I just got mine a couple of days ago. I'm really impressed with how well its built and how polished the software is. It is much more polished than any other similar (useful!) hacking/debugging hobbyist devices I've bought. Its clear a lot of thought and care has gone into it.
PSA: the main benefit of this s the ease of use, due to a lcd display, buttons and software support.
If you're familiar with arduino/esp* programming, you can get the components (eg. esp32, cc1101, nfc reader, and infrared transciever) for a lot cheaper on aliexpress or your local reseller, and all of those things are in stock.
(or in other words, if you're one of those people who buy stuff like this, play with it for 2 minutes and then put it in a drawer, and now you're in the middle of thinking about how you could open your neighbours garage to mess with them... well, you can do it chaper)
Certainly you can spend time reading datashets, ordering components on aliexpress, soldering them together, going back to square 1 every time you burn something, etc.
Alternatively, you can pay a tad more and get everything in a single device with a nice interface.
This device lowers the entry barrier into hardware for software people.
"Usability" of software/hardware is often the biggest barrier for people looking to learn these kinds of skills. I applaud their effort, I would love to see more development and hacking tools take this approach.
You can build most of the things you own yourself. It's just that sometimes it's a) not worth your time, you'd rather skip the initial step and start building around the ready tool b) this thing actually looks and feels much better than you garage kit. Some people do care.
This is like the usual flame war about macbooks vs everything else.
All I see is it remove the motivation barrier and just create waste for the sake of creating waste. Another devices that people buy, tinker with it a few hours then sit in a drawer for years until it will be binned.
More than a nice hacking tool, this is a pollution and waste of resources tool. There is nothing positive about that.
This just make me want to make my own little Arduino device. I bet it would be more fun than buying a thing someone else made that I don't have a real use for.
Other comments mention how this was a Kickstarter that took two years to come to fruition and the supply chain is listed as the culprit. No one else has mentioned that while us backers were waiting, they sent out newsletters that detailed some of the complexities they were dealing with. Getting the case right took several iterations, and when you feel it in your hand you can tell that they took time to get it right.
You're right that one could put most of the functionality together, but not in a package that you're gonna toss in your pocket for EDC.
I have a passing interest in wireless hacking but I have no idea if I have the skillset to make any use of it. How useful is this for someone with zero pen testing and/or wireless experience?
I'm curious to know what it would take to hack my garage door or key fob for my car
Out of the box it supports limited raw rf capture and replay. Your garage door (probably) and your car key fob use rolling codes which change each time the button is pressed. This is not supported, and likely won’t be in the official firmware.
I’ve used mine to make copies of all rf and ir remotes in my home. Fans, tv, bidet, AC, etc.
Slight correction: There are two modes of RF Capture available : "Read RAW" and "Read".
"Read RAW" does exactly what it says on the label: Captures a raw stream, based on the specified frequency and demodulation.
"Read" captures, decodes and attempts to interpret the signal capture. The FlipperZero has a large built in database of brands + models of RF devices, and a database of KeeLoq master keys.
For rolling remotes that are KeeLoq based, with known keys, the Flipper can most definitely decode / decrypt rolling codes, and generate the next in the sequence.
TL;DR: Handles fixed + Rolling codes, via built in database of keys + models.
FWIW I've used mine to duplicate both of our car key fobs (middle 2000's Mazda and middle-2010's Jeep) so it'll probably be very dependent on make/model/age as to whether it uses rolling codes.
i have developed firmware for a few ism band products and basically had to create a few scrappy one off tools for testing and debugging. something like this ready to go is totally killer to have from a rf software standpoint too. but yea, rf is everywhere. key fobs. in your tires for tpms, garage doors, crappy bluetooth products whatever. i could see this being useful in many cases
Let's not fool ourselves into thinking that more than 1% of buyers will use this for anything else than changing channels on TVs displayed at Walmart, and feel like Mr Robot for a few minutes.
I love how movies show hacking devices as super serious futuristic goggles the open 6 different terminals that patch you through sockets on satellites, but the best thing in real life is a dolphin tamagotchi.
Finally a kickstarter i backed that keeps up to the promises. Got mine last week and it does everything that was promised and keeps constantly being improved.
I love my flipper zero; I’ve been using it to investigate NFC doodads.
I participated in the crowdfunding campaign and I must say it was one of the best run campaigns ever; the team was super transparent and took a lot of time communicating all the behind-the-scenes of developing the product; their updates were very interesting. Can’t wait to see what they do next.
Just got mine a few days ago (EU based). Well built, works as promised. But I find that it mostly works for simple things like controlling lights, tv etc. Most interesting targets use proper encryption (mifare classic for example) so I had no luck accessing my company badge. Mifare Desire data cannot be read properly at the moment it seems, but I'm sure that will be fixed. Fun little tool, will probably end up in a drawer soon.
MIFARE Classic support is quite good : the device will search through its (somewhat exhaustive) list of known keys, to attempt to unlock your badge.
If keys aren't found, you can perform a "Reader Attack" - take the nonces from the log during a sniffed authenticated exchange, place them in a MF32Key tool (there are online versions as well) - and this will calculate the key.
