Flipper Zero reading an NFC security key
Adrian Kingsley-Hughes/I like my Flipper Zero, but what I hate is all the fake stuff that people looking for attention upload to TikTok. No, the Flipper Zero can't change gas station signs, can't copy credit and debit cards, and can't turn off the displays at your burger joint.
But that doesn't mean that the Flipper Zero can't do some very cool, useful things.
Also: Flipper Zero hacking tool is a big hit
Over the past few months, I've been making use of the suite of hardware tools that are built into the Flipper Zero. What's built into this tiny toy-like tool?
There's a sub-GHz wireless antenna that can again capture and transmit wireless codes to operate wireless devices and access control systems, such as garage door remotes, boom barriers, IoT sensors, and even remote keyless systems.
RFID support allows it to read, store, and emulate a number of different RFID cards.
Also: Do RFID blocking cards actually work? My Flipper Zero revealed the truth
It can also read, write, store, and emulate NFC tags.
On the front, there's a 1-Wire connector that can read and emulate iButton (aka DS1990A, CYFRAL, Touch Memory or Dallas key) contact keys.
There's also a built-in infrared transceiver that can both capture and transmit IR codes to control things like TVs.
Finally, on the top there are GPIO connectors that allow the Flipper Zero to connect to other gadgets in the real world.
Also: How to unlock the Flipper Zero's true power
That's a lot of features crammed into a tiny,$169 device.
But every week I hear from buyers who are frustrated and disappointed because their Flipper Zero won't do the things that it can seemingly do based on those fake social media videos.
Here are some of the things I've been doing with my Flipper Zero over the past few weeks.
Flipper Zero is a portable multi-tool for pen-testers and geeks in a toy-like shell.
View at Flipper Zero storeNote: I'm running third-party software on my Flipper Zero, this gives me access to a bunch of additional features. Loading third-party software doesn't invalidate your warranty and you can go back to the stock software at any time.
The sub-GHz wireless antenna can pick up the signals from car key fobs (and can record them, although playing them back to modern cars won't unlock them because of a feature called "rolling codes" that changes the code with each use).
Also: The best security keys you can buy (and how they work)
This is a handy way to test if the key is working and the battery is good.
NFC is everywhere nowadays, and the Flipper Zero allows you to work with this wireless protocol.
Note that while the Flipper Zero can read NFC cards, it cannot decode the card's encrypted security code, also known as CSC, CVV, CVC, CAV, and a bunch of other three-letter abbreviations.
Flipper Zero cannot decode the card's encrypted security code so it cannot clone bank cards
Adrian Kingsley-Hughes/Along with NFC, the Flipper Zero can work with RFID. Here it is reading a hotel key card.
Also: How RFID tags can make in-person clothes shopping less frustrating
RFID cards and tags can be locked to prevent them from being overwritten, but the Flipper Zero can bypass some of these mechanisms. Here it is offering to unlock the card if I present it to a valid reader.
The Flipper Zero can unlock some RFID cards and tags
Adrian Kingsley-Hughes/Yes, the Flipper Zero can bypass the security on some Sentry Safe electronic safes using an output from the GPIO.
The Flipper Zero has a built-in infrared module, and this in turn can be programmed to operate a wide range of devices, from TVs to AC units.
Another cool use of this infrared functionality is to test if infrared remote controls are working.
Testing a dismantled infrared remote control
Adrian Kingsley-Hughes/Flipper Zero can act as a BadUSB device, which means that when connected to a port it is seen as a Human Interface Device (HID), such as a keyboard.
A BadUSB device can change system settings, open backdoors, retrieve data, initiate reverse shells, or do anything that can be achieved with physical access. This is done using a set of commands written in the Rubber Ducky Scripting Language, also known as DuckyScript.
Flipper Zero opens a browser and navigates to a webpage with no user input
Adrian Kingsley-Hughes/The Flipper Zero can use the GPIO to output electrical signals and act as a signal generator. I last used this to simulate an ABS (antilock braking system) module on a vehicle to confirm that all the wiring and computer in the car were working.
Very useful!
GPIO pinout
Adrian Kingsley-Hughes/