. However I don't know of any contactless PoS's at least that are attainable to regular merchants that do not employ P2PE which means that the merchant never sees any CHD at all as all the transactions would be end to end encrypted and tokenized. Older Chip and Pin PoSs were not required to use P2PE however most if not all EMV terminals from the last 5 or so years are P2PE terminals. Some of the larger merchants such as huge retailers might have been allowed to retrofit their PoSs with contactless payments without it being P2PE but any retrofits I've seen were usually a separate payment channel and were P2PE. All the "IOT" card readers such as those from Square and SumUp and the likes are all P2PE so you can only do charge skimming on those since as an attacker you'll never see any card holder details.
I wish more people realized security is a placebo. Literally everything is vulnerable, even people. Thank you for this video.
Putin is not
Even you
Especially people
I would say especially people. Security is a placebo... Okay, so don't lock your doors, might as well just leave them open in that case. There are certainly things that can be and are secure in the world.
@@hummingbird_saltalamakia Exactly. Some people just wanna sound smart.
Man sometimes I think how could anyone do something in a place they're not allowed to be when security cameras are now either decent enough and extremely cheap, very very good and reasonably priced, or expensive but you could zoom in to a detail half a pixel wide at least 130 feet away that was there 8 days ago. But then I see tech like this and understand there's still a balance between offense and defense.
Can we just talk about how cool that cute little interface is? I love the attention to detail
Pentesting aside, this device seems really useful to just have around
I could simply save all my cards on it and Not carry them around with me. That would be cool.
the problem is that spending 170$ just for something you are going to use times to times is annoying
I was thinking the same, like the big boom of universal remotes in the 90's.
@@edenjung9816 you can already do that in your phone
Do you guys not have phones?
Reminds me of Dokkaebi from Rainbow Six Siege. That UI is super dope! Other than that it’s a little concerning 😆
To open the safe one still needs to know and get a hold on the card used to lock the safe. I personally only use the PIN number and never assume absolute safety. The hotel room safe is more of a deterrent than impenetrable box.
I was originally extremely concerned about this piece of tech. Now, having learned about it, it's not as threatening as it looked. You have to have access to the original key sets and cards to copy for the ball to even start rolling. Just be careful with your wallet, as we have all been told since the dawn of wallets.
Yeah, that's my take as well. Not nearly as impressive as I expected.
If this doesn’t scare you then you must think you’re immune to social engineering attacks .. which means you’re more vulnerable than anyone 😮
Couldn't you just stand in a crowd and scan people's pockets that have wallet's in to get the card info ?
@@RhythmEmotions Yes. There wouldn't be anything stopping someone from doing that. That's why it's important to have an RFID blocking wallet. Do keep in mind that with this device, you would need to have the device extremely close to a card to copy the data. Many people carry multiple cards in their wallets. It would be very difficult for someone to know what card they are copying without removing the card from the wallet and scanning it. For example. Someone could be touching the device to someone's back pocket, and be copying someone's bus pass, or someone's hotel room key instead of their credit or debit cards.
@@gimme0cookies as long as this device doesn't become like the device on prison break lol
You can read only what's public from the credit card's rfid and that's usually what is already physically written on the card (except the CVC of course). You can do this with any phone supporting rfid (most of them nowadays), but that's not actually cloning the card. The chip on the card is a minicomputer with cryptographic capabilities and that allows to make payments secure.
@@Username-2 watched only 1 or 2 videos from this channel and he doesn't seem so knowledgeable... or maybe it's just for views and interaction
What you said
None of this is that wild but having it all in one device is pretty neat.
I'm honestly thinking about getting on for the pragmatic usecases. Like rubber ducky scripts to automate processes, using the infra red as universal remote, using the NFC reading and writing as backup in case I loose a key or card. And the device it self is really cute
Thank you for helping me learn how to hack other people's property. Your tips are priceless.
I saw the kickstarter campaign and figured it would be something that would be quickly banned or never allowed. After they blew wayyyy past the goal I ended up snagging one on preorder. After having it a short while I ended up jumping on a restock early on and now have a backup. But being an A/V- IT tech this thing is extremely valuable. When you setup customers with a universal remote they lose the individual device remotes that are sometime still needed. But I have every ir device I would ever need in my pocket. I was able to bypass the need to buy expensive programmed rfid badges, as I now just buy cheap t5577 tags that can emulate a range or rfid protocols and write them for the employees. The bad usb for automated installation of programs for remote assistance for IT clients. I’ve even copied the company garage door with the subghz. This thing is extremely powerful and even more so with custom firmware. And it’s cool to see you made a very informative video on it. I love your content and it has helped stuff me further down the rabbit hole of cyber security. But as a yubikey user myself I’m happy to say, That it can read/copy/emulate it, but it sees it as an unkown and assumes it’s nfc type a so the phone won’t read it as a key. Or at all in the app.
