[HN Gopher] MicroPython on Flipper Zero
___________________________________________________________________
MicroPython on Flipper Zero
Author : psvisualdesign
Score : 137 points
Date : 2024-09-14 15:43 UTC (5 days ago)
(HTM) web link (lab.flipper.net)
(TXT) w3m dump (lab.flipper.net)
| psvisualdesign wrote:
| Has anyone tried to run Micropython on the Flipper Zero? I'm
| using Micropython on my ESPs, but not in the Flipper Zero. With
| the new Firmware 1.0 you can also use JavaScript. Now the
| question is: what's easier/better for own plugins/apps?
| Micropython, Javascript or the native Flipper language?
| therealfiona wrote:
| Isn't native C/C++?
|
| I'd expect C to run the best due to it being compiled. JS is
| pretty quick, but we're talking a microcontroller, so any speed
| you can pickup by reducing computation cycles is a win.
|
| Easiest/better is using what you already know as that'll
| provide the best speed to MVP. If it's too slow in Python/JS,
| but it seems like a useful thing, it's probably worth rolling
| up your sleeves and learning some C. At least enough to build a
| python library.
| markb139 wrote:
| From my experience on the Raspberry Pi rp2040, adding C code
| to a micropython build is very straightforward
| jordigh wrote:
| This makes me long for the days of RockBox on Sansa Clip devices.
|
| https://download.rockbox.org/daily/manual/rockbox-sansaclipz...
| forgotacc240419 wrote:
| Still using one daily
| jordigh wrote:
| Which model? My Sansa Clips all died in various ways. Maybe I
| was too rough on them.
| forgotacc240419 wrote:
| I've a few backups but I've only destroyed one of them
| (somehow fried the board soldering the headphone jack back
| down).
|
| They're fairly durable other than the headphone jack and
| the clip from what I've seen
| sikhnerd wrote:
| I 100% miss the golden age of running RockBox on my iriver
| h120. Such an amazing firmware (and hardware)
| namuol wrote:
| You can get "broken" ones on EBay pretty cheap. Be careful
| prying them open though - there's no aftermarket shells
| unfortunately.
|
| I spent a weekend not long ago upgrading a broken Sansa Clip+
| with a new battery, RockBox, and a USB-C port - first one with
| USB-C AFAIK. Oh and I replaced all the SMD buttons too while I
| was at it.
|
| I'm very happy with how it turned out! I only wish I knew how
| to do something more advanced like adding Bluetooth audio
| capability that doesn't just hook into the DAC output and sound
| terrible.
| oulipo wrote:
| Is there a comparison of the memory footprint of each VM? and
| whether there are guarantees with memory allocation / crash
| robustness etc ?
| A4ET8a8uTh0 wrote:
| Hah, talk about good timing. I just got my flipper:D
|
| I have a weird related question and I am not looking for a full
| answer, but rather on what/where would be a good resource to find
| that information as what I have found so far was not super
| useful.
|
| In short, for the newer employee badges, are there some secret
| handshake pieces that flipper can't copy? Stuff around the house
| worked flawlessly, but the moment I tried to play with employee
| card, I got, um, mixed results.
| archgoon wrote:
| Step 1 of reverse engineering anything: Figure out the make and
| model of the thing. ;)
|
| "Employee badges" can be implemented in a number of ways, from
| simple broadcasted rfids down to having secret challenge
| responses that aren't breakable without going down the jlsca
| route since the secret is on the device and never leaves it.
|
| So, step 1: figure out what exactly the model your 'employee
| badge' is using and what protocol it uses. There's probably
| some marking on it that should give you the manufactuerer at
| least.
| kweks wrote:
| CEO of Lab401.com / Flipper Distributor / RFID geek.
|
| One of the best resources is probably the Discord channels.
| There is the official channel, and the non-official (for non-
| official firmware). YMMV, but the non-official seems to be more
| active.
|
| The Flipper is "somewhat underpowered" in terms of hardware for
| RFID, or specifically 13.56MHz, but makes up for it in a _very_
| active development community.
