Cyber Dolphin: The Creation of Flipper, the Hacker’s Swiss Army Knife

Hacking and pentesting are often associated with sitting at a computer, but they’re not limited to that: sometimes, you can only access certain devices or wireless networks in person. In those moments, you wish you had a hacker’s multitool that’s always at hand and lets you work in the field. While some just dream about it, others are actually building such a device and preparing it for mass production. This wonder gadget is called Flipper.

While there are portable devices for Wi-Fi interception, working with hardware in the field usually means lugging around a laptop, a suitable dev board with all kinds of firmware, several antennas, adapters, expansion boards, and an external battery for autonomy. Don’t forget a tangle of wires to connect everything, an organizer for small parts, and DIY cases to protect fragile components during transport. Sound familiar?

Pavel Zhovner—a geek, nerd, and “praying mantis” (as he describes himself on Habr)—knows this situation all too well. While organizing a CTF contest at St. Petersburg’s ZeroNights 2018, he built a vending machine with a payment terminal from scratch, running on RFID cards. To solve the problem of unreliable board mounting, he took a radical approach: he covered the PCB and components with a layer of clear epoxy resin. This was his first experience making his own gadgets, which sparked his passion for DIY electronics.

From AirDrop Pranks to Flipper’s Birth

Another key event in Flipper’s history came when security researchers turned their attention to Apple’s file-sharing protocol (AirDrop) and its security. An open-source implementation called OpenDrop appeared, making it possible to send files to iPhones from any device, not just Apple gadgets. All you needed was a Raspberry Pi to start sending images to any passerby’s iPhone—if they allowed receiving from “everyone.”

In an interview, Pavel shared how he had fun with this:

“Before iOS 13, when you sent a picture via AirDrop, its preview would show up on the phone’s screen before the recipient accepted or declined. I made a device from a Raspberry Pi Zero W with a battery that sent these images, and my friend wrote a Telegram bot, @AirTrollBot, to generate images with captions and the right aspect ratio on the fly. Phones are often named ‘Sveta’s iPhone’ or ‘Yulia’s iPhone,’ so I’d address the owners by name right on the image. I’d sit in the subway and sometimes see ten people at once. I’d bombard them all with personalized images. I met a bunch of people this way and even went on speed dates on my way from the subway to work. The bot could add a Telegram nickname to the image, and many figured out to message me. And you could anonymously send jokes to guys—like, if you saw it was Vadim’s phone, you’d send ‘Vadim is a loser!’ and watch him look around confused. It was hilarious.”

But the Raspberry Pi has no display, so you can’t see what’s happening, the bare PCB tears up your pockets, it’s easy to damage, and 3D-printed cases look cheap and are inconvenient. Every time you try to assemble something from off-the-shelf modules, you end up with a shapeless “sandwich” of boards that falls apart at the slightest touch.

Inspiration: Pwnagotchi, Cybiko, and Tamagotchi

The pwnagotchi project gave Flipper a push in the right direction. This adorable virtual pet “feeds” on handshakes that wireless controllers send when creating new connections. In active mode, it collects WPA handshake packets by deauthenticating users and forcing connections to drop, speeding up the process. Don’t be fooled by its cute appearance—inside, it runs neural networks with short-term memory and reinforcement learning, helping it optimize traffic interception and analysis.

But Flipper wasn’t just inspired by Tamagotchi. Old-school folks might remember the Cybiko personal communicator, which let users create dynamic wireless networks in the early 2000s. Expansion modules added features like MP3 playback and SmartMedia card reading. With a solid library of apps and games, it built a community of passionate users.

These influences shaped Flipper’s main traits: a universal pocket tool for exploring wireless networks, an open project anyone can modify, and a cute Tamagotchi-style mascot to give it personality.

Design and Appearance

The Flipper team spent a lot of time finding the right form and designing the case. First, they wanted a finished look that would stand out from other hacker devices (many of which are just bare PCBs). Second, the device had to be compact, durable, and convenient for on-the-go use.

The case also had to house all the internal antennas for wireless interfaces (more on those below) and several connectors. This wasn’t easy: the available peripherals changed several times, and the PCB’s size and shape went through multiple iterations, requiring constant adjustments to the case design.

As you’ve probably noticed, Flipper has a unique look. The project’s mascot (and Tamagotchi character) is a cyber dolphin—a nod to William Gibson’s “Johnny Mnemonic” (a classic cyberpunk author) and to dolphins’ natural curiosity and echolocation, which lets them sense the world through waves. The case’s curves even mimic a flipper (the English word for a dolphin’s fin).

The stylish look is thanks to the DesignHeroes industrial design studio, whom Pavel met at the “Neuron” hackspace. They already had extensive experience designing and manufacturing cases for electronic devices from various materials. They helped with sketches, 3D models, and the first printed prototypes.

Display

Pavel considers the display one of the key components and can talk for hours about the pros and cons of different technologies. For portable, battery-powered devices, display backlight power consumption is crucial—if it’s too high, battery life suffers.

E Ink screens are the most energy-efficient, and pwnagotchi uses one. Unfortunately, they have slow refresh rates (about a second), so even simple menu navigation can take a while. Partial refreshes leave visible “ghosting” from previous images.

Flipper uses a classic graphic LCD with 128×64 resolution and a 1.4-inch diagonal. The monochrome image has good contrast, so it’s visible even in bright sunlight, and low power consumption (about 400 μA without backlight) means the display can always show current info.

