BadB
Professional
- Messages
- 2,563
- Reaction score
- 2,770
- Points
- 113
Hacking and pentesting, although associated with sitting at a computer, are not limited to them at all: you can only get close to some devices or wireless networks in person. At such moments, you think: I wish there was a kind of hacker multitool that would always be at hand and allow you to work in the field! In the meantime, some dream, others make just such a device and are preparing to produce it in series. This miracle device is called Flipper.
If there are still portable devices for Wi-Fi interception, then working with hardware in the field now looks like this. You take a laptop with you, a suitable debugging Board with firmware for all occasions, several antennas, adapters, expansion cards and an external battery for autonomy. And don't forget about a whole bunch of wires to connect all of the above. Add an organizer for storing small items and makeshift enclosures to protect fragile components when moving around. Familiar?
INFO
Pavel Zhovner a geek, nerd and praying mantis is familiar with this situation even too well. Organizing a CTF contest at ZeroNights 2018 in St. Petersburg, he developed from scratch a kind of vending machine with a cash register that worked on RFID cards. He then solved the problem of unreliable mounting of boards radically: he filled the textolite with components with an even layer of transparent epoxy resin. This was his first experience creating his own gadgets, which inflated the passion for such homemade products.
WWW
Later, another important event occurred in the history of Flipper. Cybersecurity researchers turned their attention to Apple's file sharing Protocol (AirDrop) and became interested in its security. There is an open implementation called OpenDrop, and it became possible to send files to iPhones from any device, and not just from Apple gadgets. It is enough for the Raspberry Pi to start sending pictures to all passersby on their iPhones, provided that they have allowed reception "from everyone".
However, the Raspberry Pi does not have its own display, it is not clear what is happening on the device, the bare textolite of the Board tears the lining of the pockets, and it is very easy to damage it, and the cases printed on a 3D printer look pathetic, and it is inconvenient to use them. Every time you try to assemble something suitable from ready-made modules and components, you get a shapeless" sandwich " of boards that falls apart from any sneeze.
The push in the right direction was given by the pwnagotchi project. This adorable virtual pet needs the handshakes that the wireless network controllers send when creating a new connection. In active mode, collecting packets with hashes for WPA keys is accompanied by user deauthorization and forced disconnection of connections to speed up the process. And don't let the cute appearance of the digital animal deceive you — inside it, neural networks based on short-term memory and deep reinforcement learning methods work. All this helps the device flexibly configure optimal parameters for intercepting and analyzing network traffic.
However, flipper isn't inspired by Tamagotchi alone. Old friends will probably remember the Cybiko personal Communicator project, which allowed its owners in the early noughties to independently create dynamic wireless networks. And various expansion modules opened up new possibilities, such as MP3 playback and SmartMedia card reading. Together with a solid (at that time) library of programs and games, this helped create a community of enthusiastic users around the device.
This is how the main features of the future device were formed: universal pocket hacker tool for exploring wireless networks. The most open project possible, so that everyone can modify the gadget to suit their needs. And a cute Tamagotchi that would give this thing personality.
Appearance
It took the Flipper team a long time to find the right shape and design the hull. First, it was important to create a complete design that would stand out favorably from other hacker devices (some of them are available only in the form of a bare printed circuit Board with components). Secondly, the device must be compact, strong and convenient at the same time, so that it can be used on the go.
Finally, it was in the case that all internal antennas for wireless interfaces were to be placed (more on them later), as well as several connectors. In fact, this was not the easiest task: the set of available peripherals changed several times, and the size and shape of the PCB also underwent more than one iteration. All this had to be taken into account each time and the case itself adapted accordingly.
As you probably already noticed, Flipper has an unusual design. The project mascot (and Tamagotchi character) was cyberdelfin. This is also a reference to the story "Johnny the mnemonic" by William Gibson (an iconic author of the cyberpunk genre, if you don't know), and a hint at the natural curiosity of dolphins and their echo sounder, which allows you to use waves to perceive the world around you. By the way, it is the shape of the fin (flipper is "fin" in English) that is played out in the curves of the body.
