I got one not too long after the official launch and I've used it a decent amount (granted I am in cybersecurity and have a more real-world use cases then the average person). My favorite use case is the IR remote since phones no longer have IR blasters. It's saved me twice so far in having to buy/find a remote for something.
One thing people don't realize is that the custom firmware [0] that you can run allows you to receive and transmit on a wide range of frequencies under 1Ghz. Lots of things use that range (garage doors, gates, fan remotes, etc.) and are not very secure. I think that this will be a time looked back on where it's possible to interact with those devices without having to buy a custom PCB transmitter or somewhat expensive and complex SDR.
I don’t think that’s as accurate today as it used to be.
On the hardware side there are tons of options very cheaply available - iirc the flipper uses the c1100 (or a number like that) it’s a popular cheap chip and it’s well documented and interfaces easily with arduino.
More accessibly, lime mini SDRs are cheap but there’s quite a few alternatives too.
On the software side GNU Radio is free with decent tutorials - we’re not talking anything like blender levels of difficulty to adopt even if it is a complex domain.
Although on the more accessible side, urh is incredibly powerful given how easy to use it is https://github.com/jopohl/urh
I used the latter to tap into a 2 channel wireless bbq thermometer via a $10 rtl sdr and that was a breeze, an absolute walk in the park compared to when I reverse engineered the flysky telemetry system.
It's not the TX hardware part that will be expensive - but rather bespoke encoding and crypto. Not prohibitively expensive, just annoyingly expensive in money and/or time - enough to prevent anyone except criminals from tampering with those devices.
Or worse, vendors will use it as an excuse to make their products cloud-dependent, with strong cryptographic auth and actual processing done on the other side of the world.
(And with that enabling the rent seekers their recurring revenue, we arrive at the reality foretold by IIRC Philip K. Dick, where you have to subscribe to your own apartment doors.)
(EDIT: the more IoT embraces actual security, the more I feel that US gov had a point in classifying cryptography as munition. Perhaps there ought to be legal limits on using crypto against other people.)
As someone with a HackRF PortaPack knockoff I got from ebay, I would agree that SDRs are better and cheaper than ever before. However, I think the average person will struggle with using a HackRF for more complex projects. I've used URH before, and while useful, it can be intimidating for beginners.
Also, while I like the RTL-SDR (and the price tag!), you can't transmit with it. While this isn't a deal breaker to everyone, if you'd like to clone a garage door remote, for example, you need to be able to transmit. While you could use something like a raspberry pi and rpix [0], but I think it is more work than it's worth for many. Also, multiple RTL-SDRs are required for higher bandwidth applications like ASTC TV or trunked radios.
With the flipper, I think the main draw for most is the point-click-done nature. Include the Android/iOS app and it makes it easy to configure on the go without a computer. The expandability is one of the main feature that will increase adoption over time compared to the HackRF+PortaPack which, from what I saw in the past, lacked longer-term support and regular updates and new features.
The batteries died in my bedroom TV remote a few nights ago, it wasn't until I went to replace them did I notice that one of the batteries had leaked and seems to have caused some corrosion on the contact, so until I clean it up I've switched to my Flipper Zero as the remote for it (just need power and audio control, rest is via a Roku stick). Never thought this would be my use case for it, but it worked out perfectly.
> one of the batteries had leaked and seems to have caused some corrosion on the contact
A reason why I have switched to NiMH rechargables. They leak less often. I've also grown tired of recycling spent alkaline batteries. Also Energizer has no leak guarantee on some of their batteries. I've got the green ones, Recharge Universal.
You just need a small Bluetooth-enabled box sitting on your coffee table near the TV that has an IR transmitter and a paired app on your phone that can send commands to the box.
yeah, but you have to be line of sight for a universal remote to work. the app enabled IR box means you can be anywhere within range. that does have its advantages. also, being in the kitchen while the remote is near the couch when your streaming platform of choice asks "Are You Still There?" means you can answer from the kitchen.
Why not? Most phones are manufactured in China anyways, and Xiaomi, OnePlus, Honor, Oppo are major and very widely popular and used brands all over the world (outside of the US which is allergic to Chinese brands unless it's for cheap crap or to outsource manufacturing to).
Outside of the US is a problem when it comes to availability and usability. I’m not going to buy a phone that doesn’t play nicely with my carrier or receive regionally relevant support.
OnePlus is the only brand on that list that makes sense buying in the US.
(Personally I can see why the IR blaster was removed as a feature in US phones. I can’t think of a time I wanted or needed it. How often are y’all losing remotes? My current remote doesn’t even really use IR for anything since the streaming box is controlled by Bluetooth and connected devices including the sound system are controlled by HDMI-CEC. My phone already controls the entire setup via a remote app that utilizes WiFi/Bluetooth).
I've always liked Xiaomi. At home, we have several of their phones, a vacuum cleaner, and some shoes (yes, shoes!). But a few months ago, my Chrome homepage changed to a Chinese search engine, and after looking online, it seems it was a Xiaomi error that affected quite a few people. Also, they include ads in their customization layer. This will be the last Xiaomi device I purchase.
In terms of functionality they're night and day compared to Western brands which seem to just enshittify their devices while raising prices. They're all made in China at the end of the day.
While rolling codes can be secure (KeeLoq [0] is a more secure example but has it's own issues), this [1] is an example of some of the weaknesses that can happen if a rolling code algorithm is broken. I have personally been able to capture, decode, encode, and transmit garage door codes using that python script and a HackRF (which can also be done with a flipper and custom firmware).
Can you help me understand why rolling code attacks aren't broken on most cars but are broken for garages?
Also, are attacks like this real/common/easy to pull off? https://youtu.be/1SUGf6OwRzw Where the signal is amplified from the key inside the house to the car. How does the car/keyfob not detect it's signal/noise ratio or time for roundtrip is all messed up distance wise?
From what I understand, cars are a bit more complex now then garages. KeeLoq, from my understanding, is not 'breakable' like garage doors. It does have weaknesses, but more related to the raw cryptography/math. Since KeeLoq is a cryptographic function, it can be broken by brute force or by gaining access to the manufacture key.
For the amplification attacks, my understanding of them is that the key fob and car may be able to detect this kind of attack, but require more logic/software to do so. Also, most of these attacks use high frequency 'backhaul' wireless networks (key fob at 3-400Mhz, backhaul at 2.4-5 Ghz Wifi with lower latency) to prevent such timing/signal-noise from being detected. If I had to guess, most key fobs/cars are more focused on making sure the key fob works at range or in hard-to-detect environments and not focused on preventing such relay/amplification attacks.
Also, some similar attacks to what you linked could also be done against Bluetooth (I think Tesla had this issue in the past few years) with a simple Bluetooth range extender/relay setup.
(Note: without one of those devices, most of this is just guesses/what I've seen is possible/theoretical in terms of attacks)
A friend got this for me, but I'm struggling to put it into any useful purpose, any pointers with things I can experiment it.
