Flipper Zero reads your NFC security key

Flipper Zero reads your NFC security key.

Adrian Kingsley Hughes/ZDNET

After over a year of use, I love my Flipper Zero, and I’m still finding cool things to do with it.

Should I use it to steal cars, clone credit cards, or change prices displayed on gas station screens? of course not! These are just fake things that people upload to TikTok to try to look cool, and you can’t do anything like that.

But that doesn’t mean the Flipper Zero can’t do some very cool and useful things. Over the past year, I’ve been exploring the Flipper Zero’s built-in toolkit, as well as expanding its capabilities by installing custom firmware. You’ve changed the game in so many ways!

View in the Flipper Zero store

The Flipper Zero may be small, but there’s a lot of hardware in a small space.

First, there is a sub-GHz wireless antenna that can pick up and transmit wireless codes to operate wireless devices and access control systems, such as garage door remotes, boom barriers, IoT sensors, and even keyless remote systems.

RFID support allows a number of different RFID tags to be read, stored and emulated.

also: Do RFID blocking cards actually work? My Flipper Zero has revealed the truth

It can also read, write, store and emulate NFC tags.

On the front is a single-wire connector that can read and emulate iButton dial keys (also known as DS1990A, CYFRAL, Touch Memory, or Dallas key).

There is also a built-in infrared transceiver that can pick up and send infrared codes to control things like televisions.

Finally, at the top, there are GPIO connectors that allow the Flipper Zero to communicate with other real-world gadgets.

also: How to unlock the true power of Flipper Zero

That’s a lot of features crammed into a small $169 device.

But every week, I hear from buyers who are frustrated and disappointed that their Flipper Zero won’t do the things it looks like it can do based on fake videos on social media.

Here are some things I’ve been doing with my Flipper Zero over the past few weeks.

NB: Most of the time now I run Third party software on my Flipper Zero, giving me access to a host of additional features. But don’t worry, downloading third-party software does not void your warranty and you can easily revert to the stock software at any time using the Flipper Zero app on your desktop, laptop or mobile device.

The sub-GHz wireless antenna can pick up signals from devices such as wireless doorbells and car key fobs, making the Flipper Zero a useful tool for testing whether wireless transmitters are working properly. I use my device to test if the rings work and to test their range.

also: The Best Security Keys You Can Buy (And How They Work)

And yes, the Flipper Zero can record codes sent via a car key fob, but sending those codes back to a newer car won’t unlock them due to a feature called “rolling codes” that changes the code with each use. In older cars – those 20 years old and older – you can use a captured code to unlock the car (but only do that if it’s your car or you have permission!), but you still won’t be able to drive it away.

On the flip side – pun intended – re-sending codes to the wireless doorbell will cause the doorbell to ring, as most of these systems have no mechanism to protect against such annoyances.

NFC is everywhere these days, and the Flipper Zero lets you work with this wireless protocol. They’re embedded in plastic cards and chains and are used for all sorts of things, from opening hotel room doors to controlling barriers.

But that doesn’t mean you can wreak havoc in the world, because to open things, you often don’t need access to an NFC key.

NFC signals can be read by the Flipper Zero, and many NFC cards can also be read Copied and reproduced (This depends on the security the card is used for, so I can’t give you any hard and fast rules about which NFC devices can be cloned.) I’ve used my Flipper Zero to copy my hotel room card on occasion when the hotel will only give you one card or when we have multiple rooms and don’t want to juggle a few cards.

also: The Best VPN Services (And How to Choose the Right One for You)

However, note that although the Flipper Zero can read NFC cards and fobs, it cannot decrypt the card’s encrypted security code used on credit and debit cards, so it cannot be cloned.

Flipper Zero cannot decrypt the card's encrypted security code, so it cannot clone bank cards

Flipper Zero cannot decrypt the card’s encrypted security code, so it cannot clone bank cards.

Adrian Kingsley Hughes/ZDNET

Combined with NFC technology, the Flipper Zero can read and clone RFID cards and fobs, including hotel cards as shown in the image above.

also: How RFID tags can make in-person clothing shopping less frustrating

RFID cards and tags can be locked to prevent them from being overwritten or their security keys extracted, but Flipper Zero can bypass many of these mechanisms. For example, it can offer to unlock the card if you present it to a valid reader (such as a lock it has been programmed to open). This allows you to clone the card and open the door using both the card and Flipper Zero.

The Flipper Zero can open some RFID cards and tags

Flipper Zero can open some RFID cards and tags.

Adrian Kingsley Hughes/ZDNET

The Flipper Zero has a built-in infrared module that can be programmed to operate a wide range of devices, including TVs To air conditioning units.

Any consumer device equipped with an infrared remote control interface can be controlled with the Flipper Zero.

Another great use of this function is to test whether the infrared remotes are working or not. Simply point the remote at the Flipper Zero in “IR Read” mode, and it will detect signals.

I use this feature all the time to test remotes that I’ve repaired after a battery leak damaged the device. It’s an incredibly useful feature!

Testing the disassembled infrared remote control

Testing the disassembled infrared remote control.

Adrian Kingsley Hughes/ZDNET

Yes, Flipper Zero can bypass the security found in some Sentry Safe electronic safes using an output from the GPIO.

This is definitely not something you want to do if it’s not safe for you or you don’t have permission, but it shows just how unsafe the “free” lockers found at hotels, spas, and Airbnbs actually are.

Flipper Zero can act as Bad USB devicewhich means that when it’s plugged into an outlet, it’s seen as a human interface device (HID), like a keyboard.

also: Best VPN Services for iPhone and iPad (Yes, You Need to Use One)

A BadUSB device can change system settings, open backdoors, retrieve data, initiate reverse processes, or do anything that can be accomplished with physical access. These tasks are completed using a set of commands written in the Ruby Ducky programming language, also known as DuckyScript.

Flipper Zero opens the browser and navigates to a web page without user input.

Adrian Kingsley Hughes/ZDNET

Flipper Zero can use GPIO to output electrical signals and act as a signal generator. I last used this to simulate a car’s ABS module to make sure all the wiring and computers in the car were working.

GPIO pin

Adrian Kingsley Hughes/ZDNET

The video game console is powered by the RP2040 microcontroller developed by Raspberry Pi and adds a host of gaming-related functions.

First, it adds a DVI video output port to the Flipper Zero, allowing it to send video to external displays. This is essential since the Flipper Zero’s small built-in LED panel isn’t ideal for gaming. However, this capability is not limited to games. The ability to send video output to a larger screen is great for many other applications, such as testing or training.

The video game console also includes an inertial measurement unit (IMU) featuring the TDK ICM-42688-P sensor, which adds a three-axis gyroscope and three-axis accelerometer to the package, allowing it to sense tilt or shake.

If you’re not a gamer, no problem. The RP2040 microcontroller can run applications programmed in C, C++, or MicroPython, making it a versatile addition to the Flipper Zero.

Leave a Reply

Your email address will not be published. Required fields are marked *