[HN Gopher] Flipper Zero: Multi-Tool Device for Geeks
___________________________________________________________________
Flipper Zero: Multi-Tool Device for Geeks
Author : thatxliner
Score : 623 points
Date : 2024-01-21 23:27 UTC (23 hours ago)
(HTM) web link (flipperzero.one)
(TXT) w3m dump (flipperzero.one)
| roughly wrote:
| I've had one of these guys sitting around for a while - love the
| hardware, love the concept, but I haven't really found a lot of
| use for it - what are y'all using them for?
| AndrewKemendo wrote:
| Yeah I'm in the same boat.
|
| Had it a few years and the whole Tesla port trick gets old
| quickly.
| twosdai wrote:
| Just a party gag so far with some friends. Like if I'm at a
| friend's house and they're using their phone I'll Bluetooth
| spam them to lock up their phone for a second to mess with
| them.
| rubatuga wrote:
| Some people are using them to break smart meters:
|
| https://news.ycombinator.com/item?id=36253591
| gleenn wrote:
| My friend found out the school he sysadmins for was using weak
| rfid card keys (despite the readers being smart enough to
| handle higher level encryption) and found he could clone his
| key and get in places. So basically he pen tested and then they
| decided to upgrade to the less or non-cloneable card keys.
| Security for the win.
| Vegenoid wrote:
| Before anyone tries this, doing this without first checking
| with security/facilities would likely be grounds for
| "disciplinary action, up to and including termination"
| spacebacon wrote:
| Termination is a favor if security is that lax.
| BizarreByte wrote:
| > Termination is a favor
|
| Losing your job is never a favour. Would you prefer
| termination if any issue was found with your work place?
| spacebacon wrote:
| Losing your job may not seem like a favor at first, it
| depends on how high you bounce after the fact. Being self
| employed for 20 years after being laid off was the best
| favor anyone ever did for me. I would have never taken
| that initial risk without being pushed into it. Now risk
| is comfortable.
| WantonQuantum wrote:
| I don't know why you're getting downvoted for this. It's
| 100% correct advice. The person you're replying to is a
| sysadmin so they are probably okay in this situation but
| cloning access cards without permission would be a serious
| breach no matter how well intentioned or how easy.
| spacebacon wrote:
| I countered the statement and also getting down voted.
| The key is to train your brain to like down votes just as
| much as up votes. When the number is just a number not
| attached to dopamine then you are free.
| faeriechangling wrote:
| This just makes you disappointed if you don't get
| negative or positive attention.
| spacebacon wrote:
| I never thought about that. Good point.
| catchnear4321 wrote:
| there are people that read without voting.
|
| you could be getting attention of all kinds and not even
| know it.
| spacebacon wrote:
| Another good point.
| bookofjoe wrote:
| I bet an equal number vote without reading.
| spacebacon wrote:
| That's an interesting thought. 0 is a good number. Being
| satisfied with 0 can be conditioned as well.
| mattlondon wrote:
| The votes are not there for your benefit - they're there
| to make good/useful/valuable comments rise to the top,
| and bad/low-value/spam ones fall to the bottom.
| spacebacon wrote:
| I agree with the second part of your statement. There is
| a real brain chemical benefit to the votes though.
| a2800276 wrote:
| Nontheless the point about learning to accept downvotes
| is valid because "why was I downvoted?"-crybaby posts are
| annoying, useless and tend to also get downvoted.
|
| Just as this meta-voting-post of mine should :)
| oneshtein wrote:
| ... bad/low-value/spam/contradictory/unpopular
| opinion/dissidents/opposition/etc.
|
| My comments got more than 200 downvotes and ban in
| discussion about physics about decade ago, but I nailed
| the problem. Also, I receive downvotes from Russian
| imperialists at constant rate just talking about history
| of Russia and Ukraine, because real history of Russian
| Federation/Russian Empire is well guarded secret in
| Russia.
| spacebacon wrote:
| Probably bots
|
| If coercion was going to ever rule the world someone
| would have accomplished it fully already as many have
| tried. Yet here we are still free to say nearly whatever
| the fuck we want in the free world thankfully.
| leoh wrote:
| Because that's, like, just your opinion man. Rules are
| made up.
| omnimus wrote:
| Hes getting downwoted because this site is called hacker
| news. Dont be such a corpo chicken. I am pretty sure
| people are aware of legality of similar actions and dont
| need this mentoring.
| wmidwestranger wrote:
| If only issuing clone-able key cards were the infraction
| instead...
| heavyset_go wrote:
| Unfortunately, it sounds potentially criminal, as well.
| infinitedata wrote:
| You can achieve this exact same use case with a $15 RFID
| reader/writer, supporting higher frequencies and encryption.
| rekoil wrote:
| Quite often the keycards have sequential IDs which means you
| can increase or decrease the number a few times and find a
| colleagues card with higher or lower privileges than you.
| boopmaster wrote:
| I'm also in this place. I have the wifi card as well and I've
| not taken to writing any hobbyist software for mine.
|
| I had perhaps foolishly hoped to at least get a fun universal
| remote out of it, and it's somewhat possible yet the software
| just isn't there to bring a robust family of device RF and
| Bluetooth commands together. It's no harmony remote.
| DigiDigiorno wrote:
| Spoofing amiibos on TOTK
| guiambros wrote:
| Same! Pretty handy to have all amiibos in a single place, and
| quickly iterate through them.
| dawnerd wrote:
| You can likely use your phone. There's some apps designed
| for it specifically.
| rjh29 wrote:
| IIRC phones need to be rooted to pretend to be an NFC
| card, although they can write to blank ones. I've done
| this before. The Flipper Zero is a lot more convenient
| though.
| dawnerd wrote:
| Ah yeah you're right. What I've seen actually only lets
| you write to tags that can then be used.
| conradev wrote:
| It's my backup key for my garage and my office door. I also use
| the universal remote to change TVs in public spaces
| occasionally. It's a chunker, so it's not a pocket carry, but I
| keep it in my backpack.
|
| I recently discovered this, which I want to try:
| https://electroniccats.com/store/flipper-add-on-magspoof/
| 29athrowaway wrote:
| What kind of garage opener do you have? I thought the Flipper
| zero won't provide that functionality unless you flash the
| firmware.
| HanClinto wrote:
| Not terribly difficult to flash the firmware.
| 29athrowaway wrote:
| But now you have to trust some random person from GitHub.
| speedgoose wrote:
| Almost all software supply chains rely on random persons
| at some point.
| Eji1700 wrote:
| The part I don't get is even if you flash the firmware,
| does that mean you can make sure it doesn't make all other
| remotes fail? My understanding of the whole rolling code
| system was that you could get a few uses and then you were
| screwed.
|
| If that's not the case I really need to do this because
| having it handle my tv's, ceiling fans, and garage door
| would be a nice trick.
| ec109685 wrote:
| If you have control of the opener, couldn't you use the
| door's learning mode and make it into a real opener?
| Eji1700 wrote:
| I thought so at first by my initial reading left me
| somewhat confused on if there's a private key that only
| certain remotes have or something like that?
| abcd_f wrote:
| It's less of a private key and more a random per-remote
| prng seed that gets set both on the remote and the door
| controller when they are paired. When you press the
| button, remote increments its sequence number and send
| this number, its ID and a hash of all that and the seed
| to the controller. Controller checks the hash, then
| checks that seq number is more than last seen for this
| remote and opens the door. This protects against replay
| attacks and fairly uncomplicated to implement.
| tkems wrote:
| This sounds a lot like the KeeLoq algorithm [0] (minus
| the hashing part). From my research into the rolling code
| space, I think most remotes don't quite have the
| CPU/featureset to support a real, secure crypto system
| with things like SHA, AES, and RSA/ECC. Would love to see
| one though!
|
| [0] https://en.wikipedia.org/wiki/KeeLoq
| tkems wrote:
| For Chamberlain brands [0] there is some research that
| shows that their rolling code system (Security+ and
| Security+ 2.0) is quite easy to decode/decrypt [1]. This
| feature is supported in the flipper firmware, but is
| restricted (you can't create a custom remote, only clone
| is supported) without custom firmware. However, I'm sure
| you could decode a raw capture file if needed in a pinch.
|
| [0] https://chamberlaingroup.com/our-brands
|
| [1] https://github.com/argilo/secplus
| lisnake wrote:
| Many rolling door openers don't use rolling code. Never
| heard of tvs or ceiling fans using rolling code either
| Eji1700 wrote:
| For the record the point was it already handled the fans
| and tvs fine, but having it store garage codes as well
| would make it that much more useful
| filoleg wrote:
| Not the person you are replying to, but I use my flipper
| for the exact same purpose.
|
| Not sure which specific garage opener my apartment building
| has. But the fob controller the leasing office gave out is
| way too weak, so i have to sometimes press it many many
| times and wiggle it in multiple ways until it triggers the
| garage door. With flipper, it works on the first try.
|
| A funny anecdote: after using my flipper for about a year,
| I encountered another flipper user in my apartment elevator
| (the elevator requires a keyfob to go to any floor except
| the ground floor). I talked to him for a bit. Turns out, he
| manages a bunch of boat storage units here (in Seattle)
| that all use different keyfobs. So for him, it is just pure
| convenience to carry a single flipper device as opposed to
| always having a lot of different physical keyfobs on him,
| and then shuffling through them in his bag to get the right
| one.
| arthurcolle wrote:
| I cloned my apartment key-fob
|
| The WeWork key-fob uses rolling codes so couldn't use it for
| that...
| tpetr wrote:
| Which WeWork do you belong to? Boston's are all low-frequency
| rfid
| arthurcolle wrote:
| This is one in SF. I can clone the card, and it'll work,
| but then within a few days it won't work any longer.
| ThePowerOfFuet wrote:
| Does the original keep working?
| arthurcolle wrote:
| Yes
| EricBetts wrote:
| Do you recall any of the details? "Rolling code" is not a
| term often associated with RFID/NFC. The Portland Custom
| House WeWork used HID Prox.
| hnav wrote:
| Basically the reader writes data back to the fob and
| expects to see it the next time it reads it. This results
| in either the original or the copy getting de-synced.
|
| One interesting capability that this unlocks is that
| battery powered, offline readers (think apartment door that
| uses the same fob as the lobby) can write out things like
| battery state so that apartment maintenance knows when it's
| time to swap out batteries.