Using it as a remote seems so cool, esp bc I lost my roku remote not so long ago so if you have any resources that could help I'd appreciate it.
The documentation I've seen so far seems far and scattered and it seems people are more scared of being implicit in illegal activities based on their resources.
For IR remotes, there are a few ways to go about it. If you have a remote you want to clone, you can just use the flipper to clone and map buttons to a custom remote. If you don't have the remote and have a common device (like TVs), I would check this repo on Github [0] and see if you can find a compatible IR file. Note, you need a micro SD card in order to move the files onto the flipper, but a small one works fine.
I've had good luck with the basic universal remote when I'm in a pinch. Also, you can create custom IR files, but it can be a pain with encoding. The flipper forums are a good resource too [1].
Seems like there is at least a bit of interest [1] to convert lirc definitions [2], which is great, because there are so many of them. There even is a definition for my about 30 years old hifi! A really nice hack I saw is to send the code via something that reads lirc and capture it with a flipper in learning mode [3].
Great tool for learning Bluetooth Pen-testing. I run BTCTF-Infinity on an ESP32, powered through the flippers GPIO. It creates the BTCTF environment and I use the flipper to crack the examples. Kinda like a self-contained gaming handheld for BT practice.
My son was just arrested for using this in his hacking club at high school. Be careful if you have kids with one. According to witnesses in the room, he was showing it to kids in his hacking club and they all thought it was just turning off Apple phones in the classrooom. Apparently, it turned off phones including several teachers in adjoining classrooms. Anyways. The police came to the school and arrested him and are threatening him/us with federal crimes. They also executed a search warrant in our house and took all electronics. Its been a little traumatising to say the least.
Sorry to hear about this. You probably shouldn’t post anymore about this for legal reasons.
For other readers, I’d be curious the jurisdiction.
The specific app that can turn off iPhones requires the “unleashed” firmware I believe.
Also, regarding legality, if you are DoSing cell phones, you are creating a hazard where users are no longer able to contact emergency services, and this is the most likely avenue of charges, as opposed to FCC fines (if in USA) for using locked spectrums.
And so do reinforced concrete walls, they block the signal and thus prevent emergency services from being contacted too. And so many other things. Radio communications are unreliable by default. Someone's prank should not result in criminal charges unless tangible harm has occurred.
Intent, not the act is 99 percent etc etc. Wether or not harm took place does not matter, if it did, the entire basis of our legal system would rely upon only direct evidence of violent acts.
This is why attempted murder, kidnapping, etc is a charge. We do not yet have a charge of "attempted mass personal device disablement". and there is no reasonable case for......"manslaughter" of a device.
Being "realistic"/less analagous; Your mobile device is the most important inanimate object to you in every single category imaginable. And this is the case for most of humanity for some time now.
If someone knowingly removed my access to my personal device maliciously, I would suddenly start caring very much about seeing that persons freedoms taken away.
Edit: after rambling I wanna reiterate my first bit....intent is 99 percent. In this case, it's a kid. The law has context, and I think they should of course be lenient.
Yes, and if the intent was to prevent access to emergency services, then yes that would rightfully be a crime. But if the intent was to pull a stupid prank that would temporarily disable someone's iPhone for 5 minutes, then that should not be a crime, if only done once.
The kid should be told not to do it again. And no law enforcement should have ever been involved in the first place. Otherwise we are teaching those children to distrust authorities, that authorities are unjust and unfair. Thus undermining the rule of law.
All their classmates are also involved and watching the outcome of the situation. Some might end up seeing the "system" as being unfair and are not going to think twice before stealing or committing some other crime, e.g. fraud.
So, in San Fran, people break into cars and steal from stores, and they are not even arrested, but kids who are into electronics are being charged as the biggest criminals. It reminds me of the girl [0] who was into Chemistry and was charged with terrorism.
There teachers are crazy and so is the police being this overdramatic while the actual crooks are out there free doing their crimes while they busy arresting kids, crazy!
40+ years ago I did some dumb things in school as well. But in all cases I got punished by my father. Not because I hurt somebody, but because I wasted a lot of people's time who had to deal with consequences from my actions. I didn't respect other people and their time and it was enough for my father to punish me. And he had every right to do so.
When I was a teacher some time ago some kids did a dumb things as well – they "hacked" schools' computers by putting some really sticky putty under keyboard keys. I wasn't allowed to punish these kids by ordering to clean it after themselves and parents agreed to pay for a new keyboards after weeks of "discussions" with lawyers involved.
And on the part of who called the police in the first place. In my experience teachers and school management are just too paranoid/neurotic and will escalate everything so they can't be blamed.
It might be legal for them to call the cops, but it still does not absolve them from moral responsibility for their actions. Including all the distress it would cause the child's family, and the likely ongoing PTSD from the incident.
As someone with two and a half -- yes, and a half -- felonies for computer trespass from when I was in highschool, at 17, freshly 17, in 2003...I feel for you. Longer story, obviously. But no one knew how to deal with the situation, so "Something has to be done!"
In the words of Governor William J La Petomane, one of Mel Brooks' characters from Blazing Saddles, "We have to keep our phony baloney jobs gentlemen!"
When I was a teenager I would pour Coca-Cola into the school computers after seeing a fellow student get into trouble for similar stuff. Never got caught for that. It's acid and worked especially well against powered up electronic equipment.
I wouldn't be surprised nowadays they would just start a rumor about the teacher's sexual misconduct or grooming of the students, in response, instead. And the accusation could spread and escalate, completely destroying the life of the teacher.
A certain percentage of the population will just make stuff up if they have the opportunity to do so, and "juicy" gossip can spread virally. So if they ask for "witnesses" to come forward, they will. Sex offenders are hated so much in society, they get beaten and abused in prison all the time, so it's essentially torture in the end.
This is a super fun gizmo, it's discord channel is, uh, not great.
One cool thing is that you can talk to it serially. I pretty quickly had it organized with an IoT temperature sensor so that it could send commands to my ceiling fan given the temperature in my office.
I have also used it to capture the NFC code on a hotel card key so that I could still get into my room even after my key was inevitably "damaged" by nearness to other fields.
Some parts of it are silly, like the Tomagachi type game with the dolphin. Doesn't add value for me, but I can see how it might be something for someone.
There is also growing awareness with agencies about its flexibility, some apocryphal stories of them being confiscated by TSA checkpoints have come in.
Writing your own apps for them has a fairly high learning curve.
The dolphin game is to allow them to avoid some import/export restrictions by classifying it as a toy, which it is, and not a hacking tool. It’s not a professional device.
The Discord server is terrible. It’s both overrun with kids and yet also weirdly harshly moderated.
The device itself is fantastic though. Gives me some real Pebble vibes in all of the best ways. It’s very hackable and even though I don’t do crazy pentest things with it, it’s just an overall fun device.
The reddit is the same way. All the threads are new people asking how to use it to “have fun” by “hacking” vending machines and stuff, or for help convincing their parents to let them get one, or whether it’s worth their allowance to get.