|
| "Access badges" is a fairly vast blanket term. Anything that's
| not an exhaustive, lengthy breakdown will be inherently over-
| generalised, but here we go:
|
| 125KHz: Low Frequency: _usually_ cards with "just" an ID or
| very limited memory. _Usually_ much simpler technology.
| _Usually_ without security, and much easier to copy.
|
| There are multiple encoding and modulation methods in this
| family, almost all of which are encompassed in a (fairly
| amazing) tag that can emulate them all - meaning they can be
| cloned easily : the T5577 chipset.
|
| There's much more penetration of these chipsets in non-EU
| markets (US, Canada, etc). Key brands and tags: HID Prox,
| EM4XXX, Hitag, etc.
|
| The FlipperZero handles most / if not all of these very well
| (read / save / emulate / write).
|
| High-Frequency tags (13.56MHz) : encompasses multiple ISO
| Standards : 14443-A/B/C (lots of access cards), also ISO15693
| (Slightly Longer read range, more industrial tags, ski-passes,
| etc), and EMV (Payment Cards) among others.
|
| There are _many_ sub-protocols and implementations of these
| higher level standards. But these can be generalised as : small
| memory units / computing units on a chip. As such : larger
| functionality, and various security.
|
| The most well-known family is probably MIFARE (1K/4K
| Classic..). Chances are, if you've got one somewhere.
| Encryption is totally broken.
|
| Ultralight / NTAG: Cheaper, no / not much security (password +
| signatures on some tags, and counters). Typically used for
| ticketing etc.
|
| These are handled in Flipper.
|
| Other implementations: DESFIRE: Uncracked. iCLASS (Commercial
| Access Control - iCLASS SE / ELITE / SEOS ..). Can be cloned,
| or suffer from downgrade attacks. Not handled by Flipper by
| default.
|
| The Flipper has a fundamental 'flaw' with high-frequency tags:
| it can't handle emulation on chip, and its clock isn't evenly
| divisible by 13.56MHz, so emulation and some functions are
| _always_ going to be limited. With that said, the 13.56MHz
| stack is always improving - the community has done amazing
| things.
|
| Likewise, cracking (typically: MIFARE) is CPU / memory
| intensive. The Flipper can limp through some implementations,
| and can team up with a PC for others.
|
| However, more specialised devices (Proxmark, iCopy-X) pick up
| where the Flipper leaves off.
|
| In summary, it's a _very_ useful tool for RFID (LF + HF) - can
| handle most LF operations, and quite a few HF operations -
| before you have to reach for much more expensive hardware
| (Proxmark : ~300 EU).
|
| Some people to check out on YT:
| https://www.youtube.com/@TalkingSasquach
| https://www.youtube.com/watch?v=VF3xlAm_tdo
|
| Feel free to reach out for more questions.
| renewiltord wrote:
| What a great comment. If I could overpay my karma into it, I
| would do so ten times. Thanks for the helpful tips. Most fobs
| I've encountered are the basic 125 kHz ones but some, like my
| garage keycard, are not. And I'd like to be able to amplify
| that signal because it's hard to get the garage in my condo
| building to detect the card.
| aftbit wrote:
| Is it possible to emulate EMV cards? I have not had any luck
| with that, and most people are unwilling to talk about it as
| the usual use cases are pretty black hat (carding etc). I
| just want to use my Flipper (or some other hardware) to make
| a payment with my own card. I'm not trying to do any fraud. I
| want something that does tap to pay using any of the CCs that
| I own, without having to have a modern locked Android or
| iPhone that cooperates with the bank.
| A4ET8a8uTh0 wrote:
| Thank you for going into that level of detail here:D That
| makes the search a lot easier for me and it is a reminder,
| why I a keep coming back here.
|
| I am only starting my adventure with RFID and there is a lot
| to learn, but it has been a while since I was this weirdly
| excited.
