After being curious about the Flipper Zero for a while I finally decided to order one to play around with. The internet has a lot of information about the Flipper Zero and unfortunately a lot of it is wrong and deceitful. Most of the videos on YouTube and Tik Tok show people doing things the Flipper Zero isn’t capable of or misrepresenting things it can do. Even with all the people posting nonsense for internet points the Flipper Zero is still a fun little device that is capable of many cool things.
The Flipper Zero is a small device that can read, store, and replay different radio frequencies. It will interact with sub-GHz, RFID, NFC, infrared, and iButton. It also can act as a BadUSB device and a U2F token. That’s a lot of toys in a single, portable device. So here is everything I’ve done with it sofar.
Sub-GHz
I don’t really understand what to do with this and need to do some more research. I tried to scan the door unlock button on my cars remote but I couldn’t get it to work.
RFID
To the best of my knowledge I don’t have anything with RFID in my home and not sure where to go to scan things without getting into too much trouble. I ordered a RFID kit for my Arduino and it should be arriving soon. I look foreword to playing with it soon.
NFC
I got a few things to work with NFC. I scanned everything in my wallet and got a lot of hits. All my tap to pay cards were readable. I scanned the NFC from my phone. My work ID was readable as well. I stored all those cards and tried to emulate some of them.
I tried to buy something from the vending machine at work with my debit card and phone being emulated from the Flipper Zero. Neither worked. There’s some security magic happening and that makes me happy to know that it isn’t that easy to clone a payment method. After my vending machine fails I was to afraid to test my work ID. I assumed there was some security built in that would call B.S. and alert someone that I was trying to get in with a bogus ID and I didn’t feel like losing my job. As popular as this blog is, I can not support my family with it. I did scan a NFC tag that opens a bathroom door and that worked. I finally got a win.
Infrared
It has universal remote feature that will just throw codes at a device until something works. I was able to turn of the TV in my bedroom. This is what people use to turn off screens while out in public. It’s just a universal remote brute forcing the power button. I also scanned a button from the remote and replayed it. Win.
GPIO
GPIO is general purpose input/output (I googled it so you don’t have to). It’s a series of pins you can use to connect external hardware. I haven’t used this at all. Flipper Zero sells a board that you can attach to give the device Wi-Fi. I regret not getting one of these but it’s probably a good thing. One less thing to confuse me.
iButton
I’m not sure how this technology works but I see these buttons all over the place at my job. I scanned one and it worked. Another win?
Bad USB
I probably played with this the most. Once you plug this into a computer it will run a script and do whatever you set it up to do. Most of the scripts you find online are for Windows and macOS. I use Linux so none of these worked for me. I had to create a few custom scripts to run on my computer. They are very simple but demonstrate what this can do. If you want to see the scripts I wrote they are on my very under used GitHub at https://github.com/heavymetalhero/flipperzero-stuff.
In the near future I might set up a virtual machine running Windows to explore some of the other scripts out there.
U2F
Think YubiKey. Its a token you can use for two factor authentication. I haven’t used this at all but it’s cool that it is included.
Conclusion
Over all I am happy with the device. It packs a lot in a small package. It does a lot of cool things and probably a lot more that I don’t even understand yet. In my next post I will talk about some other things I did with my Flipper Zero including m