CSbyGB - Pentips
Buy me a tea
  • CS By GB - PenTips
    • Welcome to CSbyGB's Pentips
  • Networking, Protocols and Network pentest
    • Basics
    • DNS
    • FTP
    • HTTP & HTTPS
    • IMAP
    • IPMI
    • MSSQL
    • MYSQL
    • NFS
    • Oracle TNS
    • POP3
    • RDP
    • RPC
    • Rservices
    • Rsync
    • SMB
    • SMTP
    • SNMP
    • SSH
    • VOIP and related protocols
    • Winrm
    • WMI
    • Useful tips when you find unknown ports
  • Ethical Hacking - General Methodology
    • Introduction
    • Information Gathering
    • Scanning & Enumeration
    • Exploitation (basics)
    • Password Attacks
    • Post Exploitation
    • Lateral Movement
    • Proof-of-Concept
    • Post-Engagement
    • MITRE ATT&CK
  • External Pentest
    • External Pentest
  • Web Pentesting
    • Introduction to HTTP and web
    • Enumeration
    • OWASP Top 10
    • General Methodo & Misc Tips
    • Web Services and API
    • Vunerabilities and attacks
      • Clickjacking
      • CORS (Misconfigurations)
      • CSRF
      • SSRF
      • Bypass captcha
      • Template Injection (client and server side)
      • MFA bypass
      • XXE
    • Exposed git folder
    • Docker exploitation and Docker vulnerabilities
    • Websockets
  • Mobile App Pentest
    • Android
    • IOS
  • Wireless Pentest
    • Wireless pentest
  • Cloud Pentest
    • Cloud Pentest
    • Google Cloud Platform
    • AWS
  • Thick Client Pentest
    • Thick Client
  • Hardware Pentest
    • ATM
    • IoT
  • Secure Code Review
    • Secure code review
    • Java notes for Secure Code Review
  • AI & AI Pentest
    • MITRE ATLAS
    • OWASP ML and LLM
    • Hugging face
    • AI Python
    • Gemini
    • Ollama
  • Checklist
    • Web Application and API Pentest Checklist
    • Linux Privesc Checklist
    • Mobile App Pentest Checklist
  • Tools
    • Burpsuite
    • Android Studio
    • Frida
    • CrackMapExec
    • Netcat and alternatives
    • Nmap
    • Nuclei
    • Evil Winrm
    • Metasploit
    • Covenant
    • Mimikatz
    • Passwords, Hashes and wordlist tools
    • WFuzz
    • WPScan
    • Powershell Empire
    • Curl
    • Vulnerability Scanning tools
    • Payload Tools
    • Out of band Servers
    • STEWS
    • Webcrawlers
    • Websocat
  • VM and Labs
    • General tips
    • Setup your pentest lab
  • Linux
    • Initial Foothold
    • Useful commands and tools for pentest on Linux
    • Privilege Escalation
      • Kernel Exploits
      • Password and file permission
      • Sudo
      • SUID
      • Capabilities
      • Scheduled tasks
      • NFS Root Squashing
      • Services
      • PATH Abuse
      • Wildcard Abuse
      • Privileged groups
      • Exploit codes Cheat Sheet
  • Windows
    • Offensive windows
    • Enumeration and general Win tips
    • Privilege Escalation
    • Active Directory
    • Attacking Active Directory
      • LLMNR Poisoning
      • SMB Relay Attacks
      • Shell Access
      • IPv6 Attacks
      • Passback Attacks
      • Abusing ZeroLogon
    • Post-Compromise Enumeration
      • Powerview or SharpView (.NET equivalent)
      • AD Manual Enumeration
      • Bloodhound
      • Post Compromise Enumeration - Resources
    • Post Compromise Attacks
      • Pass the Password / Hash
      • Token Impersonation - Potato attacks
      • Kerberos
      • GPP/cPassword Attacks
      • URL File Attack
      • PrintNightmare
      • Printer Bug
      • AutoLogon exploitation
      • Always Installed Elevated exploitation
      • UAC Bypass
      • Abusing ACL
      • Unconstrained Delegation
    • Persistence
    • AV Evasion
    • Weaponization
    • Useful commands in Powershell, CMD and Sysinternals
    • Windows Internals
  • Programming
    • Python programming
    • My scripts
    • Kotlin
  • Binary Exploitation
    • Assembly
    • Buffer Overflow - Stack based - Winx86
    • Buffer Overflow - Stack based - Linux x86
  • OSINT
    • OSINT
    • Create an OSINT lab
    • Sock Puppets
    • Search engines
    • OSINT Images
    • OSINT Email
    • OSINT Password
    • OSINT Usernames
    • OSINT People
    • OSINT Social Media
    • OSINT Websites
    • OSINT Business
    • OSINT Wireless
    • OSINT Tools
    • Write an OSINT report
  • Pentester hardware toolbox
    • Flipper Zero
    • OMG cables
    • Rubber ducky
  • Post Exploitation
    • File transfers between target and attacking machine
    • Maintaining Access
    • Pivoting
    • Cleaning up
  • Reporting
    • How to report your findings
  • Red Team
    • Red Team
    • Defenses Enumeration
    • AV Evasion
  • Writeups
    • Hackthebox Tracks
      • Hackthebox - Introduction to Android Exploitation - Track
    • Hackthebox Writeups
      • Hackthebox - Academy
      • Hackthebox - Access
      • Hackthebox - Active
      • Hackthebox - Ambassador
      • Hackthebox - Arctic
      • Hackthebox - Awkward
      • Hackthebox - Backend
      • Hackthebox - BackendTwo
      • Hackthebox - Bastard
      • Hackthebox - Bastion
      • Hackthebox - Chatterbox
      • Hackthebox - Devel
      • Hackthebox - Driver
      • Hackthebox - Explore
      • Hackthebox - Forest
      • Hackthebox - Good games
      • Hackthebox - Grandpa
      • Hackthebox - Granny
      • Hackthebox - Inject
      • Hackthebox - Jeeves
      • Hackthebox - Jerry
      • Hackthebox - Lame
      • Hackthebox - Late
      • Hackthebox - Love
      • Hackthebox - Mentor
      • Hackthebox - MetaTwo
      • Hackthebox - Monteverde
      • Hackthebox - Nibbles
      • Hackthebox - Optimum
      • Hackthebox - Paper
      • Hackthebox - Photobomb
      • Hackthebox - Poison
      • Hackthebox - Precious
      • Hackthebox - Querier
      • Hackthebox - Resolute
      • Hackthebox - RouterSpace
      • Hackthebox - Sauna
      • Hackthebox - SecNotes
      • Hackthebox - Shoppy
      • Hackthebox - Soccer
      • Hackthebox - Steamcloud
      • Hackthebox - Toolbox
      • Hackthebox - Vault
      • Hackthebox - Updown
    • TryHackme Writeups
      • TryHackMe - Anonymous
      • TryHackMe - Blaster
      • TryHackMe - CMesS
      • TryHackMe - ConvertMyVideo
      • TryHackMe - Corridor
      • TryHackMe - LazyAdmin
      • TryHackMe - Looking Glass
      • TryHackMe - Nahamstore
      • TryHackMe - Overpass3
      • TryHackMe - OWASP Top 10 2021
      • TryHackMe - SimpleCTF
      • TryHackMe - SQL Injection Lab
      • TryHackMe - Sudo Security Bypass
      • TryHackMe - Tomghost
      • TryHackMe - Ultratech
      • TryHackMe - Vulnversity
      • TryHackMe - Wonderland
    • Vulnmachines Writeups
      • Web Labs Basic
      • Web Labs Intermediate
      • Cloud Labs
    • Mobile Hacking Lab
      • Mobile Hacking Lab - Lab - Config Editor
      • Mobile Hacking Lab - Lab - Strings
    • Portswigger Web Security Academy Writeups
      • PS - DomXSS
      • PS - Exploiting vulnerabilities in LLM APIs
    • OWASP projects and challenges writeups
      • OWASP MAS Crackmes
    • Vulnerable APIs
      • Vampi
      • Damn Vulnerable Web Service
      • Damn Vulnerable RESTaurant
    • Various Platforms
      • flAWS 1&2
  • Digital skills
    • How to make a gitbook
    • Marp
    • Linux Tips
    • Docker
    • VSCodium
    • Git Tips
    • Obsidian
  • Durable skills
    • Durable skills wheel/Roue des compétences durables
  • Projects
    • Projects
      • Technical Projects
      • General Projects
  • Talks
    • My Talks about Web Pentest
    • My talks about Android Application hacking
    • Other of my talks and Podcast
  • Resources
    • A list of random resources
Powered by GitBook
On this page
  • Out of the box
  • SD Card
  • Update firmware
  • Infrared
  • Clone a remote
  • Flash the Xtreme firmware
  • WiFi Dev board
  • Marauder
  • Evil portal
  • Music Player
  • Make your own music
  • Convert Solfege notation to Letter notation
  • Where is flat?
  • Tempo
  • My music files
  • Resources for music with flipper Zero
  • Using a Flipper Zero to access API source code on IoT devices
  • Customization & 3D prints
  • Dev Board Case
  • Desktop Stand
  • GPIO Cover
  • Resources
  • Official links
  • Tutorials, Cheatsheet & Resources
  • Github projects
  • Attacks
  • People, companies or org to follow
  • Firmwares
  • RFID
  • BadUSB
  • SubGHz
  • Games
  • Blue Team Flipper tools
  • Tools
  1. Pentester hardware toolbox

