Hacker News new | past | comments | ask | show | jobs | submit login
Quick Start Guide for Flipper Zero (flipperzero.one)
451 points by aphroz 6 days ago | hide | past | favorite | 135 comments





I received mine recently, and I’ve been consistently impressed at both the build quality and overall attention to detail. I know many Kickstarter projects (and hardware startups in general) end up aggressively compromising on features and construction to meet deadlines and cut down on BOM costs, so I was very pleased to see no evidence of that with the Flipper Zero. It’s one of those products where you can immediately tell that a very passionate team invested a ton of time and took special care with the engineering and design process.

> [...] aggressively compromising on features and construction to meet deadlines and cut down on BOM costs, so I was very pleased to see no evidence of that

Tbh the team made the right decision to push the deadlines in order to deliver the quality they would be satisfied with. And I wholeheartedly support them in doing so.

I am totally ok with the device being delivered to me almost a year after the initially promised deadline, as long as that extra time went into getting the quality up to the level. So props to the team, I am happy that they actually took that time to polish up to the current level, instead of trying to meet an arbitrary deadline.

Their development blog played a heavy role in convincing me that they were not just stalling (which, sadly, has been my previous experience with quite a few promising hardware Kickstarted projects). Every single post has so much attention to even the most minuscule details that 90% wouldn't care for, it definitely reassured me that they were trying to be as transparent as possible about the whole process and their decision-making. I cannot say enough good things about writing quality of their dev blog posts. It was incredible and easy to digest, even for someone who hasn't worked much with such close-to-hardware level.


I wanted to know what a Fipper was. I went to the website's hope page. It never told me what a flipper is. I walk away not knowing what a Flipper is. What a waste of my time. Their website home page is a failure.

This page? [0] Seems pretty extensive. IF you just clicked on the upper left Flipper image you're still in the blog page which isn't going to be the full sales pitch. The main page has their initial sales blurb:

> "Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like."

[0] https://flipperzero.one/


That's the point - the statement you quoted is very uninformative, and a strong example of bad, unclear communication. It literally does not say anything about what it is what it does, what capabilities it offers.

That statement is essentially "It's a multitool for this target audience of users. It's really good for everything they want to do." - without giving any information about what that "everything" is. It does not provide an example use case - "hacking digital stuff such as radio protocols, access control systems, hardware" is not an use case but just an application domain, but an example use case would be some hint of how this tool would be actually applied to help someone do a security analysis of some radio protocol for an access control system.

Why not say something roughly like

"Flipper Zero is a portable multi-tool that includes transceivers for arbitrary interactions with most popular wireless systems - RFID, NFC, BluetoothLE, infrared and sub-1 Ghz wireless devices. It allows you to run custom exploit or analysis code for these protocols interactively from a convenient small hardware device." ?

That would actually tell a potential radio hardware hacker about its capabilities and limitations; e.g. the original description could just as well be said about the hackRF SDR system, which is substantially different piece of hardware but aimed at a similar audience.


Luckily the main page continues on past that if you scroll down and tells you about the modules included and things that use the frequencies those modules speak.

That first page should provide enough information 'above the fold' to decide if it's worth scrolling down. Currently it does not.

If you're not curious enough to read past a few lines of content, you're not really the target to be honest.

Pentesting (or hacking in any sense of the term) often involves spending a lot of time researching and learning about things, typically heading onto paths where you don't know where you will end up.


Above the fold explanation sounds pretty much BS. I doubt that BS is a good filter for any audience.

What?

Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.

Third line on the page.


If you know what it is already, maybe that helps. But I still only have a vague idea after reading that.

It is hard to make an introductory explanation to someone with close to zero context of what you are talking about when you yourself know it very well.


I had also never heard of this device before and found that statement less than helpful. You don't learn what the device is until way down the page.

Agrred. I have no idea what the device is about until I do a quick Google search and visit their main page. The product looks promising but the explaination for what it is is poor.

Blog entries are rarely good starting points for people new to the topic. Their main page gives a much better introduction: https://flipperzero.one/

I had to go to kickstarter's project page to understand what it is

Thank you so much. Shared your comment to the team.

