Started this back in February after finding a critical CVE in Revolut's payment system (CVSS 9.3, infinite money exploit). Got me thinking - why is all the good hardware security gear either crazy expensive or locked down?
Flipper Zero costs €169 and you still need to buy WiFi addons, external CC1101 modules, better antennas. By the time you're done it's €250+ and you still can't do voltage glitching or LoRa mesh. That's ridiculous for students or anyone just trying to learn.
So I designed BitBreach. Everything built in, nothing locked down, actually affordable.
Hardware:
Dual MCU setup because I needed the separation:

ESP32-S3 handles WiFi/BLE pentesting, NFC stuff, and the display
STM32G431 does the timing-critical things like voltage glitching and manages the LoRa/Sub-GHz radios
LoRa mesh on 868MHz for off-grid encrypted messaging (no servers, no internet, just device-to-device)
CC1101 Sub-GHz covering 315/433/868 MHz with an RF switch so you can toggle between chip antenna and external SMA
NFC/RFID with PN7150
WiFi and Bluetooth obviously
Infrared TX/RX

Why the external antenna matters: Flipper's biggest complaint is range. People spend €35 on external CC1101 modules just to get an SMA connector. I built the RF switch in from the start so you can swap antennas without needing addon boards.The glitching thing: STM32G431 has these insanely precise timers that can do voltage fault injection. Most educational pentest devices can't touch hardware security but it's actually one of the most important real-world skills. Display: 2.4 inch TFT, USB-C for charging and data, microSD for storage, all the normal stuff.
Current Status:
PCBs are being manufactured at JLCPCB right now, components ordered from LCSC, cases printing in clear resin. Everything ships in the next couple days so prototypes should arrive by end of this week or early next week. This is the second iteration - had an earlier prototype that proved the concept but the layout was messy and I wanted to add LoRa mesh after seeing all the EU Chat Control surveillance stuff happening. Privacy matters. 4-layer PCB, about 100x50mm. Did the whole thing in EasyEDA. The silkscreen has this vaporwave beach art on it because if you're gonna spend 8 months designing something it should at least look cool.
Firmware:
Planning to base it off Retro-Go's launcher system since that menu framework already works and the ESP32-S3 support is solid. Then building custom apps for the pentesting features. Keeps things modular.
STM32 side is mostly custom code for talking to the LoRa module (using RadioLib) and handling the Sub-GHz stuff. The voltage glitching needs really precise timing control so that's all bare metal.
Everything's gonna be open source. Hardware files, firmware, the whole thing. AGPL for software, still deciding on hardware license but probably CERN-OHL.
Why I'm Building This:
I'm 16 and honestly school isn't working out for me. Teachers think I'm lazy. But I've loved electronics and security since I was little , started doing bug bounties at 15. Found that Revolut vulnerability last year and ended up #1 on their bug bounty leaderboard. Got invited to private programs for BMW, AutoScout24, R+V insurance, bunch of others on Intigriti.
But school grades are terrible. Like actually almost failing many classes. So BitBreach is kind of my portfolio project - proof that I can actually build things even if traditional education doesn't work for me. Want to launch it on Kickstarter in February if the prototypes work. Goal is making it affordable enough that students can actually buy it. Thinking around €89-119 range.
The Goal:
Make hardware hacking actually accessible. Not just affordable but also educational. Want people to be able to learn voltage glitching, understand LoRa mesh networking, experiment with Sub-GHz protocols, all without dropping €500 on equipment.
Open source means if something breaks or you want to modify it, you can. No proprietary lockdowns, no firmware...