| robbiet480 wrote:
| Just used it + the MCT app on Android to clone my apartment key
| fob (Schlage 9691T) to a Dangerous Things Magic Ring
| https://dangerousthings.com/product/magic-ring/
| margalabargala wrote:
| I use it as an easy voltage tester for various hardware
| projects. I wrote an app that can do GPIO input (the built in
| only does output) so I can check which parts of a given circuit
| I'm building are high or low at a given time. Basically like a
| parallel multimeter.
| Lwrless wrote:
| Cloned a 125KHz RFID keycard on my Flipper as a backup, my
| Android phone is able to clone 13.56MHz MIFAREs, but not these
| 125KHz ones.
| gregshap wrote:
| Nice try FBI agent
| sidmitra wrote:
| My building charges USD 40+ to replace the white rfid cards if
| you lose it and something similar for the remote control for
| the parking gate. So i just cloned all my cards and remotes and
| keep them as backup, just in case.
| Havoc wrote:
| That's what keeps me hesitant. Can't figure out what I'd do
| with it once unboxed
| sneak wrote:
| I use the IR universal remote function to turn off distracting
| TVs in bars and restaurants.
| bookofjoe wrote:
| I had a TV-B-Gone [https://en.wikipedia.org/wiki/TV-B-Gone]
| back when they came out in 2004: good fun.
|
| They cost $15 and were hugely controversial.
|
| >Digging Deeper::TV-B-Gone Device Shuts Public TVs Down
|
| https://mediashift.org/2006/04/digging-deepertv-b-gone-
| devic...
| sureglymop wrote:
| So you just take the liberty to turn off someone elses
| devices in someone elses establishment? That's...
| questionable.
| sneak wrote:
| So is forcing me to watch ads. TVs everywhere in public
| spaces in America is a cancer and I'll happily turn them
| off or unplug them whenever and wherever I see them.
|
| This isn't a thing in other countries, it's part of
| American culture.
| sureglymop wrote:
| I have a hard time telling whether you are being
| sarcastic here.
|
| It's one thing to block ads when they have been loaded
| into your web browser that is in your room (completely
| morally and ethically fine). It's a completely different
| thing to go into someone elses space and start making
| decisions about what is or isn't running on a tv there.
|
| I like ads as little as you so what I can do is just
| boycott that restaurant or bar entirely or ask the staff
| to turn it off. I think it's part of being a well
| adjusted adult to know what you want or don't want and go
| about it in a reasonable way (such as asking staff). It's
| immature though to just do that forcibly.
|
| It is however not my duty to teach you that, so let's
| leave it at that.
| sneak wrote:
| Not being sarcastic (but am indeed questioning if you
| "like ads as little as [me]").
|
| Turning off a TV is also morally and ethically fine. I
| don't see the big deal. Nothing is happening "forcibly",
| I'm just sending out some IR. Nobody's hurt or damaged.
| chrisdhal wrote:
| Part of eating a bar (or similar) is to have a sporting
| event on TV so you can watch it while being out. I would
| be upset if someone was turning those off in that type of
| place. If you don't like it, don't go there.
| stbtrax wrote:
| Why would you go in to a restaurant that has TVs if you
| don't want that? This is borderline sociopathic behavior.
| You sound like the religious police of Iran imposing your
| view of what culture is. You should assimilate instead of
| trying to impose your draconian views on others
| willis936 wrote:
| Well I found that my apartment NFC key is hardened against
| dictionary attacks and I'm not able to copy it. It also helped
| me learn that my parents' garage door is pretty secure. I'm
| able to have the opener learn my flipper like any other remote,
| but not crack it. This is even with the unleashed firmware that
| doesn't mind violating FCC regulations (some of the frequencies
| it hops to are restricted).
|
| I was able to copy my work NFC badge, but I'm not really
| interested in trying it out.
|
| It's handy as a pocket spectrum sniffer, but I don't have much
| day-to-day use for it outside of that. I'm glad it was given to
| me because I learned a lot. Potential future use for me might
| be an amiibo emulator, but I've grown out of those sorts of
| things.
| AndrewKemendo wrote:
| All garage doors have rolling keys which are non trivial to
| deal with unless you have pro stuff.
| dawnerd wrote:
| Besides easy to open garage doors with a metal shim to pop
| the emergency latch. Happened to me once before just zip
| tying the latch.
| willis936 wrote:
| You can sync up on rolling codes with the flipper without
| too much effort. When there are a few private keys involved
| it gets more difficult.
| epcoa wrote:
| More like most garage doors sold in the last 20 years have
| a rolling code system, a few of which are non trivial to
| deal with.
|
| This is already Western centric, but even here there are a
| ton of older static and fixed frequency systems still
| chugging along.
|
| Of these rolling code systems most are not difficult to
| crack, especially those more than a decade old (and which
| are still sold today)
| tzs wrote:
| Speaking of garage door rolling codes I've noticed there is
| some sort of slack in the synchronization, probably so that
| if you press the remote button a few times while out of
| range your remote still opens the door. My guess is that
| the receiver looks not only for next code after the last
| one used, but also for several codes after that.
|
| Question: how many times would you have to press the button
| on the remote for it to get so far ahead of what the
| receiver looks for that the remote no longer works without
| reprogramming the receiver?
| ec109685 wrote:
| There's a great answer here that describes a rolling code
| attack and above it, an answer describing that they have
| slack regarding where they are in the code sequence.
|
| https://crypto.stackexchange.com/a/47440
| spike021 wrote:
| My apartment uses Latch deadlocks. From what I've read the
| model _should_ support an NFC key, which of course we don't
| get. I'd love to figure out if I could do it myself. Ideally
| I'd be able to use my iPhone that way automatically though
| (the app on iOS apparently can't due to Apple rules but I'm
| not an expert). When my hands are full with groceries or
| whatever it can be a chore to pull out my phone, dig for the
| app, and get it to unlock the door.
| peblos wrote:
| Extra ceiling fan remote was my favourite use.
|
| Couldn't find a ceiling fan remote one time ( I have 3 with the
| exact same remote ) and used it to manage fan speeds
|
| Still doesn't justify the cost but I guess it's like my
| leatherman. Hardly use it but handy when I do.
|
| I actually bought it when seeing the pwnagotchi comparison and
| expected functionality from the wifi/marauder dev boards to be
| included. Meaning I got my flipper in the first batch for my
| country but couldn't get a dev board even months later
| rzazueta wrote:
| I bought it in the hopes of causing mostly harmless mischief,
| but its capabilities in that realm are oversold.
|
| That said, I knew very little about UART communication or SPI
| until I started playing with this and an ESP32 device. I also
| knew very little about bluetooth, RF, and RFID/NFR type stuff
| until I started exploring the world with this. It's been a fun
| journey that's rapidly advanced my understanding of quite a few
| things.
|
| Others have said its overpriced or that you can build your own
| or whatever, but it's actually just the right price for a cool
| little educational tool that also works beyond the educational
| stage. It may even inspire me to build my own advanced version
| at some point.
|
| If you're already a hardware hacker or EE, this is probably not
| much more than a toy for you. If you've always wanted to
| explore some of these topics but had no idea how to start, the
| Flipper is a good introduction. I immediately flashed it with
| custom firmware and it was easier than flashing my BIOS.
| sli wrote:
| A bit different than the other replies, but I'm using mine like
| a very extensible input/output device for my own hardware
| projects and as a general STM board for fiddling with embedded
| on an STM chip (I usually stick to RP2040s and ESPs). I'm
| really interested in making expansion boards for the Flipper,
| especially ones built on the RP2040. Just sounds like a ton of
| fun.
| spookie wrote:
| Cloning my NFC cards, being my garage opener (I wasn't given a
| key and couldn't be bothered getting one... and yes, it's my
| garage), testing equipment using the GPIO pins and what not.
| Last one is really handy tbh
|
| Edit: oh! I used it today to snap pictures with my phone every
| second for photogrammetry work, that was neat! Wish I had
| gotten better point clouds out of Gaussian splatting though
| brobinson wrote:
| Mine is just a cool-looking paperweight now.
| ekianjo wrote:
| how much paper can it hold down?
| thot_experiment wrote:
| I would 100% spend an unreasonable amount of time looking
| at a website that did wind tunnel testing on paperweights.
| xyst wrote:
| Scanned a pet microchip lol. I had planned to build out my own
| kit but not enough time
| peblos wrote:
| Interesting! What kind of animal? Everything I had read
| suggested it wasn't strong enough to read these and I
| couldn't read my small dog's chip
| jjav wrote:
| I've succesfully read a few pet microchips with it.
|
| Of course, it wasn't useful to do, but hey it worked!
| fullspectrumdev wrote:
| I've had no problems reading chips from a few cats, but you
| do have to scan around a bit because often the chip has
| moved a bit from where you expect it to be
| selecsosi wrote:
| A specific but satisfying use case, my apt building was being
| stingy* with handing out RFID tokens so I used it to copy and
| program a cheap RFID token for lending to a trusted visitor.
|
| * Stingy => security protocols that I agree with in sentiment
| but unfortunately I need to let my pet sitter in and it's nice
| to allow them to keep the keys as I travel frequently and key
| exchanges are less than optimal for my spouse and I
| INTPenis wrote:
| I gave two of them away at a hacker con last year. During the
| event it was used to open up the charging lid of a Tesla and to
| remote control a fog machine.
|
| I'm not competent of interested enough to make full use of them
| but I get the impression that they still have a lot of use in a
| large part of the world where simple RF is used to open gates
| and garages.
|
| And of course you can copy and store RFID but you still have to
| get your hands on the tags. And that's where it falls down in
| certain more developed countries because they've mostly moved
| to RFID.
| la_fayette wrote:
| You can emulate any tonie figurine for the toniebox.
| rjh29 wrote:
| I used it a lot at first and it taught me about NFC, IR, etc. I
| made a few remote controls on it, which is convenient to e.g.
| turn a fan on at night due to its backlight. I also clone
| Amiibos for Switch games. And make copies of hotel room keys
| and RFID tokens for backup purposes although some keys can't be
| cloned. You can monitor all kinds of wireless signals like
| garage doors getting fired off around you, which is fun. I know
| some people use the USB feature to somehow install Windows
| automatically when they have a bunch of laptops to set up.
