What are people doing with the Flipper? It seems neat, but I fear I would get one and then forever leave it in a drawer having never done anything real with the device.
I was really excited to get mine! It is neat. I got it and it has been in my drawer almost exclusively. I have done exactly two things with mine:
* Opened my friend's Tesla battery charge hatch from a distance for fun (it closes again on its own after maybe 30 seconds)
* Recorded a lamp's IR remote on/off/up/down toggles and used the Flipper to turn on the lamp, rather than using the IR remote, to try to debug whether the remote was going bad or if there was a problem with the lamp (it was the lamp itself)
And I tried, unsuccessfully, to:
* Read my dog's microchip data
Otherwise, I haven't found any use for it. I really wanted to like it. I did a search to see if there was anything interesting to do with it that I was missing, and basically it's what I did (or failed to do) above. Some people also use it to change TV channels at restaurants as a prank it looks like.
1/4th of my cats have microchips. They were moderately annoyed as I scanned them.
The whole microchip registry thing is a mess, though. There's no authoritative database and I'm certain that the database entry for my cat is at some shelter where he was briefly held. I have no way of updating this data without paying a subscription fee, so that's out of the question.
Outside of IR remotes and popping tesla ports, I have used it to emulate RFID tags. I don't have enough free time to really utilize it appropriately.
Here's a ML problem for someone to consider tackling ... given a cat picture, identify all of the relevant cat subs that it might get posted in. This could be applied to dogs too... but cats rule the internet ( https://en.wikipedia.org/wiki/Cats_and_the_Internet )
> The whole microchip registry thing is a mess, though.
That is, unfortunately, correct ^^^ I went through this with my dog. I was told to find out which services your local animal control and humane society use, and make sure your pet is added to those registries. Yes, some charge $$$, but the registries recommended to me were free.
If your pet ends up with animal control, and they can't find the chip registration, getting your pet back can be a nightmare.
And if you move across the country the local animal control / humane society may use different registries.
It's a great idea, in theory, but it's opened up a world where the possibility of scam registries can exist.
I've considered the challenges of an open and public registry, but allowing the public to access it is problematic as there is no way to validate the entries and you would be handling people's contact information. It might be an actual use of a distributed blockchain / public ledger.
Maybe there is no need for a centralized database of contact information, but there could be one for found pets.
Single resource. Any vet/shelter/guy with a RFID scanner can report found pet with this barcode at approximately this location. If you know this pet, contact us here. Presumably only vets and shelters would be adding to the database, so all of the contact information is already public. People who have lost their pets can then monitor this location/sign up for alerts after you lose Fluffy.
Not as great as being able to immediately lookup the owner, but eliminates some privacy concerns.
You couldn't do this with current chips I don't think, but if you had at least 256 bytes of randomness on the chip, you could.
The simplest way to do this would be to use the random data for an EC25519 private key, which would be used to encrypt the data[1] and then sign the encrypted blob plus an unencrypted timestamp. The registry would be a mapping of public keys to encrypted records. Updates could be accomplished by sending a record with a greater timestamp, which would then be propagated to other nodes.
You could also put a DHT on top of that to minimize storage requirements, perhaps also a PoW scheme for sibil resistance.
[1] EC doesn't technically do encryption, but that can be worked around by attaching a public key for an ephemeral keypair for your message, doing a DH against the two keypairs, and using the resulting secret as a key for symmetric encryption.
Or, why have a registry at all? Can't the chip itself hold a few bytes of data for a phone number? I don't know anything about these "chips", but I have to imagine that's possible.
Why would a phone number be useful as a permanent ID for a pet? What if it is rehomed or the owner changes their number? A UUID with a central database or a public/private key with a decentralized database are much better solutions for that.
There is no single authoritative database, but it works kinda like MAC addresses, in that the microchip prefix tells the system who made the chip, which tells them which database to look you up in. You should be able to get the shelter to update the database to match your contact information for you free of charge. At least our shelter was willing to do so. They already have to pay the fee, so why not?
> The whole microchip registry thing is a mess, though. There's no authoritative database and I'm certain that the database entry for my cat is at some shelter where he was briefly held.