Been loving mine. Cloned my work and local makerspace ID cards, can control all my IR devices and even read the rfid chip I got in my hand.

Here is a collection of some of the bigger projects being built for it. https://github.com/djsime1/awesome-flipperzero


This post was the first thing I found that explained what it does. I literally thought this was some kind of open source Tamagotchi.

Here's a description: https://flipperzero.one/ - it's a multitool for various wireless, IR and RFID (including 125 kHz) protocols, has GPIOs and contacts for certain electronic keys. And apparently also a tamagotchi.


What kind of implant you do have? I can't get mine to read the LF side of my NExT. I think it's the type being emulated but I don't have a different ID to test.

its a read-only 12x2mm glass EM-4102. Ive had it for about 12 years now.

Thanks for your repo. We will plan to add it to documents in community section.

Well, those projects they showed really make me want to buy one even though I have no real use case for it. Seems like it'd be fun for hack projects or pen testing RF devices. In a more meta sense, I really like this new trend of gadgets with a personality, so to speak - makes me think of that game console the "playdate".

Same. Play with my complex garage door ... well mhmmm, no idea what to do after that but I want one ^^

That use case was what got me to pre-order one over a year ago (currently in-transit, any day now!).

Replace my bulky, awful complex-provided fob with a dolphin with attitude? Yes please.


I've never wanted something so badly that I didn't even know existed until 5 minutes ago.

It's pretty nifty, I got mine a few weeks ago. I'm not sure it was worth waiting 2 years, but their team has been very transparent about their hardships and I've learned about manufacturing at scale from their updates. I do wish they let their devs spend more time on the tamagotchi side to liven it up some(although the whole software interface could use some more work too - they're still pre-v1 firmware)

Exactly what I felt. I got to learn about Flipper Zero a couple days ago and since then I see it online everywhere.

I always wanted to "jailbreak" the NFC cards and key fobs I get from work and apartments. This minimal device seems fun and functional.

Probably thats why if you search on eBay there are a lot of scalpers.


I've never wanted something so badly I've ordered about 6 months back!

Resist the urge. Your smartphone is far more powerful.

In what sense? My phone doesn't have a programmable radio I have access to, can't do RFID and doesn't have GFIO pins for accessories. Its NFC is unreliable - I've programmed tags with it and it's miserable. It has no IR transmitter or receiver, no MicroSD slot. In fact my cell phone does almost nothing the Flipper Zero does except Bluetooth.

> Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.

From the sounds of it it's fulfilling a very different niche. I'd like you see a smartphone that exposes gpio pins.


That's not everything. Dedicated hardware is fun to play with, and my phone doesn't have GPIO pins.

Just buy e.g. a USB-C -> GPIO extension for your phone.

Or a Bluetooth one for greater versatility, ideally in a nice case for portability. Bonus points if it nicely packages a screen, few buttons, and some of the most comon radio chips I often want to interface too.

You mean like one of these [0]? It has GPIO pins, Bluetooth LE, a nice case, a screen, a few buttons, a bunch of common radio chips, and apparently a virtual dolphin for some reason.

[0] https://flipperzero.one/


It's a very cool device. You can do everything they show off with other tools, somethings like cloning cards can be done with cheap $30 cloners from China. However there are few tools that allow you to do ALL the different sub-ghz for relatively cheap, and in a very user friendly package. Closest I know of is HackRF Portapack... and that's well into $500 - but also for different target tooling.

I’ve heard good things about the Portapack, have you had a chance to play with one?

Is there ANY way to detect the presence of one of these devices, OR the use of a device when a tag ID is scanned?

The reason that I ask, is that I was on the design team for lockheed when we were selling RFID tags for shipping containers at a shitload per pop... (123 and 433 mhz)

and I brought up we had zero auth on any of our systems... and was just told to not speak about it.


Are these devices even technically legal to operate in the USA? I thought 433mhz was reserved for exactly what you say - tags for shipping containers. If you use a LoRa devices in the USA I think you are supposed to be >~850mhz.

The stock firmware has region-locked frequencies, so you can't transmit on frequencies illegal for your region. There is custom firmware that removes that limitation however.

