The future of Flipper Zero development

171 pointsposted 4 hours ago
by croes

43 Comments

JacobAsmuth

an hour ago

Why does their header image feature multiple furries, one at each station? One making a feature request, another presumably approving a pull request, and a third ostensibly submitting an app?

Is the Flipper Zero community tightly intertwined with the furry community? Is this a connection I've missed?

dimbletimbers

44 minutes ago

It’s definitely a meme if nothing else that the cybersecurity community has a distribution of furries that would not reflect the general population’s.

nicce

31 minutes ago

There is even a saying that furries run the internet.

rebolek

38 minutes ago

Is there some study to explain why? Do they feel more safer pretending to be human sized...furry animal?

kstrauser

22 minutes ago

My hypothesis, based purely on personal experience and what friends have told me. I am not a furry.

I feel like infosec was one of the earliest "no one cares who you are if you have skills" user groups. Online, you were just a handle. Man, woman, both, neither, no one knew until if/when you met up IRL. Until then, all you had was your reputation. I think that led to people having a pretty good idea about the attitudes of people they were talking to online, staying away from people who were going to be jerks about identity or pastimes, and a lot of conversations like "General Mayhem is weird, but he's our weird, so no one mentions that fox tail he wears everywhere."

Over time, that was a positive feedback loop: people who weren't cookiecutter felt safer around infosec folks than most other crowds. => That increased the "weird density" of infosec meetups. => People who don't like being unaround uncommon appearance or behavior stayed away from infosec meetups. => Those meets became safer for uncommon folks. => Repeat.

I don't know if that's right, but again, that's what friends have expressed to me before. It seems plausible.

Note: When I say weird, I mean it affectionately. I've never met anyone in infosec who didn't have some quirk not far below the surface. Frankly, I love that. And because of that, and the virtuous cycle I described, I've never had one single person in infosec confess to me that they weren't OK with gay or trans or furries or other type of behavior/identity/etc. I'm a straight white middle class dude, and unfortunately I have had people confess such things to me in other circles, mistakenly assuming that since I was in their demographic, I'd agree with them or at least be OK with it.

mplewis

10 minutes ago

Yep! Furries are represented strongly in cybersecurity.

dude250711

13 minutes ago

> Is the Flipper Zero community tightly intertwined with the furry community?

That is my conclusion. They are raising much-needed awareness about that underrepresented group.

iririririr

25 minutes ago

what does it matter to you? honest question. would that impact your technical assessment somehow? do you just want in on some probable joke?

hosel

18 minutes ago

Not OP, but I think furries are weird. You can do whatever you want, but I’ve never met a furry I liked. They also insert their weird fetish into everything they touch.

koolala

5 minutes ago

You don't seem very likable if you hold biggoted opinions so that might be specifically a you thing.

mplewis

10 minutes ago

I guarantee you've met a furry and not known it.

yjftsjthsd-h

3 hours ago

> TL;DR: We've allocated resources to maintain Flipper Zero firmware and support community contributions.

Is that the tldr? It sure sounds like it's still on minimal life support.

hdgr

2 hours ago

It is. As the article says, all development goals for FZ had been achieved and even overachieved - providing solid and feature-rich firmware, powerful SDK and developer tools. With that and development shift towards new products, updates to core firmare became infrequent - and we tried to address that.

Src: I'm one of the developers behind Flipper Zero.

jagged-chisel

2 hours ago

Why can't something be "done"?

busymom0

an hour ago

Was just reading something along those lines:

https://infosec.exchange/@millie/115719943870742405

> We need to normalize declaring software as finished. Not everything needs continuous updates to function. In fact, a minority of software needs this. Most software works as it is written. The code does not run out of date. I want more projects that are actually just finished, without the need to be continuously mutated and complexified ad infinitum.

nekusar

2 hours ago

Yeah whatever. I abandoned the "official crap" when they purged legit pentesting tools and silenced loads others. Momentum and extreme were so much better, and didn't play stupid games. They included everything.

And if you mention ANY of the alternate firmwares on their discord, and you get banned. Just fuck'em.

They may have created good hardware, but their software and discord community just sucked.

rufo

2 hours ago

Given they’ve had several skirmishes with customs and law enforcement agencies around the world, this always struck me as similar to the “don’t talk about installing retail Switch games on the Switch modding Discord” type of deal - everyone knows you can do that, but allowing mentions in official channels opens us to liability and causes nothing but headaches for both us and for customers, so if you’re going to do that, you need to talk about it somewhere else. I freely admit that’s an assumption on my part, though, and I don’t know if there’s something uglier there…?

nekusar

an hour ago

Its one thing to have a skid come in going "I wanna hack the RFID on the gubbmints's doors how can i do that?"

Versus "we forked the firmware to include a wide range of pentesting tools"

And then get banned for even saying the alternate firmware.

