- 2 days ago
šÆ Thanks for Watching! šÆ
š„ If you found this video helpful, donāt forget to:
1ļøā£ Subscribe for more bug bounty, hacking, and programming content!
2ļøā£ Like this video to support the channel and let me know you enjoyed it.
3ļøā£ Comment below if you have questions or ideas for future videos!
š Join My telegram Channel for exclusive tips & resources: https://t.me/TheExploitLabX
ā” See you in the next videoākeep hacking and keep learning! ā”
š„ If you found this video helpful, donāt forget to:
1ļøā£ Subscribe for more bug bounty, hacking, and programming content!
2ļøā£ Like this video to support the channel and let me know you enjoyed it.
3ļøā£ Comment below if you have questions or ideas for future videos!
š Join My telegram Channel for exclusive tips & resources: https://t.me/TheExploitLabX
ā” See you in the next videoākeep hacking and keep learning! ā”
Category
š¤
TechTranscript
00:00:00The Flipper Zero is a compact multifunctional device designed for
00:00:05hardware hacking, security testing and penetration testing. Equipped with
00:00:10various interfaces and features, it allows users to interact with different
00:00:13electronic system from RFID and NFC to infrared and radio frequencies. So over
00:00:21here you can see different tools. So Flipper Zero is a combination of all
00:00:28these tools starting with Proxmark 3. So Proxmark 3 is a powerful RFID and NFC
00:00:35research tool that enables users to interact with RFID cards and it is
00:00:42commonly employed for security testing and penetration testing and in research
00:00:47into contactless smart cards. So Proxmark 3 is specific to RFID and NFC and it is
00:00:54little complicated to use but it's a very powerful tool. On the other hand our
00:01:02Flipper Zero is not that much powerful but it's very easy to use. So that's the edge
00:01:08of Flipper Zero. You don't need to know the core technology but with Proxmark 3
00:01:14you should know how the technology works. Then there is HackRF1. So this is HackRF1
00:01:24and HackRF1 is a popular software defined radio platform known for its wide range of
00:01:30frequency and flexibility. It is widely used for exploring and manipulating
00:01:34wireless communication making it an excellent choice for penetration testers.
00:01:41Then there is Raspberry Pi. So Raspberry Pi is a versatile single board computer that has
00:01:49found applications in diverse fields including cyber security and penetration testing. It's
00:01:55a small low cost device with GPIO pins making it suitable for hardware hacking projects. Then
00:02:03there is there is also a bad USB. So bad USB runs malicious code. So all in all Flipper Zero
00:02:13is a combination of all these tools and in our coming section we are going to explore all these
00:02:19technologies just using our Flipper Zero. Thank you. So in this section first we are going to
00:02:26install the desktop application for Flipper Zero and then we are going to install the mobile
00:02:32application for Flipper Zero and after that we will see the different variants of firmware available
00:02:38in the market. So let's just start. So first we have to go on the official site of Flipper Zero
00:02:44that is Flipper Zero dot one. So this is the official site and over here you have to go in
00:02:56download section
00:03:01and here you can see mobile Flipper mobile app and Flipper desktop application. So let's just download
00:03:10the Windows version. You can also download the Mac OS and Linux version as well if you are using Mac
00:03:15OS or
00:03:16Linux. We are using Windows. So let me just download the Windows version and I'll keep it on desktop.
00:03:30So it will take few seconds to download and then we are going to install this application.
00:03:39All right, so it's downloaded. Let's just install
00:03:53and I'll keep it all the default options for now. Make sure you check all these things and let's just
00:04:04install.
00:04:07So once the application is installed you will see the icon on your desktop. So over here you can see
00:04:13the icon.
00:04:14So let's just double click on it.
00:04:21And over here it's asking us to connect our Flipper Zero device. So let's just connect our Flipper Zero device.
00:04:43And over here you can see all the options.
00:04:51So this is the default firmware. Over here you can see
00:04:57all the options.
00:04:58sub gigahertz frequency, RFID, NFC, infrared. So as we discussed in our previous
00:05:06section, these are all the technologies targeted by Flipper Zero. Over here you can see GPIO pins.
00:05:12These are the GPIO pins.
00:05:15And there is I button, BAD USB and U2F. And then there is settings.
00:05:20So over here you can see on the on the mobile application whatever function I'm performing or
00:05:28whatever menu I'm choosing you can see that in the in the desktop application as well.
00:05:34So let's just use our desktop application for now.
00:05:38And we can use our application as well as you can see.
00:05:46So right now we are using the default firmware.
00:05:51And let me just show you the version of the default firmware.
00:05:58So it's 0.94.1 and the build date is 1st November 2023.
00:06:07When you will use this application the firmware might be changed.
00:06:11Right? Because they update firmware very frequently.
00:06:15So in our next section we are going to also see the different
00:06:18firmwares available in the market other than the official firmware.
00:06:23So over here you can see this desktop application.
00:06:27Now let me show you the mobile application as well.
00:06:32So to download your mobile application you have to go on your play store and type
00:06:39flipper 0 and you will see this application.
00:06:43So let's just install this application.
00:06:53So very small application it won't take that much time.
00:06:58And it's installing.
00:07:01And let's just open the application.
00:07:05And we have to connect our flipper 0 device with this application as well.
00:07:10So let me show you.
00:07:12So you have to go in settings.
00:07:19And you have to turn on your bluetooth.
00:07:24Now it's on.
00:07:26Now let's just try to connect.
00:07:32Let's just connect.
00:07:35Let's just pair.
00:07:38And over here you can see the code.
00:07:40This is the code which you have to enter in your device.
00:07:43So it's 0 9 4 6 1 3.
00:07:49And let's just pair.
00:07:55And our device is connected with our
00:07:59mobile application as well.
00:08:02Right.
00:08:02Over here you can see
00:08:05full info option.
00:08:08And over here you can see the device name.
00:08:10It's updating right now.
00:08:12So let's just wait.
00:08:13Over here it's synchronizing the device.
00:08:16So it might take some time.
00:08:20All right.
00:08:20So it's synchronized now.
00:08:22And it's connected fully.
00:08:23So over here you can see all the.
00:08:26Things on the details.
00:08:30Right.
00:08:30And there's update as well.
00:08:33So we can update as well.
00:08:35Right now.
00:08:35Right now I'm not going to update anything.
00:08:37I'm just going to show you all these things.
00:08:41So over here you can see.
00:08:45In archive you can see all these things.
00:08:47We can control our device with this.
00:08:51With this application as well.
00:08:53So those things which you see in green.
00:08:57For these things you have to update your.
00:09:01Your flipper zero.
00:09:02Right now I'm not updating.
00:09:04Let me just show you.
00:09:05The other things which are available.
00:09:06Which are in blue.
00:09:08So we can emulate as well.
00:09:11As you can see on the screen.
00:09:12It's emulating.
00:09:14Let me just stop.
00:09:18For these things like doorbell send.
00:09:23We have to update our firmware.
00:09:24As you can see.
00:09:26Right.
00:09:28All the other things we can perform.
00:09:30Without updating.
00:09:33Let me just try one more time.
00:09:43And we can control our flipper zero.
00:09:46With our application as well.
00:09:48As you can see.
00:09:51Right.
00:09:54See.
00:09:57Right now the application is slow.
