[80] Flipper Zero - "Rolling Flaws" application

  Рет қаралды 20,662

Derek Jamison

Derek Jamison

Күн бұрын

Пікірлер: 88
@N0B0DY_SP3C14L
@N0B0DY_SP3C14L 9 ай бұрын
Fucking sick app, dude. Looking forward to updates as well. Thanks for the solid explanation vids as well.
@Savage.735
@Savage.735 Жыл бұрын
Hi I have a PandwaRF Rogue Pro and a flipper zero you thank that I can use it with the flipper zero nice work you doing love to see more thanks for being here for us all ❤👍💯
@MrDerekJamison
@MrDerekJamison Жыл бұрын
I hadn’t heard of the PandwaRF Rogue Pro & Kaiju software. That looks really interesting. It looks like it can derive the keys? The mentioned Keqloq - do you know if it work with Genie (Intellicode) garage door?
@EvilGPT
@EvilGPT Жыл бұрын
Excellent work Derek. I would like to use this application very much.
@EvilGPT
@EvilGPT Жыл бұрын
I've attempted to download through Flipc but I cannot locate the application.
@MrDerekJamison
@MrDerekJamison Жыл бұрын
@@EvilGPTSorry, I released the video before I did the build. You can install from flipc.org/jamisonderek/flipper-zero-tutorials?root=/subghz/apps/rolling-flaws
@MrDerekJamison
@MrDerekJamison Жыл бұрын
I just updated with a new version. Be sure the second line in the "About" screen shows a version number that matches the latest (NOTE: version 1.0 didn't have any version information). Right now, that version should be "version 1.2". Thanks again for the support & don't forget to join my discord server to give feedback.
@AttractionSpot
@AttractionSpot 10 ай бұрын
Do you know if this will work with my Genie Garage door opener that has rolling code? Ir is there other stuff involved with this? I saw someone made a genie recorder but you have to like hard wire the garage remote to the flipper zero and change and add a bunch of code to get this to work and it just seemed so confusing to me.
@MrDerekJamison
@MrDerekJamison 10 ай бұрын
I am that someone. Genie Recorder v3 is coming out next week & is a lot less confusing (but it still takes 3 days to create the initial .GNE file). 😀. Sadly, the Rolling Flaws app won’t help with Genie. Genie using rolling codes similar to KeeLoq but at twice the speed and with a MF key that nobody will share with us Flipper owners. Without the MF key, we can’t decode a remote signal and figure out the next count/key. I plan on doing some giveaways on my Discord server for .GNE files (it takes me 3 days to make a file and costs me around $5 - I buy a cheap remote to extract the codes). In v3 you can just sync your Genie receiver to a Flipper with a .GNE file & open the door with the Flipper! No more messing with firmware or anything. Hopefully the app will get added to the app hub in next couple of weeks & RogueMaster will probably update to v3 next week.
@lolik1312
@lolik1312 10 ай бұрын
I understand not very good , can i open my car with rolling flaws and i don’t know but my application is the highest 433,92 then goes 868,35 but my car key is 434,17 and its rolling code on car
@MrDerekJamison
@MrDerekJamison 10 ай бұрын
No. Flipper cannot open cars. It can do some gates/doors, but not all.
@lolik1312
@lolik1312 10 ай бұрын
@@MrDerekJamison :(
@godjhaka7376
@godjhaka7376 9 ай бұрын
@@lolik1312 instead of be sad, why not gain knowledge and create a method yourself? Knowledge is power.
@RainCall13
@RainCall13 5 күн бұрын
The first attack in your video doesn’t seem to be opening eventhough I’m setting it up to „replay attack - yes“. I’ve made sure to have my settings just like in your video. Every other test works perfectly fine.
@brunoaduarte
@brunoaduarte Ай бұрын
4:17 can this be done with Momentum firmware?
@MrDerekJamison
@MrDerekJamison Ай бұрын
Yes. I made this video forever ago, back when the firmware support for rolling code wasn't as solid as it is today. I highly recommend just using Momentum/RogueMaster/Unleashed for replaying rolling codes. At this point, the app is only helpful if you want to practice hand crafting KeeLoq codes and don't have a KeeLoq receiver to try to attack (but do have a second Flipper Zero).
