Release date | August 2020 |
---|---|
Operating system | FreeRTOS |
CPU | STMicroelectronics STM32WB55 |
Memory |
|
Removable storage | Micro SD (up to 256 GB) |
Display |
|
Connectivity |
|
Dimensions | 100 x 40 x 25 mm |
Mass | 104 grams |
The Flipper Zero is a portable multi-functional device developed for interaction with access control systems. [1] The device is able to read, copy, and emulate RFID and NFC tags, radio remotes, iButton, and digital access keys, along with a GPIO interface. [2] It was first announced in August 2020 through the Kickstarter crowdfunding campaign, which raised $4.8 million. [3] The first devices were delivered to backers 18 months after completion of the crowdfunding campaign. The device's user interface embodies a pixel-art dolphin virtual pet. The interaction with the virtual pet is the device's core game mechanic. The usage of the device's functions defines the appearance and emotions of the pet. [4]
In the built-in game, the main mechanism to "upgrade" the dolphin is to use the various hacking tools. While harmless uses (like as a remote control for a television, or carbon dioxide sensor) exist, some of the built-in tools have potential criminal uses, including RFID skimming, Bluetooth spamming (spamming a Bluetooth connection, crashing a person's phone), and emulation of RFID chips such as those found in identification badges, using the built-in radio cloner to open garage doors, unlocking cars, and functioning as a wireless BadUSB.
The device was developed by Alex Kulagin and Pavel Zhovner in 2019. [5] They started raising funds on Kickstarter. [5]
Flipper Zero is designed for interaction with various types of access control systems, radio protocols, RFID, near-field communication (NFC), and infrared signals. [6] [7] To operate the device, a computer or a smartphone is not required; it can be controlled via a 5-position D-pad and a separate back button. Flipper Zero has a monochrome orange backlight LCD screen with a resolution of 128x64 pixels. For connection with external modules, the device has general-purpose input/output (GPIO) pinholes on the top side. User data and firmware updates are stored on a Micro SD card. Some actions, such as firmware or user data update, require a connection to a computer or a smartphone with the developer's software installed.
The electronic schematics [9] and firmware [10] of the Flipper Zero project are open sourced under the GNU General Public License. At the same time, the device does not fit into the open-source hardware category because the printed circuit boards are not open-sourced, which does not allow enthusiasts to make their own copies of the device without knowledge of electrical engineering.
Flipper Zero is based on a dual-core ARM architecture STM32WB55 microcontroller, which has 256 KB of RAM and 1 MB of Flash storage. The first core is a 64 MHz Cortex-M4 which runs the main firmware. The second core is a 32 MHz Cortex-M0 which runs STMicroelectronics proprietary firmware that implements the Bluetooth Low Energy protocol. For radio transmitting and receiving in the 300–900 MHz radio frequency range, a Texas Instruments CC1101 [11] chip is used, which supports amplitude-shift keying (ASK) and frequency-shift keying (FSK) modulations. Unlike software-defined radio, the CC1101 chip cannot capture raw radio signals. This limitation requires the user to pre-configure the modulation parameters before receiving a radio signal, otherwise the signal will be received incorrectly.
In February 2024 a video game module was released for the Flipper Zero by its makers. [12] The device allows the Flipper to be used as a game controller or connected to a TV and is based around the Raspberry Pi Pico. [12]
The Flipper Zero firmware is based on the FreeRTOS operating system, with its own software abstraction over the hardware layer. The firmware is mostly written in the C programming language, with occasional use of C++ in third-party modules. The system uses multitasking in combination with an event-driven architecture to organize the interaction of applications and services executed in a single address space and communicating through a system of queues and events. The system can be executed from both random-access memory (RAM) and read-only memory (ROM). Execution from RAM is used to deliver over-the-air (OTA) firmware updates.
The firmware consists of the following components:
User and system data is stored in built-in flash memory, which is based on the LittleFS library. Interaction with the file system on the SD card is implemented using the FatFs library.
The build system is based on the SCons tool with additional tooling written in Python. For compilation, the system uses its own open toolchain based on GNU Compiler Collection.