Flipper Zero

PreviousWrite an OSINT reportNextOMG cables

Last updated 9 months ago

image

Out of the box

Once you've received your Flipper Zero, you will need to set it up.

SD Card

You will need an SD card in order to play with your flipper zero, it is pretty much useless without it. You can not buy any SD card, you will need a specific one, see here the requirements. You can also check the same link to format the SD Card through the flipper. It is pretty straightforward. They mention in the documentation that it is not necessary to buy one that is more than 32 GB even though it will still work with more. Here is the one I got from Amazon Canada.

Update firmware

Once the SD card is inserted and formatted, you will be able to update the firmware. Here is how to do this:

  1. Get the app on your computer from this link

  2. Install it

  3. Plug your flipper to your computer and update the firmware, really straightforward as well.

For more information, you have the full chapter about the firmware update in the documentation here.

Infrared

Clone a remote

Once again something really simple you can clone a remote. Here is how to do it:

  1. In the menu go to Infrared

  2. Click on learn new remote

  3. Point the remote at the IR port and push the button you wish to clone (every button will be saved separately)

Now you can use your flipper as a remote. Pretty cool.

Flash the Xtreme firmware

  • Thanks to Shuriken Hacks you can see how to do this in his video :)

  • Check out the ios attacks you can try with it here

WiFi Dev board

If you have the WiFi dev board, you can use it like you would use a pineapple wifi.

Marauder

Steam Labs has an amazing video about this:

Here are the steps (some from the video some you have to do prior):

  1. (Prior watching the video) Flash your flipper with a firmware that has the marauder attack, Steam labs uses the Rogue Master firmware, I use the Xtreme firware (you can see above how to flash it)

  2. Flash the firmware on the devboard. Steam labs uses this one by UberGuidoZ

Evil portal

Music Player

  • You have a music player in the flipper zero.

Make your own music

  • You want to make your own music. It is possible. Use this RTTTL Online tool to hear what it is going to look like.

  • This documentation by tonsil is also really good

Convert Solfege notation to Letter notation

  • To convert notes to letter notation. If you are like me and never remember how to convert solfege notation to letter, here is a matrice

Solfege notation
Letter notation

DO

C

RE

D

MI

E

FA

F

SOL

G

LA

A

SI

B

Where is flat?

  • If you want a flat (bemol) you will need to use you musician skills. I could not find a way to make a bemol except by using its sharp equivalent so for example if you want mib you will need to use re#.

  • Here are a few possibilities for this scenario

    • reb is do# = C#

    • mib is re# = D#

    • solb is fa# = F#

    • lab is sol# = G#

    • sib is la# = A#

    • fab is mi = E

    • dob is si = B

Tempo

  • To calculate the tempo we use a metronome one click of a metronome is a beat.

