Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:01
NBC5 investigates viral videos showing
0:04
people how to use this
0:06
$200 device that can unlock
0:08
cars, secure gates, even doors
0:10
to private buildings. Amazon
0:13
just banned these cloning devices from its
0:15
website. It can do a lot for $200. Well
0:17
we talked to security experts. And
0:20
so naturally I just had to buy one. You
0:24
see a news broadcast saying there
0:26
is a device that is no longer
0:28
legal. So naturally you
0:30
had to pick one up. It's not
0:32
illegal. It's just there's a
0:35
discussion going on around whether it's
0:37
going to remain legal, which means
0:39
that I had to get one
0:41
before that discussion elevates into law.
0:45
You wanted to get one while the getting is
0:47
good. That makes a lot of sense. I remember
0:49
when I first heard about this, it was with
0:52
murmurs that the Flipper Zero might
0:54
not be long for this world. And I too
0:56
wanted to buy one. So I'm very excited you
0:58
did. And we make a podcast. So
1:01
the best way you could possibly learn about
1:03
it is probably interviewing someone for this show.
1:06
So when I got it, I was like, what is
1:08
this thing? How does it work? How do I use it?
1:11
Right. So I did what everybody does. And I
1:13
went to YouTube. One stop
1:15
shop. Yeah. And what did
1:17
I find on YouTube? I found
1:19
lots of content regarding the Flipper Zero,
1:21
but typically one large YouTuber, the Talking
1:25
Sasquatch or Talking Sasquatch or Sas, as I
1:27
like to call him. And
1:30
he makes predominantly Flipper Zero
1:32
content and seems to be the biggest channel. So
1:35
I did what any sane podcaster would do. Instead
1:37
of watching all of his content, I
1:40
invited him on the show to explain it
1:42
all to me in person. It
2:03
really is like the luxury of hosting a podcast,
2:05
the shortest distance between not knowing something and knowing
2:07
something. Would you please just come on my show
2:10
and explain it to me? Exactly.
2:13
So today we're joined by the Talking Sasquatch and
2:15
we're going to go through the flipper zero and
2:17
all the questions that I had about it, which
2:19
I hope you find interesting. It's a bit more
2:21
of a technical episode today as Jordan
2:25
can attest to. If that's not for you,
2:27
that's fine. I hope you enjoy some of
2:29
the other content, but stick around. It was
2:31
a pretty interesting chat. Yeah, it's a technical
2:33
conversation, but it's also a fascinating deep dive
2:35
into both what you can do
2:37
with this device, where it came from,
2:40
this kind of story of all these different
2:42
hacker tools being brought together into like kind
2:44
of more of a gadget, something between a gadget
2:46
and a platform. And
2:49
then what it means to share information on
2:51
the internet about a device that has kind
2:54
of a little bit of like a reputation behind
2:57
it. What it means to share stuff and to
2:59
have to navigate, is this okay for me to
3:01
be putting out there in the world? Is this
3:03
useful information or is this like hacker
3:06
information? It is a fascinating conversation
3:08
and Talking Sasquatch was great
3:10
to chat with. So
3:13
thanks. Thanks for coming on the show. You
3:16
know, we really appreciate you making the
3:18
time, making the time to come on
3:20
and enlighten me notably, but also, you
3:22
know, vicariously enlighten our listeners. So thanks
3:25
for having me. So
3:27
the I bought one of
3:29
these flipper zeros, I read an article that said
3:31
that they might potentially get banned. And
3:33
then that of course, triggered in me
3:35
that burning need
3:37
to immediately add to cart and buy
3:40
one. So I bought one, I
3:42
really like hadn't done any research into them. I
3:45
just knew that they were like these cool little
3:47
hacking utilities. I won't call
3:49
it a toy because it's not a toy. And
3:52
I was like, what does this thing even do? How
3:55
do I use this thing and immediately found your content
3:57
and was like, you know what, I'm just going to
3:59
fire. this Sasquatch a
4:01
message and see if he wants to come on the
4:03
show and just have a chat about these things because
4:05
you know considerably more than I probably
4:07
ever will about this device so I just thought
4:10
it'd be great to have you on. Well
4:12
yeah I definitely know how to do a few things
4:14
at this point and
4:17
it's interesting too because it's always evolving
4:19
right like every week it seems there's
4:21
a new app that comes out is
4:23
a new something like there's a paradigm
4:25
shift and like it's just really really
4:28
weird and I know all
4:30
sorts of tech is like that where
4:32
literally things go from like 50 miles
4:35
an hour to 100 miles an hour like just because
4:37
one person shows up but
4:40
there's always some cool stuff to do which
4:42
would be really good for a flipper for
4:44
me because you know there's always content there
4:46
is always you know evolving situations and stuff.
4:49
Totally totally so the just everybody knows
4:52
our guest this week talking Sasquatch has a
4:54
great YouTube channel that talks considerably
4:56
about this device as well as other
4:58
devices I see as I think your
5:01
most recent video is in regards to
5:03
a Wi-Fi
5:06
device that is not a flipper based one but
5:09
the yeah I
5:11
think a great place to start is you know kind of
5:14
what is it you know what is
5:16
this thing it's very odd looking as
5:19
a weird shape what is it
5:21
and where did it come from so like I don't
5:23
know if you if you know where it's
5:25
from I assume by some of the Russian lettering on
5:27
the soft case that I got for it that it
5:29
might be from Russia but yeah so yeah
5:33
the flipper team is I think Russian and
5:35
Ukrainian something like that the
5:37
logistics of all that I'm not particularly
5:39
well versed on but obviously it was
5:41
in Kickstarter for a few years and
5:45
it's one of those things that people were
5:47
starting to question Moses thing ever gonna actually
5:49
exist but yeah it's it's
5:51
kind of billed as a cybersecurity toy
5:54
for a number of reasons one I
5:57
mean it's fun you know you've got
5:59
little animations put that on it.
6:01
So it's got like the
6:03
very most basic virtual pet
6:06
like kind of functionality. But
6:09
underneath it is a pretty
6:11
okay Swiss Army knife of
6:14
CyberSec tools and kind of
6:17
especially for penetration testing. It's
6:20
got some pretty decent functionality. Now it's
6:22
not the best at doing virtually anything,
6:24
but the fact that one small thing
6:27
the size of you know a couple
6:29
of lighters, you
6:31
can do a whole bunch of cool stuff. Because
6:35
like most of my backgrounds in software
6:37
side of the hacking thing, I never
6:39
really got into the hardware side. A
6:41
little bit of phone freaking back in
6:43
the day, but mostly software side. And
6:46
the gist that I've gotten aside from just playing
6:48
an endless amount of snake on it, which I
6:50
have been doing and I've done pretty well at
6:52
is that this is kind of a
6:54
multi, you know,
6:57
functional platform to build out hardware
6:59
hacking things that has a bunch
7:01
of built in functionality like a
7:03
bunch of different radio receivers and
7:05
transmitters as well as infrared receivers
7:07
and transmitters and a C
7:09
receivers and transmitters. And just kind of
7:11
it seems like it's like an extensible
7:13
platform, but you kind of agree with that. Absolutely.
7:17
And what's really interesting being from
7:20
the software side is that
7:22
people are still kind of unlocking
7:24
different features or different, you know,
7:27
different things that you can do
7:29
with the flipper just through the
7:31
software. Specifically
7:33
the BLE spam. The
7:36
people finally kind of figured out that they
7:38
were able to emulate these BLE packets and
7:41
now they're using them to kind of attack
7:43
cell phones and things like that. And
7:47
it's really interesting because that functionality obviously
7:49
was there since day one. But the
7:51
idea of doing it
7:55
with a flipper and stuff like that kind of just
7:57
recently came out and it's really interesting to see. things
8:00
like that because yeah with GPIO you
8:03
can make almost anything for flipper.
8:06
I mean we've seen obviously Wi-Fi
8:08
boards but now we have GPS,
8:11
there are range extenders, antennas, boosters,
8:13
all sorts of cool stuff. I
8:15
just want to rewind a
8:17
hair there and talk about some of some
8:19
of those acronyms. BLE, so
8:22
like the is Bluetooth low
8:24
energy right? Yeah yeah, Bluetooth
8:26
low energy. So this thing
8:28
can emit Bluetooth
8:30
low energy signals? Correct.
8:33
People have then figured
8:35
out how to spam them at devices,
8:38
essentially causing the devices to lock, correct?
