Sunday, February 25, 2024
HomeTechnology7 cool and useful things to do with your Flipper Zero

7 cool and useful things to do with your Flipper Zero

Flipper Zero reading an NFC security key

Flipper Zero reading an NFC security key.

Adrian Kingsley-Hughes/ZDNET

I love my Flipper Zero, but what I hate is all the fake stuff that people looking for attention are uploading to TikTok. No, the Flipper Zero can’t change gas station signs, can’t clone credit and debit cards, and can’t (normally, anyway) turn off the displays at your favorite burger joint.

But that doesn’t mean that the Flipper Zero can’t do some very cool, and also very useful things.

Also: Flipper Zero can be used to crash iPhones running iOS 17, but there’s a way to foil the attack

Over the past few months, I’ve been making use of the suite of hardware tools that are built into the Flipper Zero. What’s built into this tiny toy-like tool

There’s a sub-GHz wireless antenna that can capture and transmit wireless codes to operate wireless devices and access control systems, such as garage door remotes, boom barriers, IoT sensors, and even remote keyless systems. 

RFID support allows it to read, store, and emulate a number of different RFID cards.

Also: Do RFID blocking cards actually work? My Flipper Zero revealed the truth

It can also read, write, store, and emulate NFC tags.

On the front, there’s a 1-Wire connector that can read and emulate iButton (aka DS1990A, CYFRAL, Touch Memory, or Dallas key) contact keys.

There’s also a built-in infrared transceiver that can both capture and transmit IR codes to control things like TVs.

Finally, on the top there are GPIO connectors that allow the Flipper Zero to connect to other gadgets in the real world.

Also: How to unlock the Flipper Zero’s true power

That’s a lot of features crammed into a tiny, $169 device.

But every week, I hear from buyers who are frustrated and disappointed because their Flipper Zero won’t do the things that it can seemingly do based on fake social media videos.

Here are some of the things I’ve been doing with my Flipper Zero over the past few weeks.

Flipper Zero reading the apple Pay NFC signal from my Apple Watch Ultra


Flipper Zero

Flipper Zero is a portable multi-tool for pen-testers and geeks in a toy-like shell.

View at Flipper Zero store

Note: I’m running third-party software on my Flipper Zero, which gives me access to a bunch of additional features. But worry not, loading third-party software doesn’t invalidate your warranty and you can go back to the stock software easily at any time using the Flipper Zero app on a desktop, laptop, or mobile device.. 

The sub-GHz wireless antenna can pick up the signals from car key fobs (and can record them, although playing them back to modern cars won’t unlock them because of a feature called “rolling codes” that changes the code with each use).

Also: The best security keys you can buy (and how they work) 

This is a handy way to test if the key is working and the battery is good.

NFC is everywhere nowadays, and the Flipper Zero allows you to work with this wireless protocol. It’s built into plastic cards and fobs, and used for all sorts of things, from unlocking hotel room doors to controlling barriers.

NFC can be read by the Flipper Zero. Many NFC cards can also be copied and cloned (this depends on the security used for the card, and I can’t give you any hard and fast rules as to which NFC devices can be cloned).

Also: The best VPN services (and how to choose the right one for you)

Note that while the Flipper Zero can read NFC cards and fobs, it cannot decode the card’s encrypted security code, also known as CSC, CVV, CVC, CAV, and a bunch of other three-letter abbreviations.

Flipper Zero cannot decode the card's encrypted security code so it cannot clone bank cards

Flipper Zero cannot decode the card’s encrypted security code, so it cannot clone bank cards.

Adrian Kingsley-Hughes/ZDNET

Along with NFC, the Flipper Zero can read and clone RFID, including hotel cards (as in the picture, above).

Also: How RFID tags can make in-person clothes shopping less frustrating

RFID cards and tags can be locked to prevent them from being overwritten, but the Flipper Zero can bypass many of these mechanisms. Here, it is offering to unlock the card if I present it to a valid reader, allowing me to clone the card and unlock the door using both the card and the Flipper Zero. 

I’ve used this to clone access cards and fobs for all sorts of buildings, and many times the staff — and sometimes owners of the buildings — were unaware of the fact that this trick was possible.

Th e Flipper Zero can unlock some RFID cards and tags

The Flipper Zero can unlock some RFID cards and tags.

Adrian Kingsley-Hughes/ZDNET

Yes, the Flipper Zero can bypass the security on some Sentry Safe electronic safes using an output from the GPIO. 

This is definitely not something you want to be doing if it isn’t your safe or you don’t have permission, but it goes to show just how insecure the “complimentary” safes found in hotels, spas, and Airbnbs actually are.

The Flipper Zero has a built-in infrared module, and this in turn can be programmed to operate a wide range of devices, from TVs to AC units. Pretty much any consumer device that has an IR remote control interface can be controlled using the Flipper Zero.

Another cool use of this functionality is to test if infrared remote controls are working. Point the remote control at the Flipper Zero in the “read IR” mode and it will detect the signals.

Testing a dismantled infrared remote control

Testing a dismantled infrared remote control.

Adrian Kingsley-Hughes/ZDNET

Flipper Zero can act as a BadUSB device, which means that when connected to a port it is seen as a Human Interface Device (HID), such as a keyboard. 

Also: The best VPN services for iPhone and iPad (yes, you need to use one)

A BadUSB device can change system settings, open backdoors, retrieve data, initiate reverse shells, or do anything that can be achieved with physical access. These tasks are completed by using a set of commands written in the Rubber Ducky Scripting Language, also known as DuckyScript

Flipper Zero opens a browser and navigates to a webpage with no user input.

Adrian Kingsley-Hughes/ZDNET

The Flipper Zero can use the GPIO to output electrical signals and act as a signal generator. I last used this to simulate an antilock braking system module on a vehicle to confirm that all the wiring and computers in the car were working.

GPIO pinout

Adrian Kingsley-Hughes/ZDNET

Now, I don’t recommend you do this unless your “victims” give you permission, because it can annoy people and is very likely to be illegal in most places, but the ease with which a Flipper Zero can crash an iPhone or carry out a denial of service (DoS) attack on Android devices is scary. 

With a few taps, the Flipper Zero can flood devices within a 30-foot radius with popups, making them near impossible to use. And so far, the only defense against this technique is to turn off Bluetooth.

Views: 0
Amit Ghosh
Amit Ghosh


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments