It's sort of a self imposed problem as well because the community produces a bunch of pull requests, but only the corporate staff members can approve and merge them into the official firmware. It begs the question why have an official firmware if it's not at least slightly maintained.
Why does their header image feature multiple furries, one at each station? One making a feature request, another presumably approving a pull request, and a third ostensibly submitting an app?
Is the Flipper Zero community tightly intertwined with the furry community? Is this a connection I've missed?
The "missing link" correlating furries (and trans women) with hardcore programming and is autism (and related conditions).
Autistic people tend to be very good at this kind of work, and are also more likely to find the social dynamics of these particular groups welcoming rather than off-putting[1]. You find the same overlap to a lesser degree with competitive Pokemon, LOTR, retro gaming tech, political extremism or other autism-adjacent interests.
[1]Many Autistics trend to feel much more comfortable being in groups where people don't adhere properly to social norms, because it means they're not going to be singled out and ostracized.
My hypothesis, based purely on personal experience and what friends have told me. I am not a furry.
I feel like infosec was one of the earliest "no one cares who you are if you have skills" user groups. Online, you were just a handle. Man, woman, both, neither, no one knew until if/when you met up IRL. Until then, all you had was your reputation. I think that led to people having a pretty good idea about the attitudes of people they were talking to online, staying away from people who were going to be jerks about identity or pastimes, and a lot of conversations like "General Mayhem is weird, but he's our weird, so no one mentions that fox tail he wears everywhere."
Over time, that was a positive feedback loop: people who weren't cookiecutter felt safer around infosec folks than most other crowds. => That increased the "weird density" of infosec meetups. => People who don't like being around uncommon appearance or behavior stayed away from infosec meetups. => Those meets became safer for uncommon folks. => Repeat.
I don't know if that's right, but again, that's what friends have expressed to me before. It seems plausible.
Note: When I say weird, I mean it affectionately. I've never met anyone in infosec who didn't have some quirk not far below the surface. Frankly, I love that. And because of that, and the virtuous circle I described, I've never had one single person in infosec confess to me that they weren't OK with gay or trans or furries or other type of behavior/identity/etc. I'm a straight white middle class dude, and unfortunately I have had people confess such things to me in other circles, mistakenly assuming that since I was in their demographic, I'd agree with them or at least be OK with it.
I think it's partly also about what you see first.
It's far easier to be transphobic / racist / furry-phobic if the first thing you notice about a person is their gender / race / furriness.
If you are that kind of person, you immediately get into the mindset of "what they're saying isn't worth listening to because they're a <slur>, and <slur>s can't be smart by definition." If you first meet them online, you picture them as smart in your head, before you learn that they're black / trans / furry. When you do learn about that, you already think that they're smart, so it's much harder for your brain to dismiss them just because they're something you don't like.
The visibility is a huge part of it. It signals "it's okay to be yourself here" when most professional life, even in tech, is dominated by keeping up "professional" appearances.
That makes sense. And I do strongly believe in the "virtuous circle" bit: people who aren't OK with others being themselves tend not to feel comfortable at, or get invited back to, events. That would make it more comfortable for the next event's attendees, making it less pleasant for the remaining pains in the necks, and so on. I've participated in conversations like:
Q: Why do rightwing websites keep getting hacked?
A: Because none of the best infosec people want to work where their friends wouldn't be welcome.
That's exactly right. Between us, I don't understand furries at all. It doesn't remotely interest me and I can't really even imagine being interested in it. And that's OK! Someone else being into it doesn't harm me in any way. If it brings someone else joy, I don't have to understand it. I'm just glad my friends have a fun thing they enjoy with their other friends.
That matches my experience (also not a furry). But there's also a whole additional layer of offsec being (by definition) "doing things you're not supposed to be allowed to do", which has obvious parallels with people who enjoy breaking social norms. I think some people just get a rush from the "transgressive" nature of both circles.
That's possible, too. There's not a lot of respect for arbitrary rules that don't seem to clearly benefit any legitimate purpose, and people don't tend to limit that thinking to one arena.
