[Rebelgecko]

I use mine as a remote for a lot of things:

My front gate, my parents front gate, and any other front gate (check your local laws before doing this).

Controlling a lamp I have (works with any device I've tried that uses 433mhz)

Backup remote for my TV (the Flipper infrared UI is kinda clunky but it works)

Backing copies of NFC cards

And most importantly, you can use it to turn the pages during a PowerPoint presentation

[kQq9oHeAz6wLLS]

> And most importantly, you can use it to turn the pages during a PowerPoint presentation

Ah, so it's a business expense!

[stjohnswarts]

How do you get the details of the remotes you're replacing with it? Scanning through frequencies? Don't they have "secrets" for the actual ACK that lets your in and garage doors rotate through codes do they not? Just curious.

[Rebelgecko]

There's a few tools for figuring out radio stuff. The first is super simple, it just scans through the frequencies and tells you which is the strongest. Most devices will put this in their manual but it's nice to not need to have to look it up.

Once you know the frequency one option is to just take a raw sample at ____megahertz and play it back on demand. This doesn't work for some radio signals because they use rolling codes and it's also a bit inefficient (be VERY VERY careful using a Flipper with a car key fob, because they can sometimes go out of sync and you can't open your car afterwards)

The good news is, for many types of radio signals, the flipper can also determine the protocol and what digital data is being sent- so instead of playing back a 2 second sample of me holding down the "power" button on my lamp's remote, it knows it can just broadcast 0x1234 using protocol XYZ.

NFC and RFID devices are basically plug & play, although only a subset are supposed.

[KennyBlanken]

> (be VERY VERY careful using a Flipper with a car key fob, because they can sometimes go out of sync and you can't open your car afterwards)

FYI many cars with "keyless" entry have a traditional keyhole hidden under a piece of trim around the door handle and a key (sometimes plastic) hidden inside the fob; sometimes the key is part of the ring for a keyring, and can be released by pressing on the manufacturer's logo or inserting a paperclip in a hole.

[sogen]

Thanks, TIL

[bigiain]

Googling the FCC ID is usually a really fast way of working out what frequency a device operates on.

(Except for that suspiciously cheap gadget you got from AliExpress which shows up in the FCC database as an iPhone 4S...)

[mschuster91]

> Don't they have "secrets" for the actual ACK that lets your in and garage doors rotate through codes do they not?

Remote door controls are painfully dumb and relied on the absence of affordable software-defined receivers and especially transmitters. With most of them you can set the code via binary DIP switches at the back and that's it. No replay protection, no nothing, if you're lucky the receiver has a brute-force detection.

[stuaxo]

Hm, feels like I could have used this with my Gen 1 Phillips Hue, shouldn't have thrown that away I guess.

[tommit]

Weren't these already using ZigBee? Does anyone know whether the Flipper can handle those frequencies as well?

[mehdix]

ZigBee, Thread and a few others use IEEE 802.15.4 which allows three bands: 868/915/2450 MHz. According to the FlipperZero homepage, it supports two out these three bands: 868 and 915 MHz. So depending on your device, it might work with them too.

[backtoyoujim]

Would it be hard to get my neighbor's garage door to respond ?

[Fnoord]

Probably not, but it depends on the garage door. I used to be able to open my neighbor's garage door with the remote for my own garage door. There's also the opensesame attack (replay attack, search for it). You can perform such with a YTS-0 (Yard Stick One). I still ordered a Flipper Zero. Its cute as hell, probably has a neat community, and its more portable than my PortaPack + HackRF or Proxmark + Blueshark.

[bigiain]

Samy Kamkar who did Opensesame on the Radica Girltech also did a DefCon presentation about attacking rolling code remotes as well: http://samy.pl/defcon2015/