The ideal for a hacker device would be a Sharp memory display, which can update the image every few seconds in standby while putting the rest of the device to sleep. The image stays on screen, as used in modern smartwatches and fitness bands. But these displays are still expensive (about $20), which doesn’t fit Flipper’s budget.

Processor Choices

Raspberry Pi

Flipper was originally based on the cheap ($10) Raspberry Pi Zero W single-board computer, released in 2017. It combined a single-core ARM CPU, 512 MB RAM, GPIO, USB, and Wi-Fi/Bluetooth. A strong community formed around it. Despite low performance and overheating issues, these were tolerable.

When enthusiasts found a way to enable monitor mode with packet injection on the Wi-Fi adapter (using nexmon patches), Kali developers added official support for the Pi in their Linux builds. The result was an almost perfect tool for hackers and pentesters—lacking only battery power circuitry, sleep mode, and some peripherals for other wireless protocols.

The Flipper team planned to use a low-power microcontroller alongside the Pi, keeping it always on for simple attacks and waking the main CPU for heavy tasks.

But they had to abandon the Pi. No supplier was willing to sell batches of a thousand units at once. The Pi Zero is produced cheaply, distributed to big distributors, but only a few units reach end users at a time. The Pi (or at least the budget version) is sold at near cost, just breaking even. For industrial use, the Raspberry Pi Foundation recommends the Compute Module, but it costs $40.

i.MX6

With the Pi out, the team decided to build Flipper from scratch using an existing SoC (System-on-Chip). Not all manufacturers are willing to work with small companies ordering just a few thousand chips.

They chose the i.MX6 ULZ, a stripped-down single-core Cortex-A7 without a GPU or some interfaces. Performance is similar to the Pi, but i.MX6 is much more energy efficient.

Unfortunately, the team hasn’t found a suitable Wi-Fi adapter yet. The ideal module would support modern wireless standards, work on 2.4 GHz and 5 GHz, allow monitor mode via third-party patches, and be cheap in bulk (under $10). If you know of one, let the team know on their forum.

STM32

While the “big” hardware (CPU and wireless adapter) stalled, the rest of the circuit and microcontroller progressed. The core is the STM32L412 microcontroller (80 MHz, 128 KB flash, 40 KB RAM). Compared to the well-known F4 series, these are newer but already popular for low power use and modern peripherals.

In Flipper, the microcontroller not only handles button presses and relays them to the main CPU, but also manages low-speed wireless interfaces and the display. The dolphin Tamagotchi also runs on the microcontroller, always ready to respond to its owner. Seeing all this in action, the team realized: why not make this a standalone device?

And so, Flipper Zero was born.

Flipper Zero: Features and Interfaces

The first device Pavel and his team will release is Flipper Zero—the microcontroller version. The full computer with Wi-Fi module, Flipper One, is still in the planning stage.

433 MHz

Flipper uses several chips for wireless communication. One is the CC1101 from Texas Instruments, which lets Flipper operate at 433 MHz with multiple modulation types: 2FSK, 4FSK, GFSK, and MSK. This frequency is used by simple devices like sensors, doorbells, and gates.

Common protocols include KeeLoq, Came, and DoorHan. Flipper’s built-in analyzer helps you identify which protocol you’re dealing with. Even if it can’t detect the exact protocol, it can at least replay a previously recorded signal.

Like most Tamagotchi, Flipper can communicate with other Flippers at this frequency, so you can play and interact with nearby owners.

RFID

The next wireless interface targets access cards with NFC antennas, like the EM-4100. These have a simple data format, so Flipper can easily read, copy, and emulate existing cards. You can even send a card’s ID to another Flipper.

Infrared Port

Modern gadgets rarely have IR ports, but there’s still plenty of equipment that uses them—TVs, air conditioners, audio systems. Flipper’s memory includes basic commands for popular models. Teaching Flipper to work with your device is easy: just point the original remote and press the needed buttons in sequence. Flipper will remember and replay them on command.

GPIO Pins

For those who like low-level hardware interaction, Flipper exposes GPIO pins from the microcontroller on one side. Along with power and basic digital signals, you get access to peripherals like ADC, SPI, UART, I2C, PWM, and more. This lets you connect other components and expand Flipper’s capabilities. It’s unclear if expansion boards (like Arduino or Raspberry Pi) will be supported, since Flipper is meant to be a finished device.

USB-C

The original Pi-based Flipper had many ports: several USBs, MicroHDMI, and a memory card slot. The STM32 version has just one USB port for charging and reprogramming (the microcontroller comes with a bootloader). In 2020, Type-C is finally becoming a standard, so if you have a power supply for a Pi 4, you can use it to charge Flipper too.

More importantly, the STM32F412 microcontroller can act as a USB Device, so with the right firmware, Flipper can appear to your computer as an HID device, a flash drive, or a COM port (though probably not all at once).

Crowdfunding and Release Plans

Currently, Flipper exists as prototypes. Until mid-spring, new working versions were regularly made in China and shipped to the developers in Russia. The coronavirus pandemic caused delays, so the team had to adjust their timeline. They now plan to launch a crowdfunding campaign for mass production and go live on a crowdfunding platform in May. The first units will reach backers no earlier than winter, and we’ll be sure to review it when it arrives.