@MrDerekJamison
@MrDerekJamison Жыл бұрын
I'll be updating the application periodically, so be sure to keep grabbing the latest version & join my discord server for updates! I've added a "version" to the about screen, the flipc.org description and the flipc.org first screenshot. You can install from flipc.org/jamisonderek/flipper-zero-tutorials?root=/subghz/apps/rolling-flaws or looking in the "Sub-GHz" folder of flipc.org. On both Official & Unleashed for me, flipc does NOT launch the apps. It runs when I use my Flipper, press OK & choose "Apps/Sub-GHz/Subghz Rolling Flaws" in the menu. Important -- make sure to choose "Apps" and not "Sub-GHz" from the main menu.
@h孙
@h孙 10 ай бұрын
What should I do now that the website cannot be installed? Other methods are too difficult.
@AlexNielsen-w1l
@AlexNielsen-w1l 4 ай бұрын
@@MrDerekJamison hi can ypu send me plz your telegram i need helt to upgrade my flipper zero
@AlexNielsen-w1l
@AlexNielsen-w1l 4 ай бұрын
@@MrDerekJamison help
@Xlarge_t-shirt
@Xlarge_t-shirt 9 ай бұрын
Hi Derek I know that you said you can’t open cars with a flipper but I’ve seen videos and post. I was wondering if you could explain how that would be possible
@MrDerekJamison
@MrDerekJamison 9 ай бұрын
There is frequency we transmit on, the carrier frequency. Then there is modulation (AM650, FM95, etc.) for how we determine when there is signal. Then there is encoding (like Manchester, ConstOn/VariableOff, etc.) that is how we interpret signal to make up a bit. Then there is the raw data (bunch of 0s and 1s bits). Then there is the parsed data (like preamble, fix [constant data], hop [changing data]). If you capture a "RAW" signal, when you play it back it will be similar to the original (but the modulation may lose some data, like you can't reproduce variable amplitudes with the CC1101). Assuming the vehicle was using 2FSK or OOK then there isn't really amplitude data, so that would be fine. Next there is the concept of a "Count" in many protocols. You don't just send "Open" to vehicle 123, you actually send "Veh123,Open,44" and next time you send "Veh123,Open,45" and then "Veh123,Open,46". If you just keep sending "Veh123,Open,44" it should only work one time [but there are flaws in some receivers that allow same code to work]. If the code doesn't work, the receiver can decide what to do... the most secure thing to do would be to disable that remote and never allow "Veh123" remotes again -- so take to the dealership and reprogram the vehicle to a new key fob (of course, this isn't most secure if you are coming from perspective of "denial of service" attacks, where someone records your signal and keeps playing it back so that your fob no longer works). The least secure thing to do is to open the door every time the command was for "Veh123" and "Open" regardless of the counter. It really just depends on the receiver. I generally only test on devices I own, so I have very limited experience with vehicle receivers -- I mostly just tried looking at the signal from various fobs (which only tells part of the story).
@paolocasareto2491
@paolocasareto2491 Жыл бұрын
Congratulations Derek, great job. Hi, I've had the Flipper Zero for a few days and I managed to have the control unit in my garage recognize the Flipper Zero via your app, and it works perfectly. But when I exit your app it obviously loses all the values. I couldn't find where to save the data to be able to recall it and emulate the remote control. Is it me who can't find how to do it or is it not possible?
@MrDerekJamison
@MrDerekJamison Жыл бұрын
I answered in Discord, but for people reading the comments and not on Discord (I recommend you join discord). discord.com/invite/NsjCvqwPAd The short answer is in non-official firmware you can use the Sub-GHz app to Read/Load a .SUB file for known protocols.
@EvilGPT
@EvilGPT Жыл бұрын
I think Im experiencing a bug, or some type of misconfiguration. When I transmit a signal with this application it sends a really long signal broken into three parts. I have tested on two Flippers running Rogue Master. I will flash them both with Unleashed and report my results.
