Engineering:Flipper Zero
 Flipper Zero running Sub-GHz radio scanning mode | |
| Release date | August 2020 |
|---|---|
| Operating system | FreeRTOS |
| CPU | STMicroelectronics STM32WB55 |
| Memory |
|
| Removable storage | Micro SD (up to 256 GB) |
| Display |
|
| Connectivity |
|
| Dimensions | 100 x 40 x 25 mm |
| Mass | 104 grams |
Flipper Zero is a portable Tamagotchi-like multi-functional device developed for interaction with access control systems.[1] The device is able to read, copy, and emulate RFID and NFC tags, radio remotes, iButton, and digital access keys, along with a GPIO interface.[2] It was first announced in August 2020 through the Kickstarter crowdfunding campaign, which raised $4.8 million.[3] The first devices were delivered to backers 18 months after completion of the crowdfunding campaign. The device's user interface embodies a pixel-art dolphin virtual pet. The interaction with the virtual pet is the device's core game mechanic. The usage of the device's functions defines the appearance and emotions of the pet.[4]
In the built-in game, the main mechanic to "upgrade" the dolphin is to use the various hacking tools. While harmless uses (like as a remote control for a television, or carbon dioxide sensor) exist, some of the built-in tools have criminal uses, including RFID skimming, bluetooth spamming (spamming a bluetooth connection, crashing a persons phone), and emulation of RFID chips such as those found in identification badges, using the built-in radio cloner to open garage doors, unlocking cars and functioning as a wireless BadUSB. The device has been removed from Amazon.com.[5]
Origin
The device was developed by Alex Kulagin and Pavel Zhovner in 2019.[6] They started raising funds on Kickstarter.[6]
Overview
Flipper Zero is designed for interaction with various types of access control systems, radio protocols, RFID, near-field communication (NFC), and infrared signals.[7][8] To operate the device, it is not required to have a computer or a smartphone; it can be controlled via a 5-position D-pad and a separate back button. Flipper Zero has a monochrome orange backlight LCD screen with a resolution of 128x64 pixels. For connection with external modules, the device has general-purpose input/output (GPIO) pinholes on the top side. User data and firmware updates are stored on a Micro SD card. Some actions, such as firmware or user data update, require a connection to a computer or a smartphone with developer's software installed.
In July 2023 an app store was opened for the device.[9]
Technical specification
The electronic schematics[10] and firmware[11] of the Flipper Zero project are open sourced under the GNU General Public License. At the same time, the device does not fit into the open-source hardware category because the printed circuit boards are not open-sourced, which does not allow enthusiasts to make their own copies of the device without knowledge of electrical engineering.
Hardware
Flipper Zero is based on a dual-core ARM architecture STM32WB55 microcontroller, which has 256 Kb of RAM and 1 MB of Flash storage. The first core is a 64 MHz Cortex-M4 which runs the main firmware. The second core is a 32 MHz Cortex-M0 which runs STMicroelectronics proprietary firmware that implements the Bluetooth Low Energy protocol. For radio transmitting and receiving in the 300–900 MHz radio frequency range, a Texas Instruments CC1101[12] chip is used, which supports amplitude-shift keying (ASK) and frequency-shift keying (FSK) modulations. Unlike software-defined radio, the CC1101 chip cannot capture raw radio signals. This limitation requires the user to pre-configure the modulation parameters before receiving a radio signal, otherwise the signal will be received incorrectly.
Firmware
The Flipper Zero firmware is based on the FreeRTOS operating system, with its own software abstraction over the hardware layer. The firmware is mostly written in the C programming language, with occasional use of C++ in third-party modules. The system uses multitasking in combination with an event-driven architecture to organize the interaction of applications and services executed in a single address space and communicating through a system of queues and events. The system can be executed from both random-access memory (RAM) and read-only memory (ROM). Execution from RAM is used to deliver over-the-air (OTA) firmware updates.
The firmware consists of the following components:
- FuriCore – provides an API for interaction with the scheduler and multithreading. FuriCore abstracts and extends the functionality of the FreeRTOS scheduler and adds additional system primitives.
- FuriHal – provides an API for interaction with hardware.
- Services and applications – the main functionality of the device. Sub-GHz, Infrared, RFID, NFC, etc are applications for user interaction. Graphical user interface (GUI), command-line interface (CLI), Notification, Storage, etc are additional APIs for applications development.
- A set of libraries and drivers – covers various communication protocols, device drivers, file system drivers, and developer tools.
User and system data is stored in built-in flash memory, which is based on the LittleFS library. Interaction with the file system on the SD card is implemented using the FatFs library.
