Get the top HN stories in your inbox every day.
psanford
hexmiles
Just received mine (today).
What is also amazing is the community, there are already custom firmware, extension and guides
You can find a list here: https://github.com/djsime1/awesome-flipperzero
_joel
Nice, that's me sorted for tonight, cheers mate
qorrect
Came back here to find this list ,thanks again.
ajsnigrutin
PSA: the main benefit of this s the ease of use, due to a lcd display, buttons and software support.
If you're familiar with arduino/esp* programming, you can get the components (eg. esp32, cc1101, nfc reader, and infrared transciever) for a lot cheaper on aliexpress or your local reseller, and all of those things are in stock.
(or in other words, if you're one of those people who buy stuff like this, play with it for 2 minutes and then put it in a drawer, and now you're in the middle of thinking about how you could open your neighbours garage to mess with them... well, you can do it chaper)
Aspos
Certainly you can spend time reading datashets, ordering components on aliexpress, soldering them together, going back to square 1 every time you burn something, etc. Alternatively, you can pay a tad more and get everything in a single device with a nice interface.
This device lowers the entry barrier into hardware for software people.
vineyardmike
AND you can support small enterprises of people who did take the time to make something work well for you to hack around with.
We need MORE flipper zero type projects!
soperj
the only way you get more flipper zero type projects is if some subset of people actually do the ordering from Ali Express...
gonehome
Reminds me of this HN classic: https://news.ycombinator.com/item?id=9224
memsom
Okay - that was an awesome link ;-) Well, I wonder how BrandonM feels about the whole "files synced online" thing now?
capableweb
> Other users have provided the link, but my heart sinks a little every time I see this brought up, especially when the commenter is singled out by name. People forget that this is a real person. He also happens to be a first-class HN contributor, and has been for many years.
> I realize it's internet fun to point neon arrows at people seeming outrageously wrong in the past, but the truth is that people aren't reading that comment accurately and there's a huge dose of hindsight fallacy here.
The full comment by dang has more context: https://news.ycombinator.com/item?id=27067281
babypuncher
"Usability" of software/hardware is often the biggest barrier for people looking to learn these kinds of skills. I applaud their effort, I would love to see more development and hacking tools take this approach.
ValdikSS
+ If it wasn't OllyDBG, I would never have understood how a computer works.
konart
You can build most of the things you own yourself. It's just that sometimes it's a) not worth your time, you'd rather skip the initial step and start building around the ready tool b) this thing actually looks and feels much better than you garage kit. Some people do care.
This is like the usual flame war about macbooks vs everything else.
ajsnigrutin
Well sure, but if you just need one feature (eg. infrared "tv-b-gone"), and you already have an arduino at home, you just need an infrared led.
https://create.arduino.cc/projecthub/mike-murray2/homemade-t...
If you want to open garage doors, you just need a cc1101 and an esp8266
https://github.com/gusgorman402/RFmoggy
If you want to clone rfid cards, you need one of the cheap readers, an empty card an an arduino
https://github.com/miguelbalboa/rfid/blob/master/examples/RF...
Yes, it's ugly, but it's cheap.
prmoustache
All I see is it remove the motivation barrier and just create waste for the sake of creating waste. Another devices that people buy, tinker with it a few hours then sit in a drawer for years until it will be binned.
More than a nice hacking tool, this is a pollution and waste of resources tool. There is nothing positive about that.
notacoward
Today's XKCD seems like it was written as a direct response to that kind of comment.
"It's hard to believe, but lots of kids today ONLY know how to buy prepackaged molecules."
rideontime
I can't draw a dolphin as cute as that one, though.
rootw0rm
I already have individual tools that can do all this and more, but it still looks damn nice... wish I could justify buying more stuff
bobajeff
This just make me want to make my own little Arduino device. I bet it would be more fun than buying a thing someone else made that I don't have a real use for.
evilbob93
Other comments mention how this was a Kickstarter that took two years to come to fruition and the supply chain is listed as the culprit. No one else has mentioned that while us backers were waiting, they sent out newsletters that detailed some of the complexities they were dealing with. Getting the case right took several iterations, and when you feel it in your hand you can tell that they took time to get it right.
