Flipper Zero

Last updated
Flipper Zero
Flipper Zero.jpg
Flipper Zero running Sub-GHz radio scanning mode
Release dateAugust 2020
Operating system FreeRTOS
CPU STMicroelectronics STM32WB55
Memory
  • 256 KB RAM
  • 1024 KB Flash
Removable storage Micro SD (up to 256 GB)
Display
  • Monochrome LCD
  • 1.4-inch, 128 × 64 pixels
Connectivity
Dimensions100 x 40 x 25 mm
Mass104 grams

The Flipper Zero is a portable multi-functional device developed for interaction with access control systems. [1] The device is able to read, copy, and emulate RFID and NFC tags, radio remotes, iButton, and digital access keys, along with a GPIO interface. [2] It was first announced in August 2020 through the Kickstarter crowdfunding campaign, which raised $4.8 million. [3] The first devices were delivered to backers 18 months after completion of the crowdfunding campaign. The device's user interface embodies a pixel-art dolphin virtual pet. The interaction with the virtual pet is the device's core game mechanic. The usage of the device's functions defines the appearance and emotions of the pet. [4]

Contents

In the built-in game, the main mechanism to "upgrade" the dolphin is to use the various hacking tools. While harmless uses (like as a remote control for a television, or carbon dioxide sensor) exist, some of the built-in tools have potential criminal uses, including RFID skimming, bluetooth spamming (spamming a bluetooth connection, crashing a person's phone), and emulation of RFID chips such as those found in identification badges, using the built-in radio cloner to open garage doors, unlocking cars, and functioning as a wireless BadUSB. The device has been removed for sale from Amazon.com. [5]

Origin

The device was developed by Alex Kulagin and Pavel Zhovner in 2019. [6] They started raising funds on Kickstarter. [6]

Overview

Flipper Zero is designed for interaction with various types of access control systems, radio protocols, RFID, near-field communication (NFC), and infrared signals. [7] [8] To operate the device, a computer or a smartphone is not required; it can be controlled via a 5-position D-pad and a separate back button. Flipper Zero has a monochrome orange backlight LCD screen with a resolution of 128x64 pixels. For connection with external modules, the device has general-purpose input/output (GPIO) pinholes on the top side. User data and firmware updates are stored on a Micro SD [ broken anchor ] card. Some actions, such as firmware or user data update, require a connection to a computer or a smartphone with the developer's software installed.

In July 2023, an app store was opened for the device. [9]

Technical specification

The electronic schematics [10] and firmware [11] of the Flipper Zero project are open sourced under the GNU General Public License. At the same time, the device does not fit into the open-source hardware category because the printed circuit boards are not open-sourced, which does not allow enthusiasts to make their own copies of the device without knowledge of electrical engineering.

Hardware

Flipper Zero main board Flipper Zero main board 2 side.png
Flipper Zero main board

Flipper Zero is based on a dual-core ARM architecture STM32WB55 microcontroller, which has 256 KB of RAM and 1 MB of Flash storage. The first core is a 64 MHz Cortex-M4 which runs the main firmware. The second core is a 32 MHz Cortex-M0 which runs STMicroelectronics proprietary firmware that implements the Bluetooth Low Energy protocol. For radio transmitting and receiving in the 300–900 MHz radio frequency range, a Texas Instruments CC1101 [12] chip is used, which supports amplitude-shift keying (ASK) and frequency-shift keying (FSK) modulations. Unlike software-defined radio, the CC1101 chip cannot capture raw radio signals. This limitation requires the user to pre-configure the modulation parameters before receiving a radio signal, otherwise the signal will be received incorrectly.

