Greetings
I would love to know about the NFC in Flipper, how can I copy my credit card to Flipper and use it in vending machines and all kinds of things like that?
I just tried and didn’t succeed. I would appreciate help from someone who can, thank you very much
2 Likes
Hi! Duplicating credit cards is physically impossible, with a Flipper or any other NFC hardware. They contain non-extractable private keys that are used to sign transactions, which, as you might have guessed from the name, can’t be extracted from the card.
6 Likes
You will find lot’s of fake Flipper videos. I saw one debunked last night that showed someone hacking a power meter with the Flipper. Completely bogus! The fellow that debunked the video is an expert on smart meters and has even given talks on the subject. He was easily able to show the video was impossible.
2 Likes
So the videos of people ironing games or machines or hacking into gameboy psp are not real?
If so, what, for example, can be done with NFC? I would love to know, thank you very much for the answers
1 Like
There are games you can interact with using Flipper. I believe Amibo and Pokemon for instance. There are doors you can open and lots of tags you can read. As you can imagine extra security is involved when it comes to credit cards.
3 Likes
Not sure about the psp/gameboy video’s but there are a lot of features that could proof some security flaws in random devices, but if it is about card-security and cloning/emulation and playing around with other nfc/rfid tags you might want to look into things like the PM3, these are more purpose specific.
1 Like
There is one way around it but I cant say on this thread… There is a way around everything… Never let anyone tell you different…
5 Likes
You can copy a dump of the card, sure. Maybe a replay in time would be successful. But you can’t clone the SE with a Flipper.
And if you are able to clone the SE of a credit card or a Yubikey, you can get very rich. Look your for the Big Bounty programs.
Even if it would be possible in general (not with a bug in just one implementation), I don’t think the people here will be the target audience for jacking secure element.
One half (the Flipper Devices team) needs to stop it for legal reasons (beside, I doubt the flipper will be powerful enough for any practical attack).
The other half are more like Skript Kiddies and enthusiasts. The needed knowledge would be far from easy to understand.
And the last 0.5 percent are skilled enough to don’t discuss the topic here.
Most applications when I get in contact with SE, the implementation is a own OS on the Smartcard. The OS is very closed, so it will take up to 3 values, does in the blackbox some kind of crypto magic, more like salted elliptic curve less like Blockchain, and give a result that can be verified.
In plain not more than a 2GA token. But not accessible from outside. The device (card) needs to be registered individual, the granted access can’t be transferred.
For example, if you pay with your card or your SmartWatch, you have two independent registered devices on your account. Not one key on two devices.
If I am wrong, so shall it be. But the meta comment gets us nowhere.
Unfortunately I can’t prove my statement, because it is not existing.
5 Likes
It’s possible that a way around is ROCA.
2 Likes
True there is always a way but there is no currently known exploit. The Flipper will never be capable of grabbing the secure contents on it’s own. I suspect the only exploit within reach of the Flipper would be a relay attack which is far from cloning.
There are plausible attacks like glitching using the correct equipment that might allow a dump of the secure keys but those would almost surely require physically attaching probes to the card.
If you have something I missed PM your theory.
Yeah , if you take a couple of weeks for vacation/work in the eastern parts of europe you will find a fairly big operation of card skimmers and people stealing/cloning cards for profit, so without going into specifics, you could find a way without having much information on the subject. The only thing making it a bit safer now is the 2factor features most new cards offer so you have to confirm bigger expenses on a mobile application for example, but there are still a lot working already known flaws in security for CC’s.
2 Likes
Virtual cards are excellent as well! Pretty much all I use online now.
1 Like
Yeah, this reply sounds like AI-generated, but you sure didn’t forget to paste a link to advertise scam site. 
1 Like
Ok, a second post does seem a bit suspect. Particularly since it doesn’t add to the conversation. I see this is already flagged but as a group we should flag any future posts. This one does look AI generated too.
1 Like
You never know these days. It might be a fully automated interaction and nobody is actually here. Are you wearing your foilhat?