Flipper Zero next level

Hi David! Been watching your content for a long time, and am studying for my CCNA now. Your hacking content is very interesting, and I'm glad you're still making high quality content for everyone!

From many flipper zero videos up here on CZcams you make the best ones- and simple to understand.

I have never been happier that my vehicle is a 1992 without remote locks.

I ordered mine on 14th of October to germany and its still in transit...
I have a experience in RF and in specifications terms the Flipper is indeed not very impressive.
But what the flipper does great is making these tasks very easy in a small package.
When I do RF stuff i need a computer, a Software Defined Radio and complex software packages that are beyond most of people.
The Flipper Zero will definitely push forward the evolution of security in these fields which was almost stuck for many decades!

David, thanks for the video. It really made me aware of how easy it is to unlock those devices. Far as I know my 2015 Honda Fit uses a passive keyless entry system and is not vulnerable to this type of attack. I rarely ever use my key fob to unlock the doors as it's automatic when I touch the door handle. It makes this type of attack very difficult.

Can you use the Flipper Zero to unlock cars? What about bicycle locks? Door bells? Well... let's find out!
// Discount //
Get a 5% discount using my affiliate link : lab401.com/r?id=42cm8b
and/or use code DAVIDBOMBAL
// Menu //
00:00 - Intro
00:25 - Disclaimer
00:33 - In this video
01:08 - Unlocking Cars
02:13 - Rolling Codes and Vehicle types
02:28 - Discussion with Occupy The Web
04:12 - Reading and Sending Key Fobs
06:22 - Doorbell Example
06:54 - Other Vehicle Brands
07:44 - Unlocking Bike Locks
11:44 - Unlocking Doorbells
13:23 - Hacking Alarm Systems
14:30 - Conclusion
16:06 - Outro
// Previous videos //
Flipper Zero Episode 1: czcams.com/video/VF3xlAm_tdo/video.html
Mr Robot Car Hacking: czcams.com/video/5LvqU3-iINk/video.html
// Great resources //
Awesome Flipper: github.com/djsime1/awesome-flipperzero
Bad USB: github.com/nocomp/Flipper_Zero_Badusb_hack5_payloads
// CVE-2022-27254 //
NIST: nvd.nist.gov/vuln/detail/CVE-2022-27254
Mitre: cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27254
The Register: www.theregister.com/2022/03/25/honda_civic_hack/
// David's SOCIAL //
Discord: discord.gg/davidbombal
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
CZcams Main Channel: czcams.com/users/davidbombal
CZcams Tech Channel: czcams.com/channels/ZTIRrENWr_rjVoA7BcUE_A.html
CZcams Clips Channel: czcams.com/channels/bY5wGxQgIiAeMdNkW5wM6Q.html
CZcams Shorts Channel: czcams.com/channels/EyCubIF0e8MYi1jkgVepKg.html
Apple Podcast: davidbombal.wiki/applepodcast
Spotify Podcast: open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
// MY STUFF //
www.amazon.com/shop/davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.

This is a great series! I hope to get my hands on one one of these days!

Keep making vids about the flipper. I really appreciate them.

This is really interesting and helpful, David
Thank you for spreading your knowledge

This is next level gadget
Thank you sir by giving such a wonderful content even through its night in India I do watch your videos and go to sleep

I wished I'd seen this video sooner. I spent the last few days studying radio waves just to learn how my flipper works.

David you are one of my favorite youtuber. Great contents always. Keep it up.

First video I seen from you and I'm really enjoying your content. Definitely hitting that subscriber button and bell notification. Keep up the good work 💯

I like David's quieter style, I was a little disappointed to see the jump cuts to pop culture & viral clips. All in all, I'm grateful to David teaching me this stuff. Real security advice from a real security guy!

really very informative and without filters...you are a boss David...

Can't wait for more about flipper zero brother you are really good and informative

Definitely curious about the brute force rfid application and would love to see it pop up! Thank you for your work

Thank you for your video David, I think the Flipper0 for its cost is really powerful 👍

Always appreciate your videos.

Ordered it last week. Looking forward to using it

just got my hands on one, it’s a great powerful little device to learn with

Keep these flipper videos coming! Great stuff. Thank you!