| stavros wrote:
| I got a Proxmark 3 clone from Ali for $35 or so, it's been
| fantastic. I'm not entirely sure how to crack Mifare tags
| with the Proxmark (how to efficiently brute-force the key),
| though. AFAIK the way to do it on the Flipper is to read the
| tag and then listen to what the reader sends (which I haven't
| gotten around to trying), does the Proxmark do things
| differently?
| schwartzworld wrote:
| Depends on the system your work uses. Lots of them just have
| unencrypted strings.
| amorfusblob wrote:
| I asked our IT manager and our employee badges have RFID plus
| some kind of timestamp check or something. The secret handshake
| is actually secret I guess. Lot of information out there but
| mostly guarded by radio nerds who talk like you should already
| have an EE degree.
| 0cf8612b2e1e wrote:
| What are people doing with the Flipper? It seems neat, but I fear
| I would get one and then forever leave it in a drawer having
| never done anything real with the device.
| edm0nd wrote:
| Mainly having fun w the IR blaster and also for NFC/RFID
| things.
| supportengineer wrote:
| Tried to read my dog chip but couldn't find it.
| kej wrote:
| It can take a lot of slowly moving the flipper around to get
| it to read a pet chip. Definitely not as straightforward as
| scanning your office's access card.
| actionfromafar wrote:
| I'm sure your dog will come back when hungry.
| a12k wrote:
| I was really excited to get mine! It is neat. I got it and it
| has been in my drawer almost exclusively. I have done exactly
| two things with mine:
|
| * Opened my friend's Tesla battery charge hatch from a distance
| for fun (it closes again on its own after maybe 30 seconds)
|
| * Recorded a lamp's IR remote on/off/up/down toggles and used
| the Flipper to turn on the lamp, rather than using the IR
| remote, to try to debug whether the remote was going bad or if
| there was a problem with the lamp (it was the lamp itself)
|
| And I tried, unsuccessfully, to:
|
| * Read my dog's microchip data
|
| Otherwise, I haven't found any use for it. I really wanted to
| like it. I did a search to see if there was anything
| interesting to do with it that I was missing, and basically
| it's what I did (or failed to do) above. Some people also use
| it to change TV channels at restaurants as a prank it looks
| like.
| xvector wrote:
| Same experience here. I don't blame the Flipper, though, only
| my own lack of creativity and energy.
| okdood64 wrote:
| Do you know if I can emulate car keys with it? Say a
| relatively modern BMW? Or is there some safety mechanism.
|
| (Not for nefarious purposes, but just in case I can't find my
| keys.)
| dumah wrote:
| Emulating the rolling code protocol would desync your keys.
|
| What ever device you'd want to use as a backup would need
| to capture information sent from the vehicle during the
| last unlock.
| obituary_latte wrote:
| Not natively. There is other firmware out there, though,
| that allows such functionality. Depending on where you
| live, it may be illegal to even try, though, hence the
| native firmware locking out such use (you can record or
| visualize but not save/replay).
| echoangle wrote:
| Just recording and replaying wouldn't help you anyways,
| the code is rolling to prevent replay attacks.
| virtue3 wrote:
| I think if you have enough replays you can deconstruct
| the rolling code. Not sure.
|
| Also there are ways to desync/resync your key so you
| might be able to "add a key" with the flipper with
| certain firmwares.
|
| Cloning the current key and using it can desync it from
| your car. Super annoying. Be careful
| echoangle wrote:
| I don't know exactly how the rolling key works but
| wouldn't it be kind of like having a secret stored in the
| key that's needed to generate the next code? If it's
| designed properly, recording a few thousand codes
| shouldn't tell you anything about the next code, just
| like you can't deduce private keys by looking at a few
| thousand encrypted files. I have no clue if that's really
| how it works, so I would be happy to be corrected if my
| mental model is wrong here.
| fullstop wrote:
| Don't do it. The key can easily get messed up if the
| rolling code isn't handled appropriately.
| kevin_thibedeau wrote:
| The old Ford transponder keys don't do rolling codes.