Why/how would this be banned?
@@binary_badg3r i was a noob when it first hit on kickstarter. It was marketed as a “hacking multi tool” I just figured with it’s power and ease of use it would have been something that the fcc would’ve pushed back on. But I guess I was thinking they were gonna act more like the atf and a cool gun. But in the end I realized it’s basically treated like a computer. Sure it had the potential to do a lot of bad. But it all depends on the intentions of the user.
@@TheCrash0veride Kinda like guns. Or drugs.
@@TheCrash0veride yeah its not hi tech by any means. You can make your own with parts from your local supermarket. It's open source to so you don't really have to do any coding
@@thePyiott I wish I could find components like these at my local supermarket. Radio shack died over here so there’s no electronic hobby stores anywhere now. They want to do away with the right to repair.
That's actually kinda scary that these things are just kinda out in the wild, but that also means that more people like you are able to teach us more about them so we know how to protect ourselves.
There is absolutely nothing special special with this thing, RFID scanners/copiers/writers are available for decades, same as the universal remote controllers. And it can mimic a wireless keyboard/mouse. *Facepalm. The only difference is that this looks like a toy with a dolphin animation. And notice this thing only works if you have the master RFID tag in your possession to copy it. You could do that ten years ago with cheaper hardware. Notice the lack of mass creditcard scanning scams in the last ten years. You can scan my creditcard but you can't use that for paying anywhere so it is useless, but hey you can open my hotel safe after I let you scan my creditcard ofcourse and I let you in my hotel room wafter I told which room... in which hotel. This thing is total bullshit and it's only function is scamming wannabee "hackers" who don't have a clue out of their money.
I have one these I use to copy my car fobs , my tv remote and troll my coworkers by changing tv channels.
this is the best channel you need to do one on security forensics for KZhead videos, movie videos or digital art videos
Funny….that’s what we called our POC malware we made at FIU. It worked on ultrasound so we called it Flipper. I came up with the name specifically. Now how plausible is it to do it from far away. This doesn’t look like i would be too scared of going out and someone doing this to my cards. You have to be pretty close to the card. If i had it I would totally use it as a remote. That’s pretty dope for that. 😂
All I can say is thankfully I backed them on kickstarter and grabbed two of these. The wait was worth it, even with the customs debacle.
Looks like there is good news: twitter.com/flipper_zero/status/1582736991069749249?cxt=HHwWgoCq2Yu6gfcrAAAA
Would love to buy one from someone!
Good for you.
@@HighHrothgar0 same here mine was stolen from car a break in. I saw someone tryin to sell one for 1000
Finally!!! That customs debacle sucked been waiting 2 months
Credit card to operate a hotel room safe? I’ve never seen this before.
Bad ideas Everywhere! :)
It has been around for years but has always been a bad idea
Thanks man, i need to learn about how to use the flipper zero
Very fascinating. Could you make a video where you explain how the flipper zero works(how the software works) or a video where you code a flipper zero like pc ?
People use those safes? I always make sure the "do not disturb" is hanging on the door. Cool video!! Thanks for showing this stuff. Where in the past someone had to learn the skill of picking a physical lock, nowadays yikes!!
This tutorial is amazing and you are really good at teaching !! great job sir !
