I’ve had one of these guys sitting around for a while - love the hardware, love the concept, but I haven’t really found a lot of use for it - what are y’all using them for?
My friend found out the school he sysadmins for was using weak rfid card keys (despite the readers being smart enough to handle higher level encryption) and found he could clone his key and get in places. So basically he pen tested and then they decided to upgrade to the less or non-cloneable card keys. Security for the win.
Before anyone tries this, doing this without first checking with security/facilities would likely be grounds for “disciplinary action, up to and including termination”
I don't know why you're getting downvoted for this. It's 100% correct advice. The person you're replying to is a sysadmin so they are probably okay in this situation but cloning access cards without permission would be a serious breach no matter how well intentioned or how easy.
I countered the statement and also getting down voted. The key is to train your brain to like down votes just as much as up votes. When the number is just a number not attached to dopamine then you are free.
The votes are not there for your benefit - they're there to make good/useful/valuable comments rise to the top, and bad/low-value/spam ones fall to the bottom.
Nontheless the point about learning to accept downvotes is valid because "why was I downvoted?"-crybaby posts are annoying, useless and tend to also get downvoted.
My comments got more than 200 downvotes and ban in discussion about physics about decade ago, but I nailed the problem. Also, I receive downvotes from Russian imperialists at constant rate just talking about history of Russia and Ukraine, because real history of Russian Federation/Russian Empire is well guarded secret in Russia.
If coercion was going to ever rule the world someone would have accomplished it fully already as many have tried. Yet here we are still free to say nearly whatever the fuck we want in the free world thankfully.
Hes getting downwoted because this site is called hacker news. Dont be such a corpo chicken. I am pretty sure people are aware of legality of similar actions and dont need this mentoring.
Losing your job may not seem like a favor at first, it depends on how high you bounce after the fact. Being self employed for 20 years after being laid off was the best favor anyone ever did for me. I would have never taken that initial risk without being pushed into it. Now risk is comfortable.
Quite often the keycards have sequential IDs which means you can increase or decrease the number a few times and find a colleagues card with higher or lower privileges than you.
It's my backup key for my garage and my office door. I also use the universal remote to change TVs in public spaces occasionally. It's a chunker, so it's not a pocket carry, but I keep it in my backpack.
Not the person you are replying to, but I use my flipper for the exact same purpose.
Not sure which specific garage opener my apartment building has. But the fob controller the leasing office gave out is way too weak, so i have to sometimes press it many many times and wiggle it in multiple ways until it triggers the garage door. With flipper, it works on the first try.
A funny anecdote: after using my flipper for about a year, I encountered another flipper user in my apartment elevator (the elevator requires a keyfob to go to any floor except the ground floor). I talked to him for a bit. Turns out, he manages a bunch of boat storage units here (in Seattle) that all use different keyfobs. So for him, it is just pure convenience to carry a single flipper device as opposed to always having a lot of different physical keyfobs on him, and then shuffling through them in his bag to get the right one.
The part I don't get is even if you flash the firmware, does that mean you can make sure it doesn't make all other remotes fail? My understanding of the whole rolling code system was that you could get a few uses and then you were screwed.
If that's not the case I really need to do this because having it handle my tv's, ceiling fans, and garage door would be a nice trick.
For Chamberlain brands [0] there is some research that shows that their rolling code system (Security+ and Security+ 2.0) is quite easy to decode/decrypt [1]. This feature is supported in the flipper firmware, but is restricted (you can't create a custom remote, only clone is supported) without custom firmware. However, I'm sure you could decode a raw capture file if needed in a pinch.
I thought so at first by my initial reading left me somewhat confused on if there's a private key that only certain remotes have or something like that?
It's less of a private key and more a random per-remote prng seed that gets set both on the remote and the door controller when they are paired. When you press the button, remote increments its sequence number and send this number, its ID and a hash of all that and the seed to the controller. Controller checks the hash, then checks that seq number is more than last seen for this remote and opens the door. This protects against replay attacks and fairly uncomplicated to implement.
This sounds a lot like the KeeLoq algorithm [0] (minus the hashing part). From my research into the rolling code space, I think most remotes don't quite have the CPU/featureset to support a real, secure crypto system with things like SHA, AES, and RSA/ECC. Would love to see one though!