| askvictor wrote:
| So an attacker can cause your car keys not to work?
| fullstop wrote:
| Yes, as well as gain access to your vehicle. This has
| been reported on quite a bit over the last couple of
| years.
| aftbit wrote:
| So far I have not been able to emulate the keys on either
| of my cars, a 2001 Ford Ranger and a 2019 Subaru Outback. I
| think the Ranger is probably possible, but I haven't
| figured it out yet.
| jrussino wrote:
| I'd love to have this, mainly so that I could have a single
| dongle on my keychain for both my and my wife's car. I know
| others have said that there are issues around rolling
| codes. But it's possible to get official duplicate /
| replacement keys; how does that work?
| Rebelgecko wrote:
| IIRC it's somewhat possible but for some cars if you do it
| wrong it makes the car and key go out of sync which causes
| a lot of issues
| fullstop wrote:
| 1/4th of my cats have microchips. They were moderately
| annoyed as I scanned them.
|
| The whole microchip registry thing is a mess, though. There's
| no authoritative database and I'm certain that the database
| entry for my cat is at some shelter where he was briefly
| held. I have no way of updating this data without paying a
| subscription fee, so that's out of the question.
|
| Outside of IR remotes and popping tesla ports, I have used it
| to emulate RFID tags. I don't have enough free time to really
| utilize it appropriately.
|
| Cat tax: https://i.imgur.com/8vAabRM.jpeg -- He is sleeping
| where he really should not be sleeping.
| shagie wrote:
| https://old.reddit.com/r/CatsOnPizza/
|
| https://old.reddit.com/r/orangecats/
|
| Here's a ML problem for someone to consider tackling ...
| given a cat picture, identify all of the relevant cat subs
| that it might get posted in. This could be applied to dogs
| too... but cats rule the internet (
| https://en.wikipedia.org/wiki/Cats_and_the_Internet )
| fullstop wrote:
| > Here's a ML problem for someone to consider tackling
| ... given a cat picture, identify all of the relevant cat
| subs that it might get posted in
|
| I'm fairly certain that there are an infinite number of
| cat subs, so this task is impossible!
| shagie wrote:
| While "yes" ... there are only so many that are big.
| Getting the top 100 cat subs and going from there would
| be a nice ballpark number.
|
| Its one of the "this might be a fun thing to do if you're
| playing with a ML image classification problem."
|
| I've got a Mac and so https://developer.apple.com/documen
| tation/createml/creating-... has tempted me on occasion
| to see "how much can this thing do?"
| aftbit wrote:
| There is no single authoritative database, but it works
| kinda like MAC addresses, in that the microchip prefix
| tells the system who made the chip, which tells them which
| database to look you up in. You should be able to get the
| shelter to update the database to match your contact
| information for you free of charge. At least our shelter
| was willing to do so. They already have to pay the fee, so
| why not?
| jimt1234 wrote:
| > The whole microchip registry thing is a mess, though.
|
| That is, unfortunately, correct ^^^ I went through this
| with my dog. I was told to find out which services your
| local animal control and humane society use, and make sure
| your pet is added to those registries. Yes, some charge
| $$$, but the registries recommended to me were free.
|
| If your pet ends up with animal control, and they can't
| find the chip registration, getting your pet back can be a
| nightmare.
| fullstop wrote:
| And if you move across the country the local animal
| control / humane society may use different registries.
|
| It's a great idea, in theory, but it's opened up a world
| where the possibility of scam registries can exist.
|
| I've considered the challenges of an open and public
| registry, but allowing the public to access it is
| problematic as there is no way to validate the entries
| and you would be handling people's contact information.
| It might be an actual use of a distributed blockchain /
| public ledger.
| 0cf8612b2e1e wrote:
| Maybe there is no need for a centralized database of
| contact information, but there could be one for found
| pets.
|
| Single resource. Any vet/shelter/guy with a RFID scanner
| can report found pet with this barcode at approximately
| this location. If you know this pet, contact us here.