The drawing including a couple of anthropomorphised animal characters hardly seems surprising or even noteworthy.
The project/product has always had a heavy emphasis on being "fun", including its dolphin mascot/theming/naming.
From the home page[0]:
> Flipper Zero is a tiny piece of hardware with a curious personality of a cyber-dolphin.
One assumes that that "curious personality", the creator's attitude and the styling/presentation of the product/project is part of the reason for the success of the product.
The "furries" (as you call them) don't seem like the primary focus focus of the picture anyway -- there's a wide variety of characters doing a bunch of stuff in the drawing. There's also a dog, a shady-looking person stick up a poster, someone with pink hair, a cyber-dolphin, and I think there might even be more than two genders being represented.
Would there be a problem if the Flipper Zero community was "intertwined with the furry community"?
It's a reference to the dolphin in Johnny Mnemonic, and more broadly, dolphins were a forced trend of the 90s. Marketing was just as much of a hive mind back then as it is now.
Hi. Last I checked, one of the Hacker News rules isn’t “only have serious discussions regarding technical assessments. Failure to comply hereby entitles random people to fly off the handle and get very defensive”.
- Please don't complain about tangential annoyances—e.g. article or website formats, name collisions, or back-button breakage. They're too common to be interesting.
- Please don't pick the most provocative thing in an article or post to complain about in the thread. Find something interesting to respond to instead.
- Please don't post shallow dismissals, especially of other people's work. A good critical comment teaches us something.
- Please don't use Hacker News for political or ideological battle. It tramples curiosity.
- Eschew flamebait. Avoid generic tangents. Omit internet tropes.
Which, let's be honest, the top comment and majority of the responses violate these guidelines. I was quite surprised to see that that was the top comment. I would have never noticed until they pointed it out. Personally, I don't care and I'd rather read comments about the actual content of the article than talk about furries. They don't live rent free in my head.
It's slightly funny that the post says firmly that they aren't doing any form of real time engagement with the community anymore, then ends by announcing an AMA date and time.
It is. As the article says, all development goals for FZ had been achieved and even overachieved - providing solid and feature-rich firmware, powerful SDK and developer tools. With that and development shift towards new products, updates to core firmare became infrequent - and we tried to address that.
Src: I'm one of the developers behind Flipper Zero.
Especially since, as that article describes, the "firmware" has a much more limited scope that it used to, now being mostly a loader for app rather that providing user functions.
Worrying about firmware development resources for a Flipper Zero seems a bit like concentrating on your bios instead of ongoing updates to Linux and the applications you use. Yeah, it's important, but it's probably exceedingly rare for the firmware here to need to change much.
> We need to normalize declaring software as finished. Not everything needs continuous updates to function. In fact, a minority of software needs this. Most software works as it is written. The code does not run out of date. I want more projects that are actually just finished, without the need to be continuously mutated and complexified ad infinitum.
To be fair, some software does rot. But when you have control of the hardware and the software, rot is pretty uncommon.
Honestly, I thought the whole point was to make a popular unified platform where the community could come together and expand on it. I really can't imagine a centralized player can predict nor create all features that users might want. But it seems like Flipper did the right thing: make the software flexible and easy to expand upon.
Why would you need any support for things that are fully open source and flashable yourself?
Most everyone who has a flipper runs something like Unleashed firmware, and most of the functionality is in the apps that people built, not in the actual firmware.
Yeah whatever. I abandoned the "official crap" when they purged legit pentesting tools and silenced loads others. Momentum and extreme were so much better, and didn't play stupid games. They included everything.
And if you mention ANY of the alternate firmwares on their discord, and you get banned. Just fuck'em.
They may have created good hardware, but their software and discord community just sucked.
Given they’ve had several skirmishes with customs and law enforcement agencies around the world, this always struck me as similar to the “don’t talk about installing retail Switch games on the Switch modding Discord” type of deal - everyone knows you can do that, but allowing mentions in official channels opens us to liability and causes nothing but headaches for both us and for customers, so if you’re going to do that, you need to talk about it somewhere else. I freely admit that’s an assumption on my part, though, and I don’t know if there’s something uglier there…?