@David Bombay does this little device also work as a jammer for smartphones? e.g to influence a phone-connection and put of the connection ?thx for your great work and videos
*They have high integrity and are extremely knowledgeable in numerous Fields spanning investor relations finance and asset management perhaps most importantly they share out values and philosophies on how to conduct business and drive to their investors*
Big thanks to Lab401 for sending me some cool toys :) // Discount // Get a 5% discount using my affiliate link : lab401.com/r?id=42cm8b and/or use code DAVIDBOMBAL The Flipper Zero must be one of the most in demand hacking tools of 2022. A fantastic RFID / NFC / Infrared and more tool :) Flipper Zero: lab401.com/products/flipper-zero?variant=42927883452646 // Video mentioned // 2 seconds to open a safe: kzhead.info/sun/i51yYL6GeGSKop8/bejne.html // Great resources // Awesome Flipper: github.com/djsime1/awesome-flipperzero Bad USB: github.com/nocomp/Flipper_Zero_Badusb_hack5_payloads // Lab401 // Twitter: twitter.com/Lab_401 Website: lab401.com/ KZhead: kzhead.info // David's SOCIAL // Discord: discord.gg/davidbombal Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal KZhead Main Channel: kzhead.info KZhead Tech Channel: kzhead.info/tools/ZTIRrENWr_rjVoA7BcUE_A.html KZhead Clips Channel: kzhead.info/tools/bY5wGxQgIiAeMdNkW5wM6Q.html KZhead Shorts Channel: kzhead.info/tools/EyCubIF0e8MYi1jkgVepKg.html Apple Podcast: davidbombal.wiki/applepodcast Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ // MY STUFF // www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com flipper zero flipper flipperzero hack hacking rfid nfc bluetooth infrared radio gpio
Your late old man
Glad you got what you backed on kickstarter. Backed 3 items in 2019 never received and Kickstarter does nothing to help nor do the originators reply.
Please remember russian products are currently subject to international sanctions.
Good sir, What was the RFID blocker you were using with your cards?
Top tier cannabis strain reviews
Unrelated note, but this reminds me of the guy who years back, found out a certain area of the UK had secret buttons under the regular ones on street lights near crossings (for the blind) that when pressed, instantly turned the lights red for slightly longer than usual and then bought some auto clickers that he could control via Wifi.
Great sales pitch 👍 for a minute you aalmost had me worried. Nothing your average smartphone can't do 🤣
*THIS IS WHY YOU'RE SUCH A PURE SOUL WHO ALWAYS LEND HIS HANDS WITH MONEY,I WISH THE WORLD HAS MORE PEOPLE LIKE YOU.WITHOUT YOU I WOULDN'T HAVE SETUP MY BUSINESS SUCCFULLY*
Honestly I'll buy one just because I can have a single device to do all those things. I'd copy my own remotes and cards, and use it to copy remotes in hotel rooms and so on. There are a ton cool legal and smart uses of this to copy the tools you would normally have access too into a single device.
Please do not put your own credit cards into this device dude
@@andrew3606 why?
@@yeenking Because the company that makes these would have your credit card info to use or sell
@@andrew3606 but how? This device isn't online
@@yeenking He synced the devices data to his phone in the video
I absolutely love my pair of flippers!
great video, what is the RFID blocker card you used on this video?
HackRF has really taught me a lot about vulnerability of today's devices along with long distant signal testing with a Yagi and location finding of interference signals using 4 antennas and some mixers with LO shifted a few khz on each antenna to get a direction of a signal Fox Hunting RF. It's very handy for testing and can build many things with GNU software to decode signals. Very capable and extensive device. The Dolphin does things a bit quicker and requires less know how which makes it desirable for the lazy ones not wanting to learn how it works🤣 but still handy in a pinch. Hackrf one for the hackrf still needs more options and bugs fixed and it will be more capable in the future.
I really wish the companies that decide to launch Kickstarter campaigns did a better job at understanding the market. This is a prime example, Flipper Zero has not had stock in a long time (for US customers). In addition, it's the holiday season. At this point, I'm ready for another company to start building and selling these.
Now, I understand what the function of this tool is. Thanks for explaining
Wow just like James bond and macgyver all in one.. Can't wait to get one and be a super villan opening hotel safes and changing the color of everyones bookshelf leds 😎 I'll bet it even wirelessly wipes the hotel cctv dvr so I never get found out. I heard it also teleports the cash out of your wallet and locates the kill switch in your car.
Really would love to get my hands on one of these, not for anything malicious but to fulfill the child hood dream of having one remote to do everything like in the TV show Hey Arnold
Haha there's thewandcompany that used to make epic sonic screwdrivers from doctor who, I had one the 10th doctor's universal controller sonic, epic quality and did a lot of trolling with it, I almost got 12th doctor's sonic which is even betterm had an extra functionality of emmiting IR at random to "guess" what signal a TV for example used to shut it down
“You can’t get a hold of one” …I guess I should open the box that’s been sitting in the corner of my room for the last 4 months
Ship it? Lol I'll pay I want one like now I have so many devices i can use with this
Yeah, this got me to dig out my second, unopened one and play with it, because my first is in the glove box of my car. I had lots of plans for it originally, but the pandemic kind of put the kibosh on almost all of them. It's nice to have, but it turns out I don't use it as much as I expected. Still love it, and am very happy I backed it.