I do have one, I think it’s a fun thing to have in my bag, but haven’t had any luck finding forums of responsible adults, or even just adults, discussing development or things to do with it. Even the “adults” who post about it inevitably do something like get fired because they take it to work and try to clone their own badges and the enter their work with the flipper.
Was going to say the exact same thing about /r/flipperzero. It feels more like a fan subreddit full of kids, which.... ain't my scene at all. People on that subreddit make it seem like it is this amazing thing that will get you in jail or something for posessing.
... But after owning one? I dunno. It's a neat gadget but to be honest about the only practical thing I've got out of it is cloning our apartment keyfobs and duplicating hotel cardkeys. Otherwise it's kinda fun opening up tesla charge doors and messing with iphones using Bluetooth LE. Somebody somewhere was starting a project to add CANbus support, which would be a perfect fit for the device.
I feel like the ecosystem needs a better way to add "apps" to the device. I might be missing something but it doesn't really have any official app registry or anything. Something like you'd see for npm, pypi, or platformio.
There's a ton of TikTok/Instagram nonsense showing it out in the world doing those things.
A large volume of the stuff you can do with it is just spoofing a USB keyboard and running console commands. You could do that for years with tons of existing microcontrollers the price of a hotdog, but suddenly script kiddies have taken notice and are willing to pay 100x for the ability.
The dolphin annoyed me immediately, but it turns out that all of the graphic assets are simple to find in the firmware so it should be quite easy to change the look and feel of operation into something other than fun time with dolphin friend.
Friend of mine has 3 yrs old. The "dolphin" is in constant use by the child.
"What is he doing now?"
" Let's check what dolphin is playing with today".
"What does it say"
"Does he miss me?"
"Let's play with him".
It quickly became pal of the child.
Friend told that is one in top 5 toys of the child now :)
When people realized anyone with a sophisticated police scanner could listen in on cordless (and then early cellular) phone calls, it forced manufacturers to actually implement a bare-minimum level of security on those devices.
I hope this pushes more manufacturers to switch to rolling-code algorithms (like the key fob your car uses), in place of simpler, less secure codes that can be captured and replayed.
> When people realized anyone with a sophisticated police scanner could listen in on cordless (and then early cellular) phone calls, it forced manufacturers to actually implement a bare-minimum level of security on those devices.
Did it?
IIRC, the biggest thing to fall out of that is the US government banned scanners that could pick up the frequencies commonly used by cordless phones.
> IIRC, the biggest thing to fall out of that is the US government banned scanners that could pick up the frequencies commonly used by cordless phones.
I recall that. I think the age of SDR's made such a ban (law?) almost impossible to enforce.
In the 1980s a friend of mine had a German radio which had a larger array of frequencies than that available in my country. It allowed us to listen to the police. Curious, but not interesting.
In the 90s my brother had a portable TV/Radio which we managed to tune into cellphone conversations.
Those were the days you could still telnet 25 to send emails with whatever sender you wanted. I used to send Christmas greetings from Santa to my colleagues at uni.
In the late 1980's I had this VCR that would allow me to tune into over the air TV channels in the eastern US.
Being an elementary aged student poking around, I realized I could use the tuner to listen in to telephone calls somehow. Granted, I lived on a farm and there were probably only two dozen houses within a mile radius of our home; the nearest being a quarter mile away. I had a small rabbit ear antenna on the back of my CRT TV that could have been plugged into the VCR.
I don't recall the actual hardware I had.
I never figured out if I was listening to cordless phones (seems they would not be powerful enough to reach me), cell phone signals (there were few cell phones in my poor rural community I assume but I guess there could have been travelers on a nearby highway), or CB radio signals from truckers on the highway (these seemed like mundane person to person conversations; not trucker conversations). Perhaps it could have been long distance HAM operators though they didn't seem to use any HAM protocols while speaking.
Likely first-gen cell phone service (AMPS)[1]. Calls were entirely unencrypted analogue audio transmitted in bands formerly allocated to UHF television. Your VCR was likely a pre-83 model, which is when the frequencies were reallocated to AMPS[2].
Sure though in some cases it isn't worth the cost or effort, e.g. kinetic light switches. In some cases it's appropriate to expect people to not be arseholes.
The last one is hilarious, just endless speculation on how the guy could have handled it better, the guy coming in with the account of how he handled thing pretty nicely, and then just crickets.
And the fix would be to remove yourself ~30ft from the source (though BLE might have even less range). The pump itself wasn't "disabled", the dude's Android phone (or dedicated Android device for this) was temporarily glitched while in range.
Specifically they say there's an Android device for monitoring/controlling the pump that was taken out by this. That seems more plausible given that it likely isn't exactly running the newest version of everything.
Apart from access control systems, it hardly has any good uses in the real world as a pen-testing device. If it was a pocket carry, true SDR, capable of recording RF signals as I/Q, performing actions on them, replaying them, etc, it would have justified its cost. But, with a limited set of modulations supported by the used RF chips, it is more like a toy for hacker wanna-be teenagers than a serious tool.
An investment in something like HackRF+PortaPack clone is far better, IMHO.
Totally agree that this isn't a good full pentesting device, but I also think that such a device doesn't need to be in order to be popular. Just look at the IM-ME when Samy Kamkar showed it off [0] and it sold out.
Most people don't need a full SDR like a HackRF in order to explore their RF devices and a Flipper gives that too them without the headache of software and the bulk of a full PortaPack.
(I love my HackRF and PortaPack for the record. The Flipper can't complete with the features and low-level access when you need it)
It's good as a bluetooth presentation remote, sharing QR codes or NFC contact info at conferences, and jiggling your mouse so your VPN connection doesn't die when your laptop locks up. It was handy around the house over the holidays too (https://some-natalie.dev/blog/flipper-at-home/).
I have found it pretty useful in a few situations:
- USB/Mouse keyboard when the iMac you are working on has totally dead batteries for the mouse/keyboard- its not fun but works in a pinch.
- Cloning weird ceiling fans/lights. Apparently I've bought horrible remotes but this helped.
- Used this as a nightstand clock while traveling.
- Used the authenticator app as a backup Yubi key
- Mouse jiggler to keep a computer awake
- blasting tvs at restaurants is a ton of fun and my kids like that.
- And the IR functionality for Nerf Laser Ops Pro (IR laser tag) is an absolute blast - the actual Nerf guns have a delayed trigger, but with Flipper there is no delay or need to "reload" so you are an unstoppable beast.
Thank you for this - It is really more of a backup/testing since I leave my Flipper at home 99% of the time and rely on my real Yubi for a few things. Mainly Github which was just because I can.
I had a lot of fun playing with the Flipper's Bad USB DuckyScript to automate some repetitive and tedious CMS workflow for a client, filling in a lot of input fields on multiple browser windows with a single press of a button. It improved my productivity and happiness. I've since graduated to Playwright, but it was the Flipper that sparked the idea.