Its one thing to have a skid come in going "I wanna hack the RFID on the gubbmints's doors how can i do that?"
Versus "we forked the firmware to include a wide range of pentesting tools"
And then get banned for even saying the alternate firmware.
And seriously, this little thing is a wonderful hacker multitool. You can seriously fuck shit up with the hardware they included. For fucks sake, thats WHY they created it.
That's how you have to be on Discord, or else your guild gets banned from Discord. I wish we weren't using this crap. On IRC, sometimes you had to deal with cranky netops, but they mostly left you alone.
Absolutely nothing you said refutes anything in the comment you’re replying to. You are just reiterating “I’m angry and this is stupid”. Go write in your journal or something. It’s impossible to engage with someone who isn’t engaging themselves.
IRC is still alive and there is bunch of communities around that are a bit more lax, probably because they're half-dead compared to what they used to be. Today probabably Libera.chat would be the best introduction if you haven't touched IRC before.
Agreed 100% - they bricked the thing with official firmwares, and the "community" is the meanest most awful group of so-called hackers I've ever interacted with. It's more than just COA, they're actively aggressive and insular, not just on discord but reddit and less-known places too (which you can't know because you'll be banned for asking where you could find out).
I can understand why that happened at least remotely. If you do all those things they refused 'officially', it might be easier for stupid government idiots to paint it as a dangerous illegal tool.
Adding the necessary hardware while refusing to support arbitrarily iLLegAl things is the best of both worlds.
This. Many legit, but questionable features blown out of proportion already caused many issues with regulators who just don't want to get into details, but just delist from sales/ban the device.
And once you start talking about "jamming" and other 1337 h4x0r stuff - which is straight up illegal and can get you into trouble - on official platforms, don't get offended when that gets removed.
Sure. I get why you don't want the skids jamming. But hell, it is still in your github commit history. Your all historical work was that of a attacking hacker toolkit. Jamming proves that.
Now, that absolutely does NOT excuse Adkins on the discord from people asking how to get the PSK for garage door openers, and emulating the buttons. And especially since it was being asked by owners of said doors.
But you banned people with legitimate and legal uses too.
Good riddance to you all. I've stayed with 3rd party and steered others towards better actors than yourselves.
Is... that possible? I thought the whole point is that those were a challenge-response specifically to avoid ever them disclosing over the air the material necessary to impersonate one.
You're thinking of NFC, not RFID, and with NFC the owner might not have changed the default keys.
It's a common mix-up (people barely differentiate between the terms anymore, though I'm surprised nobody in 2 hours mentioned it yet), basically RFID is (historically) an ID; a username. Like an ID field in a database. NFC is near-field communication: bidirectional. It does challenge-response and typically runs on hardened chips. But yeah people will call NFC chips RFID and RFID chips NFC all the time. Both are waterproof devices doing radio transmissions on wireless power and you can't tell them apart without using some equipment to try and read the chip type (even if most phones can do that nowadays), so I can understand the terminology generalisation
Keyfobs absolutely should use a secure challenge-response protocol in order to prevent cloning. Unfortunately, it's extremely common for RFID devices to simply use the tag ID which is trivially cloneable. Many of the systems that make some attempt at security still fail by using a broken protocol or a flawed implementation.
Some cards don't have any form of security. For example Konami "e-amusement" cards are just an ID number, which is also written on the back of the card. It is a username so to speak, the password is the PIN you enter when you start the game.
Some cards use some kind of challenge-response but are weak and are easily crackable.
Some cards have an anti-copy protection based on rolling codes, be careful with these. The idea is that when you use it to, say, open a door, the card sends a code to the reader and if correct, that code is burned and the reader replies with the next code, which is stored in the card for the next time, making every other copy (possibly including the original) unusable. If the card emulator doesn't store the rolling code, you are completely locked out.
Some cards have a proper challenge-response mechanism that works and can't be easily copied.