Flipper Zero has a built-in module that can read, store, and emulate remote controls, allowing it to receive and send radio frequencies between 300 and 928 MHz. These switches, radio locks, wireless doorbells, remote controls, barriers, gates, smart lighting, and other devices can all be operated with these controls. Using Sub-GHz Flipper Zero can also receive and decode the data from many weather stations. [13]
Flipper Zero is compatible with low-frequency (LF) radio frequency identification (RFID), which is used in supply chain tracking systems, animal chips, and access control systems. LF RFID cards typically don't offer high levels of security, in contrast to NFC cards. Numerous form factors of this technology are available, including plastic cards, key fobs, tags, wristbands, and animal microchips. A low-frequency RFID module in the Flipper Zero can read, save, simulate, and write LF RFID cards. [14]
NFC technology, which is used in smart cards for access control and cards, and digital business cards, is compatible with Flipper Zero. The 13.56 MHz NFC module has the ability to imitate, read, and store these cards. An NFC card is a transponder with a unique identification (UID), and rewritable memory for data storage. When placed close to a reader, NFC cards transmit the needed data. [15]
Flipper Zero can read and transmit signals that use infrared light (IR) such as TVs, air conditioners, or audio devices. It can learn and save infrared remote controls or use its own Universal remotes. [16]
Flipper Zero explores hardware, flash firmware, debugging, and fuzz. It is able to function as a USB converter for UART, SPI, or I2C. The built-in GPIO pins connect to hardware, operate by buttons, send out code, and display messages on the LCD screen. [17]
The Flipper Zero has an iButton connector to allow it to read and emulate iButton contact keys. [18]
BadUSB devices have the ability to alter system settings, unlock backdoors, recover data, launch reverse shells, and do any other physical access-based actions. Flipper Zero can function as a BadUSB and, when connected to an insecure computing device, acts as a keyboard-like Human interface device (HID). Commands (the payload) are injected and executed using DuckyScript (the macro scripting language developed as part of the 'USB Rubber Ducky' BadUSB project). [19] [20]
Flipper Zero can replace certain HID (human interface device) controllers. This allows it to interact with your phone or computer. It can remotely control media players, computer keyboards or mouse, presentations, and more. [22]
In late 2022, U.S. Customs and Border Protection seized a shipment of 15,000 devices, but they were eventually released. [23]
On 7 April 2023, Amazon banned sales of the Flipper Zero via their site for being a "card skimming device". [24] Only WiFi development boards, screen protectors and cases are still available from the site after the ban. Since 20th of September 2022 the Flipper Zero is available again on amazon.com. [24]
In 2023 people in Brazil who ordered Flipper Zeros reported that their orders had been seized by Anatel. [25] According to the Electronic Frontier Foundation, Anatel has flagged the devices as being a tool for criminal purposes, making the certification process complicated. [25] Users have tried getting their devices certified, but to no avail. [25] The EFF has said that the seizures would limit the ability of Brazilian cybersecurity researchers to conduct research, as they have legitimate uses for the device. [25]
In August 2023, The Daily Dot published an article on a bulletin for police officers published by the South Dakota Fusion Centre. [23] The document suggested that extremists might use the device to bypass access control systems controls, particularly on power stations. [23] The bulletin admitted there was no concrete evidence of plans by said extremists to use the device, though interest had been expressed on online forums. [23]
Flipper CEO Pavel Zhovner was shown a copy of the bulletin and said that the Flipper Zero had been deliberately designed to not affect modern access control systems. [23] He also pointed out that the bulletin itself said that gates at power stations were not inherently vulnerable to the device but that older gates might be. [23]
On 27 September 2023 a security staff member at Gatwick Airport confiscated a Flipper Zero from Vitor Domingos due to security concerns. [26] The device was then handed over to Sussex Police. [26]
In September 2023 the ability to launch Bluetooth Low Energy spam attacks with a Flipper Zero was demonstrated by a security researcher known as 'Techryptic'. [27] A custom Flipper Zero firmware was developed shortly afterward that could launch spam attacks against Android devices and Microsoft Windows computers. [27] An Android app to launch BLE attacks was developed shortly afterwards. [27]
At the 2023 Midwest FurFest attendees reported severe disruption of Square payment readers and an insulin pump controller crashed due to the BLE spam. [27] A researcher known as Remy said to Bleeping Computer :"For BTLE enabled medical equipment, at minimum a disruption results in a degraded quality of life for those affected," adding "Some conditions may not be life threatening to have disruptions. Others may not be so lucky." [27]
As a result, a Python script was developed by the Wall of Flippers project for Linux and Windows to detect BLE spam attacks coming from Flipper and Android devices. [27] [28]
In February 2024, Innovation, Science, and Economic Development Canada announced that they had the intention of banning the Flipper Zero and other devices that could be used to clone wireless signals for remote entry in response to a significant increase in auto thefts. [29]
On 20 March 2024, ISED announced that it would ban the use of the Flipper for illegal acts, but not ban it outright. [30]
In the context of an operating system, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware being used.
A motherboard is the main printed circuit board (PCB) in general-purpose computers and other expandable systems. It holds and allows communication between many of the crucial electronic components of a system, such as the central processing unit (CPU) and memory, and provides connectors for other peripherals. Unlike a backplane, a motherboard usually contains significant sub-systems, such as the central processor, the chipset's input/output and memory controllers, interface connectors, and other components integrated for general use.
In computing, firmware is software that provides low-level control of computing device hardware. For a relatively simple device, firmware may perform all control, monitoring and data manipulation functionality. For a more complex device, firmware may provide relatively low-level control as well as hardware abstraction services to higher-level software such as an operating system.
