• Flipper Zero first batch of prototypes (Coronavirus affected)

    Pavel Zhovner04/12/2020 at 16:47 0 comments

    We've produced a first batch of Flipper prototypes and it is stuck on the China border right now. At the moment we can only wait until all this crisis ends and we can continue.

    Here are some photos:

  • Flipper opens the gate via 433 MHz

    Pavel Zhovner04/12/2020 at 16:47 0 comments

    Flipper beta version of 433 sniffer functionality. Simple replay demo. Can't parse remote control protocols yet, just grabs.

  • [Flipper Zero Update] Moving away from Raspberry Pi, building own board from scratch

    Pavel Zhovner04/12/2020 at 16:45 2 comments

    There are many updates I want to share with you. We were working hard on new year holidays and came up with some rad changes. Due to all limitations of Raspberry Pi Zero we decided to build our own board from scratch based on NXP i.MX6 ULZ chip

    The main problems of Raspberry:

    • Impossible to buy in a batch. There are no suppliers who can sell 1000 or more pieces of rpi0. Retail markets like adafruit/sparkfun have only ~100 pcs. in stock and sell 1 pcs. in one hand.
    • Unstable Broadcom WiFi chip. It crashes on heavy load while in monitoring mode
    • Lack of interfaces
    • Old and power hungry processor, that becomes very hot on load
    • No power management, that means no sleep and standby
    • and more..

    Building completely new single board computer is a big challenge for us, but it gives more freedom in development. We can make Flipper more compact, give it longer battery life and better WiFi chipset.

    Display and interface

    We finally chose the right display and started to build user interface, menus and icons. LCD is quite old school but I love it, especially for very low power consumption, so we plan to make it Always ON like on old monochrome phones and tamagotchi. No need to press buttons to activate the screen, I miss that on modern devices with color displays.

    Here are some demos of how interface looks on the screen:

    125khz tag reading/wiring/emulation

    We have already working EM4100 reading-writing and emulation! All made in software on  STM32L4 GPIO without any dedicated IC's. Now working on HID PROX protocol which has different modulation type. 

    433 Transmitter

    Some of Sub-1GHz are working too with CC1101, right now it's only simple protocols and jamming, but all this stuff depends on a software. 

    GIF is too large, so here is MP4 https://zhovner.com/forever/flipper_443mhz_jammer.mp4

    Flipper Architecture

    Here is an old architecture scheme so you can understand the basic blocks. STM32 is always powered on and controls linux board that wakes up on demand. 

    Now we are fully focused on developing i.mx6 board and plan to finish the prototype in one month. When we have a complete working board we will start crowdfunding campaign on kickstarter. Thanks for your support.

    Cheers, 

    Pavel Zhovner

  • Flipper Zero is on the go

    Pavel Zhovner04/12/2020 at 16:44 0 comments

    First case samples of Flipper Zero have arrived. Wanted to run quick demo on LCD screen before new year but messed with soldering and screen didn't start. Have been so tired soldering 0.5mm contacts directly on FPC that I had no strength to redo.

  • Introduction: Why I started Flipper

    Pavel Zhovner04/12/2020 at 16:42 0 comments

    How I got tired of scratchy raw PCBs in my pockets and decided to make an all-in-one device


    My name is Pavel Zhovner. I live in Moscow, Russia. It has been my passion since childhood to go deep in all areas of life: technology, nature, people. I specialize in hardware, networking, and security. Flipper is the most ambitious project in my life that I have cherished in my head for many years, and now it is in an active stage of development. It is a Tamagotchi cyber-dolphin with its own personality, who can live in your pocket, and at the same time it's a Swiss army knife for pentesters. I’ve been hatching this idea for many years.

    image

    I love to explore everything around and I constantly carry around with me various tools for this. In my backpack, I have a WiFi adapter, NFC reader, SDR, Proxmark3, HydraNFC, Raspberry Pi Zero (there are problems at the airport because of this). All these devices are not so easy to use on the run when you have a cup of coffee in one hand or you ride a bicycle. You need to sit down, put all the stuff out, get a computer - this is not always comfortable to do. I’ve been dreaming of a device that would implement typical attack scenarios, would always be on the alert and at the same time not be a pack of falling apart boards wound with electrical tape.

    Recently, after an open implementation of the AirDrop protocol owlink.org and a study from HexWay guys about Apple-Bleee iOS vulnerabilities were published, I began to have fun in a new way for myself: meeting people on the subway, sending them pictures through AirDrop and collecting their phone numbers. Then I wanted to automate this process and made a device from the Raspberry Pi Zero W and batteries. Everything could be fine, but this device was extremely inconvenient to carry, it could not be put in a pocket, because sharp drops of solder tore the fabric of the pants. I tried to print the case on a 3d printer, but I did not like the result.

    Hacking the Tamagotchi


    A couple of years ago, the original Tamagotchi Friends from Bandai fell into my hands. It turned out that they are still being produced and that the original Tamagotchi is made only by the Japanese company Bandai. In modern versions, there is even an RFID module for exchanging data between other Tamagotchi, and they have a built-in 125khz antenna in the back.

    image

    I began to play with Tamagotchi and disassemble it. It turned out that it was enough to solder the t5577 chip directly to the Tamagotchi antenna so that Tamagotchi could open the intercom, while its wireless functions remained operational. I made a video about it on Youtube

    image

    Then I already thought that it would be cool to emulate 125 kHz tags directly with Tamagotchi MCU. To do this, you have to access the firmware. Unfortunately, the main Tamagotchi chip is made without a shell and filled with epoxy, so I couldn’t get to it. Then I found a blog of Natasha Natalie Silvanovich from Google who was hacking Tamagotchi, here’s a video of her report.
    She made a special board for patching certain models of Tamagotchi TamaTown Tama-Go through hardware decorations, so that people could install their own firmware in Tamagotchi.

    image

    I also found a guy mr.Blinky who was engaged in reversing Tamagotchi and all sorts of old-school gaming devices. Bandai makes much cooler versions of Tamagotchi for the domestic Japanese market, they have color screen, real NFC, but the interface is only in Japanese. And Mr. Blinky made a patch to translate interface into English. Other guy Mike Szchys made a Tamagotchi ROM dump.


    And I'm also in awe of Arduboy

    image

    It’s a portable gaming console with built-in display on a fully open Arduino platform, so anyone can write their own games for it and upload firmware.

    Pwnagotchi — Tamagotchi for WiFi Hacking

    image

    Then I saw the amazing pwnagotchi project. It’s like Tamagotchi, but as a meal, he eats WPA handshakes and PMKID from Wi-Fi networks, which can then be brute on GPU farms. I liked...

    Read more »