By the way, the fashionable appearance of Flipper is due to the guys from the industrial design Studio DesignHeroes, whom Pavel Zhovner met in The neuron hackspace. They already had extensive experience in designing and manufacturing cases for electronic devices made of a wide variety of materials. It was they who helped with the sketches of the future product, 3D models and the first printed prototypes.
The screen
Pavel Zhovner considers the screen to be one of the key components of the future device and is ready to spend hours telling everyone about the advantages and disadvantages of different technologies. It is not surprising that he approached the choice of the screen for Flipper with all thoroughness. For portable devices that rely on battery power, the power consumption of the display backlight is very important, and if it consumes too much, it will greatly reduce battery life.
E Ink screens are the most economical, and the pwnagotchi mentioned above uses just such a screen. Alas, they have a low about a second-refresh rate, and even banal navigation through tabs in the menu can take a long time. If you resort to a partial update, without redrawing the entire content of the frame, then a visible trace of the previous image remains on the screen (the so-called image ghosting).
As a result, the good old graphic LCD display with a resolution of 128 by 64 pixels and a diagonal of 1.4 inches was chosen for Flipper. The monochrome image has good contrast, so that it is visible even in bright sun outside, and low power consumption (about 400 ua without backlight) allows you to always display up-to-date information on the display.
Of course, the best option for a hacker device would be a screen using Sharp memory technology, which allows you to update the image only once every few seconds in standby mode, sending the rest of the device completely to sleep. The image itself does not disappear anywhere. Such displays are used in modern smart watches and fitness bracelets. However, they still have an inhumane cost (about $ 20), which does not fit into the budget of Flipper.
Processor selection
The choice of chip is a defining moment, and many parameters of the future device will depend on it.
Raspberry Pi
Initially, the Flipper project was built on the basis of a cheap ($10) raspberry Pi Zero W single Board. Released in 2017, this microcomputer combines a single-core ARM processor, 512 MB of RAM, GPIO pins, USB, and wireless Wi-Fi and Bluetooth interfaces. A friendly community of Amateurs and professionals has formed around this device. Against the background of these advantages, low performance and problems with overheating of the chip seemed tolerable.
And when enthusiasts discovered a way to run monitor mode with packet injection on the Wi-Fi adapter (patches nexmon), then Kali developers have already joined in and announced official support for Malinka in their Linux builds. As a result, our joint efforts have turned out to be an almost perfect tool for hackers and pentesters. All that was missing was a battery-powered circuit, a sleep-mode function, and some peripherals for working with other wireless options.
According to the authors of Flipper, a separate low-power microcontroller was supposed to be responsible for all this, which was supposed to be combined with the RPi Central processor. This would allow you to keep the microcontroller constantly turned on for attacks in the simplest scenarios, and connect the CPU for really serious things.
However, later the "Malinka" had to be abandoned altogether. It turned out that none of the suppliers of Raspberry Pi Zero is ready to sell lots of thousands of units at once. From the outside, it looks like this: an extremely cheap single-Board card is produced in factories, distributed between large distributors, but only a few pieces fall into the" people " in one hand. It seems that "Malinka "(or at least its budget version) is sold at a price close to cost, and only pays for itself and is not aimed at making a profit. For industrial and mass applications on the Raspberry Pi Foundation website, we recommend using the Compute Module. But it also costs a completely different amount of money - $ 40.
i.MX6
When it turned out that Raspberry was not an option, the Flipper team made a difficult decision to make the device virtually from scratch, based on the existing SoC (System-on-Chip). The choice was limited by the fact that not all manufacturers are willing to work with a small company that buys only a few thousand chips.
As a result of the search, a new basis for Flipper was selected - i. MX6 ULZ. This is a stripped-down version of the single-core Cortex-A7 processor, without a video core and some interfaces. In terms of performance, they are about on par with Malinka, but the i.MX6 significantly wins in energy efficiency.