I tried using a Flipper with some NFC stickers so I wouldn't have to carry around so many FOBs and cards. It turns out that the Flipper does not excel at this task. It complained that the NFC stickers I bought were non-writable. And it couldn't read all the sectors on some NFC tags. However, I was able to use the Android MCT app to write to the same stickers and read the tags the flipper couldn't read. Cloning required copying strings to the clipboard, which is something the Flipper's UI is not really designed for.
> It complained that the NFC stickers I bought were non-writable.
I'm not an expert at NFC but after playing around with Flipper I've learned that there are different types of NFC devices and they aren't at all interchangeable. They aren't just dumb devices but actual computers that power up and do shit (I think).
Yeah, Flipper as a concept sounds cool but then I found out the current implementation is rather half-baked and comes with a lot of limitations. And the community is not that welcoming either.
So, they found nothing suspicious with devices or apps.
Also made some far fetched connections of Flipper Devices to companies owning the hackspace Pavel Zhovner worked in, and attributed his trolling and making anti-censorship tools "as actively supporting the authorities in Russia". lol.
Paranoia isn't the only factor in a purchasing decision. It seems quite clear to me it's a Russian company trying to hide that fact for obvious reasons. I appreciate pnw posting this and making me aware before I decided to send money (indirectly) to Russia.
Even the report mentions the team members moving to Tbilisi, Georgia. Afaik Pavel moved to Dubai and still has Ukrainian citizenship. So I doubt a significant portion of company's money ending up in Russia, maybe except salaries of a few engineers. But it's pennies compared to how much the regime is paid for the resources, if that's what you worry about.
Semantics aside, I think it's quite clear they are trying to mislead by giving the appearance of being an American company. What does their company address show on their website? Delaware.
The report mentioned that their LinkedIn profiles changed from showing Moscow to Tbilisi. I'm sure I could also change my location to Tbilisi on my LinkedIn profile. How is that a meaningful argument? I don't want any amount of my money going to the Russian economy if I can avoid it, even if it's merely pennies as you say.
I'm not sure why you assume malice intentions by default.
Using a legal entity in a more convenient country for a startup seems like a common practice, including listing the address of such entity on the website. You'd be surprised how many companies are incorporated in America, pay taxes there, but have founders/employees/contractors elsewhere around the world.
So, I personally wouldn't count it as active effort of "trying to hide" or "trying to mislead".
> The report mentioned that their LinkedIn profiles changed from showing Moscow to Tbilisi. I'm sure I could also change my location to Tbilisi on my LinkedIn profile. How is that a meaningful argument?
Again, not sure why assume malice intentions. I also updated my Linkedin location when I left Russia, is that surprising?
> Why do you care to defend them so much?
Pavel pays me 15 rubles per comment of course! (tbh not sure why I waste time on this :D)
Thanks for your condescending explanation of corporate practices. I'm sure the typical HN reader is completely ignorant to those facts. Perhaps you could also explain Russian corporate practices and ethics to us all.
Only you are saying anything about malice. Everything is easily explained by greed (or the desire to simply gain if you prefer softer language).
The device is nothing more than a quite powerful STM32 board with some interesting peripherals added and of course a very powerful firmware/software, which is what makes the difference. However, as everything is Open Source, it can be ported to a similarly designed, possibly different looking, device without the code that phones home, an it probably is what hackers should consider since the Flipper Zero has been banned in some places and being caught with it say in a airport could be enough for confiscation and/or interrogation.
Also, it is overpriced for what it contains; they could sell it at half the price and still make a significant profit. And frankly, as someone who is 100% on Ukraine's side against the barbaric Putin invasion, I'd rather use my money to buy some electronics from Ukrainian surplus shops on Ebay.
As it should, and US consumer protection is failing to act, this is from the report. People do not understand the level of control the Russian authorities maintain over businesses in Russia and citizens.
1. Flipper Devices Inc. is registered in USA as their main office, but no development or business is done at that address. The address belongs to a ”mailbox” company.
2. A majority of registered staff on LinkedIn were until recently registered in the Moscow region, (but suddenly moved to Tbilisi, Georgia according to their LinkedIn profiles.) - No developers remain in Russia according to LinkedIn.
3. TZOR and Neuron Hackspace shared the same address during the period of 2012-2013. (Neuron Hackspace used the address before TZOR was founded.) The Company of the founder of Neuron Hackspace, Esage Lab/TZOR, is placed on US sanction lists due to the DNC hack 2016, under the claim that the company provided tools to the Russian intelligence GRU and FSB. The attributions were validated both 2017 and 2020.
4. The Company and founder of Neuron Hackspace, Esage Lab/TZOR, had contracts with at least two companies that delivered services for the Russian government, FSB and the Russian
military.
5. The founder and CEO of Flipper Devices Inc., has been involved in activities, such as running the DDOS site putinvzrivaetdoma.org, that could have attracted the attention of Russian security services.
6. The founder and CEO of Flipper DevicesInc., has been involved in activities since he moved to Moscow that can be interpreted as actively supporting the authorities in Russia, like trying to sabotage Alexei Navalny’s blog in 2014 and building a tool, Zaborona_help, to circumvent Ukrainian blocking of the Russian websites
The assessment is that there is an even chance that Flipper Zero has links to Russian Intelligence Services. The founder and financier of Neuron Hackspace was placed under US-sanctions due to providing tools to FSB and GRU related to the DNC-hack. The validity of the investigations behind the US-sanctions has been confirmed in 2017 (Intelligence community assessment) and 2020 (Senate Intelligence Committee). Pavel Zhovner’s past activities and that he seems to have been an early member of Neuron Hackspace contribute to this assessment.
It is at the same time likely that Russian authorities are well aware of the distribution of Flipper Zero and monitors the situation for opportunities to gain other types of benefits, either in form of influence over the hacking community, recruitment of talented hackers for similar projects or even attacks of infrastructure or other targets in the future.
It is also likely that Russian authorities will remain to have a substantial influence or control over this hacker community and could benefit from the future possibility to recruit talents with some form of combined security and IT background or even to blackmail foreigners that have been connected to this community.
I wasn't aware of a Russia connection until this post. On flipperzero.com near the top it says:
>Our team was originally formed in Neuron Hackspace by collaborating with industrial design and manufacturing experts Design Heroes.
A quick Google search for Neuron Hackspace and Design Heroes shows their location as Moscow. I'm inclined to believe the detailed report from that blog post and am glad I did not end up buying the device.
> I wasn't aware of a Russia connection until this post.
I'm still not aware of it after reading the post. Pointing out that some of the people on the project were members of a hackerspace in Moscow at some point in the past is not remotely sufficient to substantiate that there exists any current connection between the project and Putin's regime.
You refer to the post, but did you read the PDF linked to it? There's a conclusion section that's easy to digest.
As far as a connection to Putin's regime, you should read up the thread and note that nobody here mentioned that. Regardless of their supposed affiliations or lack thereof, I'm not interested in sending money to the Russian economy by purchasing a product from a Russian company. It's that simple. I think others would want to know that same information so thanks to pnw for mentioning it.