If you have a ham license, 433MHz is solidly inside the permitted 70cm band: http://www.arrl.org/files/file/Regulatory/Band%20Chart/Band%...

In the US, at least the 433 and 915 MHz, and of course 2.4 GHz, bands are unlicensed and widely used by all sorts of commercial, industrial, and DIY electronics. All my wireless temperature sensors in my house are on the 433 MHz band, my natural gas meter speaks (ERT) on 915...

You're not doing very well on the not talking about it...

The first rule o military freight club...

Hilarity is bound to ensue.

Poked around the start guide and the site but couldn't find much about what the Flipper Zero does.

The home page (https://flipperzero.one/) has a rather prominent "What is Flipper Zero" section

Much better thanks. I see now what my mistake was: clicking the logo in top left of TFA takes you to blog.flipperzero.one when I was expecting it to be what you've linked.

Two decades of blogging and still every company blog links to the blog index, not the brand homepage.

THIS! Oh, so much this! I never get it why they do this... I don't know how many times I clicked the logo expecting to get to the product's homepage, but, instead, I get to the blog's index. It escapes my mind, why nobody seems to think about this.

Seriously, I thought I was crazy for not being able to figure out what this device actually does, despite scrolling through the whole site.

I still thought it would be an mp3 player after reading about the battery modes and the sd card installation and the file system menu...then I gave up.


Did you go to their main page instead of just their blog? https://flipperzero.one/

From what I gather, it does whatever you want it to do with a whole lot of interfaces. From the homepage I gather it has Bluetooth, GPIO, Antenna, iButton, RFID, NFC, infrared

> What does it do?

> It does whatever you want it to do

An answer worthy of Zombo COM


Ha ha. The only limit is yourself. Welcome to Zombocom.

It's an extremely marketing driven device and trivial to clone. Look it as a PC kind of - off the shelf components connected together with a proprietary case and a marketing department.

And similar to the early days of home computers, there's plenty of kits you can buy to build your own.


By that definition, every embedded device is extremely marketing driven and trivial to clone.

With devices like these, you're buying time. People doing reverse engineering for a living or as a serious hobby do not want to fuck around making their own. Robust hardware design/validation and supply chain handling are NOT trivial except for the most simple designs. The firmware is NOT trivial to recreate. The target market has already bought products that do most of the shit this device does, and now they can have a lot of it in one place instead of scattered across multiple devices.


I was comparing it to a Heathkit versus a pre-built PC, suggesting that there's a nascent industry of a lower barrier to entry for the sbc/Arduino hobbyist market forming in the same way that the microcomputer world of 1977 was a way way different than 1974 - you could just buy a thing and plug it in - no assembly code or assembling parts required.

It's an interesting marketing play. I wasn't suggesting people go out and make it themselves instead. Do it if you want. Buy the thing if you want. Whatever


Would probably be cheap to clone it for yourself, but not at scale:

> TI CC1101, the chip powering the Sub-Ghz feature, is in extreme shortage. To date, the supplier has shipped just a fraction of our initial order. The same situation is with our LED driver — TI LP5562. To overcome this we have to purchase these components on the spot-buy market at a much, much higher price (3-5x for CC1101 and 20-30x for LP5562)


>It's an extremely marketing driven device and trivial to clone. Look it as a PC kind of - off the shelf components connected together with a proprietary case and a marketing department.

Same could have been said for the original iPod. Design matters.


Can these clone passive RFID dongles? My building uses them and they charge $60 for a copy. Not needing to buy a copy from my building would almost cover the cost of this device.

You can clone most RFID keys at the key-copying kiosks inside supermarkets. I turned my most-used key into a sticker that I put inside my phone case for $10.

It's pretty nice: one less thing to carry around.


I got written up for cloning my work badge. Nothing in the policy. I protected it as if it were my real work badge. If your shit can be cloned by $10 worth of eBay bs, why is that my problem?

Some. A well designed key card will be uncloneable.

Most are not well designed.


Yes, I've cloned a few RFID dongles with mine already. Work, a parking garage entrance, that sort of thing.

There are cheap RFID cloning devices on AliExpress for $10-$30 depending on what kind of card you have.