Unfortunately, Flipper developers have not yet been able to find an equally successful alternative Wi-Fi adapter. A potential candidate must meet serious requirements: support modern wireless network standards, be able to work in the 2.4 GHz and 5 GHz bands, and allow third-party patches to unlock the monitor mode. And still be quite cheap in large batches (less than $ 10). If you have a suitable module in mind, feel free to write to the guys on the forum.
STM32
While the hardware part of the project related to the "big" components the processor and the wireless adapter-stalled, the rest of the circuit with the harness and microcontroller was implemented step by step in code and hardware. Here, the basis was the stm32l412 MK with a clock frequency of 80 MHz, 128 KB of flash memory and 40 KB of RAM. Compared to the well-known F4 series, these microcontrollers have appeared relatively recently, but have already gained popularity for their low power consumption and a good set of modern peripherals.
In Flipper, the microcontroller doesn't just respond to button presses to relay them to the CPU: it interacts with low-speed wireless interfaces and the screen. Moreover, the Tamagotchi Dolphin that has settled in the device also runs on a microcontroller, so that it is always ready to respond to the call of its owner. After seeing all this in action, the Flipper team decided to: why isn't this a full-fledged device?
So Flipper Zero was born.
Flipper Zero
The first device that Pavel Zhovner and his team will introduce to the world will be Flipper Zero, a microcontroller-based version of Flipper. The version with a full-fledged computer and Wi-Fi module will be called Flipper One, and it is still only in the plans.
433MHz
Several chips are responsible for wireless communication in the device at once. One of them-CC1101 manufactured by Texas Instruments allows Flipper to operate at a frequency of 433MHz with several types of modulation: 2FSK, 4FSK, GFSK and MSK. Basically, the most primitive devices work at this frequency: sensors, bells, barriers, and so on.
As a rule, one of the most common information exchange protocols is used: KeeLoq, Came, or DoorHan. The built-in flipper analyzer will tell you exactly what you are dealing with at a particular moment. And even if you couldn't find out the exact Protocol, the device can always at least repeat the previously recorded response.
Finally, like most Tamagotchi, Flipper is able to communicate with its own kind on this frequency. You can play and interact with other gadget owners nearby.
RFID
The next wireless interface is focused on access cards with an NFC antenna, such as, for example, EM-4100. They have a primitive data storage format, so using Flipper you can easily read, copy and emulate existing instances. If desired, the received card ID can be sent to another Flipper.
IR port
In modern gadgets, the infrared port is no longer found, but there are still a lot of equipment in the world that works with this type of signal televisions, air conditioners, audio systems. Flipper's memory contains basic commands for controlling such devices for the most common models. At the same time, it is very easy to teach the device to work with its own equipment: just bring the original remote control and press the necessary buttons sequentially. Flipper will remember new combinations and play them at your command.
GPIO pins
For those who like a lower-level interaction with hardware, the developers of Flipper have placed the GPIO pins from the microcontroller directly on one of the side faces. In addition to power and basic digital signals, they also have a variety of peripherals available: ADC, SPI, UART, I2C, PWM, and more. This way, you can connect other components to the device and expand the capabilities of Flipper. However, it is still unclear whether the concept of expansion cards, like the Arduino or Raspberry Pi, will be developed after all, the device is positioned as a complete device.
USB-C
Initially, the RPi Zero-based Flipper had many connectors on the case: several USB, MicroHDMI, and a memory card slot. In the STM32 version, only one USB port was left for charging and reprogramming (the corresponding bootloader is already flashed on the microcontroller itself). In 2020, Type-C is finally starting to look almost like a standard, so if you already have a power supply for the fourth raspberry, you can charge the Flipper with it, too.
However, something else is much more important: the STMF412 microcontroller can work as a USB Device, so with the appropriate flipper firmware, when connected to a computer, it will look like a HID device, a flash drive, and a COM port (but hardly all at once, of course).
Crowdfunding
Today, Flipper still exists in the form of prototypes. Until mid-spring, new working versions were regularly manufactured in China and sent to developers in Russia. However, the coronavirus has made its own adjustments, and the authors had to revise many deadlines. Now they plan to announce a campaign to raise funds for mass production of the device and in may to enter one of the crowdfunding platforms. The first copies will not reach the owners until winter, and we, of course, will not miss the opportunity to write a review.
