Flipper Zero is a portable and powerful multi-tool for hackers, security professionals or geeks. It was extremely well received when it was first launched on Kickstarter in 2020. I received my Flipper Zero in July 2021 and it’s time to show what this dolphin can do with a series of articles and videos. Pay attention to future posts 😊
Flipper Zero incorporates many capabilities (Sub-1 GHz Transceiver, RFID, NFC, Bluetooth, Infrared and iButton). In this article we are going to explore the Infrared (IR) and how Flipper Zero can control many electronic devices such as televisions, air conditioners (AC), musical devices, projectors, and fans. It would work as a universal remote.
One of the most attractive capabilities of Flipper Zero is the ease of changing the firmware, and the community has released several firmwares. I am using the RogueMaster firmware, which provides additional capabilities to the default firmware. The infrared works correctly regardless of the firmware, so it does not matter what firmware you use.
To understand how Infrared works in Flipper Zero I recommend this magnificent article in the Official Blog.
Universal Remote
In image 1 we see the app to control devices through Infrared called Universal Remotes or the way to learn about new devices: Learn New Remote, which we will explore later.
Image 1: Infrared App
Next, we are going to see two videos where the first controls an air conditioner (AC) and the second controls a television, a Smart TV.
Video 1: FlipperZero AC Infrared
Video 2: FlipperZero TV Infrared
As you can see, Flipper Zero works great as a universal remote for Infrared devices. In image 2 we see the remote to control air conditioners by sending a signal.
Image 2: Infrared AC App
Learn New Remote
Now let’s see how Flipper Zero behaves for new/unknown IR controllers.
Image 3 shows the Learn New Remote mode in operation, which consists of pointing the remote at the infrared port of Flipper Zero to capture the signal. It should be noted that the Infrared of Flipper Zero is very sensitive and it is not necessary to aim the signal directly – it can even capture the signal in transit, that is, between the remote control and the device.
Image 3: Learn New Remote App
In image 4 we can see that it has detected a Samsung television.
Image 4: Samsung detection
In the following example Flipper Zero is not able to recognize the device, in this case an air conditioner (AC). However, by sending the “Send” signal it will turn on the air conditioner without any problem. That is what we would call a Replay Attack, which allows us to capture the signal and send it as if it were the legitimate remote. Additionally, the app allows us to save the captured signal on the memory card (SD) – this option is really interesting to create our library of captured signals. See image 5.
Image 5: New AC signal captured
Curiosity: the air conditioning remotes work by sending all the information that the device may need (temperature, fan speed, modes, etc.) and that is why in image 5 we see that a large amount of data has been captured: 583 samples. This sending of data is done to avoid data desynchronization between devices if, for example, we use the same remote with different air conditioning devices.
IR Files
Infrared data are stored in text format in the SD card, as you can see if image 6. Using text files makes adding new data or making changes very easy.
Image 6: IR text file
Last October 2022 a blog was published on how to crash Flipper Zero by malforming the IR text files. Read this blog here.
Flipper-IRDB
Do you need more? Flipper-IRDB is a huge collection of IR files covering from Consoles, Air Purifiers, Cameras, Toys, LED Lighting, Monitors, etc. that you can easily upload to your Flipper Zero devices using the qFlipper app, see image 7.
Image 7: qFlipper App
The following images (8-10) show how to run the IR app using a file from the IRDB collection. Here lets run a IR file to manage CCTV devices.
Image 8: CCTV folder
Image 9: Run CCTV IR file
Image 10: CCTV App
Clearly Flipper Zero is a fascinating tool with many capabilities and expansion possibilities (see GPIO).
What other capabilities of Flipper Zero would you like to see explored/discussed in future articles? Some topics to explore are how to recover the firmware in case of failures, Bluetooth, WIFI attacks through an external module (hardware), NFC, RFID, among many others.
All the best,
