Skip to content

Latest commit

 

History

History
294 lines (232 loc) · 21.3 KB

FAQ.md

File metadata and controls

294 lines (232 loc) · 21.3 KB
Flipper Zero FAQ
Table of Contents
Meta General Sub-GHz NFC & RFID Infrared BadUSB iButton WiFi board

Preamble 🔝

  • This is a community FAQ. Please consider also reading the Official docs.
  • This FAQ is still being worked on, and contributions are welcome.
  • If your question isn't answered here, SEARCH the Discord and check pinned messages before asking there.

Meta 🔝

What is Awesome Flipper Zero?

It's an Awesome List that I (djsime1) created shortly after receiving Lurat, my lovely dolphin sidekick.

How can I contribute to this repo?

Perferably, open a Pull Request with your changes, or use one of the methods in the next question to contact me.

I found a mistake, broken link, or something else. What should I do?

Open a new discussion on this repo, Message me on Discord (@DJ#9822), Telegram (djsime1), or email me (dj at dj.je).

Why are there so many unmerged pull requests?

If there's multiple small pull requests open at the same time, I'll often merge them together as a single update. Due to the way GitHub works, I'm unable to mark them as merged when I do this. To compensate, I include the contributors as co-authors on the commit, and mention the Pull Request ID's as part of the update message.

General 🔝

What MicroSD Card should I use?

  • It should be a reputable brand (Like SanDisk, Sony, etc.) because often cheaper cards don't fully support the communication protocol Flipper uses.
  • The card should have a capacity between 4 and 64 GB, but an 8 GB card is MORE than enough.
  • After inserting the card, use the Flipper's setting menu to format (clear) and test the card.
  • Before ejecting the card, unmount it via the Settings menu to ensure data isn't corrupted.
  • Note: You might need a paperclip or similar object to push the SD Card in and out of the device.
  • Read the official documentation for more information!

How do I install databases and dumps?

Make sure there's a working MicroSD Card in the device first by following the steps above. Once you download the dump, you can use qFlipper or the Flipper mobile app to transfer them. If you're transfering a large file or many at once, you can also eject the SD Card from Flipper and insert it in your computer for faster transfers.

  • In qFlipper: Plug your device in, go to the file browser tab, navigate into the SD Card, and drop files in their corresponding folders (The folder names are similar to the file extensions).
  • For mobile apps: Make sure you're connected via Bluetooth, save the file to the app's archive, and synchronize it back to the device.
  • For plugging the SD Card into your PC, drop files in their corresponding folders (The folder names are similar to the file extensions).

How do I install applications and plugins?

The links listed in this repo can't be installed as easily as drag-and-drop. Most of them have to be manually merged into the firmware and fully recompiled. (Documentation coming soon) As for ELF/FAP's, they're in a very early stage of development and require a special version of the firmware to be installed. I DO NOT recommend using them until they are officially merged into the main firmware. If you're really insistent, install the firmware from this comment, place the .elf or .fap file in the apps directory on the SD Card (create it if necessary), and use the ELF loader application to run them.

How do I write my own applications/plugins/firmware?

(WIP)

How do I install custom firmwares?

First, ask yourself if you really need to. Sure, it might be fun to break out of Sub-GHz transmission restrictions, but how often are you actually going to do that? Is it really worth breaking the law? After you've ignored the previous sentences, make sure there's a working MicroSD Card in your Flipper and head over to the repository of your perferred firmware. Look for releases and find the .dfu file or updater package (typically a .tar or .zip file, always contains a file named update.fuf).

  • If you only have a .dfu, it can be installed using the "Install from file" option in qFlipper. Select the file and begin the installation.
  • If you have an updater package, extract and transfer the folder (not the original archive file) to the update folder on the SD Card (create if needed). Once transferred, go to the idle screen of the Flipper, press down to access the file browser, then left to view all folders. From there, open the update folder (typically at the bottom of the list) and find the folder you just transferred. Lastly, select the file named update and choose "Run in app" to install the firmware.

If there was no pre-compiled update file/package, you'll have to build the firmware yourself. See the next question for details. For more information, read the official documentation.

How do I compile my own firmware/applications/assets?

(WIP)

Can I make my own Flipper instead of buying one?

Probably not. While the firwmare and schematics are mostly public, actually sourcing the components is extremely difficult. Multiple core pieces, such as the screen, were specficially produced to be used in Flipper manufacturing.

How do I get a black-case Flipper?

This is no longer possible, they were Kickstarter-backer exclusives.

How do I invert the screen/change backlight color/change case cover, etc.

These are all hardware mods, inaccessible to the average user. Look up/ask around on how to do them.

Will there be future hardware revisions?

Not for the Flipper Zero. While there are concepts for a Flipper One, there is not any timeline for release.

What is DUMB mode?

It's a yet to be implimented mode that would hide all of the potentially malicious apps/features of Flipper.

My device is frozen, how do I reboot/fix it?

