Flipper zero

Anyone looking into porting there games to flipper zero ? Specially now it supports app loading from sdcard and doesn’t need to be baked into firmware ?

Why would we?

The flipper zero looks like a hackers tool that goes against the ethos of some / many / all of our patrons beliefs.

I know I am speaking for myself but this product is not something I want to be associated with. My company sells cyber security products and it’s these sort of products that undermine peoples trust in cloud computing.

1 Like

Erm okay , plenty of people in that field have purchased they too as there handy for in field testing of security too , but hay each to there own lol

I think it’s fine to share this idea, there isn’t advertising of the product going on here there isn’t a link and I don’t think @skedone represents the product. It might be a better topic on the https://www.reddit.com/r/arduboy as you may get a wider audience of people who have the flipper already.

Sure, you can port Arduboy games to a new platform but that’s a real serious challenge considering the architecture is different. All you’d have to do is write a compatible library and cross compile.

Generally this kind of thing is done by a specific game developer excited to get their games onto a new platform. @crait has made it a mission to put Circuit Dude on virtually every single gaming platform in existence.

Looks like there are enough buttons to support it assuming you can take control of the back button.

Personally I think this hardware is awesome. It forces people in information security to be on their toes and to not rely on the customer merely not knowing how the device works.

Do lock makers hate lock picks? Probably not. I would imagine they have to use them if they want to design a very good lock.


We discussed the idea of this device with the creator Pavel three years ago and I declined to participate in this project for exactly the reasons as pointed out by the esteemed @filmote. Ethical aspect. The device aroused enthusiasm among young people because its advertising promised easy hacking of barriers, doors and other security systems literally at the push of a button. Of course, one hopes to use it to learn about security systems, test them, and do good. But the truth is that the vast majority of users have only one goal - to play around and be known as the cool hacker in their backyard, causing damage to systems and people, not always intentional, but thoughtless.

1 Like

Thankyou Kevin for seeing my post as it was , just a thought and idea of a new device to run stuff on, I mean we’re are all tinkers other wise why would we even have arduboy in first place.

Yes people might have bought a flipper thinking it’s gonna let the hack the planet , but there learning fast that ain’t the case lol.

There is few games being made for it specifically and apps including a wav player already as people are also seeing its merits as Dev platform too but with extra hardware , that could be quiet useful, think wireless gaming ect via it’s onboard hardware.

Sorry to have caused such a stir .

P.s and yeah crait might have a go after all he ports his epic game to everything (think I have it running on all supported devices now lol )

It’s fine to cause a stir. It’s good to stir if not things are stagnant.

Locks just keep honest people honest.

1 Like

Locks also makes life a little safer for ordinary people, otherwise there would be no locks or security systems of any kind.
Easy access to lockpicks makes mass hooliganism possible by e.g. teenagers and simple fools.

1 Like

Lol lockpicks are available everywhere and easy to enough to learn , plus very easy to make your self , without pentesting we would have no security.

I agree … but pen-testing by a person you have hired and will give you the results is a little different to somebody pen-testing and selling the results to the highest bidder is a different ball-game.

1 Like

Agreed and again I still have no idea why asking about porting games was in anyone’s minds changed to this subject instead , a flipper is not a magic hacking tool that doesn’t exist it’s a tool well a collection of tools that have been available for years lol

I had been resisting the urge to get involved but…

More accurately, they discourage dishonest people from taking advantage.

Honest people don’t need a lock to keep them out of places they shouldn’t be in.

(Note: ‘honest’ in this sense is actually the obsolete sense meaning ‘honourable’, not about telling the truth.)

The tools might have been available for years, but Flipper Zero is making them easily available in a single place to ordinary people (as opposed to security specialists), something that (to my knowledge) hasn’t happened before.

Without it, people would have to hunt down the tools individually, build their own and prepare the software for it, which is something an ‘average joe’ wouldn’t or couldn’t do.

Because the Flipper Zero is a device that would make it easier for people to cause mischief and/or commit crimes.

Porting a game to such a device would thus be supporting a device that is (whether intentionally or not) going to encourage or help people to break the law in ways other devices don’t. For some of us, that’s reason enough not to do it.

Fortunately it seems like at least the Reddit user base is prepared to shoot down unscrupulous suggestions, but who knows how long that will last. I dread to think what 4Chan’s take will be…

Nah not really SDF been available for years everywhere, it has IR but thatsso common it’s silly and as for card/tag reading proxmark been around for long time is better and cheaper , the thing has issues with emulating amiibos , the marketing images is very hyped most things now days well since 2000 have rolling codes and encryption it can’t handle them at all , basically it’s nifty having it in a small package yes but most use cases have been documented very well and have patches against it

But I fully understand you not wanting to , I wasnt demanding you do it was literally a feel the waters to see what people think , you might be dead against it but that don’t mean others wouldn’t like to try.

