A while ago I saw a post where this guy did 50 different things with his Software Defined Radio (SDR) and I thought it was a really great idea to push something to the limit and explore it fully. So I have been wanting to do the same for my Flipper Zero, a “caprichho” (an extravagance or something I really did not need) that I bought over a year ago, and had fallen into the what I had seen people claiming on the internet: they were only using it as an over priced replacement for a remote control.
Unfortunately when I started this post and before researching my faulty memory remembered it as 101 things to do with SDR but in fact it was 50, but I already had started the post and although I almost certainly will set myself up for failure, but I will leave it at 101 uses for a Flipper!
The only caveat is that I will post this today (01/02/2026) with the tests I have done so far, and continue to add more as I go, updating this time stamp every time I add something: last update 02/02/2026
Read on what will surely go down as my opus magnum!

001: Getting to know my Flipper Zero

So maybe I should start off by enumerating all the features that the little cetacea has so we can prime the pump and get ideas on the other 100 uses we will find for it!
All this information has been taken directly from the Flipper Zero website in Jan 2026:

Tools:

• Sub-1 GHz Transceiver: This is the operating range for a wide class of wireless devices and access control systems, such as garage door remotes, boom barriers, IoT sensors and remote keyless systems.
• 125 kHz RFID: This type of card is widely used in old access control systems around the world. It’s pretty dumb, stores only an N-byte ID and has no authentication mechanism, allowing it to be read, cloned and emulated by anyone. A 125 kHz antenna is located on the bottom of Flipper Zero — it can read low-frequency proximity cards and save them to memory to emulate later.
• NFC: A built-in NFC module (13.56 MHz). A The NFC module supports all the major standards allowing you to interact with NFC-enabled devices — read, write and emulate HF tags.
• Infrared Transceiver: Can transmit signals to control electronics such as TVs, air conditioners (AC), stereo systems, and others.
• iButton: built-in 1-Wire connector to read iButton contact keys. This old technology is still widely used around the world. It uses the 1-Wire protocol that doesn’t have any authentication. Flipper can easily read these keys, store IDs in the memory, write IDs to blank keys and emulate the key itself.
• Bluetooth: Full Bluetooth Low Energy (BLE) support allows Flipper Zero to act as a peripheral device, allowing you to connect your Flipper Zero to 3rd-party devices and smartphones.
• GPIO: It can be connected to any piece of hardware using GPIO to control it with buttons, run your own code and print debug messages to the LCD. It can also be used as a regular USB adapter for UART, SPI, I2C, etc.

002: Pair with my mobile and Flipper Zero app

So we should probably start with the basics and advance from there. The Flipper Zero has a great little screen but also nice to interface and control it from a phone via the Flipper Mobile App. So you just install the software and have it search the bluetooth spectrum it and then pair with the flipper:

The android app supports these features:

• Firmware and database update
• File manager
• Online file sharing
• Apps Catalog
• Remote control of Flipper Zero

003: Upgrade the firmware

Upgrading the firmware via the Flipper Zero app is a point, click, and wait simple affair:

004: qFlipper — desktop application for Flipper Zero

While trying to get files on and off the Flipper Zero I realized it would be easier with a desktop app so I installed the qFlipper desktop application supports these features:

• Firmware and database update
• Device recovery
• File manager
• Remote control of Flipper Zero
• Backup and restore settings and user data

Here is what it looks like and the different features:

So now the only question to answer is why is the application called “qFlipper”? Would appear that it is because Qt (pronounced “cute”) a cross-platform software framework, was used to develop the application’s graphical user interface (GUI). This framework allows the app to run natively on Windows, macOS, and Linux. So now you know!

005: RFID: Animal RFID chip reader

Here in Madrid our dog’s are RFID chipped so that in case they are found they can be tracked back to their owner.
I read the chip in both my dog and the spotty dog when I first got my Flipper but was unable to find my dog’s again (that is why the first picture is of one dog and then second another dog):

Cool! So I guess the first thing to understand is that the heck is ISO FDX-B? Well after reading the indicated Wikipedia article we see that it corresponds to two ISO standards: ISO 11784 (specifies the structure of the identification code) and ISO 11785 (specifies how a transponder is activated and how the stored information is transferred to a transceiver) .
Here in Madrid the animal’s ID is registered in RIAC (Registro de Identificación de Animal de Compañía) by the veterinarian that inserted the RFID chip. What is unclear is why both dogs have a country code of 941 because I am unable to find any reference to 941 in ISO 3166 rather Spain is 724. But at least I do see that for my dog ID coincides with the RIAC card that I have! Cool!

006: NFC: Read a NFC Chip

So long ago when I first got an Android device with NFC I got all excited about using NFC tags to automate different actions (for example scan a tag when I got into my car to commute to work and have it start playing NPR radio). Unfortunately at the time (not sure now) just to read the card it was needed to manually unlock the mobile, go to an app, and force it to scan the tag which was a series of actions more complicated than just starting the NPR app manually, so the tags never got used. So let’s use the little Dolphin to read one of the tags that I still have.
As you can see in the gif it is easy to read the tag, see the info, both in ASCII and Hex:

I saved the info into a file on the Flipper, but unfortunately it is not possible to see really any information from the Android app about the read NFC tag:

But opening the saved files in Notepad++ we can see lots of interesting stuff:

Searching I find that the NTAG213 is a popular, cost-effective NFC Forum Type 2 tag IC developed by NXP Semiconductors (NXP was formally part of the Dutch company Philips and they own the MIFARE brand of integrated circuits), operating at 13.56 MHz, with 144 bytes of user-programable memory, a 7-byte UID and compliant with ISO/IEC 14443A. Interesting!

