I received mine recently, and I’ve been consistently impressed at both the build quality and overall attention to detail. I know many Kickstarter projects (and hardware startups in general) end up aggressively compromising on features and construction to meet deadlines and cut down on BOM costs, so I was very pleased to see no evidence of that with the Flipper Zero. It’s one of those products where you can immediately tell that a very passionate team invested a ton of time and took special care with the engineering and design process.
> [...] aggressively compromising on features and construction to meet deadlines and cut down on BOM costs, so I was very pleased to see no evidence of that
Tbh the team made the right decision to push the deadlines in order to deliver the quality they would be satisfied with. And I wholeheartedly support them in doing so.
I am totally ok with the device being delivered to me almost a year after the initially promised deadline, as long as that extra time went into getting the quality up to the level. So props to the team, I am happy that they actually took that time to polish up to the current level, instead of trying to meet an arbitrary deadline.
Their development blog played a heavy role in convincing me that they were not just stalling (which, sadly, has been my previous experience with quite a few promising hardware Kickstarted projects). Every single post has so much attention to even the most minuscule details that 90% wouldn't care for, it definitely reassured me that they were trying to be as transparent as possible about the whole process and their decision-making. I cannot say enough good things about writing quality of their dev blog posts. It was incredible and easy to digest, even for someone who hasn't worked much with such close-to-hardware level.
I wanted to know what a Fipper was. I went to the website's hope page. It never told me what a flipper is. I walk away not knowing what a Flipper is. What a waste of my time. Their website home page is a failure.
This page? [0] Seems pretty extensive. IF you just clicked on the upper left Flipper image you're still in the blog page which isn't going to be the full sales pitch. The main page has their initial sales blurb:
> "Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like."
That's the point - the statement you quoted is very uninformative, and a strong example of bad, unclear communication. It literally does not say anything about what it is what it does, what capabilities it offers.
That statement is essentially "It's a multitool for this target audience of users. It's really good for everything they want to do." - without giving any information about what that "everything" is. It does not provide an example use case - "hacking digital stuff such as radio protocols, access control systems, hardware" is not an use case but just an application domain, but an example use case would be some hint of how this tool would be actually applied to help someone do a security analysis of some radio protocol for an access control system.
Why not say something roughly like
"Flipper Zero is a portable multi-tool that includes transceivers for arbitrary interactions with most popular wireless systems - RFID, NFC, BluetoothLE, infrared and sub-1 Ghz wireless devices. It allows you to run custom exploit or analysis code for these protocols interactively from a convenient small hardware device." ?
That would actually tell a potential radio hardware hacker about its capabilities and limitations; e.g. the original description could just as well be said about the hackRF SDR system, which is substantially different piece of hardware but aimed at a similar audience.
Luckily the main page continues on past that if you scroll down and tells you about the modules included and things that use the frequencies those modules speak.
If you're not curious enough to read past a few lines of content, you're not really the target to be honest.
Pentesting (or hacking in any sense of the term) often involves spending a lot of time researching and learning about things, typically heading onto paths where you don't know where you will end up.
Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.
If you know what it is already, maybe that helps. But I still only have a vague idea after reading that.
It is hard to make an introductory explanation to someone with close to zero context of what you are talking about when you yourself know it very well.
Agrred. I have no idea what the device is about until I do a quick Google search and visit their main page. The product looks promising but the explaination for what it is is poor.
This post was the first thing I found that explained what it does. I literally thought this was some kind of open source Tamagotchi.
Here's a description: https://flipperzero.one/ - it's a multitool for various wireless, IR and RFID (including 125 kHz) protocols, has GPIOs and contacts for certain electronic keys. And apparently also a tamagotchi.
What kind of implant you do have? I can't get mine to read the LF side of my NExT. I think it's the type being emulated but I don't have a different ID to test.
Well, those projects they showed really make me want to buy one even though I have no real use case for it. Seems like it'd be fun for hack projects or pen testing RF devices.
In a more meta sense, I really like this new trend of gadgets with a personality, so to speak - makes me think of that game console the "playdate".
It's pretty nifty, I got mine a few weeks ago. I'm not sure it was worth waiting 2 years, but their team has been very transparent about their hardships and I've learned about manufacturing at scale from their updates. I do wish they let their devs spend more time on the tamagotchi side to liven it up some(although the whole software interface could use some more work too - they're still pre-v1 firmware)
In what sense? My phone doesn't have a programmable radio I have access to, can't do RFID and doesn't have GFIO pins for accessories. Its NFC is unreliable - I've programmed tags with it and it's miserable. It has no IR transmitter or receiver, no MicroSD slot. In fact my cell phone does almost nothing the Flipper Zero does except Bluetooth.
> Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.
From the sounds of it it's fulfilling a very different niche. I'd like you see a smartphone that exposes gpio pins.
Or a Bluetooth one for greater versatility, ideally in a nice case for portability.