That form is able to find my cat's microchip information in both the registries I have her on, for example. But yes, I was surprised the pet microchip scene isn't more consolidated. Like bicycle registrations are, where the two major U.S. players are https://bikeindex.org and https://project529.com
EDIT: But I was unable to read my cat's microchip with my Flipper Zero, even though my vet confirmed it's still readable using their more appropriate tool for the job.
Can you emulate common TV IR blaster protocols without first recording them?
I used to have an LG G4 android phone with a TV remote app built in- with just the TV manufacturer information, I could change the channel / volume in all sorts of useful places (the gym, etc.). I miss this feature often.
"Flipper Zero has a built-in library of signals for common TVs, ACs, projectors, and stereo systems brands. This library is regularly updated with new signals, thanks to the Flipper Zero community's active contributions to the IR Remote database."
(from the flipper zero homepage)
I've successfully used mine as a "TVbGone", switching off all the TVs in a bar...
For God knows why reason, the original PSPs used to come with an IR LED. I put a homebrew program on my PSP that let you control it, and fed it a txt file with thousands of TV IR codes. What a blast!
Not natively. There is other firmware out there, though, that allows such functionality. Depending on where you live, it may be illegal to even try, though, hence the native firmware locking out such use (you can record or visualize but not save/replay).
I don’t know exactly how the rolling key works but wouldn’t it be kind of like having a secret stored in the key that’s needed to generate the next code? If it’s designed properly, recording a few thousand codes shouldn’t tell you anything about the next code, just like you can’t deduce private keys by looking at a few thousand encrypted files. I have no clue if that’s really how it works, so I would be happy to be corrected if my mental model is wrong here.
That phrase is doing a lot of heave lifting there...
(This is only what I've read, but as i understand it many rolling code keys can be broken by recording three button presses while the keyfob is out of range of the car, then brute forcing the seed.)
Basically yeah. You'd need millions of replays to even have a chance. Cracking basic wifi back in the day required a couple days worth of sniffed packets. I'd imagine this is similar, if there is in fact a way to do it.
I'd love to have this, mainly so that I could have a single dongle on my keychain for both my and my wife's car. I know others have said that there are issues around rolling codes. But it's possible to get official duplicate / replacement keys; how does that work?
So far I have not been able to emulate the keys on either of my cars, a 2001 Ford Ranger and a 2019 Subaru Outback. I think the Ranger is probably possible, but I haven't figured it out yet.
My current practical use case is that I read our cat's microchip, so when a new device comes, instead of coaxing the cat into the device (e.g. smart cat flap), I just use the Flipper in emulation mode to train the device.
As someone in cybersecurity, it is handy as a low frequency RFID reader as Android phones only support higher frequency. Having something compact and in a single unit (compared to a Proxmark) makes it easier to 'grab-n-go'. It is neat to show people how insecure common access control systems are.
I've also used it as a universal remote more than a few times on devices that didn't come with a remote. The App running on a phone makes it somewhat easy to transfer new remote templates to the Flipper over Bluetooth.
It also comes in handy as a serial adapter as it has GPIO pins you can connect to things (UART headers).
The RF transceiver is also cool to capture RF remotes (garage doors, overhead fans, etc.) and replay them.
Yeah, the Flipper Zero has a "sub 1GHz" transceiver, from memory its a CC1101?
It can receive and transmit from about 300MHz to 930MHz (with a few gaps in between).
I've used my Flipper to sniff the signals for my wireless controlled projector screen, projector, and home theatre amp. I then used the data I sniffed to program an ESP32 with a CC1101 module attached, so I can roll down the screen and turn on the project and amp via wifi (with Homebridge and iOS Home app).
I later sniffed my garage door opener, added that into the ESP32/CC1101 gadget. I needed to add a better antenna to make sure it reliably had range to get to the garage door, but it now works more reliably than the keychain fob, and I can use an "arrived home" automation to have the door open without me needing to stop the motorcycle and take off my gloves and get the key fob out of my pocket. I may replace this with an Arduino/CC1101 triggered by the hi beam switch.
The Flipper Zero is a super useful tool when having ideas like this, but like most tools, it really does sit in the drawer most of the time. But I'm glad it's there, I don't regret a cent of it's purchase price.
I use it as a store for all the amiibo data I might want, as well as a universal remote for my TVs and fan/light in the house. I also use it on the TVs and receivers at work when someone misplaces or loses the remotes, and keep a separate one in the car with a few garage codes for my parents and siblings houses.