Italian
English
BPM

Largo

Large

40 - 60

Lento

Slow

52 - 68

Adagio

Adagio

60 - 80

Andante

Andante

76 - 100

Moderato

Moderate

88 - 112

Allegretto

Allegretto

100 - 128

Allegro

Allegro

112 - 160

Vivace

Lively

120 - 140

Presto

Fast

140 - 200

Prestissimo

Very fast

140 - 200

  • Depending on the piece the tempo will be different. You will have to calculate according to this. These images from flowkey can help us. We can assume (even though it is not always true) that for example if it says on a music sheet allegro moderato 120 the quarter note will be 120 bpm and we will calculate the other according to this.

My music files

  • Here is a link to the folder where I will put the music files I will make using this methodology.

Resources for music with flipper Zero

  • flipper music files - Tonsil

  • An RTTTL Parser Class by marco c on Arduino++

  • Apprendre le solfege

  • Flowkey

  • FlipperMusicRTTTL - neverfa11ing

Using a Flipper Zero to access API source code on IoT devices

  • See Dana Epp's blog article here for a detailed explaination on how to do this

Customization & 3D prints

Dev Board Case

  • Flipper zero Dev board case - Urgirlinmyjetta316

  • Case for Flipper Zero Wi-Fi Module v1

Desktop Stand

  • Flipper Zero Desktop Stand - Jake Anderson

GPIO Cover

  • Flipper Zero GPIO Cover - joelspiers15

  • Flipper Zero SD cover - hk4fun

Resources

Official links

Tutorials, Cheatsheet & Resources

Github projects

  • Flipper Zero QR Code

Attacks

People, companies or org to follow

  • Derek Jamison - Github

  • Derek Jamison - Youtube

  • Sam's eXperiments logs - Youtube

  • Shuriken Hacks - Youtube

  • McSHUR1KEN (Shuriken Hacks) - Github

  • PenAce - Youtube

  • Lukas Stefano - Linkedin

  • Talking Sasquach - Youtube

  • Modern Broadcast - Youtube

  • David Bombal - Youtube

  • Jando - Youtube

  • The Computer Noob - website

  • CorSecure - Youtube

  • Mr ExtraRandom - Youtube

  • Kanjian FR - Youtube (in french only)

  • I am Jakoby - Github

Firmwares

  • Official firmware

  • Xtreme firmware

  • RogueMaster Firmware

  • Momentum Firmware

RFID

  • Flipper zweo tutorials - RFID - Jamisonderek

BadUSB

  • BadUSB payloads - I Am Jakoby

  • badusb - FalsePhilosopher

SubGHz

  • flipper zero Gate Bruteforce - Hong5489

  • Flipper zero bruteforce - tobiabocchi

  • Flipper zero SubGHz - Shur1k-N

  • Ubers SD Files - skizzophrenic

  • Flipper Sub-GHz - UberGuidoz

Games

Blue Team Flipper tools

  • Wall of flippers - K3YOMI

Tools

Enumerate the wifi availables, find the wifi you are targeting (⚠️reminder to stay legal and ethical⚠️). (from the "List" item in the menu) Write down the number of the wifi you are targeting

Select the targeted wifi from the "Select" item in the menu

Launch deauth attack from the "Attack" item in the menu

Launch rickroll attack from the "Attack" item in the menu

I changed the path but in mine it is here

You will have to put the music files in this folder. They can be txt file or fmf (flipper music file)

And then you can use this documentation by neverfa11ing to create the file. I really like the image he shared. It is really comprehensive in one look