Hardware expansion

In February 2024 a video game module was released for the Flipper Zero by its makers. [13] The device allows the Flipper to be used as a game controller or connected to a TV and is based around the Raspberry Pi Pico. [13]

Firmware

Flipper Zero Firmware Architecture Flipper Zero Firmware Architecture.png
Flipper Zero Firmware Architecture

The Flipper Zero firmware is based on the FreeRTOS operating system, with its own software abstraction over the hardware layer. The firmware is mostly written in the C programming language, with occasional use of C++ in third-party modules. The system uses multitasking in combination with an event-driven architecture to organize the interaction of applications and services executed in a single address space and communicating through a system of queues and events. The system can be executed from both random-access memory (RAM) and read-only memory (ROM). Execution from RAM is used to deliver over-the-air (OTA) firmware updates.

The firmware consists of the following components:

User and system data is stored in built-in flash memory, which is based on the LittleFS library. Interaction with the file system on the SD card is implemented using the FatFs library.

The build system is based on the SCons tool with additional tooling written in Python. For compilation, the system uses its own open toolchain based on GNU Compiler Collection.

Applications

Sub-GHz

Flipper Zero has a built-in module that can read, store, and emulate remote controls, allowing it to receive and send radio frequencies between 300 and 928 MHz. These switches, radio locks, wireless doorbells, remote controls, barriers, gates, smart lighting, and other devices can all be operated with these controls. Using Sub-GHz Flipper Zero can also receive and decode the data from many weather stations. [14]

125 kHz RFID

Flipper Zero is compatible with low-frequency (LF) radio frequency identification (RFID), which is used in supply chain tracking systems, animal chips, and access control systems. LF RFID cards typically don't offer high levels of security, in contrast to NFC cards. Numerous form factors of this technology are available, including plastic cards, key fobs, tags, wristbands, and animal microchips. A low-frequency RFID module in the Flipper Zero can read, save, simulate, and write LF RFID cards. [15]

NFC

NFC technology, which is used in smart cards for access control and cards, and digital business cards, is compatible with Flipper Zero. The 13.56 MHz NFC module has the ability to imitate, read, and store these cards. An NFC card is a transponder with a unique identification (UID), and rewritable memory for data storage. When placed close to a reader, NFC cards transmit the needed data. [16]

Infrared

Flipper Zero can read and transmit signals that use infrared light (IR) such as TVs, air conditioners, or audio devices. It can learn and save infrared remote controls or use its own Universal remotes. [17]

GPIO and Modules

Flipper Zero explores hardware, flash firmware, debugging, and fuzz. It is able to function as a USB converter for UART, SPI, or I2C. The built-in GPIO pins connect to hardware, operate by buttons, send out code, and display messages on the LCD screen. [18]

iButton

The Flipper Zero has an iButton connector to allow it to read and emulate iButton contact keys. [19]

BadUSB

BadUSB devices have the ability to alter system settings, unlock backdoors, recover data, launch reverse shells, and do any other physical access-based actions. Flipper Zero can function as a BadUSB and, when connected to an insecure computing device, acts as a keyboard-like Human interface device (HID). Commands (the payload) are injected and executed using DuckyScript (the macro scripting language developed as part of the 'USB Rubber Ducky' BadUSB project). [20] [21]

U2F (Universal 2nd Factor)

Authenticator

HID controllers

Flipper Zero can replace certain HID (human interface device) controllers. This allows it to interact with your phone or computer. It can remotely control media players, computer keyboards or mouse, presentations, and more. [22]

Bans, seizure and police bulletin

U.S. Customs seizure and release

In late 2022, U.S. Customs and Border Protection seized a shipment of 15,000 devices, but they were eventually released. [23]

Amazon ban

On 7 April 2023, Amazon banned sales of the Flipper Zero via their site for being a "card skimming device". [5] Only WiFi development boards, screen protectors and cases are still available from the site after the ban. [5]

Brazil seizures

In 2023 people in Brazil who ordered Flipper Zeros reported that their orders had been seized by Anatel. [24] According to the Electronic Frontier Foundation, Anatel has flagged the devices as being a tool for criminal purposes, making the certification process complicated. [24] Users have tried getting their devices certified, but to no avail. [24] The EFF has said that the seizures would limit the ability of Brazilian cybersecurity researchers to conduct research, as they have legitimate uses for the device. [24]