If there are still portable devices for Wi-Fi interception, then working with hardware in the field now looks like this. You take a laptop with you, a suitable debugging Board with firmware for all occasions, several antennas, adapters, expansion cards and an external battery for autonomy. And don't forget about a whole bunch of wires to connect all of the above. Add an organizer for storing small items and makeshift enclosures to protect fragile components when moving around. Familiar?
INFO
Pavel Zhovner a geek, nerd and praying mantis is familiar with this situation even too well. Organizing a CTF contest at ZeroNights 2018 in St. Petersburg, he developed from scratch a kind of vending machine with a cash register that worked on RFID cards. He then solved the problem of unreliable mounting of boards radically: he filled the textolite with components with an even layer of transparent epoxy resin. This was his first experience creating his own gadgets, which inflated the passion for such homemade products.
WWW
- The process of creating a reader in pictures
- How to create an NFC mailbox
Later, another important event occurred in the history of Flipper. Cybersecurity researchers turned their attention to Apple's file sharing Protocol (AirDrop) and became interested in its security. There is an open implementation called OpenDrop, and it became possible to send files to iPhones from any device, and not just from Apple gadgets. It is enough for the Raspberry Pi to start sending pictures to all passersby on their iPhones, provided that they have allowed reception "from everyone".
However, the Raspberry Pi does not have its own display, it is not clear what is happening on the device, the bare textolite of the Board tears the lining of the pockets, and it is very easy to damage it, and the cases printed on a 3D printer look pathetic, and it is inconvenient to use them. Every time you try to assemble something suitable from ready-made modules and components, you get a shapeless" sandwich " of boards that falls apart from any sneeze.
The push in the right direction was given by the pwnagotchi project. This adorable virtual pet needs the handshakes that the wireless network controllers send when creating a new connection. In active mode, collecting packets with hashes for WPA keys is accompanied by user deauthorization and forced disconnection of connections to speed up the process. And don't let the cute appearance of the digital animal deceive you — inside it, neural networks based on short-term memory and deep reinforcement learning methods work. All this helps the device flexibly configure optimal parameters for intercepting and analyzing network traffic.
However, flipper isn't inspired by Tamagotchi alone. Old friends will probably remember the Cybiko personal Communicator project, which allowed its owners in the early noughties to independently create dynamic wireless networks. And various expansion modules opened up new possibilities, such as MP3 playback and SmartMedia card reading. Together with a solid (at that time) library of programs and games, this helped create a community of enthusiastic users around the device.
This is how the main features of the future device were formed: universal pocket hacker tool for exploring wireless networks. The most open project possible, so that everyone can modify the gadget to suit their needs. And a cute Tamagotchi that would give this thing personality.
Appearance
It took the Flipper team a long time to find the right shape and design the hull. First, it was important to create a complete design that would stand out favorably from other hacker devices (some of them are available only in the form of a bare printed circuit Board with components). Secondly, the device must be compact, strong and convenient at the same time, so that it can be used on the go.
Finally, it was in the case that all internal antennas for wireless interfaces were to be placed (more on them later), as well as several connectors. In fact, this was not the easiest task: the set of available peripherals changed several times, and the size and shape of the PCB also underwent more than one iteration. All this had to be taken into account each time and the case itself adapted accordingly.
As you probably already noticed, Flipper has an unusual design. The project mascot (and Tamagotchi character) was cyberdelfin. This is also a reference to the story "Johnny the mnemonic" by William Gibson (an iconic author of the cyberpunk genre, if you don't know), and a hint at the natural curiosity of dolphins and their echo sounder, which allows you to use waves to perceive the world around you. By the way, it is the shape of the fin (flipper is "fin" in English) that is played out in the curves of the body.
