Flipper Zero

Multi-tool Device for Hackers

UNDER
DEVELOPMENT
Community-driven development
Voting for features
final look and features may change
Kali Linux
full support
Based on
Raspberry Pi Zero
MicroSD Card
With Kali Linux or any other
Linux supported by Raspberry Pi
1.4" monochrome LCD display
126x64 px, ultra-low power
Sunlight readable
Power / Lock button
MicroUSB port
Power and battery charge
Firmware update
Raspberry Pi shell access via UART
Hand strap hole
Raspberry pi ports
5 button directional pad
For menu navigation
What is Flipper Zero
Raspberry Pi Zero W
Based on Raspberry Pi
Flipper Zero is a set of hardware and software extensions built for a tiny ARM computer Raspberry Pi Zero W. The software is made in form of packages for the official Kali Linux ARM, which is loaded from the SD card and contains all the usual opensource tools by default.
Before building Flipper Zero, we checked many boards, such as NanoPi Duo2, Banana Pi M2 Zero, Orange Pi Zero, Omega2, but the Raspberry Pi came up best, it has a large and active community around it and is well tested and documented.
Key benefits of Raspberry Pi:
• Built-in WiFi with monitor mode and injection support (with nexmon patches), works with aircrack-ng, reaver, wifite, etc.
• Built-in Bluetooth 4.0
• Quite good PCB 2.4GHz antenna
• Supported by Kali Linux and many pentesting tools like P4wnP1 A.L.O.A.
• Easy swappable SD card for data exchange and updating
Raspberry Pi is not perfect and has a number of disadvantages, such as high power consumption, no sleep mode, not open hardware, etc. But if you evaluate the general pros and cons, then this is the best option. If you have something to say about this, we suggest discussing this on the forum.
Single board ARM computer
1 GHz CPU, 512 MB RAM, built-in Wi-Fi / Bluetooth
Charging/Power LED
Exit/back button
Flipper Zero is completely autonomous and could be controlled from a 5-position directional pad without additional devices, such as a computer or smartphone. The main scripts and popular attacks are available from the menu. For more control, you can access the web interface via Bluetooth or connect to SSH via USB.
We decided to build in a cool old-school LCD screen, not TFT / IPS / OLED, which is perfectly visible in sunlight and has an ultra-low power 400nA consumption with backlight turned off.
This is the operating range for garage doors remotes, boom barriers, IoT sensors and remote keyless systems. Flipper has a CC1111 chip—same as the popular device Yard Stick One is built on, and an integrated antenna for 387-464 MHz range. It can work with a set of Rfcat libraries, as well as communicate with other Flippers as Tamagotchi in low power mode. Flipper Zero has an integrated decoder for popular remote control algorithms: Keeloq, Came, Doorhan and others. Many remotes and IoT devices such as sensors and radio sockets don't use encryption at all. In this case, Flipper can replay the signal even if the protocol wasn't recognized. New radio system protocols can be added by community developers and downloaded via the firmware update. This is a big topic and if you are fumble in it, please join the Sub-1 GHz thread in forum.
433 MHz transmitter
433 MHz antenna
Sub-1 GHz Range
Bad USB mode
Acting as USB slave device
Raspberry Pi can emulate USB slave and connect to the computer like a regular device, such as keyboard or ethernet adapter. Tools like P4wnP1 A.L.O.A. by MaMe82 provide framework which turns Raspberry Pi Zero into a flexible low-cost platform for pentesting, red teaming and physical engagements. It can act as poisonous DNS, inject keystroke as keyboard and more. Flipper Zero allows to control Bad USB attack scenario and shows its status on screen. It could also display show something harmless on the screen to mimic a dumb Flash drive.
