Flipper Fanclub: Part 1 – Flipper Zero Pentesting

WELCOME TO THE

FANCLUB!

Part 1 of the Flipper Fanclub Series will be going over the Flipper Zero tool. We will discuss what it is, how to use it (from a pentesting standpoint), some of its awesome features, and a basic guide to setting one up!

What Is A Flipper Zero?

The Flipper Zero is a multi-tool that is taking the tech community by storm. This tiny device packs a punch with its array of features that are perfect for pentesters, IT professionals, and anyone who loves to tinker with technology.

Flipper Zero

First and foremost, the Flipper Zero is equipped with all the standard tools that you would expect from a multi-tool; such as a screwdriver, pliers, and knife… wait a second, we’re talking about hacking.

White Oak Security does not own this photo - iStock image of a nerdy man with a backwards stop sign! — *Image from https://www.istockphoto.com/photos/funny-stop*

But for real, it does have an orange backlight LCD screen with a resolution of 128×64 pixels. This monochrome screen provides a clear and easy-to-read display, making it effortless to view the device’s status and any information that it is displaying and to check up on your little flipper buddy.

Flipper Zero is designed for interacting with various types of access control systems, radio protocols, RFID, near-field communication (NFC), and infrared signals. To operate the device, it is not required to have a computer or a smartphone – it can be controlled via a 5-position D-pad and a separate back button. For connection with external modules, the device has general-purpose input/output (GPIO) pinholes on the top side. User data and firmware updates are stored on a Micro SD card. Some actions, such as firmware or user data updates, require a connection to a computer or a smartphone with developer’s software installed.

One of the most exciting features of the Flipper Zero is the ability to add a WiFi Development Board, which transforms the device into a powerful WiFi pentesting tool. The WiFi Development Board allows users to perform tasks such as network reconnaissance, packet injection, and even man-in-the-middle attacks.

Johnny Mnemonic' Predicted Cybernetic Dolphins, - image from https://uproxx.com/movies/johnny-mnemonic-2021-predictions-keanu-reeves/ — *https://uproxx.com/movies/johnny-mnemonic-2021-predictions-keanu-reeves*/

The Flipper Zero is also small enough to fit in your pocket, making it the ultimate tool for those who are always on the go. With the Flipper Zero, you’ll never be caught without your trusty tools again!

Another great aspect of the Flipper Zero is its open-source nature. The device firmware and payloads are open-source and community-driven, which allows users to efficiently customize the device to suit their needs and permits collaboration between users.

Flipper Zero Multi Tool

If you’re interested in learning more about the Flipper Zero or purchasing one for yourself, you can visit the official Flipper website – where you can purchase the device, the accessories (such as the WiFi Development Board), and find more detailed information about the device’s features.

Flipper Zero Pentest Guide

Here are some steps to get started with the Flipper Zero, from a pentesting perspective specifically.

BUY FLIPPER ZERO

The first step is to get the Flipper! Watch out for all the different sites and other people trying to sell this thing for a ridiculous price. Go to the actual Flipper Zero website.

DOWNLOAD FLIPPER APP

There’s a lot that your Flipper can do, but download the qFlipper application to get started. For quick access, here is the Flipper Zero Firmware Update via qFlipper link.

SELECT FIRMWARE

Download your selected firmware… No links will be provided due to… well you know… (and if you don’t know, you will soon)

White Oak Security shares the image from Fight Club - provided by https://www.bbfc.co.uk/education/case-studies/fight-club — *https://www.bbfc.co.uk/education/case-studies/fight-club*

ACCESSORIZE YOUR FLIPPER

As mentioned above, the accessory we are discussing in this post is the Wifi Development Board from Flipper Zero – however, you CAN make your own applications, modules, etc. (I plan on showing more of this in a video series coming soon! 🙂

JOIN THE FLIPPER FAN CLUB

Join the flippin’ community on all the cool, trendy pentesting platforms and enjoy the endless possibilities of this little dolphin sidekick!

CONGRATS – YOU’RE HAVING MULTIPLES

Huge Tip* Don’t feed after midnight or you may have a problem like me… =

First photo shows my army of multiple flippers, much like the second photo (a warning never to feed Gremlins after midnight – because they mulitply)

Once you get one, you’ll love it so much you may end up with ~~a problem~~ multiple Flippers.

Flipper Zero Fanclub

In conclusion, JOIN THE FLIPPER FANCLUB!!!

This thing is amazing and fun for learning more on the side of close-access testing or exposing yourself to radio frequencies and other cool things the average person doesn’t think about.

Look forward to my upcoming video series on modifying firmware and creating your own modules and applications.

IMPORTANT NOTE: Remember kids, modification of official Flipper Zero firmware or software is for experimental purposes only and is not meant for any illegal activity/purposes. We do not condone illegal activity and strongly encourage keeping transmissions to legal/valid uses allowed by law.

MORE FROM WHITE OAK SECURITY

White Oak Security is a highly skilled and knowledgeable cyber security and penetration testing company that works hard to get into the minds of opponents to help protect those we serve from malicious threats through expertise, integrity, and passion.

Additional References:

https://github.com/djsime1/awesome-flipperzero

https://github.com/justcallmekoko/ESP32Marauder

https://github.com/DrB0rk?tab=repositories

https://www.youtube.com/@SurvivalHacking