My FlexSecure Journey

Reviews
1

I started writing this up a few months ago, but I’ve been away for 2 months of the last 3 Months.
I am just now back to it today, and my FlexSecure is up and running because:

This guide is fucken outstanding.

THANKS HEAPS @GrimEcho and @StarGate01

I couldn’t have SetUp my FlexSecure without you.

BACKGROUND ( Why I chose a FlexSecure to complement my ApexFlex )
I love how easy the Apex is to use, I love the current library of Apps and the ease of install.

My Apex Flex would be my most used Implant, It holds a lot of info that is important to my everyday life.
As such, It only makes sense to have a back-up.

I could have simply grabbed myself another APEX and made a copy, but instead I have decided to go down the path of the FlexSecure and had this “recently” installed.
This gives me an untethered alternative to APEX and without being tied to Fidesmo.

I have no issue with my APEX, VivoKey or Fidesmo but the Flex Secure does not have payment pre-installed, so I now have more memory space to play with and It’s simply an alternative.

I really appreciate that the FlexSecure is an option for us. Thanks Amal

A FlexSecure can be quite intimidating.
It is referred to as an “advanced user” implant!

image
image600×511 74.5 KB

There is a HUGE amount of info in @GrimEcho’s thread
BUT
How do you eat an elephant ?
One bite at a time!
Even a dummy like me can understand this fantastic guide.

I followed my own advice, and got myself a test card before trying to write anything to my FlexSecure.

Here’s why
image
Apparently 3 or 10 wrong attempts = :brick:

I’m not sure if that is a single session, 3(10) in a row, or total over the life of the chip :man_shrugging:

Here is the card I got from AliExpress ( I actually grabbed 2 differet ones, because I didn’t know the difference between “Initialize” and “No Initialize” which they also call “Activated” and “Not Activated”, But now I do, and you don’t have to worry about it )
GET THIS ONE
J3R200 Initialize 1
HERE’S THE LINK
https://www.aliexpress.com/item/1005007620991596.html?spm=a2g0o.order_list.order_list_main.49.93c618022xLrVq

I did put this in the Review section, so here’s a quick one

INTRO

The flexSecure uses a SmartMX3 P71 chip from NXP. It comes with factory default master key set, and with ISD: A000000151000000 (OP_READY) and the card manager applet PKG: A0000001515350 (LOADED) so it’s ready for use with GlobalPlatformPro. Full documentation is available via public repository located at flexsecure-applets/docs at master · DangerousThings/flexsecure-applets · GitHub.

PROs

  • Does what it says on the tin
  • Once it’s set up it is easy to use
  • Flex format reads easily
  • Good alternative / BAck up to an Apex implant
  • Larger storage capacity compared to Apex due to the lack of payment built in
  • Pre-Loaded to work with GlobalPlatformPro
  • Great informative guide to follow HERE
  • Dedicated support thread “however the community forum will have a place for flexSecure discussion.”

CONs

  • Not an easy setup if you don’t know what you are doing ( I didn’t deduct a star because it’s made very clear )
    “The flexSecure is for advanced users. Compiling applets, deploying applets to the flexSecure, and using your flexSecure with various applications all require some amount of mastery over the various domains involved. We do not offer direct support in any of these areas”

SUMMARY
I’m super happy with it, I feel much better to have a BackUp to my security SetUp of my Apex and the overflow Extra functionality when I run out of space on my APEX.
It works just as it should and a great peace of mind

Is it right for you?
Only you will know that! Get yourself a test card, Try it out, learn how to use it, keep that as your back up and keep it somewhere safe, OR (reccommended) get a FlexSecure so it stays with you… forever.

Rating by the community :robot:

PLEASE ONLY VOTE IF YOU HAVE ONE OR HAVE USED ONE

:star: = :poop:

:star::star: = :pleading_face:

:star::star::star: = :neutral_face:

:star::star::star::star: = :grin:

:star::star::star::star::star: = :trophy:

FlexSecure by Dangerous Things
  • 1
  • 2
  • 3
  • 4
  • 5
0 voters

I started this seperate thread so as not to mess up Grim’s thread, SO if you have any questions, ask here, I’m still learning but will help where I can, and if the experts chime in, we can learn together.

or HERE if you prefer

9 Likes
2

Thanks for the review. A FlexSecure will likely be my next implant for the same reasons you mentioned (backup and for extra storage space).

I plan on doing some more testing of P71 chips/applets and updating my guide (hopefully before thanksgiving). That’s great that you found a less expensive P71 test card! I take it that the “J3R200 Initialize 1” is provisioned with the default/test master key (meaning you can run gp.exe commands on it without having to explicitly set any keys)?

Apparently 3 or 10 wrong attempts. I’m not sure if that is a single session, 3(10) in a row, or total over the life of the chip

From my limited testing, the “wrong attempt” counter is reset when a correct key is used. I tried to brick one of the P71 test cards I had by running the list-applets command with the wrong key twice, followed by the same command with the correct key. I repeated that a dozen or so times and was still able to install applets afterwards. However, from the docs/spec sheet for the P70 chip, that behavior can be customized, so it may not be universal for all chips.

Props to Amal and Stargate for selling the FlexSecure and open-sourcing the applets. That goes a long way in my eyes to trusting the longevity and security of the platform.

5 Likes
3

100%

My Apex will remain my Number 1, but super thankful for the FlexSecure option.

If I was reccomending to others, unless they were really well versed in Java, I would suggest to get an Apex first, learn how it works with the ease of install of applets.
I set up all my applets with my Apex, now the FlexSecure is a just a simple “transfer”

After my first command, this is what it came back with

image

4 Likes