| kristopolous wrote:
| I really resent the marketing of this product. It's as if they
| invented the cheap RF chips they're using and are the exclusive
| distributors of it.
|
| It's rubbed me as thoroughly dishonest and fraudulent.
|
| I know this is currently a minority position, that's why I took
| the time to state it.
| ok_dad wrote:
| They made a product that's really easy to use out of a bunch
| off of the shelf components. What's fraudulent about that? I
| haven't seen them claim any features that the device doesn't
| have. They literally have the chip product numbers they use for
| each module on their home page! They're not hiding it!
| fortran77 wrote:
| Really? I like mine. Learned a lot about RFID and was able to
| successfully copy and clone some hotel prox card. Sure, they
| didn't "invent" the chips inside, but they put the hardware and
| software in a nice package, included software, and grew a nice
| community of hackers around it.
|
| Because of the popularity of the device, there are third
| parties, some less reputable than others, trying to ride their
| coattails. Perhaps that's what you're reacting to?
| brendoelfrendo wrote:
| I was able to clone my apartment fob using a tool I got for
| $30 on Amazon, and it even came with extra blank fobs and
| cards to clone to. Flipper Zero can more than just clone RFID
| keys, but my point is that the tools exist to do all the
| things it does and do them cheaper, and they're just as easy
| to use.
|
| If you really need a tool that can do them all, though, I
| can't really argue with the utility; but I do kind of agree
| with the GP comment that Flipper didn't exactly do anything
| that hasn't been done before.
| wffurr wrote:
| Other than create the marketing buzz and pull together a
| community of hackers to make the on ramp to this type of
| programming easier.
| kristopolous wrote:
| And that's really it. It's purely a marketing play. I
| guess my other frustration is when I see people who I
| thought were pretty clever not realize that
| dinkleberg wrote:
| No offense, but that is a pretty one-dimensional view of
| products and businesses. So many great products are
| _just_ an exciting and /or user-friendly version of a
| simple concept and well marketed which opens up the doors
| to a much larger audience than the original concept
| otherwise would've received.
|
| This approach isn't a cheap cop out, it is serving a
| genuine utility and bridging the technology to more
| people.
| kristopolous wrote:
| I get it at this sophisticated level as well. I'm
| surprised by how many don't
| hobs wrote:
| >Flipper was inspired by the pwnagotchi project, but unlike
| other DIY boards, Flipper is designed with the convenience of
| everyday usage in mind
|
| Front page, nothing about their copy or their website says what
| you think it says.
| kristopolous wrote:
| You know they've released a lot more than a landing page,
| right? They were initially a kickstarter:
| https://www.kickstarter.com/projects/flipper-
| devices/flipper...
|
| They created a fast-food substitution product and have been
| trying to pass it off as the real thing. It's a hardware
| script kiddie device and that's exactly how their videos
| depict it.
|
| I was always turned off by their approach since first seeing
| it in 2019. I've played with the device, get their facebook
| ads all the time, tried to change my mind about it but 5
| years later I keep coming back to the same animosity towards
| it.
|
| These are all easy to teach things and this thing shrouds
| that fact through product alienation intentionally distancing
| the user from any real hacker education and replacing it with
| animations and theatrics.
|
| I'm cool being dismissed as a crank. They're obviously
| successful millionaires and I'm not.
| tommit wrote:
| It sounds more like gatekeeping to me rather than being
| cranky. Not saying you are actively doing so, but I'm not
| sure RFID and the likes are "easy to teach things". Quite
| the contrary, actually. So if this motivates some teens to
| go out possibly discover an affinity for hacking, it has
| done its job. That's my thought of this product anyway.
| IshKebab wrote:
| I think you're just feeling that you knew about something
| "before it was cool", and now anyone can do it so you aren't
| special anymore.
| dfc wrote:
| I have seen a lot of hardware addon boards lately. They are
| rarely, if ever in stock. Are there any good ones?
| system2 wrote:
| Hard to justify the cost. I see the ads everywhere for this
| device. If you have this product please review it for everyone.
| Duanemclemore wrote:
| Oh man. If my friends and I had this in high school things
| probably would have gotten even more out of control.
| mtreis86 wrote:
| Yeah we found a remote control cloning app for a palm pilot
| that had IR and caused enough trouble randomly turning tvs on
| with that.
| LZ2DMV wrote:
| Apart from access control systems, it hardly has any good uses in
| the real world as a pen-testing device. If it was a pocket carry,
| true SDR, capable of recording RF signals as I/Q, performing
| actions on them, replaying them, etc, it would have justified its
| cost. But, with a limited set of modulations supported by the
| used RF chips, it is more like a toy for hacker wanna-be
| teenagers than a serious tool.
|
| An investment in something like HackRF+PortaPack clone is far
| better, IMHO.
| tkems wrote:
| Totally agree that this isn't a good full pentesting device,
| but I also think that such a device doesn't need to be in order
| to be popular. Just look at the IM-ME when Samy Kamkar showed
| it off [0] and it sold out.
|
| Most people don't need a full SDR like a HackRF in order to
| explore their RF devices and a Flipper gives that too them
| without the headache of software and the bulk of a full
| PortaPack.
|
| (I love my HackRF and PortaPack for the record. The Flipper
| can't complete with the features and low-level access when you
| need it)
|
| [0] https://hackaday.com/2015/06/08/hacking-the-im-me-to-open-
| ga...
| dang wrote:
| Related. Others?
|
| _Apple Shuts Down Flipper Zero 's Ability to Shut Down iPhones_
| - https://news.ycombinator.com/item?id=38656607 - Dec 2023 (26
| comments)
|
| _Tiny device is sending updated iPhones into a never-ending DoS
| loop_ - https://news.ycombinator.com/item?id=38125426 - Nov 2023
| (108 comments)
|
| _Probably Buy a Flipper Zero Before It 's Too Late_ -
| https://news.ycombinator.com/item?id=38025786 - Oct 2023 (27
| comments)
|
| _Flipper Zero can be used to crash iPhones running iOS 17_ -
| https://news.ycombinator.com/item?id=37919396 - Oct 2023 (33
| comments)
|
| _UK airport confiscates passenger 's Flipper Zero_ -
| https://news.ycombinator.com/item?id=37707486 - Sept 2023 (44
| comments)
|
| _Flipper-Xtreme-Firmware: Give your Flipper Zero the power it is
| craving_ - https://news.ycombinator.com/item?id=37519277 - Sept
| 2023 (4 comments)
|
| _Flipper Zero can spam nearby iPhones with Bluetooth pop-ups_ -
| https://news.ycombinator.com/item?id=37397481 - Sept 2023 (44
| comments)
|
| _Flipper Zero Controlling Traffic Lights [video]_ -
| https://news.ycombinator.com/item?id=36756787 - July 2023 (3
| comments)
|
| _Flipper Zero Self Destructs an Electricity Smart Meter_ -
| https://news.ycombinator.com/item?id=36253591 - June 2023 (210
| comments)
|
| _FlipperZero: 1 Month Battery Life with Firmware Update_ -
| https://news.ycombinator.com/item?id=35735415 - April 2023 (82
| comments)
|
| _Flipper Zero banned by Amazon for being a 'card skimming
| device'_ - https://news.ycombinator.com/item?id=35481580 - April
| 2023 (133 comments)
|
| _Brazil seizing Flipper Zero shipments to prevent use in crime_
| - https://news.ycombinator.com/item?id=35109931 - March 2023 (67
| comments)
|
| _Hacker Uncovers How to Turn Traffic Lights Green with Flipper
| Zero_ - https://news.ycombinator.com/item?id=34872104 - Feb 2023
| (4 comments)
|
| _Trying Out Flipper Zero_ -
| https://news.ycombinator.com/item?id=34215390 - Jan 2023 (99
| comments)
|
| _Hands on with Flipper Zero, the Hacker Tool Blowing Up on
| TikTok_ - https://news.ycombinator.com/item?id=34102109 - Dec
| 2022 (2 comments)
|
| _FlipperZero hardware hacker released for US sales_ -
| https://news.ycombinator.com/item?id=33720764 - Nov 2022 (7
| comments)
|
| _Bad news: US Customs have seized a container with 15k Flippers
| Zero_ - https://news.ycombinator.com/item?id=33073141 - Oct 2022
| (13 comments)
|
| _PayPal blocked Flipper Zero account with $1.3M_ -
| https://news.ycombinator.com/item?id=32739950 - Sept 2022 (105
| comments)
|
| _Flipper Zero - Portable Multi-Tool Device for Geeks_ -
| https://news.ycombinator.com/item?id=32166058 - July 2022 (263
| comments)
|
| _Quick Start Guide for Flipper Zero_ -
| https://news.ycombinator.com/item?id=31368209 - May 2022 (137
| comments)
|
| _Flipper Zero: How it's made and tested_ -
| https://news.ycombinator.com/item?id=27704883 - July 2021 (34
| comments)
|
| _Flipper Zero: Bringing Cases to Perfection_ -
| https://news.ycombinator.com/item?id=27479684 - June 2021 (6
| comments)
|
| _Case manufacturing behind the scenes_ -
| https://news.ycombinator.com/item?id=27155584 - May 2021 (1
| comment)
|
| _Flipper Zero: Tamagochi for Hackers_ -
| https://news.ycombinator.com/item?id=26405919 - March 2021 (48
| comments)
|
| _Flipper Zero Manufacturing and Shipping Plan_ -
| https://news.ycombinator.com/item?id=25870255 - Jan 2021 (14
| comments)
|
| _Flipper Zero - Tamagochi for Hackers_ -
| https://news.ycombinator.com/item?id=23996733 - July 2020 (53
| comments)
|
| _Show HN: Flipper Zero - Tamagotchi for Hackers_ -
| https://news.ycombinator.com/item?id=22941733 - April 2020 (10
| comments)
|
| _Tamagotchi for Hackers_ -
| https://news.ycombinator.com/item?id=22859083 - April 2020 (1
| comment)
|
| _Flipper Zero: Under Development Multi-Tool Device for Pen-
| Testers_ - https://news.ycombinator.com/item?id=21842830 - Dec
| 2019 (1 comment)
| ChuckMcM wrote:
| This is a super fun gizmo, it's discord channel is, uh, not
| great.
