Quiz Entry - updated: 2026.07.05
What did practical Flipper Zero tests show could and couldn't be done with access cards, e-passports, and credit cards?
Access cards: often readable and emulatable/clonable. E-passport: only limited MRZ-zone data, with fingerprints protected by EAC and everything encrypted. Credit card: only the cleartext card number is readable — not enough to transact (no CVV/dynamic codes).
Flipper Zero practical results:
- Access card: more info can be read than is visible on the card; emulation or cloning is theoretically possible — depending on card type and security level. Modern encrypted cards resist better.
- E-passport: only limited data readable (basic info from the MRZ zone). No access to PIN-protected areas; fingerprints and sensitive biometrics are protected by EAC and all data is encrypted.
- Remote control device: remotes can be recorded and replicated, but this is limited on newer rolling-code systems.
- Credit card: the only thing readable is the card number in cleartext — which is not enough to make a transaction. CVV, dynamic codes, and other security features are missing.
Tip: "Readable" ≠ "exploitable." A Flipper can read a credit card's number, but without the CVV and the dynamic per-transaction codes that number alone can't buy anything — the security isn't in hiding the PAN.
Go deeper:
Flipper Zero (Wikipedia) — what the device can and cannot read/emulate across card types.