00:09:59But still you can control your flipper zero.
00:10:01With this application as well.
00:10:03Right.
00:10:04So in the future.
00:10:06They might update.
00:10:07This application.
00:10:10So this is.
00:10:11These are the two applications.
00:10:13You can use.
00:10:14To control your flipper zero device.
00:10:16As well.
00:10:17In our next video.
00:10:18We are going to see.
00:10:19The different variants of firmware.
00:10:22Available in the market.
00:10:24And which firmware is.
00:10:25Good.
00:10:27And which firmware.
00:10:27We are going to use.
00:10:28Throughout our course.
00:10:29We will see this.
00:10:30These things in our.
00:10:31Next video.
00:10:35So in our previous video.
00:10:36We installed.
00:10:38The desktop.
00:10:38And mobile application.
00:10:39For flipper zero.
00:10:40And we have seen.
00:10:41The default firmware.
00:10:43Which comes with flipper zero.
00:10:44In this video.
00:10:45We are going to see.
00:10:46Some other variants.
00:10:47Available in the market.
00:10:49Regarding firmware.
00:10:49So why we are updating.
00:10:51The firmware.
00:10:52Because the default.
00:10:53Firmware.
00:10:54Which comes with flipper zero.
00:10:56Don't allow you.
00:10:57To use this.
00:10:58Device on its.
00:10:59Full potential.
00:11:01So that's why.
00:11:02We are updating the firmware.
00:11:03So there are different.
00:11:04Firmwares in the market.
00:11:06Which allow this device.
00:11:07To use on its.
00:11:08Full potential.
00:11:10So there are three variants.
00:11:11Which are very popular.
00:11:13There is.
00:11:14Rogue master firmware.
00:11:15Unleashed firmware.
00:11:16And extreme firmware.
00:11:17So you can use.
00:11:19All three.
00:11:21Firmwares.
00:11:21Any of these.
00:11:22Firmware.
00:11:23Whichever.
00:11:23You like.
00:11:25But throughout this course.
00:11:26We are going to use.
00:11:27This rogue master firmware.
00:11:29And the reason is.
00:11:30They update the firmware.
00:11:32Very frequently.
00:11:34So that's why.
00:11:34We are going to use.
00:11:35Their firmware.
00:11:36So let me show you.
00:11:38All these.
00:11:39Three firmwares.
00:11:39And how to update your.
00:11:41Flipper zero device.
00:11:43With these firmwares.
00:11:45So.
00:11:46Let me just.
00:11:48Go.
00:11:49On these links.
00:11:51So let's just start.
00:11:52With rogue master.
00:11:54So over here.
00:11:56This is the link.
00:11:57And you have to go.
00:11:59Over here.
00:12:00In assets.
00:12:02So over here.
00:12:03You can see.
00:12:04Tgz file.
00:12:06So this is the.
00:12:07Firmware.
00:12:07So let's just download.
00:12:08This firmware.
00:12:09And over here.
00:12:09You can see.
00:12:10This firmware.
00:12:11Is updated.
00:12:12Three days ago.
00:12:14So let me download.
00:12:15In the.
00:12:17Firmware folder.
00:12:20And then there is.
00:12:22Unleashed firmware.
00:12:24So if you want to use.
00:12:25Unleashed firmware.
00:12:26All you have to do.
00:12:27Is you have to go.
00:12:28To this.
00:12:29GitHub link.
00:12:30And then.
00:12:31Releases.
00:12:34And over here.
00:12:35You can see.
00:12:36The firmware.
00:12:37So make sure.
00:12:38You download.
00:12:38The Tgz file.
00:12:40Right.
00:12:40So over here.
00:12:41You can see.
00:12:41The scripts file.
00:12:43And SDK file.
00:12:44So you.
00:12:45We don't need.
00:12:45These files.
00:12:47We need.
00:12:48This update.
00:12:49Unleashed.
00:12:50And the version.
00:12:51Dot Tgz file.
00:12:52Right.
00:12:53And we also.
00:12:54Don't need.
00:12:55These zip files.
00:12:56And other.
00:12:57Other.
00:12:57These files.
00:12:58So this is.
00:12:58The firmware.
00:13:00Similarly.
00:13:01You can download.
00:13:01The extreme.
00:13:02Firmware.
00:13:03As well.
00:13:03So.
00:13:04Similarly.
00:13:04You have to go.
00:13:05Over.
00:13:06Release.
00:13:09And.
00:13:09You can download.
00:13:10This.
00:13:11Tgz file.
00:13:13Right.
00:13:14And you can see.
00:13:15This.
00:13:15Extreme.
00:13:16Firmware.
00:13:16Is updated.
00:13:18On.
00:13:18September 1st.
00:13:20And.
00:13:21This.
00:13:22Unleashed.
00:13:23Firmware.
00:13:23Was updated.
00:13:25Two weeks ago.
00:13:26So.
00:13:27Our firmware.
00:13:28Is downloaded.
00:13:29Let's just.
00:13:29Open our app.
00:13:31So.
00:13:31We are.
00:13:32Controlling.
00:13:32Our.
00:13:33Device.
00:13:34Our flipper.
00:13:34Zero.
00:13:35With our.
00:13:36App.
00:13:37So.
00:13:37Let me.
00:13:37Just.
00:13:38Go.
00:13:38Back.
00:13:40And.
00:13:40You have to.
00:13:41Over here.
00:13:42You can see.
00:13:42Install.
00:13:43From file.
00:13:43So.
00:13:44You have to.
00:13:44Click.
00:13:44Over here.
00:13:46And.
00:13:46You have to.
00:13:46Go on.
00:13:47The folder.
00:13:48In which.
00:13:48You have.
00:13:49Downloaded.
00:13:49This.
00:13:50Firmware.
00:13:51And.
00:13:51All.
00:13:51You have to.
00:13:52Do is.
00:13:52You have to.
00:13:52Just select.
00:13:53This.
00:13:54And.
00:13:55Install.
00:13:57And.
00:13:57It will.
00:13:58Start.
00:13:58Installing.
00:13:59The.
00:13:59Firmware.
00:14:00So.
00:14:00It.
00:14:01It might.
00:14:01Take.
00:14:02A few.
00:14:02Minutes.
00:14:03To install.
00:14:25All right.
00:14:25So the firmware is updated.
00:14:27So all you have to do is you have to plug in your device.
00:14:32One more time.
00:14:32So you have to plug out and plug in your device.
00:14:38And over here you can see success and continue.
00:14:42And now over here you can see the firmware version.
00:14:45And the build a date.
00:14:49And all the other details as well.
00:14:52And over here you can see the animation is also changed.
00:14:58Right.
00:15:00So over here you can see all the options.
00:15:04NFC.
00:15:06IR remote.
00:15:07I button.
00:15:08U2F.
00:15:10And settings.
00:15:11And bad USB.
00:15:12So these are all the options.
00:15:14But now these options.
00:15:15These all technologies are fully advanced.
00:15:17And we can use this device on its full potential.
00:15:20Which we are going to see in our coming videos.
00:15:24So this is how you can update your firmware in your flipper zero device.
00:15:30So in this section we are going to talk about NFC and RFID.
00:15:35So let's just start with the introduction and the differences
00:15:38between NFC and RFID.
00:15:41So NFC, the full form of NFC is near field communication.
