I'm the winner. Fact.

@@gaijinexec probably never :p

I’m 90% sure the modern rouge is just Brian and Jason planning a super elaborate heist

I want.

Dude I had no idea sounds awesome though! :D Love the show!

I love open source, but of course the people that could help fix things and don't are where we all fall flat on our faces.

@@dafoex ? I don't understand your comment. Who are "we"? How do "we" fall flat on our faces? Who are the people "that could help fix things"? OOP is incredibly easy to learn, so anyone willing to put in a bit of time can fix the open source software. I'm not trying to be rude, I am genuinely curious.

@@trones9204 he means instead of using the knowledge to fix it they use it to exploit the issue for their benefit

​@@buddergolem9463not in the case of Android or any mainstream open source project. only problem is people who refuse to Google, refuse to use their brain and create spam aka low-effort posts asking what they could easily solve with one google.

It's also worth mentioning that those are rarely used in practice. As a security integrator, I can say my experience is that I may install 1 out of a 100. That is because it is more expensive and the sales guys like to sell the cheaper systems so they can upcharge and pocket the rest.

And then of course, if they install REX Motions then forget about security. Give me a can of compressed air and I'm in. Security is only as good as your weakest link.

@@BLavins all the readers I'm familiar with use this challenge response approach.

@@brwa5176I challenge this and expect a response

@@brwa5176you must work for a higher end establishment then in my installation experience this is not the case. Either way I’m sure there are ways to defeat it

@@tenchraven That sounds awesome and I wish I could be your player. No homo

It's helps inform people of vulnerabilities in THEIR own security

Knowing how to do it is literaly the only way to know how to stop it in the security bis not that i have a legit reason to know i just dont want to call a smith to break into my own car or house i also like to help my friends and coworkers out too when im there

Kevin D I’ve been looking for tabletop RPGs with a sci-fi setting but have been unsuccessful. What do you play? I love D&D but I love cyberpunk dystopia more.

That will be a legendary police video

Prep?

Then you yell 'GO AWAY COP GUYS' and slam a flash bang into the ground before running away.

@@AG.Floats oops is supposed to be perp short of perpetrator. But autocorrect...

@@AG.Floatsa perp is a suspected criminal like a suspect

I thought the same thing. They look like a snapchat filter

I think that is the point of them they look cool.

Yeah it looks pretty cool.

@@jimmyat my other thought is they may be anti face reconization.

If anyone knows the brand of those glasses, please post it. They look freaking awesome.

wow! Thanks so much, man!

thats my understanding as well.

Yes and No. If you check out Deviant Ollam's channel, one of his talks he did mentioned that even the more secure systems, most of the time the readers also have a Prox system in-place and enabled as a built in backup. So while you may not be able to spoof at higher end card, you can still fool the sensor in other ways to trigger a door open.

You also run into circumstances where an organisation doesn't control the whole building so while they have whizz bang encryption in their readers and protocols on the wire to the controller, they do dumb stuff like make building lifts with it's legacy system part of their security framework. Hell, I've seen the "break glass" emergency switches mounted *in* the public lobby area because the only way to get to the emergency stairs is through that door - rather than building a path that didn't require basically disabling security.

As a security integrator myself, I will have to say that in my experience, the sales guys are still selling the unencrypted HID Prox readers. In fact, it is rare when I install anything encrypted. I have the Proxmark 3 and use it to clone company cards when I'm at a company that doesn't have a guest badge for IT vendors. I've cloned my own cards to transfer them to keyfobs instead so I don't have to carry my badge everywhere I go. Instead, it's right there on my keychain.

@@freman In many places it's actually part of the fire code. Nothing they can do about it. I just did an office recently that wanted to have a fail secure crash bar on the stairwell door but fire code says it must be fail-safe so if the fire alarms go off then the doors unlock. This way the fire department can access the floor from the stairwell. It's fail-safe so that way if the power fails it will also be unlocked. The owner didn't like it but there was nothing he could do about it due to the fire code.

Thought i was the only one

True

dude has snapchat filter glasses

Yeah It was big trippy first like 2 minutes I just stared! Like wait, what?

Came here to say this. Ten Points.

If you're into cyber security, then you should have read about this years ago.... this is way old news

@@NZSpides Everyone progresses at a different pace, with different starting points, end goals, and starts at a different time in their life.