8:41
There's a few of them. So the
8:43
first one is basically a pairing
8:46
spam. So you can just throw
8:49
like a bunch of headphones, try to pair
8:51
with your phone over and over again and
8:53
since there are so many different headphones, all
8:55
of those headphones like on an iPhone, anytime
8:57
you pair in like a JBL or
9:00
a Jabra or anything like that, it shows
9:02
up as the actual device. All of those
9:04
devices are mapped to like an image of
9:06
it so there is
9:08
a little bit of a fail-safe so
9:11
you can't take the same device and
9:13
try to pair it over and over and over again
9:15
but you can try to pair different devices. So what
9:17
they figured out is they, yeah all you have to
9:19
do is take a, all
9:22
through the list of the devices and keep
9:24
sending it to the phone over and over
9:26
again and effectively you won't be able to
9:28
really use the phone. There is another attack
9:30
vector that they figured out which effectively starts
9:32
an audio device or something. I don't remember
9:34
the exact logistics of it but it effectively
9:37
starts what I believe is an audio device
9:40
and it will spike the GPU or the CPU
9:42
to 100% and in doing that it makes
9:47
it so that the temperature control sensor
9:50
or temperature control service won't run and
9:52
if that doesn't run then the kernel
9:54
is not getting temperature information from the
9:56
CPU and then it does
9:59
kernel panic. locks up shuts down. Weird.
10:03
Interesting. Yeah, and it's just
10:05
one of those things that I think somebody did by
10:07
accident at some point in time and they crashed their
10:09
phone, trying to figure out what else they can do
10:11
with it and they're like, wait a minute, does this work for you? Your
10:13
phone too? Yeah, it works on your
10:15
phone too? And then all of a
10:17
sudden, I'm making a video about it. Sure,
10:21
crash your own device and realize there's a
10:23
vulnerability out there. Yeah. Then
10:26
the next kind of acronym you
10:28
popped out there was GPIO, which
10:30
is the general purpose
10:32
input output pins. So there's 18 little
10:35
holes on the top of this thing
10:37
that you can essentially clip circuit boards
10:39
into, to the best of my
10:41
knowledge, correct me if I'm wrong on this. No,
10:43
that's absolutely correct. Yeah, and it delivers DC
10:46
current to them so they can be powered
10:48
boards. It has kind of, I
10:51
actually believe when I ordered it, I
10:53
ordered prototype boards, which are just blank
10:55
circuit boards that are meant for you
10:57
to build whatever you would like, clip
11:00
it in and write the code to make it work.
11:03
You've built a few of these things, haven't you? You've built
11:05
some of these boards yourself? Yeah,
11:08
so one of the things that I did when I
11:10
first started off just messing with Flipper was I didn't
11:13
buy the official wifi board, didn't know
11:15
what it did, so I didn't
11:17
really waste any money or time on it, so
11:20
I didn't get one of those. And then I
11:22
had seen, I
11:25
can't remember who was doing it at the time, but
11:27
they were just hooking up a ESP32 because,
11:30
and that's just a little, basically a
11:33
wifi board, and what's cool
11:35
about that is only four wires to it.
11:37
So you can have a set
11:39
of DuPont wires, plug in four wires,
11:41
and you can flash this thing
11:43
into a little wifi board using the
11:46
Marauder firmware by Just Call Me Coco. So
11:50
yeah, that was the first thing that I ever did, and
11:53
I'm like, oh, this is really cool. And yeah,
11:55
I mean, you could just use with a prototyping boards
11:57
or anything like that. Now I am not a hardware
11:59
person. per se, and then I've always kind
12:01
of liked it. I know how to solder
12:04
and things like that, but I'm a bicycle
12:06
mechanic by trade. I mean, I've done that
12:08
for 20-some years at this point. And
12:12
over the years, I've done some things here
12:14
and there, but yeah, I never really did
12:16
any of this stuff professionally. And that's one
12:18
of the things that's cool about Flipper is
12:21
because it brings a lot of people that
12:24
may not be in either cybersecurity
12:26
or technology or any of this
12:28
stuff. And it kind of gives
12:30
them a reason to maybe get in there. Once
12:32
you start messing with stuff, you can get more
12:34
and more complicated because after I made that first
12:36
board with the four wires, I
12:39
decided that I wanted to make a multi-board. So
12:41
I wanted to have the wifi, but I also
12:43
wanted to have NRF24 on it, which
12:46
is, that was what you
12:48
use for trying to take control over wireless
12:51
mice and keyboards on a 2.4 gigahertz like
12:54
frequency. So I wanted to add one
12:56
of those to there as well. That's
12:58
another seven wires. And at the same
13:00
time, somebody had showed me
13:02
a picture of a Helltech, the
13:07
SP32 with an OLED screen on it. And I'm like,
13:09
you know what? I want to try to
13:11
put my logo on this thing. And
13:14
I didn't even have a logo. I was, I mean,
13:17
my Discord name was talking Sasquatch because this is
13:19
the name I've used forever, literally
13:21
forever. So yeah, I
13:25
was like, all right, cool. I'm going to put a Sasquatch on it. So I spent
13:28
a lot of time and energy figuring
13:31
that out because me and Arduino IDE
13:33
and me are not best friends. The
13:37
Helltech board itself is super proprietary.
13:39
So all of their commands and
13:41
stuff are like their
13:44
own. So you can't, it
13:46
was not easy to do. I ended up spending
13:49
a lot of time begging people for help on
13:51
the Arduino Discord, but eventually we got it going.
13:53
But yeah, so that was like another board that
13:55
I made. And I just kind of kept going
13:58
from there, slightly more intricate every time. So
14:01
having something like the flipper was really
14:03
a catalyst that allowed me to try
14:05
to do some things that I never
14:08
would have tried before. And
14:11
starting off small and then working your way up,
14:13
it's kind of a good way to, again, that's a
14:16
great way to learn how to do anything. So what
14:18
you're saying is this is a gateway drug? It
14:21
really is. It really is though. If
14:24
you ask anybody who really got into it, it
14:28
really is. Especially because you can go from
14:30
there, then I started messing with firmware. And
14:33
actually one of the first things that I did too
14:35
was I started messing with animations. How
14:37
I made my initial reputation was actually
14:39
for writing the tutorial on how to
14:42
make flipper animations. Because before I had
14:44
written it down, the only way to
14:46
really find out how to do that
14:48
was to go literally beg people to
14:50
tell you how it's done. And
14:52
a lot of cases, those people, because they
14:55
learned how to do it from Val. Val
14:57
was the animator for
14:59
the official flipper project. And occasionally she would
15:02
show up in their Discord and everybody would
15:04
gather around and start asking all these questions.
15:07
But nobody had formally written down the process
15:09
for it. And even once I figured it
15:11
out or once I was kind of taught
15:13
how to do it from all the other
15:16
people, I
15:18
had some stuff wrong too. I had made
15:20
some assumptions and some of the things that
15:22
I was doing were incorrect. And I only
15:24
found out until later that, oh, OK, cool.
15:26
So the tutorial was a living
15:28
project, so we kept changing it. But yeah,
15:31
it was really interesting because there's so many things
15:33
you can do on it. Then
15:35
I started making the animations and then I realized
15:37
that I didn't like the way the top bar
15:40
looked because it was hiding too much of the
15:42
screen. Somebody had already figured
15:44
out how to get rid of the there's
15:46
a little ribbon cable that sits
15:48
on the top of the screen on the flipper interface.
15:50
Somebody already figured out how to get rid of that.
15:52
So I'm like, well, if you can get rid of
15:54
that, I want to get rid of the SD card
15:56
icon and stuff. So I spent a ton of time
15:58
in the firmware. figuring out
16:01
how to delete that because again I don't
16:03
know C at all. All
16:05
I can do is look at code and try
16:07
to understand it and modify it. So I spent
16:09
hours and hours and hours doing that and eventually
16:11
I figured it out. So it got me a
16:13
little bit more comfortable working with, you
16:16
know, working with the firmware. So I
16:18
started making custom stuff for firmware as
16:20
well. So again, this little silly device,
16:22
it's supposed to be some sort of
16:25
cyber tech, or cyber sec,
16:28
but like E-Pet is
16:31
a great intro into whatever you want to do with
16:33
it. You know, not only a gateway
16:35
drug as far as hardware goes, you've actually started
16:37
writing some code and messing about in the sea
16:39
at this point. So it's broken
16:41
you in entirely into the cyber security
16:43
world. Yeah, in general.
16:45
Yeah. Well, so again, that's been
16:47
really fun. And it just
16:50
gives you a reason to kind of mess
16:52
around with stuff. Yeah, totally. The I want
16:55
to talk about firmware in a second, but the one
16:57
thing I want to talk about was there's
16:59
some criticism about this device that I've seen from
17:01
other major YouTubers and stuff talking about how you
17:03
could use a Raspberry Pi to do most of
17:05
these things. But it just seems
17:07
like to me that seems insane
17:10
because starting with a blank Raspberry Pi and
17:12
having to build all of these attachments and
17:14
write all these apps yourself or find them
17:16
and modify them and install them versus just
17:19
getting this tiny little device and it already
17:22
supporting so many different things
17:24
radio bands NFC. So
17:26
many things that you would have to figure out
17:28
how to build a circuit board to add onto
17:30
a Raspberry Pi. This seems insane to me versus
17:33
just paying 300 bucks and getting this thing. Yeah,
17:36
and I mean it's the right now that
17:38
the official pricing because they were always inflated
17:40
in the aftermarket with official pricing and in
17:42
America is like 169 was like 170. Yeah.