00:15:46And full form of RFID is radio frequency communication.
00:15:49And both are wireless communication technologies.
00:15:52But they serve a different purpose and have some key differences.
00:15:56So let's just talk about these differences first.
00:15:59Starting with the range.
00:16:01So NFC operates over a very short range,
00:16:04short distance, typically up to 4 centimeters,
00:16:08which is about 1.5 inches.
00:16:10And it is designed for close range communication.
00:16:14On the other hand,
00:16:15RFID can operate over a wider range,
00:16:17depending on the specific frequency and technology used.
00:16:21RFID system can range from few centimeters to several meters,
00:16:25and even longer.
00:16:29Then there is communication type.
00:16:31NFC.
00:16:32So NFC is not a different technology.
00:16:35NFC is a subset of RFID.
00:16:37And it's a two-way communication technology.
00:16:40Devices can both send and receive data.
00:16:43So making it suitable for applications like mobile payments and
00:16:47pair-to-pair data transfer.
00:16:50RFID typically operates in a one-way communication mode.
00:16:55So RFID tags store data that can be read by RFID readers.
00:17:00But the tags themselves don't actively initiate the communication.
00:17:05Then the use cases.
00:17:08So NFC is commonly used for contactless payment systems like
00:17:12mobile wallets, Apple Pay, access control systems,
00:17:16key card readers, and data exchange between smartphones and other devices.
00:17:22RFID is used for a wider range of applications,
00:17:25such as tracking and identifying objects,
00:17:28inventory management, supply chain tracking, and access control.
00:17:32So these are some use cases of NFC and RFID.
00:17:37Then there is the frequency difference.
00:17:40So NFC operates at 13.56 MHz frequency.
00:17:45And it is a standard frequency.
00:17:47There is no other frequency for NFC.
00:17:49Right?
00:17:49So this is the only frequency on which NFC operates.
00:17:53And RFID system can operate at various frequencies,
00:17:57including low range frequency, high range frequency,
00:18:00and ultra high range frequency, depending on the application and requirement.
00:18:06Then the important thing is security.
00:18:09So NFC is designed for secure communication.
00:18:12So making it suitable for applications like mobile payments and contactless payments.
00:18:19So NFC is more secure.
00:18:21On the other hand, RFID is not that much secure.
00:18:25So in summary, NFC is a subset of RFID and it is optimized for close range two-way communication
00:18:33and commonly used for applications like mobile payments and pairing devices.
00:18:39RFID, on the other hand, can be used for broader range of applications and technologies depending on the
00:18:45requirement.
00:18:46So in this course, we are going to focus on NFC because it's a subset of RFID and it's more
00:18:55secure.
00:18:56And since we talk about the two-way communication and the contactless payment,
00:19:02so we will see all these things in NFC. So we will focus on NFC.
00:19:07So if you want to learn more about NFC and RFID programming and RFID technology,
00:19:12there is a complete course on RFID programming and security masterclass.
00:19:17We have talked about RFID and NFC in very detail in this course.
00:19:21So if you are interested in this course, you can just check out this link over here.
00:19:27And we also talked about Proxmark 3, which is a robust tool for RFID, checking RFID security.
00:19:38So if you want to learn more about RFID programming and how you can implement RFID
00:19:43and how you can make it secure and how you can get the RFID security, there is a complete course
00:19:48on it.
00:19:50So in our next video, we are going to take Flipper0 and try to read NFC and RFID cards
00:19:56and see how we can crack the security of NFC. Thank you.
00:20:00So in this video, we are going to read NFC and RFID cards.
00:20:04So let's just start. And over here, I'm using RogueMaster firmware.
00:20:11So let me go in NFC section and let's just try to read.
00:20:20And over here, you can see different NFC and RFID cards.
00:20:24We are going to talk about these cards in a moment.
00:20:26So let's just start with this card and let's just put it on the back of Flipper0.
00:20:32And as you can see, it has started reading this card.
00:20:38And I can stop.
00:20:39So it's doing a dictionary attack on this card and trying to read all the blocks in this card.
00:20:46So let me just stop and let me show you the UID.
00:20:51So let me just focus.
00:20:55And over here, you can see that this is a Mayfair Classic 1K card.
00:20:59And over here, you can see the UID as well.
00:21:02So Mayfair Classic cards are NFC cards.
00:21:06This is our type of card.
00:21:07And you can learn more about this card in our RFID programming course.
00:21:13So let me just stop and exit.
00:21:24And let's just try to read this card as well.
00:21:31And this time, we are going to use apps.
00:21:36And over here, you can see different sections in apps as well.
00:21:40So there is NFC as well.
00:21:45And we can feed cards.
00:21:48So let's just try to read this card.
00:21:57And over here, you can see it's also a Mayfair Classic card.
00:22:02And at the bottom, you can see key found 29 out of 32.
00:22:07And sector read 15 out of 16.
00:22:10So let's just stop this card as well for now.
00:22:14And over here, you can see the UID of this card.
00:22:17And let's just go in more section.
00:22:20And over here, you can see the option to save this card data.
00:22:24Emulate.
00:22:25We will go emulate in our coming videos.
00:22:28So let's just save the data for now.
00:22:33And let's just
00:22:38we can name it anything.
00:22:40So let me name it
00:22:55let's just save the data.
00:23:00So this card is saved now.
00:23:02Over here, you can see.
00:23:03So we can emulate data.
00:23:05And we can also write this data.
00:23:08So let me show you another type of card.
00:23:14And over here, you can see this is a magic card.
00:23:18So magic cards are different from these NFC cards.
00:23:23They are similar in a way that these are also Mayfair cards, classic cards.
00:23:28But in normal Mayfair cards, you cannot change the UIDs.
00:23:33But these cards, the magic cards, you can change the UIDs as well.
00:23:38And we can save the data from this card to these magic cards.
00:23:42So let me show you.
00:23:44So let's just first try to read this card.
00:23:54And over here, you can see.
00:23:59So over here, you can see this is a Mayfair classic card.
00:24:02And the UID you can see 01020304.
00:24:07And let's just exit.
00:24:11And let me show you another script.
00:24:16Over here, you can see NFC magic.
00:24:21So let's just go over here and let's just check this card.
00:24:27So as you can see, this is a magic card.
00:24:32And if you go in more, you can see we can write and we can also wipe the data from
00:24:38this card.
00:24:38So let's just try to write the data first.
00:24:41So we have saved this card, MK01.
00:24:45So let's just try to write this card.
00:24:50And let's just do continue.
00:24:53And it says write success.
00:24:56So let's just check.
00:24:57Now let's just try to read data.
00:25:06Now let's just go in apps again.
00:25:12And let's just try to read this card now.
00:25:19And let's just stop.
00:25:21So as you can see, the UID is changed.
00:25:27Over here, you can see the UID of this card is changed.
00:25:30And the sector data is also changed.
00:25:34See?
00:25:35So we can write these cards.
00:25:39And let's just exit.
00:25:42And let's just check this card one more time.
00:25:47And we can wipe data.
00:25:50So let's just try to wipe data.
00:25:54Wipe success.
00:25:55And now let's just try to read data.
00:26:05And as you can see, again, the UID is changed in these cards.
00:26:11So these are magic cards.
00:26:13We are going to use these cards in our coming videos to break the security.
