How to duplicate my credit card?

Greetings
I would love to know about the NFC in Flipper, how can I copy my credit card to Flipper and use it in vending machines and all kinds of things like that?
I just tried and didn’t succeed. I would appreciate help from someone who can, thank you very much

2 Likes

Hi! Duplicating credit cards is physically impossible, with a Flipper or any other NFC hardware. They contain non-extractable private keys that are used to sign transactions, which, as you might have guessed from the name, can’t be extracted from the card.

6 Likes

You will find lot’s of fake Flipper videos. I saw one debunked last night that showed someone hacking a power meter with the Flipper. Completely bogus! The fellow that debunked the video is an expert on smart meters and has even given talks on the subject. He was easily able to show the video was impossible.

2 Likes

So the videos of people ironing games or machines or hacking into gameboy psp are not real?
If so, what, for example, can be done with NFC? I would love to know, thank you very much for the answers

1 Like

There are games you can interact with using Flipper. I believe Amibo and Pokemon for instance. There are doors you can open and lots of tags you can read. As you can imagine extra security is involved when it comes to credit cards.

3 Likes

Not sure about the psp/gameboy video’s but there are a lot of features that could proof some security flaws in random devices, but if it is about card-security and cloning/emulation and playing around with other nfc/rfid tags you might want to look into things like the PM3, these are more purpose specific.

1 Like

There is one way around it but I cant say on this thread… There is a way around everything… Never let anyone tell you different…

3 Likes

You can copy a dump of the card, sure. Maybe a replay in time would be successful. But you can’t clone the SE with a Flipper.
And if you are able to clone the SE of a credit card or a Yubikey, you can get very rich. Look your for the Big Bounty programs.

Even if it would be possible in general (not with a bug in just one implementation), I don’t think the people here will be the target audience for jacking secure element.
One half (the Flipper Devices team) needs to stop it for legal reasons (beside, I doubt the flipper will be powerful enough for any practical attack).
The other half are more like Skript Kiddies and enthusiasts. The needed knowledge would be far from easy to understand.
And the last 0.5 percent are skilled enough to don’t discuss the topic here.

Most applications when I get in contact with SE, the implementation is a own OS on the Smartcard. The OS is very closed, so it will take up to 3 values, does in the blackbox some kind of crypto magic, more like salted elliptic curve less like Blockchain, and give a result that can be verified.
In plain not more than a 2GA token. But not accessible from outside. The device (card) needs to be registered individual, the granted access can’t be transferred.

For example, if you pay with your card or your SmartWatch, you have two independent registered devices on your account. Not one key on two devices.

If I am wrong, so shall it be. But the meta comment gets us nowhere.
Unfortunately I can’t prove my statement, because it is not existing.

5 Likes

It’s possible that a way around is ROCA.

1 Like

True there is always a way but there is no currently known exploit. The Flipper will never be capable of grabbing the secure contents on it’s own. I suspect the only exploit within reach of the Flipper would be a relay attack which is far from cloning.

There are plausible attacks like glitching using the correct equipment that might allow a dump of the secure keys but those would almost surely require physically attaching probes to the card.

If you have something I missed PM your theory.

Yeah , if you take a couple of weeks for vacation/work in the eastern parts of europe you will find a fairly big operation of card skimmers and people stealing/cloning cards for profit, so without going into specifics, you could find a way without having much information on the subject. The only thing making it a bit safer now is the 2factor features most new cards offer so you have to confirm bigger expenses on a mobile application for example, but there are still a lot working already known flaws in security for CC’s.

2 Likes

Virtual cards are excellent as well! Pretty much all I use online now.

1 Like

Yeah, this reply sounds like AI-generated, but you sure didn’t forget to paste a link to advertise scam site. :thinking:

1 Like

Ok, a second post does seem a bit suspect. Particularly since it doesn’t add to the conversation. I see this is already flagged but as a group we should flag any future posts. This one does look AI generated too.

1 Like

You never know these days. It might be a fully automated interaction and nobody is actually here. Are you wearing your foilhat?