@MrDerekJamison
@MrDerekJamison Жыл бұрын
Hopefully that was fixed in version 1.3? The issue was some firmware try to send the signal 100 times.
@mosquitos1989
@mosquitos1989 7 ай бұрын
could you test on FAAC SHL 868mhz?
@adzowndu4492
@adzowndu4492 Ай бұрын
Is this coming to the flipper lab app
@MrDerekJamison
@MrDerekJamison Ай бұрын
No. I wrote the rolling flaws application a long time ago. I found most people wanted to use it for stuff that the custom firmware (Unleashed, RogueMaster, Momentum) can already do a better job at -- receiving/sending rolling codes. Very few people actually wanted to use the app to create a "rolling code receiver" to practice their hacking skills against.
@jokolaksono9582
@jokolaksono9582 Жыл бұрын
Can this be used to unlock rolling code cars?
@MrDerekJamison
@MrDerekJamison Жыл бұрын
A car typically uses a MF code that isn't known, so it won't work. If your car happens to use KeeLoq protocol (there are a bunch of protocols and Keeloq is only one of them) and you knew the MF code; then you could use your Flipper to transmit the signal. The "Rolling Flaws" application is intended to teach you about rolling codes; and not the best tool for send codes. A better solution for sending codes would be an unofficial firmware, like RogueMaster, and their Sub-GHz tools. Again though, without the MF code & proper frequency, it likely won't work. github.com/RogueMaster/flipperzero-firmware-wPlugins When using rolling codes on vehicles, realize that some vehicle may become out-of-sync with the remote, and require a complex process to get back in sync.
@jokolaksono9582
@jokolaksono9582 Жыл бұрын
@@MrDerekJamison I use flipper zero with rough master software. Cars with after market remotes that capture results can be used repeatedly and successfully. different from the original remote in the car. Capture results can only be used once. Can you share how to make sure that the OEM remote that you copied on the Flipper Zero can continue to be used like the default remote?
@MrDerekJamison
@MrDerekJamison Жыл бұрын
I believe *most* vehicles use either and unsupported protocol or a MF key that is unknown to the Flipper; so you likely can’t clone an existing remote from a new car. And if you do clone it, you will likely make the existing remote out of sync. I was unable to clone a remote I owned for a previous car, as the protocol was unknown. Capturing with Bin_RAW, I can see the static and dynamic bits, but have no way to encode a counter to create the next dynamic code. I was also unable to clone a Genie remote, since I don’t know the MF code (64-bit number) but I was able to capture all 65536 codes from my remote so I am able to use a Flipper Zero to replace the original Genie remote (but I’m not anyone else’s Genie door unless they first pair it to my Flipper).
@jokolaksono9582
@jokolaksono9582 Жыл бұрын
@@MrDerekJamison I can only use the read & raw menu for the default car remote once, even though read & raw is for the rolling code remote
@jokolaksono9582
@jokolaksono9582 Жыл бұрын
@@MrDerekJamison there is a WhatsApp or telegram number bro
@h孙
@h孙 10 ай бұрын
The installed website cannot be opened now. I hope it can be repaired. I really want to use this
@MrDerekJamison
@MrDerekJamison 10 ай бұрын
Just install CFW (custom firmware) and use the built-in Sub-GHz app, it does everything the app can do -- unless you are actually trying to "simulate a receiver" with a flaw (like replay attack) for testing your security skills. In that case, recursively clone your firmware repo, and then copy the rolling flaws application to the applications_user folder and use FBT to deploy the app to your Flipper Zero. Then use qFlipper to install the TGZ file from the dist folder.
@markissfk818
@markissfk818 10 ай бұрын
thanks you so much information
@adrenalineshi
@adrenalineshi 8 ай бұрын
Wait do you must have 2 flippers for these to work?
@MrDerekJamison
@MrDerekJamison 8 ай бұрын
Yeah. The core "Rolling Flaws" application was intended to become a device that you could practice hacking (with your second Flipper). I had wanted to port it to ESP32+CC1101, since many people have those extra components already, but I never spent the time doing that. For people that want to use the app to clone/play a rolling code, you are better off using unofficial firmware and the built-in sub-ghz app.
