Wall of Flippers Busts Flipper Zero BLE Spammers Red Handed!
Vložit
- čas přidán 30. 12. 2023
- After making so many videos about BLE Spamming with the Flipper Zero, I wanted to highlight an awesome community project, the Wall of Flippers!! After initially being created to collect the names of Flipper Zero's at Defcon, devs Kiyomi & Emilia added functionally to actually detect these BLE spammers so they can be found accountable!
Did I mention that PCBWay can actually help you design your very own PCB's? No longer do you have to learn how to use complicated software to design your own, PCBWay can help you all along the way! Check out their services here! www.pcbway.com/design-service...
Wall of Flipper GitHub : github.com/K3YOMI/Wall-of-Fli...
OwlSec Discord : / discord
-----------------------------------
Check Out The Official Squachtopia Hangout Discord Server!:
/ discord
-----------------------------------
Support the Channel at my Patreon!!
www.patreon.com/user?u=29290751
-----------------------------------
Follow me on Social Media!
TikTok : / talkingsasquach
Instagram : / talking_sasquach
-----------------------------------
Email the@talkingsasquach.com for Partnership/Sponsorship Inquiries - Věda a technologie
Thank you for the shout out! Your videos are legit a breath of fresh air so thank you for that. Oh, I won't go into anymore Apple Store with my Flipper ;)) (Hopefully).
Lol, I've been wanting to shout out you and your community for ages! Thanks for creating an amazing community!
Bought my flipper today after watching a few of your videos. Subscribed as well!
In regards to the kernel access with your phone, how do you look into what access you can get? I was considering buying a $30 Nokia smartphone for Nethunter myself, but I would like full functionality.
Kinda cool! But I see a few issues:
1. It clearly says "Discover Flipper Zero Devices (Bluetooth must be enabled)". As Bluetooth connection is slow on Flippers, most people disable it.
2. The name of the device can be changed, easily. An even if the address is not changeable one would still not see the device if you disable Bluetooth in settings.
3. BLE spam creates new addresses all the time, as they are not the real one. So, you would be able to see that the attack is ongoing, but zero devices around.
Exactly. None of this makes sense lol.
8:46 to be honest, BLE Spam is open source, could've just looked at how the packets are made lol. Or even just ping me, I have no problems explaining how my code works and what it does :D
Wow hey man I’m a huge fan of what you’ve created. I had a questions about creating custom text and images instead of just sending ‘apple pairing devices.’ Could you provide any insight on whether this is possible for iOS devices? Thanks man!
What's your discord
Happy New Year Squatch!
Happy newyears dude!!! I would love to see an app of this on my phone to find other flipper users. Be sure to make a video on it if it ever happens and may everyone that reads this have an awesome 2024
I’m new to all of this and I love your content. Do you have any more suggestions on who to follow to become a master at the flipper zero?
Nice video sas keep ip the great work!
I’d like to recommend keeping your rgb lights in the background on a solid color, Just to make your transitions just a little more seamless !
I'll see if I can find it, but there's a thing where you can "compile" or "bundle" depending on your preferred terminology - a python script, it's environment, required libraries etc into a single EXE for windows or APP for MacOS and I believe something for Linux too. Also have the option to build a UI too!
was thinking about that, I did update the documentation for the packages and such.
In fact, I'll look more into that!
Man, its been a journey learning about all this stuff with you. Thanks for everything. You ever thought about doing some videos with the HackRf One Portapak??
Right I modded the fuck outta some and ya thats way better than this but I use them together makes the flipper nice
Such great talent in the community. Love to see new stuff like this. 🙌🏼
Thanks!!!
NGL I've been using Unleashed and I was at a NYE party with a friend and did the "Bex Toy" ble and she started convulsing and I knew it turned her toy on remotely it was hilarious. 😂😂
could wall of flippers be run on Flipper itself or more likely ESP32? That would be super cool to detect other flippers with your flipper :D I love that I can at least detect near flipper on windows, I might look into why BLE detection doesn't work.
This is amazing! It would be cool to get this as an actual app on the flipper for more portability. I don't know much about app development so this is just an idea. Again this is an awsome video.
Thats a really cool idea!
Not possible, flipper only has the light BLE stack, it cannot see or discover other nearby devices
@@WillyJL Would it be possible with some sort of Bluetooth antenna or adapter in the GPIO?
@@oisin404 if you are up to find a chip that can do that, build a board for it, then understand how it works, and write all the code for it on the board and flipper side, plus figure out how it's gonna show on the tiny flipper screen, sure it's possible. No one will ever do it however.
But does this work for Esp32, or SDR based devices? Flippers are not the most common device used in these attacks anymore.
It's not just for flippers. The BLE based attacks should work and if not, a suspicious advertisement will popup with a total amount of mac addresses contributing to that advertisement. For the esp32 or SDR based devices. I have not tested but I will look into expanding into more technologies in the future. So far, there are 3 main ways of detecting the flipper through BLE. Name, Address, and Identifier. Code def needs some work as its a bit messy.