|
| One cool thing is that you can talk to it serially. I pretty
| quickly had it organized with an IoT temperature sensor so that
| it could send commands to my ceiling fan given the temperature in
| my office.
|
| I have also used it to capture the NFC code on a hotel card key
| so that I could still get into my room even after my key was
| inevitably "damaged" by nearness to other fields.
|
| Some parts of it are silly, like the Tomagachi type game with the
| dolphin. Doesn't add value for me, but I can see how it might be
| something for someone.
|
| There is also growing awareness with agencies about its
| flexibility, some apocryphal stories of them being confiscated by
| TSA checkpoints have come in.
|
| Writing your own apps for them has a fairly high learning curve.
| m0llusk wrote:
| The dolphin annoyed me immediately, but it turns out that all
| of the graphic assets are simple to find in the firmware so it
| should be quite easy to change the look and feel of operation
| into something other than fun time with dolphin friend.
| justsid wrote:
| The Discord server is terrible. It's both overrun with kids and
| yet also weirdly harshly moderated.
|
| The device itself is fantastic though. Gives me some real
| Pebble vibes in all of the best ways. It's very hackable and
| even though I don't do crazy pentest things with it, it's just
| an overall fun device.
| MOARDONGZPLZ wrote:
| The reddit is the same way. All the threads are new people
| asking how to use it to "have fun" by "hacking" vending
| machines and stuff, or for help convincing their parents to
| let them get one, or whether it's worth their allowance to
| get.
|
| I do have one, I think it's a fun thing to have in my bag,
| but haven't had any luck finding forums of responsible
| adults, or even just adults, discussing development or things
| to do with it. Even the "adults" who post about it inevitably
| do something like get fired because they take it to work and
| try to clone their own badges and the enter their work with
| the flipper.
|
| Sorry for the rant.
| cruffle_duffle wrote:
| Was going to say the exact same thing about /r/flipperzero.
| It feels more like a fan subreddit full of kids, which....
| ain't my scene at all. People on that subreddit make it
| seem like it is this amazing thing that will get you in
| jail or something for posessing.
|
| ... But after owning one? I dunno. It's a neat gadget but
| to be honest about the only practical thing I've got out of
| it is cloning our apartment keyfobs and duplicating hotel
| cardkeys. Otherwise it's kinda fun opening up tesla charge
| doors and messing with iphones using Bluetooth LE. Somebody
| somewhere was starting a project to add CANbus support,
| which would be a perfect fit for the device.
|
| I feel like the ecosystem needs a better way to add "apps"
| to the device. I might be missing something but it doesn't
| really have any official app registry or anything.
| Something like you'd see for npm, pypi, or platformio.
| evilduck wrote:
| There's a ton of TikTok/Instagram nonsense showing it out
| in the world doing those things.
|
| A large volume of the stuff you can do with it is just
| spoofing a USB keyboard and running console commands. You
| could do that for years with tons of existing
| microcontrollers the price of a hotdog, but suddenly script
| kiddies have taken notice and are willing to pay 100x for
| the ability.
| tekeous wrote:
| The dolphin game is to allow them to avoid some import/export
| restrictions by classifying it as a toy, which it is, and not a
| hacking tool. It's not a professional device.
| rdslw wrote:
| Friend of mine has 3 yrs old. The "dolphin" is in constant use
| by the child. "What is he doing now?" " Let's check what
| dolphin is playing with today". "What does it say" "Does he
| miss me?" "Let's play with him".
|
| It quickly became pal of the child.
|
| Friend told that is one in top 5 toys of the child now :)
| ChrisArchitect wrote:
| Recent news discussions:
|
| Flipper Zero can be used to crash iPhones running iOS 17
|
| https://news.ycombinator.com/item?id=37919396
|
| Apple Shuts Down Flipper Zero's Ability to Shut Down iPhones
|
| https://news.ycombinator.com/item?id=38656607
|
| Flipper Zero banned by Amazon for being a 'card skimming device'
|
| https://news.ycombinator.com/item?id=35481580
|
| UK airport confiscates passenger's Flipper Zero
|
| https://news.ycombinator.com/item?id=37707486
| ulucs wrote:
| The last one is hilarious, just endless speculation on how the
| guy could have handled it better, the guy coming in with the
| account of how he handled thing pretty nicely, and then just
| _crickets_.
| pugworthy wrote:
| Good read indeed - a lot of conclusions being jumped to
| there.
| Alifatisk wrote:
| Someone on Twitter mentioned how some kid managed to crash and
| shutdown their insulin pump using the flipper zero.
| Mad_ad wrote:
| source? sounds fishy to me, can't believe insulin pumps are
| so vulnerable.
| ablation wrote:
| I don't have a source for OP's Flipper Zero story, but
| insulin pumps are surprisingly vulnerable:
| https://www.cisa.gov/news-events/ics-medical-
| advisories/icsm...
| Alifatisk wrote:
| https://twitter.com/morganiteproto/status/17306558610291143
| 3... https://twitter.com/hackerfantastic/status/17307842936
| 416793...
|
| But it's also from Twitter so take it with a grain of salt.
| hnbad wrote:
| Specifically they say there's an Android device for
| monitoring/controlling the pump that was taken out by
| this. That seems more plausible given that it likely
| isn't exactly running the newest version of everything.
| core-utility wrote:
| And the fix would be to remove yourself ~30ft from the
| source (though BLE might have even less range). The pump
| itself wasn't "disabled", the dude's Android phone (or
| dedicated Android device for this) was temporarily
| glitched while in range.
| jandrese wrote:
| Medical devices with shit firmware are hardly uncommon. I
| can totally believe someone crashed one with a device like
| this.
| geor9e wrote:
| $169 is a bit steep for me, so I went on Temu and bought a $8
| 125KHz RFID programmer & a $5 USB-C IR Blaster. Combined with my
| Samsung phones native NFC writing, bluetooth, etc I feel like it
| scratched the itch of 90% of what people do with Flipper for 10%
| the cost.
| moolcool wrote:
| The M5Stack Cardputer seems like it would scratch the same itch
| as the Flipper Zero.
| s17n wrote:
| the whole point of the flipper is the sub-1ghz radio and
| nfc/rfid capabilities. It's not really intended to be used as
| a general purpose computer, it's more like a really
| extensible radio
| lolinder wrote:
| Yeah, but for me (and I imagine a lot of people on here)
| the itch that Flipper Zero teases is that of a hackable
| computer in a neat form factor, not the specific radio
| capabilities that it's actually meant for.
|
| I didn't know about M5 before and now I'm hooked exploring
| M5's store, so I appreciate OP's pointing me there!
| s17n wrote:
| I think there are a lot of better options if that's what
| you want. From what I've seen the appeal of the Flipper
| is that you can do a bunch of fun stuff with a super easy
| to use interface (just select the thing you want to do
| and press go!) It's like the iPod of radio/rfid hacking.
| lolinder wrote:
| Yeah, for sure--I looked at the Flipper when it first
| came out and decided it was overkill for me.
| grishka wrote:
| Also the 1-wire/iButton capabilities. Systems that use this
| kind of keys are probably nonexistent in the US, but in
| some other countries, they're everywhere.
| ramraj07 wrote:
| "1200 seems too high for a phone, so I bought a raspberry Pi
| and attached a 4G module now I can make calls and browse the
| internet"...
| thelastparadise wrote:
| > "1200 seems too high for a phone, so I bought a raspberry
| Pi and attached a 4G module now I can make calls and browse
| the internet"...
|
| That actually sounds really cool...
| ThePowerOfFuet wrote:
| Until you want to take it with you when you leave the
| house.
| Grimblewald wrote:
| Battery? A pi zero phone is a thing that works
| throwaway2037 wrote:
| I had no idea. Google tells me there is a sub-Reddit for
| it!
|
| r/ZeroPhone: ZeroPhone - a Raspberry Pi smartphone
| Krustopolis wrote:
| Leave the house?
| geor9e wrote:
| iPhones aren't sitting unused in a drawer forgotten like 99%
| of Flippers. There's nothing differentiating or polished
| about clicking one button versus clicking a different button
| to clone an RFID tag. I'd rather have cheapo version of 1
| time use gizmos.
| j0hnyl wrote:
| Is this really the case? I would think there would be a
| mobile app interface for flipper?
| filoleg wrote:
| You are correct, there is a mobile app interface for it.
|
| You can check firmware version and device status, update
| it, have access to file manager, can backup keys, read
| logs, reboot, speed/stress test, and probably do a lot of
| other things that I am not aware about.
| elliottcarlson wrote:
| Any app run on the Flipper Zero can be run and interfaced
| with from the mobile app. It works quite well.
| cruffle_duffle wrote:
| > I would think there would be a mobile app interface for
| flipper?
|
| If you want to interact with the software on flipper zero
| you have to use the "remote" app (or whatever) on the
| phone. It kinda sucks though because it literally acts
| just like the physical device. If you wanna type a
| filename out and think having a full keyboard like on
| your phone would make that task easier... it doesn't. You
| are stuck using the fake "buttons" to move the cursor
| around to each letter just like you would on the device
| itself.
| ramraj07 wrote:
| For me the appeal of Flipper Zero is the mythical rare day
| when it becomes useful in an emergency, and until then it
| can stay in my draw peacefully.
| rvnx wrote:
| There is another possibility: that the Flipper gets an
| update with the order of a government. For example, to
| reprogram or shutdown electrical systems in the house.
| And then it will be a day to remember :D
| stavros wrote:
| Or, an equally plausible scenario, it grows its own
| consciousness and decide to attack, hiding behind its
| delightful dolphin facade.
| a2800276 wrote:
| Oh, come on, you're being ridiculous. It's much more
| plausible for the flipper to develop consciousness and
| steal all the tuna in your pantry.
| Gabrys1 wrote:
| More likely your smart home app in your phone will do
| that
| camillomiller wrote:
| Design is way more important than just what things look
| like. But it contributes to a product's success in ways
| that are sometimes hard to measure. That's why engineer-
| driven company don't understand it and engineers (as a
| sweeping generalization) usually hate it.
| jauntywundrkind wrote:
| I would love love love this to become a vibe.
| hattmall wrote:
| Or just one of the hundreds of equally capable reasonably
| priced phones.
| spookie wrote:
| The point of the flipper zero is to have one good supported
| gadget that has a lot of people hacking away with it.