@ericcelrosu2912
@ericcelrosu2912 Жыл бұрын
Every time you do a raw record you set the rssi threshold to - 75 or below. Why is that?
@MrDerekJamison
@MrDerekJamison Жыл бұрын
I have neighbors with devices in same frequencies that seem to be sending signals often. If I don’t set RSSI, the Flipper Zero receives their devices & just continuously receives signals (which I’ll end up rebroadcasting - sometimes messes up my signal & also makes .SUB file bigger and harder to understand later if I visualize the file).
@LivelyBenjamin
@LivelyBenjamin Жыл бұрын
So you'll be able to use the program automaticly when you try to send signals to the rolling code and then it automaticly find the next code to send or what?
@LivelyBenjamin
@LivelyBenjamin Жыл бұрын
And should you have 2 flippers to make it work?
@MrDerekJamison
@MrDerekJamison Жыл бұрын
@@LivelyBenjaminCurrently it requires two Flippers, in the future I'll probably make it work with an ESP32+CC1101 and not need a Flipper. People want to try hacking rolling codes, but they don't have anything to practice against. I'm in a rental house, so I don't even own the garage door! The goal of the application is to simulate different receivers, so you can practice hacking rolling codes (choosing the security flaws) without risking a remote or receiver desync. Most of the unofficial firmware will do things like find the next code, so that is a good choice for running on the other Flipper Zero when you are just starting out.
@LivelyBenjamin
@LivelyBenjamin Жыл бұрын
Maybe there'll be a more easier way to do it in the future? And of course not risking losing the remote.@@MrDerekJamison
@MrDerekJamison
@MrDerekJamison Жыл бұрын
Is there any interest from people for me to try to port this to ESP32 or Arduino? If we port the application, then instead of a Flipper to run this application, you will need an extra ESP32-S2+CC1101? My assumption is lots of Flipper owners probably have those devices (ESP32-S2 for WIFI + CC1101 for 433MHz distance) but don't have access to a second Flipper Zero. They would just need to rewire them together and flash with the ported app -- I've never ported a Flipper app, so no idea how much effort is involved, but my guess is it's a lot. I only want to do if it lots of people say they want it. Otherwise, I'll continue spending time on my WIKI (github.com/jamisonderek/flipper-zero-tutorials/wiki)
@EvilGPT
@EvilGPT Жыл бұрын
add it as an option. Again, great work. This is one of my new favorite apps!
@jean-jeromecsernak1102
@jean-jeromecsernak1102 Жыл бұрын
Hi Derek, do you think that if you port the app on esp32-s2 it will work on esp32-s3 ? Because I haven't s2 module and hope S3 will replace it in the futur.😊
@ic3_2k
@ic3_2k Жыл бұрын
I dont find It, is at the sub_ghz menu? I installed unleashed version with 062e
@MrDerekJamison
@MrDerekJamison Жыл бұрын
Thanks! It looks like my latest commit with all my bug fixes didn't get pushed. I just pushed it now.
@ic3_2k
@ic3_2k Жыл бұрын
Thanks Derek great work!!! Installed v36, I must try with v35? Is there any kind of install log we can check?
@MrDerekJamison
@MrDerekJamison Жыл бұрын
@@ic3_2kI just added a version to the about screen, so you can quickly tell what version you have. I haven't been doing a changelog (list of bug fixes/features), but I'll try to add that going forward. Right now, the only bug I know about is that if you mod your firmware to send repeat signals (following steps in the readme), then try a rollback, the second RAW send will Open but then it immediately closes because it thinks it's a replay attack [because you send the signal more than 1 time in a RAW capture]. I should have that bug fixed later today, but I want to make sure I'm doing the proper level of testing before I release fixes.
