Skip to content

tworjaga/flipper-rf-lab

BranchesTags

Repository files navigation

Flipper RF Lab

Flipper Zero License Tests

Professional RF Analysis & Research Platform for Flipper Zero

Transform your Flipper Zero into a laboratory-grade RF forensics instrument with 15 advanced analysis features.

Flipper RF Lab

Features

Feature Description Status
RF Fingerprinting Device-level identification via timing drift, rise/fall slopes, clock instability
Adaptive Signal Modeling Automatic protocol detection and hypothesis generation
Cross-Session Correlation Compare signals across capture sessions
Behavioral Profiling Long-term device behavior analysis
Timing Stability Analysis Laboratory-grade oscillator characterization
Advanced Clustering K-means and hierarchical signal grouping
Threat Modeling Vulnerability scoring and risk assessment
Real-Time Activity Map Continuous 300-928 MHz spectrum monitoring
Signal Replay Integrity Verify fidelity of signal regeneration
Modular Research Mode Deep analytical tools for protocol reverse engineering
Internal Telemetry OS-level performance monitoring
Deterministic Execution <1μs timing jitter for scientific validity
Signal Compression 5:1+ compression for long-term logging
Long-Term Logging Unattended background monitoring
Embedded Math Toolkit Q15.16 fixed-point operations

Quick Start

Prerequisites

Installation

# 1. Clone the Flipper Zero firmware
git clone https://github.com/flipperdevices/flipperzero-firmware.git
cd flipperzero-firmware

# 2. Add this application to user apps
git clone https://github.com/tworjaga/flipper-rf-lab.git applications_user/flipper-rf-lab

# 3. Build the application
./fbt fap_flipper_rf_lab

# 4. Flash to your Flipper Zero
./fbt fap_flipper_rf_lab flash

Alternative: Direct Download

Download the latest .fap file from Releases and copy to your Flipper's SD card.

Usage

Main Menu

  • Capture Mode: Real-time RF signal capture with analysis
  • Spectrum Scan: 300-928 MHz continuous monitoring
  • Device Database: View identified device fingerprints
  • Research Mode: Advanced protocol reverse engineering tools
  • Settings: Configure RF parameters and logging options

Capture & Analysis

  1. Select frequency band (315/433/868/915 MHz or custom)
  2. Choose modulation type or use auto-detection
  3. Start capture - signals are automatically analyzed
  4. View real-time results: fingerprint, threat score, protocol guess

Research Mode

  • Raw timing dumps to CSV
  • Binary frame visualization
  • Pulse histogram analysis
  • Frame alignment tools

Architecture

flipper-rf-lab/
├── core/                    # Main application & HAL
│   ├── flipper_rf_lab.h     # Core data structures
│   ├── flipper_rf_lab_main.c # Entry point & FreeRTOS tasks
│   ├── hal/                 # Hardware abstraction
│   │   ├── cc1101_driver.c  # TI CC1101 RF transceiver
│   │   ├── gpio_manager.c   # GPIO control
│   │   └── timer_precision.c # DWT cycle counter (1μs)
│   └── math/                # Fixed-point math library
│       ├── fixed_point.c    # Q15.16 operations
│       └── statistics.c     # Welford's online algorithm
├── analysis/                # Signal analysis engines
│   ├── fingerprinting.c     # RF device fingerprinting
│   ├── clustering.c         # K-means & hierarchical
│   ├── protocol_infer.c     # Protocol detection
│   └── threat_model.c       # Vulnerability scoring
├── storage/                 # Data persistence
│   ├── sd_manager.c         # FAT32 file operations
│   └── compression.c        # Delta, RLE, Huffman, LZ77
├── ui/                      # User interface
│   └── main_menu.c          # 128x64 LCD menu system
└── research/                # Advanced tools
    └── telemetry.c          # Performance monitoring

Technical Specifications

Parameter Value
Platform Flipper Zero (STM32WB55RG)
CPU ARM Cortex-M4 @ 64 MHz
RAM Usage ~60 KB (static allocation only)
Timing Precision 0.1 μs (DWT cycle counter)
Frequency Range 300-928 MHz
Modulations 2-FSK, 4-FSK, GFSK, MSK, OOK, ASK
Compression 16.7:1 ratio (RLE)
Battery Life 8+ hours logging, 48+ hours standby

Testing

All core algorithms are verified with Python simulations:

cd tests
python test_algorithms.py

Results: 30/30 tests passing (100%)

  • Fixed-point math (Q15.16)
  • Compression algorithms (Delta, RLE)
  • Statistical analysis (Welford's algorithm)
  • Clustering (K-means, Euclidean distance)
  • Threat modeling (Shannon entropy)
  • Protocol inference (OOK, FSK, ASK detection)

Contributing

Contributions welcome! Please read CONTRIBUTING.md for guidelines.

License

MIT License - see LICENSE file.

Acknowledgments

Contact

Author: @tworjaga

For bug reports and feature requests, please use GitHub Issues.

About

RF analysis platform for Flipper Zero. 15 advanced features: device fingerprinting, protocol detection, threat modeling, spectrum monitoring. Lab-grade timing (<1μs), static memory, MIT license. Transform your Flipper into a pocket-sized RF forensics instrument.

Topics

real-time reverse-engineering cybersecurity penetration-testing threat-modeling iot-security red-team hardware-hacking embedded-c sub-ghz rf-analysis wireless-security signal-compression flipper-zero spectrum-monitoring protocol-detection device-profiling signal-fingerprinting rf-forensics fixed-point-math

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

17 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases 1

v1.0.0 Latest
Feb 11, 2026

Packages

 
 
 

Contributors

Languages