One of the first things was reflashing the device with Momentum firmware. I’ve ordered a Wi-Fi Dev Board, so I can use Marauder.
Here are some qFlipper screenshots.
Will add pictures and info about the Wifi dev board.
Some information:
The Flipper Zero is a versatile multi-tool for geeks, hackers, and hardware enthusiasts. It is designed as a portable, open-source device with numerous capabilities for interacting with digital systems and hardware. Here’s an overview of what the Flipper Zero can do:
1. RFID and NFC Communication
Read and Emulate: Supports RFID cards (low-frequency 125 kHz) and NFC cards (high-frequency 13.56 MHz). It can read, emulate, and clone certain types of RFID/NFC tags, such as access cards and contactless payment cards (within legal limits).
Protocols Supported: Includes MIFARE, HID Prox, and others used in access control systems.
2. Sub-GHz Radio Transmission
Works with a wide range of sub-GHz frequencies (300-900 MHz) used in garage door openers, key fobs, IoT devices, and wireless sensors.
Transmit and Analyze: It can capture, analyze, and even replay radio signals for research and testing purposes.
3. Infrared (IR) Control
Universal Remote: The Flipper Zero has an IR transmitter/receiver that allows it to control TVs, air conditioners, and other IR-enabled devices.
It can learn IR commands and replay them for universal control.
4. GPIO Pins for Custom Projects
Hardware Hacking: Provides GPIO (General Purpose Input/Output) pins for connecting to external hardware.
You can use the GPIO pins to interact with sensors, control relays, or debug devices like routers or microcontrollers.
5. Bluetooth and Wi-Fi (with Modules)
Bluetooth LE: Built-in Bluetooth Low Energy support allows communication with BLE-enabled devices.
Wi-Fi: Optional Wi-Fi dev board attachment (like the ESP8266 or ESP32) expands its capabilities for network penetration testing or IoT device research.
6. BadUSB and HID Attacks
Emulate USB Devices: Can act as a USB keyboard or mouse for automating tasks or security testing.
Useful for penetration testing with scripts (similar to tools like Rubber Ducky).
7. Universal Debugging
The Flipper can debug and interact with devices via UART, SPI, and I2C protocols, making it a powerful tool for developers and hackers.
8. Tamagotchi Mode
Includes a fun “pet” feature where you care for and interact with a digital creature that grows and evolves based on how you use the device.
9. Extensible and Open Source
The Flipper Zero’s firmware is open-source, allowing developers to modify and expand its capabilities.
It supports custom plugins, applications, and firmware modifications.
10. Signal Analysis and Replay
Capture, analyze, and replay signals (e.g., remote controls) for testing and research.
Legal Disclaimer: Using these features responsibly and within the bounds of the law is crucial.
Common Uses
Security auditing and penetration testing.
Reverse engineering and debugging hardware.
Researching IoT devices and wireless communications.
Fun DIY projects and learning electronics.
The Flipper Zero is a powerful tool, but its legality depends on how it is used. Be sure to respect laws and ethical guidelines when exploring its capabilities.
I reversed engineered the workings, and created a python upload script to push images.
Original workings are a mess. Per 4 bit of color, high-low switched in a byte. Black and red separated. Using a till p encoding over curl commands.
My implementation uses a python script called as:
python3 epaper-pusher.py ~/Downloads/Untitled.png
http://10.1.0.99/EPDI_
30 times something like
http://10.1.0.99/ppppppppppppppppppppppppppppppppppppppppppppppppppppppaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbbbbppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppiodaLOAD_
http://10.1.0.99/NEXT_
30 times something like
http://10.1.0.99/pbcdefghijjjjjjffffffoooooooaaabbbbbbeeeedddppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppiodaLOAD_
http://10.1.0.99/SHOW_
NOTES:
a = 0000
-
-
-
p = 1111 = 15
30 lines with 1000 bytes ( ending with iodaLOAD_ )
black pixels
first block 1
second block 0
red pixels
first block 0
second block 1
white pixels
first block 1
second block 1
PIXEL Example
RBRB
BWBW
First block
1010 - letter K
0101 - Letter F - second nibble = white
Second block
0101 - Letter F
1111 - Letter P - second nibble white
Code
from PIL import Image
import numpy
import requests
url="http://10.1.0.99/"
black_pixels = numpy.zeros((400,300))
red_pixels = numpy.zeros((400,300))
def classify_pixel_color(pixel):
"""
Classify a pixel as black, white, or red.