1 Like

IR isn’t a problem, that’s only really used for indoor remote-controlled devices like televisions and fans, or for tamagotchi-like devices. The worst you can do with that is stand outside someone’s window and change the channels on the TV, or turn on loads of devices to rack up their electricity bill.

It’s the things like iButton, NFC and RFID that have the potential to be abused.

The iButton capability is particularly notable for me because it’s what my local swimming pool used for the lockers before it closed down. I can’t remember if there was any CCTV in the locker rooms, but if there wasn’t then it would be trivial to clone an unattended locker key and steal someone’s belongings while they went for a swim, with little risk of being caught.

I’m not so sure about that. In more affluent high-investment areas that probably is the case, but in the less well off areas (and less developed countries) it’s entirely feasible that less secure technologies are still in use.

But even then, those things aren’t bulletproof. I would imagine a pair of Flipper Zeros could pull off a simple relay attack with relative ease.

No, it doesn’t, and I certainly can’t stop them.

So in an attempt to gauge more opinions, here’s a poll:

Would you port your Arduboy games to the Flipper Zero?
  • Yes, I would port my game to the Flipper Zero
  • No, I would not port my game to the Flipper Zero
  • I am unsure or undecided

0 voters

I can edit it into the first post if you’re happy for me to do so.
It’s certainly more likely to be noticed up there than down here.

1 Like

I mean any SDR could do a relay , as for the ibutton flipper can only emulate the serial ibuttons. These type have a fixed serial number, and no memory, they are used like a fixed ID type of thing. There are also types with a few Kb of memory, and it gives that error when reading the memory types. I have some of both, and it reads and emulates the ID/serial number style fine. Most of the kinds used as keys are the serial type, it seems. It’s a simple “is this ID in the list? if so, grant access”

As for NFC like I say it has hard enough time with devices writing block data to it in emulation mode , it only dumb emulates cant except tag updates for say credentials, even the newer amiibos trip them up at mo, will this get better later then yeah maybe but it really ain’t gonna decrypt even a mifare card and clone it in a working state

Yes, but you’re not asking us if we’re willing to port our games to any ‘software-defined radio’ device, you’re asking us if we’re willing to port to this one. Responses may differ on a case-by-case basis.

I expect the people who object to the Flipper would also object to something like the Pwnagotchi (the device that inspired the Flipper) for similar reasons.

iButtons presumably do have some kind of memory because the Flipper is capable of writing to them:

Flipper can easily read these keys, store IDs to the memory, write IDs to blank keys and emulate the key itself.

There’s probably a chip buried in those battery-like keys somewhere.

Exactly, so a locker room is likely to have each key and locker use a pre-arranged one ID per lock, meaning that you’d only need to read that ID from the key, store it, and then replay it to the lock to get the lock to open.

Flipper can easily read these keys, store IDs to the memory, write IDs to blank keys and emulate the key itself.

  1. Find unattended key
  2. Read & clone unattended key
  3. Wait for owner to leave
  4. Open locker by emulating cloned key
  5. Steal contents

So easy a child could probably do it, and made possible only by access to the relevant hardware and software.

That sounds like an artificial restriction enforced by the firmware, not an actual hardware restriction, in which case changing the firmware would likely make is possible to bypass that restriction.

Wikipedia seems to suggest that 1-Wire IDs are only 64 bits, of which 56 bits is the actual ID and 8 bits is a checksum. The Flipper Zero has 256KB, so even if the protocol involved something like 8KB of ID, the device would have plenty to spare. (And if it’s using too much, people will inevitably find ways to slim down the firmware.)

It almost certainly will. It only takes a few well-read and dedicated people.

You don’t have to clone the whole card to do something malicious, there are other Mifare exploits, like this one from BSides Belfast 2019.

That said, certain countries still use the outdated, more easily hackable systems in some places. E.g. Mifare Classic is known to be exploitable and is used in certain areas of countries like Argentina, Brazil and Australia. One such exploit is an authentication replay attack (outlined in this paper).

Also, it seems like people are already researching efficient ways to brute force garage door openers.

Some of the other things that have been sampled are more likely to be nuisances than to facilitate theft, but even someone going around ringing people’s doorbells from a safe distance would be unnecessary, malicious hassle.

After doing the digging I’m actually more against the Flipper Zero than when I started two comments back. At this point I feel like I’m just going over old ground, so I’m probably going to try to ignore this topic for a bit.

I feel like devices like this are a symptom and not the cause of security problems that a lot of people make them out to be. This is just a tool, the bigger problem is that so many systems rely on security through obscurity (or almost worse, a well intentioned attempt with critical flaws) rather than trying to properly implement a secure system that would stand a better chance against more brute force methods of gaining unauthorized access.