@ic3_2k
@ic3_2k Жыл бұрын
@@MrDerekJamison I mean that I've installed two versions of "Subghz Rolling Flaws" the v36.0 and the v35.0, both behave equal for me, on hit install in flipc the flipper buzz two times, and nothing happens when I hit 'run on flipper' and if i reload the page the button change to install... Also I just flashed OFW and installed 'SubGhz Rolloing Flaws v35.1" with same result as with unleashed v0.62e
@MrDerekJamison
@MrDerekJamison Жыл бұрын
On both Official & Unleashed for me, flipc does NOT launch the apps. It runs when I use my Flipper, press OK & choose "Apps/Sub-GHz/Subghz Rolling Flaws" in the menu. (Make sure to choose "Apps" and not "Sub-GHz" from the main menu) Are you able to join my discord server to troubleshoot? Invite in my about page.
@mateuszspawiec2247
@mateuszspawiec2247 Жыл бұрын
hey, on the flipc site ther is build error
@MrDerekJamison
@MrDerekJamison Жыл бұрын
Which firmware? For xtreme firmware you need to be on dev branch. (Their official doesn’t support the same APIs and flipc doesn’t seem to provide a way to conditionally compile based on fireware&channel.)
@mateuszspawiec2247
@mateuszspawiec2247 Жыл бұрын
oh, i didnt saw that haha, sorry @@MrDerekJamison
@3DComputing
@3DComputing Жыл бұрын
Full on, thanks
@MrDerekJamison
@MrDerekJamison Жыл бұрын
Welcome 👍. I want to add a few more features to it next week, like sending an IR signal when you get a good code.
@my-rules
@my-rules Жыл бұрын
Ty/ Derek.
@MrDerekJamison
@MrDerekJamison Жыл бұрын
Any features you were hoping I would add? I think I want to make it send an IR signal when it does Opened! so that it can turn on my TV or something.
@ZeroCtr1
@ZeroCtr1 Жыл бұрын
good shit
@MrDerekJamison
@MrDerekJamison Жыл бұрын
Thanks. I just released version 1.5 of the app, which now supports pressing LEFT/RIGHT to change the count and OK to switch to "Closed" and flush the radio (so you can attempt a replay attack without needing custom firmware).
@martinospapantoniou4491
@martinospapantoniou4491 Жыл бұрын
Roguemaster?????
@MrDerekJamison
@MrDerekJamison Жыл бұрын
No, this is a receiver app to practice rolling code flaws, instead of trying it on the actual device and getting your remote out of sync (or if you don’t own the device). RogueMaster is a firmware that can execute some of those flaws, if the MF is known.
@martinospapantoniou4491
@martinospapantoniou4491 Жыл бұрын
@MrDerekJamison for roquemaster I mean is available?
@MrDerekJamison
@MrDerekJamison Жыл бұрын
@@martinospapantoniou4491 Sorry, yes it is in "Apps/Subghz/Sug-GHz Rolling Flaws". NOTE: The "SN00/cfw" & "SN Bits" settings doesn't work but everything else does! It will always treat a 00 in the decrypted data as matching ANY serial number & it will only compare 8 bits. If you need to enable those features, reach out to me in Discord (discord.com/invite/NsjCvqwPAd) and I'll help you edit the RogueMaster firmware to support those features.
@martinospapantoniou4491
@martinospapantoniou4491 Жыл бұрын
@MrDerekJamison Mr Derek , really thnQ for ur help. From all these nerds outside there, u r the best 😀. In discord everytime when we ask something, one smartasshole answers like he is a king. Once again, thank you for the suppor, SIR.
@MrDerekJamison
@MrDerekJamison Жыл бұрын
Thank you. A year ago, I was afraid to upgrade my firmware, knew nothing about this RF stuff & I still no nothing about the NFC/RFID/BLE features on the Flipper Zero. I'm always trying to learn and teach. I hope that I've built a community where more knowledgeable people choose to correct me instead of saying just saying I don't know stuff. At least in my Discord server, it seems everyone will try to help (unless you are trying to do something illegal). There is still so much for me to learn, but I guess that's good because it means plenty of future videos for my KZbin channel. 🤣 I'm thankful for this amazing community and the various sub communities I'm a part of for the Flipper Zero.
@IDME_project
@IDME_project 8 ай бұрын
pls u can add a Italian subtitle
@MrDerekJamison
@MrDerekJamison 8 ай бұрын
I think I have enabled auto-subtitles for all supported KZbin languages. For English, I typically use AI to transcribe and then edit the text. "Rolling Flaws" is for people that want to practice attacks. You can use your Flipper as a receiver. If you want to do the attack, you should use custom firmware and the Sub-GHz application instead.
