Is The Flipper Zero Useful For Anything?

"To use this tool as a hacking tool, you must first hack this tool"

I work as a general contractor, my Flipper has been one of my favorite tools I have ever owned. A lot of my clients live in gated communities, apartment complexes, etc. Being able to get in and out of these communities with a pushbutton is one of the most pleasant feelings in the world, that is all. No memorizing codes, don't have to do shit, I can even open some of my customers garages if they ever need me to. Of course, I have to program it first, but it takes seconds

You need to run custom firmware on there. This will open a whole bunch more.

Quick note about recording the car fob: If your car was close enough to receive your keyfob at time of recording then when you replayed the keyfob signal the car will reject receiving that signal a second time. This is thankfully due to most cars having a "rolling code" that changes with each button press which prevent replays... usually.

The separate on and off buttons are quite helpful for professional A/V situations where you might not be able to immediately tell if the projector has turned on or not. Instead of just telling the projector to change to an ambiguous "the opposite of the current state", you can specify exactly which state you're looking for.
The result is that you can just spam the power button without needing to worry that you're turning it on and off and on and off and on....

In my time with owning a flipper, I have realised that it doesn't do anything that other devices can't do, the only advantage is the tint size. All of the issues thst you have mentioned can be avoided by downloading a custom firmware, I use flipper unleashed. The main downside of the flipper is the lack of power, it often struggles with range and suchlike. I plan on making some external modules for the most often used modes. I see it in the same way that you said, as a multitool. It does the same job as dedicated tools, in a more compact size profile but not as well

iButton is not actually some Apple nonsense! It's a one-wire communication protocol used in a lot of older security keys and even as a transit pass in some cities! It also goes by the names "touchmemory" or "dallas keys".

I want one largely to just use as a GREAT “universal remote”. No messing with button pressing/holding, just a nice GUI and it can control all the stuff not just IR devices.

A lot of people do not understand RFID. These devices do not transmit data unless they are in close proximity to a reading device. which briefly powers them just long enough to send a packet of data. I think you could probably do the same thing with NFC reader software installed on any modern cellphone.

I look at this flipper thing and it reminds me of the bygone days of PSP hacking. Back then you had firmware, flashing and all the cool software people came up with on forums you could even access through the PSP's internet Tbrowser. The fat PSP came with an RFID sensor which made it ideal as a grabber for remotes; I had the AC remote hotkey'd in, as well as the school projector remote :D

If you ever decide to automate your home to manipulate your projector, you will be very grateful for its discreet On and Off signals. Toggling power is hard to program around since you have no guarantee of starting state.
Thanks for your videos.

I really appreciate your perspective on updates. On one hand, not updating some things has the potential to leave the user in a vulnerable state. On the other, it can (and often does) strip away features, or add things that benefit the manufacturer and not you. Even if it's just increased data collection that takes performance/battery life away from you. It's something worthy of consideration and discussion in my opinion.

I have the Xtreme firmware on mine and have tried it on multiple garage doors, at least two of them could be opened after capturing the signal once. They both had a vulnerable rolling key based protocol. The IR functionality can be both fun and useful. I've used it to turn on the TV when I can't find the remote in hotels etc. I was also able to clone some access cards, for a gym for example. Some of the GPIO apps are nice too. The signal generator and apps for testing various sensors. Bad USB is very nice in a penetration test scenario. If you get one of the WiFi addon boards you can also do de-authing and some other stuff. A lot of people (including my kid) have been lead to believe that this device can "hack" anything. Mostly because of fake TikTok clips. But it's a great device with lots of features. My girlfriend has played way too much Tetris on it as well. 😄

RSSI = "receive signal strength indicator" in dB relative to 1 milliwatt (0 dB is 1 milliwatt on the antenna). Typical lower receiver sensitivity is going to be from -90 dB to -120 dB. It looks like you can set a threshold of when the device will start recording as sort of a squelch feature.

It did not lock the car because vehicles and keyfobs use a synchronous rolling code. The car and the key have a seed value stored in them, and whenever you send a command such as lock, unlock, etc, using the fob it uses that seed value and then they update the value internally. By recording the key fob you are replaying an old value. So the car wont listen to it. You need to do whats called a Rolljam attack which will prevent the car from hearing the keyfob while you record the value.
Buyer beware! This can disassociate the fob from your car and you need to manually reset the rolling code inside the vehicle in order to reassociate the key fob with your vehicle. If your car doesnt allow you to do this manually you might need to have it taken to a dealership. Its not such a problem if you have a metal key in addition to your fob. If you are entirely pushbutton though as many modern vehicles are...
You wont be able to drive your car. And thus you will have to have it towed to a dealership.

