Forget Flipper, How About Capybara?

October 20, 2024 by 26 Comments

One of the hacker toys to own over the last year has been the Flipper Zero, a universal wireless hacking tool which even caused a misplaced moral panic about car theft in Canada. A Flipper is cool as heck of course but not the cheapest of devices. Fortunately there’s now an alternative in the form of the CapibaraZero. It’s a poor-hacker’s Flipper Zero which you can assemble yourself from a heap of inexpensive modules.

At the center is an ESP32-S3 board, which brings with it that chip’s wireless and Bluetooth capabilities. To that is added an ST7789 TFT display, a PN532 NFC reader, an SX1276 LoRa and multi-mode RF module, and an IR module. The firmware can be found through GitHub. Since the repo is nearly two years old and still in active development, we’re hopeful CapibaraZero will gain features and stability.

If you’re interested in our coverage of the Canadian Flipper panic you can read it here, and meanwhile if you’re using one of those NFC modules, consider tuning it.

This Week In Security: Loop DOS, Flipper Responds, And More!

March 22, 2024 by 8 Comments

Here’s a fun thought experiment. UDP packets can be sent with an arbitrary source IP and port, so you can send a packet to one server, and could aim the response at another server. What happens if that response triggers another response? What if you could craft a packet that continues that cycle endlessly? That is essentially the idea behind Loop DoS (Denial of Service).

This unique avalanche of packets has been managed using specific implementations of several different network services, like TFTP, DNS, and NTP. There are several CVEs being used to track the issue, but CVE-2024-2169 is particularly odd, with the description that “Implementations of UDP application protocol are vulnerable to network loops.” This seems to be a blanket CVE for UDP, which is particularly inappropriate given that the first DoS of this sort was first reported in 2009 at the latest.

More details are available in a Google Doc. There some interesting tidbits there, like the existence of cross-protocol loops, and several legacy protocols that are vulnerable by design. The important thing to remember here is you have to have an accessible UDP port for this sort of attack to take place, so if you’re not using it, firewall it.

Flipper Flips Back

We’ve covered the saga of the Flipper Zero vs the Canadian government, in the context of car theft. The short version is that Canada has seen an uptick of car thefts from organized crime. Rather than meaningfully dealing with this problem, the Canadian government went looking for scapegoats, and found the Flipper Zero.

Well now, Flipper has responded, and put simply, the message is “stop the madness”. There has never been a confirmed case of using a flipper to steal a car, and it’s very unlikely it’s ever happened. On a modern car with proper rolling-code security, it’s not meaningfully possible to use the Flipper Zero for the theft. The two primary ways criminals actually steal cars are with dedicated keyfob repeaters and CAN bus hackers.

There is a petition to sign, and for Canadians, Flipper suggests contacting your local member of parliament. Continue reading “This Week In Security: Loop DOS, Flipper Responds, And More!”

Hackaday Podcast Episode 258: So Much Unix, Flipper Flip-out, And The Bus Pirate 5

February 16, 2024 by 2 Comments

Hackaday Editors Elliot Williams and Tom Nardi discuss all the week’s best and most interesting hacks and stories, starting with Canada’s misguided ban on the Flipper Zero for being too spooky. From there they’ll look at the state-of-the-art in the sub-$100 3D printer category, Apple’s latest “Right to Repair” loophole, running UNIX on the NES (and how it’s different from Japan’s Famicom), and the latency of various wireless protocols.

After singing the praises of the new Bus Pirate 5, discussion moves on to embedded Linux on spacecraft, artfully lifting IC pins, and the saga of the blue LED. Finally you’ll hear the how and why behind electrical steel, and marvel at a Mach 10 missile that (luckily) never needed to be used.

Grab a copy for yourself if you want to listen offline.

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast Episode 258: So Much Unix, Flipper Flip-out, And The Bus Pirate 5”

Hackaday Podcast 210: Living In The Future, Flipper Mayhem, And Samsung Moons The World

March 17, 2023 by 8 Comments

Editor-in-Chief Elliot Williams is joined this week by newly minted Development Editor (and definitely not brother) Al Williams to bring you the weekly highlights from our little corner of the Internet. Between the rapidly approaching deadline for the Low-Power Challenge to Samsung creating a fake Moon with artificial intelligence, there’s plenty in the news to get this episode started. From there, the Williams plural discuss using a webcam for cheap virtual reality thrills, an impressive expansion for the Flipper Zero, and whether or not finding a bug in the Nintendo DSi browser counts as retrocomputing. Stick around to hear about the fascinating work Joshua Vasquez has been doing with DIY light guide plates, and Arya Voronova’s deep-dive into PCI-Express.