Ordered mine 2 days ago, already shipped out
Damn crazy new garage door opener
Thank you so much for the information, this is absolutely insane that a single device can do all these things. And even though it is understood that this video is for demonstration only. What comes into mind is: what bad actor or criminal uses this type of device for malicious purposes, what kind of practices or techniques can be applied to defend ourselves from such a variety of attacks, which are kind of in between the physical and information type of attacks. One more time, thank you for your work
Thats why in the smplest terms, use RFID blocking devices in cards you DO NOT want to be scanned in a public setting.
And you know what? Your phone can probably do all these things too with the correct software.
Most bad actors already have made a device like this. For example I have an rfid reader from a car parking lot, which can scan straight through the a rfid blocker to a mini pi. Even though it takes time to scan then put the data onto a fake card/transmitter, its super easy to do after its done.
@@engineer0239 Im 90% sure you can do this with a default android phone. You used to be able to rfid scan cards and then save that data in google pay.
It is not insane. It is reality. You only need a few chips to cover all this spectrum. Anyone with minimal motivation can do these same things with freely available consumer electronics. The rfid stuff can likely be done by any cellphone with rfid built in. The issue is not the device, the issue are the vulnerable products multiple industries have ignored for years. They made devices with no security. The real solution is to add on security with a way for the owner of the car and only them to bypass or authenticate. Adding security without an owner bypass or authentication api just increases the chance that a modder trying to do something legal breaks the security to tinker with his owned property. Comma ai is a good example. They need to plugin to the canbus to add self driving features to different models of cars. Toyota slaps on encryption that the owner of the car has no bypass or authentication method for, so their is an effort to break the security which may help thieves. If car makers ensured owners had a bypass to security, then no one would worry about cracking the encryption and less scrupulous people wouldn't get to reuse legal modder bypasses to steal cars. Don't expect fixes because device makers won't give owners apis they can use to bypass security. So as they add security to devices, modders will crack it all.
FYI microcenter has all the parts you need to make your own from scratch (although more bulky)
oh i bet they also have the firmware to make the frankenstein device function too!
What’s the kit called? I just mostly see raspberry pi kits etc
@@sweatyearth7458 You do realize this type of software is primitive right? It can be replicated or just downloaded online.
Yep. I like you David. Nice, clear and ethical demo. Thank you sir 😊👍🏼
At this point I realize the best place to save important stuff is in the mattress 🙃
Great work David. I also deep-dived into the Flipper. It's a shame you didn't demonstrate the wifi board. What amazing things are possible!
Did you ever spent some time in South Africa ? Accent sounds familiar ! Thanks for your content
It's a convenient tool and useful to consolidate keys but note it won't copy encrypted keys. Also generic RFID copiers can be bought very cheaply. The bad USB however is very handy
For the rfid you can use just a phone with nfc, for the IR you can also just use your phone, bluetooth you can also with a phone with bluetooth. Unfortunatly, I dont know if there is a way to use a phone as a bad usb, but bad usbs are pretty cheap, you can buy one for less than 15$
That's pretty much what I was thinking. My old Galaxy S5, I think, has everything I need, other than the software it'd need...but I do have an IR remote program on it, which is the primary reason I keep it, since newer Galaxy S phones don't have IR anymore. I've had fun with using the remote app at bars, especially when someone decides to put some garbage on the nearest TV. I hadn't heard of "bad USB" devices before, but then, my interest in such things has waned over the decades. I suppose I'll have to look into the subject, now I'm aware of it.
The Flipper Zero supports a range of features including the capture and replay of Sub 1 Ghz signals. You would need a PandwaRF or another device to capture and replay these types of signals with an Android phone. In the first part of the video I showed some clips about what others have done with the Flipper Zero (unlock cars, open boom gate, tesla etc), but as mentioned I did not show all it's capabilities in this video. See their website for more features such as iButton, GPIO etc
@@davidbombal yeah, I know that, I just saw lots of people saying that they whould like something like this gadget, I was just showing that they don't need to spend that much money to accomplish the examples that you showed on the video. The tech in that gadget is amazing, but for most people a phone whould be better xD
@@davidbombal Remember when you mislead more than 50% of this comment section into thinking you can clone credit cards with this
If you have normal access to a building where everyone uses rfid to access it. You can walk in close enough to another employee and gain access to the building. So you do have to be careful.