You mean like the CEO does work for FSB lives in Moscow supports the Russian war effort and built a service to silence Putin's opposition is not enough? We need to get him shaking hands with someone or cashing a check from FSB for services?
$169 is a bit steep for me, so I went on Temu and bought a $8 125KHz RFID programmer & a $5 USB-C IR Blaster. Combined with my Samsung phones native NFC writing, bluetooth, etc I feel like it scratched the itch of 90% of what people do with Flipper for 10% the cost.
The point of the flipper zero is to have one good supported gadget that has a lot of people hacking away with it.
It's the same thing with the raspberry pi, sure you can get some cheap clone off less than ideal places, but you're gonna pay with your time. That's basically it.
> It's the same thing with the raspberry pi, sure you can get some cheap clone...
It's a little different: from when the rPI first came out the price was a big driver of it's popularity. It started with the Model B at $35 (with the Model A at $25 "later this year") and this was so much cheaper than other options at the time. Look over threads from the time [1][2] and you'll see things like: "I teach middle school programming/computer classes. I cannot wait to get my hands on one of these. Right now it's cheap enough that I can tell the parents to buy one for their kids without a problem, and out of pocket it for those few of my students whose parents won't be able to afford it." and "The pricepoint is simply revoultionary. I intend to make a few amateur home automation gadgets with this."
Allowing for inflation they've stayed in roughly the same ballpark, price-wise. It's just that there are now also cheaper boards available, which used not to be the case.
That's true of pretty much all cooking (and baking) except when using a pressure cooker, so it's kind of a given - people learn to cook given their local pressure and humidity levels.
But then again, cooking is poor man's process engineering - what you do when you don't particularly care about quality and consistency, or at least don't have access to hardware and methods to ensure them.
Bought this to see what the hype was about. Hardly use it any more, the Instant Pot is just too small to be useful for air frying. 90% of the things come out better in the oven in convection mode.
Biggest level up was just lightly dusting anything with a starch or flour (lentil flour is awesome) and then a few light sprays of olive oil.
Kind of. But turning a stove up to medium-high and reducing to a simmer can lead to different outcomes depending on how the stove is calibrated and someone's interpretation of "simmer".
If you want to go deeper with RFID and can spend a bit more (~$50), I am pretty happy with my knockoff Proxmark3 Easy [0] I got on ebay. (Do some research to find a good seller as I have heard some sellers ship bad units). It can do both 125khz and 13.25Mhz RFID/NFC and is easier to use then some of the Android apps for cracking Mifare keys.
For the price, it is great for more complex attacks and almost has all the features of a full Proxmark RDV4 (minus BLE and a battery).
Do you have any resources for learning about RFID? I have some tokens for opening my garage door that I'd like to clone, and I'd like to know how they work.
I would check out the Proxmark3 Github repo [0]. They have a cheatsheet [1] with the basics on how to get started. I also did a talk about RFID security last year about the basics [2]
To get started, the basics are: low freq (LF) is usually around 125khz and is rarely encrypted (HID Prox is the most common in the US). The data is often encoded in Wiegand format for access control systems (something to keep in mind when reading the raw data).
High freq (HF) (aka NFC) is ~13Mhz and is readable by most Android phones with NFC. Not all tag data can be read however. HF cards support a lot of different options including data storage (normally in a block layout with permissions to read and write depending on keys) and encryption (iCLASS and SEOS being the HID offerings and very common). Some can be cloned (like hotel cards) while others (like SEOS) require a downgrade attack to work correctly (SEOS -> normal SEOS reader -> Weigand data -> older style card like HID Prox).
Amazon costs twice as much, and Aliexpress takes twice as long to ship. I have an adblocker installed, so I haven't experienced the annoying ads people are mentioning. I don't install apps when a website is available, so it's not a a spyware concern. If Temu is more evil that the other main two options, I have yet to see an explanation.
I'm not ver familiar with Temu. Are these shady practices documented somewhere, and are they worse than industry peers (aliexpress, wish, overseas ebay, etc)?
> so I went on Temu and bought a $8 125KHz RFID programmer
OT but if you found it for $8 on Temu, then you can most likely find the exact same device on Aliexpress for $1 - $2. Don't feed Temu - their ads are clogging up my feeds :)
the whole point of the flipper is the sub-1ghz radio and nfc/rfid capabilities. It's not really intended to be used as a general purpose computer, it's more like a really extensible radio
Yeah, but for me (and I imagine a lot of people on here) the itch that Flipper Zero teases is that of a hackable computer in a neat form factor, not the specific radio capabilities that it's actually meant for.
I didn't know about M5 before and now I'm hooked exploring M5's store, so I appreciate OP's pointing me there!
I think there are a lot of better options if that's what you want. From what I've seen the appeal of the Flipper is that you can do a bunch of fun stuff with a super easy to use interface (just select the thing you want to do and press go!) It's like the iPod of radio/rfid hacking.
Also the 1-wire/iButton capabilities. Systems that use this kind of keys are probably nonexistent in the US, but in some other countries, they're everywhere.
Yes, gp seems to be pointing out the flippers' largest use cases can be satisfied by significantly cheaper products. They also aren't necessarily "Chinese knockoffs". It just so happens that they bought them from a Chinese online retailer, and I don't see how they could even be called knockoffs because what gp described are fairly different products from flipper.
iPhones aren't sitting unused in a drawer forgotten like 99% of Flippers. There's nothing differentiating or polished about clicking one button versus clicking a different button to clone an RFID tag. I'd rather have cheapo version of 1 time use gizmos.
Design is way more important than just what things look like. But it contributes to a product's success in ways that are sometimes hard to measure. That's why engineer-driven company don't understand it and engineers (as a sweeping generalization) usually hate it.
You are correct, there is a mobile app interface for it.
You can check firmware version and device status, update it, have access to file manager, can backup keys, read logs, reboot, speed/stress test, and probably do a lot of other things that I am not aware about.
> I would think there would be a mobile app interface for flipper?
If you want to interact with the software on flipper zero you have to use the "remote" app (or whatever) on the phone. It kinda sucks though because it literally acts just like the physical device. If you wanna type a filename out and think having a full keyboard like on your phone would make that task easier... it doesn't. You are stuck using the fake "buttons" to move the cursor around to each letter just like you would on the device itself.
There is another possibility: that the Flipper gets an update with the order of a government.
For example, to reprogram or shutdown electrical systems in the house.
And then it will be a day to remember :D
I’ve had one of these guys sitting around for a while - love the hardware, love the concept, but I haven’t really found a lot of use for it - what are y’all using them for?
My friend found out the school he sysadmins for was using weak rfid card keys (despite the readers being smart enough to handle higher level encryption) and found he could clone his key and get in places. So basically he pen tested and then they decided to upgrade to the less or non-cloneable card keys. Security for the win.