The build system is based on the SCons tool with additional tooling written in Python. For compilation, the system uses its own open toolchain based on GNU Compiler Collection.
Applications
Sub-GHz
Flipper Zero has a built-in module that can read, store, and emulate remote controls, allowing it to receive and send radio frequencies between 300 and 928 MHz. These switches, radio locks, wireless doorbells, remote controls, barriers, gates, smart lighting, and other devices can all be operated with these controls. Using Sub-GHz Flipper Zero can also receive and decode the data from many weather stations.[13]
125 kHz RFID
Flipper Zero is compatible with low-frequency (LF) radio frequency identification (RFID), which is used in supply chain tracking systems, animal chips, and access control systems. LF RFID cards typically don't offer high levels of security, in contrast to NFC cards. Numerous form factors of this technology are available, including plastic cards, key fobs, tags, wristbands, and animal microchips. A low-frequency RFID module in the Flipper Zero can read, save, simulate, and write LF RFID cards.[14]
NFC
NFC technology, which is used in smart cards for access control and cards, and digital business cards, is compatible with Flipper Zero. The 13.56 MHz NFC module has the ability to imitate, read, and store these cards. An NFC card is a transponder with a unique identification (UID), and rewritable memory for data storage. When placed close to a reader, NFC cards transmit the needed data.[15]
Infrared
Flipper Zero can read and transmit signals that use infrared light (IR) such as TVs, air conditioners, or audio devices. It can learn and save infrared remote controls or use its own Universal remotes.[16]
GPIO and Modules
Flipper Zero explores hardware, flash firmware, debugging, and fuzz. It is able to function as a USB converter for UART, SPI, or I2C. The built-in GPIO pins connect to hardware, operate by buttons, send out code, and display messages on the LCD screen.[17]
iButton
The Flipper Zero has a iButton connector to allow it to read and emulate iButton contact keys.[18]
Bad USB
BadUSB devices have the ability to alter system settings, unlock backdoors, recover data, launch reverse shells, and do any other physical access-based actions. Flipper Zero functions as a BadUSB device and acts as a keyboard-like Human interface device (HID) by computers. Commands are supplied (payload) in the scripting language used by Rubber Ducky.[19]
U2F (Universal 2nd Factor)
HID controllers
Flipper Zero can replace certain HID controllers. This allows it to interact with your phone or computer. It can remotely control media players, computer keyboards or mouse, presentations, and more.[20]
- Keynote: Presentations remote
- Keyboard: Double as a keyboard for your computer
- Media: Controls media on your computer, camera remote control for your phone
- Mouse: Double as a mouse for your computer
- TikTok Controller: Control TikTok app on your phone
- Mouse Jiggler: Duplicate mouse movements on your computer to keep computer showing active at all times
Bans, seizure and police bulletin
US Customs seizure and release
In late 2022, U.S. Customs and Border Protection seized a shipment of 15,000 devices, but they were eventually released.[21]
Amazon ban
On 7 April 2023 Amazon banned sales of the Flipper Zero via their site for being a "card skimming device".[5] Only WiFi development boards, screen protectors and cases are still available from the site after the ban.[5]
Brazil seizures
In 2023 people in Brazil who ordered Flipper Zeros reported that their orders had been seized by Anatel.[22] According to the Electronic Frontier Foundation Anatel has flagged the devices as being a tool for criminal purposes, making the certification process complicated.[22] Users have tried getting their devices certified, but to no avail.[22] The EFF has said that the seizures would limit the ability of Brazilian cybersecurity researchers to conduct research, as they have legitimate uses for the device.[22]
Police bulletin on Flipper Zero
In August 2023, The Daily Dot published an article on a bulletin for police officers published by the South Dakota Fusion Centre.[21] The document suggested that extremists might use the device to bypass access control systems controls, particularly on power stations.[21] The bulletin admitted there was no concrete evidence of plans by said extremists to use the device, though they expressed interest in online forums.[21]
Flipper CEO Pavel Zhovner was shown a copy of the bulletin and said that the Flipper Zero had been deliberately designed to not affect modern access control systems.[21] He also pointed out that the bulletin itself said that gates at power stations were not inherently vulnerable to the device but that older gates might be.[21]
Gatwick seizure
On 27 September 2023 a security staff member at Gatwick Airport confiscated a Flipper Zero from Vitor Domingos due to security concerns.[23] The device was then handed over to Sussex Police.[23]
See also
- Bluetooth Low Energy denial of service attacks - two forms of which use Flipper Zero
References
- ↑ "Flipper Zero turns hacking into a Tamagotchi-style game". Engadget. https://www.engadget.com/flipper-zero-tamagotchi-hacking-game-175949581.html.