Definitely. I managed to clone my RFID enabled cards with mine.

It seems that every day we are getting closer and closer to a 'tricorder'. I used to laugh at fictional devices that could detect/emit any frequency and communicate with anything. Not laughing now.

Pair something like this with a smartphone(specially those with ML cores) and things could get... interesting.


> It seems that every day we are getting closer and closer to a 'tricorder'.

Only, if we go full Cyborg / Trans-Human ;-)


I ordered two, and thy work great. However, note that they are not water resistant.

I took one out with a simple spill, and I now cover the ports on the working one with electrical tape. I use a usbc dust plug for the charging port.


Did you disassemble the fouled unit? What was the point of failure?

I admit to mostly having bought mine to have an Amiibo emulator with a screen and a menu that I can pick things from, and it performs this function admirably. I tried to use it to clone a hotel room key but its emulation was unsuccessful at unlocking the door. There is a LOT of functionality available in the hardware that isn't yet fully exploited by the firmware, and development is proceeding at a rapid clip, so I expect the device to only get more interesting as time goes on.

What a totally fascinating little device. Feels like this should be part of any embedded engineers toolbox.

One thing I'd love to do with this, but which I don't think is possible - clone my car key. My family has two cars and I just wish I could have one device that is able to unlock & start both of them so that I don't have to carry two bulky dongles on my keychain.

The Flipper can unlock some cars, and the hardware has support for rolling codes, but as I understand it, the standard firmware deliberately does not enable this functionality to discourage abuse. Several people on the Discord have managed to unlock their cars once or twice, and inadvertently desync their cars from all of their key fobs in the process, leaving them with no devices that can unlock their car.

They do have a video on their site showing the Flipper opening the charge port on several Tesla vehicles. That's actually kinda scary.

I think that's for a good reason. I suppose the implement a hardware public-private encryption and they transmit random data everytine you press a button

Bought Flipper Zero for the entire security team for R&D. Good investment and also fun!

Not something I'd ever buy that I'm glad it exists. It's just so charming.

They even went the extra mile to use Qt for the client instead of Electron.


My next app will be C++/Qt compiled to Javascript with Emscripten and then run inside Electron.

(Incidentally, someone made a Dear Imgui demo this way: https://jnmaloney.github.io/WebGui/imgui.html, minus involving Electron, of course.)


That's like... the worst of both worlds? You get a worse dev experience compared to regular js and your users get a memory hog that makes their machines go whirrrr instead of a snappy, lightweight Qt program.

It takes a MICRO SD card! The documentation just says "SD Card" - don't buy the wrong one like I did lol

At this point I feel like that can just be safely assumed, since ~every Micro-SD card comes with a fullsize adapter, and Mini-SD no longer exists.

The only fullsize cards I even still bother buying are UHS-II ones for my cameras.


Hah, sorry.

Who made your website. love it. Please let me know.. I want to hire the person/company.

Looks like the Ghost blogging engine with the Casper theme. More than just the theme, the images and graphics are great too.

Agree.the seamless integration of video and 3d model background with website background is amazing. Which theme inside ghost do you think it is (if you know)..thanks for the reply

Our Ghost theme is open source https://github.com/flipperdevices/Casper-flipper-blog-theme

>integration of video

This is built-in feature of Ghost now.


No kidding ! thanks !

I found this interesting - https://hackaday.io/project/170875/logs I hadn't realised that they initially prototyped with the pi zero.

It looks like the CC1101 supports quite a few modulation schemes, kind of curious though if you could build an SDR with a similar form factor to target things like lora too


I recently made a little IoT thingy off a rasppi- just a weeny air quality sensor stack, but the ease of prototyping compared to more traditional hardware that I'm used to was incredible.

Is there any hope that it will be available anytime soon?

Soon we will open the wave3 sale on shop.flipperzero.one. Please leave your email on a waitlist and you will be notified.

They've still got a bunch of kickstarter backers waiting, and also a bunch of post-kickstarter pre-orders... I'd be amazed if they could fill their current orders by the end of the year (they've been doing a good job, considering shortages).