  • To reboot the device: hold the BACK and LEFT buttons, then release simultaneously. If that didn't work, disconnect the USB cable and hold BACK for 30 seconds. This will preform a normal reboot.
  • To enter DFU/Recovery mode: Hold BACK and LEFT, then release BACK while still holding LEFT after a few seconds. When the screen lights up, you can release LEFT.
  • To exit DFU/Recovery mode: Follow steps for a normal reboot under the first bullet point.

If nothing works or the device is completely bricked, first make sure it's charged by plugging it in for 15-30 minutes. As a final resort, if you can't get it to turn on after charging, unplug the USB cable and hold OK plus BACK for 30 seconds. There will be no indication, but the device is now in recovery mode. Plug it in to a PC and use qFlipper to recover the firmware. Read the official docs for Control, Reboot, and Firmware recovery.

How do I access the CLI/Logs?

To access the Serial CLI, click one of the following based on your platform.
Desktop web browser* *Chromium browsers only, such as: Google Chrome, Microsoft Edge, Opera/Opera GX, Brave, and Vivaldi.
  • Connect your Flipper via USB.
  • Ensure qFlipper and any other serial terminals are closed.
  • Open my.flipp.dev in one of the aforementioned browsers.
  • Click CONNECT and select "USB Serial Device" from the list.
  • Wait until you can see your device details on screen.
  • Select the 💻 CLI item from the left sidebar.
  • Done!
Windows
  • Install PuTTY if it isn't already.
  • Connect your Flipper via USB.
  • Open qFlipper and look for the COM port next to the Flipper's name. (Should say COM followed by a number, like COM1)
  • Take note of the COM port number.
  • CLOSE qFlipper, otherwise the next steps won't work.
  • Open PuTTY and ensure you're on the Session screen.
  • Select "Serial" under connection type.
  • Set serial line to the COM port. (Just COM followed by the number, like COM1)
  • Set speed to 115200
  • Optional: Save the session settings for easy connection later.
  • Finally, click Open to enter the CLI.
  • Done!
  • If you get an "Access Denied" error, make sure qFlipper isn't running!
MacOS/Linux Note: I'm a filthy Windows user without any way to verify this procedure. Let me know if it's wrong!
  • Install GNU Screen if it isn't already.
  • Connect your Flipper via USB.
  • Open qFlipper and look for the device path next to the Flipper's name. (Starts with /dev/tty)
  • Alternatively: Run ls /dev/tty.* in a terminal.
  • Take note of the full device path.
  • CLOSE qFlipper, otherwise the next steps won't work.
  • Open a terminal.
  • Run screen PATH 115200, replacing PATH with the device path from earlier.
  • Done!
Android
  • Install Serial USB Terminal if it isn't already.
  • Open the app and go to the Connections screen in the hamburger menu (3 bars icon)
  • Connect your Flipper via USB.
  • Click the refresh icon if it doesn't automatically show up.
  • Allow Serial USB Terminal to access Flipper if prompted.
  • If it doesn't automatically connect, click the connect icon in the upper right. (2 plugs icon)
  • Done!
  • Note: To exit log mode, you'll have to disconnect and reconnect using the icon.
iPhone Unfortunately, iOS is incapable of accessing a serial terminal over USB; try one of the other methods.
On the Flipper, open the settings, go to System, and set Log Level to Debug. (You can keep Debug set to off unless someone asks you to turn it on) Once you have the CLI open, type log and press enter to start watching logs. Press Ctrl-C or Cmd-C to exit log mode.

Sub-GHz 🔝

How do I hack my neighbors garage or unlock some random persons car?!?

Short answer: You don't. That's illegal, and NOT what Flipper was designed for.

What does "This frequency can only be used for RX in your region" mean?

Due to legal regulations, Flipper is not allowed to transmit on certain frequencies depending on your order location. For more information, referr to the official documentation If you have no regard for laws, you can use custom firmwares such as Unleashed to bypass this restriction at your own risk.

How do I find the frequency of a device/transponder?

If it's a commonly used frequency, bring the device really close to the Flipper and use the Frequency analyzer. If that didn't work, check for the device's FCC ID. It's legally required to be somewhere on the device if it's sold in the US. Then, look up that ID on FCC ID.io.

I can't tune Flipper to capture a specific frequency.

(WIP)

I captured a garage/car/etc. signal, but it doesn't work when I replay it.

Unless the item of interest is extremely old, it probably uses rolling codes. Read more below.

What is a rolling code?

Think of it like this: Imagine your garage door was programmed to open whenever it received the code "1234" from a transponder. This would be a static code, where a replay attack (Read RAW) would be able to open the garage. Since replay attacks are so easy, most devices will shuffle the code after each use. So the first time you open your garage, the transponder sends "1234" and the second time it sends "5678." Rolling codes aren't that simple, but you get the gist.

I replayed a rolling code and now my original keyfob/transponder doesn't work.

You'll have to re-sync your old device manually, since it's now lagging behind on the rolling code.

What is a Debruin/Brute force code?