Oh yeah he's got a chip

Thats coming, they covered implants while they were there

@@screwball69 It would just have been the perfect moment right now to make jason and bryan just flip their shit.

@@Volvary Agreed

Deviant Olaf, cyber-intrusion agent.

Not really. Tap to pay has a little more smarts than simple access cards, and aren't vulnerable to the types of attacks in this video.

More credit cards than door access cards. Credit cards have a wee bit more security built in. Especially on the payment terminal. The lost mythbusters episode on that covered how easy it is to duplicate credit cards and do it from a distance. Chip and pin still remains the most secure but the danger of old RFID credit cards was the credit card number wasn't encrypted! This ment you could steal credit card numbers from wallets without touching them, hence all the RFID protection wallets have these days... Oh passports were also vulnerable to this.

@@DarkFoxDK it is. Adam savage was doing some appearance at a convention irrc, and he said they were going to do a show on how vulnerable the chips are, but they decided not to due to legal reasons.

well, the "legal reasons" were: "Credit card companies threatened to stop buying advertisements at discovery channel"

@@user-lw8jk6nv7l Like Phil says, wireless credit cards, and chips aren't just static data being shouted out, which can then be copied. There's a cryptographic challenge and response process, which prevents straight up copying of the card as shown in this video, as the card's secret is never revealed directly. There are other vulnerabilities that are a lot more difficult to exploit, but it's not nearly as easy as copying an access card.

Sir, with all due respect, how do I know you're not him? He could be any one of us, just using a cloned badge.

I see you saw Deviant's elevator talk.

@@---cr8nw He could be any one of us. He could be you, he could be me! He could even be-- **BLAM** *spy dies*

V, is that you??

nice.

Spell it right R-O-G-U-E! --Brian

As Mother Nature intended.

Hey Virgil wheres your profile picture from? Ive seen it multiple times before.

@@jonathangrey2183 there is no "C"

I hear you, man. Same here, I'm also a security integrator and I keep reading the same comments and think, "if they only knew."

Industry polling say that 26-bit, standard Weigand is still the majority of installations in the US. Some companies have moved to 'smart' cards (13.56MHz) but it is far, far lower conversion rate than you would hope/expect. These techniques will get you in most places today. When security people show this to C-Level executives they freak out, initially. Then, they ask how much will it cost to replace all the readers and rebadge every employee and they quickly sweep it under the rug. Trust me, rebadging hundreds, thousands, tens of thousands of employees for a changeover is a logistical nightmare.

@@thezfunk I wish I could tell you what I do, it is super scary the number of facilities in the US that are using ancient access technologies. A lot of the US is actually about a decade or more behind most of the rest of the world. I have stories.

imagine how old the systems are that North korea or Iran use to protect thier weapons systems.

And Jason Murphy holds Jason Murphy back?

@@zackthemaniac5754 +1 lol

Split personality's?

Murphy is the side of Jason Murphy that we see, Jason comes out when the cameras aren't rolling.

Icp

Whoop whoop

Had to look through the comments as soon as I heard that to see who else caught it. Whoop! Whoop!

Can you link it please?

Oh there are tons of things that will demolish that sense of security :)

deviant does a pretty awesome talk here: kzbin.info/www/bejne/qJ_QlIWKo7mBeZo it's all about crazy physical penetration he's done.

Check out Deviant's channel, hes got hours of to talks on how to beat locks, doors, access control systems, elevators, and how these all get applied to pen testing.

Ashton Minden I believe someone did it with the London Underground rfid card and a sonic

I plan on doing that at school. I’m trying to find out the frequency that they use in their fobs, then I’m just gonna purchase one, strip it down, and put it in a sonic

I'm waiting for my proxmark in the mail, I'm totally gonna try that. Thanks for the idea.

@@will_scarborough6487 then you will go to jail for a felony.

Genius

I was gonna say looks like a snap chat filter

For me it was the painted on beard.

I’m SOOO glad I’m not the ONLY person who noticed that!!!

bruh

They could still clone it if they pressed that switch though, or if they hid their reader somewhere near the legit reader. The encrypted way is better because it allows the public to use their cards in the same way, and it makes them pretty much unspoofable.