00:26:18And over here, this is a credit card.
00:26:23And we can also, as we discussed.
00:26:30As we discussed, NFC is also used in contactless payment systems.
00:26:35So let's just try to read this card.
00:26:39This credit card.
00:26:41And let's just go in NFC again.
00:26:46And let's just go in NFC script.
00:26:50And let's just try to read.
00:26:52So as you can see, we can read this card.
00:26:55So this is an expired card.
00:26:57It's not in use.
00:26:59So, but we can use this flipper zero to read the contactless payment cards as well.
00:27:08So RFID enabled cards or NFC enabled cards, we can easily read data.
00:27:12And we can read the card number as well, as you can see, and expiry date as well.
00:27:18And we can again save this information.
00:27:21And we can save this information and we can emulate this information as well.
00:27:26See, we can emulate this data as well.
00:27:29So we will see emulation in our coming videos.
00:27:32So this is how we can read this contactless payment cards as well.
00:27:36Even we can read these cards from the wallets as well.
00:27:38Let me show you.
00:27:39So let me put this card in the wallet.
00:27:45So let me put it over here.
00:27:51And now let's just try to read data from these cards.
00:28:02See, we can read data from the wallets as well.
00:28:08So this is how we can read data from NFC and RFID cards.
00:28:13And in our next video, I'm going to also show you how you can protect your
00:28:19credit cards and debit cards from these type of attacks.
00:28:22So in our next video, we are going to talk about how we can stop
00:28:27these attacks and how we can protect our cards.
00:28:32So in our previous video, we have seen how we can read NFC and RFID cards.
00:28:38And we have seen how flipper zero can be dangerous
00:28:41in reading contactless payment cards.
00:28:43So in this video, we are going to talk about how we can secure our debit and credit cards.
00:28:49So over here, you can see these are the cards which we can read.
00:28:54So let me just go in NFC again and just okay, it's just crashed.
00:29:04So let me just reset it and let's just try to read the card and let's just try to read
00:29:23the card.
00:29:28So as you can see, we can read these cards.
00:29:31Let's just exit and to secure these cards, these debit and credit cards and all the NFC cards,
00:29:43we can use these RFID protection shields and we can put our cards into it and we can make our
00:29:51card
00:29:51secure. So let me show you in a moment. So let's just put this card.
00:29:59Right. Oh, so this card in this shield protection cover. And now let's just try to read this card.
00:30:08Let's just go in NFC and let's just try to read. So as you can see, I have just placed
00:30:16this card
00:30:17at the bottom of flipper zero, but flipper zero cannot read this card.
00:30:29Right. So these are the protection covers, which you can use to secure your debit and credit cards.
00:30:41So make sure you use these protection covers nowadays to make your cards secure. Thank you.
00:30:50So this is our NFC reader, which we created using Arduino Uno. And this is the module
00:30:57for NFC reader, which is PN532. And over here, you can see a few basic things like OLED and buzzer.
00:31:04So this is a module which we have created to check the security using our flipper zero. So I'm going
00:31:12to
00:31:12show you how you can create this module in the next video. For now, I'm just going to give you
00:31:17the demo,
00:31:19how this module works. So let's just let's just start. So over here, you can see our cards, NFC based
00:31:27cards, and we have programmed cards in this module using Arduino. So a few of few of the cards are
00:31:36valid
00:31:36and few of the cards are invalid. So let's just see. So let's just start with this card. So you
00:31:43have to
00:31:44bring the card near to this module. So over here, you can see and in the LED, you can see
00:31:54that this is a valid card.
00:31:58Let me try this card. This is a magic card.
00:32:05And this card is invalid, as you can see. Let me try this card.
00:32:13This is also invalid. And we have also programmed our contactless payment card, which is our credit card
00:32:21in this NFC reader. So let's just try this card as well.
00:32:30And as you can see, this is a valid card.
00:32:34So these are few cards which we have programmed. So these type of modules are basically installed
00:32:40where you see NFC or RFID security in attendance system or other RFID system. These type of modules
00:32:49are basically installed. So this is a demo module with very basic things. But usually these are the
00:32:56modules which RFID programmers use to program RFID systems. So in our coming videos, we are going to
00:33:04see how we can bypass the security of this NFC reader. And in our next video, we are going to
00:33:11see
00:33:11how we can create this NFC reader. Thank you. So now we are going to see how we can create
00:33:19this basic NFC reader.
00:33:21So the module we are using is PN532. And over here, you can see the sketch diagram.
00:33:31Zoom out. So over here, you can see the sketch diagram. So we are using Arduino Uno with this PN532
00:33:38module.
00:33:38And over here, we are using some basic things like OLED and breadboard and buzzer.
00:33:46So these are the required component for creating this basic NFC reader.
00:33:52So let me go through the code. The code is very easy. So let me zoom in.
00:34:00So over here, we are including few libraries for PN532 and for OLED. Then over here, we are doing the
00:34:10display setting for our OLED. And we are also defining the pin for the buzzer. Over here, we are doing
00:34:21the
00:34:21setup of our PN532 module. Then in our setup function, first, we are initializing our PN532 module.
00:34:31And over here, we are initializing our LED and then our buzzer. Then in loop function, we have readNFC function.
00:34:42And in readNFC function, first, we are defining two variables, UID for the UID and UID length for the length.
00:34:52Then we are grabbing the UID from the card over here. Then over here, this is the tag ID, which
00:35:02is the UID.
00:35:03We are hard coding two UIDs. Over here, you can see you can hard code your own UID over here.
00:35:10And if these are the two UIDs, then we are calling the valid UID function, else we are calling the
00:35:15invalid UID function. So this is a very simple code. And in valid UID function, we are printing valid UID
00:35:25UID on the OLED and we are just doing the buzzer. Similarly, in invalid UID, we are printing invalid UID
00:35:33and we are again doing the buzzer. So this is a very simple code. You can go through this code.
00:35:39And if you want to create your own NFC module, I have also provided the documentation, which you can go
00:35:46through. You can find this documentation in the resources file. And I'll also provide this sketch
00:35:52diagram as well as this code. So you can create this module very easily. So this is the documentation,
00:35:58which you can go through. This is a very simple NFC reader. You have a basic Arduino experience
00:36:05to create this NFC module. So this is the documentation. In our next video, we are going to
00:36:12use the same NFC reader and we are going to use our flipper zero and we will see how we
00:36:17can bypass
00:36:18the security of this NFC reader. Thank you. So now we are going to see how we can bypass the
00:36:26security
00:36:26of these type of NFC readers. So let's just start. So this was our valid card. Let me try one
00:36:36more time.
00:36:39As you can see, it's printing valid UID and it's also printing the UID.
00:36:44So what we can do is we can use our flipper zero
00:36:50and we can go in NFC and first we can read this card. Let's just read
00:37:06and let me stop
00:37:12and over here you can see the UID and the card and let's just save this data.
00:37:24Let me name it
00:37:33MM01
00:37:34and let's just save this data and now this card is saved. Now what we can do is we can
00:37:41emulate this card.
00:37:43So let's just do emulation and then I will when I will bring this flipper zero near to this reader
00:37:52you will see that it will make it valid.