So basically the Flipper Zero could clone a Yubico or another security key in transit to the recipient. As there is no RFID Blocking in the envelope / package. Thanks David fo r this i nvaluable information 👍👍
This reminds me of that scene in iron man when pepper puts the little hacker in the bad guys computer, feels a lot like that
This device i feel could easily be converted or installed into a Android phone i feel to make it less conspicuous. And maybe even expanded upon since it would also be a phone, imagine having kali nethunter and flipper zero run at the same time?
The ir remote is enough for me . Used to have a watch that would control anything ir it was awesome 👌
Casio CMD 10💪
Same with my old mp3 player funny enough lol. Was great fun switching tv's and aircons off at school back in the day.
I just love this channel even though I don't understand nothing 😂😂😂😂😂 Just the basics 😂😂 So far, I understand that's a scanner to scan internal codes and open it when you loose your remote?
Guys, just try to bite magnetic locks and similar devices with a shocker ( self defence ) . If nothing happened - try to change the settings/power . It is a 100% simple lock opener
I believe your android phone can do most of the stuff that the flipper zero does. You just need it to have nfc and Bluetooth as hardware +Linux or a custom rom for android with open root.
The remote connection seems like the most unique feature. But otherwise, it's just a handy tool that.
The design is hilarious! Does Flipper refer to flipping someone/off? It looks like a kids toy and has a childish dolphin(love the dolphins design and animations) but being such an advanced piece of tech😂
my goodness this is wild, I had a device to do health checks on my pulse on the NYC subway/ and NJ Transit train 2020-2022 that always would give me crazy improper pulse read outs(super high, crazy oscillating numbers or super low extremely low like you think the device is broken low lol ) several times for weeks straight, when I got in my home or out of range of the NYC subway and NJ Transit train station the device work as normal, now that I see this hacking device I know what's up, thank you, I can secure myself better now (also my iphone 7 pulse checking was giving improper read outs (super high or super low very low ) as well this is crazy ) this should not be on the market lol wow, I'm not saying someone hack me but this shows electrical signals need to be monitor as well !
This might just be one of the coolest and most useful products I've ever seen. I'd have it and use it everyday if it weren't so expensive.
For the rfid you can use just a phone with nfc, for the IR you can also just use your phone, bluetooth you can also with a phone with bluetooth. Unfortunatly, I dont know if there is a way to use a phone as a bad usb.
@@YachtyBurner I had a phone that could send IR. I used to use it to change the channel on the TV. It couldn't read IR though, only send. The feature was called IR Blaster.
@@BrianG61UK Yup, really miss when phones used to have IR blasters like my Galaxy S5. Highly underrated feature with the right apps and now it's almost entirely extinct.
Oh, you can get the money value back pretty fast!
@@BrianG61UK fortunately IR blasters are remarkably easy to build and code. It was one of the first projects I ever built before going to college for engineering
Keep going with this content huge respect
Thanks, will do!
Thank you very Much .
Thanks for helping the criminal element KZhead and you a great team
So fun when everyone and their dog does a flipper zero tutorial and then over night they are being banned from online sales. THANKS SO MUCH FOR THIS!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
since it can be remotely controlled on a phone, they should make one headless flipper with no screen, slimmer and discrete hardware.
I wouldn't call this a hacking device, more like a convenience tool. It just combines multiple tools in one device.
yes. It still need the "consent" of both device to be "hacked"
im not pointing this gun at your head im just motivating you powerfully, go back to scamming grandmas pos
Yes, it is a hacking device with an evil person. Trust no one.
Anything that can take, manipulate, or use technology in ways it was not intended to be used, legal, innovative, or nefariously, is a hack. If one devises a way to warm their flip flops in a toaster without burning their house down before putting them on, it's a hack.
@@Bos_Meong that’s how most hacking works.
Just ordered one , Definitely not gonna mess around with it haha
This would be so helpful for a bunch of homebrew applications!! Eg reverse engineering smart lights for more customized control
Thank you for producing a video on this and making the flipper even more difficult to acquire for those who already knew about it!
I like David Bombal but now I'm never getting one
crybabys
Exactly! I thought the same thing 😢
I literally just went online to buy one after seeing this and of course sold out. I see how criminals are obviously going to use this but honestly it's got way more practical time saving applications for anyone that is a DIYer.
Scary to even try to obtain one. I bet one would end up on a watch list in the best case scenario.