Where do I get one of those transparent after market cases?
Happy 2024! Gonna get me a Flipper this year & take the plunge into my new career.
Your money would be better spent elsewhere if you want intro toys for cybersec
I feel like the wall of flippers wouldn't be hard to counter. There are some signal jammer files for the flipper that have made rounds, but are federally illegal 👀
One flipper to jam and another to... Spam?
yeah, can't really do much about that besides hope it doesn't happen. If someone is truly wanting to counter it, they would just turn off their bluetooth lol
It's sad, but as we all know, some people think that just because they 'can' do something, it's somehow okay for them to do it, screw everyone else.
I'm old......old enough to remember the Tylenol "situation" in 1982 in the Chicago area. Whether someone just hated people, somehow thought it would be entertaining or whatever, it cost seven people their lives, including a 12-year-old girl. It's now unbelievable that we could have gone until 1982 with really no security methods in place, before something like that happened.
Flipper Zero : Advanced Warfare
Apple patched the Bt attack weeks ago
If you are set on using your onboard bluetooth you might want to consider using a bootable usb stick instead of virtual.
Then again there is always the option to get a dedicated machine and go bare metal.
Be aware that kali lacks any security features and its not a daily driver OS.
All very good points! One thing to keep in mind is that I have to record everything, so while running a live OS does get around some of the issues with hardware, it does make it a lot more difficult to record.
@@TalkingSasquach don't know what you normally use but for example OBS runs perfectly fine on Kali.
But that's indeed a valid argument.
And for anyone that doesn't believe they make kali broken on purpose, and doesn't want my screenshots, just ask yourself:
Why is it that anyone with fingers that can use a kayboard can boot raspbian on a pi, apt install any tool, and roll.
Yet somehow every release of kali requires 20 patches, nine fixes, alternate repo's, asshat workarounds and 4 hours of delving through forum posts to figure out how to fix the traps the kali team laid for you.
It's a simple question: why is a "hacking distro" the hardest to use as a hacking tool? Further, why is EVERY noob that gets arrested running kali?
You never hear about some 14 year old getting popped running pumpkin pi 3 in raspbian. It's always some noob running kali.
Answer me this: why is it that in every rolling release of kali for years, the mac randomizer and the default installation of proxychainz turns themselves off and don't actually provide any op-sec until AFTER you fix them manually.
I didn't know you totally switched methods when I told you about the kernels. 😂
The was no custom kernel for the TCL and i didnt want to wipe my Nothin!l ol
good info sas!
This is why you only do this attack when is necessary
This on the steam deck would be epic
Will this work on a RasPi? Then I could go incognito mobile.
Yup! it was originally used on a RPI3 i believe
@TalkingSasquatch do you have a store?
Mighty Sasquatch, I just got my Flipper, but I've got a question, and I'm pretty sure you can help me out. One thing that got me pumped about getting my Flipper is the idea that I could duplicate this UHF tag/sticker I have in my car. I've seen some info about needing a YRM100, but it's a bit confusing. Can I pull it off with different software, or do I need some new hardware? Thanks for your videos! 🤟🏻
found this channel last night after I was thinking about buying a flipper and have been absolutely ripping through all of your content. Very well made and very informative! loving it
im a noob dev but studying cyber at uni (already doing C and R programming). done a bit of python so im willing to give it a go
Can you please make a root tutorial for the nothing phone 1 I tried so many times and it didn't work
It can only find them with BT enabled yea?
Correct, however - BLE advertisment spam detection would still work with BT disabled.
I can't find the video you make from BLE spam MAIN. Because the xtreme firmware works ble spam but not for far away.. that video was way better. When you have time can you share the link.. thanks for everything. Happy valentines day. God bless you. 👍
This might finally get me to get off my ass and set up Kali on the spare device I got from work (I keep giving away computers I get to take care of my people). Be kind of interesting to see if I can "meet" other Flippers on the way to work.
bruh i my extra nothing phone 1 was a hastle to get out of bricking for a sec. i rooted, and installed custom majisk modules... so envemtually i hsd it in bootloop. it was a fun learning expierence but i did get it on the latest OTA and is back to factory working. but it was gonna be great...never got to use it though:(
TikTok hand gestures aplenty.
sasquatch is a hand talker apparently. maybe they are part italian
Good video, kinda wish we could have gotten to the 6:00 minute mark quicker though.
attention-span of a 5 year old
What did you use for a Bluetooth adapter?
Who else is throwing this on their Uconsole? 👍
Lol exactly
God creates the Flipper Zero on one hand then tries to take it away on the other by taking away some of the fun it was deigned for....Must get me one.......
with great power come great responsibility. dont be skid!