Check out the links below if you want to follow along, and as always, tell us what you think about this episode in the comments!

Download, download, download!

Where to Follow Hackaday Podcast

Places to follow Hackaday podcasts:

Continue reading “Hackaday Podcast 210: Living In The Future, Flipper Mayhem, And Samsung Moons The World”

A circuit board card is shown, with a blue panel on one side. On the panel are switches and an RS-232 port.

Spoofing An Emergency Traffic Preemption Signal

March 8, 2026 by 41 Comments

There’s a well-known movie trope in which a hacker takes control of the traffic lights in a city, causing general mayhem or creating a clear getaway path. Unlike many Hollywood representations of hacking, this is actually possible in principle; many cities install Emergency Vehicle Preemption (EVP) systems in their traffic signals to turn them green when an emergency vehicle is approaching. To see what it would actually take to control one of these, [xssfox] reverse-engineered a Strobecom II EVP system.

Most EVP systems, particularly older ones, use a strobing infrared light to alert a traffic signal to an approaching emergency vehicle. To avoid misuse, vehicles often encode a vehicle ID in the infrared signal. There have been some claims that a Flipper Zero can trigger these systems, but none that were well-verified, and probably with good reason; anyone actually trying this against a live system is courting serious legal trouble. To see whether this was actually possible [xssfox] obtained real hardware and tried to reverse-engineer the infrared protocol.

There are two main manufacturers for optical EVP systems: GTT Opticom and Tomar Strobecom. [xssfox] managed to buy a Tomar power supply which handled the processing for signal transmission, and which worked with Opticom systems. Looking at the output of this revealed that it encoded data by skipping pulses, which should be simple enough for Flipper Zero to replicate.

To reverse-engineer the Strobecom protocol, [xssfox] managed to buy a Strobecom optical signal processor, which would normally detect an emergency signal. This worked by modulating the length of infrared pulses. After some brute-forcing, a transmitter using an Arduino Nano and an infrared LED managed to activate the preemption signal, and even to transmit a vehicle ID. It seems that Strobecom systems, at least, are fairly demanding in terms of the signals they accept; signals had to be precisely timed, and in at least some systems, a valid vehicle ID would be needed to change the light.

If you’d like to learn more, we’ve gone into the technology of North American traffic signals before.

Reverse-Engineering The Tamagotchi IR Connection

January 10, 2026 by 7 Comments

The Tamagotchi Connection is a series of Tamagotchi toys that took the original portable pet concept and mixed things up with a wireless connection, which allowed you to interact with the pets of other proud Tamagotchi owners. This wireless connection is implemented using an infrared transceiver, somewhat like IrDA, but as [Zach Resmer] discovered while reverse-engineering this connection, it’s actually what is called ‘Nearly NEC’ by [Natalie Silvanovich], who has a GitHub repository full of related Tamagotchi hacking tools and ROM dumps.

With the protocol figured out, creating a transceiver for low-bitrate infrared communication isn’t particularly hard. In this case, it was implemented using an RP2040 MCU and an appropriate IR LED and receiver pair. This Tamagometer project was also implemented as an app for the Flipper Zero, and a custom PCB called the Pico TamaBadge by [Daniel Weidman].

There’s a web application associated with [Zach]’s project using a Web Serial-enabled browser (i.e. Chrome). The serial protocol is somewhat documented in the patent for the device’s connection feature, which makes it relatively easy to implement yourself.

The Power-Free Tag Emulator

July 27, 2025 by 22 Comments

Most of you know how an NFC tag works. The reader creates an RF field that has enough energy to power the electronics in the tag; when the tag wakes up, two-way communication ensues. We’re accustomed to blank tags that can be reprogrammed, and devices like the Flipper Zero that can emulate a tag. In between those two is [MCUer]’s power-free tag emulator, a board which uses NFC receiver hardware to power a small microcontroller that can run emulation code.

The microcontroller in question is the low-power CW32L010 from Wuhan Xinyuan Semiconductor, a Chinese part with an ARM Cortex M0+ on board. Unfortunately, that’s where the interesting news ends, because all we can glean from the GitHub repository is a PCB layout. Not even a circuit diagram, which we hope is an unintended omission rather than deliberate. It does, however, lend itself to the fostering of ideas, because if this designer can’t furnish a schematic, then perhaps you can. It’s not difficult to make an NFC receiver, so perhaps you can hook one up to a microcontroller and be the one who shares the circuit.