17:47
And what's a Raspberry Pi going for now last one
17:49
I bought was like $75. Yeah,
17:52
and then yeah, you have to write your
17:54
own software. You have to add all the
17:56
modules and stuff and then you have this
17:58
monstrosity. that
18:00
you have to like, I guess you're gonna try
18:02
to use it at that point. Obviously you're not
18:05
doing anything like actually
18:07
red teaming with it, because I
18:09
mean you're gonna need a briefcase. It just
18:12
doesn't make any sense. So I do
18:14
understand that and honestly I have been
18:16
waiting for someone to do a good
18:18
write-up of a DIY
18:21
flipper zero because I will absolutely make that.
18:24
Because that's just fun. I would totally do
18:26
that, but especially to show what it takes
18:28
to make a flipper zero. Yeah, totally. But
18:30
obviously all the coding and stuff for that
18:32
is just all just crazy. So
18:34
trying to actually do that seems like a
18:36
fool's errand if anything. Because I've heard a
18:38
ton of people say they're gonna do it.
18:40
I'm gonna make a cheaper flipper zero. I'm
18:42
like okay cool where's your startup capital? Get
18:45
ready, you're gonna need some coders. Yeah
18:47
well the idea of trying to rebuild.
18:50
Like I could see trying to make a better version of
18:52
it, but I couldn't ever see the idea of trying to
18:54
make a cheaper version of it. Like I don't find it
18:58
particularly expensive. I think
19:01
I were in Canada so I think this thing cost
19:03
me like $260. Which is you know
19:05
give or take a little bit of conversion
19:07
and maybe a little bit of aftermarket pricing
19:09
from distribution taxes or something. But essentially the
19:12
same thing that you pay. But like I couldn't
19:16
imagine trying to build one of these
19:18
things with this much functionality and this
19:20
much extensibility for less and be able
19:23
to manufacture and sell it at a
19:25
profit and sustainable for cheaper than
19:27
that. That seems wild to me. Yeah
19:30
one of the main reasons why trying
19:32
to recreate this doesn't make sense is
19:34
simply because flipper is as much a
19:36
community project as it is the actual
19:38
devs. So it's got a year worth
19:41
of all these really smart people putting
19:43
in all this work trying to make
19:45
this thing work correctly. And I think
19:48
that's literally like one of the biggest
19:50
selling points for this thing at this point. Some
19:57
of you may know that I like games. And
20:00
poker is one of those games. I
20:02
took a class on the Masterclass platform that
20:06
helped me become a better poker player.
20:09
Classes and sessions on the Masterclass
20:11
platform are great. Getting
20:14
some of the best experts in their field
20:16
to talk about a very specific niche topic,
20:19
I love it. It totally suits me,
20:21
and I think it might suit you. There's
20:24
over 180 classes to pick from. There's new
20:26
classes added every month, like
20:28
Poker by Daniel Negronu. Masterclass
20:31
makes a meaningful gift this season for
20:33
you and for anyone on your list.
20:36
Learn from the best, become the best. From
20:39
leadership to effective communication to
20:41
cooking to poker. This holiday
20:43
season, you can give one annual membership and get
20:45
one free, or you
20:48
get two memberships for
20:50
the price of one.
20:52
That's masterclass.com/hacked. masterclass.com/hacked. All
20:55
four terms apply. The
20:58
holidays start here at Kroger with a
21:00
variety of options to celebrate traditions, old
21:02
and new. You could do
21:04
a classic herb roasted turkey or spice it
21:06
up and make turkey tacos. Serve
21:08
up a go-to shrimp cocktail or use
21:10
simple truth wild caught shrimp for your
21:13
first Cajun risotto. Make
21:15
creamy mac and cheese or a
21:17
spinach artichoke fondue from our selection of
21:19
Murray's cheese. No matter how you shop,
21:21
Kroger has all the freshest ingredients to
21:23
embrace all your holiday traditions. Kroger,
21:25
fresh for everyone. Level
21:29
up your listening with Bose Quiet
21:31
Ampered Ultra Air Pads and Headphones.
21:34
With immersive sound and world-class noise
21:36
cancellation for a not-so-silent night. Visit
21:38
bose.com/Spotify to ship sound more than
21:41
a present. Tis
21:44
the season to shine with H&M. Tis the season to shine
21:47
with H&M. Discover the holiday
21:49
collection and find fashionable pieces for
21:51
your wardrobe or for under the
21:53
tree. Get inspired and dazzle with
21:55
this year's glam. From tuxedo styles,
21:57
bow detailed pieces, impressive prints and
21:59
more. From unforgettable looks to unforgettable
22:02
gifts. With fashion finds to home
22:04
decor, find it all at H&M.
22:06
Treat your loved ones and yourself
22:08
this season. Shop in store or
22:10
at hm.com. You
22:19
said something kind of similar in one of your videos
22:21
I watched. It was like, you said something to the
22:23
effect of without the community, the Flipper Zero is nothing.
22:26
So for, I guess, someone like me who doesn't own one
22:28
of these things yet, but is sort of up to speed
22:30
on what it can do, where's that
22:32
line between what it can really do
22:34
out of the box, the sort of
22:36
like manufacturer-intended uses, and what the
22:38
community has empowered it to do? Like a broad overview
22:40
of what it can do and what people have figured
22:42
out it can do. Sure,
22:45
so basically
22:47
the bare model Flipper, especially in
22:49
the earlier times, obviously they have
22:51
frequencies and things that are locked
22:53
out for different places. And
22:56
honestly, most people don't really need to use those frequencies,
22:58
but that's one of the things that the custom firmwares
23:00
do. But beyond that, most
23:02
of the good applications are
23:04
written by the community. Obviously
23:07
the frequency analyzers and some of
23:09
the IR functions, like
23:12
those are things that were built by
23:14
the original devs, but all
23:17
of the additional hardware and functionality has
23:20
been from the community. So you've
23:23
got a lot of stuff, like again,
23:25
using the Wi-Fi board that comes with
23:27
it, or that you can buy with
23:30
it, that's set up with a firmware
23:32
called Blackmagic. What that's for is it's
23:34
a log viewer, it's a debug viewer.
23:36
So you can wirelessly read the logs
23:38
from Flipper. That's what
23:41
it was more or less designed
23:43
to do. What the community ended
23:45
up doing was installing JustCallMeCoco's Wi-Fi
23:47
Marauder on it. Now you can
23:49
test Wi-Fi devices, so you can
23:52
deauthenticate Wi-Fi devices, you
23:54
can record their handshakes, you can try
23:56
to decrypt passwords and things like that.
24:00
more functionality. You've also got people
24:02
like RabbitLab out there and
24:04
AWOC making all sorts of boards. So
24:06
again we've got the NRF board which
24:09
I mentioned before for trying to intercept
24:11
wireless keyboards and mice. You've
24:14
got a number of different
24:16
CC1101 is basically the chipset
24:18
that they use to get
24:22
sub gigahertz frequencies and basically the
24:24
community has made ones of
24:26
those that work for 10 times
24:28
further than what it currently works on
24:30
without it. So they
24:32
really added to the functionalities to the base
24:34
functionality through all of these you know community
24:37
projects and it's just really cool to see.
24:39
So the sub gigahertz frequencies
24:41
what are they typically used in do
24:43
you know? So I
24:46
mean the they're
24:48
normally 433 and 900
24:50
I believe. Okay and
24:53
they're used in what like ID pass cards and
24:55
stuff right? The
24:57
ID pass cards are yeah
24:59
those are gonna
25:01
be RFID or there's gonna be NFC
25:03
both of which the flipper can definitely
25:05
handle and the
25:08
wireless stuff is
25:12
anything from older car keys. Well granted you can
25:14
read a car key it's no problem you can't
25:16
use it in most current keys. Because
25:18
they use rolling codes and which basically just
25:21
means they have a sequential
25:23
list of codes that it will use based
25:25
on an algorithm and without knowing the algorithm
25:27
you don't know the next codes you can't
25:29
use it. But that's what the the CC1101
25:32
sub gigahertz stuff does. Same with I
25:34
using the control lights and stuff and little other
25:36
stuff like that. And then
25:39
yeah it does NFC so it can
25:41
read a lot of my fare keys
25:44
you can decrypt if you have enough of the the
25:48
segment sorry and
25:50
yeah you can you can emulate a lot
25:52
of RFID stuffs were
25:54
pretty easy to copy so anything that's relatively
25:56
low security you can pretty much copy to
25:59
and then you can get some
26:01
data off of credit cards, which was
26:03
a bit of a problem because that's
26:05
why they got kicked off at Amazon
26:07
because Amazon saw that as being able
26:10
to skim credit cards, which it definitely
26:12
does not do. Yeah. So
26:14
like in the old, you know, hacker
26:16
movies and movies that have some cybersecurity
26:18
professional and somebody steals somebody's
26:20
like hotel key room card, these
26:24
things like, when I first got it, I was
26:26
looking through all the little sections, I updated
26:28
to the newest firmware and stuff, went through
26:30
some of the apps and it's as easy
26:33
as like hitting read, tapping the card and
26:35
then hitting emulate and then tapping the like
26:37
the hotel room door and boom,
26:39
it opens. Yeah, and that will
26:41
work on some systems, it
26:43
won't on some other ones, it depends on the
26:46
libraries and the dictionaries that you have. Of course.