They've shipped 23k devices but their Kickstarter sold 38k, so it may be a while.

this is the number 1 question asked in the discord, and they dont have an answer yet.

Oh wow, apparently they go for $500 on ebay!

Wow. I like my Flipper Zero a lot, but that's a crazy (and a little tempting) markup

You can make a very limited clone using the st25r3916 mikrobus click board and a sparkfun rp2040 carrier

Not the same but actually available to buy. Same NFC chip, no ui, no sub ghz sdr chip.


Very cool. Good luck with it.

I'll get one, but I'll wait for the dust to settle. My "early adopter" days are few, and carefully managed.


You’re saying you’re trying something even cooler? Do share. :)

Nope. I just don't have an excuse to get one of these for business reasons, and my dance card is pretty full. This looks like a toy that I'd spend a lot of time playing with (I'd probably be interested in writing an iOS/Watch app for it, but, like I said, my dance card, full, it is...).

It's all fun and games until you shot your eye out.

I'm beginning to think all of our rf cards are insecure.


Have had one for about a month to fool around with. Very well designed product (both hardware and software-wise) that lives up to the hype. Haven't really had time to do more than scratch the surface of what it's capable of so far.

I've looked through the blog posts, and I don't see which contract manufacturers they are using. Anyone know who they use for the plastic molds?

It would be nice to know the pros and cons of the CMs people are using.


What’s a flipper zero?


I've always wanted one of these kicking around. Just yesterday I realized I need to update my cats RFID tag and I could use a copy of a apartment key.

People are flipping these things on ebay for $400+. lol

I think I'll wait for the second batch, but dang it, I want one.


I do not recommend you to buy overprice lots on eBay. We will open sale for wave 3 very soon. Leave your email on wait list here https://shop.flipperzero.one and you will be notified.

I was a backer and have received mine, thanks for all of the hard work! I am curios, now that you have the tooling and partnerships established, what is the turn around on a new wave of flippers?

Such is the case for lots of handheld toy-like bespoke electronic devices recently. See also Play Date, Steam Deck, Analog Pocket.

First time I hear about this, and it looks really interesting. Subscribed to the waiting list!

I understand you can clone rfid security tags and nfc payment cards with this? Is it legal?

RFID - why not? NFC payment cards can’t be cloned, they use crypto.

a security rfid tag is about as secure as a security QR code.

Oh neat I'll check it.... LOL $170 F that.

I still can't figure out WTF it It. Lotta hipster hype and brogrammer-speak.

Okay it's a little pwnigotchi or whatever that thing was called, except expensive. You can get little SDR kits that can do 90% of what this thing does for $50.

Looks polished, but way overpriced.


Out of stock :-( anyone know when they are suspected to be replenished?

The documentation and art for this project are unreal.

the team from flipper zero have put in a real effort into the docs.

P.S. docs are built with www.archbee.io


I’d have thought that using the name Flipper along with the image of a dolphin would be legally protected by the owners of the TV series

congrats Flipper Zero team!

Related:

Shipping Started - https://news.ycombinator.com/item?id=30024255 - Jan 2022 (3 comments)

Diving into RFID Protocols with Flipper Zero - https://news.ycombinator.com/item?id=28618679 - Sept 2021 (1 comment)

Flipper Zero Firmware Is Now Open Source - https://news.ycombinator.com/item?id=28461299 - Sept 2021 (6 comments)

Taking over TVs with Flipper Zero Infrared Port - https://news.ycombinator.com/item?id=28013900 - July 2021 (1 comment)

Flipper Zero: How it’s made and tested - https://news.ycombinator.com/item?id=27704883 - July 2021 (31 comments)

Flipper’s Electronics: How It's Made and Tested - https://news.ycombinator.com/item?id=27689787 - June 2021 (3 comments)

Taming iButton Keys with Flipper Zero - https://news.ycombinator.com/item?id=27531914 - June 2021 (1 comment)

Flipper Zero: Bringing Cases to Perfection - https://news.ycombinator.com/item?id=27479684 - June 2021 (6 comments)

Case manufacturing behind the scenes - https://news.ycombinator.com/item?id=27155584 - May 2021 (1 comment)