Bonus points if it nicely packages a screen, few buttons, and some of the most comon radio chips I often want to interface too.
You mean like one of these [0]? It has GPIO pins, Bluetooth LE, a nice case, a screen, a few buttons, a bunch of common radio chips, and apparently a virtual dolphin for some reason.
It's a very cool device. You can do everything they show off with other tools, somethings like cloning cards can be done with cheap $30 cloners from China. However there are few tools that allow you to do ALL the different sub-ghz for relatively cheap, and in a very user friendly package. Closest I know of is HackRF Portapack... and that's well into $500 - but also for different target tooling.
Is there ANY way to detect the presence of one of these devices, OR the use of a device when a tag ID is scanned?
The reason that I ask, is that I was on the design team for lockheed when we were selling RFID tags for shipping containers at a shitload per pop... (123 and 433 mhz)
and I brought up we had zero auth on any of our systems... and was just told to not speak about it.
Are these devices even technically legal to operate in the USA? I thought 433mhz was reserved for exactly what you say - tags for shipping containers. If you use a LoRa devices in the USA I think you are supposed to be >~850mhz.
The stock firmware has region-locked frequencies, so you can't transmit on frequencies illegal for your region. There is custom firmware that removes that limitation however.
In the US, at least the 433 and 915 MHz, and of course 2.4 GHz, bands are unlicensed and widely used by all sorts of commercial, industrial, and DIY electronics. All my wireless temperature sensors in my house are on the 433 MHz band, my natural gas meter speaks (ERT) on 915...
Much better thanks. I see now what my mistake was: clicking the logo in top left of TFA takes you to blog.flipperzero.one when I was expecting it to be what you've linked.
THIS! Oh, so much this! I never get it why they do this... I don't know how many times I clicked the logo expecting to get to the product's homepage, but, instead, I get to the blog's index. It escapes my mind, why nobody seems to think about this.
Seriously, I thought I was crazy for not being able to figure out what this device actually does, despite scrolling through the whole site.
I still thought it would be an mp3 player after reading about the battery modes and the sd card installation and the file system menu...then I gave up.
From what I gather, it does whatever you want it to do with a whole lot of interfaces. From the homepage I gather it has Bluetooth, GPIO, Antenna, iButton, RFID, NFC, infrared
It's an extremely marketing driven device and trivial to clone. Look it as a PC kind of - off the shelf components connected together with a proprietary case and a marketing department.
And similar to the early days of home computers, there's plenty of kits you can buy to build your own.
By that definition, every embedded device is extremely marketing driven and trivial to clone.
With devices like these, you're buying time. People doing reverse engineering for a living or as a serious hobby do not want to fuck around making their own. Robust hardware design/validation and supply chain handling are NOT trivial except for the most simple designs. The firmware is NOT trivial to recreate. The target market has already bought products that do most of the shit this device does, and now they can have a lot of it in one place instead of scattered across multiple devices.
I was comparing it to a Heathkit versus a pre-built PC, suggesting that there's a nascent industry of a lower barrier to entry for the sbc/Arduino hobbyist market forming in the same way that the microcomputer world of 1977 was a way way different than 1974 - you could just buy a thing and plug it in - no assembly code or assembling parts required.
It's an interesting marketing play. I wasn't suggesting people go out and make it themselves instead. Do it if you want. Buy the thing if you want. Whatever
Would probably be cheap to clone it for yourself, but not at scale:
> TI CC1101, the chip powering the Sub-Ghz feature, is in extreme shortage. To date, the supplier has shipped just a fraction of our initial order. The same situation is with our LED driver — TI LP5562. To overcome this we have to purchase these components on the spot-buy market at a much, much higher price (3-5x for CC1101 and 20-30x for LP5562)
>It's an extremely marketing driven device and trivial to clone. Look it as a PC kind of - off the shelf components connected together with a proprietary case and a marketing department.
Same could have been said for the original iPod. Design matters.
Can these clone passive RFID dongles? My building uses them and they charge $60 for a copy. Not needing to buy a copy from my building would almost cover the cost of this device.
You can clone most RFID keys at the key-copying kiosks inside supermarkets. I turned my most-used key into a sticker that I put inside my phone case for $10.
I got written up for cloning my work badge. Nothing in the policy. I protected it as if it were my real work badge. If your shit can be cloned by $10 worth of eBay bs, why is that my problem?
I admit to mostly having bought mine to have an Amiibo emulator with a screen and a menu that I can pick things from, and it performs this function admirably. I tried to use it to clone a hotel room key but its emulation was unsuccessful at unlocking the door. There is a LOT of functionality available in the hardware that isn't yet fully exploited by the firmware, and development is proceeding at a rapid clip, so I expect the device to only get more interesting as time goes on.
It seems that every day we are getting closer and closer to a 'tricorder'. I used to laugh at fictional devices that could detect/emit any frequency and communicate with anything. Not laughing now.