|
| It's the same thing with the raspberry pi, sure you can get
| some cheap clone off less than ideal places, but you're gonna
| pay with your time. That's basically it.
| Scoundreller wrote:
| That's what I like about InstantPots: having a standardized
| cooking device makes recipes _a lot_ easier to share.
| nonethewiser wrote:
| Well sure, for pressure and slow cooking. You could say the
| same thing about the microwave.
| tycho-newman wrote:
| Chef Mike is the hardest working chef in the kitchen!
| thot_experiment wrote:
| My partner's instant pot also does toasting/air
| frying/normal cooking, I've been very impressed with it.
| phone8675309 wrote:
| For anyone with a compatible model you can add this with
| a lid accessory from Instant Pot:
| https://instantpot.com/portfolio-item/air-fryer-lid/
| nathancahill wrote:
| Bought this to see what the hype was about. Hardly use it
| any more, the Instant Pot is just too small to be useful
| for air frying. 90% of the things come out better in the
| oven in convection mode.
|
| Biggest level up was just lightly dusting anything with a
| starch or flour (lentil flour is awesome) and then a few
| light sprays of olive oil.
| dartos wrote:
| Could you?
|
| Two different models microwaves cook pretty differently
| from each other. Especially if they have differing
| wattage.
| 8organicbits wrote:
| Another is that a microwave doesn't operate at a set
| pressure, so even the same model will behave differently
| at different evelations.
| TeMPOraL wrote:
| That's true of pretty much _all_ cooking (and baking)
| _except_ when using a pressure cooker, so it 's kind of a
| given - people learn to cook given their local pressure
| and humidity levels.
|
| But then again, cooking is poor man's process engineering
| - what you do when you don't particularly care about
| quality and consistency, or at least don't have access to
| hardware and methods to ensure them.
| dartos wrote:
| Yeah so the instant pot is an exceptionally good kitchen
| tool for sharing recipes with others in a reproducible
| way.
| omnimus wrote:
| Arent most things in a kitchen standardized cooking device?
| Like stainless pan is stainless pan...
| internet101010 wrote:
| Kind of. But turning a stove up to medium-high and
| reducing to a simmer can lead to different outcomes
| depending on how the stove is calibrated and someone's
| interpretation of "simmer".
| jefftk wrote:
| _> It 's the same thing with the raspberry pi, sure you can
| get some cheap clone..._
|
| It's a little different: from when the rPI first came out the
| price was a big driver of it's popularity. It started with
| the Model B at $35 (with the Model A at $25 "later this
| year") and this was so much cheaper than other options at the
| time. Look over threads from the time [1][2] and you'll see
| things like: "I teach middle school programming/computer
| classes. I cannot wait to get my hands on one of these. Right
| now it's cheap enough that I can tell the parents to buy one
| for their kids without a problem, and out of pocket it for
| those few of my students whose parents won't be able to
| afford it." and "The pricepoint is simply revoultionary. I
| intend to make a few amateur home automation gadgets with
| this."
|
| [1] https://news.ycombinator.com/item?id=2974292
|
| [2] https://news.ycombinator.com/item?id=3448677
| regularfry wrote:
| Allowing for inflation they've stayed in roughly the same
| ballpark, price-wise. It's just that there are now _also_
| cheaper boards available, which used not to be the case.
| tkems wrote:
| If you want to go deeper with RFID and can spend a bit more
| (~$50), I am pretty happy with my knockoff Proxmark3 Easy [0] I
| got on ebay. (Do some research to find a good seller as I have
| heard some sellers ship bad units). It can do both 125khz and
| 13.25Mhz RFID/NFC and is easier to use then some of the Android
| apps for cracking Mifare keys.
|
| For the price, it is great for more complex attacks and almost
| has all the features of a full Proxmark RDV4 (minus BLE and a
| battery).
|
| [0] https://proxmark.com/proxmark-3-hardware/proxmark-3-easy
| stavros wrote:
| Do you have any resources for learning about RFID? I have
| some tokens for opening my garage door that I'd like to
| clone, and I'd like to know how they work.
| tkems wrote:
| I would check out the Proxmark3 Github repo [0]. They have
| a cheatsheet [1] with the basics on how to get started. I
| also did a talk about RFID security last year about the
| basics [2]
|
| To get started, the basics are: low freq (LF) is usually
| around 125khz and is rarely encrypted (HID Prox is the most
| common in the US). The data is often encoded in Wiegand
| format for access control systems (something to keep in
| mind when reading the raw data).
|
| High freq (HF) (aka NFC) is ~13Mhz and is readable by most
| Android phones with NFC. Not all tag data can be read
| however. HF cards support a lot of different options
| including data storage (normally in a block layout with
| permissions to read and write depending on keys) and
| encryption (iCLASS and SEOS being the HID offerings and
| very common). Some can be cloned (like hotel cards) while
| others (like SEOS) require a downgrade attack to work
| correctly (SEOS -> normal SEOS reader -> Weigand data ->
| older style card like HID Prox).
|
| [0] https://github.com/RfidResearchGroup/proxmark3
|
| [1] https://github.com/RfidResearchGroup/proxmark3/blob/mas
| ter/d...
|
| [2] https://www.youtube.com/watch?v=zKOAywZqisc
| stavros wrote:
| Thanks! I've just bought a Proxmark clone, so this will
| be very useful.
| SV_BubbleTime wrote:
| So instead of supporting the community and a project with a
| specific goal, your point is that you bought a Chinese knockoff
| of a different product?
| mightyham wrote:
| Yes, gp seems to be pointing out the flippers' largest use
| cases can be satisfied by significantly cheaper products.
| They also aren't necessarily "Chinese knockoffs". It just so
| happens that they bought them from a Chinese online retailer,
| and I don't see how they could even be called knockoffs
| because what gp described are fairly different products from
| flipper.
| NavinF wrote:
| RFID programmers and USB-C IR Blasters are commodities. How
| could they possibly be knockoffs?
| michaelteter wrote:
| > I went on Temu and bought
|
| Too bad. I was sincerely hoping nobody would buy anything from
| them so they would die.
| camillomiller wrote:
| I was thinking the same. It's a proven predatory and reckless
| company that can sell at these prices because of shady
| practices. But hey, savings!
| kvdveer wrote:
| I'm not ver familiar with Temu. Are these shady practices
| documented somewhere, and are they worse than industry
| peers (aliexpress, wish, overseas ebay, etc)?
| SushiHippie wrote:
| https://hn.algolia.com/?dateRange=all&page=0&prefix=false
| &qu...
| fomine3 wrote:
| https://github.com/davincifans101/pinduoduo_backdoor_deta
| ile...
| geor9e wrote:
| I don't install apps when there is a website I can use
| from my desktop. So, I guess I have a green light to
| enjoy Temu.
| geor9e wrote:
| Amazon costs twice as much, and Aliexpress takes twice as
| long to ship. I have an adblocker installed, so I haven't
| experienced the annoying ads people are mentioning. I don't
| install apps when a website is available, so it's not a a
| spyware concern. If Temu is more evil that the other main two
| options, I have yet to see an explanation.
| 1oooqooq wrote:
| no phone can act as a nfc card. your set up doesn't cover the
| main use case for the flipper on nfc space
| baobun wrote:
| Many (most recent) smartphone models can act as NFC cards
| very well, with the right software.
| guitarlimeo wrote:
| Phones unfortunately disallow setting the NFC UID on the
| hardware level (it's random each time), Flipper allows you
| to do anything.
| 1oooqooq wrote:
| That is kinda misleading. They can act as a very limited
| version of a client of a very specific and largely unused
| spec.
| geor9e wrote:
| Sure but I have dozens of blank cards and stickers I bought
| for a few dollars.
| tauntz wrote:
| > so I went on Temu and bought a $8 125KHz RFID programmer
|
| OT but if you found it for $8 on Temu, then you can most likely
| find the exact same device on Aliexpress for $1 - $2. Don't
| feed Temu - their ads are clogging up my feeds :)
| dymk wrote:
| Bad actors are going to ruin this cool little device for everyone
| else. For every story I hear about a cool usecase for it, there's
| another about it being used to annoy or harm others.
| sneak wrote:
| Tools can be used for good and bad. This isn't anything new and
| doesn't "ruin" a device.
| karaterobot wrote:
| The person you're responding to probably means that bad
| actors will cause the device to become illegal to buy or use
| in certain areas as a result of being associated with illegal
| or harmful behavior.
| goshx wrote:
| It's already banned in Brazil, for instance
| mihaaly wrote:
| It is true, tools will be misused, banning already happened
| to knifes and scissors in narrow or broader context for
| example. Will see how this one will be regulated, if will
| be at all. If they are smart - usually not, but at least
| less smart than paranoid - then it will not be a blanket
| rule, actually cannot be without unplugging all computation
| and wireless devices.
| dymk wrote:
| thanks sneak, very insightful
| neilv wrote:
| Flipper Zero is/was banned on eBay.
|
| I tried repeatedly to sell mine there, because I'd see some
| auctions for them complete. Then they told me it was definitely
| banned, because it could be used for (IIRC) RFID hacking.
|
| (Fair enough. I ended up having to sell mine locally, for a lot
| less money than what the occasional auction would complete for
| on eBay. And finding a buyer locally was harder, and with much
| higher rate of flaking. As someone with deep frugal influences,
| who likes to save money when buying things, and to sell things
| once not really needed, I really like eBay when it works OK.)
| philip1209 wrote:
| I've mainly use Flipper Zero to duplicate my digital apartment
| keys (iButton then later RFID fobs). It's so easy to duplicate a
| physical apartment key, but making backups of the digital
| equivalents is annoyingly tedious. Plus, apartment managers treat
| them as scarce commodities and refuse to give backups.
|
| With Flipper Zero I now have backup keys in my backpack, on my
| dog's leash, in my running belt, and with close friends. It's
| great.
| 127361 wrote:
| Flipper Zero was designed in Russia, the company moved since the
| start of the war.
| tehwebguy wrote:
| I love this thing but I mostly just use it to avoid touching
| hotel TV remotes.
| tkems wrote:
| I got one not too long after the official launch and I've used it
| a decent amount (granted I am in cybersecurity and have a more
| real-world use cases then the average person). My favorite use
| case is the IR remote since phones no longer have IR blasters.
