LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What did practical Flipper Zero tests show could and couldn't be done with access cards, e-passports, and credit cards?

Access cards: often readable and emulatable/clonable. E-passport: only limited MRZ-zone data, with fingerprints protected by EAC and everything encrypted. Credit card: only the cleartext card number is readable — not enough to transact (no CVV/dynamic codes).

Flipper Zero practical results:

  • Access card: more info can be read than is visible on the card; emulation or cloning is theoretically possible — depending on card type and security level. Modern encrypted cards resist better.
  • E-passport: only limited data readable (basic info from the MRZ zone). No access to PIN-protected areas; fingerprints and sensitive biometrics are protected by EAC and all data is encrypted.
  • Remote control device: remotes can be recorded and replicated, but this is limited on newer rolling-code systems.
  • Credit card: the only thing readable is the card number in cleartext — which is not enough to make a transaction. CVV, dynamic codes, and other security features are missing.

Tip: "Readable" ≠ "exploitable." A Flipper can read a credit card's number, but without the CVV and the dynamic per-transaction codes that number alone can't buy anything — the security isn't in hiding the PAN.

Go deeper:

From Quiz: PRIVACY / Device Tracking: Biometrics, RFID/NFC & E-Passports | Updated: Jul 05, 2026