Why does their header image feature multiple furries, one at each station? One making a feature request, another presumably approving a pull request, and a third ostensibly submitting an app?
Is the Flipper Zero community tightly intertwined with the furry community? Is this a connection I've missed?
My hypothesis, based purely on personal experience and what friends have told me. I am not a furry.
I feel like infosec was one of the earliest "no one cares who you are if you have skills" user groups. Online, you were just a handle. Man, woman, both, neither, no one knew until if/when you met up IRL. Until then, all you had was your reputation. I think that led to people having a pretty good idea about the attitudes of people they were talking to online, staying away from people who were going to be jerks about identity or pastimes, and a lot of conversations like "General Mayhem is weird, but he's our weird, so no one mentions that fox tail he wears everywhere."
Over time, that was a positive feedback loop: people who weren't cookiecutter felt safer around infosec folks than most other crowds. => That increased the "weird density" of infosec meetups. => People who don't like being unaround uncommon appearance or behavior stayed away from infosec meetups. => Those meets became safer for uncommon folks. => Repeat.
I don't know if that's right, but again, that's what friends have expressed to me before. It seems plausible.
Note: When I say weird, I mean it affectionately. I've never met anyone in infosec who didn't have some quirk not far below the surface. Frankly, I love that. And because of that, and the virtuous cycle I described, I've never had one single person in infosec confess to me that they weren't OK with gay or trans or furries or other type of behavior/identity/etc. I'm a straight white middle class dude, and unfortunately I have had people confess such things to me in other circles, mistakenly assuming that since I was in their demographic, I'd agree with them or at least be OK with it.
It is. As the article says, all development goals for FZ had been achieved and even overachieved - providing solid and feature-rich firmware, powerful SDK and developer tools. With that and development shift towards new products, updates to core firmare became infrequent - and we tried to address that.
Src: I'm one of the developers behind Flipper Zero.
> We need to normalize declaring software as finished. Not everything needs continuous updates to function. In fact, a minority of software needs this. Most software works as it is written. The code does not run out of date. I want more projects that are actually just finished, without the need to be continuously mutated and complexified ad infinitum.
Yeah whatever. I abandoned the "official crap" when they purged legit pentesting tools and silenced loads others. Momentum and extreme were so much better, and didn't play stupid games. They included everything.
And if you mention ANY of the alternate firmwares on their discord, and you get banned. Just fuck'em.
They may have created good hardware, but their software and discord community just sucked.
Given they’ve had several skirmishes with customs and law enforcement agencies around the world, this always struck me as similar to the “don’t talk about installing retail Switch games on the Switch modding Discord” type of deal - everyone knows you can do that, but allowing mentions in official channels opens us to liability and causes nothing but headaches for both us and for customers, so if you’re going to do that, you need to talk about it somewhere else. I freely admit that’s an assumption on my part, though, and I don’t know if there’s something uglier there…?
Its one thing to have a skid come in going "I wanna hack the RFID on the gubbmints's doors how can i do that?"
Versus "we forked the firmware to include a wide range of pentesting tools"
And then get banned for even saying the alternate firmware.
And seriously, this little thing is a wonderful hacker multitool. You can seriously fuck shit up with the hardware they included. For fucks sake, thats WHY they created it.
I can understand why that happened at least remotely. If you do all those things they refused 'officially', it might be easier for stupid government idiots to paint it as a dangerous illegal tool.
Adding the necessary hardware while refusing to support arbitrarily iLLegAl things is the best of both worlds.
This. Many legit, but questionable features blown out of proportion already caused many issues with regulators who just don't want to get into details, but just delist from sales/ban the device.
And once you start talking about "jamming" and other 1337 h4x0r stuff - which is straight up illegal and can get you into trouble - on official platforms, don't get offended when that gets removed.
Sure. I get why you don't want the skids jamming. But hell, it is still in your github commit history. Your all historical work was that of a attacking hacker toolkit. Jamming proves that.
Now, that absolutely does NOT excuse Adkins on the discord from people asking how to get the PSK for garage door openers, and emulating the buttons. And especially since it was being asked by owners of said doors.
But you banned people with legitimate and legal uses too.
Good riddance to you all. I've stayed with 3rd party and steered others towards better actors than yourselves.
Is... that possible? I thought the whole point is that those were a challenge-response specifically to avoid ever them disclosing over the air the material necessary to impersonate one.
Some cards don't have any form of security. For example Konami "e-amusement" cards are just an ID number, which is also written on the back of the card. It is a username so to speak, the password is the PIN you enter when you start the game.
Some cards use some kind of challenge-response but are weak and are easily crackable.
Some cards have an anti-copy protection based on rolling codes, be careful with these. The idea is that when you use it to, say, open a door, the card sends a code to the reader and if correct, that code is burned and the reader replies with the next code, which is stored in the card for the next time, making every other copy (possibly including the original) unusable. If the card emulator doesn't store the rolling code, you are completely locked out.
Some cards have a proper challenge-response mechanism that works and can't be easily copied.
Keyfobs absolutely should use a secure challenge-response protocol in order to prevent cloning. Unfortunately, it's extremely common for RFID devices to simply use the tag ID which is trivially cloneable. Many of the systems that make some attempt at security still fail by using a broken protocol or a flawed implementation.