| It's saved me twice so far in having to buy/find a remote for
| something.
|
| One thing people don't realize is that the custom firmware [0]
| that you can run allows you to receive and transmit on a wide
| range of frequencies under 1Ghz. Lots of things use that range
| (garage doors, gates, fan remotes, etc.) and are not very secure.
| I think that this will be a time looked back on where it's
| possible to interact with those devices without having to buy a
| custom PCB transmitter or somewhat expensive and complex SDR.
|
| [0] https://github.com/DarkFlippers/unleashed-firmware
| dheerajvs wrote:
| > phones no longer have IR blasters
|
| Plently of phones still do [0]. I've configured mine to operate
| all my devices at home.
|
| [0]
| https://www.gsmarena.com/results.php3?nYearMin=2023&chkInfra...
| BossingAround wrote:
| In other words, Chinese brands still have IR blasters. I
| don't know I would trust Chinese-brand of phones though.
| sofixa wrote:
| Why not? Most phones are manufactured in China anyways, and
| Xiaomi, OnePlus, Honor, Oppo are major and very widely
| popular and used brands all over the world (outside of the
| US which is allergic to Chinese brands unless it's for
| cheap crap or to outsource manufacturing to).
| dangus wrote:
| Outside of the US is a problem when it comes to
| availability and usability. I'm not going to buy a phone
| that doesn't play nicely with my carrier or receive
| regionally relevant support.
|
| OnePlus is the only brand on that list that makes sense
| buying in the US.
|
| (Personally I can see why the IR blaster was removed as a
| feature in US phones. I can't think of a time I wanted or
| needed it. How often are y'all losing remotes? My current
| remote doesn't even really use IR for anything since the
| streaming box is controlled by Bluetooth and connected
| devices including the sound system are controlled by
| HDMI-CEC. My phone already controls the entire setup via
| a remote app that utilizes WiFi/Bluetooth).
| Telemakhos wrote:
| I don't have a television, and I haven't owned anything
| with an IR port since the 2012 MacBook. I have zero use
| cases for IR blasters.
| chpatrick wrote:
| In terms of functionality they're night and day compared to
| Western brands which seem to just enshittify their devices
| while raising prices. They're all made in China at the end
| of the day.
| JKCalhoun wrote:
| You just need a small Bluetooth-enabled box sitting on your
| coffee table near the TV that has an IR transmitter and a
| paired app on your phone that can send commands to the box.
|
| Edit: I had only search and one did appear:
| https://www.amazon.com/PUCK-Smart-Universal-Remote-
| Model/dp/...
| copperx wrote:
| Universal remotes are still a thing, and much cheaper than
| that or a Flipper Zero.
| dylan604 wrote:
| yeah, but you have to be line of sight for a universal
| remote to work. the app enabled IR box means you can be
| anywhere within range. that does have its advantages.
| also, being in the kitchen while the remote is near the
| couch when your streaming platform of choice asks "Are
| You Still There?" means you can answer from the kitchen.
| dzhiurgis wrote:
| Seems much cheaper than "infrared blasters" used for home
| automation
| CraigJPerry wrote:
| >> or somewhat expensive and complex SDR
|
| I don't think that's as accurate today as it used to be.
|
| On the hardware side there are tons of options very cheaply
| available - iirc the flipper uses the c1100 (or a number like
| that) it's a popular cheap chip and it's well documented and
| interfaces easily with arduino.
|
| More accessibly, lime mini SDRs are cheap but there's quite a
| few alternatives too.
|
| On the software side GNU Radio is free with decent tutorials -
| we're not talking anything like blender levels of difficulty to
| adopt even if it is a complex domain.
|
| Although on the more accessible side, urh is incredibly
| powerful given how easy to use it is
| https://github.com/jopohl/urh
|
| I used the latter to tap into a 2 channel wireless bbq
| thermometer via a $10 rtl sdr and that was a breeze, an
| absolute walk in the park compared to when I reverse engineered
| the flysky telemetry system.
| ale42 wrote:
| GNU radio is free, but what about the hardware you need if
| you want to transmit an actual signal?
| tiagod wrote:
| An HackRF clone is quite a bit cheaper than a Flipper, and
| it's a full-blown SDR with TX capability
| TeMPOraL wrote:
| It's not the TX hardware part that will be expensive - but
| rather bespoke encoding and crypto. Not prohibitively
| expensive, just _annoyingly_ expensive in money and /or time
| - enough to prevent anyone _except criminals_ from tampering
| with those devices.
|
| Or worse, vendors will use it as an excuse to make their
| products cloud-dependent, with strong cryptographic auth and
| actual processing done on the other side of the world.
|
| (And with that enabling the rent seekers their recurring
| revenue, we arrive at the reality foretold by IIRC Philip K.
| Dick, where you have to subscribe to your own apartment
| doors.)
|
| (EDIT: the more IoT embraces actual security, the more I feel
| that US gov had a point in classifying cryptography as
| munition. Perhaps there ought to be legal limits on using
| crypto _against_ other people.)
| tkems wrote:
| As someone with a HackRF PortaPack knockoff I got from ebay,
| I would agree that SDRs are better and cheaper than ever
| before. However, I think the average person will struggle
| with using a HackRF for more complex projects. I've used URH
| before, and while useful, it can be intimidating for
| beginners.
|
| Also, while I like the RTL-SDR (and the price tag!), you
| can't transmit with it. While this isn't a deal breaker to
| everyone, if you'd like to clone a garage door remote, for
| example, you need to be able to transmit. While you could use
| something like a raspberry pi and rpix [0], but I think it is
| more work than it's worth for many. Also, multiple RTL-SDRs
| are required for higher bandwidth applications like ASTC TV
| or trunked radios.
|
| With the flipper, I think the main draw for most is the
| point-click-done nature. Include the Android/iOS app and it
| makes it easy to configure on the go without a computer. The
| expandability is one of the main feature that will increase
| adoption over time compared to the HackRF+PortaPack which,
| from what I saw in the past, lacked longer-term support and
| regular updates and new features.
|
| [0] https://github.com/F5OEO/rpitx
| elliottcarlson wrote:
| The batteries died in my bedroom TV remote a few nights ago, it
| wasn't until I went to replace them did I notice that one of
| the batteries had leaked and seems to have caused some
| corrosion on the contact, so until I clean it up I've switched
| to my Flipper Zero as the remote for it (just need power and
| audio control, rest is via a Roku stick). Never thought this
| would be my use case for it, but it worked out perfectly.
| bookmark99 wrote:
| A friend got this for me, but I'm struggling to put it into any
| useful purpose, any pointers with things I can experiment it.
|
| Using it as a remote seems so cool, esp bc I lost my roku
| remote not so long ago so if you have any resources that could
| help I'd appreciate it.
|
| The documentation I've seen so far seems far and scattered and
| it seems people are more scared of being implicit in illegal
| activities based on their resources.
| spacecadet wrote:
| Great tool for learning Bluetooth Pen-testing. I run BTCTF-
| Infinity on an ESP32, powered through the flippers GPIO. It
| creates the BTCTF environment and I use the flipper to crack
| the examples. Kinda like a self-contained gaming handheld for
| BT practice.
| sbdaman wrote:
| You can buy a Roku remote for like $5.
| tkems wrote:
| For IR remotes, there are a few ways to go about it. If you
| have a remote you want to clone, you can just use the flipper
| to clone and map buttons to a custom remote. If you don't
| have the remote and have a common device (like TVs), I would
| check this repo on Github [0] and see if you can find a
| compatible IR file. Note, you need a micro SD card in order
| to move the files onto the flipper, but a small one works
| fine.
|
| I've had good luck with the basic universal remote when I'm
| in a pinch. Also, you can create custom IR files, but it can
| be a pain with encoding. The flipper forums are a good
| resource too [1].
|
| [0] https://github.com/Lucaslhm/Flipper-IRDB
|
| [1] https://forum.flipper.net/
| bookmark99 wrote:
| sweet. thank you
| Nexxxeh wrote:
| Not answering your question, but the Roku app includes a
| better version of the remote.
| MuffinFlavored wrote:
| > Lots of things use that range (garage doors, gates, fan
| remotes, etc.) and are not very secure.
|
| https://en.wikipedia.org/wiki/Rolling_code I didn't know this
| wasn't secure enough. I thought this was the basis of most
| modern vehicle keyless entry too?
|
| It is hard for me to not think of the Flipper Zero as a script-
| kiddie tool to do super illegal things like open your
| neighbor's garage illegally.
| tkems wrote:
| While rolling codes can be secure (KeeLoq [0] is a more
| secure example but has it's own issues), this [1] is an
| example of some of the weaknesses that can happen if a
| rolling code algorithm is broken. I have personally been able
| to capture, decode, encode, and transmit garage door codes
| using that python script and a HackRF (which can also be done
| with a flipper and custom firmware).
|
| [0] https://en.wikipedia.org/wiki/KeeLoq
|
| [1] https://github.com/argilo/secplus
| MuffinFlavored wrote:
| Can you help me understand why rolling code attacks aren't
| broken on most cars but are broken for garages?
|
| Also, are attacks like this real/common/easy to pull off?
| https://youtu.be/1SUGf6OwRzw Where the signal is amplified
| from the key inside the house to the car. How does the
| car/keyfob not detect it's signal/noise ratio or time for
| roundtrip is all messed up distance wise?
| tkems wrote:
| From what I understand, cars are a bit more complex now
| then garages. KeeLoq, from my understanding, is not
| 'breakable' like garage doors. It does have weaknesses,
| but more related to the raw cryptography/math. Since
| KeeLoq is a cryptographic function, it can be broken by
| brute force or by gaining access to the manufacture key.
|
| For the amplification attacks, my understanding of them
| is that the key fob and car may be able to detect this
| kind of attack, but require more logic/software to do so.
| Also, most of these attacks use high frequency 'backhaul'
| wireless networks (key fob at 3-400Mhz, backhaul at 2.4-5
| Ghz Wifi with lower latency) to prevent such
| timing/signal-noise from being detected. If I had to
| guess, most key fobs/cars are more focused on making sure
| the key fob works at range or in hard-to-detect
| environments and not focused on preventing such
| relay/amplification attacks.
|
| Also, some similar attacks to what you linked could also
| be done against Bluetooth (I think Tesla had this issue
| in the past few years) with a simple Bluetooth range
| extender/relay setup.