00:38:11So this is how we can use our flipper zero to bypass the security of any NFC reader using
00:38:24the security of the same NFC reader. Thank you. So now we are going to see how we can bypass
00:38:37the security
00:38:37of this NFC reader using our magic card. So this is our magic card and let me show you this
00:38:43magic card.
00:38:47So over here you can see this card is invalid and now we are going to use our flipper zero
00:38:54and we will write this card with the valid card. So let me just go in apps
00:39:08NFC, NFC and then NFC magic and let's just check this card. So as you can see magic card detected.
00:39:18Let's just go in more and let's just write
00:39:31So this was the card which we saved in our previous video. So let me just write this card
00:39:42and write success. So let me just put flipper zero aside
00:39:50and now let's just try this card and as you can see it's doing the valid card and also printing
00:39:59the UID
00:40:00which is changed. So this is our magic card and we can use these type of cards
00:40:06to bypass the security of these type of readers. Let me try one more time
00:40:12and this card becomes valid. Now let's just wipe out the data from this card and we will try it
00:40:19one more time. So let me just go in apps
00:40:31NFC, NFC magic. Let's just check this card and let's just wipe out the data
00:40:39and success. Now let me try this card one more time
00:40:50and again this card become invalid. So this is how you can use flipper zero and magic card to bypass
00:40:57the security of these type of NFC readers. Thank you.
00:41:03In this section we are going to talk about sub gigahertz. So sub gigahertz refers to the frequencies
00:41:11that are below one gigahertz on electromagnetic spectrum. So electromagnetic spectrum encompasses
00:41:18a broad range of frequencies starting with a very low frequency and going to extremely high frequency.
00:41:25So many remote control devices like garage door openers, car key fobs and other short range
00:41:32communication devices operate in this sub gigahertz frequency range. Sub gigahertz frequency provides
00:41:40better penetration through obstacles like walls and have longer communication ranges compared to
00:41:45higher frequency band. So in flipper zero, the flipper zero device is integrated with multi-band antenna
00:41:54and there is a chip which is CC1101 chip which is a transceiver chip. So CC110, CC1101 supports a wide
00:42:06range of frequencies in sub gigahertz range starting with 300 megahertz and going to 928 megahertz. So this is
00:42:16a very broad range of frequencies covered with this chip. So what things come under this frequency range?
00:42:26There are many things which come in this sub gigahertz frequency range starting with wireless sensor networks.
00:42:33Many wireless sensor networks which are designed for long range communication in industrial settings and
00:42:41environmental monitoring uses this sub gigahertz frequency range. Many IoT devices, Internet of
00:42:47Think devices also uses this sub gigahertz frequency. Certain amateur radio bands also operate in sub gigahertz frequency.
00:42:59As we talk about remote controls, so many remote control systems like garage door openers, car key fobs,
00:43:06wireless doorbells, wireless doorbells also operate in this sub gigahertz frequency range.
00:43:12There are certain wireless microphone systems which also comes under sub gigahertz range.
00:43:19Industrial automation, wireless communication in industrial automation, process control and
00:43:26monitoring systems also uses this sub gigahertz frequency range and nowadays they are smart meters.
00:43:33So utility companies uses these smart meters and they also embed a sub gigahertz frequency
00:43:41to check the electricity and gas bills using these smart meters. So there are many things in which
00:43:50this sub gigahertz frequency comes. So sub gigahertz frequency is a broad topic but right now we are just
00:43:57going to cover it according to the flipper zero. But it's a very interesting and very broad topic
00:44:03there are so many things in this topic when it comes under the umbrella of ethical hacking. So we have
00:44:09specialized courses designed for just for these frequency ranges and there are many other tools which we
00:44:15have covered in these courses like HackRF1, RTL-SDR, Lime-SDR, even Raspberry Pi. So this is a very broad
00:44:28topic
00:44:28and if you want to learn more about sub gigahertz frequency and how these wireless devices operate.
00:44:35So we have a series of courses which you can check out. And in our next video we are going
00:44:43to see
00:44:44a frequency analyzer in flipper zero and then we are going to take it from there. Thank you.
00:44:52So in this video we are going to look at frequency analyzer. So let me go in main menu and
00:44:59sub gigahertz
00:45:03and over here you can see frequency analyzer. So let's just click on it with the middle button
00:45:09and over here you can see a spectrum. So frequency analyzer is just like a spectrum and on this
00:45:17spectrum you will see all the frequencies which are in your vicinity. So let me show you in a form
00:45:24of example. So I have three different wireless devices. So let's just start with the wireless switch.
00:45:33So let me press the wireless switch and you will see the frequency over here in the frequency analyzer.
00:45:43Let me press on. So as you can see the frequency and let's just do off and again you can
00:45:53see the
00:45:54frequency. So this is a frequency analyzer and we can do the wireless doorbell as well.
00:46:02Let me do it one more time. So you can see the frequency as you can see the frequency over
00:46:07here.
00:46:08Let's just do it one more time.
00:46:13See you can see the frequency. So this is a wireless doorbell.
00:46:18There is another thing through which you can find the frequency. Let me go up and there is read.
00:46:28So read is a frequency hopper. So it will hop different frequencies. Over here you can see
00:46:34it's hopping frequency right now. So what we can do is we can also find frequency using this frequency hopper.
00:46:40So let me press the wireless doorbell one more time and you will see the frequency.
00:46:48See? Let's just do it one more time. And at the bottom you can see it's still hopping the frequencies.
00:46:54So let's just do it one more time. And you can see the frequency.
00:47:01So these are the two methods through which you can find different frequencies. There are certain cases
00:47:08in which these two scripts don't work. So let me show you. Let me exit and let's just go in
00:47:15frequency
00:47:16analyzer one more time. And this is my car key. So let me try my car key as well.
00:47:24So as you can see there is no result on frequency analyzer. Right? And if I'll go back and go
00:47:35in
00:47:38read in frequency hopper. Let's just try frequency hopper as well.
00:47:46So as you can see there is no result. So in these type of cases what you can do is
00:47:52you can go in apps
00:47:56and there is sub gigahertz folder and in sub gigahertz folder there is spectrum analyzer.
00:48:07So in spectrum analyzer you can analyze the frequency. But for using spectrum analyzer there are cases in
00:48:15which you need to know the bracket of your device means you need to know the frequency in which your
00:48:23device could lie. So basically you don't need to know the exact frequency but you should know
00:48:28where this device could lie. Right? So this car key is around 315. So let me go in 315.
00:48:39Put the button over here and let's just go in 315.
00:48:48Right? And let me select the narrow band. So using the middle button you can select the
00:48:54bands. So ultra narrow, precise, ultra wide, wide and narrow. So let me go around 315.
00:49:07From 311 till 315. Now let's just try our car key one more time.
00:49:15Let me press and over here you can see the peak. Let's just try one more time.
00:49:21So you can see the peak peak is around 312. So let's just do it one more time.
00:49:29So it's around 312.14. Let's just try it one more time.
00:49:45So it's 312.2 or 1. Right? So this is how you can use spectrum analyzer. So in our next
00:49:54video,
00:49:55we are going to see how we can do capture and replay attack. So in capture and replay attack,
00:50:01what we will do is we will first capture the frequency of the device and then we will use our
00:50:06flipper zero to replay that frequency. Thank you.
00:50:12So now we are going to do capture and replay attack. So let's just start and let me go in
00:50:18sub gigahertz
00:50:19one more time and frequency analyzer. And let's just start with our wireless switch.