Shuriken Hacks - Installing Xtreme Firmware on Flipper Zero — Xtremely Easy!
Flipper Zero - How to run Marauder on the WiFi Dev Board - ESP32 - Rick Roll
Flipper Zero Documentation - Flipper Zero — Documentation
Official Documentation
Flipper Zero — Portable Multi-tool Device for Geeks
Official Website
Official Twitter
Self diagnose and repair guide
David Bombal Flipper Zero next level
Join the Flipper Devices Discord Server!Discord
Official Discord Server
GitHub - flipperdevices/flipper-questions-and-answers: Flipper Question and Answer sessions archiveGitHub
flipper-questions-and-answers
Flipper Zero Tutorial 2024: Best Beginner's Guide (Easy Steps)StationX
Flipper Zero Tutorial 2024: Best Beginner’s Guide (Easy Steps) - StationX
GitHubGitHub
Flipper Zero Topic on Github
GitHubGitHub
Flipper Zero Topic on Github
The Ultimate Guide / CheatSheet to Flipper ZeroInfoSec Write-ups
The Ultimate Guide / CheatSheet to Flipper Zero - Ilias Mavropoulos
Joas A Santos on LinkedIn: Flipper Zero Content Compilationlinkedin
Joas' flipper zero resources
GitHub - djsime1/awesome-flipperzero: 🐬 A collection of awesome resources for the Flipper Zero device.GitHub
Awesome flipperzero - djsime1
In french - Blogmotion - Flipper Zero
Tamagotchi Hacking Tool, Flipper Zero Unboxing and Review - Modern Broadcast
Flipper Zero Teardown - Flipper Devices (and 7 other contributors)
Mon Flipper Zero est arrivé ! 🐬 (mon avis)Blogmotion – Culture tech et DIY
Logo
Logo
Flipper Zero Hacking my House | Huson DIY | TV's and Remote Sockets - Huson DIY
3 Flipper Zero Hacks to Wow Your Friends (and How They Work) | HackerNoonhackernoon
3 Flipper Zero Hacks to Wow Your Friends (and How They Work) - James Bore
Playground (and dump) of stuff I made, modified, researched, or found for the Flipper Zero. - UberGuidoZ
Logo
GitHub - UberGuidoZ/Flipper: Playground (and dump) of stuff I make or modify for the Flipper ZeroGitHub
Flipper Zero | HackTricks | HackTricks
Flipper Zero - Hacktricks
GitHub - SHUR1K-N/Flipper-Zero-Sub-GHz-Jamming-Files: Looking for those jamming files that were removed from custom firmwares? Here they are. Only for educational purposes, of course.GitHub
Flipper-Zero-Sub-GHz-Jamming-Files - SHUR1K-N
GitHub - SHUR1K-N/Flipper-Zero-BadKB-Files: Looking for the BadKB files you saw in my video? Here they are. Only for educational purposes, of course.GitHub
Flipper Zero's BadKB Files (from my YouTube video) - SHUR1K-N
A Flipper Zero Introduction Tutorial: How to use Bad USB - Modern Broadcast
GitHub - Chrislundh98/BadUSB: BadUSB collection for flipperzeroGitHub
Educational BadUSB Scripts for Cybersecurity Learning - Christoffer Lundh
A step-by-step guide on exploiting Bluetooth (BLE) on iOS 17 & Android via Flipper ZeroOpen Source Skills
A step-by-step guide on exploiting BLE on iOS 17 & Android via Flipper Zero - Jason Martin
Bad-usb works on IOS iphone flipper zero - Jando
How To: Wireless BadUSB Attacks w/ the Flipper ZeroThe Computer Noob
How To: Wireless BadUSB Attacks w/ the Flipper Zero - The Computer Noob
Flipper Zero: BLE Imitation of Apple Device Pairings - Sam's eXperiments logs
How charging your phone can compromise your data using Juice Jacking attackMobile Hacker
How charging your phone can compromise your data using Juice Jacking attack - Mobile Hacker
Unlocking a Phone with a Flipper Zero - CorSecure
Flipper Zero - How to run Marauder on the WiFi Dev Board - ESP32 - Rick Roll - Steam Labs
Flipper Zero: How To Run Marauder on the WiFi Dev Board - Just call me koko
How Hackers Use Bluetooth to Take Over Your Mac Device
Bluetooth Impersonation attacks
You Can Now Play Doom in the Tamagotchi-Like Hacking Devicevice
You Can Now Play Doom in the Tamagotchi-Like Hacking Device
Flipper Maker — Generate files for your Flipper Zero
Flipper Maker - Generate flipper Files
Flipper Lab
Flipper Labs
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Coming soon
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo
Logo