Police bulletin on Flipper Zero

In August 2023, The Daily Dot published an article on a bulletin for police officers published by the South Dakota Fusion Centre. [23] The document suggested that extremists might use the device to bypass access control systems controls, particularly on power stations. [23] The bulletin admitted there was no concrete evidence of plans by said extremists to use the device, though interest had been expressed on online forums. [23]

Flipper CEO Pavel Zhovner was shown a copy of the bulletin and said that the Flipper Zero had been deliberately designed to not affect modern access control systems. [23] He also pointed out that the bulletin itself said that gates at power stations were not inherently vulnerable to the device but that older gates might be. [23]

Gatwick seizure

On 27 September 2023 a security staff member at Gatwick Airport confiscated a Flipper Zero from Vitor Domingos due to security concerns. [25] The device was then handed over to Sussex Police. [25]

Potential Canadian Ban

In February 2024, Innovation, Science, and Economic Development Canada announced that they had the intention of banning the Flipper Zero and other devices that could be used to clone wireless signals for remote entry in response to a significant increase in auto thefts. [26]

On 20 March 2024, ISED announced that it would ban the use of the Flipper for illegal acts, but not ban it outright. [27]

See also

Related Research Articles

<span class="mw-page-title-main">Firmware</span> Low-level computer software

In computing, firmware is software that provides low-level control of computing device hardware. For a relatively simple device, firmware may perform all control, monitoring and data manipulation functionality. For a more complex device, firmware may provide relatively low-level control as well as hardware abstraction services to higher-level software such as an operating system.

<span class="mw-page-title-main">Single-board computer</span> Computer whose components are on a single printed circuit board

A single-board computer (SBC) is a complete computer built on a single circuit board, with microprocessor(s), memory, input/output (I/O) and other features required of a functional computer. Single-board computers are commonly made as demonstration or development systems, for educational systems, or for use as embedded computer controllers. Many types of home computers or portable computers integrate all their functions onto a single printed circuit board.

<span class="mw-page-title-main">USB flash drive</span> Data storage device

A flash drive is a data storage device that includes flash memory with an integrated USB interface. A typical USB drive is removable, rewritable, and smaller than an optical disc, and usually weighs less than 30 g (1 oz). Since first offered for sale in late 2000, the storage capacities of USB drives range from 8 megabytes to 256 gigabytes (GB), 512 GB and 1 terabyte (TB). As of 2023, 2 TB flash drives were the largest currently in production. Some allow up to 100,000 write/erase cycles, depending on the exact type of memory chip used, and are thought to physically last between 10 and 100 years under normal circumstances.

<span class="mw-page-title-main">MIFARE</span> Brand of smart and proximity cards

MIFARE is a series of integrated circuit (IC) chips used in contactless smart cards and proximity cards.

<span class="mw-page-title-main">Security token</span> Device used to access electronically restricted resource

A security token is a peripheral device used to gain access to an electronically restricted resource. The token is used in addition to, or in place of, a password. Examples of security tokens include wireless key cards used to open locked doors, a banking token used as a digital authenticator for signing in to online banking, or signing transactions such as wire transfers.

<span class="mw-page-title-main">QEMU</span> Free virtualization and emulation software

QEMU is a free and open-source emulator. It emulates a computer's processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest operating systems. It can interoperate with Kernel-based Virtual Machine (KVM) to run virtual machines at near-native speed. QEMU can also do emulation for user-level processes, allowing applications compiled for one processor architecture to run on another.

