6 min read · Aug 21, 2023
Flipper Zero is a fun DIY electronics device that is advertised as a “Multi-Tool for Geeks”.
“Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It’s fully open-source and customizable, so you can extend it in whatever way you like.” — Flipper Zero Official Website
I stumbled upon it via an Instagram ad in early April 2023 and after viewing the advertisem*nt, I ended up on their website. It caught my attention with it tamagotchi-esque look and promising capabilities. Although I was a little suspicious as the project itself was born on Kickstarter in early 2020.
The ads as well as the website claim it to have the following capabilities:
“It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more.”
- Sub-GHZ hacking
This is the operating range for a wide class of wireless devices and access control systems, such as garage door remotes, boom barriers, IoT sensors and remote keyless systems. - Customizable radio platform
CC1101 is a universal transceiver designed for very low-power wireless applications. It supports various types of digital modulations such as 2-FSK, 4-FSK, GFSK and MSK, as well as OOK and flexible ASK shaping. You can perform any digital communication in your applications such as connecting to IoT devices and access control systems. - 125kHz RFID hacking
This type of card is widely used in old access control systems around the world. It’s pretty dumb, stores only an N-byte ID and has no authentication mechanism, allowing it to be read, cloned and emulated by anyone. A 125 kHz antenna is located on the bottom of Flipper — it can read EM-4100 and HID Prox cards, save them to memory to emulate later. You can also emulate cards by entering their IDs manually.
Moreover, Flipper owners can exchange card IDs remotely. - NFC hacking
Flipper Zero has a built-in NFC module (13.56 MHz). Along with the 125kHz module, it turns Flipper into an ultimate RFID device operating in both Low Frequency (LF) and High Frequency (HF) ranges. The NFC module supports all the major standards.
It works pretty much the same as the 125 kHz module, allowing you to interact with NFC-enabled devices — read, write and emulate HF tags. - iButton hacking
Flipper Zero has a built-in 1-Wire connector to read iButton (aka DS1990A, Touch Memory or Dallas key) contact keys. This old technology is still widely used around the world. It uses the 1-Wire protocol that doesn’t have any authentication. Flipper can easily read these keys, store IDs to the memory, write IDs to blank keys and emulate the key itself. - Tools for hardware exploration
Flipper Zero is a versatile tool for hardware exploration, firmware flashing, debugging, and fuzzing. It can be connected to any piece of hardware using GPIO to control it with buttons, run your own code and print debug messages to the LCD display. It can also be used as a regular USB to UART/SPI/I2C/etc adapter. - Infrared transmitter & learning
The infrared transmitter can transmit signals to control electronics such as TVs, air conditioners, stereo systems and more. Flipper has a built-in library of common TV vendor command sequences for power and volume control. This library is constantly updated by Flipper community users uploading new signals to Flipper’s IR Remote database. Flipper Zero also has an IR receiver that can receive signals and save them to the library, so you can store any of your existing remotes to transmit commands later, and upload to the public IR Remote database to share with other Flipper users. - Bluetooth support
Flipper Zero has a built-in Bluetooth Low Energy module. As with other Flipper wireless features, we will be providing an open source library for adding Flipper support to community-made apps.
In conclusion, Flipper Zero promises to hack all common doors and gates and emulate almost any card possible. Now lets talk about what it actually does and how it can be used in day-to-day life.
My Flipper arrived on 23.04.2023 and I was eager to start testing it. For a while I had a hard time believing that it had actually arrived. The semi-illegal selling points, Kickstarter background and almost 3 week delivery with sketchy tracking had me prepared for a potential scam. Nevertheless fortune favours the brave and I has holding my Flipper in my hands.
- It can’t hack all gates…
Surprise surprise, Flipper can’t bruteforce all gates. It’s not a Watch Dogs device for $169. For one because not all gates operate on Sub-GHz frequencies. Second because in first world countries most gates have rolling codes. Even if you stumble upon an older gate, it will take you up to 4 minutes of standing in 50 meter radius from the gate waiting for it to find the right key. But if you know which manufacturer’s gate it is and what frequency it responds to. If you don’t know that, you’ll either have to go investigate or multiply 4 minutes by the number of manufacturers and available frequencies in your Library. And if the gate uses rolling codes, the same key won’t work twice for a while. - It can’t open all doors…
Once again, this is not Watch Dogs. Most videos that display a Flipper opening a door in a public space or a housing complex. It’s either that the public entrance had a default key active, which is extremely rare in first world countries. Or the owner of the device had scanned a corresponding key (which it does well). Most doors have keys that are unavailable to public and if you want to open a door, you’ll need to obtain the keyfob, card or ibutton and scan it. - It can’t emulate debit cards…
Which is good. It’s wild to imagine someone spending $169 and in 3 weeks having a device that can read and emulate debit cards. Nevertheless, it can scan debit and credit cards in 1–2 seconds and obtain some of the card details. Gladly too few to be useful to someone with malicious intent. - It can’t emulate car remotes…
I tried scanning various car keys with it. It can receive, record and somewhat emulate signals from car remotes, but it can’t emulate them in a way that would actually open the doors or the trunk. But it can open Tesla’s charging ports.
After all the sh*t talking, lets talk about what it does well and how I’ve been using Flipper Zero in my day-to-day life since late April 2023.
- Keeping all RFID and NFC keys in one place.
After receiving my Flipper, the first thing I did was scan all my RFID keyfobs, NFC cards and iButton knobs. I was excited to relieve my keychain and wallet from a whole lot of extra bits. It’s very convenient for digital key management. - I keep copies of my gate remotes.
But only the ones that I own or have permissions to have and duplicate. - It’s a good and playful introduction into cyber security, penetration testing and hardware programming.
Personally I enjoyed using Flipper Zero as a medium through which I explored various protocols, how I could better secure my own devices and how voulnerable were my bank cards in my wallet. As Flipper comes with GPIO support, it can work with various DIY modules and interact with a wide list of devices. It’s a fun weekend project to build an ESP32 Marauder and see how easy it is to throttle your own home wifi network.
Flipper Zero — Portable Multi-tool Device for Geeks
Keep Up
Papa Thought
X (Twitter): @Russakas
YouTube: @papathought
Website: https://papathought.com
Agency Website: https://planmarks.com
