Idk if I talk trash, guys lol. But I’m a tech newbie and wondered if it’s possible to get the access to the iPhone via qFlipeer mobile app considering there’s non-official FW on the Flipper.
Let me know pls! It’ll stop my paranoia for sure
Idk if I talk trash, guys lol. But I’m a tech newbie and wondered if it’s possible to get the access to the iPhone via qFlipeer mobile app considering there’s non-official FW on the Flipper.
Let me know pls! It’ll stop my paranoia for sure
Lol, I misread your post. Disregard my previous answer. I don’t think it’s very likely but I won’t say it’s impossible.
What is hacking?
The flipper does not speak above 1 GHz. So bluetooth is out.
The flipper can speak USB. If you can hack the iPhone with a keyboard, the flipper can do it faster via BadUSB.
The iPhone can speak NFC. This could be the best approach. This is not flipper limited. So just search for NFC exploits on iOS… I don’t know any actual usable behind a little rickroll instead of check-in.
Using the BT connection and app on phone also makes it able to detect a flipper around, so maybe you wanna use usb interaction instead of wireless anyways? Not sure what you are running as firmware etc on your flipper but reverse acces seems unlikely if you do not give all permissions, but then again comes the question… being paranoid, do you really want to use the wireless iphone connection ? :tf:
Thanks for answering! And yeah, I didn’t see your previous answer so I’ll take the current one for granted😅
iOS hacker, kind of, here.
You can maybe convert the anisette server code from sidestore.io to something to run over the USB port as a ethernet device. That could create a local signing server. You need other key files from apple, way over the scope of this forum, but the code runs on linux and docker and is in C and Rust, so maybe could work on flipper but this is expert++ level stuff to code.
Not sure, but I think the flipper can be either a USB host or client.
There’s some ideas on sending commands over the lightning port as well.
But the current state of available tools, you’re 99.9% probably going to need to write your own stuff in C.
You could use it for party tricks as a USB keyboard though and mapping it to Accessibility triggers in the latest iOS. Any USB/bluetooth keyboard or PS5/XBox controller can be mapped to all sorts of stuff hidden down in the accessibility menus.
Since the fliipper can act as a USB or bluetooth gamepad or keyboard with various 3rd party apps, you could use it as a remote for things beyond the norm but not really “hacking”
Flipper can’t do that. It can’t emulate any device other then Keyboard. It can’t even emulate a storage device. It would be amazing if the next iteration could do that however. I’m also hoping for keyboard reflection in the next generation.
It can emulate keyboard, mouse, U2F token, MIDI synth, some barcode scanner - at least. Plus modes that aren’t emulation - DFU and serial. I believe the problem of emulating storage is ‘just’ SD-card speed.
I meant the only thing the USB port can emulate is a keyboard. For the hack mentioned above to work it must be done over USB or it won’t be a trusted device. I did forget to include U2F and mouse.
@maqumih Maybe you mean it can emulate a bar code? I don’t know of anyone getting a Flipper to read a barcode without extra equipment. It sounds technically feasible but I think it would be extremely unreliable.
It pretends to be a scanner which just read a code. But it comes from file, not from real world.
Like the Android and Iphone X-ray apps.
Huh?
It is documented as an emulator. It emulates reader<->PC interface, for fuzzing purposes I believe.
And for everyone: just realized the OP is not about Flipper, it is about qFlipper. So if it wasn’t a typo/mistake, it is closer to backdoors/vulns/etc. in the app.
Which thing is documented as an emulator? Happy to read documentation if I got something wrong.
I got confused at first too.
The barcode scanner emulator. Looks like we are misunderstanding each other, so here is expanded version:
Unlike X-ray apps, it doesn’t lie to a user. It only lies to computer systems because it is the entire reason for app to exist.
Is it clearer?
Not only you - seems like the entire discussion went somewhere wrong up to the point of OP disappearing away from that mess . And we are happily continuing it.