By the way, the fashionable appearance of Flipper is due to the guys from the industrial design Studio DesignHeroes, whom Pavel Zhovner met in The neuron hackspace. They already had extensive experience in designing and manufacturing cases for electronic devices made of a wide variety of materials. It was they who helped with the sketches of the future product, 3D models and the first printed prototypes.
The screen
Pavel Zhovner considers the screen to be one of the key components of the future device and is ready to spend hours telling everyone about the advantages and disadvantages of different technologies. It is not surprising that he approached the choice of the screen for Flipper with all thoroughness. For portable devices that rely on battery power, the power consumption of the display backlight is very important, and if it consumes too much, it will greatly reduce battery life.
E Ink screens are the most economical, and the pwnagotchi mentioned above uses just such a screen. Alas, they have a low about a second-refresh rate, and even banal navigation through tabs in the menu can take a long time. If you resort to a partial update, without redrawing the entire content of the frame, then a visible trace of the previous image remains on the screen (the so-called image ghosting).
As a result, the good old graphic LCD display with a resolution of 128 by 64 pixels and a diagonal of 1.4 inches was chosen for Flipper. The monochrome image has good contrast, so that it is visible even in bright sun outside, and low power consumption (about 400 ua without backlight) allows you to always display up-to-date information on the display.
Of course, the best option for a hacker device would be a screen using Sharp memory technology, which allows you to update the image only once every few seconds in standby mode, sending the rest of the device completely to sleep. The image itself does not disappear anywhere. Such displays are used in modern smart watches and fitness bracelets. However, they still have an inhumane cost (about $ 20), which does not fit into the budget of Flipper.
Processor selection
The choice of chip is a defining moment, and many parameters of the future device will depend on it.
Raspberry Pi
Initially, the Flipper project was built on the basis of a cheap ($10) raspberry Pi Zero W single Board. Released in 2017, this microcomputer combines a single-core ARM processor, 512 MB of RAM, GPIO pins, USB, and wireless Wi-Fi and Bluetooth interfaces. A friendly community of Amateurs and professionals has formed around this device. Against the background of these advantages, low performance and problems with overheating of the chip seemed tolerable.
And when enthusiasts discovered a way to run monitor mode with packet injection on the Wi-Fi adapter (patches nexmon), then Kali developers have already joined in and announced official support for Malinka in their Linux builds. As a result, our joint efforts have turned out to be an almost perfect tool for hackers and pentesters. All that was missing was a battery-powered circuit, a sleep-mode function, and some peripherals for working with other wireless options.
According to the authors of Flipper, a separate low-power microcontroller was supposed to be responsible for all this, which was supposed to be combined with the RPi Central processor. This would allow you to keep the microcontroller constantly turned on for attacks in the simplest scenarios, and connect the CPU for really serious things.
However, later the "Malinka" had to be abandoned altogether. It turned out that none of the suppliers of Raspberry Pi Zero is ready to sell lots of thousands of units at once. From the outside, it looks like this: an extremely cheap single-Board card is produced in factories, distributed between large distributors, but only a few pieces fall into the" people " in one hand. It seems that "Malinka "(or at least its budget version) is sold at a price close to cost, and only pays for itself and is not aimed at making a profit. For industrial and mass applications on the Raspberry Pi Foundation website, we recommend using the Compute Module. But it also costs a completely different amount of money - $ 40.
i.MX6
When it turned out that Raspberry was not an option, the Flipper team made a difficult decision to make the device virtually from scratch, based on the existing SoC (System-on-Chip). The choice was limited by the fact that not all manufacturers are willing to work with a small company that buys only a few thousand chips.
As a result of the search, a new basis for Flipper was selected - i. MX6 ULZ. This is a stripped-down version of the single-core Cortex-A7 processor, without a video core and some interfaces. In terms of performance, they are about on par with Malinka, but the i.MX6 significantly wins in energy efficiency.
Unfortunately, Flipper developers have not yet been able to find an equally successful alternative Wi-Fi adapter. A potential candidate must meet serious requirements: support modern wireless network standards, be able to work in the 2.4 GHz and 5 GHz bands, and allow third-party patches to unlock the monitor mode. And still be quite cheap in large batches (less than $ 10). If you have a suitable module in mind, feel free to write to the guys on the forum.