Before anyone tries this, doing this without first checking with security/facilities would likely be grounds for “disciplinary action, up to and including termination”
I don't know why you're getting downvoted for this. It's 100% correct advice. The person you're replying to is a sysadmin so they are probably okay in this situation but cloning access cards without permission would be a serious breach no matter how well intentioned or how easy.
I countered the statement and also getting down voted. The key is to train your brain to like down votes just as much as up votes. When the number is just a number not attached to dopamine then you are free.
The votes are not there for your benefit - they're there to make good/useful/valuable comments rise to the top, and bad/low-value/spam ones fall to the bottom.
Nontheless the point about learning to accept downvotes is valid because "why was I downvoted?"-crybaby posts are annoying, useless and tend to also get downvoted.
My comments got more than 200 downvotes and ban in discussion about physics about decade ago, but I nailed the problem. Also, I receive downvotes from Russian imperialists at constant rate just talking about history of Russia and Ukraine, because real history of Russian Federation/Russian Empire is well guarded secret in Russia.
If coercion was going to ever rule the world someone would have accomplished it fully already as many have tried. Yet here we are still free to say nearly whatever the fuck we want in the free world thankfully.
Hes getting downwoted because this site is called hacker news. Dont be such a corpo chicken. I am pretty sure people are aware of legality of similar actions and dont need this mentoring.
Losing your job may not seem like a favor at first, it depends on how high you bounce after the fact. Being self employed for 20 years after being laid off was the best favor anyone ever did for me. I would have never taken that initial risk without being pushed into it. Now risk is comfortable.
Quite often the keycards have sequential IDs which means you can increase or decrease the number a few times and find a colleagues card with higher or lower privileges than you.
It's my backup key for my garage and my office door. I also use the universal remote to change TVs in public spaces occasionally. It's a chunker, so it's not a pocket carry, but I keep it in my backpack.
Not the person you are replying to, but I use my flipper for the exact same purpose.
Not sure which specific garage opener my apartment building has. But the fob controller the leasing office gave out is way too weak, so i have to sometimes press it many many times and wiggle it in multiple ways until it triggers the garage door. With flipper, it works on the first try.
A funny anecdote: after using my flipper for about a year, I encountered another flipper user in my apartment elevator (the elevator requires a keyfob to go to any floor except the ground floor). I talked to him for a bit. Turns out, he manages a bunch of boat storage units here (in Seattle) that all use different keyfobs. So for him, it is just pure convenience to carry a single flipper device as opposed to always having a lot of different physical keyfobs on him, and then shuffling through them in his bag to get the right one.
The part I don't get is even if you flash the firmware, does that mean you can make sure it doesn't make all other remotes fail? My understanding of the whole rolling code system was that you could get a few uses and then you were screwed.
If that's not the case I really need to do this because having it handle my tv's, ceiling fans, and garage door would be a nice trick.
For Chamberlain brands [0] there is some research that shows that their rolling code system (Security+ and Security+ 2.0) is quite easy to decode/decrypt [1]. This feature is supported in the flipper firmware, but is restricted (you can't create a custom remote, only clone is supported) without custom firmware. However, I'm sure you could decode a raw capture file if needed in a pinch.
I thought so at first by my initial reading left me somewhat confused on if there's a private key that only certain remotes have or something like that?
It's less of a private key and more a random per-remote prng seed that gets set both on the remote and the door controller when they are paired. When you press the button, remote increments its sequence number and send this number, its ID and a hash of all that and the seed to the controller. Controller checks the hash, then checks that seq number is more than last seen for this remote and opens the door. This protects against replay attacks and fairly uncomplicated to implement.
This sounds a lot like the KeeLoq algorithm [0] (minus the hashing part). From my research into the rolling code space, I think most remotes don't quite have the CPU/featureset to support a real, secure crypto system with things like SHA, AES, and RSA/ECC. Would love to see one though!
I bought it in the hopes of causing mostly harmless mischief, but its capabilities in that realm are oversold.
That said, I knew very little about UART communication or SPI until I started playing with this and an ESP32 device. I also knew very little about bluetooth, RF, and RFID/NFR type stuff until I started exploring the world with this. It's been a fun journey that's rapidly advanced my understanding of quite a few things.
Others have said its overpriced or that you can build your own or whatever, but it's actually just the right price for a cool little educational tool that also works beyond the educational stage. It may even inspire me to build my own advanced version at some point.
If you're already a hardware hacker or EE, this is probably not much more than a toy for you. If you've always wanted to explore some of these topics but had no idea how to start, the Flipper is a good introduction. I immediately flashed it with custom firmware and it was easier than flashing my BIOS.
Well I found that my apartment NFC key is hardened against dictionary attacks and I'm not able to copy it. It also helped me learn that my parents' garage door is pretty secure. I'm able to have the opener learn my flipper like any other remote, but not crack it. This is even with the unleashed firmware that doesn't mind violating FCC regulations (some of the frequencies it hops to are restricted).
I was able to copy my work NFC badge, but I'm not really interested in trying it out.
It's handy as a pocket spectrum sniffer, but I don't have much day-to-day use for it outside of that. I'm glad it was given to me because I learned a lot. Potential future use for me might be an amiibo emulator, but I've grown out of those sorts of things.
My apartment uses Latch deadlocks. From what I've read the model _should_ support an NFC key, which of course we don't get. I'd love to figure out if I could do it myself. Ideally I'd be able to use my iPhone that way automatically though (the app on iOS apparently can't due to Apple rules but I'm not an expert). When my hands are full with groceries or whatever it can be a chore to pull out my phone, dig for the app, and get it to unlock the door.
Speaking of garage door rolling codes I've noticed there is some sort of slack in the synchronization, probably so that if you press the remote button a few times while out of range your remote still opens the door. My guess is that the receiver looks not only for next code after the last one used, but also for several codes after that.
Question: how many times would you have to press the button on the remote for it to get so far ahead of what the receiver looks for that the remote no longer works without reprogramming the receiver?
Years ago I had some insight into the "crypto" behind a garage door opener. It was essentially a rolling code and the controller stored the counter for each paired remote and checked it. The package sent by the remote also included its current counter value. If the controller received a counter that was higher than expected, it just updated the stored value and accepted the request, assuming the actual "ciphertext" is correct ofc. The only constraint was that the sequence number must be larger than the stored value.
This also means if you manage to clone a remote, you can just abuse humans. If you opened the door with your clone, the next time the original remote sends its package the sequence number will be too low and the controller will ignore it. But what do you do if your remote didn't work? You press it again, this time the sequence number matches and things work as they should.
For cloning you need to reconstruct the initial seed for the PRNG that is used to create the ciphertext based on the sequence number. Based on how little resources these remotes tend to have, more based on cost than battery life etc, and that some vendors design their own crypto, this can actually work. If you know the algorithm and the seed is only 32 bit, you can easily brute force it.
There’s a great answer here that describes a rolling code attack and above it, an answer describing that they have slack regarding where they are in the code sequence.