26:48
But yeah, I mean, it's literally, in a lot
26:50
of cases, that easy. Let's chat
26:52
about the firmware world because that was one thing like when I
26:55
got this thing, I was like, what do I do with it?
26:57
I didn't even buy an SD card because I didn't realize it
26:59
needed one. I did that too. I
27:01
am that guy as well, so don't feel too bad. I
27:05
got it and then I was like looking around at
27:07
it and then I see some of your videos and
27:09
I see some other content about them and I was like, man, it
27:12
seems like mine's missing a bunch of stuff and
27:14
then I started looking into it and there's a
27:16
bunch of different major firmware manufacturers you wanna lay
27:18
maybe, as somebody that's been a part of that
27:20
community, just give me a rundown or
27:22
give us a rundown of like, you know.
27:24
So yeah, I can do that. Basically, I'll do a quick
27:26
little story time in case you wanna know. I like that,
27:29
I like story time. And I'm pretty
27:31
sure this is pretty accurate.
27:34
Not 100% on everything because
27:36
again, this is all like spoken word history, but
27:39
hopefully my memory is good enough for this. So
27:43
yeah, basically in the beginning, it was
27:45
just the normal firmware. And
27:48
then there was Nano
27:50
and Engineer, I wanna say.
27:53
There were two guys that were working
27:55
on the firmware earlier on, then it
27:58
ended up just being Nano. for one reason or
28:00
another, who won't get into. And then, yeah, basically,
28:04
Unleashed was born at that point in time.
28:06
The fact that they unlocked
28:09
the frequency regular, the frequency
28:11
blocks for certain countries was
28:13
relatively frowned on upon in
28:16
the official firmware land. So most of
28:19
those guys got kind of exiled
28:21
for lack of a better term. So
28:24
that kind of branched off. So now we
28:26
have Unleashed firmware. And
28:28
then Rogue Master came along, and
28:31
basically what Rogue Master was doing was
28:33
taking the Unleashed firmware, adding things like
28:35
animations, which was one of the things
28:37
that got me into Rogue Master
28:39
firmware anyway, because I like animations and stuff
28:42
like that. I have like
28:44
a touch of the ADHD and
28:46
things that are moving around kind of make me
28:48
happy. But yeah, so that was
28:50
one of the things that I liked about it.
28:52
And then he would also go through and scrub
28:54
pretty much any application that he could find for
28:58
Flipper, and he would add it to the
29:00
firmware like right away. So that app had,
29:02
or that would have basically the newest everything
29:04
on it all the time. One
29:06
of the downsides to that was some
29:08
of these apps didn't work super well
29:11
yet. Because again, this
29:13
is, we're all doing all the bleeding edge
29:15
technology or technology, but bleeding edge software.
29:18
So sometimes those things wouldn't work and
29:20
you'd end up with stuff that crashed. But I
29:22
mean, again, if you want the latest and greatest,
29:24
sometimes you run into issues with compatibility. So
29:27
that's where Rogue Master kind of came
29:29
from. And then Extreme popped up with
29:31
Clara. She started
29:34
working on a firmware, I want to say
29:36
it was December of last year, as
29:40
kind of an aesthetic pack on
29:42
top of Rogue Master. And
29:46
that was more or less the idea, started
29:48
optimizing some of the codes there. At
29:51
some point decided to reset and
29:53
basically rebuild that firmware based off
29:55
of official firmware. So it's no
29:57
longer a fork. So. And
30:00
then they started working on more stuff there. Willy
30:03
showed up and Willy is their main
30:05
dev now there too, and
30:08
really started doing some new stuff.
30:10
Willy's very good at C and
30:14
coding for Flipper in particular. So
30:16
at that point, Extreme
30:18
really started doing a lot
30:21
of really unique things. So
30:25
most of the newest stuff out
30:27
there has been really
30:29
pushed and been helped out
30:32
by Willy and Extreme, the
30:34
firmware. So they've done a
30:36
lot of good stuff over there. So right now, most
30:39
of the Extreme firmware is, as
30:42
they've got most of the newest stuff out there because people
30:44
are reaching out to the XFW
30:47
devs whenever they have a new project
30:49
or something. And they're actually
30:51
being very active with the community
30:53
in adding support for different add-on
30:55
modules and stuff like that. So
30:57
it's really been cool because yeah,
30:59
you can make something like RabbitLabs
31:02
will make an antenna and reach
31:04
out to XFW and be like,
31:06
hey, can you make sure this
31:08
is gonna work well on your
31:10
firmware? And they'll add a
31:12
function to it. Like the
31:14
ability to actually plug in
31:17
external IR had
31:19
to be built into the firmware because obviously
31:21
it didn't exist because there
31:23
was no real reason to do it. But because
31:25
of that, now we have the ability to plug
31:28
in IR boards that have seven or 12 or
31:30
whatever LEDs on it. So
31:32
it's a lot more functionality, but that had to
31:34
be built into the firmware. And the fact that
31:36
people could just go out and ask Willy if
31:38
they could try to get it put
31:40
into the firmware, it was
31:42
pretty cool. So those are
31:45
the main three custom firmwares. There
31:50
were some earlier things that were kind of abandoned
31:52
ware, but like, yeah, that's pretty much
31:54
where things are at at the moment. So
31:57
when I got it, obviously as an extreme
31:59
person, but on the extreme firmware, was
32:01
that the right move? There
32:06
are no wrong moves, honestly.
32:09
I tell everybody to try everything out.
32:13
They all have their pluses and minuses, absolutely.
32:15
And they all have different kind of artistic
32:17
directions as far as what they're made for.
32:21
Like Unleashed is a little bit
32:23
less, it's a little trimmed down
32:25
for a reason. Like
32:28
they don't include as many things
32:30
because they really, the idea for
32:32
extreme was to include functionality, but
32:35
let people decide what apps and files and stuff
32:37
they wanted. Where
32:39
like Rogue Master was just like, I want everything on
32:41
it, I wanna just, everything that's available, I wanna put
32:43
in my firmware. And extreme
32:46
decided they wanted to redo everything.
32:48
So they kind of just made
32:51
their own stuff. Like they redid
32:53
the entire UI, they added their
32:55
own settings and things like that.
32:57
They were the ones that finally figured out how
32:59
to change themes and stuff, which is something that
33:01
I had wanted to do for a while. But
33:03
again, I'm not a coder, so that was way
33:05
outside of my realm
33:07
of influence. But they
33:09
did a lot of really cool stuff that I
33:12
had always wanted to see implemented. So I was always
33:14
impressed by that. As
33:17
somebody who hasn't spent much time playing with it
33:19
or using it or looked into building anything for
33:21
it or even shoved any
33:23
boards or modules in the GPIO, the one thing
33:25
in the extreme firmware that I gotta say I
33:28
loved was the ability to turn it off easier.
33:30
Instead of having to go through the menus and find the
33:33
power off switch, you could just tap on
33:35
the back button until it prompted you to turn off. And
33:38
that as a basic user meant a
33:40
lot to me. And I was like, wow, this is great.
33:43
So here's a funny thing. And this is something
33:45
that catches people off guard or off guard all
33:47
the time. And it did the same thing for
33:49
me. That function
33:51
is in the official firmware.
33:54
However, you have to hold
33:56
it for a very, very, very
33:58
long time. At the point
34:00
where you're like, is this working? So
34:03
it does do that on the official firmware. They just cut
34:05
the time down to like two seconds, or one second. Yeah,
34:08
yeah, yeah. When I first got it
34:10
and I had the default firmware, I tried and
34:13
I was like, you gotta be able just to hold this button
34:15
down. And I held it for a long time and it never
34:17
prompted me to turn off. And then I was like, oh my
34:19
god, do I actually have to go into the menu and go
34:21
to the power, turn it off through there? So
34:24
that is funny that it did exist. It just was
34:26
a user experience problem rather than a
34:29
code issue. Yeah, and I
34:31
always thought, I'm like, why do you have to
34:33
hold it so long? It's just weird. Yeah,
34:36
that's interesting. It's good to know some
34:38
of the background of this thing as
34:40
it definitely, I recently flew somewhere and I
34:42
didn't wanna take it. I'm
34:44
kind of afraid of it in this small way.
34:47
I'm like, is this gonna emit problematic radio transmissions
34:49
and I don't wanna have it on an airplane?
34:51
Will I get stop at customs for having this thing?