STM32
While the hardware part of the project related to the "big" components the processor and the wireless adapter-stalled, the rest of the circuit with the harness and microcontroller was implemented step by step in code and hardware. Here, the basis was the stm32l412 MK with a clock frequency of 80 MHz, 128 KB of flash memory and 40 KB of RAM. Compared to the well-known F4 series, these microcontrollers have appeared relatively recently, but have already gained popularity for their low power consumption and a good set of modern peripherals.
In Flipper, the microcontroller doesn't just respond to button presses to relay them to the CPU: it interacts with low-speed wireless interfaces and the screen. Moreover, the Tamagotchi Dolphin that has settled in the device also runs on a microcontroller, so that it is always ready to respond to the call of its owner. After seeing all this in action, the Flipper team decided to: why isn't this a full-fledged device?
So Flipper Zero was born.
Flipper Zero
The first device that Pavel Zhovner and his team will introduce to the world will be Flipper Zero, a microcontroller-based version of Flipper. The version with a full-fledged computer and Wi-Fi module will be called Flipper One, and it is still only in the plans.
433MHz
Several chips are responsible for wireless communication in the device at once. One of them-CC1101 manufactured by Texas Instruments allows Flipper to operate at a frequency of 433MHz with several types of modulation: 2FSK, 4FSK, GFSK and MSK. Basically, the most primitive devices work at this frequency: sensors, bells, barriers, and so on.
As a rule, one of the most common information exchange protocols is used: KeeLoq, Came, or DoorHan. The built-in flipper analyzer will tell you exactly what you are dealing with at a particular moment. And even if you couldn't find out the exact Protocol, the device can always at least repeat the previously recorded response.
Finally, like most Tamagotchi, Flipper is able to communicate with its own kind on this frequency. You can play and interact with other gadget owners nearby.
RFID
The next wireless interface is focused on access cards with an NFC antenna, such as, for example, EM-4100. They have a primitive data storage format, so using Flipper you can easily read, copy and emulate existing instances. If desired, the received card ID can be sent to another Flipper.
IR port
In modern gadgets, the infrared port is no longer found, but there are still a lot of equipment in the world that works with this type of signal televisions, air conditioners, audio systems. Flipper's memory contains basic commands for controlling such devices for the most common models. At the same time, it is very easy to teach the device to work with its own equipment: just bring the original remote control and press the necessary buttons sequentially. Flipper will remember new combinations and play them at your command.
GPIO pins
For those who like a lower-level interaction with hardware, the developers of Flipper have placed the GPIO pins from the microcontroller directly on one of the side faces. In addition to power and basic digital signals, they also have a variety of peripherals available: ADC, SPI, UART, I2C, PWM, and more. This way, you can connect other components to the device and expand the capabilities of Flipper. However, it is still unclear whether the concept of expansion cards, like the Arduino or Raspberry Pi, will be developed after all, the device is positioned as a complete device.
USB-C
Initially, the RPi Zero-based Flipper had many connectors on the case: several USB, MicroHDMI, and a memory card slot. In the STM32 version, only one USB port was left for charging and reprogramming (the corresponding bootloader is already flashed on the microcontroller itself). In 2020, Type-C is finally starting to look almost like a standard, so if you already have a power supply for the fourth raspberry, you can charge the Flipper with it, too.
However, something else is much more important: the STMF412 microcontroller can work as a USB Device, so with the appropriate flipper firmware, when connected to a computer, it will look like a HID device, a flash drive, and a COM port (but hardly all at once, of course).
Crowdfunding
Today, Flipper still exists in the form of prototypes. Until mid-spring, new working versions were regularly manufactured in China and sent to developers in Russia. However, the coronavirus has made its own adjustments, and the authors had to revise many deadlines. Now they plan to announce a campaign to raise funds for mass production of the device and in may to enter one of the crowdfunding platforms. The first copies will not reach the owners until winter, and we, of course, will not miss the opportunity to write a review.