Flipper Zero - Multi-tool Device for Geeks
Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.
What is Flipper Zero
Your cyber buddy
Flipper Zero is a tiny piece of hardware with a curious personality of a cyber-dolphin who really loves to hack. It can interact with digital systems in real life and grow while you are hacking. Flip any kind of access control system, RFID, radio protocol and perform hardware hacks using GPIO pins.
The idea of Flipper Zero is to combine all the phreaking hardware tools you'd need for hacking on the go. Flipper was inspired by pwnagotchi project, but unlike other DIY boards for hackers, Flipper is designed with the convenience of everyday usage in mind — it has a robust case, handy buttons and shape, so there are no dirty PCBs or scratchy pins. Flipper turns hacking into a game, reminding you that hacking should always be fun.
Flipper Zero is completely autonomous and can be controlled from a 5-Position directional pad without additional devices, such as computers or smartphones. Common scripts and attacks are available from the menu.
For more control, you can connect to Flipper via USB. Instead of a TFT/IPS/OLED, we decided to build in a cool old-school LCD screen, which is perfectly visible in sunlight and has an ultra-low power consumption of 400nA with the backlight turned off.
433/868 MHz Transceiver
Sub-1 GHz Range
This is the operating range for a wide class of wireless devices and access control systems, such as garage door remotes, boom barriers, IoT sensors and remote keyless systems.
Flipper has an integrated 433MHz antenna, and a CC1101 chip, which makes it a powerful transceiver capable of up to 100 meters range.
Devices Flipper can control include:
- Smart sockets & bulbs
- IoT sensors & doorbells
- Garage doors & barriers
Customizable radio platform
CC1101 is a universal transceiver designed for very low-power wireless applications. It supports various types of digital modulations such as 2-FSK, 4-FSK, GFSK and MSK, as well as OOK and flexible ASK shaping. You can perform any digital communication in your applications such as connecting to IoT devices and access control systems.
Flipper Zero has an integrated decoder for popular remote control algorithms: Keeloq, Came, Doorhan and others, so you can analyze an unknown radio system to figure out the underlying protocol.
It can record and store the samples of radio data to analyze later on a computer, as well as replay saved samples. Many devices, such as remotes, doorbells, sensors and radio sockets, don't use any encryption at all — in this case, Flipper can replay the signal, even if the protocol wasn't recognized.
Oh, and one more thing — Flipper uses 433 MHz to communicate with other Flippers out there, so you can make some cyber-dolphin friends :)
Low-frequency proximity cards
This type of card is widely used in old access control systems around the world. It's pretty dumb, stores only an N-byte ID and has no authentication mechanism, allowing it to be read, cloned and emulated by anyone. A 125 kHz antenna is located on the bottom of Flipper — it can read EM-4100 and HID Prox cards, save them to memory to emulate later.
You can also emulate cards by entering their IDs manually.
Moreover, Flipper owners can exchange card dumps remotely.
High-frequency proximity cards
Flipper Zero has a built-in NFC module (13.56 MHz). Along with the 125kHz module, it turns Flipper into an ultimate RFID device operating in both Low Frequency (LF) and High Frequency (HF) ranges.
The NFC module supports all the major standards, such as NXP Mifare.
It works pretty much the same as the 125 kHz module, allowing you to interact with NFC-enabled devices, read, write and emulate HF tags and even clone cards using special Mifare 1K cards with a writable UID.
Connect to apps
Flipper Zero has a built-in Bluetooth Low Energy module. As with other Flipper wireless features, we will be providing an open source library for adding Flipper support to community-made apps.
Full BLE support allows Flipper Zero to act as both a host and a peripheral device, allowing you to connect your Flipper to 3rd-party devices and a smartphone simultaneously.
Our mobile developers are designing official iOS and Android apps to let you unleash Flipper's potential with a larger screen and greater control.
The infrared transmitter can transmit signals to control electronics such as TVs, air conditioners, stereo systems and more.
Flipper has a built-in library of common TV vendor command sequences for power and volume control. This library is constantly updated by Flipper community users uploading new signals to Flipper’s IR Remote database.
Infrared learning feature
Flipper Zero also has an IR receiver that can receive signals and save then to the library, so you can store any of your existing remotes to transmit commands later, and upload to the public IR Remote database to share with other Flipper users.