You're right that one could put most of the functionality together, but not in a package that you're gonna toss in your pocket for EDC.
wnevets
I have a passing interest in wireless hacking but I have no idea if I have the skillset to make any use of it. How useful is this for someone with zero pen testing and/or wireless experience?
I'm curious to know what it would take to hack my garage door or key fob for my car
peddling-brink
Out of the box it supports limited raw rf capture and replay. Your garage door (probably) and your car key fob use rolling codes which change each time the button is pressed. This is not supported, and likely won’t be in the official firmware. I’ve used mine to make copies of all rf and ir remotes in my home. Fans, tv, bidet, AC, etc.
Aspos
TIL some bidets can be controlled remotely. I feel like an ape.
packetslave
Story time! Google is (was) famous for having Toto Washlet bidet seats in its restrooms, which have wireless control panels attached to the stalls.
New building opens up, vendor screws up and the control panel in stall #1 is programmed to control the Washlet in stall #2. Cue the predictable (and hilarious) email thread on #<building>-misc, along with a whole lot of memes.
msoucy
I'm more concerned about why you would need a remote for something that depends on you being there...
DonHopkins
Pootooth.
goatcode
If it's ape-like to not be able to detach from your own ass and walk around, I guess I'm in that group too.
kweks
Slight correction: There are two modes of RF Capture available : "Read RAW" and "Read".
"Read RAW" does exactly what it says on the label: Captures a raw stream, based on the specified frequency and demodulation.
"Read" captures, decodes and attempts to interpret the signal capture. The FlipperZero has a large built in database of brands + models of RF devices, and a database of KeeLoq master keys.
For rolling remotes that are KeeLoq based, with known keys, the Flipper can most definitely decode / decrypt rolling codes, and generate the next in the sequence.
TL;DR: Handles fixed + Rolling codes, via built in database of keys + models.
mystickphoenix
FWIW I've used mine to duplicate both of our car key fobs (middle 2000's Mazda and middle-2010's Jeep) so it'll probably be very dependent on make/model/age as to whether it uses rolling codes.
worthless-trash
Surely these rolling code devices should be started by some kind of seed, otherwise how does one replace a remote ?
I'm not convinced that there is a 'non destructive' method to find that out though.
sitzkrieg
i have developed firmware for a few ism band products and basically had to create a few scrappy one off tools for testing and debugging. something like this ready to go is totally killer to have from a rf software standpoint too. but yea, rf is everywhere. key fobs. in your tires for tpms, garage doors, crappy bluetooth products whatever. i could see this being useful in many cases
suction
Let's not fool ourselves into thinking that more than 1% of buyers will use this for anything else than changing channels on TVs displayed at Walmart, and feel like Mr Robot for a few minutes.
charles_f
I love how movies show hacking devices as super serious futuristic goggles the open 6 different terminals that patch you through sockets on satellites, but the best thing in real life is a dolphin tamagotchi.
bitwize
Which in turn may be a reference to the time when a movie showed an actual dolphin as a hacking device: https://m.youtube.com/watch?v=F7OM59U4-z0
addingnumbers
It's a reference to the story that inspired the movie.
> The prototype of our character is the cyborg dolphin Jones from the story "Johnny Mnemonic" by William Gibson.
pluc
It was either a dolphin or Keanu Reeves...
Seriously Keanu Reeves ins't a bad choice for a technological automaton representation, being Johnny Mnemonic and Neo and all. Though I guess dolphins in general are much more conciliatory on IPs, trademark and copyrights issues.
We need to put Keanu Reeves in the public domain!
evilbob93
You could make the argument that it's further a reference back to "Day of the Dolphin"
planb
Finally a kickstarter i backed that keeps up to the promises. Got mine last week and it does everything that was promised and keeps constantly being improved.
efitz
I love my flipper zero; I’ve been using it to investigate NFC doodads.
I participated in the crowdfunding campaign and I must say it was one of the best run campaigns ever; the team was super transparent and took a lot of time communicating all the behind-the-scenes of developing the product; their updates were very interesting. Can’t wait to see what they do next.