Many RFID cards are literally just an ID number, and will happily allow you to copy that number to your own RFID card (look up "blue cloner guns", although they have their own downsides). Basically just security through obscurity. Cards that do fancy crypto stuff exist, but odds are your workplace badge, apartment fob, or hotel room key is the simple kind (because those are cheaper)
Oh yeah that’s how you’re supposed to do it. But it’s entirely possible to set up a system that uses RFID key fobs that uh, doesn’t.
In the case where it was most useful to make copies they did eventually replace the system with one where the keys weren’t copy able. Which was better!
In my old apartment I was able to copy my fob from my apartment office. In my new one I had to record the interaction with the door and was then able to open the door
I don’t know a whole lot about RFID, but some of the most basic cards can be copied very easily. When scanned, the reader always reads the same bits.
I believe there are some more secure cards, like Mifare DESFire EV3 that do provide some security. You’d be shocked how insecure most RFID readers for security cards are.
Is this something you do often? I could see a few use cases and also for copying garage keys. But I don't think I would use it enough to justify the investment
> I don't think I would use it enough to justify the investment
This is not a rational purchase - most of the rule breaking done with the zero is for fun or convenience, rather than being truly illegal.
It used to be more fun before the hotels started handing out NFC unlocks with your phone.
Still, being able to send each other a key for a hotel room on Signal is a nice trick if you are traveling with a sufficiently tech savvy group of people.
What a great tool and community they have built. I find my flipper0 is like a computer Swiss Army knife. It’s so fun to carry around a tool of my own trade.
Logical NAND of a laptop featureset. Has things like IR, a subghz HDR, NFC+RFID, USB device support, iButton, and the like.
Some people get a lot of use out of it, but if you just saw that list of hardware and couldn't think of one area you'd apply it in, it's probably not going to be a useful device for you.
Anything you might want to do with a radio or IR device but don’t have specialized hardware for. It’s kind of a swiss knife/leatherman tool for short range communications standards.
I think of it as the browser dev tools of radio. Most people will have no use for it but it brings visibility and interactability in to an otherwise invisible world.
Tough spot with community that expects firmware updates while hardware sells only once
It's sort of a self imposed problem as well because the community produces a bunch of pull requests, but only the corporate staff members can approve and merge them into the official firmware. It begs the question why have an official firmware if it's not at least slightly maintained.
Which is just another way of saying "this is why most developers prefer subscriptions over one-time sales"
Why does their header image feature multiple furries, one at each station? One making a feature request, another presumably approving a pull request, and a third ostensibly submitting an app?
Is the Flipper Zero community tightly intertwined with the furry community? Is this a connection I've missed?
It’s definitely a meme if nothing else that the cybersecurity community has a distribution of furries that would not reflect the general population’s.
There is even a saying that furries run the internet.
Along with trans people.
It isn’t really a meme if it’s true is it?
Note: am not furry, but have worked with several.
Is there some study to explain why? Do they feel more safer pretending to be human sized...furry animal?
Yes, is a safety thing, but not directly.
The "missing link" correlating furries (and trans women) with hardcore programming and is autism (and related conditions).
Autistic people tend to be very good at this kind of work, and are also more likely to find the social dynamics of these particular groups welcoming rather than off-putting[1]. You find the same overlap to a lesser degree with competitive Pokemon, LOTR, retro gaming tech, political extremism or other autism-adjacent interests.
[1]Many Autistics trend to feel much more comfortable being in groups where people don't adhere properly to social norms, because it means they're not going to be singled out and ostracized.
My hypothesis, based purely on personal experience and what friends have told me. I am not a furry.
I feel like infosec was one of the earliest "no one cares who you are if you have skills" user groups. Online, you were just a handle. Man, woman, both, neither, no one knew until if/when you met up IRL. Until then, all you had was your reputation. I think that led to people having a pretty good idea about the attitudes of people they were talking to online, staying away from people who were going to be jerks about identity or pastimes, and a lot of conversations like "General Mayhem is weird, but he's our weird, so no one mentions that fox tail he wears everywhere."