|
| (Note: without one of those devices, most of this is just
| guesses/what I've seen is possible/theoretical in terms
| of attacks)
| hemanthb wrote:
| "Outside" perspective after I was recently gifted one for my
| birthday: it's a fun and easy tool to learn about hardware. I
| became a programmer through the "Applied Math" route (Causal
| Inference -> Probability -> UL -> DL -> CS). Never owned a
| Raspberry Pi/Arduino and too busy to get into hobbyist
| electronics. The Flipper is accessible and low friction,
| motivates learning eg about GPIO, and is the first time I've
| messed with firmware and signals.
| holografix wrote:
| Anyone tried to crash Bluetooth speakers with this? I'd buy one
| immediately if I can mute loud tvs and harmlessly disable
| Bluetooth speakers from a distance.
|
| My new rental only provided us with one garage door remote and it
| looks ancient. Fairly certain this could an overly expensive
| extra garage door remote.
| beala wrote:
| It doesn't operate at bluetooth's frequency. You could
| definitely mute TV's with the IR blaster.
| dr_kiszonka wrote:
| I'd love to have one to learn more about radios with my kids.
| Some of Flipper's apps look pretty interesting too.
|
| Probably out of scope, but I hope FlipperOne has a few
| environmental sensors too. (In a perfect world, it would also
| have thermal imaging, but these sensors are way too expensive.)
| dzink wrote:
| The initial marketing mentioned that flippers can exchange
| collected data as a social interaction. The reason I haven't
| bought it is that I don't want private stuff used and home being
| leaked to flippers nearby or to a central server. Any experience
| with that?
| DHowett wrote:
| As of firmware version 0.97.1 (current at the time of this
| comment,) no such feature exists.
| sharperguy wrote:
| Everything is recorded on an SD card, so you could copy the
| files online somewhere and download others files. There is no
| automatic sharing.
| xyst wrote:
| I got one. Only thing I used it for was scanning my dogs
| microchip
| smcleod wrote:
| $310 AUD... that's insane!
| notatoad wrote:
| this seems like a cool device that people actually like, but it's
| crazy that i've still never seen a blog post of "hey check out
| this cool thing i did" that just happens to use a flipper. it's
| always the other way around, the point is to have a flipper and
| find things to do with it, not to have a flipper because it does
| something you want.
|
| i buy lots of nerdy toys, but can we all just admit that this is
| a toy, not a tool?
| some-natalie wrote:
| It's good as a bluetooth presentation remote, sharing QR codes or
| NFC contact info at conferences, and jiggling your mouse so your
| VPN connection doesn't die when your laptop locks up. It was
| handy around the house over the holidays too (https://some-
| natalie.dev/blog/flipper-at-home/).
|
| It's a decent multitool. :-)
| futhey wrote:
| When people realized anyone with a sophisticated police scanner
| could listen in on cordless (and then early cellular) phone
| calls, it forced manufacturers to actually implement a bare-
| minimum level of security on those devices.
|
| I hope this pushes more manufacturers to switch to rolling-code
| algorithms (like the key fob your car uses), in place of simpler,
| less secure codes that can be captured and replayed.
| IshKebab wrote:
| Sure though in some cases it isn't worth the cost or effort,
| e.g. kinetic light switches. In some cases it's appropriate to
| expect people to not be arseholes.
| forinti wrote:
| In the 1980s a friend of mine had a German radio which had a
| larger array of frequencies than that available in my country.
| It allowed us to listen to the police. Curious, but not
| interesting.
|
| In the 90s my brother had a portable TV/Radio which we managed
| to tune into cellphone conversations.
|
| Those were the days you could still telnet 25 to send emails
| with whatever sender you wanted. I used to send Christmas
| greetings from Santa to my colleagues at uni.
| tivert wrote:
| > When people realized anyone with a sophisticated police
| scanner could listen in on cordless (and then early cellular)
| phone calls, it forced manufacturers to actually implement a
| bare-minimum level of security on those devices.
|
| Did it?
|
| IIRC, the biggest thing to fall out of that is the US
| government banned scanners that could pick up the frequencies
| commonly used by cordless phones.
| cruffle_duffle wrote:
| > IIRC, the biggest thing to fall out of that is the US
| government banned scanners that could pick up the frequencies
| commonly used by cordless phones.
|
| I recall that. I think the age of SDR's made such a ban
| (law?) almost impossible to enforce.
| dylan604 wrote:
| When did the age of SDRs begin where these devices were
| still in vogue? What's the overlap?
| porbelm wrote:
| Well, DECT wasn't exactly very secure, and neither was GSM (2G)
| call encryption. And check out the recent TETRA-related CVE's
| for more fun ;)
|
| https://www.midnightblue.nl/tetraburst
| byb wrote:
| I tried using a Flipper with some NFC stickers so I wouldn't have
| to carry around so many FOBs and cards. It turns out that the
| Flipper does not excel at this task. It complained that the NFC
| stickers I bought were non-writable. And it couldn't read all the
| sectors on some NFC tags. However, I was able to use the Android
| MCT app to write to the same stickers and read the tags the
| flipper couldn't read. Cloning required copying strings to the
| clipboard, which is something the Flipper's UI is not really
| designed for.
| blep-arsh wrote:
| Yeah, Flipper as a concept sounds cool but then I found out the
| current implementation is rather half-baked and comes with a
| lot of limitations. And the community is not that welcoming
| either.
| cruffle_duffle wrote:
| > It complained that the NFC stickers I bought were non-
| writable.
|
| I'm not an expert at NFC but after playing around with Flipper
| I've learned that there are different types of NFC devices and
| they aren't at all interchangeable. They aren't just dumb
| devices but actual computers that power up and do shit (I
| think).
| iceflinger wrote:
| Even beyond the wireless stuff it's focused on, it's super useful
| as a combined UART bridge, SPI Flash dumper, DAPLink debugger and
| other hardware tools.
| vivak6223 wrote:
| Mj
| yakshaving_jgt wrote:
| My Flipper Zero has been useful for me while living in Ukraine.
|
| For some reason, many apartment buildings require the use of a
| little electronic tag not only to open the outside gates, but
| also to operate the elevator to reach someone's apartment. This
| also includes trying to use the elevator to reach the ground
| floor, _e.g._ , when you leave your friend's apartment and you
| are going home. So you can't leave the building with the elevator
| without your friend coming out and unlocking it for you. It's
| madness.
|
| So, I clone my friends' tags (with their knowledge) and come and
| go as I please.
| cactusplant7374 wrote:
| The problem with the Flipper is it's missing documentation. And
| new learners need documentation. The response from the Flipper
| team has been telling people to read the source code.
| pnw wrote:
| I would love to get one but articles like this about the Russian
| connection put me off.
|
| https://simovits.com/flipper-zero-zero-trust/
| squarefoot wrote:
| The device is nothing more than a quite powerful STM32 board
| with some interesting peripherals added and of course a very
| powerful firmware/software, which is what makes the difference.
| However, as everything is Open Source, it can be ported to a
| similarly designed, possibly different looking, device without
| the code that phones home, an it probably is what hackers
| should consider since the Flipper Zero has been banned in some
| places and being caught with it say in a airport could be
| enough for confiscation and/or interrogation. Also, it is
| overpriced for what it contains; they could sell it at half the
| price and still make a significant profit. And frankly, as
| someone who is 100% on Ukraine's side against the barbaric
| Putin invasion, I'd rather use my money to buy some electronics
| from Ukrainian surplus shops on Ebay.
| Gormo wrote:
| Interesting. Do you have any sources that substantiate the
| claims made on this blog post?
| sev1 wrote:
| I wasn't aware of a Russia connection until this post. On
| flipperzero.com near the top it says:
|
| >Our team was originally formed in Neuron Hackspace by
| collaborating with industrial design and manufacturing
| experts Design Heroes.
|
| A quick Google search for Neuron Hackspace and Design Heroes
| shows their location as Moscow. I'm inclined to believe the
| detailed report from that blog post and am glad I did not end
| up buying the device.
| Gormo wrote:
| > I wasn't aware of a Russia connection until this post.
|
| I'm still not aware of it _after_ reading the post.
| Pointing out that some of the people on the project were
| members of a hackerspace in Moscow at some point in the
| past is not remotely sufficient to substantiate that there
| exists any current connection between the project and Putin
| 's regime.
| sev1 wrote:
| You refer to the post, but did you read the PDF linked to
| it? There's a conclusion section that's easy to digest.
|
| As far as a connection to Putin's regime, you should read
| up the thread and note that nobody here mentioned that.
| Regardless of their supposed affiliations or lack
| thereof, I'm not interested in sending money to the
| Russian economy by purchasing a product from a Russian
| company. It's that simple. I think others would want to
| know that same information so thanks to pnw for
| mentioning it.
| what-the-grump wrote:
| As it should, and US consumer protection is failing to act,
| this is from the report. People do not understand the level of
| control the Russian authorities maintain over businesses in
| Russia and citizens.
|
| 1. Flipper Devices Inc. is registered in USA as their main
| office, but no development or business is done at that address.
| The address belongs to a "mailbox" company. 2. A majority of
| registered staff on LinkedIn were until recently registered in
| the Moscow region, (but suddenly moved to Tbilisi, Georgia
| according to their LinkedIn profiles.) - No developers remain
| in Russia according to LinkedIn.
|
| 3. TZOR and Neuron Hackspace shared the same address during the
| period of 2012-2013. (Neuron Hackspace used the address before
| TZOR was founded.) The Company of the founder of Neuron
| Hackspace, Esage Lab/TZOR, is placed on US sanction lists due
| to the DNC hack 2016, under the claim that the company provided
| tools to the Russian intelligence GRU and FSB. The attributions
| were validated both 2017 and 2020.
|
| 4. The Company and founder of Neuron Hackspace, Esage Lab/TZOR,
| had contracts with at least two companies that delivered
| services for the Russian government, FSB and the Russian
| military.
|
| 5. The founder and CEO of Flipper Devices Inc., has been
| involved in activities, such as running the DDOS site
| putinvzrivaetdoma.org, that could have attracted the attention
| of Russian security services.