A_No_Name_Mouse
Just got mine a few days ago (EU based). Well built, works as promised. But I find that it mostly works for simple things like controlling lights, tv etc. Most interesting targets use proper encryption (mifare classic for example) so I had no luck accessing my company badge. Mifare Desire data cannot be read properly at the moment it seems, but I'm sure that will be fixed. Fun little tool, will probably end up in a drawer soon.
kweks
MIFARE Classic support is quite good : the device will search through its (somewhat exhaustive) list of known keys, to attempt to unlock your badge.
If keys aren't found, you can perform a "Reader Attack" - take the nonces from the log during a sniffed authenticated exchange, place them in a MF32Key tool (there are online versions as well) - and this will calculate the key.
The device doesn't have enough computational power to crack on board (for that you need a Proxmark / iCopy-X) - but the team has roadmapped a tethered mode for performing these cracks.
_joel
I've been reading my bank cards with the 'unleashed' firmware, not tried a replay yet and it lists Mifare DESFire in the special read actions (not tried, not hw to test)
sm4rk0
You can do that with an NFC-equipped Android phone and this app: https://github.com/johnzweng/bankomatinfos
It's also available on F-Droid: https://f-droid.org/en/packages/at.zweng.bankomatinfos2/
KennyBlanken
Mifare Classic is anything but "proper" encryption, with numerous vulnerabilities.
felixnm
Can anyone provide examples on how to use this? The FAQ and Blog have a ton of info on what it is and how to get it, but I don't see anything on why.
Rebelgecko
I use mine as a remote for a lot of things:
My front gate, my parents front gate, and any other front gate (check your local laws before doing this).
Controlling a lamp I have (works with any device I've tried that uses 433mhz)
Backup remote for my TV (the Flipper infrared UI is kinda clunky but it works)
Backing copies of NFC cards
And most importantly, you can use it to turn the pages during a PowerPoint presentation
kQq9oHeAz6wLLS
> And most importantly, you can use it to turn the pages during a PowerPoint presentation
Ah, so it's a business expense!
stjohnswarts
How do you get the details of the remotes you're replacing with it? Scanning through frequencies? Don't they have "secrets" for the actual ACK that lets your in and garage doors rotate through codes do they not? Just curious.
Rebelgecko
There's a few tools for figuring out radio stuff. The first is super simple, it just scans through the frequencies and tells you which is the strongest. Most devices will put this in their manual but it's nice to not need to have to look it up.
Once you know the frequency one option is to just take a raw sample at ____megahertz and play it back on demand. This doesn't work for some radio signals because they use rolling codes and it's also a bit inefficient (be VERY VERY careful using a Flipper with a car key fob, because they can sometimes go out of sync and you can't open your car afterwards)
The good news is, for many types of radio signals, the flipper can also determine the protocol and what digital data is being sent- so instead of playing back a 2 second sample of me holding down the "power" button on my lamp's remote, it knows it can just broadcast 0x1234 using protocol XYZ.
NFC and RFID devices are basically plug & play, although only a subset are supposed.
mschuster91
> Don't they have "secrets" for the actual ACK that lets your in and garage doors rotate through codes do they not?
Remote door controls are painfully dumb and relied on the absence of affordable software-defined receivers and especially transmitters. With most of them you can set the code via binary DIP switches at the back and that's it. No replay protection, no nothing, if you're lucky the receiver has a brute-force detection.
stuaxo
Hm, feels like I could have used this with my Gen 1 Phillips Hue, shouldn't have thrown that away I guess.
tommit
Weren't these already using ZigBee? Does anyone know whether the Flipper can handle those frequencies as well?
backtoyoujim
Would it be hard to get my neighbor's garage door to respond ?