Over time, that was a positive feedback loop: people who weren't cookiecutter felt safer around infosec folks than most other crowds. => That increased the "weird density" of infosec meetups. => People who don't like being around uncommon appearance or behavior stayed away from infosec meetups. => Those meets became safer for uncommon folks. => Repeat.
I don't know if that's right, but again, that's what friends have expressed to me before. It seems plausible.
Note: When I say weird, I mean it affectionately. I've never met anyone in infosec who didn't have some quirk not far below the surface. Frankly, I love that. And because of that, and the virtuous circle I described, I've never had one single person in infosec confess to me that they weren't OK with gay or trans or furries or other type of behavior/identity/etc. I'm a straight white middle class dude, and unfortunately I have had people confess such things to me in other circles, mistakenly assuming that since I was in their demographic, I'd agree with them or at least be OK with it.
I think it's partly also about what you see first.
It's far easier to be transphobic / racist / furry-phobic if the first thing you notice about a person is their gender / race / furriness.
If you are that kind of person, you immediately get into the mindset of "what they're saying isn't worth listening to because they're a <slur>, and <slur>s can't be smart by definition." If you first meet them online, you picture them as smart in your head, before you learn that they're black / trans / furry. When you do learn about that, you already think that they're smart, so it's much harder for your brain to dismiss them just because they're something you don't like.
The visibility is a huge part of it. It signals "it's okay to be yourself here" when most professional life, even in tech, is dominated by keeping up "professional" appearances.
That makes sense. And I do strongly believe in the "virtuous circle" bit: people who aren't OK with others being themselves tend not to feel comfortable at, or get invited back to, events. That would make it more comfortable for the next event's attendees, making it less pleasant for the remaining pains in the necks, and so on. I've participated in conversations like:
Q: Why do rightwing websites keep getting hacked?
A: Because none of the best infosec people want to work where their friends wouldn't be welcome.
Kind of transgressive to go from „someone not being ok with something“ to „so that’s totally fine to hack them“.
It would be, but I've never heard anyone making that claim, certainly not in this thread.
> Man, woman, both, neither, no one knew until if/when you met up IRL.
And sometimes not even then! Which is fine because indeed, who cares :)
My philosophy in most things. Even if I don’t understand it, who cares? It’s America and that means freedom
That's exactly right. Between us, I don't understand furries at all. It doesn't remotely interest me and I can't really even imagine being interested in it. And that's OK! Someone else being into it doesn't harm me in any way. If it brings someone else joy, I don't have to understand it. I'm just glad my friends have a fun thing they enjoy with their other friends.
True that. Darned if I have any desire to verify! It doesn't matter one whit to me.
That matches my experience (also not a furry). But there's also a whole additional layer of offsec being (by definition) "doing things you're not supposed to be allowed to do", which has obvious parallels with people who enjoy breaking social norms. I think some people just get a rush from the "transgressive" nature of both circles.
That's possible, too. There's not a lot of respect for arbitrary rules that don't seem to clearly benefit any legitimate purpose, and people don't tend to limit that thinking to one arena.
I don't have a study, but I became a furry after seeing them in tech spaces all the time while I was learning to program.
Closest they can get to piloting a mech.
Why would we need a study? It’s just escapism.
The drawing including a couple of anthropomorphised animal characters hardly seems surprising or even noteworthy. The project/product has always had a heavy emphasis on being "fun", including its dolphin mascot/theming/naming.
From the home page[0]:
> Flipper Zero is a tiny piece of hardware with a curious personality of a cyber-dolphin.
One assumes that that "curious personality", the creator's attitude and the styling/presentation of the product/project is part of the reason for the success of the product.
The "furries" (as you call them) don't seem like the primary focus focus of the picture anyway -- there's a wide variety of characters doing a bunch of stuff in the drawing. There's also a dog, a shady-looking person stick up a poster, someone with pink hair, a cyber-dolphin, and I think there might even be more than two genders being represented.