|
| 6. The founder and CEO of Flipper DevicesInc., has been
| involved in activities since he moved to Moscow that can be
| interpreted as actively supporting the authorities in Russia,
| like trying to sabotage Alexei Navalny's blog in 2014 and
| building a tool, Zaborona_help, to circumvent Ukrainian
| blocking of the Russian websites
|
| The assessment is that there is an even chance that Flipper
| Zero has links to Russian Intelligence Services. The founder
| and financier of Neuron Hackspace was placed under US-sanctions
| due to providing tools to FSB and GRU related to the DNC-hack.
| The validity of the investigations behind the US-sanctions has
| been confirmed in 2017 (Intelligence community assessment) and
| 2020 (Senate Intelligence Committee). Pavel Zhovner's past
| activities and that he seems to have been an early member of
| Neuron Hackspace contribute to this assessment.
|
| It is at the same time likely that Russian authorities are well
| aware of the distribution of Flipper Zero and monitors the
| situation for opportunities to gain other types of benefits,
| either in form of influence over the hacking community,
| recruitment of talented hackers for similar projects or even
| attacks of infrastructure or other targets in the future.
|
| It is also likely that Russian authorities will remain to have
| a substantial influence or control over this hacker community
| and could benefit from the future possibility to recruit
| talents with some form of combined security and IT background
| or even to blackmail foreigners that have been connected to
| this community.
| python273 wrote:
| So, they found nothing suspicious with devices or apps.
|
| Also made some far fetched connections of Flipper Devices to
| companies owning the hackspace Pavel Zhovner worked in, and
| attributed his trolling and making anti-censorship tools "as
| actively supporting the authorities in Russia". lol.
| sev1 wrote:
| Paranoia isn't the only factor in a purchasing decision. It
| seems quite clear to me it's a Russian company trying to hide
| that fact for obvious reasons. I appreciate pnw posting this
| and making me aware before I decided to send money
| (indirectly) to Russia.
| python273 wrote:
| And how are they "trying to hide" it?
|
| > send money (indirectly) to Russia
|
| Even the report mentions the team members moving to
| Tbilisi, Georgia. Afaik Pavel moved to Dubai and still has
| Ukrainian citizenship. So I doubt a significant portion of
| company's money ending up in Russia, maybe except salaries
| of a few engineers. But it's pennies compared to how much
| the regime is paid for the resources, if that's what you
| worry about.
| sev1 wrote:
| Semantics aside, I think it's quite clear they are trying
| to mislead by giving the appearance of being an American
| company. What does their company address show on their
| website? Delaware.
|
| The report mentioned that their LinkedIn profiles changed
| from showing Moscow to Tbilisi. I'm sure I could also
| change my location to Tbilisi on my LinkedIn profile. How
| is that a meaningful argument? I don't want any amount of
| my money going to the Russian economy if I can avoid it,
| even if it's merely pennies as you say.
|
| Why do you care to defend them so much?
| python273 wrote:
| I'm not sure why you assume malice intentions by default.
|
| Using a legal entity in a more convenient country for a
| startup seems like a common practice, including listing
| the address of such entity on the website. You'd be
| surprised how many companies are incorporated in America,
| pay taxes there, but have founders/employees/contractors
| elsewhere around the world.
|
| So, I personally wouldn't count it as active effort of
| "trying to hide" or "trying to mislead".
|
| > The report mentioned that their LinkedIn profiles
| changed from showing Moscow to Tbilisi. I'm sure I could
| also change my location to Tbilisi on my LinkedIn
| profile. How is that a meaningful argument?
|
| Again, not sure why assume malice intentions. I also
| updated my Linkedin location when I left Russia, is that
| surprising?
|
| > Why do you care to defend them so much?
|
| Pavel pays me 15 rubles per comment of course! (tbh not
| sure why I waste time on this :D)
| FrustratedMonky wrote:
| I don't even do hardware and want one.
|
| Is it as great as it seems?
| shantnutiwari wrote:
| I got one some time ago, and like my rpi, has been sitting in teh
| drawer since.
|
| Another one of those "Sounds cool, but not really useful" tools
| jpcfl wrote:
| A lot of people buy tools and then never use them, just like
| people buy trucks and 4x4's, but never use them to haul cargo
| or go off-road. When you buy a tool, you generally want to have
| a job in mind, and then have the follow-through to do that job.
| rjcrystal wrote:
| They're never in stock! They need to fix the logistical issues
| with supply.
| lawlessone wrote:
| I have one, honestly too expensive in hindsight for what it is. I
| make impulsive buys.
| hnthrowaway0328 wrote:
| I'm thinking about building gadgets that serve parallel
| functionalities:
|
| 1. Relatively small to carry around.
|
| 2. Specifically built for one topic of purposes.
|
| 3. Can be achieved by a single hacker with on market tools.
|
| What kind of tools have you built for yourself? Here are some
| examples I have in mind:
|
| Hardware debugging dongles, rom burning boards and of course
| Flipper zero itself.
| spacecadet wrote:
| The flipper has great size/capabilities. I mainly use it for
| NFC/NF wireless pen-testing. Some clients use NF payments and
| this gives me a single click testing tooling.
|
| As others have said, if you want real capabilities get into SDR.
| My real kit includes HackRF piped into wireshark.
|
| Lastly, a community that has seen a bump recently, Pwnagotchi.
| Its worth checking out and to me has alot of potential.
| tamimio wrote:
| I have one, loaded it with Xtreme firmware (better than unleashed
| etc.), and works great! some people are missing the point of this
| device and start comparing it to an advanced NFC tool or other
| SDR, that's not its intended use, it is AIO swiss army tool style
| that you will (might) find it handy in situations that other
| advanced tools aren't around, for example I have some advanced
| SDR like BladeRF and limeSDR, far better in terms of everything
| than the flipper, but in many situations it would be impossible
| to use one of these SDR, not just how suspicious it will look
| with all that gears, but simply you just don't have it at that
| time. So I have my flipper loaded with all fobs keys, garage (yes
| it does work with rotating key if you pair it), all my home sub-
| ghz, IR, are all backed up as well, and as someone who works in
| robotics I find the quick access to GPIO is handy sometimes,
| among other usages, for example, I have a friend who lives inside
| a uni dorm, and if you happen to lock your keycard inside your
| apartment, the cost to just open that door is $50, not even
| replacing the card.. so after he paid it few times I took a
| backup of his card, and whenever he locks it, he will call me and
| I open it for him.
| Deprogrammer9 wrote:
| fun toy to get people into security.
| AlbertCory wrote:
| I saw this and thought "I need this toy!"
|
| Their website wouldn't take my credit card. Needless to say, it's
| a good card and I used it on other sites that same day and after.
| I wrote to Support.
|
| Three days later, they wrote back and suggested I try a different
| card. Sorry, Flipper, you lose. Nice idea, but a company is more
| than a piece of hardware.
| rabbitofdeath wrote:
| I have found it pretty useful in a few situations: - USB/Mouse
| keyboard when the iMac you are working on has totally dead
| batteries for the mouse/keyboard- its not fun but works in a
| pinch.
|
| - Cloning weird ceiling fans/lights. Apparently I've bought
| horrible remotes but this helped.
|
| - Used this as a nightstand clock while traveling.
|
| - Used the authenticator app as a backup Yubi key
|
| - Mouse jiggler to keep a computer awake
|
| - blasting tvs at restaurants is a ton of fun and my kids like
| that.
|
| - And the IR functionality for Nerf Laser Ops Pro (IR laser tag)
| is an absolute blast - the actual Nerf guns have a delayed
| trigger, but with Flipper there is no delay or need to "reload"
| so you are an unstoppable beast.
| tkems wrote:
| Just a heads up about the Flippers U2F implementation [0] and
| the possible weaknesses compared to a Yubikey/other U2F key.
|
| [0] https://modusmundi.com/posts/u2f-flipper/
| bcks wrote:
| I had a lot of fun playing with the Flipper's Bad USB
| DuckyScript to automate some repetitive and tedious CMS
| workflow for a client, filling in a lot of input fields on
| multiple browser windows with a single press of a button. It
| improved my productivity and happiness. I've since graduated to
| Playwright, but it was the Flipper that sparked the idea.
| bastardoperator wrote:
| I bring this when travelling so I can dupe remotes and door keys.
| 5440 wrote:
| My son was just arrested for using this in his hacking club at
| high school. Be careful if you have kids with one. According to
| witnesses in the room, he was showing it to kids in his hacking
| club and they all thought it was just turning off Apple phones in
| the classrooom. Apparently, it turned off phones including
| several teachers in adjoining classrooms. Anyways. The police
| came to the school and arrested him and are threatening him/us
| with federal crimes. They also executed a search warrant in our
| house and took all electronics. Its been a little traumatising to
| say the least.
| jmrm wrote:
| I find really excessive having the police involved in those
| things, specially when are child doing dumb things that hurts
| nobody.
|
| I done a worse "hacking" actions when I was 12 and I were
| grounded without any access to any electronic device outside TV
| at lunch/dinner
| d1str0 wrote:
| They didnt know who was causing it or why. Blocking a persons
| ability to contact emergency services, by DoSing their phone
| can be devastating.
| OOPMan wrote:
| Right, but did anyones attempts to contact emergency
| services get affected in this case?
|
| I'm guessing not.
|
| No matter how you paint it, this was probably rather
| excessive on the part of the police.
| lobocinza wrote:
| And on the part of who called the police in the first
| place. In my experience teachers and school management
| are just too paranoid/neurotic and will escalate
| everything so they can't be blamed.
| tamimio wrote:
| >Blocking a persons ability to contact emergency services
|
| Looks like they still can call the "emergency" given the
| police was there after.
| d1str0 wrote:
| Sorry to hear about this. You probably shouldn't post anymore
| about this for legal reasons.
|
| For other readers, I'd be curious the jurisdiction.
|
| The specific app that can turn off iPhones requires the
| "unleashed" firmware I believe.
|
| Also, regarding legality, if you are DoSing cell phones, you
| are creating a hazard where users are no longer able to contact
| emergency services, and this is the most likely avenue of
| charges, as opposed to FCC fines (if in USA) for using locked
| spectrums.
| tamimio wrote:
| There teachers are crazy and so is the police being this
| overdramatic while the actual crooks are out there free doing
| their crimes while they busy arresting kids, crazy!
___________________________________________________________________
(page generated 2024-01-22 23:01 UTC)