I bought it in the hopes of causing mostly harmless mischief, but its capabilities in that realm are oversold.
That said, I knew very little about UART communication or SPI until I started playing with this and an ESP32 device. I also knew very little about bluetooth, RF, and RFID/NFR type stuff until I started exploring the world with this. It's been a fun journey that's rapidly advanced my understanding of quite a few things.
Others have said its overpriced or that you can build your own or whatever, but it's actually just the right price for a cool little educational tool that also works beyond the educational stage. It may even inspire me to build my own advanced version at some point.
If you're already a hardware hacker or EE, this is probably not much more than a toy for you. If you've always wanted to explore some of these topics but had no idea how to start, the Flipper is a good introduction. I immediately flashed it with custom firmware and it was easier than flashing my BIOS.
Well I found that my apartment NFC key is hardened against dictionary attacks and I'm not able to copy it. It also helped me learn that my parents' garage door is pretty secure. I'm able to have the opener learn my flipper like any other remote, but not crack it. This is even with the unleashed firmware that doesn't mind violating FCC regulations (some of the frequencies it hops to are restricted).
I was able to copy my work NFC badge, but I'm not really interested in trying it out.
It's handy as a pocket spectrum sniffer, but I don't have much day-to-day use for it outside of that. I'm glad it was given to me because I learned a lot. Potential future use for me might be an amiibo emulator, but I've grown out of those sorts of things.
My apartment uses Latch deadlocks. From what I've read the model _should_ support an NFC key, which of course we don't get. I'd love to figure out if I could do it myself. Ideally I'd be able to use my iPhone that way automatically though (the app on iOS apparently can't due to Apple rules but I'm not an expert). When my hands are full with groceries or whatever it can be a chore to pull out my phone, dig for the app, and get it to unlock the door.
Speaking of garage door rolling codes I've noticed there is some sort of slack in the synchronization, probably so that if you press the remote button a few times while out of range your remote still opens the door. My guess is that the receiver looks not only for next code after the last one used, but also for several codes after that.
Question: how many times would you have to press the button on the remote for it to get so far ahead of what the receiver looks for that the remote no longer works without reprogramming the receiver?
Years ago I had some insight into the "crypto" behind a garage door opener. It was essentially a rolling code and the controller stored the counter for each paired remote and checked it. The package sent by the remote also included its current counter value. If the controller received a counter that was higher than expected, it just updated the stored value and accepted the request, assuming the actual "ciphertext" is correct ofc. The only constraint was that the sequence number must be larger than the stored value.
This also means if you manage to clone a remote, you can just abuse humans. If you opened the door with your clone, the next time the original remote sends its package the sequence number will be too low and the controller will ignore it. But what do you do if your remote didn't work? You press it again, this time the sequence number matches and things work as they should.
For cloning you need to reconstruct the initial seed for the PRNG that is used to create the ciphertext based on the sequence number. Based on how little resources these remotes tend to have, more based on cost than battery life etc, and that some vendors design their own crypto, this can actually work. If you know the algorithm and the seed is only 32 bit, you can easily brute force it.
There’s a great answer here that describes a rolling code attack and above it, an answer describing that they have slack regarding where they are in the code sequence.
My building charges USD 40+ to replace the white rfid cards if you lose it and something similar for the remote control for the parking gate. So i just cloned all my cards and remotes and keep them as backup, just in case.
I use it as an easy voltage tester for various hardware projects. I wrote an app that can do GPIO input (the built in only does output) so I can check which parts of a given circuit I'm building are high or low at a given time. Basically like a parallel multimeter.
A bit different than the other replies, but I'm using mine like a very extensible input/output device for my own hardware projects and as a general STM board for fiddling with embedded on an STM chip (I usually stick to RP2040s and ESPs). I'm really interested in making expansion boards for the Flipper, especially ones built on the RP2040. Just sounds like a ton of fun.
IIRC phones need to be rooted to pretend to be an NFC card, although they can write to blank ones. I've done this before. The Flipper Zero is a lot more convenient though.
Cloning my NFC cards, being my garage opener (I wasn't given a key and couldn't be bothered getting one... and yes, it's my garage), testing equipment using the GPIO pins and what not. Last one is really handy tbh
Edit: oh! I used it today to snap pictures with my phone every second for photogrammetry work, that was neat! Wish I had gotten better point clouds out of Gaussian splatting though
So is forcing me to watch ads. TVs everywhere in public spaces in America is a cancer and I’ll happily turn them off or unplug them whenever and wherever I see them.