Couple of things worth mentioning that I've discovered make it even easier. Features that might not have been included 7 months ago when this was recorded.
* When running the frequency analyzer, you can select the frequency as it is detected, in that list that pops up. Doing so, takes you right into the read function. From there you can go to config, and set the raw option, to record, if it's not already. This way you don't manually have to enter the frequency info to record. It's also worth noting you can adjust the RSSI up, so that you can filter out weaker signals. Usually ones further away from your target device.
* If you are recording raw frequency traffic. You can adjust the RSSI up here as well, so it's not detecting the background noise or frequencies of devices further away. By doing so, you not only ensure you are capturing the wireless signal of the device you are testing. But also you can just hit record, and leave it running. It will then ignore those weak background signals, and not record until it sees the traffic on the set frequency, at the strength given. So if you and your neighbor have the same doorbell device. It ensures it captures your device and not theirs. It also stops the recording as the transmission stops. So if you were to try and do a walk by recording of traffic in the wild. You could set it to record, with the raised RSSI filter level, then put it in your pocket. Walk past the target being triggered on that frequency. Then see just that transmission, without having to hit start or stop in the moment. Making for a cleaner signal to replay, and allowing the recording to go unnoticed. Which is kind of cool, and scary at the same time.
To the comment of the bright orange cover. I thought this was an odd design choice as well. However, this device to most folks just looks like an electronic gaming device or something. It doesn't look like your typical black box hacking hardware. So it hides in plain sight, which can be more effective than you realize. Also with the remote stream via bluetooth function. You can run the entire thing from the smartphone app, as it sits in your pocket, bag, what have you. So it really doesn't matter what it looks like. But making it look like a toy (security through obscurity, yet in plain site) is almost an added perk for reducing suspicion.

David gracias por compartir tus conocimientos, se aprecia mucho

Thanks David you're always the best

Appreciate your efforts. Need more detailed videos on it

looking forward to more flipper videos! :)

Always informative

Bought mine today excited to play with it

This episode was great, thanks for listening to your comments 🙏

Nice!!! Thanks David

Love it, still waiting on my Flipper to arrive. Could you go over the IR capabilities in addition to the ones you mentioned for upcoming videos? Thanks keep up the great work.

Car manufacturers love things like this. It allows them to say "oops" about their older line of cars, and sell more new cars with the fix. Since it's not necessarily a safety issue, maybe they aren't forced to do a recall or even care.

I've been trying to get one in the United States. Difficult without paying an arm and a leg. Great video as always 👍

Always Great Content 👍

Thankyou for the videos on theFlipper Zero. I have had mine for a couple of months now from the kickstarter campaign. Are you able to make a video and show or list what git repository is the best to load on to the flipper?

David...any info on if Flipper can still effectively scan trough RF cards stacked 2-3 thick??? Also, is the RF signal ranges a finite set of frequencies or can it be infinite in specific number of ranges (sorry i was too lazy to self learn this just yet)?

Ordered a flipper zero and 3 work collegues are also getting one lols. Want more flipper zero videos thx

You could show the unleashed version of the firmware and the Sub-GHZ brute-forcing. That way you don't really need to record the signal and if it has a rolling code, it would still work

Hi David, thanks for your work,
Wouldn't it better for more clarity in the signal to capture it just with the read fonction when possible ?

Thanks for this video❤

Great video, thanks! Could you make one on using rolling codes with Unleashed firmware?

nice one david

Thank you David

For the bike lock - I would think that each lock comes with its own unique identifier for the signal; so you would need to have the remote of that specific lock to copy the signal and unlock it. Otherwise all locks with that type can be unlocked with one remote. Crazy nonetheless, makes it more convenient to execute attacks

What’s the range of the flipper for recording signals. On average. I know that there are a lot of things that will affect that.

Hey David nice video

So if you do not use the fob to lock/unlock your car, then you can be sure your can not be hacked by a flipper?
Only use the actual key and disable the fob option would be advisable?

This would be excellent. The remotes that come with the NVR for my camera systems do not have codes listed. That way I could add it to a universal remote.
There’s several brands of universal remotes that I can actually put the codes into, but I cannot copy them . This looks like it would be something worth purchasing.
Thank you for sharing and thank you for not having any music in the background .

I would love to see a compare with the HackRF One + PortaPack. Does the Flipper have added value to that?

I chose to support the Kick Starter project that was created to launch the Flipper Zero and I really love the device. People who suggest that the Flipper isn't a powerful device simply don't understand it. With the ability to add expansion boards to the Flipper the possibilities are endless! This is an extremely powerful device that can be easily carried around and used discreetly. If you are interested in a Flipper but aren't sure if it worth the price tag, let me just reassure you that's it's EASILY worth the price tag. I highly recommend a Flipper.

Does the device leave a foot print or breadcrumbs?

you have got great videos!!!

Defeat rolling code: jam and record first tx, jam and record second tx while tx'ing first. You now have a working tx. Ignition will require another tx, though. Ignition you can use blank SKIM ECM

It's like a script kiddie tool but for radio. Making things easy, but also easy to learn from like 1980s cable scrambling (level shifted video sync and switched brightness inversion) when compared with an encrypted mpeg2 stream. I have a nephew who would love one.

The fun people are going to have playing with a flipper while in traffic.... this is just the beginning lol! Makes me like my 1973 truck even more.

They finally started selling these in America. Wife bought me one for my birthday can’t wait!

What file format do the raw rf signals get saved as? Are they just wav or mp3 files that can be later modified/ cleaned up in audacity?

great vid!

Very informative video. The part that is missing is range of reception. Can you effectively get close enough to any of these transmitters to capture them in the wild?

impressive!

looks like a pranksters wet dream! the only use I would have for one is to turn the tv over when the Mrs takes ownership of the remote :P

Thanks man, to show me how it works with Flipper Zero

Man I love you're videos
I have a question, how far can you be and still capture the signals?