Would there be a problem if the Flipper Zero community was "intertwined with the furry community"?
[0] https://flipper.net/
I would have never associated that image with furries. It looks like an anthropomorphized animal, which is not uncommon in marketing imagery.
Im not sure, but if they are then thats a positive signal for the quality of their tech.
New unicorn founder 10x success signal just dropped
Why not? The flipper mascot is already an anthropomorphic dolphin.
It's a reference to the dolphin in Johnny Mnemonic, and more broadly, dolphins were a forced trend of the 90s. Marketing was just as much of a hive mind back then as it is now.
Flipper Zero's marketing helps it to be able to pass as a toy to people who don't know about furries or security.
I mean it is a toy for 90% of the owners.
BSD has always been the gayest OS, though
Cause they like animals or the art style?
OK, so they’re furries.
I love animals. I’ve never once thought: “these humans in this picture should be replaced with anthropomorphised animals”.
This is peak “I read it for the articles”.
so how do you explain the dolphin? And all the other cutesy art the product uses?
Yep! Furries are represented strongly in cybersecurity.
> Is the Flipper Zero community tightly intertwined with the furry community?
That is my conclusion. They are raising much-needed awareness about that underrepresented group.
what does it matter to you? honest question. would that impact your technical assessment somehow? do you just want in on some probable joke?
Hi. Last I checked, one of the Hacker News rules isn’t “only have serious discussions regarding technical assessments. Failure to comply hereby entitles random people to fly off the handle and get very defensive”.
yeah... its a thing.
Its kinda annoying when you open a dev/cyb sec blog in the office and furry characters are scattered all over it.
I'm starting the think we should never have left the text only internet.
It's slightly funny that the post says firmly that they aren't doing any form of real time engagement with the community anymore, then ends by announcing an AMA date and time.
> TL;DR: We've allocated resources to maintain Flipper Zero firmware and support community contributions.
Is that the tldr? It sure sounds like it's still on minimal life support.
It is. As the article says, all development goals for FZ had been achieved and even overachieved - providing solid and feature-rich firmware, powerful SDK and developer tools. With that and development shift towards new products, updates to core firmare became infrequent - and we tried to address that.
Src: I'm one of the developers behind Flipper Zero.
Why can't something be "done"?
Especially since, as that article describes, the "firmware" has a much more limited scope that it used to, now being mostly a loader for app rather that providing user functions.
Worrying about firmware development resources for a Flipper Zero seems a bit like concentrating on your bios instead of ongoing updates to Linux and the applications you use. Yeah, it's important, but it's probably exceedingly rare for the firmware here to need to change much.
why it should?
Was just reading something along those lines:
https://infosec.exchange/@millie/115719943870742405
> We need to normalize declaring software as finished. Not everything needs continuous updates to function. In fact, a minority of software needs this. Most software works as it is written. The code does not run out of date. I want more projects that are actually just finished, without the need to be continuously mutated and complexified ad infinitum.
To be fair, some software does rot. But when you have control of the hardware and the software, rot is pretty uncommon.
Honestly, I thought the whole point was to make a popular unified platform where the community could come together and expand on it. I really can't imagine a centralized player can predict nor create all features that users might want. But it seems like Flipper did the right thing: make the software flexible and easy to expand upon.
Why would you need any support for things that are fully open source and flashable yourself?
Most everyone who has a flipper runs something like Unleashed firmware, and most of the functionality is in the apps that people built, not in the actual firmware.
Yeah whatever. I abandoned the "official crap" when they purged legit pentesting tools and silenced loads others. Momentum and extreme were so much better, and didn't play stupid games. They included everything.
And if you mention ANY of the alternate firmwares on their discord, and you get banned. Just fuck'em.
They may have created good hardware, but their software and discord community just sucked.
Given they’ve had several skirmishes with customs and law enforcement agencies around the world, this always struck me as similar to the “don’t talk about installing retail Switch games on the Switch modding Discord” type of deal - everyone knows you can do that, but allowing mentions in official channels opens us to liability and causes nothing but headaches for both us and for customers, so if you’re going to do that, you need to talk about it somewhere else. I freely admit that’s an assumption on my part, though, and I don’t know if there’s something uglier there…?