Arduino IDE Compatible
Flipper Zero can be extended functionality by your own code written with a familiar Arduino IDE or PlatformIO software. Uploading sketches to Flipper is as easy no more complicated than with a regular Arduino board.
Your code can use all built-in Flipper hardware: the built-in display to print text and draw images, the buttons to navigate, the Radio module for Sub-1Ghz communication, the RFID module for proximity cards, the IR module for infrared communication and GPIO pins for extending the functionality with custom or DIY modules.
By the way, don't worry about filling up the onboard memory — Flipper has four times more flash storage than an Arduino Mega.
Extend with your own plugins
Flipper Zero can run your code as a plugin, storing multiple programs alongside its own firmware, unlike basic Arduino boards. Thus, any code can be run from the plugins menu without uploading it every time you need it. And don't be afraid to break something if your code freezes or crashes — the base firmware is always there.
External storage for apps and data
There is lots of heavy data Flipper has to store: remotes codes, signal databases, dictionaries, image assets, logs and more. All this data can be stored on an SD card, as well as user plugins.
The SD slot will have a push-push type connector, so the card will be reliably secured inside and won't stick out.
Flipper Zero will support any FAT32 formatted microSD card to store your assets so you’ll never have to worry the memory will run out. The card is not required for Flipper Zero to operate and is not included.
Tool for Hardware Exploration
Flipper Zero is as a versatile tool for hardware hacking, firmware flashing, debugging and fuzzing. It can be connected to any piece of hardware using GPIO to control it with buttons, run your own code and print debug messages to the LCD display. It can also be used as a regular USB to UART/SPI/I2C/etc adapter.
Built-in 5V and 3.3V power pins. Control from built-in buttons and display, no PC required.
SPI/UART/I2C to USB converter
Communicate with any hardware from your desktop application.
Firmware flashing tool
Flash any kind of SPI memory, such as EEPROM.
Test any protocols and signals.
Bad USB Mode
Acting as a USB slave device
Flipper Zero can emulate USB slave devices and connect to a computer like a regular input device, such as an HID keyboard or an Ethernet adapter, just like USB Ducky. You can write your own payload for the keyboard to type any key sequence, and run USB fuzzing attacks on a target device.
1-Wire keys (Touch Memory)
Flipper Zero has a built-in 1-Wire connector to read iButton (aka DS1990A, Touch Memory or Dallas key) contact keys. This old technology is still widely used around the world. It uses the 1-Wire protocol that doesn't have any authentication. Flipper can easily read these keys, store IDs to the memory, write IDs to blank keys and emulate the key itself.
Flipper Zero has a unique contact pad design on the corner — its shape works as a reader and a probe to connect to iButton sockets at the same time. This mode is also handy for silently intercepting the 1-Wire data line.
MCU (Microcontroller unit)
ARM Cortex-M4 32-bit 64 MHz (application processor)
ARM Cortex-M0+ 32 MHz (network processor)
Flash: 1024 KB
SRAM: 256 KB
Resolution: 128x64 px
Diagonal Size: 1.4“
LiPo 2000 mA
7 days approximately
Sub-1 GHz module
Chip: TI CC1101
TX Power: 12 dBm max
● 300-348 MHz
● 387-464 MHz
● 779-928 MHz
Frequency: 13.56 MHz
● NXP Mifare® Classic/Ultralight/DESFire/etc
● NFC Forum protocols
RFID 125 kHz
Frequency: 125 kHz
Modulation: AM, PSK, FSK
● EM400x, EM410x, EM420x
● HIDProx, Indala
3.3 CMOS Level
Input 5V tolerant
Up to 20 mA per digital pin
Bluetooth LE 5.0
RX Sensitivity: -96 dBm
Data rate: 2 Mbps
Up to 64GB MicroSDHC
Read/Write speed: up to 5 Mbit/s
Frequency: 100-2500 Hz
Sound Output: 87 dB
Force value: 30 N
Speed: 13500 rpm
TX/RX range: 800-950 nm
TX power: 300 mW
Operate modes: Reader/Writer/Emulator
● Dallas DS1990A
Reboot — Back+Left buttons for 2 seconds
1x USB 2.0 port, type C
Size: 100 x 40 x 25 mm
Weight: 102 grams
Operating temperature: 0 ~ 50 °C