<span class="mw-page-title-main">Apple–Intel architecture</span> Unofficial name used for Macintosh models that use Intel x86 processors

The Apple–Intel architecture, or Mactel, is an unofficial name used for Macintosh personal computers developed and manufactured by Apple Inc. that use Intel x86 processors, rather than the PowerPC and Motorola 68000 ("68k") series processors used in their predecessors or the ARM-based Apple silicon SoCs used in their successors. As Apple changed the architecture of its products, they changed the firmware from the Open Firmware used on PowerPC-based Macs to the Intel-designed Extensible Firmware Interface (EFI). With the change in processor architecture to x86, Macs gained the ability to boot into x86-native operating systems, while Intel VT-x brought near-native virtualization with macOS as the host OS.

In the context of free and open-source software, proprietary software only available as a binary executable is referred to as a blob or binary blob. The term usually refers to a device driver module loaded into the kernel of an open-source operating system, and is sometimes also applied to code running outside the kernel, such as system firmware images, microcode updates, or userland programs. The term blob was first used in database management systems to describe a collection of binary data stored as a single entity.

<span class="mw-page-title-main">Samy Kamkar</span> American privacy and security researcher, computer hacker, whistleblower and entrepreneur

Samy Kamkar is an American privacy and security researcher, computer hacker and entrepreneur. At the age of 16, he dropped out of high school. One year later, he co-founded Fonality, a unified communications company based on open-source software, which raised over $46 million in private funding. In 2005, he created and released the fastest spreading virus of all time, the MySpace worm Samy, and was subsequently raided by the United States Secret Service under the Patriot Act. He also created SkyJack, a custom drone which hacks into any nearby Parrot drones allowing them to be controlled by its operator and created the Evercookie, which appeared in a top-secret NSA document revealed by Edward Snowden and on the front page of The New York Times. He has also worked with The Wall Street Journal, and discovered the illicit mobile phone tracking where the Apple iPhone, Google Android and Microsoft Windows Phone mobile devices transmit GPS and Wi-Fi information to their parent companies. His mobile research led to a series of class-action lawsuits against the companies and a privacy hearing on Capitol Hill. Kamkar has a chapter giving advice in Tim Ferriss' book Tools of Titans.

A human microchip implant is any electronic device implanted subcutaneously (subdermally) usually via an injection. Examples include an identifying integrated circuit RFID device encased in silicate glass which is implanted in the body of a human being. This type of subdermal implant usually contains a unique ID number that can be linked to information contained in an external database, such as identity document, criminal record, medical history, medications, address book, and other potential uses.

<span class="mw-page-title-main">Fastboot</span> Recovery mode included in Android mobile operating system

Fastboot is a communication protocol used primarily with Android devices. It is implemented in a command-line interface tool of the same name and as a mode of the bootloader of Android devices. The tool is included with the Android SDK package and used primarily to modify the flash filesystem via a USB connection from a host computer. It requires that the device be started in Fastboot mode. If the mode is enabled, it will accept a specific set of commands, sent through USB bulk transfers. Fastboot on some devices allows unlocking the bootloader, and subsequently, enables installing custom recovery image and custom ROM on the device. Fastboot does not require USB debugging to be enabled on the device. To use fastboot, a specific combination of keys must be held during boot.

<span class="mw-page-title-main">Raspberry Pi</span> Series of low-cost single-board computers

Raspberry Pi is a series of small single-board computers (SBCs) developed in the United Kingdom by the Raspberry Pi Foundation in association with Broadcom. The Raspberry Pi project originally leaned toward the promotion of teaching basic computer science in schools. The original model became more popular than anticipated, selling outside its target market for diverse uses such as robotics, home automation, industrial automation, and by computer and electronic hobbyists, because of its low cost, modularity, open design, and its adoption of the HDMI and USB standards.

<span class="mw-page-title-main">Intel Management Engine</span> Autonomous computer subsystem

The Intel Management Engine (ME), also known as the Intel Manageability Engine, is an autonomous subsystem that has been incorporated in virtually all of Intel's processor chipsets since 2008. It is located in the Platform Controller Hub of modern Intel motherboards.