00:50:27So let me press the switch button one more time.
00:50:35And you can see the frequency and let me turn off. And again, you can see the frequency.
00:50:43So let me put it over here. And what you can do is once you get the frequency, you can
00:50:49press the middle
00:50:50button. So it will lock this frequency, right? So let me press the middle button and you will see
00:50:56LED and this frequency is locked. Now, what you can do is you can go back
00:51:02and then you have to go in read raw
00:51:07and then you have to go in config with the left button. And over here, you can see this frequency.
00:51:13You don't need to change this frequency, but you can see this frequency. And of course, you can change
00:51:18this frequency. But over here, you don't need to change this frequency because we already got the
00:51:22correct frequency. So what you can do is you can go in modulation and you have to make sure your
00:51:28modulation is AM270. And you can turn on the sound or it's your choice. You can turn it off. And
00:51:36the
00:51:36three shot value should be minus 80, right? So this is the configuration of your capturing file.
00:51:46And now what we can do is we can press the record button with the middle and it will start
00:51:52recording
00:51:53the frequency. Now, let me press the button one more time. So as you can see, it's recording the
00:52:00frequency, right? And let me press the turn off. So it's turned off. And now what we can do is
00:52:13we can do
00:52:14stop and we can save this frequency. We can erase this frequency and we can replay this frequency.
00:52:21So let's just do the replay attack first. So as you can see, it's doing turn on and turn off.
00:52:31So you can see the switch is over here. The remote is over here. And again, let me do the
00:52:38replay attack one more time. So turn on and turn off. So this is how you can use a frequency
00:52:47analyzer
00:52:49and this redraw to capture and do a replay attack. In our next video, we will do the replay attack
00:52:55on
00:52:56our wireless doorbell. Thank you. So now we are going to do the attack on wireless doorbell. So let's
00:53:04just go in sub gigahertz and this time we will use frequency hopper. So let's just do read and let
00:53:14me
00:53:15press my wireless doorbell key and you can see the frequency. Let's just do it one more time
00:53:26and again, you can see the frequency. So let me put it over here so you can see the button
00:53:31button and what you can do is you can just click on the middle button
00:53:38and over here you can see the send option. So let's just do send
00:53:47and you can see the doorbell. So let me do it one more time.
00:53:54See and you can save this frequency as well. You can see the save option with the right button. So
00:54:00let's
00:54:01just do it one more time. So this is how you can use frequency hopper to hop the frequency and
00:54:09you can
00:54:10directly use frequency hopper to send the frequency as well. Thank you.
00:54:18So now let's just capture the frequency of our car key as well. So let's just go in
00:54:24apps this time we have to go in spectrum analyzer. So we'll go in sub gigahertz folder and there is
00:54:33spectrum analyzer and let's just go in the frequency bracket which is around 312.
00:54:4312 and let me select narrow band and now let me press the car key so that we can see
00:54:59the frequency.
00:55:04So it's around 312. Let's just do it one more time so you can see the peak so it's around
00:55:10312. So we can exit
00:55:16spectrum analyzer and then we can go in sub gigahertz and redraw and now in configuration we have to set
00:55:25the
00:55:25frequency manually. So let's just set the frequency which is around 312 and let's just pick 312.20
00:55:39and let's just start recording and now let me press my car key. So over here you can see the
00:55:48peak and let
00:55:50me unlock the car as well. So this is unlock and this is lock. So this is how you can
00:55:59capture the
00:55:59frequency of your car key as well and of course if I will do a replay attack this will also
00:56:04work.
00:56:05So this is how you can do a capture and replay attack on your different radio devices. Thank you.
00:56:15In this section we are going to start with external modules. So external modules are connected with
00:56:23GPIO pins. So over here you can see these are the GPIO pins and GPIO sends for general purpose input
00:56:30output pins. So basically we can connect different external modules with our flipper 0 and we can
00:56:37extend the functionality of our flipper 0. So we are going to use two different modules in this section.
00:56:44The first module is this Wi-Fi board which comes with flipper 0. Basically you can purchase it with flipper
00:56:530
00:56:54from the same site on which you can find this flipper 0. So this is our Wi-Fi module board
00:57:01and we can connect
00:57:02this port with our flipper 0 like this and then we can use this Wi-Fi module to check the
00:57:14security of our Wi-Fi networks and we can do the penetration testing on our Wi-Fi networks. So this
00:57:20is our Wi-Fi module board and we can connect other modules as well with these pins. So this is
00:57:28a great
00:57:28way of extending the functionality of our flipper 0. So first of all as I told you we are going
00:57:37to use
00:57:38this Wi-Fi module. So first of all we have to install the firmware on this port. So in our
00:57:43next video,
00:57:44we are going to see how we can install the firmware in this Wi-Fi board and then we will
00:57:50use this port
00:57:52with our flipper 0 and we will do some penetration testing on our Wi-Fi networks. Thank you.
00:58:00So in this video we are going to install Marauder firmware in our Wi-Fi board flipper 0 Wi-Fi
00:58:07board.
00:58:08So let's just start. So before starting your Kali Linux, by the way we are using Kali Linux
00:58:14for installing this Marauder firmware. So before starting your Kali Linux in your virtual machine,
00:58:19first you have to make sure your board is automatically get connected with your Kali machine.
00:58:25So first we are going to do this. So you have to go in settings and over here in USB,
00:58:33you will see that this ESP32 board is added over here. So let me show you how you can add
00:58:39this board.
00:58:40Let me remove this. Sorry. And just remove this. So what you have to do is you have to hold
00:58:51the boot
00:58:52button on your flipper 0 Wi-Fi module and then you can connect it with your laptop like this and
00:59:02just
00:59:03release the boot button and then you go on this plus sign, you will see this board. So let me
00:59:11add this board.
00:59:13So this board is added
00:59:23So now this board is connected with our virtual machine. Now whenever we will connect this board
00:59:29with our laptop, it will automatically get connected with our Kali Linux machine. So it will not connect
00:59:35with our physical machine. It will directly connect with our Kali machine. So let's just remove this board
00:59:40now. And now let's just start our Kali machine. So let's just open the terminal.
01:00:11And let me do zoom so you can see clearly.
01:00:22Let's just first do sudo su
01:00:26and type our password. Let's just clear out and we will do git clone
01:00:32and we will use this link to download the broader firmware. So I will provide this link in the
01:00:39resources file. So you have to just do git clone and use this link to download the firmware.
01:00:44So I have already downloaded this firmware. So let me go in this directory
01:00:51right. And over here, let's just do ls.
01:00:55So over here first you will see this requirement dot txt file. So first we have to download all the
01:01:01requirements. So for that we will use pip3 install
01:01:10requirements dot txt file. Let's just hit enter.
01:01:28So it will download all the requirements. So all the requirements are downloaded and let's just clear
01:01:40out. And now there is a tricky part to connect your board with your machine. So this is how you
01:01:48have to connect your board. So first you have to hold the boot button and keep it pressed and then
01:01:55you
01:01:55have to connect it with your laptop like this. And then you have to press the reset button one time.
01:02:05And then you can release the boot button. So this is how you have to connect your
01:02:10Wi-Fi module with your system. Otherwise it will not install the firmware correctly. Now let's just type
01:02:21item 3 and easy install dot py.
