Flipper Zero: The Thread. I received a Flipper Zero a few days ago, and since I'm idling here at my parent's house, for the holidays, I spent a lot of time playing with it. This thread captures my impressions about the device.
First: the Flipper should put many hardware companies to shame. The user experience is *so* good. Everything works well at the first try. The Android app immediately connects with the device and updates the firmware. It can stream the screen in real time, access the file system.
The battery is already charged when you get the device. The animations are great, the applications well designed and it never crashes despite the fact it is still beta code. A few selected coders and designers shows how much big companies suck at designing hardware and software.
The device is extremely low-power, the battery runs for days and days while you actively use the device. The CC1101 chip (the sub-ghz frequencies RX/TX core) is very low power, and so is the display and the ARM chip running the device. It never gets even remotely hot.
Before understanding what you can really do with a Flipper, let's talk a bit about the software. The firmware is well written and not bloated, even if the code is absolutely uncommented. This is an issue because it talks with the hardware, so the code does a lot of implicit stuff
However as I said code quality is good enough, and there are many (uncommented) example applications. After a few days of reading the code I was able to write my own application (you can find it on my GitHub). The API abstractions are optional and not too complex.
What you can do with the flipper? It shows you the world of RF communications in a quite interesting way, it's a good learning tool. You can duplicate certain RFID tags, NFCs, copy raw signals from the sub-ghz band (various remotes), decode certain signals.
Many of the above things you can do more effectively by installing an alternative firmware with more capabilities. There are mainly two: Unleashed and RogueMaster. They are very similar and share almost everything with the original firmware. Just limits removed and more apps.
Rolling codes: many remores use rolling codes (such as Keeloq or other proprietary protocols). You can record the raw signal and attempt a reply attack, but it will not work if the receiver saw a given generated code already. What is worrying is that:
Designers of certain receivers thought it was a great idea to black list the key ID sending the same sequence twice, so while the Flipper can't open stuff that have rolling codes (at least not without capturing them before, away from the receiver), it can do a DoS attack.
I believe that if the Flipper becomes more common, car companies will start using receivers that don't blacklist IDs when they sense a reply-attack. That's just useless AFAIK, if the block cipher in use is secure, and dangerous (DoS attack).
Jamming: a lot of people will write that the Flipper can't be used for jamming. I've bad news. I will not explain what I did, but I tried to implement an attack to prevent my key from opening my car and I successfully had this jammer working at quite a distance (10 meters).
That's not good, and script kiddies should be away from this techniques. Fortunately so far who understands how to do such things stay avoid sharing them with random people. Just don't trust who tells you that Flipper TX power is too low. If you know the protocol, you can do it.
Programming the Flipper: it is SO MUCH better than the Arduino / RaspberryPI experience if you just want to hack on something. The device build quality is awesome and you have screen and keys to listen to. You can write real applications for a specific device people use and own.
Also the Flipper ARM processor is quite fast, and you can write real C programs with it, no special constraints or limits. You have malloc and free, you have a CPU that can do real time processing, floats, a good standard library, mutexes, threads, all the cool stuff.
TLDR: the Flipper is an awesome device. I'm kinda sad to understand that its successor is Linux based. This stuff was the perfect spot between semplicity, battery usage, computational power. I wanted it to evolve more towards having a real SDR radio inside.
However for newcomers even the fact it uses the CC1101 instead of an actual SDR radio could be seen as an advantage. The chip talks to you in terms of low and high pulses for a given amount of time. It demodulates OOK / 2FSK for you and that's great to go higher level.
So well, a great accomplishment from the team that built it. Hardware companies, learn from them. It is possible to do things that don't suck with a small team and few resources. Most of you do things that suck with 1000x the resources. "Viva il Flipper".
P.S. this is the app I developd: github.com/antirez/protov…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