I remember one of my friends got one of these and started testing it out with Flipper Unleashed... he then proceeded to accidentally change his AC unit from Fahrenheit to Celsius, couldnt figure out how to change it back, and then sold it to one of his uncles friends 💀

Also badusb is keyboard emulation to inject a payload, for malicious or prank purposes. Custom firmware adds BadBT which does the same thing to affected devices without even needing to connect physically

I'm a A/V technician, I mostly use the flipper to emulate different IR remotes so I can have all the remotes I need in my pocket. I also think the rubber ducky USB scripts are immensly powerful and usefull. Imagine having to change say the network config like ip and submask on 5 different machines or download a bunch of software that you need on multiple machines. Even tho the option is called bad usb, for me it's a really neat timesaver

Did you just do a CAT scan?

I use mine as a vault for all the RFID cards used to access different locations I service. If I visit a location and they loan me an access card I just clone it and give it back or generate one on fly and add to whatever system they use. It also came in handy to re-purpose some ioProx cards that we were originally going to throw out because we moved to an HID access based badge system.

I've got this device on my wish list, for no reason other than it seems fun and cool. I'm no criminal. I have researched it somewhat (watched youTube vids). You are going to get tons of great advice from actual users, so let me just ask that you please do an update soon!!!!! It was frustrating to see your results when I had seen others do some spooky, cool stuff! I have never seen weather satellite photos from junk before, so I have complete confidence in you, dude! I really love your channel!

Missed a lot of features and got a few wrong, but it's a fun tool and might take weeks to really discover its capabilities.

Fresh out the box flipper software is very minimal but when you install either of the 2 popular custom firmwares then all those restrictions are gone and the world is your to mess with

The reason is didn't let you save and replay the first garage door code is that it recognised the protocol as being from a device that uses rolling codes.
The dev team are paranoid about causing desynchronization issues between existing keyfob and reader (both for cars and garage doors) so they've made the choice to block the send. It's definitely not a government imposed decision. On the plus side this means your garage door is immune to replay attacks.
The second garage door is FCC regulations - in the US there are some garage door openers that operate on a licensed band. Only devices made by the license holder can transmit there, so the Flipper isn't legally allowed to. Unfortunately, this isn't respected by chinese equipment manufacturers, so many of them work in the same licensed band. Flipper is under a lot of scrutiny, so has to really follow the letter of the law.

Dude! I've had mine for a few months now and I love it!
But I'm also the guy who bought a Cat S61 for the upgrade.
As an old Radiohead, this thing has got all kinds of abilities.
I use the IR for my window shaker!
Great for figuring out what your transmitting at too.
It can't spoof rolling code systems and other high security.
That was purposeful in the design.
The GPIO can control any small device similar to PLC.
I didn't know it did pets!
You were looking at every BT, Cell or other wireless device around.
It will save a list over time for you.
You can physically hunt them with RSSI. Fox and hound style.
I'm sure one of your little parabolics will do the trick.
RSSi is the line at the bottom. You raise it to filter out nosier/weak signals.
You played the noise back to the car!
You need to hack the region settings. If you want play that way.

Highly recommend the unleashed firmware - one day at work this device saved me twice, first as a keyboard and mouse to interface with a headless computer and second when a TV I had to configure had a broken remote and I was able to download codes and even customize a page to quickly interface with it.

ibutton is like a coin cell looking thing that runs Java, I believe. Used in apartment complexes as door keys, sometimes. inside the ibutton is a small computer and when you press the button up against a receptacle there's a challenge/response thing over a 1-wire protocol and if each half gives the right answers to things then (in the case of an apartment complex) unlocks the door. Sun Microsystems even made rings with built-in iButtons. Still commonly used, I believe. Definitely not apple.

Fun fact : using an ESP32 you can transmit at 433 MHz, using the "LED controller" LEDC peripheral.
You need to set the frequency to 33.875 MHz and the resolution to 1 bit using the ledcSetup function.
You can then transmit by toggling the PWM between 0 and 1 using ledcWrite.
Of course it transmits a whole bunch of harmonics at frequencies it's not supposed to, and one of them falls close to 433.92 MHz.
Using a short piece of wire it can transmit up to 10 meters.