A single-board computer (SBC) is a complete computer built on a single circuit board, with microprocessor(s), memory, input/output (I/O) and other features required of a functional computer. Single-board computers are commonly made as demonstration or development systems, for educational systems, or for use as embedded computer controllers. Many types of home computers or portable computers integrate all their functions onto a single printed circuit board.
A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked doors, a banking token used as a digital authenticator for signing in to online banking, or signing transactions such as wire transfers.
The Quick Emulator (QEMU) is a free and open-source emulator that uses dynamic binary translation to emulate a computer's processor; that is, it translates the emulated binary codes to an equivalent binary format which is executed by the machine. It provides a variety of hardware and device models for the virtual machine, enabling it to run different guest operating systems. QEMU can be used with a Kernel-based Virtual Machine (KVM) to emulate hardware at near-native speeds. Additionally, it supports user-level processes, allowing applications compiled for one processor architecture to run on another.
The Apple–Intel architecture, or Mactel, is an unofficial name used for Macintosh personal computers developed and manufactured by Apple Inc. that use Intel x86 processors, rather than the PowerPC and Motorola 68000 ("68k") series processors used in their predecessors or the ARM-based Apple silicon SoCs used in their successors. As Apple changed the architecture of its products, they changed the firmware from the Open Firmware used on PowerPC-based Macs to the Intel-designed Extensible Firmware Interface (EFI). With the change in processor architecture to x86, Macs gained the ability to boot into x86-native operating systems, while Intel VT-x brought near-native virtualization with macOS as the host OS.
Lego Mindstorms NXT is a programmable robotics kit released by Lego on August 2, 2006. It replaced the Robotics Invention System, the first-generation Lego Mindstorms kit. The base kit ships in two versions: the retail version and the education base set. It comes with the NXT-G programming software or the optional LabVIEW for Lego Mindstorms. A variety of unofficial languages exist, such as NXC, NBC, leJOS NXJ, and RobotC. A second-generation set, Lego Mindstorms NXT 2.0, was released on August 1, 2009, with a color sensor and other upgrades. The third-generation EV3 was released in September 2013.
Various accessories for the PlayStation 3 video game console have been produced by Sony and third-party companies. These include controllers, audio and video input devices like microphones, video cameras, and cables for better sound and picture quality.
A Bluetooth stack is software that is an implementation of the Bluetooth protocol stack.
A dongle is a small piece of computer hardware that connects to a port on another device to provide it with additional functionality, or enable a pass-through to such a device that adds functionality.
Raspberry Pi is a series of small single-board computers (SBCs) developed in the United Kingdom. The original Raspberry Pi computer was developed by the Raspberry Pi Foundation in association with Broadcom. Since 2012, all Raspberry Pi products have been developed by Raspberry Pi Ltd, which began as a wholly-owned subsidiary of the Foundation.
The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards.
An Embedded Controller (EC) is a microcontroller in computers that handles various system tasks. Now it is usually merged with Super I/O, especially on mobile platforms.
The ESP8266 is a low-cost Wi-Fi microcontroller, with built-in TCP/IP networking software, and microcontroller capability, produced by Espressif Systems in Shanghai, China.
ESP32 is a series of low-cost, low-power system-on-chip microcontrollers with integrated Wi-Fi and dual-mode Bluetooth. The ESP32 series employs either a Tensilica Xtensa LX6 microprocessor in both dual-core and single-core variations, an Xtensa LX7 dual-core microprocessor, or a single-core RISC-V microprocessor and includes built-in antenna switches, RF balun, power amplifier, low-noise receive amplifier, filters, and power-management modules. Commonly found either on device specific PCBs or on a range of development boards with GPIO pins and various connectors depending on the model and manufacturer of the board.
Home Assistant is free and open-source software used for home automation. It serves as an integration platform and smart home hub, allowing users to control smart home devices. The software emphasizes local control and privacy and is designed to be independent of any specific Internet of Things (IoT) ecosystem. Its interface can be accessed through a web-based user interface, by using companion apps for Android and iOS, or by voice commands via a supported virtual assistant, such as Google Assistant, Amazon Alexa, Apple Siri, and Home Assistant's own "Assist" using natural language.
RP2040 is a 32-bit dual ARM Cortex-M0+ microcontroller integrated circuit by Raspberry Pi Ltd. In January 2021, it was released as part of the Raspberry Pi Pico board. Its successor is the RP2350 series.
Proxmark3 is a multi-purpose hardware tool for radio-frequency identification (RFID) security analysis, research and development. It supports both high frequency and low frequency proximity cards and allows users to read, emulate, fuzz, and brute force the majority of RFID protocols.
The Bluetooth Low Energy denial of service attacks are a series of denial-of-service attacks against mobile phones and iPads via Bluetooth Low Energy that can make it difficult to use them.
The beloved hacker tool can now pwn you with its own programming language... It ships with a major upgrade to the DuckyScript programming language, which is used to create the commands that the Rubber Ducky will enter into a target machine.