Flipper Zero: Tamagochi for Hackers - https://news.ycombinator.com/item?id=26405919 - March 2021 (48 comments)

Flipper Zero Manufacturing and Shipping Plan - https://news.ycombinator.com/item?id=25870255 - Jan 2021 (14 comments)

Flipper Zero (Repository will be open in public soon) - https://news.ycombinator.com/item?id=24090716 - Aug 2020 (1 comment)

Flipper Zero – Tamagochi for Hackers - https://news.ycombinator.com/item?id=23996733 - July 2020 (53 comments)

Show HN: Flipper Zero – Tamagotchi for Hackers - https://news.ycombinator.com/item?id=22941733 - April 2020 (10 comments)

Tamagotchi for Hackers - https://news.ycombinator.com/item?id=22859083 - April 2020 (1 comment)

Flipper Zero: Under Development Multi-Tool Device for Pen-Testers - https://news.ycombinator.com/item?id=21842830 - Dec 2019 (1 comment)


This seems gamechanging

It's definitely convenient, but I'm not sure I would call it game changing. Unlike Dropbox, where the sum of the parts was the difference between a power user being able to do something, and your average user being able to do that same thing, this is targeted at an audience that already has the mess of existing tools and is working fine with them.

It's better than what's already there and they'll sell a lot of them, but I wouldn't go so far as to say that it has made the impossible possible.


Neat device

I know this is nitpicky but the logo on your blog should be linked to your home page, not back to the blog.

The purpose of the blog is to promote your company/product.

When I visit your blog, I am now curious about what your product/service is. I expect to be able to click on the logo and find out about your company/product/service.

Linking the logo back to the blog itself is a missed opportunity to increase sales/marketing.

I'm curious about your product, but at first my curiosity is very low - I am willing to spend enough effort to click on the logo, but I am probably not curious enough to then go hunting to find your home page after the link sends me back to the blog.

A potential customer being willing to click one link on your site has significant value - don't squander it.


Not nitpicky at all. Might be worth tens of thousands of dollars. Might be worth 10x that.

I don't know how many times I've had the exact same experience and thought the same thing.


Okay, let's talk about the Russian connection. I don't actually know that much, so I'm hoping someone here can shine some light. Back when this thing came up for crowdfunding, it felt like a good time to get a toy that was engineered in Russia, made in China, sold everywhere. Now it feels like less of a good idea.

I'm not well equipped to sandbox the PC app and watch its behavior or whatever (and I have no reason to suspect the dev is personally a bad guy), but even something as simple as the shipping list of everyone who bought this, is basically a who's-who of security researchers the world over. Since we've already seen attacks that tried to compromise security researchers, I figure this isn't hypothetical anymore. It was North Korea last time:

https://blog.google/threat-analysis-group/new-campaign-targe...

Thoughts?


The dolphin reminds me of the one from that movie with Keanu where they are constantly doing a bunch of cheesy mind hacking!

I guarantee that's by design, also the references to hackers "hack the planet" on the device etc. It's a love letter portable device that's very reminiscent of the various badges that have been at Defcon and other hacking conferences over the past few years. This brings a whole new level of polish and finish. They did an awesome job.

Sadly though, I kick start a lot of stuff that doesn't end up being 50% of what's promised if delivered at all. I still kick start fun projects like this though as a gamble on seeing someones ideas take place. I think the big problem for most of them is the designer suddenly has "all this cash" and has no clue how to manage or spend appropriately, ends up allocating to things they don't need or straight up siphoning off for lifestyle changes (SEE DUNE CASE) and then stuff is never delivered.

Either way HACK THE PLANET! I hope to see all these dolphins at Defcon!


Johnny Mnemonic from the Burning Chrome short story collection by Gibson. A staple of the cyberpunk bookshelf from the late 80s, and yes a very cheesy Keanu film...

Thats it ! Great film. And strangely became even more relevant recently.

> The prototype of our character is the cyborg dolphin Jones from the story "Johnny Mnemonic" by William Gibson.

https://blog.flipperzero.one/story-contest/


It's not as good as you remember if you watch it now :'(



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: