I always enjoy talking to people with various practical experience in the Security field and how questions and discussions slightly shift. I.e. questions during the recent H2HC shifted from “What does the Flipper do?” over “What do you personally use it for”, to “What do you use it for professionally?”. The last questions seemed to be result of most conversations, thus a short opinion on the Flipper Zero.
I suppose everybody reading this knows the Flipper Zero and the pretty long feature list. The last one I noted as being added broadly discussed were a bunch of Bluetooth vulnerabilities, specifically the one being able to crash an apple iPhone. If you aren’t sure, have a look at the Flipper Zero Website and the DarkFlippers Unleashed Firmware. A friend was pretty happy with the Unleased version, recommended it to me, so I stuck to it.
Why buy a Flipper Zero?
Back when it was released it would have cost me something like $300 incl. shipping and taxes to Germany, which is just a bit over myself set limit for toys. Thus, I decided to give it around a year to see whether the project would survive and also still be developed/worked on. As it was, I got one in Dezember 2022 for $306 and have a bit of fun with it, since. My main motivation was the fact that “everybody” else also had one. It made sense to me, to have it in my collection, spend some time with it and have an opinion, not only based on reading.
Should you by one?
Honestly, no idea.
Upto now, I have no scenario in which I use the Flipper professionally.
The obvious thing to use the Flipper for is awareness, it’s a toy that can do things, that many people can’t. I’ve previously failed to use it during a larger presentation, as the hotel actually had physical keys and no keycards, I’ve used the IR to switch on/off screens and have had people just read their way through the menu. The Bluetooth attack was also a night insight, but somehow not vivid enough. My main issue here is, that I rarely have an audience for which I can run through all the features of the Flipper and for the presentation of a single feature, the price is just too high. You can buy a TV-B-Gone kit for under 20€ and switch off the TVs, A Chinese Proxmark3 clone is under 50€ and allows all attacks on NFC cards. Cloning Sub-GHz remotes can be performed by many small gadgets for under 30€. All three, in comparison to their impact, feel like pocket money and as such are by far easier presentable than the Flipper Zero. Presenting the whole feature set in comparison to the price makes it a good deal, which yet again is too complex for a quick awareness presentation.
A quick practical PoC is always an effective way to underline the description on paper. The Flipper is small, fits in one’s pocket and usually just works. Thus, if there is a finding, the Flipper can demonstrate/verify on the spot, I might actually use it. Practically spoken, I need to have my laptop and tools on me anyways, and the laptop will be connected to the screen, and I’d prefer to show something from the shell that I can also explain.
Pentesting / Research
When testing, one is not only interested in understanding if something is possible, but also the why and deeper specifics. As such one needs a lot of flexibility and direct access to lower layers and many settings. The Flipper isn’t designed to offer the necessary flexibility, which honestly isn’t criticism, but disqualifies the device for me. I simply stick to the equipment I use anyways. These then usually are:
- Proxmark for NFC
- SDR (HackRF or USRP) oder YardStickOne for SubHGHz stuff
- Facedancer or GreateFET for USB
- ESP32 with MicroPhyton for IO stuff
The Flipper is part of my EDC and something I usually get it out, when somebody asks whether I have one. Thus, handing it over, and letting them play a little.
Switching public displays is a lot of fun, so is switching SubGHz remotes. But in most countries, like here in Germany, causing random havoc is simply against the law. While it might be hard to identify who did something, and usually no real damage is done, it’s still something one shouldn’t do.
Hotel Key Cards
I regularly use the Flipper productively when traveling, to clone my hotel key cards. On the one hand, it also provides me with a spare card, on the other hand it actually makes things a little securer. As easily proven with the Flipper itself, cloning key cards is super easy, so I need a solution for my keycards when visiting a con. One option is an insulated cover/case, that prevents the cards from being read, the other is my Flipper. When it’s switched off, nobody can clone my card, problem solved.
The Flipper is a fun little tool, if you have the budget, get one, play with it and you will find a few little use cases. But make sure, that it doesn’t just lie in the drawer, as it’s simply too expensive for that. Should you want to go deeper into testing/research, get the actual tool the Flipper’s functionality is based on. It will give you by far more options!