<span class="mw-page-title-main">ESP8266</span> System-on-a-chip microcontroller model with Wi-Fi

The ESP8266 is a low-cost Wi-Fi microcontroller, with built-in TCP/IP networking software, and microcontroller capability, produced by Espressif Systems in Shanghai, China.

<span class="mw-page-title-main">ESP32</span> Low-cost, low-power SoC microcontrollers with Bluetooth and Wi-Fi

ESP32 is a series of low-cost, low-power system on a chip microcontrollers with integrated Wi-Fi and dual-mode Bluetooth. The ESP32 series employs either a Tensilica Xtensa LX6 microprocessor in both dual-core and single-core variations, an Xtensa LX7 dual-core microprocessor, or a single-core RISC-V microprocessor and includes built-in antenna switches, RF balun, power amplifier, low-noise receive amplifier, filters, and power-management modules. ESP32 is created and developed by Espressif Systems, a Chinese company based in Shanghai, and is manufactured by TSMC using their 40 nm process. It is a successor to the ESP8266 microcontroller.

<span class="mw-page-title-main">Vault 7</span> CIA files on cyber war and surveillance

Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux. A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release. The tools were developed by the Operations Support Branch of the CIA.

<span class="mw-page-title-main">Karsten Nohl</span> German cryptography expert and hacker (born 1981)

Karsten Nohl is a German cryptography expert and hacker. His areas of research include Global System for Mobile Communications (GSM) security, radio-frequency identification (RFID) security, and privacy protection.

<span class="mw-page-title-main">RP2040</span> ARM-architecture microcontroller by the Raspberry Pi Foundation

RP2040 is a 32-bit dual ARM Cortex-M0+ microcontroller integrated circuit by Raspberry Pi Ltd. In January 2021, it was released as part of the Raspberry Pi Pico board. Its successor is the RP2350 series.

<span class="mw-page-title-main">Proxmark3</span>

Proxmark3 is a multi-purpose hardware tool for radio-frequency identification (RFID) security analysis, research and development. It supports both high frequency and low frequency proximity cards and allows users to read, emulate, fuzz, and brute force the majority of RFID protocols.

<span class="mw-page-title-main">FatFs</span> Software library for microcontrollers

FatFs is a lightweight software library for microcontrollers and embedded systems that implements FAT/exFAT file system support. Written on pure ANSI C, FatFs is platform-independent and easy to port on many hardware platforms such as 8051, PIC, AVR, ARM, Z80. FatFs is designed as thread-safe and is built into ChibiOS, RT-Thread, ErlendOS, and Zephyr real-time operating systems.

