We know that the current Flipper Zero NFC can read bank cards (only for NFC testing?) but unable to emulate on the credit card machine.
So can I know that the hardware is ready to support it in the future? not supported?
the flipper can only read the unencrypted parts of a credit card. both the encrypted and unencrypted parts of the card’s scan is needed for a successful transaction. the flipper has no way of decrypting the card. and never will.
TLDR no
Even if there is a hidden/secured area at the Bank Card, you can pay with your phone or smartwatch.
Maybe one day it will be possible also to use you flipper to pay via NFC, too. Fully legal. Oversimplified: Tell your Bank ‘I have a new NFC device’ and register it.
… In my experience with my Garmin smart watches, there needs to be a fancy startup fintech, that will accept new devices and charge your bank account.
Interesting technical read about this topic: Host-based card emulation overview | Android Developers
One thing is when an ATM reads the mag stripe of the card and the ATM do the transaction, another thing is when the card is used either by chip or NFC. In this later mode the card itself have a certificate and a app that will sign the transaction. Works a little bit like ssl with assimetric crypto. You can’t extract the private key from the card, so you can’t copy a bank card, forget about that.
What one could do to attack apart from stealing the card and using it would be to place a valid reader to do a transaction near the card, the card would sign the transaction and the money would be transfered to the account of the one who have the machine, this would be very easy to trace as soon as the owner of the card did complain, so forget atout this.
Devices like smart watches are NOT cloning your bank card neither reading it. They are associated with your bank account to move the money using their own way of working, they didn’t get keys from your card.
On the NFC mode of credit cards you need the presence of the card to do the transaction because the card itself is doing the transaction and signing it with the keys that it only have.
Impossible to copy.
Even if you get card number and holder name that is the limit of info that you will get, the rest is myth,
1 Like
I believe that Flipper is able to emulate EMV Cards yes, if you add a card in ApplePay/SamsungPay you can use it With or Without internet, I believe it would be something related to TRACK2 of the card, as well as SWIPEYOURS that was manufactured to pass Cards of TICKET by NFC.
i think you’re on to something there, i tried what you said by reading my physical card and the NFC card, they’re deffinitely different i’m going to try it out irl. i think there’s a good chance that works.
1 Like
The NFC mode of credit cards adds an extra layer of security by requiring the physical presence of the card to complete a transaction, making it impossible to copy. Devices like smart watches aren’t cloning cards; they’re associated with bank accounts and operate independently. Stealing card details yields limited information, as sensitive data like private keys remains secure within the card.
1 Like