A brute force code tries every possible code for a specific bit length, however this is inefficient. Example: 0001, 0002, 0003, 0004 ... 9998, 9999. Debruin sequences are more efficient by merging multiple codes together. Example: 365, 136, and 650 can all be found in 13650 by looking at groups of 3 digits individually.

NFC & RFID 🔝

Feature/Compatability table

Card name/type Read Write Save Emulate Notes
Mifare Classic Emulation is hit/miss
Mifare DESFire
Mifare Ultralight Non-password protected
EMV Cards Can read bank cards
NTAG-21X
NFC-B No hardware support for emulation
iClass/PicoPass No STM SDK support for emulation
EM4100/EM4102
H10301
Indala
T5577
Paxton Net2 Hitag2: no support
Legic Prime 13.56mhz, but proprietary

How do I identify which type of card/tag I have?

To determine the protocol (NFC, RFID, or iClass/PicoPass) you'll need to attempt reading in each corresponding app. If nothing works, check the tag/card for any markings or indications. As a last resort, take a picture of the card/fob and the reader and ask in the Flipper Discord server.

How do I identify which type of NFC tag I have?

Run the "Read card" action in the NFC app. If you don't see "NFC-A", your card is unfortunately unsupported. Note that you've only read the card UID and type, not the actual data. For that you need to select the "Run compatible app" option.

Why can't I write an NFC tag?

Currently unsupported, but is being worked on.

Mifare Ultralight/NTAG was detected, but nothing happens when I'm trying to read the data.

This happens when the tag is password protected. There's no quick fix for this, but solutions are in the works.

Why does it take so long to read a Mifare Classic?

Mifare classics are split up into sectors, these sectors are protected by two keys. To read a Mifare Classic, Flipper uses a dictionary attack, which takes a big list currently comprised of about 2000 common keys, and checks them individually against each sector on the card. If you know the keys, they can be manually added to the User Dictionary under the "Extra Actions" menu.

What does it mean when no sectors could be read on a Mifare Classic?

The data on Mifare Classic cards is split up into sectors, and each section is protected by two keys. The read has failed, meaning the card didn't use any common keys. If you have access to the card reader, mfkey32v2 can be used to pull keys from it.

What does it mean when some but not all sectors could be read on a Mifare Classic?

The data on Mifare Classic cards is split up into sectors, and each sector is protected by two keys. The read wasn't successful, but it didn't fail either. Some of the card's data was read and saved, but not all. Even if not all sectors were read, there's a slim chance a partial save will work with emulation.

Why isn't Mifare Classic emulation working?

There are a number of reasons, some of which can be fixed while others can't. The first thing you should check is that all sectors were read from the card. If not, look at the questions above. On the hardware side: Mifare Classic emulation is handled by the CPU, except the clock cycle can't conform to the exact (and strict) timings that these tags communicate with. On the software side: Some rarely used card commands (counters, restore, and transfer) haven't been implimented, thus they will always fail during emulation.

Why can't I save/emulate Mifare DESFire?

DESFire is a very complicated and much more secure chipset. There are no known attacks against it yet.

What are the .shd files in the NFC directory?

These are shadow files, and they're created whenever an emulated tag is written to. They store a copy of the original file with whatever was written. This way, the original file remains untouched.

How do I edit the data in a saved tag?

You'll need to use a NFC-enabled smartphone with an app that can write tags. One of the easiest to use apps is called NFC Tools, available for both Android and iOS. Due to Mifare Classic emulation quirks, you can only edit the data of saved NTAG and Mifare Ultralight tags. Create an empty NTAG216 with the "Add Manually" action in the NFC app if you don't have one already. Save that tag, then open it from the list. Once you start emulating the tag, you can use the NFC Tools smartphone app to write information on to the emulated tag. This is saved to a .shd file with the same name as the emulated tag. If you need a quick way to generate a tag containing a URL, you can use Flipper Maker's NFC Creator tool online.

Why doesn't my bank card work when I emulate it?

EMV Credit/Debit cards are mostly encrypted. The information Flipper reads is the unencrypted portion of the card. This alone is not enough to emulate and complete a transaction. It is impossible to read the encrypted parts.

Infrared 🔝

How do I add more devices to the "Universal Remotes" menu?

While it isn't possible to add new items under the universal menu, there exist plenty of repositories containing many dumps of IR remotes. The most popular is Flipper-IRDB. (Note: When downloading, it's highly recommended to unmount the SD Card from your Flipper and directly plug it in to your computer.) If you only need a remote for one device, you can use Flipper Maker's IR Device tool to create and transfer it on the go.

The universal TV remote doesn't work besides the power button.

The stock universal tv remote database mostly contains power codes, and very few of everything else. This file (Located at infrared/assets/tv.ir on the SD Card) be manually replaced with one containing extra codes for all buttons. To do so, download this file and use qFlipper to transfer it into the path from the previous sentence.

What are CSV/Pronto/IR Plus codes?

All three are different formats of infrared databases. They are not natively compatible with Flipper, but repositories exist that hold converted and compatible versions, such as Flipper-IRDB.

BadUSB 🔝

(WIP)