Plug&Play USB Device Emulation
USB Ethernet, HID keyboard/mouse and more
Wi-Fi Pentesting
Two independent Wi-Fi adapters
Built-in Raspberry Pi Zero Wi-Fi/Bluetooth chipset supports only 2.4 GHz range, that's why we decided to include a second wireless module that supports 5 GHz. This means you can perform nasty tricks like announcing AP and injecting packets at the same time. Also, one adapter could be used to connect to Flipper via smartphone while the second is busy. Both adapters support the full stack of Wi-Fi pentesting needs: monitor mode and packet injection. At this moment we can't choose the best chipset, if you know please tell us on the forum topic: Wi-Fi chip with SPI/SDIO interface that supports monitoring and packet injection
NFC Module
High-Frequency cards reader / writer
The NFC module can read/write all ISO-14443 cards, including Mifare, contactless PayPass/PayWave bank cards, Apple Pay/Google Pay and more. It's supported by LibNFC library. There is an NFC antenna at the bottom of Flipper,
so if you need to work with the card, just put Flipper on top of it. At the moment, the issue of card emulation remains open. I would like a full-fledged emulator like Chameleon Mini, but at the same time, I want to be able to work with LibNFC. I don't know any good chip other than NXP PN532, but it can't fully emulate cards. If you know a better option, write about it in the topic Looking for a better NFC chip than PN532
NFC antenna
Hand strap hole
125kHz RFID
Low-frequency proximity cards
Low frequency cards are still widely used in old access control systems. This card is pretty dumb, it keeps only N-byte ID and has no authentication mechanism, allowing it to be read, cloned and emulated by anyone. A 125 kHz antenna is located on the side of the Flipper, it could read the EM-4100 and HID Prox cards, save them to memory and emulate previously saved cards. You can also send the cards' ID for emulation via the Internet or enter it manually. Thus, Flipper owners can exchange card dumps to each other remotely. The card to be emulated could be chosen from the menu. If you are an expert in this topic, please join this thread: Software emulation on MCU or additional 125kHz IC?
EM-4100 cards reader / writer / emulator
iButton multi-tool
We've built 1-wire connector to read iButton (DS1990A) contact keys. This technology is quite old but still widely used around the world. It is also known as TouchMemory or Dallas keys. They work on the 1-Wire protocol and don't have authentication, so they could be easily read. The Flipper can read these keys, save ID into memory, write ID to unprogrammed keys or emulate the key itself so that it could be used as a real key. The main difficulty was to come up with a pad design that could be used both as a reader and as a key simultaneously. The design of the contact pad is still in progress, so if you have any tips, please join this thread iButton contact pad design.
1-Wire keys
Flipper has a metal contact pad on the corner, in the shape of an iButton key. It can read keys and save it in memory, also write it to unprogrammed keys. Central pad of keys is plus contact and outer is ground, so you need to place the key in the correct position.
Reader/Writer (1-Wire master)
The same contact corner could be used to simulate key from memory, just touch the contact pad. This mode could also be handy to silently intercept 1-Wire data line.
Simulator (1-Wire slave)
Bluetooth
Versatile Bluetooth Tools
Bluetooth is built-in in Raspberry Pi Zero. Of course, it can't replace devices like ubertooth one, but it is fully supported by the bluez library. It can be used to control the Flipper from a smartphone or for various Bluetooth attacks like apple-bleee, which allows you to collect sha256 hashes from mobile phone numbers registered in Apple ID, and manage all sorts of IoT devices.
Low Power MCU
Always-on mode
Since Flipper Zero is too cool to be turned off, it can be switched to low power mode when Raspberry Pi is powered off. Low power microcontroller works in tandem with RPi and controls its power, indicates the boot process while RPi is not ready to control the display, and drives Tamagotchi mode. It also can control CC1111 and NFC chip to do low latency stuff, where Raspberry Pi is too slow. In this mode Flipper Zero lasts for 30 days with the backlight turned off.
STM32 Microcontroller
Tamagotchi Mode
Flipper is a cyber-dolphin hacker, he controls all the digital elements. When Raspberry Pi is turned off, it goes into Tamagotchi mode, where you can play and make friends at a frequency of 433 MHz. In this mode, NFC functions are likely to be partially available.
Cyber Dolphin Pet in a pocket
The prototype of the character was dolphin from Johnny Mnemonic movie, who helped to hack Keanu Reeves brains and smashed bad guys with his radiation. Dolphins have a built-in frequency generator in their heads, with which they explore everything around them, as well as an innate need for entertainment and curiosity. We are looking for someone who can design the Flipper character and it personality, games, emotions and all internal dolphins brain. It could interact with the radio environment like pwnagotchi does and play with a human-like the original Japanese Tamagotchi. You can suggest your ideas in a special forum section.
Tech Specs
* final specs are subject to change
Participate
If you are a software or hardware developer please join us. There are many technical challenges, which we are trying to figure out right now.
We want to hear your opinion about features and what you really need in Flipper Zero. So please share your ideas.
We will rise the crowdfunding campaign after prototype is ready. At this moment you can support us directly and buy us some food.
Flip Your Email
Subscribe to get the latest offers, news and product updates.
Don't worry we won't spam you.
Contact author
The best way to discuss Flipper Zero is to use the forum. Contact me directly only for business inquiries.
Pavel Zhovner
Made on
Tilda