Fnoord
Probably not, but it depends on the garage door. I used to be able to open my neighbor's garage door with the remote for my own garage door. There's also the opensesame attack (replay attack, search for it). You can perform such with a YTS-0 (Yard Stick One). I still ordered a Flipper Zero. Its cute as hell, probably has a neat community, and its more portable than my PortaPack + HackRF or Proxmark + Blueshark.
captn3m0
I saw this 24 minute exhaustive review before ordering one last week: https://youtu.be/1qp78fiDD5M
kronk
This was streamed a little bit ago: https://youtu.be/dvFXWGomZzA Unfortunately, I don't speak Russian. :(
dylan604
the lighting on this gives an ominous/mysterious feel to the video. like being under a blanket with a flashlight so nobody can see what you're doing.
stjohnswarts
adds to the hacker vibe "am I supposed to be watching this?"
fareesh
yikes that guy has sub dermal implants - is this common in your country?
capableweb
Why "yikes"? I don't think that's common anywhere, but the intersection between "hardware hackers who uses Flipper Zero" and "people with subdermal implants" is probably bigger than the intersection of "people not being hardware hackers" and "people with subdermal implants"
micromacrofoot
It's not common in any country, it's a fringe biohacker kind of thing.
There's a small group in the US that does this kind of thing: https://en.wikipedia.org/wiki/Grindhouse_Wetware
radicaldreamer
It's not exactly common in the US, but enough people have them that it isn't surprising to see.
SgtBastard
“Move along, clank” indeed.
5bolts
i use it to clone my work badge onto the chip in my hand... and to have all my amiibos in a nice easy portable package for switch gaming on the go.
haven't explored anything else
lsllc
Wait, back up there: "chip in my hand?"
_joel
A colleague I worked with did the same a few years back https://twitter.com/danhett/status/888390099066642432
judge2020
This front page seems to include a lot of info - it had a ‘Sub-1 GHz Transceiver’, then it has ‘125kHz RFID’:
> Low-frequency proximity cardsThis type of card is widely used in old access control systems around the world. It's pretty dumb, stores only an N-byte ID and has no authentication mechanism, allowing it to be read, cloned and emulated by anyone. A 125 kHz antenna is located on the bottom of Flipper — it can read EM-4100 and HID Prox cards, save them to memory to emulate later.
And
> Flipper Zero has a built-in NFC module (13.56 MHz). Along with the 125kHz module, it turns Flipper into an ultimate RFID device operating in both Low Frequency (LF) and High Frequency (HF) ranges. The NFC module supports all the major standards, such as NXP Mifare.
mvdwoord
I have just received mine (kickstarter backer, EU based) and am impressed by the build quality. I still need to play with alternative firmware etc and found a very naive cloning of my access badge did not work, most likely due to some additional security in place. Had to check though after I picked up an SD card on my way to the office.
Curious to see what uses I can find for this, most likely it will end up in a drawer sooner rather than later, but I can see this be very useful on holidays ;)
mrbuttons454
Anyone else having issues ordering? Apple Pay fails, and manual checkout says it can't be shipped to my address. It's a normal US residential address.
Edit: According to their forums, "There are no US region (R02) flippers in stock at the moment."
https://forum.flipperzero.one/t/unable-to-place-order/4251/4
site-packages1
Currently they don't list USA as a place with availability.
From the shop page:
Shipping in August 2022. Currently available only for: Andorra, Austria, Belarus, Belgium, Bosnia & Herzegovina, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, French Polynesia, Germany, Greece, Vatican City, Hungary, Iceland, Ireland, Italy, Kazakhstan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Moldova, Netherlands, North Macedonia, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, United Kingdom
sschueller
I'm still waiting for my Kickstarter version (suposideley by July 26th) and as one of the first few backers I would hope I receive mine before others can just go buy one...
Yes I live in Switzerland but it's not at the edge or the world. Most have received theirs already but Swiss people had to wait a while...
svnt
> suposideley
I was confused by this until I saw you were Swiss. Then I realized it was just a bit of involuntary yodeling.
theshrike79
Yep, still waiting for mine too. Got the delivery code a good three weeks ago, no movement after that.
I've waited for 2.5 years, so what's a few weeks more =)
lokedhs
Still waiting for mine as well. I'm in Singapore and it's apparently the last region to be served. I have yet to get a shipping notification. I hope to get it soon though.
atemerev
From Switzerland, too. I have seen their shipping map — apparently, they haven't started shipping to Switzerland yet, as we are not in the EU :(
sschueller
I got the shipping notification from FedEx today coming from Hong Kong. I just hope Swiss customs won't be a pain.
nibbleshifter
Also in Europe area, still waiting. I think its with the notoriously slow last mile carrier that never updates tracking, so maybe next week or two...