The wifi board is fun to play with to learn about how some of the more common/basic SSID spoofing and broadcast spam attacks and similar things work. There are some fun HID device attacks you can check out too that are pretty cool. I also used it as a jumping off point to dabble with programming in C and using gdb and stuff like that.
I've just got the wifi board. My initial use case is to see if I can send de-auth attacks to the Ring doorbells overlooking the road/sidewalk in the two new houses just up the street...
I use it to automatically turn my older A/C off and on automatically while I’m not home. When I’m home, my wife and I use it as a universal remote around the house. Admittedly, it’s not what I originally bought it for (like others, I bought it as a toy), but now we depend on it for the former reason mentioned.
For 99.99% of buyers, it's a toy. It will be played with briefly and discussed online for more. For a tiny portion there is a legitimate use, however I think its highly unlikely there isn't something that does that use for cheaper, and better.
The only "real" thing I did with it was use it as an IR blaster and debug tool to remote control my window fan. Once I figured out the IR protocol, I replaced it with a $10 gizmo from Aliexpress that has an ESP32 hooked up to an IR LED.
Otherwise, it's kinda fun for scanning credit cards, pet microchips, maybe the occasional NFC or RFID tag. It can clone most hotel keycards, at least to the level required to open your door, although the parking gates tend to use better security.
It can also emulate an AirTag, at least on the bluetooth beacon side, which is kinda funny.
I don't have an iPhone so I'm not 100% sure, but one of my friends who has two phones and two Flippers uses it from time to time. It seems trackable within a pretty short range but I don't really understand the value.
It’s sort of like having a leatherman. You almost never NEED it but it feels great when you do. I clone all the remotes in my house for when my kids inevitably lose them.
According to guys on reddit, turn on public TVs in malls so minimum wage workers have to spend a lot of time to find out who actually has the remote to turn it back on, they buy cases for them, new shells, and take photos of them.
That would be a variant on the old TV-B-Gone prank gadget, which can be easily built with a minimum uC and a few parts, plus firmware.
https://en.wikipedia.org/wiki/TV-B-Gone
I got one so that I could make copies of my apartment keyfob; I live alone and having a spare keycard that goes inside my phone case has saved me from locking myself out of my building multiple times. For me it's already paid for itself by ensuring my peace of mind. I've also used it to copy my gym tag (NFC), my parents' apartment keyfob (also NFC surprisingly), and multiple office access cards.
I've had mine for a long time. I mostly use it to read and clone 125KHz RFID tags.
I have a few ideas to make it more useful, but every time I try to get into developing an app, I get frustrated and give up. It is probably the worst codebase I have ever seen. Just walls of strangely named function calls with no code comments and no documentation whatsoever.
At the moment it is in my office monitoring a temperature readout that is hosted by a web server and then turning on the ceiling fan if it gets > 80F and turns it off again if the temperature drops below 75F.
This is what happened to mine. I flashed Momentum, got Maurader and a wifi dev board, did the "all the pcaps!" thing for a bit, opened some garage doors, then used it to clock in at work for no reason.
Then I went to go sell it and found out you can't list them on eBay or FB Marketplace. Not sure how to go about selling or trading one beyond those types of places, either, so I basically have a pricey dust collector in a drawer.
My neighborhood has a vehicle gate that is opened by an RF clicker, and a pedestrian gate opened by an RFID tag. I copied both of mine to my flipper. A couple months ago the coin cell battery in my clicker died, but I had my flipper! I also use the cloned RFID tag fairly regularly. There are two RFID tags in the house and more than two people using them, so I use my flipper for that too.
It can take a lot of slowly moving the flipper around to get it to read a pet chip. Definitely not as straightforward as scanning your office's access card.
I use shortcuts on my iphone set so that when carplay activates, or when I get close to home, it tells the flipper to send the gate and garage door codes to my house, so I can leave or get into my home without having to find the commando.
I use mine predominantly to write "programs" that control the TV. Namely, I've got a program that changes the brightness and volume of the TV then turns off the bedroom light at night. Then another program that undoes that.
you can execute a suite of BLE, wifi, and IR attacks. You can target NFC and RFID. You can add scripts and boards to boost signal and functionality. You know, fun stuff.