34:56
What is the liability that I've now taken on
34:58
by owning this thing and carrying it around with
35:00
me? And for the
35:03
most part, it won't be an issue. Don't go to Brazil. I
35:05
think that's probably the one caveat. But
35:08
yeah, for the most part, it's really not a big deal.
35:11
People travel with these all the time. Granted,
35:13
yeah, because we had a bunch of, everybody wants a DEF
35:15
CON. So a bunch of flippers,
35:17
so they all made it. Cool,
35:19
I think we're gonna be a DEF CON next year. So
35:21
hopefully we'll see you there. Yeah,
35:23
I'm wanting to go. And I've already kind of
35:25
mentioned to my employer and stuff that I'll probably
35:28
be doing that. So yeah, I
35:30
very much hope to go next year. Let's
35:32
chat about some of the modules that go on
35:34
this thing because it seems like there's a lot
35:36
of them. It seems like
35:39
there's a lot that kind of do the same thing. I've
35:41
looked at some of the ones from AWALK,
35:44
is that right? Yep,
35:46
AWALK. And some of
35:49
them seem as impressive as the Flipper Zero
35:51
itself, literally. I look at some of these
35:53
modules and I'm like, oh my God. Somebody
35:55
like massive OLED screen, bunch
35:57
of external antenna arrays. They
36:01
seem really comprehensive. So like what have you
36:03
found to be some of the best modules?
36:06
Actually, I'm gonna read from that question and
36:08
say what should I buy to play more
36:10
with this thing? Okay. Cause
36:13
that's really what I'm asking. It's
36:15
pretty easy. So first things first, doesn't matter where
36:17
you get it from, buy a wifi
36:20
board. You can get the official one,
36:22
that's fine. Or you can get one from literally
36:25
almost anyone. Awalk's a good friend of
36:27
mine. And
36:30
yeah, get an external wifi board.
36:32
That's really, really cool. Beyond
36:35
that, the external CC1101s
36:37
are very cool because
36:40
it extends the range that Flipper has by a
36:42
lot. So
36:45
you can access
36:48
things that are much, much further away. And
36:50
it's a lot, this makes it a lot easier to
36:54
actually do the things you wanna do.
36:56
And the CC1101 is used
36:59
for what exactly? Is that sub gigahertz? Yeah,
37:01
it's a sub gigahertz range extender. Okay.
37:05
So what you're referring to is
37:07
actually a really interesting thing. You're
37:09
looking at the dual ESP32 touchscreen.
37:13
That's a very cool project for a number of
37:15
reasons. And it's a project that I, when he
37:17
first sent me the pictures of this thing, I
37:19
was like, oh man, this is always what I
37:21
wanted this to be. The
37:24
original design of this,
37:26
or the original one I actually made,
37:30
I wanted to do a, cause
37:32
I put the touchscreen on a
37:35
combo board. So I had a
37:37
touchscreen ESP32, and
37:39
then I had a NRF24 on that. So
37:43
kind of the earlier version of the
37:45
dual ESP. And then my next one
37:47
that I made, which was my Yeti board, which
37:49
was actually a PCB project I worked
37:52
on with a guy named I.M. Orion.
37:54
And what that was, it actually
37:56
had two ESP32s on it. one
38:00
of which was running the screen, so you could run,
38:03
just call me Coco's Wi-Fi Marauder, because
38:06
the software, the firmware, that
38:08
actually runs the Wi-Fi
38:11
card, you know, the flipper Wi-Fi card,
38:14
that's the same one that
38:16
Coco uses in his ESP32
38:18
Marauder standalone setups. So
38:20
he actually has a device, which
38:22
is for Wi-Fi penetration testing, and
38:25
it's a standalone device, and it's got
38:28
its own firmware. The ESP32 runs the screen. So
38:31
when I realized that, I was like, all right,
38:33
cool, I put that on one of my boards.
38:35
But what I really wanted to do, was
38:38
I wanted to have two ESP32s, one
38:41
that was on its own, and one that was
38:44
run by the flipper. The
38:46
idea was, basically you used the
38:48
flipper to do a de-authentication attack
38:50
against a Wi-Fi device, so that's
38:53
gonna kick that device
38:55
off of the Wi-Fi, and
38:57
then use the standalone to get
38:59
the PCAP file, the handshake files,
39:01
for when it reconnects. So you're
39:03
kind of doing two halves of
39:05
the same attack, where you are
39:09
both kicking something off of a network, and trying
39:11
to capture when they try to reconnect. So
39:14
that's why this board, why
39:16
I made my board, and then AWAC
39:19
saw that, and he's like, okay, that's
39:21
a cool idea. And so he made
39:23
the one that he has, basically
39:27
what I wanted to do, just done by somebody
39:29
who's better at it. So yeah,
39:32
that's what the dual ESP32 that he
39:34
created was, was pretty
39:36
much the same idea as the one that
39:38
I did, just executed much better. So
39:41
just for explanation's sake, ESP32
39:45
are Wi-Fi chips, correct? Basically it's a Wi-Fi
39:47
board, and some of them have Bluetooth. Gotcha,
39:49
gotcha. And then something you mentioned a few
39:52
times, that I'm not fully up on, and
39:54
don't fully understand what it is, and I
39:56
doubt Jordan does. The Wi-Fi
39:59
Marauder. What
40:01
exactly is the Wi-Fi Marauder? The
40:04
ESP32 Marauder is an entire
40:06
program set, and what that does is
40:08
it can do deauthentication
40:11
attacks, it can scan Wi-Fi
40:13
networks, it can capture handshakes,
40:16
it basically can send
40:19
and receive Wi-Fi stuff. And you can
40:21
just basically figure out what you want
40:23
to do with the information that you're
40:25
sending or receiving. Can
40:27
it sniff? Can it sniff
40:29
on encrypted network traffic? So
40:33
yes and no. I don't think
40:35
you're getting as
40:37
much data as you would on Wireshark or
40:39
anything. But you
40:42
can sniff a decent amount of stuff, and you
40:44
can just sniff raw and just see what you
40:46
get. So yeah, you can do a decent amount of stuff
40:48
with it. Let's
40:50
just talk about the PCAP stuff for a sec, because I
40:53
know what it is, but some other people might not. So
40:56
the DAuth, let's just start with DAuth. So
40:58
when you DAuth attacks, I mean, you're essentially
41:00
punting it from a Wi-Fi network, correct? Yeah,
41:03
so DAuth authentication attack is very
41:05
politely asking a device to get
41:07
off the network. Yeah. And
41:10
then PCAPs, so when you reconnect to
41:12
a Wi-Fi network, essentially
41:14
your computer and the network have a little
41:16
negotiation and pass a
41:18
bunch of keys back and forth that agree
41:20
that this device should go on the network,
41:22
and that's called the authentication process, which is
41:24
what the PCAP files represent, correct? Yeah,
41:27
yep. Perfect. Okay. And
41:30
you can take those PCAP files, and
41:32
through a different process, you can actually
41:35
dictionary attack or
41:37
brute force the Wi-Fi
41:39
password, correct? Yeah,
41:42
you can use – well,
41:44
there's a bunch of things, but I think we
41:46
use Hashcat for that usually. Yeah, perfect. Okay. I
41:49
just wanted to make sure I was fully aware
41:51
of kind of what the Wi-Fi Marauder
41:54
toolbox does, because you've mentioned it a
41:56
number of times, and I know that there's a lot of boards that
41:58
I see and a lot of extensions. even some standalones
42:01
from Coco that run it. And
42:04
I just wanted to make sure I knew what it was
42:07
before I got one of these beautiful things and plugged it
42:09
into this thing and figured out what kind
42:11
of devious things I can get up to. Yeah,
42:14
so that's basically what Just Call
42:16
Me Coco does is the WiFi
42:18
Marauder stuff. Nice.
42:21
Their devices as well as AWACS
42:23
devices both seem really, really nice.
42:25
The Rabbit, what was the Rabbit
42:27
one you mentioned? So yeah,
42:30
Rabbit Labs, check out Rabbit Labs. I find
42:32
in every search I make for these things
42:34
I always end up on some website that
42:36
I'd never known to exist called Tindy, I
42:38
think it's called Tindy. Is that right? Yeah,
42:41
so he's, yep, tindy.com/storage slash
42:44
T-E-H Rabbit with two Ts and
42:46
two Vs. So
42:48
the, because I think Rabbit makes a
42:50
lot of the infrared, the IR booster
42:52
boards, right? That's Rabbit, Rabbit
42:55
makes the IR booster boards. He was the
42:57
first one to do them. He's
43:00
got a really good IR,
43:02
he's got two of them really. He's got the
43:04
Master Blaster which is, I believe
43:06
12 LEDs. So it's really strong, it
43:08
has a lot of range there. And
43:11
the first one he made was the Death Star IR
43:13
Blaster. And one
43:16
of the things that's really cool about Rabbit Labs, and
43:18
again, all these guys have their own specific style. And
43:21
it's all very different. It's kind of interesting when you look
43:23
at it. And basically
43:27
Rabbit Labs does a lot of really cool screen
43:29
printing and things like that. And
43:33
his stuff has a different vibe to it
43:36
than everybody else's. And then AWOC, again, he
43:38
does like, it's
43:40
hard to explain without showing the different
43:42
things that people are making. Yeah, yeah.