The device doesn't have enough computational power to crack on board (for that you need a Proxmark / iCopy-X) - but the team has roadmapped a tethered mode for performing these cracks.
I've been reading my bank cards with the 'unleashed' firmware, not tried a replay yet and it lists Mifare DESFire in the special read actions (not tried, not hw to test)
How do you get the details of the remotes you're replacing with it? Scanning through frequencies? Don't they have "secrets" for the actual ACK that lets your in and garage doors rotate through codes do they not? Just curious.
This front page seems to include a lot of info - it had a ‘Sub-1 GHz Transceiver’, then it has ‘125kHz RFID’:
> Low-frequency proximity cardsThis type of card is widely used in old access control systems around the world. It's pretty dumb, stores only an N-byte ID and has no authentication mechanism, allowing it to be read, cloned and emulated by anyone. A 125 kHz antenna is located on the bottom of Flipper — it can read EM-4100 and HID Prox cards, save them to memory to emulate later.
And
> Flipper Zero has a built-in NFC module (13.56 MHz). Along with the 125kHz module, it turns Flipper into an ultimate RFID device operating in both Low Frequency (LF) and High Frequency (HF) ranges. The NFC module supports all the major standards, such as NXP Mifare.
Readit News
What is also amazing is the community, there are already custom firmware, extension and guides
You can find a list here: https://github.com/djsime1/awesome-flipperzero
If you're familiar with arduino/esp* programming, you can get the components (eg. esp32, cc1101, nfc reader, and infrared transciever) for a lot cheaper on aliexpress or your local reseller, and all of those things are in stock.
(or in other words, if you're one of those people who buy stuff like this, play with it for 2 minutes and then put it in a drawer, and now you're in the middle of thinking about how you could open your neighbours garage to mess with them... well, you can do it chaper)
This device lowers the entry barrier into hardware for software people.
We need MORE flipper zero type projects!
This is like the usual flame war about macbooks vs everything else.
https://create.arduino.cc/projecthub/mike-murray2/homemade-t...
If you want to open garage doors, you just need a cc1101 and an esp8266
https://github.com/gusgorman402/RFmoggy
If you want to clone rfid cards, you need one of the cheap readers, an empty card an an arduino
https://github.com/miguelbalboa/rfid/blob/master/examples/RF...
Yes, it's ugly, but it's cheap.
More than a nice hacking tool, this is a pollution and waste of resources tool. There is nothing positive about that.
https://xkcd.com/2648/
"It's hard to believe, but lots of kids today ONLY know how to buy prepackaged molecules."
You're right that one could put most of the functionality together, but not in a package that you're gonna toss in your pocket for EDC.
I'm curious to know what it would take to hack my garage door or key fob for my car
"Read RAW" does exactly what it says on the label: Captures a raw stream, based on the specified frequency and demodulation.
"Read" captures, decodes and attempts to interpret the signal capture. The FlipperZero has a large built in database of brands + models of RF devices, and a database of KeeLoq master keys.
For rolling remotes that are KeeLoq based, with known keys, the Flipper can most definitely decode / decrypt rolling codes, and generate the next in the sequence.
TL;DR: Handles fixed + Rolling codes, via built in database of keys + models.
> The prototype of our character is the cyborg dolphin Jones from the story "Johnny Mnemonic" by William Gibson.
I participated in the crowdfunding campaign and I must say it was one of the best run campaigns ever; the team was super transparent and took a lot of time communicating all the behind-the-scenes of developing the product; their updates were very interesting. Can’t wait to see what they do next.
If keys aren't found, you can perform a "Reader Attack" - take the nonces from the log during a sniffed authenticated exchange, place them in a MF32Key tool (there are online versions as well) - and this will calculate the key.
The device doesn't have enough computational power to crack on board (for that you need a Proxmark / iCopy-X) - but the team has roadmapped a tethered mode for performing these cracks.
It's also available on F-Droid: https://f-droid.org/en/packages/at.zweng.bankomatinfos2/
https://en.wikipedia.org/wiki/MIFARE#MIFARE_Classic
My front gate, my parents front gate, and any other front gate (check your local laws before doing this).
Controlling a lamp I have (works with any device I've tried that uses 433mhz)
Backup remote for my TV (the Flipper infrared UI is kinda clunky but it works)
Backing copies of NFC cards
And most importantly, you can use it to turn the pages during a PowerPoint presentation
Ah, so it's a business expense!
haven't explored anything else
> Low-frequency proximity cardsThis type of card is widely used in old access control systems around the world. It's pretty dumb, stores only an N-byte ID and has no authentication mechanism, allowing it to be read, cloned and emulated by anyone. A 125 kHz antenna is located on the bottom of Flipper — it can read EM-4100 and HID Prox cards, save them to memory to emulate later.
And
> Flipper Zero has a built-in NFC module (13.56 MHz). Along with the 125kHz module, it turns Flipper into an ultimate RFID device operating in both Low Frequency (LF) and High Frequency (HF) ranges. The NFC module supports all the major standards, such as NXP Mifare.