Who is more powerful in terms of hacking? I'm well-versed in Raspberry Pi 4 been wanting a Pi for the longest time. First time hearing about Flipper Zero.
You are right. These are good for those of us interested in ethical hacking.

If this guy can hijack a russian satellite's images with an antena made of literally trash i'm worried about what he can do with a flipper

Unleashed / Xtreme / Roguemaster... You wont be disappointed.

You don't need to say quote unquote hacking. Just because you're not doing something illegal or immoral doesn't mean you're not hacking.

It didn't unlock your car because your car is using rolling codes. If your keyfob is near the car, the signal you recorded is burned and invalidated after the first use. You would need to jam at the same time. For a real test, record your fob in a daraday cage or far away from ypur car and then replay it. Chances are, if you fet the recording right, it will work. This attack is known as RollJam and I have a Python script I developed myself to do this on my own car and garage opener.
If you go to apartment complexes or gated communities, their gates usually do not use rolling codes. So, you could sit there and record when someone opens the gate and then have permanent access. You can do that very easily with a FlipperZero. A car requires a little more prep, but mot impossible with a FlipperZero.

Use the dark firmware. It gets updates almost weekly, and opens up a lot.

They ship them nerfed to appease regulators. Better firmware will enable more functionality.
Also: most cars and garage doors use rolling codes these days. It's much harder to crack than just playback.

Thank you for the video, If I had watched this sooner I may not have ordered one but i'm sure I will come up with some project to take advantage of it!

The reason why it didn't work on your car is because of the implementation of security on modern car remotes. When remote locking first started appearing replay attacks where very real and a huge problem, someone would sit in a parking lot wait for you to lock or unlock your vehicle then modify and or replay that message gaining access to your vehicle. These days however there is a small security algorithm running on the fob and on the vehicles computer creating a rolling encryption key that keeps changing every time you use that fob, it has to match with the vehicle computer, otherwise it just ignores it.
Its still possible to "replay" but it requires you to reverse engineer that algorithm, and run it at the same point as it is currently in the vehicle you are attacking.

I would love to see a follow up video about putting custom firmware on that bad boy!

I've used this to test the RFID blocking claims of wallets and be a backup/secondary remote for all kinds of things at home.

The RF "core" of this device is a TI CC1101 multi-mode RF transceiver chip that "understands" several different modulation standards and (I think) protocol/coding standards. It has an RSSI output, and can scan the tuner fairly quickly, so you can use that as a scanning spectrum analyser with a fixed RBW. It's not really an SDR in any meaningful way.

I sense a new era of Save It For Parts on the horizon 🌙

David Beckham's car was stolen i think 4 times using a key fob playback device lol. i love that the flipper is making RF hacking so easy because now manufacturers are being forced to upgrade their security

The custom firmware will do the garage opening and counts on what your car uses if your car uses rolling code then you’ll have to record the remote being outta distance from the car

The way you open boxes with knives, one would think you really don't like your Thumb! , that made me anxious! 😯🤣🤣

Flipper definetly needs custom firmware, there's way too many restrictions (but you know gotta keep it legal by default)
Doing a replay attack on your garage door should have been the easiest thing ever
It's just a CC1101 chip inside for the radio, that's what you'd use on any micro controller based project that needs to transmit and receive below 1ghz
On a side note you can actually do NFC and IR stuff with any rooted android phone that has an ir blaster, so flipper is only good for RFID and SubGHz radio imo

“Received Signal Strength Indicator,” is a measurement of how well your device can hear a signal. In other words, RSSI is a value for determining a good wireless connection.

Nah bro, the Flipper Zero is absolutely worthless - which is why you should send me YOURS 😎

You can use the Ir remote with your camera. Upgrade to one of the non hindered firmware for a bunch more features.

This is a truly beautiful handy device; I haven't seen it described in such detail before; it's a Swiss Army knife.

In the case of trying to capture/emulate signals from specific frequencies you would want to raise the rssi to get rid of unwanted noise the biggest reason people can’t get these to work is because we live in a world of satellites and fm radios in every car you will almost always have some sort of egress, specifically in this video he demonstrated that his flipper was picking up stray signals definitely coming from a Bluetooth device. In all honesty it depends on the device: you won’t see a key fob putting out 8db of signal so it’s kinda hard to judge what levels something should be coming in. Also a great time to learn what frequencies are what so that you don’t go messing around the LTE bands or cause your neighbor to lose his direct tv channels. Clearly you won’t be blowing any telecom nodes with a flipper BUT a hackrf one maybe

I got this primarily as a more convenient Proxmark alternative. Those alone are very expensive, the one I have has become increasingly finicky, and I’m left preferring older versions of the software. The antennas in the Flipper have generally been a lot more consistent than other hardware I’ve used in cases where I’ve wanted to clone a work badge to the 125kHz tag I implanted in my left hand, or some other seemingly simple operation.
I’ve also found some novel applications that I won’t share here c;

Interesting.
This is the entrance to a deep rabbit hole that will have to wait a bit because I have too many pots on the stove.
But, down the road yea, I'd like to experiment a bit which is where all the fun lay.