+Daniel Nunya Bidnezz Best way to stop a card cloner from cloning your card is to *USE CASH.* :

Seemed weird to me when he said "a couple of years ago" since I remember I had paywave visa cards 7 years ago in my backasswards country.

It wasn’t a long time ago Visa & Mastercard actually stopped The Mythbusters from releasing the RFID episode.

The US was actually first to get Apple Pay, which is leaps and bounds ahead of Chip an PIN (I finally have it where I live and use it wherever I get the oppertunity). Yes mag stripe is a joke, it's like he said, you may as well have your bank account written on a bit of paper. The banks here moved from MIFARE Classic (compromised 9 years ago) to MIFARE Plus (a bandaid patch to the Classic technology) a couple of year ago, better, but nothing compaired to Apple Pay and Google Wallet. Banks suck at security.

@@NZSpides again, US BANKING is 20 years behind (like it is a real thing) a branded (in this case apple) solution does not somehow make it a leap forward all the tech was already there (so much so, that apply talked to companies, and worked with them in bringing banking tech (again, already in use, and for many many many years before hand) into a form that made it easier the tech apple uses is 20+ years (in the sense of what is making the payment) face ID, or fingerprint, or pin, thats what you enter into the phone (the phone at that point is handling security, so the payment device, that is really the only difference, and again, isn't new)

Jeremy Sims I was referring to the point that every transaction with your account is unique. The actual technology after that hasn’t changed in years. Banks use insurance to cover the fraudulent transaction which helps them but screws the user that has to go change all their account info for payment sites.

Yes. He is a gateway ‘drug’ into infocrack.

The ESP key that they use is the ESP chip loaded with custom firmware and additional hardware that automatically strips the wires when you press them into the slots on the chip. I'm not saying it's not pricey, but they're not just reselling it for a $75 markup.

Its more like their selling their code for 75$ and the chip for convenience

When you buy cards in bulk it makes out or less than $1/piece. Cards made by HID are a bit more expensive.

knowing is a fraction of the goal. Its like me sayin I know how to shoot like Micheal Jordan. or I could be like Kobe and Study and apply and be a legend 5X Champ #RipKobe24

It’s so easy, it’s anticlimactic af.

you think the US is far behind? then come to germany.

@@GameCyborgCh try austria, people get angry when you try and talk them into using cards instead of cash. EU is trying to remove 1 and 2 (euro-)cent coins since they are basically worthless... some people here are VERY opinionated on that idea

It doesn't affect you. Not sure why people always care so much what the U.S does.

@@andyk2594 1 and 2 cent coins are actually less than worthless, they cost more to make than they are worth

@@andyk2594 I didn't say it effected me, just that I was surprised. Plus, I'm Canadian so it impossible not to deal with the US in some way.

Didn't watch the entire video yet, but RFID is a pretty generic term and a lot of RFID systems (such as the one on payment cards) can literally not mathematically be cloned. My knowledge of access control systems is far more limited, but as far as I know some of them are the old 'number on a card' approach, but definitely not all.

@@DavidMulderOne it's the one he says "Oh the light bar? That's" and he names it and says it can be cloned. Honestly though the bigger security measure is all the cameras and the relatively small staff. People know who's supposed to be there and who isn't. Also the on sight 24/7 FBI agent is pretty good too.

Omg yes!

0,74 € on aliexpress... maybe he wanted to say "80 cents" instead of "80 bucks"? but this thing looks like a really nice toy for all sorts of projects, didn't know that this stuff got THAT cheap, definitely on my wishlist now!

+airbmacndeehoc ...and here I was always under the impression that it was *_penises_* and *_dildos?!!_* :

The ESP chip is $5 but the ESP Key module that they use has the firmware already loaded, and it has special hardware to automatically strip the wires and connect to them when you shove them into the little slots on the chip.

its a free world - you can believe it, but you should be aware that believing in it is proven to have more effect on your health than itself.

Just continued to watch. What? 95% of systems don't use tamper protection in the US?!?! So basically nobody knows how to build security systems over there? And temper protection is usually done by a single push switch instead of vulnarable magnet sensors. 100% reliable and older than LEDs and ICs themselves. Again, don't know about the US but I just can't imagine all of you being so incompetent...