This isn’t a thing in other countries, it’s part of American culture.
I have a hard time telling whether you are being sarcastic here.
It's one thing to block ads when they have been loaded into your web browser that is in your room (completely morally and ethically fine). It's a completely different thing to go into someone elses space and start making decisions about what is or isn't running on a tv there.
I like ads as little as you so what I can do is just boycott that restaurant or bar entirely or ask the staff to turn it off. I think it's part of being a well adjusted adult to know what you want or don't want and go about it in a reasonable way (such as asking staff). It's immature though to just do that forcibly.
It is however not my duty to teach you that, so let's leave it at that.
Do you even hear yourself? Back when I had a Samsung phone with an IR blaster, it was a godsend in that era when, say, your dentist that you were handing thousands of dollars to decided you need to hear 30 second Invisalign commercials over and over at full volume in his waiting room.
Thankfully culture has adjusted some and those conditions aren’t as common as they were.
Not being sarcastic (but am indeed questioning if you “like ads as little as [me]”).
Turning off a TV is also morally and ethically fine. I don’t see the big deal. Nothing is happening “forcibly”, I’m just sending out some IR. Nobody’s hurt or damaged.
Part of eating a bar (or similar) is to have a sporting event on TV so you can watch it while being out. I would be upset if someone was turning those off in that type of place. If you don't like it, don't go there.
Why would you go in to a restaurant that has TVs if you don't want that? This is borderline sociopathic behavior. You sound like the religious police of Iran imposing your view of what culture is. You should assimilate instead of trying to impose your draconian views on others
I used it a lot at first and it taught me about NFC, IR, etc. I made a few remote controls on it, which is convenient to e.g. turn a fan on at night due to its backlight. I also clone Amiibos for Switch games. And make copies of hotel room keys and RFID tokens for backup purposes although some keys can't be cloned. You can monitor all kinds of wireless signals like garage doors getting fired off around you, which is fun. I know some people use the USB feature to somehow install Windows automatically when they have a bunch of laptops to set up.
I gave two of them away at a hacker con last year. During the event it was used to open up the charging lid of a Tesla and to remote control a fog machine.
I'm not competent of interested enough to make full use of them but I get the impression that they still have a lot of use in a large part of the world where simple RF is used to open gates and garages.
And of course you can copy and store RFID but you still have to get your hands on the tags. And that's where it falls down in certain more developed countries because they've mostly moved to RFID.
Couldn’t find a ceiling fan remote one time ( I have 3 with the exact same remote ) and used it to manage fan speeds
Still doesn’t justify the cost but I guess it’s like my leatherman. Hardly use it but handy when I do.
I actually bought it when seeing the pwnagotchi comparison and expected functionality from the wifi/marauder dev boards to be included. Meaning I got my flipper in the first batch for my country but couldn’t get a dev board even months later
A specific but satisfying use case, my apt building was being stingy* with handing out RFID tokens so I used it to copy and program a cheap RFID token for lending to a trusted visitor.
* Stingy => security protocols that I agree with in sentiment but unfortunately I need to let my pet sitter in and it's nice to allow them to keep the keys as I travel frequently and key exchanges are less than optimal for my spouse and I
I’m also in this place. I have the wifi card as well and I’ve not taken to writing any hobbyist software for mine.
I had perhaps foolishly hoped to at least get a fun universal remote out of it, and it’s somewhat possible yet the software just isn’t there to bring a robust family of device RF and Bluetooth commands together. It’s no harmony remote.
I’ve had no problems reading chips from a few cats, but you do have to scan around a bit because often the chip has moved a bit from where you expect it to be
Basically the reader writes data back to the fob and expects to see it the next time it reads it. This results in either the original or the copy getting de-synced.
One interesting capability that this unlocks is that battery powered, offline readers (think apartment door that uses the same fob as the lobby) can write out things like battery state so that apartment maintenance knows when it's time to swap out batteries.
Just a party gag so far with some friends. Like if I'm at a friend's house and they're using their phone I'll Bluetooth spam them to lock up their phone for a second to mess with them.