Oh yeah that’s how you’re supposed to do it. But it’s entirely possible to set up a system that uses RFID key fobs that uh, doesn’t.
In the case where it was most useful to make copies they did eventually replace the system with one where the keys weren’t copy able. Which was better!
I don’t know a whole lot about RFID, but some of the most basic cards can be copied very easily. When scanned, the reader always reads the same bits.
I believe there are some more secure cards, like Mifare DESFire EV3 that do provide some security. You’d be shocked how insecure most RFID readers for security cards are.
Is this something you do often? I could see a few use cases and also for copying garage keys. But I don't think I would use it enough to justify the investment
> I don't think I would use it enough to justify the investment
This is not a rational purchase - most of the rule breaking done with the zero is for fun or convenience, rather than being truly illegal.
It used to be more fun before the hotels started handing out NFC unlocks with your phone.
Still, being able to send each other a key for a hotel room on Signal is a nice trick if you are traveling with a sufficiently tech savvy group of people.
What a great tool and community they have built. I find my flipper0 is like a computer Swiss Army knife. It’s so fun to carry around a tool of my own trade.
Anything you might want to do with a radio or IR device but don’t have specialized hardware for. It’s kind of a swiss knife/leatherman tool for short range communications standards.
Is the Flipper Zero community tightly intertwined with the furry community? Is this a connection I've missed?
I feel like infosec was one of the earliest "no one cares who you are if you have skills" user groups. Online, you were just a handle. Man, woman, both, neither, no one knew until if/when you met up IRL. Until then, all you had was your reputation. I think that led to people having a pretty good idea about the attitudes of people they were talking to online, staying away from people who were going to be jerks about identity or pastimes, and a lot of conversations like "General Mayhem is weird, but he's our weird, so no one mentions that fox tail he wears everywhere."
Over time, that was a positive feedback loop: people who weren't cookiecutter felt safer around infosec folks than most other crowds. => That increased the "weird density" of infosec meetups. => People who don't like being unaround uncommon appearance or behavior stayed away from infosec meetups. => Those meets became safer for uncommon folks. => Repeat.
I don't know if that's right, but again, that's what friends have expressed to me before. It seems plausible.
Note: When I say weird, I mean it affectionately. I've never met anyone in infosec who didn't have some quirk not far below the surface. Frankly, I love that. And because of that, and the virtuous cycle I described, I've never had one single person in infosec confess to me that they weren't OK with gay or trans or furries or other type of behavior/identity/etc. I'm a straight white middle class dude, and unfortunately I have had people confess such things to me in other circles, mistakenly assuming that since I was in their demographic, I'd agree with them or at least be OK with it.
Is that the tldr? It sure sounds like it's still on minimal life support.
Src: I'm one of the developers behind Flipper Zero.
https://infosec.exchange/@millie/115719943870742405
> We need to normalize declaring software as finished. Not everything needs continuous updates to function. In fact, a minority of software needs this. Most software works as it is written. The code does not run out of date. I want more projects that are actually just finished, without the need to be continuously mutated and complexified ad infinitum.
And if you mention ANY of the alternate firmwares on their discord, and you get banned. Just fuck'em.
They may have created good hardware, but their software and discord community just sucked.
Versus "we forked the firmware to include a wide range of pentesting tools"
And then get banned for even saying the alternate firmware.
And seriously, this little thing is a wonderful hacker multitool. You can seriously fuck shit up with the hardware they included. For fucks sake, thats WHY they created it.
Works well, and compiling modules like the epaper hacker tool is easy.
https://github.com/i12bp8/TagTinker
Does it surprise you that a Russian product team would use these tactics?
Adding the necessary hardware while refusing to support arbitrarily iLLegAl things is the best of both worlds.
And once you start talking about "jamming" and other 1337 h4x0r stuff - which is straight up illegal and can get you into trouble - on official platforms, don't get offended when that gets removed.
Now, that absolutely does NOT excuse Adkins on the discord from people asking how to get the PSK for garage door openers, and emulating the buttons. And especially since it was being asked by owners of said doors.
But you banned people with legitimate and legal uses too.
Good riddance to you all. I've stayed with 3rd party and steered others towards better actors than yourselves.
Some cards use some kind of challenge-response but are weak and are easily crackable.
Some cards have an anti-copy protection based on rolling codes, be careful with these. The idea is that when you use it to, say, open a door, the card sends a code to the reader and if correct, that code is burned and the reader replies with the next code, which is stored in the card for the next time, making every other copy (possibly including the original) unusable. If the card emulator doesn't store the rolling code, you are completely locked out.
Some cards have a proper challenge-response mechanism that works and can't be easily copied.
In the case where it was most useful to make copies they did eventually replace the system with one where the keys weren’t copy able. Which was better!
I believe there are some more secure cards, like Mifare DESFire EV3 that do provide some security. You’d be shocked how insecure most RFID readers for security cards are.
Some of that can be trivially cloned.
Flipper Zero and its clones have always been pseudohacker nonsense. Fun little party trick I suppose.
This is not a rational purchase - most of the rule breaking done with the zero is for fun or convenience, rather than being truly illegal.
It used to be more fun before the hotels started handing out NFC unlocks with your phone.
Still, being able to send each other a key for a hotel room on Signal is a nice trick if you are traveling with a sufficiently tech savvy group of people.