Simon_O_Rourke
Ahhh, good to know, friends of mine been waiting for them despite being a local courier tracking number
turtleman1338
Same here, I have my tracking number for 3 weeks but no activity so far
grapescheesee
I received mine a several weeks ago. They have been doing great work with logistics and covid setbacks.
Hope you get it soon.
turtleman1338
You can already but it at lab401 since weeks, they have them in EU warehouse.
brianlweiner
URL is blocked by my company VPN as being in the Russian federation
geoffeg
I just tried to order the Wifi devboard and got a similar response (I live in the US). I ordered the actual Flipper Zero a few weeks ago but forgot to order the accessories. I hope I can still get them at some point.
0xCMP
I did a pre-order for 2 successfully about 2 weeks ago.
rdl
I have one (from a few weeks ago) but haven't figured out a use for it yet (but also haven't had time to really explore).
ciguy
Just wasted 20 minutes trying to figure out how to order. It kept saying no shipping rates found for my address. Turns out they aren't allowing US orders at the moment but they don't actually say that on the website you just get a cryptic shipping rates message. Not the greatest experience.
capableweb
As someone who just ordered one to the EU, you people in the US finally get a taste of your own medicine :)
I can't even recount how many times I've wanted to order something, and not until the final step before doing the payment they put up a "Sorry, we only accept orders within the US & Canada".
Cockbrand
I'd like to order one as well (EU, too), but I'm a bit repelled by the $35 tax on top of the price. Did you pay the same tax? Did you research whether you'll have to pay customs fees as well?
rbarrois
It seems to be available from resellers, lab401 seems to be their official reseller in Europe: https://lab401.com/collections/flipper-zero
capableweb
Order total: ~$300, where ~$50 is taxes and ~$50 is shipping. I did not research any customs fees, as I've been craving the device since I came across this comment: https://news.ycombinator.com/item?id=31534257 (2 months ago), so don't really care about the custom fees.
dylan604
Well, if your fellow EU breatheren weren't such a hot spot for internet fraud.../s
Do these same fraudsters hit other EU online sites as much as they hit US based sites?
deusum
Wanna create a parcel bouncing service? One address here, one over there, charge for shipping and handling
deusum
We'd get a bulk discount on shipping sending containers of goods. But the sorting and re shipping sounds like Amazon level logistics
dylan604
Until the Flipper people realize that a crap ton of their devices are being shipped to the exact same EU address
unethical_ban
On the pre-order page, in bold, directly under the "buy now" button:
---
Shipping in August 2022. Currently available only for:
Andorra, Austria, Belarus, Belgium, Bosnia & Herzegovina, Bulgaria, Croatia, Cyprus, Czechia, Denmark, Estonia, Finland, France, French Polynesia, Germany, Greece, Vatican City, Hungary, Iceland, Ireland, Italy, Kazakhstan, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Moldova, Netherlands, North Macedonia, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey, United Kingdom
More countries coming in September.
erulabs
Not great but I’d cut them some slack. Designing hardware, software, a billing system, a website, production, shipping… I’m part of a two man hardware company and it’s a miracle it’s even possible.
The web is funny tho - an order page is just an order page - if it was built by a trillion dollar company or a startup barely paying rent - we go in with the same expectations.
catskul2
I think they may be shipping from Russia, so that may be part of the problem.
f311a
They ship from Hong Kong
chupasaurus
Not only that, but shipping to Russia has been it's own problem from the start of the project.
Disclaimer: I know some of the employees at Flipper. And a few Russian backers who still didn't get their device.
pnw
Probably not easy taking orders on a Russian website from the US right now?
r2_pilot
The company was established in the US since at least 2019, so this is not an issue. They ship out of Hong Kong.
NotSammyHagar
Does that mean this is legal to buy in the us, considering the sanctions against russia for the ukraine war? I want to buy one, but the legal status seems unclear to me.
Zigurd
The site lists countries where it is available.
Get the top HN stories in your inbox every day.
I just got mine a couple of days ago. I'm really impressed with how well its built and how polished the software is. It is much more polished than any other similar (useful!) hacking/debugging hobbyist devices I've bought. Its clear a lot of thought and care has gone into it.