| Presumably only vets and shelters would be adding to the
| database, so all of the contact information is already
| public. People who have lost their pets can then monitor
| this location/sign up for alerts after you lose Fluffy.
|
| Not as great as being able to immediately lookup the
| owner, but eliminates some privacy concerns.
| bowmessage wrote:
| Can you emulate common TV IR blaster protocols without first
| recording them?
|
| I used to have an LG G4 android phone with a TV remote app
| built in- with just the TV manufacturer information, I could
| change the channel / volume in all sorts of useful places
| (the gym, etc.). I miss this feature often.
| pizza wrote:
| For God knows why reason, the original PSPs used to come
| with an IR LED. I put a homebrew program on my PSP that let
| you control it, and fed it a txt file with thousands of TV
| IR codes. What a blast!
| bangaladore wrote:
| For 99.99% of buyers, it's a toy. It will be played with
| briefly and discussed online for more. For a tiny portion there
| is a legitimate use, however I think its highly unlikely there
| isn't something that does that use for cheaper, and better.
| jmholla wrote:
| I use mine predominantly to write "programs" that control the
| TV. Namely, I've got a program that changes the brightness and
| volume of the TV then turns off the bedroom light at night.
| Then another program that undoes that.
| microtherion wrote:
| My current practical use case is that I read our cat's
| microchip, so when a new device comes, instead of coaxing the
| cat into the device (e.g. smart cat flap), I just use the
| Flipper in emulation mode to train the device.
| pirates wrote:
| I use it as a store for all the amiibo data I might want, as
| well as a universal remote for my TVs and fan/light in the
| house. I also use it on the TVs and receivers at work when
| someone misplaces or loses the remotes, and keep a separate one
| in the car with a few garage codes for my parents and siblings
| houses.
|
| The wifi board is fun to play with to learn about how some of
| the more common/basic SSID spoofing and broadcast spam attacks
| and similar things work. There are some fun HID device attacks
| you can check out too that are pretty cool. I also used it as a
| jumping off point to dabble with programming in C and using gdb
| and stuff like that.
| notinmykernel wrote:
| you can execute a suite of BLE, wifi, and IR attacks. You can
| target NFC and RFID. You can add scripts and boards to boost
| signal and functionality. You know, fun stuff.
| schwartzworld wrote:
| It's sort of like having a leatherman. You almost never NEED it
| but it feels great when you do. I clone all the remotes in my
| house for when my kids inevitably lose them.
| renewiltord wrote:
| I make keyfobs for my friends' buildings. And I can turn off
| TVs at restaurants if they're distracting.
| Aaronstotle wrote:
| Exactly what happened to mine, or it doubled as a second office
| badge
| elliotec wrote:
| And with the latest firmware, can't even do the badge
| doubling :/
| stavros wrote:
| Why not? What happened?
| t-3 wrote:
| I've used it to inspect RFID tags and such, but the feature I
| use most often is the infrared reader and universal remote
| features.
| anfractuosity wrote:
| I keep meaning to play with the NFC/RFID API, I got a little
| eink price tag I'd like to try changing the display of via the
| flipper zero.
|
| I created a very simple attempt at an oscilloscope type program
| ( https://github.com/anfractuosity/flipperscope ).
| bozhark wrote:
| Garage door opener
| gosub100 wrote:
| My apartment has RFID controlled gates. I think I'll get one
| to clone the card since they charge way too much for a
| replacement
| rockbruno wrote:
| Fun way to learn how NFC / RFID works, not much other than that
| since all the cool things are also illegal
| aftbit wrote:
| The only "real" thing I did with it was use it as an IR blaster
| and debug tool to remote control my window fan. Once I figured
| out the IR protocol, I replaced it with a $10 gizmo from
| Aliexpress that has an ESP32 hooked up to an IR LED.
|
| Otherwise, it's kinda fun for scanning credit cards, pet
| microchips, maybe the occasional NFC or RFID tag. It can clone
| most hotel keycards, at least to the level required to open
| your door, although the parking gates tend to use better
| security.