My building charges USD 40+ to replace the white rfid cards if you lose it and something similar for the remote control for the parking gate. So i just cloned all my cards and remotes and keep them as backup, just in case.
I use it as an easy voltage tester for various hardware projects. I wrote an app that can do GPIO input (the built in only does output) so I can check which parts of a given circuit I'm building are high or low at a given time. Basically like a parallel multimeter.
A bit different than the other replies, but I'm using mine like a very extensible input/output device for my own hardware projects and as a general STM board for fiddling with embedded on an STM chip (I usually stick to RP2040s and ESPs). I'm really interested in making expansion boards for the Flipper, especially ones built on the RP2040. Just sounds like a ton of fun.
IIRC phones need to be rooted to pretend to be an NFC card, although they can write to blank ones. I've done this before. The Flipper Zero is a lot more convenient though.
Cloning my NFC cards, being my garage opener (I wasn't given a key and couldn't be bothered getting one... and yes, it's my garage), testing equipment using the GPIO pins and what not. Last one is really handy tbh
Edit: oh! I used it today to snap pictures with my phone every second for photogrammetry work, that was neat! Wish I had gotten better point clouds out of Gaussian splatting though
So is forcing me to watch ads. TVs everywhere in public spaces in America is a cancer and I’ll happily turn them off or unplug them whenever and wherever I see them.
This isn’t a thing in other countries, it’s part of American culture.
I have a hard time telling whether you are being sarcastic here.
It's one thing to block ads when they have been loaded into your web browser that is in your room (completely morally and ethically fine). It's a completely different thing to go into someone elses space and start making decisions about what is or isn't running on a tv there.
I like ads as little as you so what I can do is just boycott that restaurant or bar entirely or ask the staff to turn it off. I think it's part of being a well adjusted adult to know what you want or don't want and go about it in a reasonable way (such as asking staff). It's immature though to just do that forcibly.
It is however not my duty to teach you that, so let's leave it at that.
Do you even hear yourself? Back when I had a Samsung phone with an IR blaster, it was a godsend in that era when, say, your dentist that you were handing thousands of dollars to decided you need to hear 30 second Invisalign commercials over and over at full volume in his waiting room.
Thankfully culture has adjusted some and those conditions aren’t as common as they were.
Not being sarcastic (but am indeed questioning if you “like ads as little as [me]”).
Turning off a TV is also morally and ethically fine. I don’t see the big deal. Nothing is happening “forcibly”, I’m just sending out some IR. Nobody’s hurt or damaged.
Part of eating a bar (or similar) is to have a sporting event on TV so you can watch it while being out. I would be upset if someone was turning those off in that type of place. If you don't like it, don't go there.
Why would you go in to a restaurant that has TVs if you don't want that? This is borderline sociopathic behavior. You sound like the religious police of Iran imposing your view of what culture is. You should assimilate instead of trying to impose your draconian views on others
I used it a lot at first and it taught me about NFC, IR, etc. I made a few remote controls on it, which is convenient to e.g. turn a fan on at night due to its backlight. I also clone Amiibos for Switch games. And make copies of hotel room keys and RFID tokens for backup purposes although some keys can't be cloned. You can monitor all kinds of wireless signals like garage doors getting fired off around you, which is fun. I know some people use the USB feature to somehow install Windows automatically when they have a bunch of laptops to set up.
I gave two of them away at a hacker con last year. During the event it was used to open up the charging lid of a Tesla and to remote control a fog machine.
I'm not competent of interested enough to make full use of them but I get the impression that they still have a lot of use in a large part of the world where simple RF is used to open gates and garages.
And of course you can copy and store RFID but you still have to get your hands on the tags. And that's where it falls down in certain more developed countries because they've mostly moved to RFID.
Couldn’t find a ceiling fan remote one time ( I have 3 with the exact same remote ) and used it to manage fan speeds
Still doesn’t justify the cost but I guess it’s like my leatherman. Hardly use it but handy when I do.
I actually bought it when seeing the pwnagotchi comparison and expected functionality from the wifi/marauder dev boards to be included. Meaning I got my flipper in the first batch for my country but couldn’t get a dev board even months later
A specific but satisfying use case, my apt building was being stingy* with handing out RFID tokens so I used it to copy and program a cheap RFID token for lending to a trusted visitor.
* Stingy => security protocols that I agree with in sentiment but unfortunately I need to let my pet sitter in and it's nice to allow them to keep the keys as I travel frequently and key exchanges are less than optimal for my spouse and I
I’m also in this place. I have the wifi card as well and I’ve not taken to writing any hobbyist software for mine.
I had perhaps foolishly hoped to at least get a fun universal remote out of it, and it’s somewhat possible yet the software just isn’t there to bring a robust family of device RF and Bluetooth commands together. It’s no harmony remote.
I’ve had no problems reading chips from a few cats, but you do have to scan around a bit because often the chip has moved a bit from where you expect it to be
Basically the reader writes data back to the fob and expects to see it the next time it reads it. This results in either the original or the copy getting de-synced.
One interesting capability that this unlocks is that battery powered, offline readers (think apartment door that uses the same fob as the lobby) can write out things like battery state so that apartment maintenance knows when it's time to swap out batteries.
Just a party gag so far with some friends. Like if I'm at a friend's house and they're using their phone I'll Bluetooth spam them to lock up their phone for a second to mess with them.
They created a fast-food substitution product and have been trying to pass it off as the real thing. It's a hardware script kiddie device and that's exactly how their videos depict it.
I was always turned off by their approach since first seeing it in 2019. I've played with the device, get their facebook ads all the time, tried to change my mind about it but 5 years later I keep coming back to the same animosity towards it.
These are all easy to teach things and this thing shrouds that fact through product alienation intentionally distancing the user from any real hacker education and replacing it with animations and theatrics.
I'm cool being dismissed as a crank. They're obviously successful millionaires and I'm not.
It sounds more like gatekeeping to me rather than being cranky. Not saying you are actively doing so, but I'm not sure RFID and the likes are "easy to teach things". Quite the contrary, actually. So if this motivates some teens to go out possibly discover an affinity for hacking, it has done its job. That's my thought of this product anyway.
They made a product that’s really easy to use out of a bunch off of the shelf components. What’s fraudulent about that? I haven’t seen them claim any features that the device doesn’t have. They literally have the chip product numbers they use for each module on their home page! They’re not hiding it!
Really? I like mine. Learned a lot about RFID and was able to successfully copy and clone some hotel prox card. Sure, they didn't "invent" the chips inside, but they put the hardware and software in a nice package, included software, and grew a nice community of hackers around it.
Because of the popularity of the device, there are third parties, some less reputable than others, trying to ride their coattails. Perhaps that's what you're reacting to?
I was able to clone my apartment fob using a tool I got for $30 on Amazon, and it even came with extra blank fobs and cards to clone to. Flipper Zero can more than just clone RFID keys, but my point is that the tools exist to do all the things it does and do them cheaper, and they're just as easy to use.
