Many people in the industry love tools. Who would say no to a new drone, a Starlink kit, or even an OMG cable. Sometimes gadgets appear on the market that cause a huge buzz and a strong need to own them. Is it always justified? Let's check it out.
The author of the entry is Michał Kucharski, known online as M. Kucharskov. Apart from fooling around on the Internet, one of his hobbies is exploring the secrets of electronics and automation. Since he works professionally in the purple team, he is in touch with different types of tools related to cybersecurity.
While looking for an idea for a super-geeky gift, I came across a device called the Flipper Zero, which was pitched as a “multi-tool device for geeks.” This seems like something that fits my idea of what I would like to find under the Christmas tree. But this time, Christmas came early and I got a Flipper Zero to play with, allowing me to write this article.
What is Flipper Zero?
Flipper Zero is a small portable device that supports several wireless protocols: frequencies 315, 433, 868, 915 MHz, NFC reader, RFID 125 kHz, Bluetooth 5.4 and infrared. The Flipper is managed by an STM microcontroller, which also has several GPIO outputs to which you can try to connect additional accessories.
The device is powered by a 2100 mAh LiPo battery, which, depending on the specifications, allows it to work for 21 days without charging. The 1.4-inch monochrome screen displays the status, interspersed with a charming animation with a dolphin imitating a game like Tamagotchi – the more functions we use, the higher the animal's level.
In theory, it's a device that allows you to easily carry the “Swiss Army Knife of wireless protocols” in your pocket under the guise of a game. But is this true?
Mad fin
By entering the phrase “Flipper Zero” into the search engines of popular social media sites, you can come across a lot of videos showing how, using a device smaller than a smartphone, you can Open doors with a digital lock Without using the card Unlock cars without a keyBreaking lock codes and performing many other activities specified in Art. 267 KK So I took my device, updated it, fully charged it and went out into the city to look for opportunities to play with my dolphin, whose name is Tulirba – the interesting fact is that in each device the pet is named differently!
Attempt No. 1 – A door in an office building
Armed to the teeth with a Flipper, and a hood over my head, I entered the reception desk of the office building. I stood up so I could see the door that opened with the card. I pulled out the device to take a look at the available arsenal – there were two options to use here: RFID or NFC. In the first case, the only reasonable option is “read”, so I had to scan someone's card/keychain first.
Of course, I wasn't running around the office building, feeling the people I passed with the device. I had my card with me, hidden in my wallet and back pocket. I have activated reading mode and hold the device to scan the card. Unfortunately, despite my best efforts, the card did not scan, even though I specifically chose a slim wallet without any RFID protection. From that point on, I put all hacking scenarios out of my head. Moreover, after removing the card from the wallet, the device was also reluctant to read data from the card.
Fortunately, there was another door upstairs, this time secured with NFC cards. They are sometimes hung on people's belts or lapels, and also serve as identity badges. Without any fuss, I took out the appropriate card, put a flipper on it, and tried to read it. The words “Read card, do not move” appeared on the Flipper screen. The device was thinking, the LED was flashing, and the card was finally not read. Most likely, you had trouble reading the cards, likewise How many users.
I clicked through most of the options in Flipper and found the “Read Selected Card Type” option, where I can read the card as a specific selected template. After checking all the positions, I noted down the positions that allow the card to be read. I stood at the door and started simulating each saved copy one by one, only to end up knocking on the door without success.
Well… I had to prepare more for the next attempt.
Attempt No. 2 – Payment cards
Quietly, at home, I took out all the payment cards I had from my wallet – from the bank card I use every day, to my “savings” card, to Revolut. The pool includes Visa and MasterCard cards. Having learned from previous issues with reading cards, I scanned them several times using the “Read” and “Read selected card type” options. Equipped, I went to a nearby store to fight the self-service checkout.
The flipper flashed at the terminal, the only thing that caught the attention of the security guard who was closely monitoring whether the transaction had been completed correctly. Unfortunately, I had to complete the payment over the phone. This happens because when processing payments, the chip in the payment card creates a token that Flipper cannot generate.
Moreover, there is often information on the Internet that “Flipper Zero will read (only) the card number and sometimes the expiration date depending on the type of card.” In my case, after reading, I only learned the UID, without any information. Most likely an update removed this functionality from the device or the cards tested did not provide this option.
Attempt #3 – Contactless cards
After my next failure, I sat at home again, undeterred, and began scanning all my cards to find any that might work. One of them turns out to be the ŚKUP City Card (now replaced by the Transport GZM system), which allows you to validate public transport tickets on ZTM buses in the Upper Silesian-Zaglebie city area.
