Flipper Zero - Tamagochi For Hackers

Flipper is a small multi-tool for pentesters that fits in every pocket. It is inspired by the pwnagotchi project. The core idea behind Flipper is to combine all hardware tools needed for pentesting in a portable device.

In addition to that, Flipper also turns hacking into a game by showing the curious personality of a cyber dolphin. It loves to hack things like access control systems, radio protocols and more.

Pavel Zhovner is crowdfunding the Flipper via kickstarter. The campaign was expected to start in May, but got postphoned to June due to Covid-19 delivery issues. In an email, he told us that the first 1000 pieces ordered will have a maximum discount. If you want to stay updated, you can enter the mailing list at the end of this page.

To get a better view of the project, check out the 433 MHz sniffer functionality below!

A large class of access control systems and devices are using this range for operation. Garage door remotes, remote keyless systems and IoT sensors are just a few. Flipper's transceiver is capable of up to 100 meters range, which is quite a lot. This means that during a pentest, the pentester doesn't necessarily need to be close to the objective. Hiding behind a car nearby could be enough. So while an employee turns down the climate device remotely out of comfort, the pentester could have recorded this command and now has the possibility to replay it during another time of choice.

Flipper Zero comes with decoding functionality for popular algorithms like keeloq, doorhan, came and more. This makes it possible to find out more about an unknown protocol.

A fun addition is that the tamagochi part of Flipper can make new friends by finding other Flippers out there, using the 433 MHz range.

Low-frequency cards are mostly built into older access control systems. The authentication can easily be read and copied. Flipper contains a 125 kHz antenna which can be used for EM-4100 and HID Prox cards. Gaining access to such systems is usually done with a keycard copier. With Flipper, this attack method is just one of several.

Flipper owners can even exchange card dumps remotely. This might become handy during a pentest of more than one person.

TV's, air conditioners and stereo systems typically contain infrared receivers. Their infrared transmitter counterpart can be used to send commands, like turning on the TV.

The learning feature of Flipper's infrared transceiver receives signals and saves them to the library. Those signals can later be replayed and/or shared with the Flipper community.

Flipper's functionality can be enhanced using your own programming skills. Your code can use all built-in hardware available. The code can be run as seperate plugin. This means that you can store your code on Flipper and run it, while using the original Flipper firmware. This eliminates the need to upload code repeatedly, like with basic Arduino boards.

Flipper can be connected to any hardware-piece that uses GPIO. This makes it possible to be used as hardware hacking, firmware flashing, debugging and fuzzing tool.

Flipper is capable of emulating a USB device and posing as regular input device, like a keyboard. You surely have heard of USB rubber duckies, which are known to use this attack vector.

So by posing as a keyboard, it's allowed to do what a keyboard is - typing. Once plugged in, the stored payload is typed at high speed. An example payload of this attack is the opening of a powershell window and typing a command that downloads and executes a malicious file. Additionally, Flipper is capable of fuzzing USB on the target device.

Note: As this attack vector is known for several years now, we've created a free keyboard guard for everyone to use.

Flipper Zero contains a built-in iButton reader/writer. The iButton technology works with the quite old 1-wire protocol, which has no authentication. This gives the reader an easy job to accomplish. After the ID has been saved, the writer can write the ID to a blank key. This isn't necessary though, as the Flipper can even emulate the key itself.