The Coolest Hacker Multi-tool on the Market: The Flipper Zero

by Andrew "OGSkeltal"

I am not affiliated with the Flipper Zero team, but have found substantial positives to using the product.

I believe security professionals will benefit from owning one, so I wrote the below short piece advocating its uses.  With wider adoption, there could be an increase in competing products, allowing users greater choice.  The Flipper Zero opens a lot of possibilities for unique hardware devices targeted at, and made by, the hacker community.

Introduction

Imagine a device where you hack almost any wireless (Infrared, sub-1 GHz, Bluetooth, RFID cards) and hardware device.

It fits in your hands and it's fun to use.  It seems almost science fiction, but it exists!  It is the only type of device I have found that does this.

I recently purchased a Flipper Zero device and was fortunate enough to get it quickly, considering difficulties in shipments.  I can say - without a doubt and for lack of a better word - this device is the coolest piece of technology I have seen in a decade.  It is billed as a "hacker multi-tool" and lives up to its name.  The Flipper Zero can work with various wireless technologies and has GPIO pins for hardware exploration.

Physical Device Features

The Flipper Zero is slightly larger than a credit card and can easily fit into a pocket.

It has GPIO pins for testing and expansion boards, a microSD card slot, and charges via USB type-C.

Modules

Sub-1 GHz Transceiver - With the official firmware you cannot transmit, but the team behind the Flipper Zero allows custom firmware.  Customization turns the Flipper Zero into a "baby Hack-RF."  You can easily do rolling-code attacks and signal analysis in the sub-1 GHz range.

125 kHz RFID Antenna - With this, you can access low-frequency proximity cards, which are used in many access control systems.

Near-Field Communication (NFC) - Read, write, and emulate high-frequency tags.  I have used it to read the chip in my credit cards - spooky!  As more applications are developed, more functionality will be added.

Bluetooth - I have not used the Bluetooth functionality often, but the Flipper Zero website has the following to offer on the subject: "Flipper Zero has a built-in Bluetooth Low Energy module.  As with other Flipper wireless features, we will be providing an open-source library for adding Flipper support to community-made apps.  Full BLE support allows Flipper Zero to act as both a host and a peripheral device, allowing you to connect your Flipper to 3rd-party devices and a smartphone simultaneously."

I have used the Bluetooth module to update my Flipper Zero, since the application on Android and IOS is already out.

Infrared Transceiver - Supports transmit and receive.  If you remember the old days of the IR blaster prank device, this is similar.  Large amounts of codes already exist that can be pre-programmed (more information is provided at the end of the article).  Additionally, the Flipper Zero can "learn" the codes and you can attempt to manipulate the device you are working on.  I have used this to annoy my wife by turning off the TV!

Hardware Exploitation - Per the website: "Firmware flashing, debugging, and fuzzing.  It can be connected to any piece of hardware using GPIO to control it with buttons, run your own code and print debug messages to the LCD display.  It can also be used as a regular USB to UART/SPI/I2C/etc adapter."

1-Wire Keys (iButton) - 1-Wire connector to read iButton (a.k.a., DS1990A, Touch Memory or Dallas key) contact keys.  This old technology is still widely used around the world.  It uses the 1-Wire protocol that does not have any authentication.  Flipper Zero can easily read these keys, store IDs to the memory, write IDs to blank keys, and emulate the key itself.

BadUSB - The Flipper Zero supports BadUSB and has a module for it.  Many scripts have already been converted for use.

U2F - The Flipper Zero can act as a universal second-factor authentication key.  It is currently only supported through USB, but Bluetooth is in the works.

Technical Specifications as per Website

MCU (Microcontroller Unit)
Model: STM32WB55RG
       ARM Cortex-M4 32-bit 64 MHz (application processor)
       ARM Cortex-M0+ 32 MHz (network processor)
Flash: 1024 kB
 SRAM: 256 kB

Display
  Resolution: 128 x 64 pixels (LCD monochrome)
   Controller: ST7565R
    Interface: SPI
Diagonal Size: 1.4"

Battery
LiPo 2000 mAh
Seven days approximate working life (I have tested this, it works as advertised.)

Sub-1 GHz Module
Chip: TI CC1101
TX Power: 0 dBm max
Frequency Bands (depends on your region): 315 MHz, 433 MHz, 868 MHz, 915 MHz

Note: Unlocked firmware exists, so if you flash the device you can RX/TX on all of these frequencies. 
      If using official, you cannot transmit, and only receive on bands depending on region.

Near-Field Communication (NFC)
      Frequency: 13.56 MHz
Supported Cards: ISO-14443A/B
				 NXP MIFARE Classic/Ultralight/DESFire/etc
                 FeliCa
                 NFC Forum Protocols

RFID 125 kHz
      Frequency: 125 kHz
     Modulation: AM, PSK, FSK
Supported Cards: EM-400x, EM-410x, EM-420x, HID Prox, Indala

GPIO
3.3 CMOS level
Input 5V Tolerant
Up to 20 mA per digital pin

Bluetooth LE 5.0
      TX Power: 0 dBm max
RX Sensitivity: -96 dBm
     Data Rate: 2 Mbps

MicroSD
Up to 64 GB MicroSDHC
Read/Write speed: Up to 5 Mbit/s

Buzzer
   Frequency: 100-2500 Hz
Sound Output: 87 dB
        Type: Coin

Vibration Motor
Force value: 30 N
      Speed: 13,500 rpm

Infrared
TX/RX Range: 800-950 nm
   TX Power: 300 mW

iButton 1-Wire
      Operate Modes: Reader/Writer/Emulator
Supported Protocols: Dallas DS1990A, CYFRAL

Control
5-button joystick
Back button
Reboot - Back + Left buttons for 2 seconds

USB
1x USB 2.0 port, type C
USB device
Charging

Physical
                Size: 100 x 40 x 25 mm
               Weight: 102 grams
       Body Materials: PC, ABS, PMMA
Operating Temperature: 0 ~ 40 °C

References

GPIO pin-out can be found here: Flipper Zero GPIO Pin-Out

Official Link: flipperzero.one

Collection of Official and Unofficial Software: github.com/djsime1/awesome-flipperzero

BadUSB Flipper Zero converted scripts: github.com/I-Am-Jakoby/Flipper-Zero-BadUSB
Return to $2600 Index