Its one thing to have a skid come in going "I wanna hack the RFID on the gubbmints's doors how can i do that?"
Versus "we forked the firmware to include a wide range of pentesting tools"
And then get banned for even saying the alternate firmware.
And seriously, this little thing is a wonderful hacker multitool. You can seriously fuck shit up with the hardware they included. For fucks sake, thats WHY they created it.
That's how you have to be on Discord, or else your guild gets banned from Discord. I wish we weren't using this crap. On IRC, sometimes you had to deal with cranky netops, but they mostly left you alone.
Absolutely nothing you said refutes anything in the comment you’re replying to. You are just reiterating “I’m angry and this is stupid”. Go write in your journal or something. It’s impossible to engage with someone who isn’t engaging themselves.
Any advice on good communities or sources of (reliable) information on alternative firmwares and pen testing type tools?
IRC is still alive and there is bunch of communities around that are a bit more lax, probably because they're half-dead compared to what they used to be. Today probabably Libera.chat would be the best introduction if you haven't touched IRC before.
“Furries Forking Flipper Firmware” sounds like a promising and/or true and/or Garden-Path headline
I would be interested in the names and descriptions of these legit pentesting tools.
Agreed 100% - they bricked the thing with official firmwares, and the "community" is the meanest most awful group of so-called hackers I've ever interacted with. It's more than just COA, they're actively aggressive and insular, not just on discord but reddit and less-known places too (which you can't know because you'll be banned for asking where you could find out).
What is the current go-to unofficial firmware? Mine had extreme but I think that one’s dead?
I'm currently using https://momentum-fw.dev/
Works well, and compiling modules like the epaper hacker tool is easy.
https://github.com/i12bp8/TagTinker
Thanks for the suggestion!
I can understand why that happened at least remotely. If you do all those things they refused 'officially', it might be easier for stupid government idiots to paint it as a dangerous illegal tool.
Adding the necessary hardware while refusing to support arbitrarily iLLegAl things is the best of both worlds.
This. Many legit, but questionable features blown out of proportion already caused many issues with regulators who just don't want to get into details, but just delist from sales/ban the device.
And once you start talking about "jamming" and other 1337 h4x0r stuff - which is straight up illegal and can get you into trouble - on official platforms, don't get offended when that gets removed.
Sure. I get why you don't want the skids jamming. But hell, it is still in your github commit history. Your all historical work was that of a attacking hacker toolkit. Jamming proves that.
Now, that absolutely does NOT excuse Adkins on the discord from people asking how to get the PSK for garage door openers, and emulating the buttons. And especially since it was being asked by owners of said doors.
But you banned people with legitimate and legal uses too.
Good riddance to you all. I've stayed with 3rd party and steered others towards better actors than yourselves.
are there any chinese knock offs of the hardware? i've yet to find something that integrates all the features this well
> mention ANY of the alternate firmwares on their discord, and you get banned
Does it surprise you that a Russian product team would use these tactics?
Nyet.
Flipper Zero is one of the handiest little pieces of tech I’ve ever owned. Being able to copy RFID keys is occasionally fantastically useful.
I use it to clone remotes of "dumb" devices and emulate them with ESPHome to make them "smart" fully offline under my control.
Is... that possible? I thought the whole point is that those were a challenge-response specifically to avoid ever them disclosing over the air the material necessary to impersonate one.
You're thinking of NFC, not RFID, and with NFC the owner might not have changed the default keys.