5:32 you could've save the chip data and then emulate it back and use your halo reader to show if it shows the same thing.

I suspect the whole Flipper branding is an homage to the Cyber-Dolphin in Johnny Mnemonic. (The cartoon even looks similar).

6:25 I have a problem with spurious emissions too 😢
7:38 there’s no point in trying to unlock a modem car as the key changes at random, older cars older than 2008 or 2006 will unlock.
9:04 stock firmware is locked down, Unleashed firmware is the best IMHO

I can tell that this is not a sponsored review because you got the right answer.

I'm looking into buying a used one to save some money, thanks for the video!

I would bet the iButton feature is referring to the little fobs that use the 1-Wire protocol over physical contacts. It just sends a simple ID over the bus. Probably could use the GPIO to read one of them.

You are very kind to go out and buy a microchip reading tool just to help pets get back home. You are now number 4 on my list of good people

it would be good for an IT team for small orgs needing to test physical security.

i button is an authentication protocol that has nothing to do with Apple. It’s a round button style device. I have one for my company vehicle that needs to be authenticated every time you start the vehicle so that it lets the owner know when it’s being driven and also where it’s being driven. Edit… it looks like someone’s already answered this in a post already. Sorry for the redundancy. Enjoy your videos very much.

I use this device as my backup garage door opener as well as my IR remote for my TVs and my Xbox one.

I love the vibe of the flipper, too bad its very restricted

So this would be a gr8 back up for personal back ups if you lock yourself out of a car , house, office. You can save all your personal info.

oh i know exactly what those spurios signals were lol. thats what got me started on this whole path is when i hooked up a receiver and found out we are all getting bathed in these signals. 1 is going to be your power most likely. 2 is going to be some other company meter. If you have any weather stations about that was also one of those range of signals. I can track everyone in my areas water and gas as its all wide open and being broadcast.

Can you tell if the spectrum analyzer feature would be at all useful for detecting/locating EMI problems?

amazon keeps recomending this device to me but i know next to nothing about any of this. thanks for the info in the video

A bad usb is where a hacker can hack a computer or anything with usb, it make it think its a wired mouse or keyboard

great review. thanks!

Get unleashed firmware and some GPIO hats and you will find this tool far more useful. I use my flipper every day, at home, work, on the go, etc.

I agree with the video, but a very important thing about flipper is the custom firmware. Now to install custom firmware you do need some IT knowledge but once you do that the device has much more functions and no restrictions. For example Xtreme or Unleashed are very good choices. EDIT: BTW Flipper is made to be a Swiss army knife of cybersecurity and as someone whos profession is cybersec i can say that it does its job very well.

Thanks for uploading this ! 👍👍👍👍

i jusy purchased mines mainly for work so i can have gate access because it takes forever to get front desk to open the gate knowing they walk away from the computer. plus I'm definitely going to get the jailbreak firmwares to fully unlock what this thing can really do

I think it allowed you to clone the keyfob because you need to have it very close to read it, and it is NFC like device, so it will not work at distance (at least not with very specialized equipment). But garage remote could be picked far away quiet easily, even without extra antenna.

Your car fobs, and garage door openers run rolling codes. If you aren't careful you can brick your car remote.
With custom firmware there's interesting things you can do. The kids like popping open Tesla charging ports on parked Tesla's.
We're also frequent Dave and Buster's visitors. The kids all have NFC armbands to play the games. I have cloned all of their wrist bands and I play games using their credits. An unethical person could also get close to a technician who is working on a machine and clone their NFC tag. While you wouldn't be able to use any won tickets/rewards you could play the pusher games that drop cards where you collect the full set for a nice bonus.

Thank you for this video!

used to have a xiaomi phone with ir... was super fun to mess around (it's fully controllable with java apis)

"I'm gonna set this to freedom units"

All I've gotten to work on this thing is the customer service announcements at Lowe's. I tried the gas station sign changer which didn't work. The garage door opener didn't work (rolling codes) That's all I've tried so far.