@brilliant13675
@brilliant13675 4 ай бұрын
Ypi have to have 2 flippers to have this work +
@MrDerekJamison
@MrDerekJamison 4 ай бұрын
Yes. I was thinking of making it: 1 flipper + ESP32+cc1101; but I don’t think there is enough demand for the app & I’d rather focus on other projects/tutorials.
@AlexNielsen-w1l
@AlexNielsen-w1l 4 ай бұрын
Can i use a flipper zero and a portapack also to open car
@AlexNielsen-w1l
@AlexNielsen-w1l 4 ай бұрын
​@@MrDerekJamisoncan i also use portapack and flipper zero if i dont have 2 flipper zero to open car
@brilliant13675
@brilliant13675 4 ай бұрын
@@AlexNielsen-w1l yes but the method is different, I've gotten Into my car with a portapack plus flipper
@brilliant13675
@brilliant13675 4 ай бұрын
So this won't work with just one flipper? I can't receive a signal and play it like in the video? ​@@MrDerekJamison
@33kenpachi
@33kenpachi 5 ай бұрын
i will test it tommorow with my intraton remote
@MrDerekJamison
@MrDerekJamison 5 ай бұрын
Some of the custom firmware does a good job with many remotes. If your remote is used for anything important, be aware of getting it out of sync. Some devices have an easy way to resync remotes, but some require more complex procedures (or the manufacturer charges you to resync).
@AlexNielsen-w1l
@AlexNielsen-w1l 3 ай бұрын
@@MrDerekJamison can i by pass rollingcodes whit this firmware if i habe 2 flipper zero if iam beside my car
@MrDerekJamison
@MrDerekJamison 3 ай бұрын
@@AlexNielsen-w1l I'm not aware of any app that does this. Different cars use different techniques. For Sub-GHz, where you actively press a button on the remote, I suppose it's possible for one Flipper to be near the remote (listening) and then send a signal via Sub-GHz different frequency or wifi (if ESP32 attached to GPIO) to a second Flippper, which could then play the original Sub-GHz signal (which would still be valid since the car hasn't heard signal yet).
[79] Flipper Zero - Overview of Official Firmware
9:34
Derek Jamison
Рет қаралды 3,9 М.
[76] Flipper Zero - Rolling Codes Part 1 : Security+1.0
11:21
Derek Jamison
Рет қаралды 55 М.
Mom Hack for Cooking Solo with a Little One! 🍳👶
00:15
5-Minute Crafts HOUSE
Рет қаралды 23 МЛН
It works #beatbox #tiktok
00:34
BeatboxJCOP
Рет қаралды 41 МЛН
Леон киллер и Оля Полякова 😹
00:42
Канал Смеха
Рет қаралды 4,7 МЛН
This Flipper Zero GPIO Board Does EVERYTHING!!!
20:17
Talking Sasquach
Рет қаралды 42 М.
[78] Flipper Zero - Rolling Codes Part 3 : Hacking openers
10:56
Derek Jamison
Рет қаралды 28 М.
[81] Flipper Zero - Rolling Codes part 5 : Security+2.0
25:52
Derek Jamison
Рет қаралды 9 М.
Install Custom Firmware and Hack Phones
8:22
CorSecure
Рет қаралды 62 М.
KNOW THIS ABOUT THE FLIPPER ZERO...
12:32
andy kirby
Рет қаралды 324 М.
[142] Flipper Zero: FlipperHTTP (Internet apps!)
25:53
Derek Jamison
Рет қаралды 3 М.
Flipper Zero Wifi Hacking has Never Been Easier!  Updated for 2024!
25:09
Talking Sasquach
Рет қаралды 295 М.
Want to HACK with a FLIPPER ZERO? ||  MEGA GUIDE
22:42
Rithim
Рет қаралды 88 М.
Mom Hack for Cooking Solo with a Little One! 🍳👶
00:15
5-Minute Crafts HOUSE
Рет қаралды 23 МЛН