Flipper Zero - Kickstarter RFID/RF/BLE/USB/IR

I tied it this weekend, it’s not bad but I am still going back to unleashed.
From what I see xtreme wont be any more and it will be replaced with momentum.
Speaking of which I was looking for a dictionary with em410x UIDs. ( in case someone has one please share), tnx.
Wasn’t able to find one, thus I was thinking to write something in order to generate the UIDs for a fuzzing experiment withe educational purpose.
As usual before writing I’ve decided to look around if some good soul did it before me and I found this.

it creates a dictionary with random UIDs which is flipper and pm3 compatible.
Cheers

1 Like

Xtreme and Momentum has a em4100 key generator under apps then RFID

1 Like

unleashed also do have the uid generator app.

That wouldn’t stop me, hypothetically…

Although if I was Canadian, I’d probably be looking for another place to go…

Flipper peeps…

Can the flipper deauth Bluetooth? Or is that not a thing

1 Like

it can do BLE-spam, which may have similar effects depending on the situation

I don’t believe it’ll do straight deauthing though

I don’t believe Bluetooth has a deauth process

1 Like

That’s kinda what I figured, otherwise I probably would have heard of it by now

Nothing wildly nefarious…
Just realized as I was walking through a plant of 100ish people all with Bluetooth headphones how funny a deauth would be to watch

5 Likes

I want this;

A T5577 detect / dump / restore feature, as well as a dump file comparison (being able to compare a dump file to a tag).

Get on it :slight_smile:

5 Likes

Another good feature would be to port the lua script from proxmark iceman repo for ultimate magic card, and add the functionality to flipper magic card app. I am sure a lot of folks would appreciate it. I am even considering to open a feature request in github

3 Likes

They are pretty responsive on the git. The fdx-b fix was done in under a week when I cross posted it from here

3 Likes

here is mine, let’s see when it will get done

3 Likes

I don’t get how they can clone to a T5577 if this limitation exists, but I guess I don’t understand things well enough?

3 Likes

because you can blindly send write commands to T55 blocks without needing the response confirmation the chip sends

the flipper does this & then performs a read to validate the ID wrote correctly.

you can’t dump & restore t5577s because you’d need to be able to TX/RX quicker than the module allows for, you’d not be able to see the chips response which is what you’d want

2 Likes

Interesting. So reading blocks of data from the t5577 requires a transmit and receive a pair of commands in quick succession?

Obviously you can write data without needing to do this… so it’s just the read aspect?

2 Likes

yea, to read a block you need to transmit “read block x” and receive the transmitted block back, the exchange happens too quickly for the flipper, you could send the read command sure but not pick up its response unfortunately.

2 Likes

I would think an external module could be made to do it though?

Little bit off-topic but I recently got the original book for this series.
It’s by qntm, and a super interesting read!

1 Like

When I am on a PC, I will edit for a much more reader friendly version of what is shown below.

This was done on my phone whilst walking.

There are 2 extended screenshots below, tap on each one and download if you can’t wait.

3 Likes