|
| It can also emulate an AirTag, at least on the bluetooth beacon
| side, which is kinda funny.
|
| But yes, mine mostly lives in a drawer.
| A4ET8a8uTh0 wrote:
| Ok, I am intruiged ( and I think wife has an airtag ). Did it
| work as expected:D?
| ajsnigrutin wrote:
| According to guys on reddit, turn on public TVs in malls so
| minimum wage workers have to spend a lot of time to find out
| who actually has the remote to turn it back on, they buy cases
| for them, new shells, and take photos of them.
| squarefoot wrote:
| That would be a variant on the old TV-B-Gone prank gadget,
| which can be easily built with a minimum uC and a few parts,
| plus firmware. https://en.wikipedia.org/wiki/TV-B-Gone
| tkems wrote:
| As someone in cybersecurity, it is handy as a low frequency
| RFID reader as Android phones only support higher frequency.
| Having something compact and in a single unit (compared to a
| Proxmark) makes it easier to 'grab-n-go'. It is neat to show
| people how insecure common access control systems are.
|
| I've also used it as a universal remote more than a few times
| on devices that didn't come with a remote. The App running on a
| phone makes it somewhat easy to transfer new remote templates
| to the Flipper over Bluetooth.
|
| It also comes in handy as a serial adapter as it has GPIO pins
| you can connect to things (UART headers).
|
| The RF transceiver is also cool to capture RF remotes (garage
| doors, overhead fans, etc.) and replay them.
| waciki wrote:
| > The RF transceiver is also cool to capture RF remotes
| (garage doors, overhead fans, etc.) and replay them.
|
| Do you mean the non IR kind?
| ddingus wrote:
| I am sure they did. Non IR kinds basically are RF (radio
| frequency) kinds.
| deepspace wrote:
| I've had mine for a long time. I mostly use it to read and
| clone 125KHz RFID tags.
|
| I have a few ideas to make it more useful, but every time I try
| to get into developing an app, I get frustrated and give up. It
| is probably the worst codebase I have ever seen. Just walls of
| strangely named function calls with no code comments and no
| documentation whatsoever.
| Jestzer wrote:
| I use it to automatically turn my older A/C off and on
| automatically while I'm not home. When I'm home, my wife and I
| use it as a universal remote around the house. Admittedly, it's
| not what I originally bought it for (like others, I bought it
| as a toy), but now we depend on it for the former reason
| mentioned.
|
| If you want to see my lousy code I wrote, you can see it here:
| https://github.com/Jestzer/Flipper.AC/blob/main/ac_app.c
| elliotec wrote:
| That's exactly what happened to mine. They nerfed it real hard
| early on and killed almost all actual utility of it.
|
| You can still find earlier firmware versions that do the old
| thing but you have to hack the hell out of anything to make it
| useful.
| curiousgal wrote:
| What are you referring to?
| geocar wrote:
| I use shortcuts on my iphone set so that when carplay
| activates, or when I get close to home, it tells the flipper to
| send the gate and garage door codes to my house, so I can leave
| or get into my home without having to find the commando.
| xeromal wrote:
| I use mine to operate my hotel cards lol and other random
| things like TVs and other appliances when traveling.
| radicalbyte wrote:
| I spent a lot of time trying to get it to detect signals from my
| remote-controlled sunblind, only it turns out that it doesn't
| support the frequency at least out of the box.
| throitallaway wrote:
| Out of the box they are locked down to prevent transmission on
| certain frequencies for legal reasons. This is trivial to get
| around with a firmware flash.
| radicalbyte wrote:
| Oh sweet, thanks for the tip. Time to go digging :-)
| tkems wrote:
| I would check out the Unleashed firmware [1]. I've had
| pretty good luck with it so far.
|
| [1] https://github.com/DarkFlippers/unleashed-firmware
___________________________________________________________________
(page generated 2024-09-19 23:00 UTC)