- ↑ "Meet Flipper, the Tamagotchi You Feed by Hacking Stuff". Vice. 5 January 2021. https://www.vice.com/en/article/bvxyjm/meet-flipper-the-tamagotchi-you-feed-by-hacking-stuff.
- ↑ "Flipper Zero raising a staggering $4.8 million on a Kickstarter". Hackaday. 2 September 2020. https://hackaday.com/2020/09/02/flipper-zero-blasts-past-funding-goal-and-into-our-hearts/.
- ↑ Janssen, Gerard (2022). Hackers: over de vrijheidsstrijders van het internet. Amsterdam: Thomas Rap. p. 145. ISBN 9789400408371. OCLC 1259050992. https://www.worldcat.org/oclc/1259050992.
- ↑ 5.0 5.1 5.2 Gatlan, Sergiu (2023-04-07). "Flipper Zero banned by Amazon for being a 'card skimming device'". Bleeping Computer. https://www.bleepingcomputer.com/news/technology/flipper-zero-banned-by-amazon-for-being-a-card-skimming-device-/.
- ↑ 6.0 6.1 Rubio, Isabel (2023-04-11). "Flipper Zero: The ‘tamagotchi for hackers’ goes viral on TikTok". El País. https://english.elpais.com/science-tech/2023-04-11/flipper-zero-the-tamagotchi-for-hackers-goes-viral-on-tiktok.html.
- ↑ "This Unassuming Little Device Can Hack Your Smart Home". Gizmodo. 10 March 2021. https://gizmodo.com/this-unassuming-little-device-can-hack-your-smart-home-1846448809.
- ↑ "How The Flipper Zero Hacker Multitool Gets Made And Tested". Hackaday. 24 July 2021. https://hackaday.com/2021/07/24/how-the-flipper-zero-hacker-multitool-gets-made-and-tested/.
- ↑ Edwards, Nathan (2023-07-24). "The Flipper Zero has an app store now". The Verge. https://www.theverge.com/2023/7/24/23803600/flipper-zero-app-store-launch.
- ↑ "Flipper Zero Electronic Schematics". https://docs.flipperzero.one/development/hardware/schematic.
- ↑ "Flipper Zero Firmware Source Code". https://github.com/flipperdevices/flipperzero-firmware.
- ↑ "CC1101 — Low-power Sub-1 GHz wireless transceiver". https://www.ti.com/product/CC1101.
- ↑ "Sub-GHz – Flipper Zero — Documentation" (in en). https://docs.flipperzero.one/sub-ghz.
- ↑ "125 kHz RFID – Flipper Zero — Documentation" (in en). https://docs.flipperzero.one/rfid.
- ↑ "NFC – Flipper Zero — Documentation" (in en). https://docs.flipperzero.one/nfc.
- ↑ "Infrared – Flipper Zero — Documentation" (in en). https://docs.flipperzero.one/infrared.
- ↑ "GPIO & Modules – Flipper Zero — Documentation" (in en). https://docs.flipperzero.one/gpio-and-modules.
- ↑ Kingsley-Hughes, Adrian (2023-01-03). "Flipper Zero: Geeky toy or serious security tool?". ZDNET. https://www.zdnet.com/article/flipper-zero-geeky-toy-or-serious-security-tool/.
- ↑ "Bad USB – Flipper Zero — Documentation" (in en). https://docs.flipperzero.one/bad-usb.
- ↑ "HID controllers – Flipper Zero — Documentation" (in en). https://docs.flipperzero.one/applications/controllers.
- ↑ 21.0 21.1 21.2 21.3 21.4 21.5 Thalen, Mikael (2023-08-02). "EXCLUSIVE: Hacking tool Flipper Zero tracked by intelligence agencies, which fear white nationalists may deploy it against power grid". The Daily Dot. https://www.dailydot.com/debug/flipper-zero-racially-motivated-extremists-fusion-center-alert-nypd/.
- ↑ 22.0 22.1 22.2 22.3 Toulas, Bill (2023-03-11). "Brazil seizing Flipper Zero shipments to prevent use in crime". Bleeping Computer. https://www.bleepingcomputer.com/news/security/brazil-seizing-flipper-zero-shipments-to-prevent-use-in-crime/.
- ↑ 23.0 23.1 Thalen, Mikael (2023-09-29). "Airport seizes of Flipper Zero from passenger’s luggage over security concerns". The Daily Dot. https://www.dailydot.com/debug/gatwick-airport-seizes-flipper-zero/.
External links
 |  |