"""
r, g, b = pixel[:3] # Ignore alpha if present
# Define thresholds for classification
if r < 128 and g < 128 and b < 128:
return 'black'
elif r > 200 and g > 200 and b > 200:
return 'white'
elif r > 128 and g < 100 and b < 100:
return 'red'
else:
return None
def process_image(image_path):
"""
Process the image and classify its pixels into black, white, or red.
"""
image = Image.open(image_path)
image = image.convert("RGB") # Ensure the image is in RGB mode
width, height = image.size
pixel_data = image.load()
color_counts = {'black': 0, 'white': 0, 'red': 0}
for y in range (0, 299):
for x in range (0, 399):
black_pixels[x][y] = 0
red_pixels[x][y] = 0
for y in range(299):
for x in range(399):
color = classify_pixel_color(pixel_data[x, y])
if color:
color_counts[color] += 1
if color == 'black':
black_pixels[x][y] = 1;
if color == 'red':
red_pixels[x][y] = 1;
if color == 'white':
black_pixels[x][y] = 1;
red_pixels[x][y] = 1;
return color_counts, black_pixels, red_pixels
def number_to_letter(num):
"""
Translates a number from 0 to 15 into a corresponding letter (a-p).
Args:
num (int): The number to translate.
Returns:
str: The corresponding letter (a-p).
"""
if 0 <= num <= 15:
return chr(ord('a') + num)
else:
raise ValueError("Number must be between 0 and 15, inclusive.")
def print_array_in_chunks(array, chunk_size=1001):
current_chunk = ""
for item in array:
# Convert item to string and add to the current chunk
item_str = str(item)
if len(current_chunk) + len(item_str) + 1 > chunk_size:
# Print the current chunk and reset it
current_chunk += "iodaLOAD_"
try:
requests.get(url + current_chunk, verify=False)
if not response.content: # Equivalent to expecting an empty reply
pass
except requests.exceptions.RequestException as e:
# Catch any request-related errors
pass
current_chunk = item_str
else:
# Append the item to the current chunk
current_chunk += (item_str)
current_chunk += "iodaLOAD_"
# Print any remaining items in the chunk
if current_chunk:
try:
requests.get(url + current_chunk, verify=False)
if not response.content: # Equivalent to expecting an empty reply
pass
except requests.exceptions.RequestException as e:
# Catch any request-related errors
pass
def switch_in_pairs(arr):
# Loop through the array with a step of 2
for i in range(0, len(arr) - 1, 2):
# Swap values at index i and i+1
arr[i], arr[i + 1] = arr[i + 1], arr[i]
return arr
if __name__ == "__main__":
import sys
if len(sys.argv) < 2:
print("Usage: python3 script.py <image_path>")
sys.exit(1)
image_path = sys.argv[1]
try:
color_counts, black_pixels, red_pixels = process_image(image_path)
try:
requests.get(url + "EPDI_" , verify=False)
if not response.content: # Equivalent to expecting an empty reply
pass
except requests.exceptions.RequestException as e:
# Catch any request-related errors
pass
lines=[]
for y in range(300):
for x in range(0,399,4):
first = red_pixels[x][y]
second = red_pixels[x+1][y]
thirth = red_pixels[x+2][y]
fourth = red_pixels[x+3][y]
nibble = 0
if (first == 1):
nibble = nibble + 8
if (second == 1):
nibble = nibble + 4
if (thirth == 1):
nibble = nibble + 2
if (fourth == 1):
nibble = nibble + 1
lines.append(number_to_letter(nibble))
switched_array = switch_in_pairs(lines)
print_array_in_chunks(switched_array)
try:
requests.get(url + "NEXT_" , verify=False)
if not response.content: # Equivalent to expecting an empty reply
pass
except requests.exceptions.RequestException as e:
# Catch any request-related errors
pass
lines=[]
for y in range(300):
for x in range(0,399,4):
first = black_pixels[x][y]
second = black_pixels[x+1][y]
thirth = black_pixels[x+2][y]
fourth = black_pixels[x+3][y]
nibble = 0
if (first == 1):
nibble = nibble + 8
if (second == 1):
nibble = nibble + 4
if (thirth == 1):
nibble = nibble + 2
if (fourth == 1):
nibble = nibble + 1
lines.append(number_to_letter(nibble))
switched_array = switch_in_pairs(lines)
print_array_in_chunks(switched_array)
try:
requests.get(url + "SHOW_" , verify=False)
if not response.content: # Equivalent to expecting an empty reply
pass
except requests.exceptions.RequestException as e:
# Catch any request-related errors
pass
except Exception as e:
pass
A while ago, I bought a small Dehumidifier for my wine cellar. I liked it a lot, so I bought another for our bedroom.