43:45
But they have a very distinctive style.
43:48
AWOC's a musician and a graphic artist, and
43:50
it really comes through in his electronics in
43:52
a lot of ways. Totally. And
43:55
then Rabbit is just a
43:57
hardware dude. So. He
44:00
just makes really good, complicated stuff,
44:03
and then puts fun screen printing and
44:05
stuff on it. And everything's got a
44:08
little bit of a personality. He's got a
44:11
coming out a Minion ESP32 board, which
44:14
looks like one of the Minions. And
44:17
it's just those little things, yeah. He's got a
44:20
Minion Marauder. And it's
44:22
just cool. It's just, he makes cool
44:24
stuff. All these guys make really cool
44:26
stuff. Because the Death Star is an
44:29
IR blaster, right? And it's
44:31
kind of like, I've seen a video of
44:33
it. It's got a glowing light as
44:35
the Death Star cannon when it's powered up and stuff.
44:37
It's just a cool, they are
44:40
very cool little things. Yeah,
44:43
it's a great way of marketing, too, if you
44:45
think about it. Because
44:48
obviously, it looks cool. So people are going to look at
44:50
it, and they're going to want
44:52
it. So yeah, it's really cool. Yeah, the
44:54
AWALK stuff. I've been waiting for
44:56
something to come back in stock. It seems like
44:59
he sells out pretty fast, or they sell out pretty
45:01
fast. I
45:03
would love to order some of their
45:05
products. And I'd love to get one
45:07
of their t-shirts. I love their very
45:09
graffiti artisty DJ. Yeah, I know. His
45:11
t-shirts are awesome. Yeah, and he makes
45:13
those, too. He sells out
45:15
extremely fast. And people don't
45:18
realize that these shops are people.
45:21
Like Rabbit Labs just call me
45:23
Coco AWALK. They're just people. They
45:26
have jobs and families and stuff like
45:28
that. So they can't mass produce 100
45:30
of something. Well,
45:33
actually, Rabbit does. That
45:36
dude's a beast. He makes a lot of stuff. But
45:40
it's also because of the things that he
45:42
does, is set up to do things like
45:44
that. He can batch surface
45:46
mount stuff in an oven. He can
45:49
do that. Most people
45:51
can't. He's got a part picker. He's got
45:53
stuff that nobody has. It's
45:56
prohibitively expensive if you're doing something
45:58
like this. The modules you
46:00
buy are literally just raw circuit boards and
46:02
it seems like most people then 3D print
46:05
custom cases for them. You
46:07
can even download the print files from
46:09
the circuit board makers often. Here's
46:12
the case if you want to print your own case. It
46:15
seems like an ecosystem ripe
46:18
for gadgety people. Like,
46:20
hey, there's a cool gadget here. This
46:23
gadget also requires you to get other gadgets that
46:25
then require you to get a 3D printer to
46:27
print new gadgets. It just seems like a gadget
46:29
ecosystem. I'm not opposed to it. I like
46:31
gadgets. I'm a big gadget guy. Well,
46:34
no, you're absolutely right. Again,
46:36
this is where one of the things that
46:38
happened because of basically these cases, that's
46:42
kind of when I started doing some of
46:44
the 3D printing stuff I was doing. I
46:46
picked up an Ender 3 back
46:48
in like February or something because A, I wanted
46:50
to mess around with 3D printing and B, it
46:52
was a cool backdrop item. I would have it
46:55
printing when I was filming. I
46:57
just thought that was cool. Do it all for the content.
47:00
Yeah, exactly. So, you know, I bought a printer
47:02
and I spent some time modding it and messing
47:04
around with that. So I kept
47:06
printing more and more, learning more and more about
47:09
3D printing and putting designs
47:11
on stuff. And
47:13
so I keep posting stuff like that.
47:16
Well, the interesting thing about that was
47:18
that's how I actually got asked
47:20
by Deadmau5 to make him a case. So
47:25
yeah, because he had posted a picture
47:27
of his flipper with a Wi-Fi board
47:29
plugged into it like a couple weeks
47:31
ago. And I
47:33
just ran him, somebody's like, oh, look, hey, Deadmau5's
47:35
got a flipper. So I'm like, oh, I got
47:37
to put a comment on there. So I commented
47:39
on there like, hey, man, if you ever need
47:41
any flipper stuff, he's like, yeah, I've heard about
47:44
you. I've heard good things. And I was like,
47:46
holy crap. So
47:49
then he DMs me and he's asking if
47:52
I could make him a case for it.
47:54
So I'm like, yeah, yeah, absolutely. But like,
47:56
yeah, it's the weirdest thing, like one random
47:58
email because I started a YouTube channel
48:00
about flipper zero and now
48:02
I'm printing a case for dead mouse, which I think it
48:04
got delivered today So
48:06
that it's just it's just really weird. But again,
48:09
it just goes to show like this is another
48:11
one of the situations that flipper zero and Just
48:15
the little weird things that you run
48:17
into along the along the way Like
48:19
you'd really never know what that butterfly
48:21
effect is gonna is gonna have so
48:23
the so this tiny little device that
48:25
you probably Kick-started I'm assuming No,
48:28
I didn't you didn't I didn't kick-start
48:30
it. No, I was I was so
48:32
lucky I randomly, I don't
48:34
know if I ran into an ad or what but I
48:38
Know that they were really hard to get and I didn't
48:40
really know much about them Randomly saw an
48:42
ad about it and I saw they were in stock.
48:44
I'm like screw it. I'm gonna buy it Whatever. I
48:46
don't buy things for myself very often anyway, so I'll
48:48
go buy it. Whatever. I don't care Yes,
48:51
so you bought this thing Then
48:53
you started designing circuits free and
48:56
soldering circuit boards Then you started
48:58
writing C and now you're like
49:00
hanging out with deadmau5. That is
49:02
your flipper zero story arc I'm
49:05
not hanging out for say what I've done.
49:07
I talked to him a bunch of times.
49:09
He's actually just a really cool guy It's
49:12
really weird. I've met a bunch of
49:14
people actually just ran into zero day
49:16
yesterday and super
49:19
cool guy, too Is
49:21
this all these people that like actually know
49:24
who I am because of this YouTube channel
49:26
and the YouTube channel Really
49:28
was I was almost bullied into doing
49:30
it anyway, which I thought was interesting because
49:33
originally the only reason why I started doing this was
49:36
If you've if you've done much digging into
49:38
like all the files and stuff You may
49:41
have run into our herd of uber Doritos
49:44
He was like the most
49:46
well-known dude possible in flipper
49:48
world um So
49:50
and he was around in some of the
49:53
discords and stuff, but he had seen My
49:56
tutorial for making animations and he's like hey you
49:58
do a pretty good job of
50:01
writing down tutorials and stuff like that. I've
50:04
got a project I'm involved in with Lab 401, and
50:07
we're making tutorial videos on how to use some of
50:09
these devices. I'd be really happy
50:11
to have you join that. Yeah.
50:15
So that's where I got into making a video for Lab
50:17
401. And
50:20
at that point after that, I decided to start
50:22
making my own stuff. But yeah, basically Uber was
50:24
like, hey, you wanna do this? And he was,
50:27
again, the coolest guy I knew at the time.
50:30
So I'm like, all right, sure, yeah, no problem. And
50:32
yeah, it was because of him I even started doing any
50:34
of this stuff. See, now I just feel
50:36
bad for Uber because he was the coolest guy you
50:38
knew at the time, but now you're hanging out with
50:41
Deadmau5. You know, like Uber's just a regular guy now.
50:44
Uber's a busy dude. I'm friends with him on
50:47
actual Facebook. And yeah, he's a busy dude. He's got a
50:49
lot of stuff going on. So where do you think
50:51
this thing's gonna go next? You know, are there
50:54
any projects that you're aware of, any new functionality
50:56
that you think people are building for it? Do
50:58
you think it's just gonna be kind of, is
51:00
there anybody out there that's really like taking
51:03
it to the next level? Like, is there something that we
51:05
should watch out for? Or like, you
51:07
know, where does it go now? That's
51:10
a really good question, honestly. So I do know
51:12
that there's a new piece of hardware coming out
51:14
called the Flipper Nano. And
51:17
that is basically a
51:19
flipper with less internal functionality and
51:22
two rows of GPIO. So you
51:24
have twice the output. Oh,
51:27
I guess input output. So there will
51:29
definitely be a bit of a paradigm
51:31
shift whenever that goes. Who
51:34
knows if that will be this coming
51:36
year, the year after that, who knows?