Is there any technical difference between the version of the Flipper Zero that is sold in the USA, and the one that is sold in other countries like Spain?

This is fascinating. You could do something with custom built Arduino stuff too, but I got my FZ because I want to learn more about how this tech works, and how to keep my property safe. I didn't pay off my car to have someone break in! They're going to have to cut their hands open through the glass if they want my nintendo switch! Absolutely fascinating. Cool that you can replicate amiibos for the switch as well.

Hi David, where can i find the latest info, on when they may be available in the US market

I would like to see you use the GPIO Sentry Safe plugin.

There's the yardstick one, size of a usb stick. I wonder if you can use that with a phone running termux.

Hey David, what is the software you use to record the flipper video in your CZcams video? As always, thank you!

With the alternative firmware it can decode a vast variety of rolling codes and it works just as easy as with the door bell. I have 3 garages, 2 ramps and some barriers memorised and they all use rolling codes and they work like a charm. Not to mention NFC decoding and emulating. If you think it is not a capable device you don't know how to use it P.S. Oh yeah David amazing content as always. Thank you

Thanks David, can you show the Wi-Fi adapter board in the next video? I assume is just for the 2,4 Ghz Band.

How close do u have to be to record the signal tho probs needs to be right next to it ?

I was going to say, you can still use the flipper zero to unlock/lock rolling codes, but you got it 😀
Jam signal, capture first code, and second one when they hit their button again. Then send the first code. Now you have a future code to use.

I have a Honda Civic Type R and I tried to use the flipper zero, but for some reason it has not worked. While now with your good explained video I can give it another try. Before I wasn't really aware of how to handle that thing with Emulation and also not fully sure about the frequency. But the thing I was really wondering about is, if it would also be possible to emulate the key fob of the keyless system to start the car. But I have expected that this has more likely to be something like a passive signal, so I expected this won't gonna work? At the other hand you're telling, in the video, that they have been able to open the doors and remotely start the vehicle. So how is this gonna work?

Can you try bruteforcing the bike locks?

Thanks David, great video :) it would be awesome if you could test the Flipper Zero on youbikey and WIFI networks :)

You would have to be away from the car with the key fob and record the unlock. Then you'd have to use the flipper to unlock the car before the key or else it will not work. Basically, it only works once because of rolling codes. So unless you can defeat the rolling code security it's almost useless.

Very interesting. Does this Flipper thing also go into W-Fi? 2.4Ghz. 5Ghz, and even 6Ghz? I imagine the resolution of the spectrum analysis is very bad but it provides a lot of clues so to speak.

Question. Often on corporate campus, or network rooms (smirk), there will be a credit card type tap device. Can the Flipper work to capture those security devices?

but to capture those signals do you need to obtain the device or be really close to it? if you do then how can i scan at a distance ?

Thanks, David for the awesome content. It would be nice if the device was offered to ship to the US.

Is it possible to implement software such as ‘GNU Radio’ into the flipper whist retrieving Sub-Ghz frequencies or be able to connect it to a device such as a raspberry pi?.

What if you save the signal send from a car key without the signal actually being received by the car at first, would you than be able to open the car with the flipper? Since the code didn't get received yet?

Is it possible to increase the signal distance of the flipper by connecting another device that strenthens signals..

Super

Thanks.

Amazon started suggesting I buy this and found your video thru a comment posted on ig. Great stuff but odd suggestions 😅

is it possible to brute force locks that would normally use a keycard to unlock, if there is can you show us how?

I have a fleet of Ford Transits. Would this work on them and for multiple vehicles. I'm thinking it would be nice for inventory, and for getting monthly mileage readings without having to take all the key fobs with me. Just wondering. Thanks

From my preliminary youtube research, it appears you can really open up the specifics of this in terms of scanning and sending if you edit the internal code values/limits of the firmware. Still working out how best to do that but it seems worth exploring. ***THE MORE YOU KNOW!***

If this could capture fire engine visual (and in some systems, RF) traffic signal light overrides, that would be a whole different level. To educate them about the flaws in their system and not to use illegally, of course.
(Since the Flipper Zero has both multiple frequency IR TX/RX and RF radios, this should actually be possible. But their system might be designed with challenge/response, not sure.)

Love you man

If the first unlock signal is blocked and captured and they send another unlock signal that isn’t blocked and reaches the car, will the captured signal still work?

It seems like the flipper zero would be capable of syncing to your own vehicle similar to a new key fob would. It may not be ideal for hacking, but can it do this?

You said in this video that in a previous vid, you demonstrated cloning key fobs, but I don’t see anything about key fobs in your previous Flipper video. Was it deleted or smtn?

What "custom" firmware do you use??

Excellent video, now you have to tell me, where did you get that Wall-E from? It's adorable!

Could you show whats the reach of the signals?

hi david, i have a question, can kali nethunter be run and used without root? if so, how to do it?