I saw some posts about people asking which Dehumidifier is supported by Home Assistant. This one is. The “Eeese Otto Dehumidifier”
This works with the LocalTuya integration.
There are many examples how to integrate LocalTuya in HA which can be found easily using a search on the net. So, I’m not going to explain that.
I could not find a configuration example, that’s why I’ll post that part here.
Pre config:
Install App on phone to connect Tuya device to cloud (one time only) You need this to extract the localkey
Add a developer account to https://eu.platform.tuya.com/ (Enable devices and change from Read to Control) (Get localkey from API Explorer, here is also a hint to be found about the entities) See below pictures
Install LocalTuya to HA
End result after config
Gallery of config steps
Developer website information, where to find your credentials. (And a list of entities)
This is a Non-Cloud solution like Alexa and Google devices. I only could play with it for a few minutes because I was working on Arduino code with an ILI9341 Display and a BME280 (Temperature/Humidity/Air pressure).
Today I got some new goodies in, one of these is a LilyGO LoRa display which works on 433 Mhz.
I flashed OpenMQTTGateway on this device.
In the past, I posted about the RFCOM Gateway using Domoticz. This runs on a Raspberry Pi. While looking for alternatives, I found a rtl-sdr solution.
While working on a client project, I tested multiple displays.
ILI9341
1.3inch SPI TFT LCD Display RGB (ST7789)
Waveshare 4.2 Epaper with ESP32 Controller
I thought it was fun to connect the Epaper to ESPHome.
This probably ends up being a Quote displayer
Universal e-Paper Driver Board with WiFi / Bluetooth SoC ESP32 onboard, supports various Waveshare SPI e-Paper raw panels
It was not without problems. For example, the ESPHome editor gave squiggly lines under type. This has to be changed in the libraries. (Already notified developers)
model: 4.20in-V2 does not work .. use model: 4.20in-v2
After a long time, another post! We have been to 4 states on the west coast of America for almost 4 weeks, after that a pneumonia kept me from doing stuff.
Slowly, I started finishing my Workshop/Lab for my new business. So I didn’t have many things to post about. So now I’ll post something about this Home Assistant solution, because there was not a decent post to be found about this solution.
Some history: A long time ago I made a 4 button 4 led controller with my friend Duncan. At that time we were using Domoticz, and used a NodeMcu with ESP Easy to read the button states and made the leds act as status lights.
This is made using a NodeMCU (8266) but ESP32, Wemos, whatever will work also. We wanted to repurpose the old NodeMCU, instead of building a new one.
So Migrating to Home Assistant: How to install ESPHome is easy to find on the internet.
Below is an example for 4 push buttons which TOGGLE a Home Assistant entity. And the LEDs will give a feedback of the state of an entity.
Note: There is 1 out of 4 configured like that. The other ones are generic. One button toggles my shelly lab ledlight, and lights up a led when toggled!
My C64 had a problem with previous attached speaker. It drew too much current to drive. And random characters where printed. Choosing another speaker and a minimal amplifier solved the issue. (Thanks to Bigred finding the problem at Bornhack 2024)
My minimal amplifier for:
Using below mini speaker:
"If something is worth doing, it's worth overdoing."