51:39
Timeframes for flipper stuff is, you
51:42
don't wanna mess with them, you never know. But
51:44
that's a project coming out. But
51:47
again, the crazy thing about, and this is
51:49
every kind of field or
51:51
every whatever genre of stuff, but someone
51:53
will just show up and be a
51:55
game changer. They'll
51:58
just out of nowhere roll up and do. do
52:00
something, know what he thought was possible, and
52:03
it just unlocks just
52:05
so much potential. Like, it's just, everything all
52:07
of a sudden happens. One
52:11
of the things I've been wondering about this device
52:13
is, you know, is there a dark
52:15
web, some private discords, places like
52:18
that where you can get more,
52:21
how should I put this, aggressive
52:23
applications? Like the, like,
52:26
stealing a car keys, rolling keys, is
52:31
very plausible, there's devices that do it already.
52:33
It's actually not that hard. And
52:35
the flipper probably has most of the functionality, or
52:37
could be extended to have the functionality to do
52:39
it. Is, are
52:42
there places where people build apps that are
52:44
a little bit less, and
52:46
build and share apps that are a little bit less publicly
52:50
accepted? So,
52:52
absolutely. Now,
52:55
I'm not aware of any,
52:57
like, specific place. I'm
53:00
also not the best person to tell
53:02
about stuff like that. Not
53:04
that I'm gonna, like, make a video on it,
53:06
really, but being a little bit
53:08
more higher profile person, I don't
53:10
really, you know, I don't get
53:13
invitations to the dark web as often as I
53:15
used to. You know, but,
53:18
so there are people that write
53:20
scripts. Like, I have scripts right
53:22
now that I won't give out.
53:26
Like, I have a flipper zero ransomware
53:28
script, and I have a key logger
53:30
scripts. So
53:33
there's a bunch of stuff that I am aware of, and
53:35
it's things that I have, because I've used them for videos
53:37
before. But are
53:39
there places out there that, you know, are
53:42
writing codes for stuff? Maybe. Like,
53:44
because I know that Zero Day had
53:46
mentioned on an interview he'd done that he was
53:49
doing some things on his flipper that, at
53:52
the time, weren't really being
53:54
done yet. But, honestly,
53:56
since then we've realized that, I mean, they
53:58
do with the... those scripts have been written.
54:01
So whether or not he had
54:03
those early or wrote them
54:05
himself or whatever, but
54:08
it did imply that some people had
54:10
things that other people did it. Just
54:14
like I have some things that other people don't. And
54:17
other people have things that I don't.
54:19
Well, as an appeal to the community,
54:21
if you're a member of a community
54:23
or discord that builds flipper
54:26
scripts that maybe aren't public, fire
54:28
me a DM, just hit me up. I'd
54:30
be intrigued to know what else is going on under
54:34
the covers. Because when I got this thing
54:37
and when I realized what it was, like
54:39
I thought it was a tool and then
54:42
I realized it was a platform. I
54:44
was like, oh, there's a bunch of
54:46
built-in functions already, but then you have the ability to
54:49
extend it. And then you
54:51
have the ability to essentially custom develop whatever you'd
54:53
like for it. What's cool
54:55
about that idea too is seeing it as a
54:57
platform because also you
54:59
have an incredibly powerful computer in
55:01
your pocket already that can communicate
55:04
with flipper. So as far as
55:06
figuring out the algorithm, your
55:08
phone could probably do that pretty quick. So
55:12
I'm intrigued, I mean, yeah, no, I'm just intrigued to
55:14
see, I'm intrigued
55:16
to know what you don't find on YouTube about
55:18
this thing. You know what I'm saying?
55:21
Absolutely, yeah, I know, I 100% agree. And
55:24
I do look for it. I look for that
55:26
stuff too. I'm obviously on Reddit and all sorts
55:28
of other places. I'm constantly looking for new
55:30
stuff. Again, being who
55:32
I am, it's a little bit easier because people
55:35
reach out to me. So
55:38
someone will just hit me up in the DM and be
55:40
like, yo, I made a payload encryptor or something like that.
55:42
I'm like, oh, that's cool. And that's how I met, that's
55:44
literally how I met Red, who was
55:46
the guy who wrote the ransomware and key logger. And
55:48
yeah, he's just like, hey, I made this one thing.
55:50
And then he was like, hey, do you know anybody
55:52
who has this? And I'm like, nah, I don't know anybody
55:55
who has this. And he's like, well, I do. And I'm
55:57
like, got any more? I
56:00
do. I like that. Sounds like Red's the guy that
56:02
I'd like to meet. Yeah, this
56:04
is a very interesting little
56:06
device. I'm intrigued to,
56:09
I should say, play with it, but I would
56:11
say educate myself more on its functionality and what
56:13
can be done and how I can extend it,
56:15
or it can be extended to do
56:18
different things because it's coming
56:20
from the software world. You know, I'm familiar
56:22
with all kinds of software vulnerabilities and code
56:25
problems and things like that, but I've never
56:27
really been into the hardware side, and this
56:29
has definitely piqued my interest. Aside
56:32
from emulating circuit designs that have been given
56:34
to me to make musical instruments
56:37
often, I've never really built
56:39
anything, and now I have this desire to
56:41
build a board, and I'm not
56:43
sure what I wanted to do yet. Yeah,
56:46
and I mean, you can do pretty much,
56:48
you can do a lot of stuff. And
56:50
if you're a code guy, definitely check out
56:52
Code All Night. I'm a really, really cool
56:54
guy named Derek Jamison. He
56:57
is a phenomenal coder. I think he used to
56:59
work for Microsoft. Don't quote me on that, but
57:01
a really, really ridiculously,
57:04
like, painfully smart dude.
57:07
And yeah, he writes code and apps
57:09
and stuff like that. So if you're
57:11
interested in software side and possibly coding
57:14
stuff, he's a great resource for that
57:16
as well. I'm curious
57:19
as a content creator, I watched
57:22
your video on the ransomware stuff
57:25
that I can do, I'll watch your stuff on hacking
57:27
Wi-Fi passwords. In the
57:29
ransomware episode, there's this really interesting
57:31
moment where you blur
57:33
the payload, essentially. And you
57:35
flat out say, I'm doing this so that
57:37
a teenager doesn't get themselves arrested. And
57:40
it's like a fellow content creator that
57:43
makes stuff about cybersecurity. Like,
57:46
how do you navigate that line between not
57:48
wanting to empower a person to maybe mess
57:51
their life up, but wanting to put this
57:53
information out there and wanting to share it with curious,
57:55
interested people and wanting to push the community forward? How
57:57
do you balance those two things? It's
58:00
tricky because
58:03
obviously doing
58:05
things like the offing Wi-Fi cameras,
58:08
which was literally the first thing I ever
58:10
published, it wasn't a picture of an animation.
58:12
My very first TikTok, because I tried to
58:14
start TikTok as a platform, which is a
58:16
silly thing you do, but
58:18
my first video was literally showing me
58:20
disabling my video camera, my surveillance cameras.
58:23
And yeah,
58:26
trying to figure out where the tipping point is.
58:29
Now hacking Wi-Fi stuff,
58:31
that's really, really easy information
58:34
to find. So
58:36
with five seconds for the work, you can find
58:38
somewhere else to get that information. So if
58:41
I'm another person doing a video on how to
58:43
do it, who cares, right? So
58:46
where I draw the line is
58:49
handing someone a weapon. And
58:52
that's kind of the way I saw that video.
58:55
And especially with bad USB, now
58:58
if anybody doesn't know what bad USB is, Flipper
59:01
has the functionality effectively of like a rubber ducky.
59:03
So what it will do is you
59:05
plug in your Flipper to a
59:07
computer and you can run a
59:09
script through PowerShell or whatever. You can basically
59:12
use it as a keyboard and
59:14
you can do code injection. So what that
59:16
means is if I plug my
59:18
Flipper into something, I can run a code that
59:21
is on my Flipper. The
59:23
problem with that is it's
59:25
very, very easy to do. And
59:28
when things are too easy to do, people
59:30
do them without knowing why they're
59:33
doing them or what might happen. So
59:35
as an example, I've seen
59:38
a bunch of examples, one of which was
59:41
somebody almost got auto banned in
59:43
my Discord by the bot because
59:45
they ran a script that typed
59:47
in every single line from a
59:49
B movie. Every
59:53
like half second. So they got flood
59:55
spammed and they got kicked for it.
59:58
But Flipper's zero. can
1:00:00
be used to, you know, infect your
1:00:03
computer with with ransomware and you
1:00:05
know, just things to be aware of
1:00:07
like, yeah, these things do exist and
1:00:10
since I have an audience that, you
1:00:12
know, watch these things about bad USB
1:00:14
and stuff, it's a good idea
1:00:16
to at least spread some awareness about that and
1:00:18
I did, I thought it was kind of a cool thing. But
1:00:21
again, I'm not gonna hand somebody the tool to
1:00:24
completely screw up somebody's computer. Sure,
1:00:27
that makes sense. I guess, minder point
1:00:29
of clarification, when you say that
1:00:32
person in your Discord posted B-movie
1:00:34
quotes, are you saying they
1:00:36
posted quotes from a low-budget film or from
1:00:38
the 2007 animated
1:00:40
comedy B-movies starring Jerry Seinfeld? It was
1:00:42
in fact the 2000s era B-movie
1:00:46
with hosted, yeah with Jerry Seinfeld in fact,
1:00:48
yeah. Sure. Where he plays a B trying
1:00:51
to sue humanity for how they treated B's.