References

  1. "Flipper Zero turns hacking into a Tamagotchi-style game". Engadget. Archived from the original on 16 April 2023. Retrieved 15 Mar 2022.
  2. "Meet Flipper, the Tamagotchi You Feed by Hacking Stuff". Vice. 5 January 2021. Archived from the original on 15 May 2023. Retrieved 15 Mar 2022.
  3. "Flipper Zero raising a staggering $4.88 million on a Kickstarter". Hackaday. 2 September 2020. Archived from the original on 5 June 2023. Retrieved 30 June 2022.
  4. Janssen, Gerard (2022). Hackers: over de vrijheidsstrijders van het internet. Amsterdam: Thomas Rap. p. 145. ISBN   9789400408371. OCLC   1259050992. Archived from the original on 2024-02-03. Retrieved 2022-06-30.
  5. 1 2 3 Gatlan, Sergiu (2023-04-07). "Flipper Zero banned by Amazon for being a 'card skimming device'". Bleeping Computer . Archived from the original on 2023-05-17. Retrieved 2023-05-17.
  6. 1 2 Rubio, Isabel (2023-04-11). "Flipper Zero: The 'tamagotchi for hackers' goes viral on TikTok". El País . Archived from the original on 2023-08-21. Retrieved 2023-08-21.
  7. "This Unassuming Little Device Can Hack Your Smart Home". Gizmodo. 10 March 2021. Archived from the original on 1 June 2023. Retrieved 28 May 2022.
  8. "How The Flipper Zero Hacker Multitool Gets Made And Tested". Hackaday. 24 July 2021. Archived from the original on 1 June 2023. Retrieved 30 June 2022.
  9. Edwards, Nathan (2023-07-24). "The Flipper Zero has an app store now". The Verge . Archived from the original on 2023-08-03. Retrieved 2023-08-03.
  10. "Flipper Zero Electronic Schematics". docs.flipperzero.one. Archived from the original on 19 July 2022. Retrieved 30 June 2022.
  11. "Flipper Zero Firmware Source Code". GitHub. Archived from the original on 30 June 2022. Retrieved 30 June 2022.
  12. "CC1101 — Low-power Sub-1 GHz wireless transceiver". ti.com. Archived from the original on 1 July 2022. Retrieved 30 June 2022.
  13. 1 2 Ropek, Lucas (2024-02-13). "Turn Your Flipper Zero Into a Controller With the New Video Game Module". Gizmodo . Retrieved 2024-03-05.
  14. "Sub-GHz – Flipper Zero — Documentation". docs.flipperzero.one. Archived from the original on 2023-04-17. Retrieved 2023-04-17.
  15. "125 kHz RFID – Flipper Zero — Documentation". docs.flipperzero.one. Archived from the original on 2023-04-17. Retrieved 2023-04-17.
  16. "NFC – Flipper Zero — Documentation". docs.flipperzero.one. Archived from the original on 2023-04-17. Retrieved 2023-04-17.
  17. "Infrared – Flipper Zero — Documentation". docs.flipperzero.one. Archived from the original on 2023-04-17. Retrieved 2023-04-17.
  18. "GPIO & Modules – Flipper Zero — Documentation". docs.flipperzero.one. Archived from the original on 2023-04-17. Retrieved 2023-04-17.
  19. Kingsley-Hughes, Adrian (2023-01-03). "Flipper Zero: Geeky toy or serious security tool?". ZDNET . Archived from the original on 2023-11-21. Retrieved 2023-11-21.
  20. "Bad USB – Flipper Zero — Documentation". docs.flipperzero.one. Archived from the original on 2023-04-17. Retrieved 2023-04-17.
  21. Faife, Corin (16 August 2022). "The new USB Rubber Ducky is more dangerous than ever". The Verge. Vox Media. Retrieved 1 April 2024. The beloved hacker tool can now pwn you with its own programming language... It ships with a major upgrade to the DuckyScript programming language, which is used to create the commands that the Rubber Ducky will enter into a target machine.
  22. "HID controllers – Flipper Zero — Documentation". docs.flipperzero.one. Archived from the original on 2023-05-01. Retrieved 2023-05-01.
  23. 1 2 3 4 5 6 Thalen, Mikael (2023-08-02). "EXCLUSIVE: Hacking tool Flipper Zero tracked by intelligence agencies, which fear white nationalists may deploy it against power grid". The Daily Dot. Archived from the original on 2023-08-03. Retrieved 2023-08-03.
  24. 1 2 3 4 Toulas, Bill (2023-03-11). "Brazil seizing Flipper Zero shipments to prevent use in crime". Bleeping Computer . Archived from the original on 2023-05-17. Retrieved 2023-05-17.
  25. 1 2 Thalen, Mikael (2023-09-29). "Airport seizes of Flipper Zero from passenger's luggage over security concerns". The Daily Dot. Archived from the original on 2023-09-30. Retrieved 2023-09-30.
  26. Canada, Public Safety (8 February 2024). "Federal action on combatting auto theft". www.canada.ca.
  27. Kan, Michael (2024-03-20). "Canada Walks Back Ban of Flipper Zero, Targets 'Illegitimate' Use Cases". PCMag . Retrieved 2024-03-24.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.