It was the one card that read quickly, every time and in almost every situation. I made a copy using the 'Read' function and some manual copying, selected the matching models, and then headed to the bus station.
I got on the bus and as soon as the reader became available, I took action. Despite the strange looks from my fellow passengers, I selected the subsequent saved cards, which unfortunately did not affect the reader in any way.
Good thing I have a verified paper ticket just in case.
Attempt #4 – TVs in the gallery
When I got off the bus, I found myself near a shopping mall. I decided to check out how Flipper handles real wildlife – after all, there are many different types of radio signals on display. While walking into a department store, I noticed a wall full of televisions. I glanced at the dolphin – in the menu under “Infrared” there was an option for “Universal Remotes” and then the first option at the top, “TVs”. I saw a small remote that allowed me to turn off the TV, change the channel and volume, and mute the TV.
I chose the latter option, considering it “the least intrusive.” I aimed at the televisions, and after a while the crossed out speaker symbol appeared on most of the screens. success! I left the building with a smile on my face, leaving the devastation and silence behind me.
Trial 5 – BadUSB
The next feature that caught my attention is BadUSB. As the name suggests, it allows you to connect Flipper via USB cable and execute some “evil” scripts. By default, installed scripts open Windows Notepad to click on beautiful logos with stamps. You should write more texts yourself or search for them on the Internet.
Many scripts found on the Internet are also art machines in ASCII format. Others that allow basic automated reconnaissance or browser cookie extraction require an external file server or Discord to upload the data there — though an SD card is inserted, which cannot serve as a storage medium. This usage is not universal and is not scalable. Nothing works in plug and play mode.
One of the most interesting and important BadUSB scripts is “top65_4digit_pin_bf”, which lists the most frequently set PIN codes on phones and allows you to test them automatically. So I set what I thought was a simple PIN — four zeros — and even Samsung warned me that the code was trivial. Then I connected Flipper to my phone and ran the script. 5 attempts, 30 seconds to lock Android, another 5, another 30 seconds, a third set of 5 attempts and…? The text predicts another 30-second interval, and the phone blocks the ability to enter a PIN for a minute. When the script ran longer, the shutdown was already 5 minutes. Although I saw a PIN with four zeros in the script, the phone would lock itself an hour faster than it could unlock using this method.
Also among the few reasonable devices is a script that opens a terminal window, issues some commands and clearly displays the Wi-Fi passwords saved in the system. Everything would be fine here if it weren't for the antivirus! It turns out that the Microsoft team flagged a certain set of commands as “malicious content.”
Other tests
Still undeterred, I looked into other possibilities for the device. The first place I went was the “Hub” in Flipper Zero's official Android app. There you'll find apps like a text editor, Morse code generator, tuning fork, and metronome – all hacker stuff. However, I also found an “RFID detector” there, which allowed me to check which frequencies a particular card reader was operating on.
While searching the internet, I found an application on GitHub called “Unitemp”. It took some effort to be able to run the app on the latest version of Flipper. After doing a PhD in technical documentation and spending some time on the command line, I got a working program that allowed, after connecting the appropriate sensor, to turn the device into… a thermometer. This is useful when standing in front of the reader in cold weather and scanning the following types of cards.
While searching various forums, I also found ready-made signals downloaded by other users that can be recorded on your device. One of these devices was a signal that opened the charging cover in Tesla cars. I downloaded and uploaded the signal, but unfortunately when I try to stream it, Delfinek scolds me with his finger (fin?), informing me that this particular frequency is, unfortunately, unavailable due to regional blocking.
summary
As you can see, the native software is not very rich in functions that work out of the box. True, I could not catch a neighbor opening the gate or the car – but here you have to be careful not to disconnect the transmitter with the receiver, emitting a previously intercepted signal.
At a price of 165 euros + tax (almost a thousand zlotys) we get – now I'm not afraid to write it – a game. True, full of technology, but a game. In addition, it requires a great deal of knowledge and programming skills to perform any activity. Unfortunately, the main “external” function of this device boils down to the universal TV remote control. For a thousand zlotys? I don't think it's worth it, even though the craziness is still there. While searching for an available device, I received this answer from a distributor:
“Almost everyone is sold out. I don't even have an option to buy a cheaper used one, unfortunately. People buy it for a lot of money because they're tempted by the huge one-click hack options, they get a package, they hit a wall and they sell it a week later.
However, this is not my final word, as there are unofficial systems that can be uploaded to Flipper. They contain fewer locks and more built-in applications. Do you want another part? Do you have questions about odds? The comments section is for you!
“Prone to fits of apathy. Introvert. Award-winning internet evangelist. Extreme beer expert.”
