After pen testing a home network it becomes a novelty item.
Turning off TVs and opening Tesla charging ports is fun for a bit.
The best, though, is setting off the department alerts at Walgreens, there’s a lot that exist that the employees have never heard. When you trigger “help needed in the baby department” then watch the employee reactions it’s a fun time.
Hunh. I know next to nothing of the tech itself, but I presume that means it can spoof RFIDs? I wonder how, for instance, “membership” stores’ entry scanners might be affected. Intriguing.
Yep! I read an article recently about a pentester who was challenged to break into a hotel, and they happened to use RFID in their cards. He social engineered and piggybacked into somewhere and then used a flipper zero to get around inside the building when he hit a locked door
Oh yeah! I vaguely recall something similar, I think? At a hackathon, even? IIRC, a small team had figured out how to effectively “bump” RFID locks, and this method led to the greater community discovering a deeper vulnerability in an enormous number of security systems across the globe (single manufacturer/distributor?)… Ah, the many ways ADHD+THC are preternatural super-twins is often why they’re picked last for teams. 🤪
My car is old enough that I can replay with no desync, I use it to keep my car running and locked when it’s cold and I pop in for some food on break at work, or if my remote dies; it has every remote in my house in it, xbox one, my living room tv, my bedroom tv, my workshop CRT with the lost remote, my ceiling fan, and can be used on all other IR or (almost all) subghz devices I encounter; my local bar was real loose with the touchtunes remote one tuesday afternoon when I totally wasn’t in to copy specifically that (I gave the bartender rides home when she had a DUI, they’re cool with me) and I was able to copy it, now I can control the volume outside (among other things but I’m responsible with my powers, I only skip Rick Springfield and Don McClean); a couple of my friends no longer need to worry about giving me keys when I feed their cat because RFID, and I “have” a gym membership now (the gym allows sharing, probably not specifically cloning but they’ll never know); I can send myself Pokemon Silver mystery gifts on the GBC, and I have a GPIO board with a link cable to trade pokemon in too; marauder/evil portal is a little too malicious for me but it’s neat, and flipperHTTP is cool too; some of the GoodUSB stuff is cool; I have a 2gb flashdrive image on it I can use in a pinch; and tbh I’m sure there’s more I left out.
Though yeah “we don’t even have a baby dept in this location” and “since when are our CVS announcements in spanish?!” are priceless lmao.
Think of it like one of those 3-inch swiss army knives, but for IR tech and radio. If you mean to do work. Use the correct tool for the job, but there is no reason you cant acomplish what your trying to do. They are great for learning, if I was teaching a kids about cyber security, a flipper zero would be on the required tool kit.
Yes, you can do harm with them, per the previous analogy its still a knife. However, devices not hardened against simple replication attacks or brute force acomplished by something barely more powerful than a TI-84, those manufactures and customers needs to take the security of their products more seriously.
This certainly doesn’t make me want a flipper any less than I already do. Seems so fun to mess with
After pen testing a home network it becomes a novelty item.
Turning off TVs and opening Tesla charging ports is fun for a bit.
The best, though, is setting off the department alerts at Walgreens, there’s a lot that exist that the employees have never heard. When you trigger “help needed in the baby department” then watch the employee reactions it’s a fun time.
Beyond that, it’s a paperweight most days.
I have a buddy that uses his to spoof people’s apartment swimming pool access cards.
Hunh. I know next to nothing of the tech itself, but I presume that means it can spoof RFIDs? I wonder how, for instance, “membership” stores’ entry scanners might be affected. Intriguing.
Costco has started scanning barcodes and the picture associated with the account appears on a screen employees watch as you walk in now
Same ol’ arms race. 🤷🏽♂️
Yep! I read an article recently about a pentester who was challenged to break into a hotel, and they happened to use RFID in their cards. He social engineered and piggybacked into somewhere and then used a flipper zero to get around inside the building when he hit a locked door
Oh yeah! I vaguely recall something similar, I think? At a hackathon, even? IIRC, a small team had figured out how to effectively “bump” RFID locks, and this method led to the greater community discovering a deeper vulnerability in an enormous number of security systems across the globe (single manufacturer/distributor?)… Ah, the many ways ADHD+THC are preternatural super-twins is often why they’re picked last for teams. 🤪
Ngl, I use mine almost every day.
My car is old enough that I can replay with no desync, I use it to keep my car running and locked when it’s cold and I pop in for some food on break at work, or if my remote dies; it has every remote in my house in it, xbox one, my living room tv, my bedroom tv, my workshop CRT with the lost remote, my ceiling fan, and can be used on all other IR or (almost all) subghz devices I encounter; my local bar was real loose with the touchtunes remote one tuesday afternoon when I totally wasn’t in to copy specifically that (I gave the bartender rides home when she had a DUI, they’re cool with me) and I was able to copy it, now I can control the volume outside (among other things but I’m responsible with my powers, I only skip Rick Springfield and Don McClean); a couple of my friends no longer need to worry about giving me keys when I feed their cat because RFID, and I “have” a gym membership now (the gym allows sharing, probably not specifically cloning but they’ll never know); I can send myself Pokemon Silver mystery gifts on the GBC, and I have a GPIO board with a link cable to trade pokemon in too; marauder/evil portal is a little too malicious for me but it’s neat, and flipperHTTP is cool too; some of the GoodUSB stuff is cool; I have a 2gb flashdrive image on it I can use in a pinch; and tbh I’m sure there’s more I left out.
Though yeah “we don’t even have a baby dept in this location” and “since when are our CVS announcements in spanish?!” are priceless lmao.
It was nothing more than a novelty after about a day and a half, even with the WiFi module.
Think of it like one of those 3-inch swiss army knives, but for IR tech and radio. If you mean to do work. Use the correct tool for the job, but there is no reason you cant acomplish what your trying to do. They are great for learning, if I was teaching a kids about cyber security, a flipper zero would be on the required tool kit.
Yes, you can do harm with them, per the previous analogy its still a knife. However, devices not hardened against simple replication attacks or brute force acomplished by something barely more powerful than a TI-84, those manufactures and customers needs to take the security of their products more seriously.