And seriously, this little thing is a wonderful hacker multitool. You can seriously fuck shit up with the hardware they included. For fucks sake, thats WHY they created it.

pocksuppet

a few seconds ago

That's how you have to be on Discord, or else your guild gets banned from Discord. I wish we weren't using this crap. On IRC you had to deal with cranky netops, but they mostly left you alone.

15155

an hour ago

> mention ANY of the alternate firmwares on their discord, and you get banned

Does it surprise you that a Russian product team would use these tactics?

arkits

an hour ago

are there any chinese knock offs of the hardware? i've yet to find something that integrates all the features this well

gear54rus

2 hours ago

I can understand why that happened at least remotely. If you do all those things they refused 'officially', it might be easier for stupid government idiots to paint it as a dangerous illegal tool.

Adding the necessary hardware while refusing to support arbitrarily iLLegAl things is the best of both worlds.

hdgr

an hour ago

This. Many legit, but questionable features blown out of proportion already caused many issues with regulators who just don't want to get into details, but just delist from sales/ban the device.

And once you start talking about "jamming" and other 1337 h4x0r stuff - which is straight up illegal and can get you into trouble - on official platforms, don't get offended when that gets removed.

nekusar

an hour ago

Sure. I get why you don't want the skids jamming. But hell, it is still in your github commit history. Your all historical work was that of a attacking hacker toolkit. Jamming proves that.

Now, that absolutely does NOT excuse Adkins on the discord from people asking how to get the PSK for garage door openers, and emulating the buttons. And especially since it was being asked by owners of said doors.

But you banned people with legitimate and legal uses too.

Good riddance to you all. I've stayed with 3rd party and steered others towards better actors than yourselves.

natbennett

4 hours ago

Flipper Zero is one of the handiest little pieces of tech I’ve ever owned. Being able to copy RFID keys is occasionally fantastically useful.

mikepurvis

2 hours ago

Is... that possible? I thought the whole point is that those were a challenge-response specifically to avoid ever them disclosing over the air the material necessary to impersonate one.

jchulce

an hour ago

Keyfobs absolutely should use a secure challenge-response protocol in order to prevent cloning. Unfortunately, it's extremely common for RFID devices to simply use the tag ID which is trivially cloneable. Many of the systems that make some attempt at security still fail by using a broken protocol or a flawed implementation.

GuB-42

40 minutes ago

Some cards don't have any form of security. For example Konami "e-amusement" cards are just an ID number, which is also written on the back of the card. It is a username so to speak, the password is the PIN you enter when you start the game.

Some cards use some kind of challenge-response but are weak and are easily crackable.

Some cards have an anti-copy protection based on rolling codes, be careful with these. The idea is that when you use it to, say, open a door, the card sends a code to the reader and if correct, that code is burned and the reader replies with the next code, which is stored in the card for the next time, making every other copy (possibly including the original) unusable. If the card emulator doesn't store the rolling code, you are completely locked out.

Some cards have a proper challenge-response mechanism that works and can't be easily copied.

natbennett

an hour ago

Oh yeah that’s how you’re supposed to do it. But it’s entirely possible to set up a system that uses RFID key fobs that uh, doesn’t.

In the case where it was most useful to make copies they did eventually replace the system with one where the keys weren’t copy able. Which was better!

givc

an hour ago

I don’t know a whole lot about RFID, but some of the most basic cards can be copied very easily. When scanned, the reader always reads the same bits.

I believe there are some more secure cards, like Mifare DESFire EV3 that do provide some security. You’d be shocked how insecure most RFID readers for security cards are.

p_l

an hour ago

RFID keys vary from utterly dumb ID-based, to hackable challenge-response, to actual NFC smartcard (very rare).

Some of that can be trivially cloned.

fragmede

an hour ago

Depends on where you are. Newer systems are resistant to attack, but not everywhere has upgraded to newer systems.

gonzalohm

2 hours ago

Is this something you do often? I could see a few use cases and also for copying garage keys. But I don't think I would use it enough to justify the investment

gopalv

an hour ago

> I don't think I would use it enough to justify the investment

This is not a rational purchase - most of the rule breaking done with the zero is for fun or convenience, rather than being truly illegal.

It used to be more fun before the hotels started handing out NFC unlocks with your phone.

Still, being able to send each other a key for a hotel room on Signal is a nice trick if you are traveling with a sufficiently tech savvy group of people.

HDBaseT

25 minutes ago

You can't even clone you garage door opener key anyway.

Flipper Zero and its clones have always been pseudohacker nonsense. Fun little party trick I suppose.

natbennett

an hour ago

Nope! Only occasionally. But it’s handy on those occasions.

drunken_thor

3 hours ago

What a great tool and community they have built. I find my flipper0 is like a computer Swiss Army knife. It’s so fun to carry around a tool of my own trade.

ughitsaaron

2 hours ago

I get ads for this all the time but still have no idea what I could do with it.

devmor

2 hours ago

Anything you might want to do with a radio or IR device but don’t have specialized hardware for. It’s kind of a swiss knife/leatherman tool for short range communications standards.