Interview with developers of Flipper Zero — a multi-tool for hackers and pentesters

pvsdev

Anastasiia Vorobeva

Posted on October 25, 2023

Interview with developers of Flipper Zero — a multi-tool for hackers and pentesters

Flipper Zero is a pocket "multi-tool" for geeks, a treasure for pentesters, and your own cyber pet. All you need to take full advantage of Flipper Zero is your imagination and a set of certain skills.

Image description

In this article, we chat with the Flipper Zero developers. We invite fans of the device to delve into the history of its creation and explore its technical capabilities. If you are hearing about Flipper for the first time, you can learn more about it. Flipper has gone through bans, negativity, and praise. The project has brought together hundreds of thousands of enthusiastic hackers and people who are curious to learn more about the world around them. Have fun reading the article!

We talked to three developers — Alexander, Ivan, and Sergey. Energetic and positive, the team gathered to share with us one of the most important endeavors of their lives — the Flipper Zero project.

We'll discuss the following:

  • the birth of an idea
  • inspiration and references
  • basic functionality
  • worldwide success
  • security and responsibility
  • what's new

Birth of idea

Alexander: Flipper Zero is a Tamagotchi for hackers. Or rather, a geek's Swiss Army knife that has evolved from a hacker's Tamagotchi to a full-fledged prototyping, development, and pentesting platform. In three years of the device existence, our team and community have written many different applications and tools in addition to the basic pentest functionality. They range from games and simple sensor interrogation programs to in-circuit debuggers. It's come to the point where Flipper can debug another Flipper, your Arduino, Raspberry Pi, or anything that has a debugging interface. And that's pretty cool.

First drafts and ideas were born during the development of access control and management systems. As is usually the case with hardware, the analysis and debugging tools are either not user-friendly or simply do not exist. Around the same time, we came up with the idea that it would be nice to have all this in one device with a user-friendly interface.

Image description

These ideas and drafts turned into concepts, which turned into early prototypes and a Kickstarter campaign. After its success, the history of Flipper Devices Inn began.

William Gibson and Siemens: a hacker's nostalgia

Flipper Zero is not just a handy and compact gadget, it's your cyber friend. A dolphin was not chosen by chance. It's a reference to "Johnny Mnemonic" by the father of the cyberpunk subgenre, William Gibson. Even when you're not using the device, the little animal has a life of its own. You can play with it or feed it with some keys or cards. The latter is an original idea. Your Flipper is a hungry pet that embodies the hunger of curiosity. It gives hints and encourages the gadget owner to explore the world of technology.

Image description

Upon unpacking, we see the phrase "Hack the planet", which is probably a reference to another project — pwnagotchi. Its developers, for their part, borrowed a phrase from Ian Softley's famous movie — "Hackers". By the way, pwnagotchi used to eat WPA handshakes and WiFi network PMKIDs.

Image description

The way the device looks and its amber display are reminiscent of old Siemens phones. The idea wasn't just to "get nostalgic" about it. The point is that the display is perfectly visible in bright sunlight. It also has a very low power consumption — around 800 uA with the backlight off.

Image description

Flipper games are a different kind of nostalgia. Users have created many games of various complexity levels. There is text-to-speech chess, and you can also find simpler things like Tetris or Tic-tac-toe. There's a rock-paper-scissors game that you can play with another Flipper owner over the radio channel. There's a Doom analog and much more.

Image description

Overall, in terms of design and appearance, the devs have made a nice and user-friendly device.

"Hello, Flipper!"

The idea behind the device is to bring together all the hardware tools needed to research and develop on the go. Flipper turns your projects into a game and reminds you that development should always be fun.

Image description

Alexander: Many people find it easy to use Flipper Zero right out of the box. The UI/UX is designed not to intimidate those who don't know anything. You have three functions for each subsystem: read, write, emulate. You can just poke around and explore the world. For example, you have a tag, and you're trying to figure out what it is. You bring up your device, you read it, and voila — you have an answer.

Of course, the world around us is a little bit more complicated than that. And if we talk about mifare, for example, it has unusual things like authentication. There are sectors with protected passwords. You need to know how to get the passwords by attacking the reader or the card. Everything about the basic functionality of our applications is described in the documentation. There are also guides on how to work with certain types of cards, for example. In addition, we have a fairly large community that develops different things. There are additional applications that greatly expand the functionality of the device. However, using them requires advanced knowledge.

Sergey: In addition to the basic functionality described in the documentation, we have a catalog of over a hundred applications. Of course, we can't monitor everything. The quality there is slightly different from the quality of our applications, including the documentation. That is, some things are not written at all.

Wanna hack a Tesla? 3 types of Flipper users

Sergey: We can classify our users into 3 categories. Flip kiddie — people who bought Flipper because they saw Tesla sunroofs being hacked on TikTok; they saw how to turn off TVs in the store, and they wanted to do the same thing without deep understanding of it.

Image description

The second category is people who use Flipper all the time. They know how to use it to log into their computer, they write scripts for BadUSB. These people are interested in the world around them. For example, they see that there is an intercom. They look at what technology is used there: NFC, RFID, or iButton. They find the card, scan it with Flipper, explore the technology, and read about it. To unlock the potential of Flipper, you need to be interested in the world around you.

The third category is the superhumans who write applications for Flipper. A person from our community works in the cash registers service center. To not take his laptop with him, he wrote an application for Flipper that automates cash register maintenance.

