Getting Started
Welcome to the Flipper Blackhat Wiki!
- Our Shop
- Flipper Blackat OS - The Linux build for the Blackhat.
- Flipper Blackhat Hardware - The hardware files.
- Flipper App - The App that runs on the flipper.
Please Note: Some minor things have changed since they came out, you may want to use the "releases" section (see above) instead of the continuous builds.
We start by flashing the OS to an SD card. Grab the OS build from here. Note: The "Armbian" Builds are for use with the Blackpants, if you just want to use the Flipper Blackhat with Flipper Zero take a non-Armbian build.
Flash this to your SD card using dd...
sudo dd if=~/Downloads/sdcard.img of=/dev/sdX
If you're using Windows "win32diskimager" works fine.
Once the SD card is flashed, navigate to the GPIO app on the Flipper. Select...
- "USB-UART Bridge"
- Config
- Baudrate (set to 115200)
- Hit back.
Plug your flipper into your PC. On your machine you should see a device at /dev/ttyACMX or maybe /dev/ttyUSBX ... or maybe /dev/tty.usbmodemX. Connect to this with a serial emulator...
screen /dev/ttyUSB0 115200
If you're on Windows Putty should work. You should see your device at COMX, set the baud rate to 115200 and connect to it.
At this point, you should have a blank serial terminal. Plug the SD card into the Flipper Blackhat, then plug the Flipper Blackhat into the Flipper. You should see a booting Linux kernel and eventually end up with a bash shell. From there you can execute commands like ls, mkdir etc... I recommend you play around with the bh app. This is used to control the Blackhat from the Flipper App itself.
It's important to know there's a fat32 partition on the sdcard you flashed earlier. If you plug that card into a PC it will mount, and can configure files! This directory will get mounted at /mnt/ in Linux. You should see a file called blackhat.conf Moving forward you will be able to do a lot of config through this file.
- Q: I'm only getting the first few lines of Linux output.
### ERROR ### Please RESET the board ###
- A: Try a better SD card. You need at least a "UHS Class 3 card" I have been using Sandisk Extreme.
For initial testing, debugging and development you want to use your PC, but in the field you want to use the Flipper Blackhat App.
The steps below are only required if you're not using recent version of momentum "dev" firmware. If you're using Momentun firmware - it's included in the build under GPIO.
Grab the latest release from here (blackhat_vX.fap). Open the qFlipper app on your PC.
Drag the app into the SD Card/apps directory. You should now see the app on your Flipper Zero.
There is a 20pin FFC connector (J8 on the board) used to connect to the screen. To attach the screen lift up the tab and gently insert the screens ribbon connector and then clamp the tab down. Be conscious of the orientation of the screen shown below.
This is will give an overview of possible use. It's important to remember the Flipper Blackhat is a "platform" over a "product". It's designed to be extensible, hackable and a place for your exploits to live rather than a collection of exploits given by myself. But I've enabled a bunch of fun stuff to get you started!
You shouldn't read this until you've completed the sections above. The screen is not needed for anything here.
All of the examples here will be using the Flipper Blackhat App. If you want to control things from Linux land (ssh or serial terminal) I will include commands as well.
Insert the SD card from the Flipper Blackhat into your PC, you will see a FAT32 partition mount and inside you'll find a file called blackhat.conf it looks like this. We're interested in the SSID and PASS fields, here you will enter the WiFi credentials of the network you want to connect to. GOTCHA: Take care to ensure you leave the single ticks on the outside of the string IE:
# Name SSID you want to connect to
export SSID='my home network'
export PASS='my network password'If you're not familiar with Linux WiFi device you will be soon. They are enumerated as wlanX, where X will increment. There is 1x 2.4Ghz radio on the Flipper Blackhat and you may connect any number of additional USB radios. On the app, you can list these out...
Or from the shell...
# bh wifi dev
wlan0 -> 2.4GHz
wlan1 -> 2.4GHz / 5GHz
This it telling us we have 2x WiFi device, the 1x internal (2.4Ghz) is wlan0 and the external USB dongle is 2.4Ghz and 5Ghz. This is important information moving forward.
So lets go ahead and connect to WiFi using wlan0, our 2.4Ghz wifi device.
Or from the shell...
# bh wifi connect wlan0
This can now be tested by pinging google...
This is what a failure looks like.
And success
Now that we're connected to WiFi, it's possible to run the Evil Portal. Unlike other device the Flipper Blackhat EP will redirect people to the internet after they've entered their credentials.
You will then be able to find the AP on your phone/laptop, connect and be greeted with the landing page. When you enter creds you will see them on your Flipper... If you setup Telegram, you will also get a Telegram message!
From the shell...
# bh evil_portal start
You can also find logs saved in /mnt/ep_logs
# cat /mnt/ep_logs.txt
{'username': 'EP TEST', 'password': 'MY PASSWORD'}: 192.168.2.37
#
/mnt/ on BlackhatOS is the same directory that contains blackhat.conf, which we edited earlier. So if you remove the SD card and plug this into your PC, you will find all the files found inside /mnt/, here you will find ep_logs.txt. From now on: when I mention /mnt/ I am talking about files you can edit and view from your PC!
# ls -l /mnt/
total 12
-rwxr-xr-x 1 root root 345 Jan 1 1980 blackhat.conf
-rwxr-xr-x 1 root root 74 Sep 9 21:18 cmdline.txt
-rwxr-xr-x 1 root root 65 Sep 14 08:41 ep_logs.txt
-rwxr-xr-x 1 root root 1561 Sep 9 21:18 index.html
-rwxr-xr-x 1 root root 489 Sep 9 21:18 readme.txt
drwxr-xr-x 2 root root 2048 Sep 9 21:18 scripts
#
If you want to edit the HTML landing page for the Evil Portal it's extremely easy. On the same partition listed above /mnt/, you will find a index.html. Just edit this!
Running the evil twin is almost the exact same process. Just be sure to stop the EP before!
One of the most interested abilities of the Flipper Blackhat is the ability to run custom Python scripts (or bash, or Perl, etc...). Anything that can be run on Linux can be run on the Flipper Blackhat. These scripts are found in /mnt/scripts
# ls /mnt/scripts/
data_loader.py data_thief.py hello.py port_scan.py
First you need to scan for them
Then you can run them
Moves data from /mnt/data to external flash drive (inserted into USB-A port). This can be used to load malware onto a loose drive.
Moves data from external flash drive to third fat32 partition on SD card. This can be viewed through your PC later. This can be used for data exfiltration.
Good for testing if Telegram is working
This is little bit of a monster, and deserves it's own writeup. But basically it's for finding insecure devices (routers, IP camera, etc...) on open networks. If you interested in helping out with this, please reach out.