Flipper Zero

Milti-Tool Device For Pentesters

Flipper Zero is a portable tool used for hacking digital stuffs

such as radio protocols, access control systems, hardware and
more.
It if fully open-Source and customizable in a toy-like body

 Your Dolphin-Cyber Buddy :

The tool gained popularity on “TikTok”, when it appeared in

a flurry of videos from hackers and script kiddies playing
pranks in public.

In the videos, hackers turn off the electronic menus at

fast food restaurants, remotely open charging ports of
strangers’ tesla cars and even change the gas prices on
gas station displays.

The gadget is a powerful and intuitive tool to investigate

cyber security in the “PHYSICAL WORLD”.

Although it can’t manipulate every wireless device in its

path, it can read the signals wireless devices emit, giving it
the capability to reveal a significant amount of information
about a spectrum of electronic devices.

 How does Flipper Zero work?

Flipper Zero contain a few different antennas. These help

it capture, store, clone and emulate wireless signals.

It can interact with several signal types :

o Near field communication (NFC) . Bank cars and

building access cards use NFC signals.
o 125kHz RFID. Older proximity card and animal
microchips use this frequency.
o Infrared. Many remotes use infrared signals.
o Sub-1 Ghz. Garage door remotes and remote keyless
systems use Sub-1 Ghz frequencies to communicate.

To read a wireless signal, the user holds Flipper Zero up

to source of the signal, selects the programs that
corresponds to the signal type, and selects “Read”.

Flipper Zero then saves the signal type to memory and the
user can access the saved signal and emulate it.
  What’s Inside and Tech Specs With Uses :

 Hardware Hacking
Application processor: ARM Cortex-M4 32-bit 64 MHz

Radio processor: ARM Cortex-M0+ 32-bit 32 MHz

Radio: Bluetooth LE 5.4, 802.15.4 and proprietary
Flash: 1024 KB (shared between application and radio)
SRAM: 256 KB (shared between application and radio)
LCD Monochrome
https://flipperzero.one/img/tild3361-3236-4565-a
Resolution: 128x64 px
Controller: ST7567
Interface: SPI
Hardware hacking with Flipper Zero involves
manipulating and interacting with electronic devices and
systems at a physical level. It enables users to explore,
test, and analyze hardware components, interfaces, and
protocols. Here are some subheadings that elaborate on
different aspects of hardware hacking using Flipper
Zero:

Diagonal Size: 1.4“

 Device Emulation:
LiPo 2100 mAh o Emulating and spoofing various
devices and protocols
Up to 28 days battery life

SUB-1 Transceiver : CC1101

TX Power: -20 dBm max
Frequency bands (depends on your region):
315 MHz, 433 MHz, 868 MHz, 915 MHz
NFC : Frequency: 13.56 MHz
RFID 125KhZ :
MODULATION : AM/OOK AND CODING : AKS, PSK
GPIO :
13 I/O pins available to user on ,
external 2.54 mm connectors,
3.3V CMOS Level Input 5V tolerant
SIZE :
Size: 100x40x25 mm (3.95x1.58x1.01 inches)
Weight: 102 grams (3.6 ounces)
Materials: PC, ABS, PMMA
Operating temperature: 0° to 40° C (32° to 104° F)
Up to 256 GB microSD card (SPI mode)
2-32 GB card recommended
Read/Write speed: up to 5 Mbps
file systems: FAT12, FAT16, FAT32, and exFAT
o Mimicking RFID cards, key fobs, and
access control systems
o Interacting with electronic locks,
keypads, and other entry systems
 Radio Frequency (RF) Attacks:
o Analysing and exploiting
vulnerabilities in wireless
communication
o Sniffing and intercepting RF signals
o Capturing and analysing data from
wireless devices (e.g., garage door
openers, car key fobs)
 Signal Jamming:
o Identifying and blocking wireless
signals
o Conducting denial-of-service attacks
on wireless devices
o Investigating vulnerabilities in
wireless communication protocols
 Hardware Testing and Analysis:
o Identifying and analysing hardware
components
o Testing for vulnerabilities and
weaknesses in hardware systems

 Software Exploitation o Conducting fault injection and side-

channel attacks
Software exploitation with Flipper Zero involves analysing and o Exploring debug interfaces and
manipulating software components, vulnerabilities, and
exploits. It enables users to uncover security weaknesses, JTAG protocols
reverse engineer software, and develop techniques for
penetration testing. Here are subheadings that elaborate on
different aspects of software exploitation using Flipper Zero:

 Firmware Analysis:
o Reverse engineering and analysing
firmware
o Identifying and extracting firmware from
devices
o Inspecting and manipulating firmware
images
o Searching for vulnerabilities in firmware
code
 Reverse Engineering:
o Decompiling and disassembling software
binaries
o Understanding the inner workings of
software applications
o Analysing and manipulating software
behaviour and logic
o Extracting sensitive information from
software binaries
 Vulnerability Assessment and Penetration Testing:
o Identifying software vulnerabilities (e.g.,
buffer overflows, injection flaws)
o Exploiting and demonstrating the impact of
vulnerabilities
  Wireless Network
Auditing
Wireless network auditing with Flipper Zero involves
assessing the security of wireless networks, analysing
their vulnerabilities, and identifying potential exploits. It
allows users to evaluate the strength of Wi-Fi,
Bluetooth, and NFC implementations, and perform
penetration testing on these wireless protocols.
Here are subheadings that elaborate on different
aspects of wireless network auditing using Flipper Zero:

 Wi-Fi Network Analysis:

 Social Engineering
Social engineering involves manipulating human
behaviour and psychology to gain unauthorised access
to systems, networks, or sensitive information. Flipper
Zero can be utilised in various social engineering
techniques to test the effectiveness of security
measures and raise awareness about potential
vulnerabilities. Here are subheadings that elaborate on
different aspects of social engineering using Flipper
Zero:
 Badge Cloning:
o Cloning access badges and ID cards
o Emulating RFID signals to gain
unauthorised physical access
o Assessing the vulnerability of
access control systems
 Keycard Emulation:
o Emulating keycards and key fobs
o Testing the security of electronic
lock systems
o Assessing the effectiveness of
physical access controls
 Access Control Systems:
o Assessing the vulnerability of
physical access control systems
o Testing the effectiveness of
security measures (e.g., keypad locks,
biometric systems)
o Identifying weaknesses in the
authentication and authorization
process
o Scanning and identifying Wi-Fi
networks in the vicinity
o Assessing the strength of Wi-Fi
security protocols (WEP, WPA,
WPA2)
o Conducting wireless packet capture
and analysis
oIdentifying rogue access points and
unauthorised devices
 Bluetooth Exploitation:
o Discovering and analysing
Bluetooth devices
o Assessing Bluetooth security
configurations
o Exploiting Bluetooth vulnerabilities
(e.g., BlueBorne, Key Negotiation of
Bluetooth attack)
o Sniffing and intercepting Bluetooth
communication
 NFC Attacks:
o Analysing Near Field Communication
(NFC) protocols
o Assessing the security of NFC-
enabled devices and systems
o Conducting NFC relay attacks and
card emulation
o Exploiting vulnerabilities in NFC
implementations

Legal and Ethical

Considerations
 Laws and Regulations:
o Understanding and complying with
relevant laws and regulations related
to hacking, data protection, and
privacy
o Ensuring that assessments and
activities are conducted within legal
boundaries
 Professional Code of Ethics:
o Adhering to professional codes of
ethics and conduct
o Respecting privacy and confidentiality
of individuals and organisations