• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

I Like Kill Nerds

The blog of Australian Front End / Aurelia Javascript Developer & brewing aficionado Dwayne Charrington // Aurelia.io Core Team member.

  • Home
  • Aurelia 2
  • Aurelia 1
  • About
  • Aurelia 2 Consulting/Freelance Work

Thoughts on the Flipper Zero

Reviews · June 14, 2022

After seeing the Flipper Zero was finally shipping, I tried to get one. Unfortunately, in Australia, getting the Flipper Zero officially was impossible. There seems to be a lot of demand for this little gadget. Fortunately, there were a few on eBay.

The original Kickstarter campaign is here if you want to read about it. As you can see, it was behind schedule, missing its delivery deadline by about a year.

I ended up paying quite a premium as the Flipper Zero is a little hard to obtain, at least here in Australia. I am sure they’ll be easier to get in a few months and hopefully cheaper.

After getting my beloved Flipper Zero, I set out, like most people who get these types of gadgets, to see what I could do. For such a small device, it can do infrared, NFC, GPIO, Button, 125 kHz RFID and most importantly: the ability to transmit and receive sub-GHz frequencies.

It’s important to taper your expectations. The Flipper Zero is not some magical Watch Dogs-inspired hacking device that will allow you to control traffic lights, security cameras or make ATMs give you money. It’s quite limited in what it can do and is very much a gadget for light pentesting and a gentle introduction to the world of software-defined radio.

The Flipper Zero most interested me for its ability to work with sub-GHz frequencies (frequencies below 1 GHz). This allows you to read key fobs like modern wireless car key fobs, garage door openers, ceiling fan remotes and many other devices that use sub-GHz frequencies.

Before buying the Flipper Zero, you should know that many modern sub-GHz devices, such as garage doors, leverage a security concept called rolling codes. Simply put, it means your remote and device that receives the button presses are keyed and, leveraging some secret seed, transmit a different code each time.

My first attempt to clone my wireless car key fob and garage door failed. You’re presented with a lock icon in the Sub-GHz menu when you do a read if it’s using rolling codes. The stock firmware will not let you save these, but third-party firmware (I recommend one below) will.

The Flipper Zero will not allow you to bypass rolling code encryption. There is a third-party tool with a free option called Kaiju, which claims to be able to decrypt rolling codes, but I haven’t tried it, and I am not sure if it will ever be possible.

Reliving my fun as a child when I bought a universal remote and would mess with the TVs at school and the neighbour’s house. On the first day I received the Flipper Zero, I turned off some TVs. I then started reading things like my bank card, Amiibos and anything else with an NFC or RFID chip.

Because this is a gadget that works with frequencies, the FCC licences it. Therefore some frequencies are restricted in the stock firmware to comply with region restrictions on what frequencies you’re allowed to transmit or receive. However, many third-party firmware removes this restriction and adds new features and frequencies. My favourite is Roguemaster.

I will be honest; the one thing I did find disappointing is many of the remotes I’ve attempted to capture use rolling codes. Some use fixed codes still, but most modern sub-GHz devices use rolling codes. Still, it’s a fun device. I recommend getting some Tesla captures that allow you to open the charging port on Tesla vehicles.

Another use case I have used a lot is the Amiibo support. This has allowed me to pretend to own numerous Amiibo’s without buying them for my Nintendo Switch. Amiibos can give you new characters and other features in certain Switch games.

Overall it’s a fun device and seems to be regularly updated. Seeing the community release unlocked firmware and features gives me hope in the future, this little device will be able to do so much more than it currently can.

The Flipper Zero has taken me down the software-defined radio (SDR) rabbit hole. I placed an order for a HackRF One and a Portapack a few days after getting my Flipper, so wish me luck as I go down what could be quite an addictive path of working with radio and frequencies.

Now, excuse me, I have some TVs to turn off at my local McDonald’s again.

Dwayne

Leave a Reply Cancel reply

0 Comments
Inline Feedbacks
View all comments

Primary Sidebar

Popular

  • How To Get The Hash of A File In Node.js
  • Testing Event Listeners In Jest (Without Using A Library)
  • How To Install Eufy Security Cameras Without Drilling or Using Screws
  • Which Neural DSP Archetype Plugins Should You Buy?
  • Smoke Detector Randomly Goes Off Early Hours of The Morning
  • A review of the Neural DSP Quad Cortex: is this the future of amp-modelling?
  • How To Mock uuid In Jest
  • Microsoft Flight Simulator 2020 Settings for The HP Reverb G2 Headset and RTX 3070 Graphics Card
  • Removing A Character From The Start/End of a String In Javascript
  • How to Copy Files Using the Copy Webpack Plugin (without copying the entire folder structure)

Recent Comments

  • Jay on Neural DSP Reveal Details About the Long-Awaited Quad Cortex Desktop Editor
  • john on Deno Raises $21M – but is anyone using it yet?
  • Oranges on How To Store Users In Firestore Using Firebase Authentication
  • Precious on Fixing Sequel Pro SQL Encoding Error For Imported SQL Files
  • James on A List of WordPress Gutenberg Core Blocks

Copyright © 2022 · Dwayne Charrington · Log in

wpDiscuz