Alexander: There is a more telling example for the second category: one of our first users is a paramedic. His job requires him to travel to various hospitals, so he has a stack of access cards. He copied them and now just walks around with Flipper, so he doesn't have to carry the cards around.

Basic functionality

Image description

Sub-Ghz

Image description

The integrated radio module is based on the TI CC1101 chip. It supports transmission and reception of digital signals in the frequency range of 300-928 MHz. This is the operating range for a wide class of access control devices and systems such as garage door openers, auto barrier gates, IoT sensors, and remote keyless entry systems. The RF transceiver is integrated with the modem, supports multiple modulation formats, and has a configurable data rate of up to 600 kbps.

125 kHz RFID

Image description

On the bottom of the Flipper case is an antenna that operates at 125 kHz. It can read LF RFID cards (EM-4100, HID, Indala, and so on), store them in memory, and emulate any of the stored cards by menu selection.

iButton

Image description

Flipper Zero supports a variety of button keys. The most popular are iButtons, which use the 1-wire protocol. When you attach the key, its protocol name appears on the screen above the ID number. In key emulation mode, the device acts as a key and emulates the iButton from the memory.

U2F

Flipper Zero can be used as the U2F token to work with services that support the protocol, such as Google, Twitter, Facebook, Dropbox, LastPass, Amazon AWS, and many others;

Alexander: U2F is actually a previous generation of protocols. It has now been replaced by FIDO. We'll add support for it later, too. Both protocols allow user authentication without the usual usernames and passwords. The idea is that you have a device, it has a set of private and public keys, and there's some kind of service that you want to authenticate with. When you register with the service, it connects with your U2F token, sends a registration request, and retrieves your public key. In addition, your U2F token has a record of registration with this service. And the next time you authenticate with the service, it will ask you for the U2F token to sign the request with a private key, verifying that you are who you say you are. This allows you to authenticate without logins and passwords.

Image description

Note, however, that Flipper is not meant to replace hardware tokens, which have a crypto enclave and are specifically designed to store keys securely. We have the key encrypted with the unique key of the device, but if you try hard enough and access the device when it's unlocked, you can get the key.

Infrared

Image description

An infrared transmitter can send any signal to control electronics such as TVs, air conditioners, stereo systems, etc. The infrared module consists of an IR receiver based on TSOP75338TT, which allows to capture any IR signals with a carrier frequency of 38 kHz, and three VSMY14940 infrared emitting LEDs that operate at 940 nm.

Open-source code

Anyone can enhance the functionality of Flipper Zero by modifying the firmware code and/or writing custom applications.

SDK for all platforms

It is possible to develop apps for the device on all major platforms (Windows, macOS, Linux). For a quick start, there is the ufbt tool. With a single command, it enables you to install everything you need to start developing your application.

BadUSB

Image description

Flipper Zero can emulate input devices such as a keyboard or mouse and makes it possible to execute user-written scripts. This is how you can automate routine actions.

Bluetooth

Image description

Flipper Zero has a built-in Bluetooth Low Energy module. As with the other wireless features of Flipper, an open-source library is available to add Flipper support to applications built by the community. With full BLE support, Flipper Zero can be used as a peripheral device.

The NFC module

Image description

The NFC module is based on the ST25R3916 controller. It's a high-performance universal NFC controller from STMicroelectronics that supports NFC initiator, NFC target, NFC reader, and NFC card emulation modes when required. Fully compatible with EMVCo 3.0 analog and digital devices, this NFC chip is optimized for POS terminal applications and provides the fastest possible interaction, even in harsh environments where the antenna is close to noisy LCD displays.

Flipper Zero can read certain frequencies, listen to radio channels, pick electronic locks, control household appliances, open gates, and much more. Flipper can read and emulate NFC tags, radio signals, and capture remote control signals via the built-in IrDA. It's a versatile tool for hardware exploration, firmware flashing, debugging, and fuzzing. You can connect it to any hardware device using GPIO to control it with buttons, run your own code, and display debug messages on LCD. You can also use it as a standard USB to UART/SPI/I2C/etc adapter.

Why do Flipper developers use Flipper?

Alexander: I use Flipper every day, for example, in development process. I often need a debugger when prototyping, so I use Flipper. I carry it with me all the time to turn off the TV, emulate different cards — Flipper has all this in one device and can also connect various external modules. It combines many different little things that can come in handy. It has a router, you can connect to its UART.

Sergey: Actually, in addition to Flipper being a universal keychain for everything, I had a case. I once rented a hotel room. There was no remote control for the air conditioner, which was set to a low temperature setting. With Flipper, I was able to control the air conditioner and make the temperature warmer. Also, since I design electronics, I often need to prototype something. For example, I just got a new display, and I need to run it to see what it looks like. I find it much easier and faster to prototype using Flipper than Arduino. Mainly because of the iteration speed. It's much faster to run code on Flipper than to flash some ESP32, STM32, or the same Arduino. As Alexander said, Flipper is a replacement for a very large number of devices: it's a pocket-sized USB to UART adapter, a CMSIS-DAP debugger, Atmega firmware, SPI flash firmware, a signal generator, and even a power supply. It even has an oscilloscope in user applications. It's a little weak, but Flipper has it.

Image description

Ivan: The big advantage is a significant number of pre-installed bases for infrared remotes for all kinds of systems, including TVs and air conditioners. It's really convenient. Sometimes you can't tune up the air conditioning system in the room you're in.

The full article is here
Enjoy!

💖 💪 🙅 🚩
pvsdev
Anastasiia Vorobeva

Posted on October 25, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related