1:00:53
I'm familiar. I just want to confirm
1:00:55
that. Yes, yes, every single
1:00:57
line of that movie in order, yeah,
1:00:59
posted in Discord and yeah, that was, that
1:01:01
was, it was fun and I think the person that did
1:01:03
that, they were actually in voice chat at the time and
1:01:06
you could actively hear them freaking out, which was
1:01:08
very funny. Sure. Oh,
1:01:10
that's great. I mean, that's kind
1:01:12
of tangentially connects to the one other
1:01:14
big question I had which is like
1:01:16
kind of to do with internet clout
1:01:18
and flipper zero. I
1:01:21
watched some of your I watched flipper
1:01:23
zero TikToks so you don't have to
1:01:25
videos quality content just to pass
1:01:27
on my compliments. But
1:01:29
so many of those are about taking this device that can
1:01:31
do a ton
1:01:34
of stuff. It functions as a platform to do
1:01:36
even more stuff and a lot of the TikTok
1:01:38
content is about lying about what it can do,
1:01:40
which I found interesting. It's about like watch
1:01:42
me tap a credit card on it and boom I have
1:01:44
the credit card it can use it. It's like, well, for
1:01:46
all the things that can do you managed to find a
1:01:49
couple things that didn't and are now lying about it on
1:01:51
TikTok. Why do you think it
1:01:53
became the like, I don't know, like
1:01:55
center of a little bit of an internet clout
1:01:57
trend? Where in a
1:01:59
way that hacking devices really haven't done
1:02:01
before. It
1:02:04
was very interesting seeing how that
1:02:06
was. And actually I specifically picked
1:02:08
a lot of the videos in
1:02:10
the TikTok one that were real.
1:02:12
Like some of the things that I showed off were real. I
1:02:16
featured a couple with, again, I
1:02:18
Am Jacoby and Taco Cat, I believe. So
1:02:21
some of those things were real. But
1:02:23
especially in the beginning. In the beginning it was bad.
1:02:25
It was really bad, honestly. They
1:02:27
showed some really sketchy things. One
1:02:30
of the videos that I couldn't find that I
1:02:32
wanted to feature in that video because I thought
1:02:34
I really needed to talk about it. But basically
1:02:36
some dude with a flipper zero effectively
1:02:39
tries to show that he's stealing
1:02:41
a card from somebody and then
1:02:43
following them into a building. And
1:02:47
you can kind of do that by the way he was
1:02:49
doing it, wasn't working at all. And he was like, pushed
1:02:51
it past the bag. But
1:02:53
what was going on is
1:02:55
people love sensationalism. They
1:02:58
wanna think that this is a Sonic screwdriver. And
1:03:01
they literally, like, so when they see
1:03:03
something like that they immediately believe it
1:03:05
because it's the internet. And everything on
1:03:07
the internet must be real. I don't
1:03:09
know why people believe anything on the
1:03:11
internet. But yeah, so
1:03:13
that kind of stuff went viral.
1:03:16
And that's what people started thinking
1:03:18
they were getting when they bought
1:03:20
flippers. So
1:03:22
I actually kind of cashed in on that
1:03:24
idea because if I'm doing tutorials and somebody
1:03:26
bought one of these, specifically trying to do
1:03:28
this, then maybe they'll find my channel
1:03:30
and watch my stuff. But the
1:03:33
flip side of that is why I
1:03:35
made an entire video and actually spent
1:03:37
a good amount of time with a
1:03:40
guy named Betsy who's a pretty
1:03:43
well-known guy as far as
1:03:45
NFC goes. He
1:03:48
spent a lot of time explaining how NFC
1:03:50
and stuff works. But that's why I made
1:03:52
a video specifically saying why flipper zero can't
1:03:54
steal your credit cards. Because
1:03:57
that was one of the most common things that I
1:03:59
had seen. showing how
1:04:01
they could use their flipper to steal
1:04:03
credit cards and it's just you can't do it it
1:04:05
can't be done at
1:04:07
least not with a any like normal
1:04:09
style of credit card but
1:04:12
yeah there's all there was all an awful lot of that
1:04:14
and I mean it
1:04:17
was it was it was you know getting clicks
1:04:19
was getting views I had never
1:04:21
ever gotten anywhere near any
1:04:23
of those like you know million view
1:04:25
videos even showing like the the off
1:04:27
a Wi-Fi cameras and that was real
1:04:29
I really did that but it
1:04:32
never really had the same appeal as
1:04:35
somebody you know fake using a credit
1:04:37
card or faking using it to access
1:04:39
something that you definitely couldn't but yeah
1:04:41
those those videos went crazy especially earlier
1:04:44
on cloud chasing with flipper zeros on
1:04:46
a new sentence my last question has to
1:04:48
do something you said earlier we
1:04:51
were talking about you know feeling safe taking this
1:04:53
thing and traveling with it you brought up Defcon
1:04:55
which is basically thousands of these
1:04:57
things converging on one city so it's obviously
1:04:59
okay but you made reference to Brazil
1:05:02
you said I probably wouldn't take it to Brazil so
1:05:05
I'm curious what happened in Brazil
1:05:08
and broadly do you think
1:05:10
there's going to be I don't know more
1:05:12
of a legal response to this thing as it
1:05:14
becomes more famous more popular on the internet and
1:05:16
people construe and misconstrue what
1:05:18
it can do do you think
1:05:20
there will be more legal fallout essentially so
1:05:23
I think at this point at
1:05:25
least for most places it's we're
1:05:27
pretty much over it um
1:05:30
basically flipper devices are not certified in
1:05:32
Brazil they're not allowed in Brazil
1:05:35
huh yeah and probably mostly from
1:05:37
I don't know I'm going to
1:05:39
speculate and say auto theft because
1:05:42
now this is a very valid point and
1:05:44
somebody had pointed out before because I
1:05:47
want to say hacky stuff on YouTube channel
1:05:49
I believe he's out of the Philippines but
1:05:52
he pointed out that where he
1:05:54
was located a lot of vehicles
1:05:57
have aftermarket to the century The
1:06:00
aftermarket ones, a lot of them don't
1:06:02
use rolling codes. So you actually can
1:06:04
access cards with those. So
1:06:09
certain places got a little bit concerned
1:06:11
about it. And
1:06:13
I mean, again, even Amazon blocked the sales of
1:06:15
them because they thought they were credit card scammers,
1:06:18
which is the one thing it can't do. It
1:06:21
can't do a lot of things, but it's one of the things it can't do.
1:06:24
So again, super interesting.
1:06:27
And yeah, it's... I
1:06:30
don't see it getting banned anywhere else at
1:06:32
this point because, again, it's not
1:06:34
that damage is done, but at this
1:06:37
point, you can pretty much
1:06:39
figure out what it does and doesn't do. I
1:06:41
mean, hell, if you're an entire country, you have
1:06:43
the time to watch my videos. Just
1:06:45
find out what it does first. Watch
1:06:50
Talking Sask, watch Before You Pass Any Legislation.
1:06:52
Yeah, just give me a few views. You
1:06:55
can skip the ad. It's fine. It's fine.
1:06:58
Just drop a DM. Work for
1:07:00
us. Yeah, exactly. Work for Deadmau5, work for
1:07:02
us. Hit them up. Thank you
1:07:04
for us sitting down and sharing with us. I think that's everything I wanted
1:07:06
to ask. Scott, you got anything else? No, no. I
1:07:09
think the first hour of intense
1:07:11
tech chatter was mostly what I
1:07:13
was looking for. So make up
1:07:16
good. And definitely thanks
1:07:18
for having me. It's been fun. I
1:07:21
apologize. This is my first actual
1:07:23
long-form podcast. Every
1:07:27
time I've done things like this, it's been tricky. I
1:07:29
did a video with David Bombal. I
1:07:32
recorded more videos. But
1:07:34
that was three hours of doing things
1:07:37
live. I'm not used to working live.
1:07:41
And I do a decent amount of
1:07:43
post-production. So again,
1:07:46
first time being actually on a podcast. But
1:07:48
it's been fun. It's just something
1:07:50
I've done before. So I'm getting used
1:07:53
to the format. No, no. Well, you
1:07:55
crushed it. We appreciate having you. Five
1:07:57
stars. Five stars for talking to us. Much
1:08:01
appreciate you guys. Amen.
1:08:03
Well, thanks again for coming on and maybe
1:08:05
we'll talk again in the future.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More