ADVERTISEMENT

FlipperZero explained: what a Tamagotchi-like tool is actually capable of

Introduced initially as a Kickstarter campaign seeking to raise $60K towards the end of 2022, the FlipperZero has taken the security world by storm, producing dozens of YouTube videos, write-ups, GitHub repos, and derivative products to extend its capabilities.

Flipper Zero device

By Flipper Zero/FB

Adam Kohnke
Adam Kohnke Contributor
Feb 27, 2023 Updated: 28 July 2023 6 min read
Technology categories available for testing using a FlipperZero
The current menu of technology categories available for testing using a FlipperZero.
The qFlipper Windows dekstop app interface
The ‘qFlipper’ Windows desktop application allows direct interaction with the FlipperZero device and provides several options to backup or restore firmware, displays the current version of the firmware (Release 0.75.0) and the device name(Orumo).
Test workflow that incorporates a FlipperZero
A potential penetration test workflow that incorporates a FlipperZero throughout various phases or objectives. The FlipperZero can be used to gain initial access through cloning badges, then in various phases afterwards.
The Flipper Badge Reading feature
The Flipper Badge Reading feature which assess both Amplitude-Shift Keying (ASK) and Phase-Shift Keying (PSK) modulation schemes for digital access badges.
Default storage location for FlipperZero BadUSB
The default storage location for FlipperZero BadUSB scripts is “SD Card/BadUSB”.
ADVERTISEMENT
Accessing the "disable_UAC" BadUSB
Accessing the “disable_UAC” BadUSB script from the FlipperZero.
Accessing the "disable_UAC" BadUSB 2
The “disable_uac” BadUSB script sets Windows User Account Control to “Never Notify”
Accessing the "disable_UAC" BadUSB 3
The “disable_firewall” BadUSB Script achieves complete disablement of the Windows Defender Firewall.
The “Wifi-Stealer_ORG” script
The “Wifi-Stealer_ORG” script captures Wi-Fi access key and network information for 5 different networks that the victim device interacted with and separates the data for each saved network into separate files for analysis on the target machine’ Desktop.
Configuration of Wi-Fi penetration
From the Applications 🡪 GPIO menu, selecting “[ESP32] Wi-Fi Marauder” will provide access to configure Wi-Fi penetration testing features.
Configuration of Wi-Fi penetration 2
Setting the scan type to “access point” (ap) will focus assessments on identified access points directly and not connected stations or devices.
Configuration of Wi-Fi penetration 3
The FlipperZero saves identified networks resulting from the ap scan and allows them to be selectively targeted by referring to their numeric ID in the listed table.
Configuration of Wi-Fi penetration 4
After selecting the access point, a ‘rickroll’ attack is performed which sends beacons frames advertising fake networks to wireless clients.
Configuration of Wi-Fi penetration 5
Wireless clients observe fraudulent SSIDs when the ‘rickroll’ attack is active. Attempting to connect will result in no further activity or successful network connectivity.
ADVERTISEMENT