Pair something like this with a smartphone(specially those with ML cores) and things could get... interesting.
One thing I'd love to do with this, but which I don't think is possible - clone my car key. My family has two cars and I just wish I could have one device that is able to unlock & start both of them so that I don't have to carry two bulky dongles on my keychain.
The Flipper can unlock some cars, and the hardware has support for rolling codes, but as I understand it, the standard firmware deliberately does not enable this functionality to discourage abuse. Several people on the Discord have managed to unlock their cars once or twice, and inadvertently desync their cars from all of their key fobs in the process, leaving them with no devices that can unlock their car.
I think that's for a good reason. I suppose the implement a hardware public-private encryption and they transmit random data everytine you press a button
That's like... the worst of both worlds? You get a worse dev experience compared to regular js and your users get a memory hog that makes their machines go whirrrr instead of a snappy, lightweight Qt program.
Agree.the seamless integration of video and 3d model background with website background is amazing. Which theme inside ghost do you think it is (if you know)..thanks for the reply
It looks like the CC1101 supports quite a few modulation schemes, kind of curious though if you could build an SDR with a similar form factor to target things like lora too
I recently made a little IoT thingy off a rasppi- just a weeny air quality sensor stack, but the ease of prototyping compared to more traditional hardware that I'm used to was incredible.
They've still got a bunch of kickstarter backers waiting, and also a bunch of post-kickstarter pre-orders... I'd be amazed if they could fill their current orders by the end of the year (they've been doing a good job, considering shortages).
Nope. I just don't have an excuse to get one of these for business reasons, and my dance card is pretty full. This looks like a toy that I'd spend a lot of time playing with (I'd probably be interested in writing an iOS/Watch app for it, but, like I said, my dance card, full, it is...).
Have had one for about a month to fool around with. Very well designed product (both hardware and software-wise) that lives up to the hype. Haven't really had time to do more than scratch the surface of what it's capable of so far.
I do not recommend you to buy overprice lots on eBay. We will open sale for wave 3 very soon. Leave your email on wait list here https://shop.flipperzero.one and you will be notified.
I was a backer and have received mine, thanks for all of the hard work! I am curios, now that you have the tooling and partnerships established, what is the turn around on a new wave of flippers?
I still can't figure out WTF it It. Lotta hipster hype and brogrammer-speak.
Okay it's a little pwnigotchi or whatever that thing was called, except expensive. You can get little SDR kits that can do 90% of what this thing does for $50.
Okay, let's talk about the Russian connection. I don't actually know that much, so I'm hoping someone here can shine some light. Back when this thing came up for crowdfunding, it felt like a good time to get a toy that was engineered in Russia, made in China, sold everywhere. Now it feels like less of a good idea.
I'm not well equipped to sandbox the PC app and watch its behavior or whatever (and I have no reason to suspect the dev is personally a bad guy), but even something as simple as the shipping list of everyone who bought this, is basically a who's-who of security researchers the world over. Since we've already seen attacks that tried to compromise security researchers, I figure this isn't hypothetical anymore. It was North Korea last time:
I know this is nitpicky but the logo on your blog should be linked to your home page, not back to the blog.
The purpose of the blog is to promote your company/product.
When I visit your blog, I am now curious about what your product/service is. I expect to be able to click on the logo and find out about your company/product/service.
Linking the logo back to the blog itself is a missed opportunity to increase sales/marketing.
I'm curious about your product, but at first my curiosity is very low - I am willing to spend enough effort to click on the logo, but I am probably not curious enough to then go hunting to find your home page after the link sends me back to the blog.
A potential customer being willing to click one link on your site has significant value - don't squander it.
I guarantee that's by design, also the references to hackers "hack the planet" on the device etc. It's a love letter portable device that's very reminiscent of the various badges that have been at Defcon and other hacking conferences over the past few years. This brings a whole new level of polish and finish. They did an awesome job.
Sadly though, I kick start a lot of stuff that doesn't end up being 50% of what's promised if delivered at all. I still kick start fun projects like this though as a gamble on seeing someones ideas take place. I think the big problem for most of them is the designer suddenly has "all this cash" and has no clue how to manage or spend appropriately, ends up allocating to things they don't need or straight up siphoning off for lifestyle changes (SEE DUNE CASE) and then stuff is never delivered.
Either way HACK THE PLANET! I hope to see all these dolphins at Defcon!
Johnny Mnemonic from the Burning Chrome short story collection by Gibson. A staple of the cyberpunk bookshelf from the late 80s, and yes a very cheesy Keanu film...
It's definitely convenient, but I'm not sure I would call it game changing. Unlike Dropbox, where the sum of the parts was the difference between a power user being able to do something, and your average user being able to do that same thing, this is targeted at an audience that already has the mess of existing tools and is working fine with them.
It's better than what's already there and they'll sell a lot of them, but I wouldn't go so far as to say that it has made the impossible possible.
