From a67c8751d764da1ae69e27aabf5fe0c980ab401b Mon Sep 17 00:00:00 2001 From: CPol Date: Sat, 24 Dec 2022 23:50:44 +0000 Subject: [PATCH] GitBook: [#3708] No subject --- SUMMARY.md | 1 + todo/radio-hacking/flipper-zero/README.md | 96 ++------------- .../flipper-zero/fz-125khz-rfid.md | 8 ++ todo/radio-hacking/flipper-zero/fz-ibutton.md | 8 ++ .../radio-hacking/flipper-zero/fz-infrared.md | 8 ++ todo/radio-hacking/flipper-zero/fz-nfc.md | 8 ++ todo/radio-hacking/flipper-zero/fz-sub-ghz.md | 116 ++++++++++++++++++ 7 files changed, 158 insertions(+), 87 deletions(-) create mode 100644 todo/radio-hacking/flipper-zero/fz-sub-ghz.md diff --git a/SUMMARY.md b/SUMMARY.md index ded976f9d..8363ee003 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -675,6 +675,7 @@ * [iButton](todo/radio-hacking/ibutton.md) * [Flipper Zero](todo/radio-hacking/flipper-zero/README.md) * [FZ - NFC](todo/radio-hacking/flipper-zero/fz-nfc.md) + * [FZ - Sub-Ghz](todo/radio-hacking/flipper-zero/fz-sub-ghz.md) * [FZ - Infrared](todo/radio-hacking/flipper-zero/fz-infrared.md) * [FZ - iButton](todo/radio-hacking/flipper-zero/fz-ibutton.md) * [FZ - 125kHz RFID](todo/radio-hacking/flipper-zero/fz-125khz-rfid.md) diff --git a/todo/radio-hacking/flipper-zero/README.md b/todo/radio-hacking/flipper-zero/README.md index 38dc418ac..ac0771bf9 100644 --- a/todo/radio-hacking/flipper-zero/README.md +++ b/todo/radio-hacking/flipper-zero/README.md @@ -12,94 +12,16 @@ -## Sub-Ghz - -### Frequency Analyser - -{% hint style="info" %} -How to find which frequency is the remote using -{% endhint %} - -When analysing, Flipper Zero is scanning signals strength (RSSI) at all the frequencies available in frequency configuration. Flipper Zero displays the frequency with the highest RSSI value, with signal strength higher than -90 [dBm](https://en.wikipedia.org/wiki/DBm). - -To determine the remote's frequency, do the following: - -1. Place the remote control very close to the left of Flipper Zero. -2. Go to **Main Menu** **→ Sub-GHz**. -3. Select **Frequency Analyzer**, then press and hold the button on the remote control you want to analyze. -4. Review the frequency value on the screen. - -### Read - -{% hint style="info" %} -Find info about the frequency used (also another way to find which frequency is used) -{% endhint %} - -The **Read** option **listens on the configured frequency** on the indicated modulation: 433.92 AM by default. If **something is found** when reading, **info is given** in the screen. This info could be use to replicate the signal in the future. - -While Read is in use, it's possible to press the **left button** and **configure it**.\ -At this moment it has **4 modulations** (AM270, AM650, FM328 and FM476), and **several relevant frequencies** stored: - -
- -You can set **any that interests you**, however, if you are **not sure which frequency** could be the one used by the remote you have, **set Hopping to ON** (Off by default), and press the button several times until Flipper captures it and give you the info you need to set the frequency. - -{% hint style="danger" %} -Switching between frequencies takes some time, therefore signals transmitted at the time of switching can be missed. For better signal reception, set a fixed frequency determined by Frequency Analyzer. -{% endhint %} - -### **Read Raw** - -{% hint style="info" %} -Steal (and replay) a signal in the configured frequency -{% endhint %} - -The **Read Raw** option **records signals** send in the listening frequency. This can be used to **steal** a signal and **repeat** it. - -By default **Read Raw is also in 433.92 in AM650**, but if with the Read option you found that the signal that interest you is in a **different frequency/modulation, you can also modify that** pressing left (while inside the Read Raw option). - -### Add Manually - -{% hint style="info" %} -Add signals from a configured list of protocols -{% endhint %} - -#### List of [supported protocols](https://docs.flipperzero.one/sub-ghz/add-new-remote) - -| Princeton\_433 (works with the majority of static code systems) | 433.92 | Static | -| ---------------------------------------------------------------- | ------ | ------- | -| Nice Flo 12bit\_433 | 433.92 | Static | -| Nice Flo 24bit\_433 | 433.92 | Static | -| CAME 12bit\_433 | 433.92 | Static | -| CAME 24bit\_433 | 433.92 | Static | -| Linear\_300 | 300.00 | Static | -| CAME TWEE | 433.92 | Static | -| Gate TX\_433 | 433.92 | Static | -| DoorHan\_315 | 315.00 | Dynamic | -| DoorHan\_433 | 433.92 | Dynamic | -| LiftMaster\_315 | 315.00 | Dynamic | -| LiftMaster\_390 | 390.00 | Dynamic | -| Security+2.0\_310 | 310.00 | Dynamic | -| Security+2.0\_315 | 315.00 | Dynamic | -| Security+2.0\_390 | 390.00 | Dynamic | - -### Supported Sub-GHz vendors - -Check the list in [https://docs.flipperzero.one/sub-ghz/supported-vendors](https://docs.flipperzero.one/sub-ghz/supported-vendors) - -### Suppoerted Frequencies by region - -Check the list in [https://docs.flipperzero.one/sub-ghz/frequencies](https://docs.flipperzero.one/sub-ghz/frequencies) - -### Test - -{% hint style="info" %} -Get dBms of the saved frequencies -{% endhint %} - -## 125 kHz RFID - +With [**Flipper Zero**](https://flipperzero.one/) you can: +* **Listen/Capture/Replay radio frequencies:** [**Sub-GHz**](fz-sub-ghz.md)**** +* **Read/Capture/Emulate NFC cards:** [**NFC**](fz-nfc.md)**** +* **Read/Capture/Emulate 125kHz tags:** [**125kHz RFID**](fz-125khz-rfid.md)**** +* **Read/Capture/Send Infrared signals:** [**Infrared**](fz-infrared.md)**** +* **Read/Capture/Emulate iButtons:** [**iButton**](../ibutton.md)**** +* **Use is as Bad USB** +* **Use it as security key (U2F)** +* **Play Snake**
diff --git a/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md b/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md index d013cca16..d54abb4cc 100644 --- a/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md +++ b/todo/radio-hacking/flipper-zero/fz-125khz-rfid.md @@ -12,6 +12,14 @@
+## Intro + +For more info about how 125kHz tags work check: + +{% content-ref url="../../../radio-hacking/pentesting-rfid.md" %} +[pentesting-rfid.md](../../../radio-hacking/pentesting-rfid.md) +{% endcontent-ref %} + ## Actions For more info about these types of tags [**read this intro**](../../../radio-hacking/pentesting-rfid.md#low-frequency-rfid-tags-125khz). diff --git a/todo/radio-hacking/flipper-zero/fz-ibutton.md b/todo/radio-hacking/flipper-zero/fz-ibutton.md index 26d9c8351..1c88e2dc9 100644 --- a/todo/radio-hacking/flipper-zero/fz-ibutton.md +++ b/todo/radio-hacking/flipper-zero/fz-ibutton.md @@ -12,6 +12,14 @@ +## Intro + +For more info about what is an iButton check: + +{% content-ref url="../ibutton.md" %} +[ibutton.md](../ibutton.md) +{% endcontent-ref %} + ## Design The **blue** part of the following imageis how you would need to **put the real iButton** so the Flipper can **read it.** The **green** part is how you need to **touch the reader** with the Flipper zero to **correctly emulate an iButton**. diff --git a/todo/radio-hacking/flipper-zero/fz-infrared.md b/todo/radio-hacking/flipper-zero/fz-infrared.md index 90bc3a035..30fd37822 100644 --- a/todo/radio-hacking/flipper-zero/fz-infrared.md +++ b/todo/radio-hacking/flipper-zero/fz-infrared.md @@ -12,6 +12,14 @@ +## Intro + +For more info about how Infrared works check: + +{% content-ref url="../infrared.md" %} +[infrared.md](../infrared.md) +{% endcontent-ref %} + ## IR Signal Receiver in Flipper Zero Flipper uses a digital IR signal receiver TSOP, which **allows intercepting signals from IR remotes**. There are some **smartphones** like Xiaomi, which also have an IR port, but keep in mind that **most of them can only transmit** signals and are **unable to receive** them. diff --git a/todo/radio-hacking/flipper-zero/fz-nfc.md b/todo/radio-hacking/flipper-zero/fz-nfc.md index 93013d78d..7202b3990 100644 --- a/todo/radio-hacking/flipper-zero/fz-nfc.md +++ b/todo/radio-hacking/flipper-zero/fz-nfc.md @@ -12,6 +12,14 @@ +## Intro + +For info about RFID and NFC check the following page: + +{% content-ref url="../../../radio-hacking/pentesting-rfid.md" %} +[pentesting-rfid.md](../../../radio-hacking/pentesting-rfid.md) +{% endcontent-ref %} + ## Supported NFC cards {% hint style="danger" %} diff --git a/todo/radio-hacking/flipper-zero/fz-sub-ghz.md b/todo/radio-hacking/flipper-zero/fz-sub-ghz.md new file mode 100644 index 000000000..ac619d340 --- /dev/null +++ b/todo/radio-hacking/flipper-zero/fz-sub-ghz.md @@ -0,0 +1,116 @@ +# FZ - Sub-Ghz + +