Good shiat man! Also you must the first one ever to ls with dir in linux (5:20) x)
Shouldn’t this be easy enough to actually run on the Flipper itself?
To be fair, I'm surprised apple products don't just crash at random without help.
Also android medical devices; that worries me. I'd expect a completely ground up custom OS, not some slightly modified Linux distro for mobile devices.
Scary thought hey?! I can see reasons why they could be android based but really as a consumer hate the idea. I don’t mean to minimise anyone’s reliance on medical aids but I’m hoping it was more along the hearing aids lines of device than others that could be much more detrimental.
imagine dying by a flipper
This
Unfortunately not.... As an IT for 7 years, most medical systems and devices operate on Linux, android, or worse.... Windows...often XP... Im not exaggerating. It's chilling.
Ha! I'm one of those diabetics running Loop (google loop docs) and potentially vulnerable to BLE spam.
But are you a furry?
"If I wasn't able to fix [my insulin]"... congrats on restarting your device lol
Exactly
I can't use my kali anymore RIP...
Lol. I was just warning a new Flipper owner about this yesterday. Now I can send him your video.
Meanwhile Me in Guangzhou selling flippers to Americans
Make this an flipper application
Minus a pine phone pro I've tried multiple phones I've set on one plus 7 pro 256 gb
The newest update was garbage it downgraded my flipper and then my pc with all my files went into bootlocker mode fuck me right 😅
Newest update of OFW? If so you slightly gave me a panic attack thinking it was my script if thats the case hahaha
Yay
you should make your own Linux phone its actually really easy and so much better than having android or ios
Yeahhh
sup
Eventually average Joe flipper users will be seen by using an app on iOS or Android. Game Over after that. It will ping your device as if it is an apple Air Tag. Like games there’s glitches and the developers see things get out of hand if they can’t patch it well they can deflect it. Use your flipper responsibly.
This makes no sense. Wall of Flippers isn't even a challenge. This entire story is hollow dude.
This thing can only see a flipper if it's bluetooth is on. And it can't really foxhunt.
damn, am i stupid or is that useless af? i mean cool u know the name of my flipper congrats for that but if im hiding it in my pocket how do u know that i am the owner of this flipper, if there r like 20 other people in that room? i personally dont use the ble spam btw it was just an example
Someone can use a directional antenna and triangulate someone based off their Received signal strength indication. This data alone (with no fancy antennas) would be quite difficult to triangulate someone. However, with the right tools you could attempt. Bluetooth itself is hard to track but with the right tuning and tools. You would be able to accomplish it eventually. I did add other ways of detection a flipper which includes the Flipper name, Flipper Address, and the id corresponding to the flipper type (White, Transparent, or Black). Additionally, this project isn't really used as a mitigation tool but more of a fun project to mess around with. BLE Exploration is quite fun and once you start to learn it, it's hard to go back lol.
@@k3yomi damn okay but if someone, with a hidden flipper, makes the apple crash and there is one person with like 30 antennas, i would be scared that those people think that the antenna guy made the phones crash and not any other dude with a hidden flipper u know.. but anyways i highly respect that work keep going!
We slap a sign on the chest with the text "Flipper police" lmao
All seriousness though, the phone crashsploit for iOS was patched a few weeks ago.
I don't think this dude knows what skid means lmfao
oh, do tell!
@@LuxGamer16skid is short for [S]cript [KID]die.. which is exactly what squash is
Lololol
I challenge you to do a video without moving your hands.
That's gonna be a no for me dogg
How do we protect against this?
lol you dont even need a flipper anymore for ble spam. a random anroid phone can do this.
Hence suspicious advertisement implemented. It does state once a ble method is found above: "These packets may not be related to the Flipper Zero."
LOL there is something magical about hackers countering annoying/unethical hackers with hacks.
If you have wireless enabled at DefCon, that's on you 😂
what about ppl using medical devices?
(:})-|--[
Wall of Flippers is not fancy in terms of detection and also isn't necessary up to my programming standards. However, I'm always looking for improvements and criticism. :3
Yeah I'm not a fan of c I like lua more@@k3yomi
Lol silly furries.
Hold up, so someone almost sent a furry to the hospital with a flipper zero? pfft hahahahaha
Not funny. They could have died
@bru681 lmao, a fate too kind for furries.
@@BRAINROTcomps furries are people too yk. Plus What have furries done to you
@@bru681 nah furries are like one step up from p3d0s in the circles of degen hell
@@bru681your pfp is worrying
Spammnig phones can be a little funny until they use it as a medical device. Whoever attacked at the convention should be ashamed of themself.
Cool virtue signal, learn to code
Devices like the flipper should really require some sort of license or a way to easily track anything they do back to them
EDIT: I wrote this before starting the video, this is amazing!
Imagine saying this.
The second amendment covers ARMS. Cyberweapons are ARMS. The government has no right to regulate them.