If you really need a tool that can do them all, though, I can't really argue with the utility; but I do kind of agree with the GP comment that Flipper didn't exactly do anything that hasn't been done before.
And that's really it. It's purely a marketing play. I guess my other frustration is when I see people who I thought were pretty clever not realize that
No offense, but that is a pretty one-dimensional view of products and businesses. So many great products are just an exciting and/or user-friendly version of a simple concept and well marketed which opens up the doors to a much larger audience than the original concept otherwise would've received.
This approach isn't a cheap cop out, it is serving a genuine utility and bridging the technology to more people.
Bad actors are going to ruin this cool little device for everyone else. For every story I hear about a cool usecase for it, there's another about it being used to annoy or harm others.
I tried repeatedly to sell mine there, because I'd see some auctions for them complete. Then they told me it was definitely banned, because it could be used for (IIRC) RFID hacking.
(Fair enough. I ended up having to sell mine locally, for a lot less money than what the occasional auction would complete for on eBay. And finding a buyer locally was harder, and with much higher rate of flaking. As someone with deep frugal influences, who likes to save money when buying things, and to sell things once not really needed, I really like eBay when it works OK.)
The person you're responding to probably means that bad actors will cause the device to become illegal to buy or use in certain areas as a result of being associated with illegal or harmful behavior.
It is true, tools will be misused, banning already happened to knifes and scissors in narrow or broader context for example. Will see how this one will be regulated, if will be at all. If they are smart - usually not, but at least less smart than paranoid - then it will not be a blanket rule, actually cannot be without unplugging all computation and wireless devices.
“Outside” perspective after I was recently gifted one for my birthday: it’s a fun and easy tool to learn about hardware. I became a programmer through the “Applied Math” route (Causal Inference -> Probability -> UL -> DL -> CS). Never owned a Raspberry Pi/Arduino and too busy to get into hobbyist electronics. The Flipper is accessible and low friction, motivates learning eg about GPIO, and is the first time I’ve messed with firmware and signals.
I've mainly use Flipper Zero to duplicate my digital apartment keys (iButton then later RFID fobs). It's so easy to duplicate a physical apartment key, but making backups of the digital equivalents is annoyingly tedious. Plus, apartment managers treat them as scarce commodities and refuse to give backups.
With Flipper Zero I now have backup keys in my backpack, on my dog's leash, in my running belt, and with close friends. It's great.
Anyone tried to crash Bluetooth speakers with this? I’d buy one immediately if I can mute loud tvs and harmlessly disable Bluetooth speakers from a distance.
My new rental only provided us with one garage door remote and it looks ancient. Fairly certain this could an overly expensive extra garage door remote.
Even beyond the wireless stuff it's focused on, it's super useful as a combined UART bridge, SPI Flash dumper, DAPLink debugger and other hardware tools.
The flipper has great size/capabilities. I mainly use it for NFC/NF wireless pen-testing. Some clients use NF payments and this gives me a single click testing tooling.
As others have said, if you want real capabilities get into SDR. My real kit includes HackRF piped into wireshark.
Lastly, a community that has seen a bump recently, Pwnagotchi. Its worth checking out and to me has alot of potential.
A lot of people buy tools and then never use them, just like people buy trucks and 4x4's, but never use them to haul cargo or go off-road. When you buy a tool, you generally want to have a job in mind, and then have the follow-through to do that job.
I'd love to have one to learn more about radios with my kids. Some of Flipper's apps look pretty interesting too.
Probably out of scope, but I hope FlipperOne has a few environmental sensors too. (In a perfect world, it would also have thermal imaging, but these sensors are way too expensive.)
My Flipper Zero has been useful for me while living in Ukraine.
For some reason, many apartment buildings require the use of a little electronic tag not only to open the outside gates, but also to operate the elevator to reach someone's apartment. This also includes trying to use the elevator to reach the ground floor, e.g., when you leave your friend's apartment and you are going home. So you can't leave the building with the elevator without your friend coming out and unlocking it for you. It's madness.
So, I clone my friends' tags (with their knowledge) and come and go as I please.
The initial marketing mentioned that flippers can exchange collected data as a social interaction. The reason I haven’t bought it is that I don’t want private stuff used and home being leaked to flippers nearby or to a central server. Any experience with that?
The problem with the Flipper is it's missing documentation. And new learners need documentation. The response from the Flipper team has been telling people to read the source code.
this seems like a cool device that people actually like, but it's crazy that i've still never seen a blog post of "hey check out this cool thing i did" that just happens to use a flipper. it's always the other way around, the point is to have a flipper and find things to do with it, not to have a flipper because it does something you want.
i buy lots of nerdy toys, but can we all just admit that this is a toy, not a tool?
Their website wouldn't take my credit card. Needless to say, it's a good card and I used it on other sites that same day and after. I wrote to Support.
Three days later, they wrote back and suggested I try a different card. Sorry, Flipper, you lose. Nice idea, but a company is more than a piece of hardware.
I have one, loaded it with Xtreme firmware (better than unleashed etc.), and works great! some people are missing the point of this device and start comparing it to an advanced NFC tool or other SDR, that’s not its intended use, it is AIO swiss army tool style that you will (might) find it handy in situations that other advanced tools aren’t around, for example I have some advanced SDR like BladeRF and limeSDR, far better in terms of everything than the flipper, but in many situations it would be impossible to use one of these SDR, not just how suspicious it will look with all that gears, but simply you just don’t have it at that time. So I have my flipper loaded with all fobs keys, garage (yes it does work with rotating key if you pair it), all my home sub-ghz, IR, are all backed up as well, and as someone who works in robotics I find the quick access to GPIO is handy sometimes, among other usages, for example, I have a friend who lives inside a uni dorm, and if you happen to lock your keycard inside your apartment, the cost to just open that door is $50, not even replacing the card.. so after he paid it few times I took a backup of his card, and whenever he locks it, he will call me and I open it for him.
Yeah, I had the same thought. $169?! I get that it's specialty geekware, but with enough popularity that I would have guessed the price would be in line with the Arduino. Like, $50?
Main microcontroller is $6--that's 10%. NFC micro is going to be a dollar or two.
Case. PCBs. Display. Connectors. Voltage regulators. Crystals. Inductors. Speaker. You don't need very many of these to be a chunk of a dollar in order to hit $60 pretty quick.
Everybody disregards semiconductor costs when they are under $1. Cheap doesn't mean free though. BOM costs add up really quickly.
The necessity to control costs is one of the reasons why software people get so absolutely shocked and dismayed when they try to build hardware.
One thing people don't realize is that the custom firmware [0] that you can run allows you to receive and transmit on a wide range of frequencies under 1Ghz. Lots of things use that range (garage doors, gates, fan remotes, etc.) and are not very secure. I think that this will be a time looked back on where it's possible to interact with those devices without having to buy a custom PCB transmitter or somewhat expensive and complex SDR.
[0] https://github.com/DarkFlippers/unleashed-firmware