01:02:30Let's just hit enter. And over here you will see lots of options but we will only
01:02:35consider the first option flash modulator firmware on our Wi-Fi board. So let's just select the first
01:02:42option and let's just hit enter. So it's downloading the firmware. Sorry it's flashing the firmware.
01:03:03So as you can see the marauder firmware is flashed in our Wi-Fi module. So now we can disconnect
01:03:10this
01:03:10port with our laptop. And in our next video we are going to use this port with our flipper 0
01:03:17and see
01:03:18what types of Wi-Fi attacks we can do on Wi-Fi networks. Thank you. So now I have connected
01:03:27my Wi-Fi module
01:03:28with my flipper 0. So let's just start with the evil portal attack. And by the way for this Wi
01:03:37-Fi module
01:03:38section I'm using extreme firmware because recently extreme firmware has a great update for this Wi-Fi
01:03:45module. So that's why I'm using extreme firmware. And you can by the time you will see this video
01:03:52chances are rogue master will also have this update. But now right now extreme firmware has a great
01:03:59update for this Wi-Fi module board. So that's why I'm using extreme firmware. And you can switch
01:04:04firmwares right. So I have already shown you how you can install different firmwares on this flipper 0.
01:04:10So according to your requirements and according to the updates in different firmwares you can change
01:04:17the firmware right. So it's very easy to you know switch the firmware in flipper 0 which I have shown
01:04:22you in my previous section. So you can switch the firmware anytime. So for this section we are going
01:04:29to use extreme firmware. So let's just start with the evil portal attack. So let me go in apps
01:04:40and Wi-Fi and over here you can see there is a Wi-Fi folder complete folder in apps and
01:04:47over here you
01:04:47can see this is a Wi-Fi folder and in this folder you will see evil portal. So what is
01:04:54a evil portal attack?
01:04:55So for those who don't know about evil portal. So evil portal is a type of attack in which we
01:05:00create
01:05:00a fake access point. So it looks like a legitimate access point but it's a fake access point.
01:05:09And whenever any user connects with connect with this fake access point it will ask for
01:05:15certain type of information which we can use. So it will ask for the password, it will it can ask
01:05:21for
01:05:21your Facebook password, it can ask for your Gmail email and password. So this is all type of things
01:05:28it can ask to use the internet basically. So it will make more sense once you will see this attack
01:05:35in
01:05:35action. So let's just start. So let me go in evil portal and over here you can see start portal
01:05:42and
01:05:43there are a few other options. So we can set the name of our access point. So I have just
01:05:50named it
01:05:51three Wi-Fi one to one. You can change the name right. So let's just save it and we can
01:06:00change the
01:06:02HTML as well. So we will come on the HTML in a moment. So let's just start the portal first
01:06:11and let's just click on start portal. So it has started the portal and if you will start this portal
01:06:19and you will go in any Wi-Fi device you will see this free Wi-Fi one to one. So
01:06:23let me show you in my phone.
01:06:30So if I go in my Wi-Fi over here you can see free Wi-Fi one to one and
01:06:38as soon as I'll connect
01:06:43you see it is asking me for my Gmail account right. So over here you can see this is this
01:06:52is my
01:06:53this is a Gmail page. It looks like a legitimate page but it's a fake page. So whatever information I'll
01:06:58enter
01:07:00like
01:07:20whatever password I will enter. You will see that password and email over here.
01:07:27this is how this uh access point this fake access point works. So this is an evil portal attack. So
01:07:35let me
01:07:37turn off this portal. So we have to go back and let's just do stop
01:07:50and over here you can see select HTML. So you can select this basic extreme
01:07:58HTML which is provided or you can choose your own HTML page as well. So there are links on which
01:08:06uh you can go and download these pages. So I will provide the uh resources for this
01:08:12html pages on which you will see different pages. So let me show you. So I have just created a
01:08:17folder in my
01:08:21apps assets folder and over here you can see portals. So over here you can see different pages.
01:08:26So like Amazon, Apple, AT&T and like uh this fake hack, modern uh google modern and this index page.
01:08:39So these are all different pages uh which you can download. So I will provide the link for these
01:08:45uh pages. So you can download this in your uh flipper0 in any folder.
01:08:51So it's very easy to download. So you just have to go over here
01:08:56uh in in files and you can select azri card and you can just drag and drop this folder.
01:09:03So I have just downloaded it in portals right and you can change the page as well. So let me
01:09:10show you
01:09:10the basic page. So let me just go uh let's just sure. So let me just go
01:09:20in select html and let's just select the basic html page and now let's just change the name of our
01:09:28access point as well. So let's just name it free wi-fi
01:09:3828. Right and let's just save and let's just start the portal.
01:09:50And if now we will see in our phone you will see that wi-fi name is changed and it's
01:09:57free wi-fi 28.
01:09:58Let's just click on it. So it's connected and now you can see the basic extreme page right. So this
01:10:07is how you can change the html pages. All you have to do is you have to go and select
01:10:11html and you can
01:10:12change the pages. And whatever information I'll enter over here you will see that information as well.
01:10:23So as you can see username is test and password is 12345. So this is how uh you can create
01:10:31evil portal
01:10:32and you can do a evil portal attack. In our next video we are going to see another type of
01:10:38attack
01:10:38which is a de-authentication attack and we will see how we can de-authenticate all the devices which
01:10:44are connected with any network. Thank you. So in this video we are going to do de-authentication attack
01:10:53on one of our access point. So before starting this attack let me tell you uh you can do this
01:10:59attack
01:11:00on your own network only right right. So if you are going to do it on some someone's else network
01:11:06you have to get the permission or else it's illegal to do this attack. So make sure you do this
01:11:12attack
01:11:12on your own network. So we will go in wi-fi again and there is wi-fi marauder. So we
01:11:21have to go in wi-fi
01:11:21marauder. And first of all we have to scan. So it will scan all the access points and all the
01:11:30wi-fi
01:11:31points in your vicinity. So let's just do scan.
01:11:37So you have to keep this scan running for few minutes or few seconds so that it will get all
01:11:44the access point within your vicinity. So let me run it for few seconds.
01:11:54And let's just hit the back button.
01:11:58And now let's just go in list to see all the access points. So these are all the access points
01:12:06within my vicinity. So you have to select your own access point or the access point on which you have
01:12:13the permission. So I'm going to select the first one which is one. So let's just go back and let's
01:12:24just go
01:12:24in select and let's just type one. And you can select multiple access points as well. So you have to
01:12:31save it
01:12:33and then again go in select and you can type the other access point as well. Right? So right now
01:12:40I'm
01:12:40just going to select the first access point and let's just go in list again. And over here you can
01:12:48see
01:12:48this is selected. So this access point is selected. Let me just go Wi-Fi Marauder one more time.
01:13:02And over here you can see attack. So there are different types of attack.
01:13:07So we will go on de-authentication attack and de-authentication attack will
01:13:13de-authenticate all the devices which are connected with this access point. So let me show you in my phone.
01:13:22So over over here you can see
01:13:29that I'm connected with this access point and as soon as I'll start this attack,
01:13:34this will disconnect this device with with this access point. So let me show you
01:13:43this. So let's just start this attack.