It's a common mix-up (people barely differentiate between the terms anymore, though I'm surprised nobody in 2 hours mentioned it yet), basically RFID is (historically) an ID; a username. Like an ID field in a database. NFC is near-field communication: bidirectional. It does challenge-response and typically runs on hardened chips. But yeah people will call NFC chips RFID and RFID chips NFC all the time. Both are waterproof devices doing radio transmissions on wireless power and you can't tell them apart without using some equipment to try and read the chip type (even if most phones can do that nowadays), so I can understand the terminology generalisation
Keyfobs absolutely should use a secure challenge-response protocol in order to prevent cloning. Unfortunately, it's extremely common for RFID devices to simply use the tag ID which is trivially cloneable. Many of the systems that make some attempt at security still fail by using a broken protocol or a flawed implementation.
Some cards don't have any form of security. For example Konami "e-amusement" cards are just an ID number, which is also written on the back of the card. It is a username so to speak, the password is the PIN you enter when you start the game.
Some cards use some kind of challenge-response but are weak and are easily crackable.
Some cards have an anti-copy protection based on rolling codes, be careful with these. The idea is that when you use it to, say, open a door, the card sends a code to the reader and if correct, that code is burned and the reader replies with the next code, which is stored in the card for the next time, making every other copy (possibly including the original) unusable. If the card emulator doesn't store the rolling code, you are completely locked out.
Some cards have a proper challenge-response mechanism that works and can't be easily copied.
Many RFID cards are literally just an ID number, and will happily allow you to copy that number to your own RFID card (look up "blue cloner guns", although they have their own downsides). Basically just security through obscurity. Cards that do fancy crypto stuff exist, but odds are your workplace badge, apartment fob, or hotel room key is the simple kind (because those are cheaper)
Oh yeah that’s how you’re supposed to do it. But it’s entirely possible to set up a system that uses RFID key fobs that uh, doesn’t.
In the case where it was most useful to make copies they did eventually replace the system with one where the keys weren’t copy able. Which was better!
In my old apartment I was able to copy my fob from my apartment office. In my new one I had to record the interaction with the door and was then able to open the door
Even that process can be flawed, see: Crypto1 and all the shenanigans that followed.
Recent UL-C/AES disclosure too IIRC
I don’t know a whole lot about RFID, but some of the most basic cards can be copied very easily. When scanned, the reader always reads the same bits.
I believe there are some more secure cards, like Mifare DESFire EV3 that do provide some security. You’d be shocked how insecure most RFID readers for security cards are.
RFID keys vary from utterly dumb ID-based, to hackable challenge-response, to actual NFC smartcard (very rare).
Some of that can be trivially cloned.
Most dont :)
Depends on where you are. Newer systems are resistant to attack, but not everywhere has upgraded to newer systems.
Is this something you do often? I could see a few use cases and also for copying garage keys. But I don't think I would use it enough to justify the investment
> I don't think I would use it enough to justify the investment
This is not a rational purchase - most of the rule breaking done with the zero is for fun or convenience, rather than being truly illegal.
It used to be more fun before the hotels started handing out NFC unlocks with your phone.
Still, being able to send each other a key for a hotel room on Signal is a nice trick if you are traveling with a sufficiently tech savvy group of people.
You can't even clone you garage door opener key anyway.
Flipper Zero and its clones have always been pseudohacker nonsense. Fun little party trick I suppose.
Sometimes you can clone them. My 20+ year-old condo uses non-rolling code "MegaCode". It's hit or miss.
Nope! Only occasionally. But it’s handy on those occasions.
What a great tool and community they have built. I find my flipper0 is like a computer Swiss Army knife. It’s so fun to carry around a tool of my own trade.
I get ads for this all the time but still have no idea what I could do with it.
Logical NAND of a laptop featureset. Has things like IR, a subghz HDR, NFC+RFID, USB device support, iButton, and the like.
Some people get a lot of use out of it, but if you just saw that list of hardware and couldn't think of one area you'd apply it in, it's probably not going to be a useful device for you.
Anything you might want to do with a radio or IR device but don’t have specialized hardware for. It’s kind of a swiss knife/leatherman tool for short range communications standards.
I think of it as the browser dev tools of radio. Most people will have no use for it but it brings visibility and interactability in to an otherwise invisible world.
I use mine mostly as a universal IR remote.
i vibed a .ir to tasmota IRSend commands and it is so good.