+ +🎙️ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) 🎙️ - 🎥 Youtube 🎥 + +* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! +* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) +* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) +* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** +* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud). + +
+ +## + +## Actions + +### Frequency Analyser + +{% hint style="info" %} +How to find which frequency is the remote using +{% endhint %} + +When analysing, Flipper Zero is scanning signals strength (RSSI) at all the frequencies available in frequency configuration. Flipper Zero displays the frequency with the highest RSSI value, with signal strength higher than -90 [dBm](https://en.wikipedia.org/wiki/DBm). + +To determine the remote's frequency, do the following: + +1. Place the remote control very close to the left of Flipper Zero. +2. Go to **Main Menu** **→ Sub-GHz**. +3. Select **Frequency Analyzer**, then press and hold the button on the remote control you want to analyze. +4. Review the frequency value on the screen. + +### Read + +{% hint style="info" %} +Find info about the frequency used (also another way to find which frequency is used) +{% endhint %} + +The **Read** option **listens on the configured frequency** on the indicated modulation: 433.92 AM by default. If **something is found** when reading, **info is given** in the screen. This info could be use to replicate the signal in the future. + +While Read is in use, it's possible to press the **left button** and **configure it**.\ +At this moment it has **4 modulations** (AM270, AM650, FM328 and FM476), and **several relevant frequencies** stored: + +
+ +You can set **any that interests you**, however, if you are **not sure which frequency** could be the one used by the remote you have, **set Hopping to ON** (Off by default), and press the button several times until Flipper captures it and give you the info you need to set the frequency. + +{% hint style="danger" %} +Switching between frequencies takes some time, therefore signals transmitted at the time of switching can be missed. For better signal reception, set a fixed frequency determined by Frequency Analyzer. +{% endhint %} + +### **Read Raw** + +{% hint style="info" %} +Steal (and replay) a signal in the configured frequency +{% endhint %} + +The **Read Raw** option **records signals** send in the listening frequency. This can be used to **steal** a signal and **repeat** it. + +By default **Read Raw is also in 433.92 in AM650**, but if with the Read option you found that the signal that interest you is in a **different frequency/modulation, you can also modify that** pressing left (while inside the Read Raw option). + +### Add Manually + +{% hint style="info" %} +Add signals from a configured list of protocols +{% endhint %} + +#### List of [supported protocols](https://docs.flipperzero.one/sub-ghz/add-new-remote) + +| Princeton\_433 (works with the majority of static code systems) | 433.92 | Static | +| ---------------------------------------------------------------- | ------ | ------- | +| Nice Flo 12bit\_433 | 433.92 | Static | +| Nice Flo 24bit\_433 | 433.92 | Static | +| CAME 12bit\_433 | 433.92 | Static | +| CAME 24bit\_433 | 433.92 | Static | +| Linear\_300 | 300.00 | Static | +| CAME TWEE | 433.92 | Static | +| Gate TX\_433 | 433.92 | Static | +| DoorHan\_315 | 315.00 | Dynamic | +| DoorHan\_433 | 433.92 | Dynamic | +| LiftMaster\_315 | 315.00 | Dynamic | +| LiftMaster\_390 | 390.00 | Dynamic | +| Security+2.0\_310 | 310.00 | Dynamic | +| Security+2.0\_315 | 315.00 | Dynamic | +| Security+2.0\_390 | 390.00 | Dynamic | + +### Supported Sub-GHz vendors + +Check the list in [https://docs.flipperzero.one/sub-ghz/supported-vendors](https://docs.flipperzero.one/sub-ghz/supported-vendors) + +### Suppoerted Frequencies by region + +Check the list in [https://docs.flipperzero.one/sub-ghz/frequencies](https://docs.flipperzero.one/sub-ghz/frequencies) + +### Test + +{% hint style="info" %} +Get dBms of the saved frequencies +{% endhint %} + +## 125 kHz RFID + + + +
+ +🎙️ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) 🎙️ - 🎥 Youtube 🎥 + +* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)! +* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family) +* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com) +* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/carlospolopm)**.** +* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud). + +