I want one myself, I just don't have the funds - maybe in a couple months. Great channel btw

I'm almost 50 and it is one of the coolest toys I own. I can do SOOOOOOO MUCH with it!!!! Think of it as a learning device. If you want to "get into something" you have to learn how it works (ie. codes, frequencies, types of communication, etc.). My flipper can control every IOT/smart device in my home, although I haven't tried my X!-C or my Phecda...yet. I have a new thing where all of these assholes in cars on their Iphones now have an endless amount of bluetooth spam courtesy of the latest IOS exploit. These things with the right GPIO boards have some serious potential for......
This "toy" as you call it, is a a very compact pin-testing tool, pretty much unlike any out there. Between just the Marauder or Evil Portal firmware options with the ESP32 GPIO, you can get wifi passwords, or even logon and passwords for many big name services like google, some airlines, etc., and that is just that. The BadKB/BadBT are both funny and frightening. Some of them can DESTROY your system, steal your info, etc.. Others are great if you like Rick Ashley.

the whole script kiddie thing is back again . that also raised awareness about how insecure everything in the OS world was. with my own research I found that the stuff that everyone is using wireless coms for is incredibly insecure and this exposes it

Looks like it is easy to upload a 3rd party firmware to these. Region lock out due to big brother. 3rd party unlocks a ton more options. You should update us once you have done that upgrade.
I would love one of these and might eventually get one, just for the pentesting value of it. I also hate having like 11 gadgets to have to haul around...

Do you think you could use it as a code scanner for the ecm/ecu on an automobile?

This thing is pretty neat as and idea at least, kinda reminds me of something a punk anarchic netrunner from Cyberpunk would pull out and hack into a secure corpo van full of tech

hey could you test out the iflipper ive been contemplating getting one but idk if it actually works

My remote starter for my car works but car stopped responding recently. Key seems fine. Can this help?

This is what the internet was actually made for. Straight fax and no useless "MAKE SURE TO LIKE AND" that is 20% of the video.

2:45 yes!! So true. Mega corps almost always intentionally make their products worse via updates, which is why I update most things very rarely. My thought is, if I have a perfectly working version, why risk an update.

@15:19 Can i find individual RC frequencies from a toy rc car with this device? Or what do you recommend for this? I have the original remote controller, i just want to find and duplicate the channels so i can program a different controller. Any advice helps

the flipper is a collection of hacking tools it also has gpio, gpio is the pins its basically add-ons such as esp32 wifi devboard

Can you attach a larger antenna or dish to it?

Restricted defaults are good for calming down regulators, open source is good for anything else.

It is a bit scary, but I think it is a good thing. A lot of devices, like door key fobs, garage doors, etc, are super insecure, and poorly implemented. This device will force most manufacturers to finally do some proper handshake and cryptography, do tof ranging, etc, not just fixed signals or ID, which were always easy to spoof or duplicate.

bad usb is something where you can drop malicious payloads onto devices over usb.
the other usb device is usb killer witch is a destructive device by dumping hundreds of volts over the port and fry the device.
can you go to the place where you got your cat chipped and get a sample chip you can mess with?
the 300 to 400 mhz range is the ask/ook bands so it probably is someone with an ihome or even an air click remote for their ipod.
there may be downloadable software that allows you to open your garage door or will enable security things.
besides you can just feed a hanger wire into the top of the garage door and pull the manual release cord and get in that way.
now to think about it the replay attacks may be disabled until you connect some gpio device to the flipper.
there may be some transmitter you have to connect in order to get the signals to work.

I just wanna go to a bar and shut off all the T.v's B-gone. Cheers Bro. Great video. I know what I'm getting my myself for Chrimbus.

12:33
"This one tells you not to do anything illegal with it. Yeah, Okay."

I want one of these now! Not for anything nefarious, mind you, but as a fun little device to mess with my family since I already love to hijack the devices my parents use to stream on when they fall asleep with my smartphone’s remote play feature so I can change whatever’s playing to a CZcams video of an alarm clock or EAS message to see what they do in response.

A lot of electronics over the last 20-30 years have gone to rolling codes to defeat these replay attacks. I have low confidence this can work on cars or garage doors.

Can I scan radio frequencies (2m-70cm [144-148MHz and 420-450MHz respectively]) and their sub tones for UHF-VHF radio programming with this gadget?