01:13:49So the attack is started and as you can see my Wi-Fi point is disconnected. This the attack on
01:13:58which
01:13:59the access point on which I'm doing the attack it's disconnected. So and it's going to connect with
01:14:04some other access point or it will just disconnect. So let me just try to reconnect with this access
01:14:10point while this attack is running.
01:14:16And no matter how much I'll try it will again disconnect. See
01:14:24it's not going to get connected until this attack is running.
01:14:30So let me just stop this attack and now let's just try to connect
01:14:39okay now it's connected. So this is how you can do a de-authentication attack. So it will de-authenticate
01:14:46all the devices which are connected with any network. So in our next video we are going to see how
01:14:52we can
01:14:52capture and crack Wi-Fi passwords. Thank you. So in this video we are going to see how we can
01:15:00capture the
01:15:00encrypted passwords, the Wi-Fi passwords and then how we can decrypt those passwords. So let's just start
01:15:11and let me go in apps and Wi-Fi folder and we will again go in Wi-Fi Marauder
01:15:21and let's just start the scan. So it will scan all the access points within your vicinity.
01:15:34So let this scan run for a few seconds and let's just stop and let's just go in list.
01:15:44So here you can see all the access points. So I am going to attack it on 4. This is
01:15:53my own access point
01:15:54and make sure you do this attack on your own network or the network on which you have the permissions.
01:16:01Right? So this is my own network. So that's how I can attack on this network. So let's just
01:16:08go back and let's just select 4 and let's just make sure it's our own network. So let's just go
01:16:18in list
01:16:19again and over here you can see our network is selected.
01:16:27And so first we will do a deauthentication attack. So all the devices which are connected with
01:16:32the network will be disconnected and again then these devices will reconnect we will capture the
01:16:40file. So let me show you how this attack works. So let's just start with the so let me start
01:16:46with
01:16:47deauthentication and on my phone you can see
01:16:51as soon as this attack started the access point is disconnected and let's just try to reconnect with
01:16:59this access point. So we are not able to reconnect with this access point as you can see. So let
01:17:05me stop this attack
01:17:08and let me go down in the sniff and let's just select deauth. Sorry we will select
01:17:19raw and let's just sniff. So it will sniff all the packets
01:17:27so when this device will be reconnect with the access point. So as you can see it's connected now
01:17:34so it will capture the handshake basically it's a four-way handshake. So in this four-way handshake
01:17:40there is a encrypted password. So let's just stop this
01:17:48right so the handshake is almost captured in our pcap file. So let me show you where you can find
01:17:54this pcap file
01:17:58you have to go in your sd card and app data and there is a pcap folder. Over here you
01:18:09can see
01:18:09this is our pcap file. So you can download this file and then you can use this file to decrypt
01:18:16the password.
01:18:17So I have already downloaded this file. So let me go in my kali machine
01:18:29let's just clear out
01:18:33and the tool which we are going to use to crack the password is called aircrack
01:18:43aircrack-ng and we have to go in media where I have downloaded this file
01:18:51and this is the file name and then we have to provide the dictionary through which it can compare
01:18:59this encrypted file and try to decrypt the password. So it's a dictionary attack. So we will
01:19:05go in users sorry user share word list and this is the default word list provided in Kali Linux. So
01:19:15you
01:19:15can use this word list and there is wi-fi dot txt. And let's just hit enter. So it will
01:19:30try to decrypt
01:19:30this password and if this password is available in this dictionary it will show you over here right.
01:19:36So it might take some time. So this is how you can do a dictionary attack and you can try
01:19:42to find the
01:19:43passwords and if these passwords are strong, if these passwords are strong you will not find these
01:19:50passwords in your dictionary. So make sure you use a strong password on your network.
01:19:56So in our next video we are going to use C1101 module which is a sub gigahertz frequency module. So
01:20:06we
01:20:06are going to use this module this external module and see how we can capture the different frequencies
01:20:12using this module. Thank you. So now we are going to look at this cc1101 module. It's an external module
01:20:24and we have already used this module the built-in module. So the same module is built-in in flipper
01:20:310
01:20:32as well. The cc1101 module and we have used this module in sub gigahertz frequency section. So why we are
01:20:39using this external module?
01:20:41So we are using this external module to increase the distance. Basically if the frequency is far from your distance
01:20:48you can use this external module to get that frequency. So you can see there is a antenna with this
01:20:56so it's almost a 5 dBi antenna and we can reattach this antenna. So we can use this antenna with
01:21:06this external module
01:21:07that will increase the distance basically. So this is the module which I am going to use with flipper 0.
01:21:18So we need these cables these jumper wires male to female jumper wires to connect with our flipper 0. So
01:21:28with these GPI pins we have to connect this cc1101 module. So this is the module.
01:21:36So let me show you the sketch diagram. So this is the link on which you can find the sketch
01:21:43diagram
01:21:44and I will provide this link in the resources file. So over here you can see there are three different
01:21:49types of this module this cc1101 module. So this is the first type, this is the second type and this
01:21:56is
01:21:56the third type. So according to your module whatever module you will get you can connect with your flipper 0.
01:22:03So there is a little difference in sketch diagram. So according to your module you can use the sketch diagram
01:22:10and I will provide this link in the resources file. So first I will connect this module and then in
01:22:18our
01:22:18next video we will see and we will use this module and see what's the difference. Thank you. So over
01:22:27here
01:22:27you can see I have connected this module with my flipper 0 and in this module you can see there
01:22:36is
01:22:36no LED or anything else through which you can identify that this module is working. So how you can identify
01:22:42that this module is working. So all you have to do is you have to go in
01:22:52sub gigahertz
01:22:56and radio settings and over here you will see that automatically external module will be selected.
01:23:03so in that way you can identify that you have connected your module correctly and your external
01:23:10module is working and you can also select the internal module by changing over here but I'll keep
01:23:17the external module for now and let's just go in sub gigahertz and frequency analyzer and let me just
01:23:31decrease the sensitivity. So over here you can see we are seeing so much different frequencies
01:23:38using this module. So this module is capturing frequency from a distance from far from a distance
01:23:46right. So you can use this module to capture frequencies from a distance and if you want to
01:23:51capture the frequency near you all you have to do is you have to increase the decrease the sensitivity.
01:23:57So right now I have increased the sensitivity over here you can see so all I have to do is
01:24:03I have to
01:24:03increase it so that it will not find all these frequencies. But still this module is finding so many
01:24:17frequencies near me as you can see. So this is a great module and let me just keep this over
01:24:24here let me just
01:24:25keep it over here and let me just press my wireless switch button and let's just see
01:24:33as you can see it has identified the frequency let's just press off
01:24:40so you can see we can identify the frequency easily and same way we can lock the frequency
01:24:47or we can also go in read in frequency hopping so it will hop the frequency let's just press the
01:24:56button
01:24:56one more time for on as you can see it has it identify and let's just press off see so
01:25:07this module is
01:25:08very good the external module is very good with the antenna so let me just do
01:25:16uh let's just send the frequency as well so let's just turn on and let's just go back and let's
01:25:24just use
01:25:24the turn off as well see how fast this module is turn on turn off so you can use this
01:25:36external module
01:25:37uh for the frequency hopping as well and you can also use this module to finding the frequencies
01:25:46which are on the distance so this module is great on finding frequencies which are on distance thank you