007: NFC: Write to a NFC Chip

So I thought it would be pretty easy to use the Flipper Zero to write to my red NFC tag, but could not figure out how to do it with the native NFC app nor three applications I found and tested on the Flipper Zero.
Searching the internet I found a post on Reddit from 3 years ago that confirmed that at that time it was not supported natively but was going to be supported: “it’s scheduled right after we complete NFC refactoring(end of this summer)*”.
So I am thinking that maybe if I edit the text file then use the Flipper to write it to the tag?
let’s try!
So I modified Pages 4-39 to FF FF FF FF(reading the NTAG213/215/216 Data Sheet last night before bed I saw that it clearly identified those Pages as user data), copied the file over to the Flipper, and then used the NFC app to write it to the red tag. Now reading the red tag I see that I that the data has in fact been written:

It is not exactly as user friendly as I had thought, but it was in fact possible! Now I wonder if the red tag will ever have all those FF FF FF FF’s over written and used for something useful finally!

008: NFC: reading my work badge

So I read my work badge and was excited to see it was a MIFARE Classic, one that was compromised in back in 2008, so I thought we could use some of the tools to try and crack the keys, but in the end appears that the badge is not using any security cyphers because as we can see here all 32/32 keys were found and all 16 records were read:

Searching about MIFARE Classic I find this information:

• The MIFARE Classic IC is a basic memory storage device, where the memory is divided into segments and blocks with simple security mechanisms for access control. They are ASIC-based and have limited computational power. Due to their reliability and low cost, those cards are widely used for electronic wallets, access control, corporate ID cards, transportation or stadium ticketing. It uses an NXP proprietary security protocol (Crypto-1) for authentication and ciphering.

Once again the actual saved text file gives some interesting information:

Device type: Mifare Classic
# UID is common for all formats
UID: 9A 38 92 DF
# ISO14443-3A specific data
ATQA: 00 04
SAK: 08
# Mifare Classic specific data
Mifare Classic type: 1K
Data format version: 2

after that the text file has 64 blocks of data:

So would we can deduce that no actual data is being used on the card, rather just the UID is associated to me in some database. DISCLAIMER: my lawyer made me obfuscate my UID so no one goes using it to get access to all the secure rooms I have access to!

Well that is neat! I will still have to keep scanning NFC cards to find an encrypted MIFARE Classic to use the build it tools to break the codes!

009: NFC: emulating my work badge

So now that I have a saved file of my badge on my little aquatic mammalian friend, and it does not appear to have any encryption, what about emulating it? If I were to forget my badge could I use it to emulate the badge? Well, I was quite surprised to find out yes!
What you need to do is the following:

and then holding it up to the turnstile or printer and it beeps and lets me in!
OMG
So this is a good reason to not share your work badge or ever leave it unattended as a simple swipe by swiper the fox and your identity could be supplanted!

010: RFID: my Madrid sport center card

I do not think they continue to issue these cards but have transitioned to using a mobile app, but mine still works and I still think it is so much quicker swiping a card for access to the local sports center than fiddling with my mobile looking for an application then finding the right option (and from the line that forms with people doing this it would seem to support my opinion).
So at first I was unsure if it was an NFC or RIFD card so I scanned via the NFC app then the RFID app and it confirmed it is an RFID card:

Reviewing the saved file, I see that is is much simpler than an NFC:

At first I thought the UID (01 0D FD F8 1D) would be the same as the number on the actual card, so I tried all sorts of different conversions but realized it has nothing to do with it, rather it is just a UID because the EM4100 card is a read-only RFID tag. So when the card was issued to me it’s UID is associated to me in some database.

Here is all the information I have found about the EM4100:

• The EM part is for EM Microeletronic, a swiss is a developer and semiconductor manufacturer specialized in the design and production of ultra low power, low voltage integrated circuits for battery-operated and field-powered applications in consumer, automotive and industrial areas. And is a subsidiary of the Swatch Group!
• EM4100 (aka EM4102) card is a 125 kHz read-only RFID tag.
  • Total data: 40 bits
  • Typically structured as:
    • 1 byte “manufacturer / header”
    • 4 bytes unique ID
  • So in this case:
    • 01 : Header
    • 0D FD F8 1D: UID
• Interesting things from a data sheet:
  • The EM4100 is a CMOS integrated circuit for use in electronic Read Only RF Transponders. The circuit is powered by an external coil placed in an electromagnetic field, and gets its master clock from the same field via one of the coil terminals. By turning on and off the modulation current, the chip will send back the 64 bits of information contained in a factor y preprogrammed memory array.
  • The programming of the chip is performed by laser fusing of polysilicon links in order to store a unique code on each chip.

Man my little Flipper buddy just keeps helping me me learn new things!

011: Infrared: Create a virtual remote control

As I mentioned above, one thing I have been using my Flipper regularly for is as a remote control for my Denon radio because I always have the flipper on my desk and it is smaller than the actual remote:

I only trained the Flipper on the buttons I use most regularly.
To create a virtual remote when you already have the physical remote it is very easy: you just put the Flipper into learning mode and point the remote at it and push the button:

And then do the next button and so on.
If we look at the file it creates for the remote we can see it is really simple:

So I asked ChatGPT to tell me about the Kaseikyo protocol and here are some interesting things about it:

• Developed by Matsushita (Panasonic)
• Used by:
  • Panasonic
  • JVC
  • Sharp
  • Denon <—— yep that is the model of my radio!
  • Mitsubishi
  • Some Toshiba models
• Characteristics:
  • typically 37 kHz (sometimes 36–38 kHz)
  • uses pulse-distance modulation
  • frame length usually 48 bits (longer than NEC’s 32 bits) that includes:
    • Manufacturer ID
    • Device address
    • Command
    • Inverted/check bits
• Sites with info:
  • JP1 Remotes Wiki — Kaseikyo Protocol Family
  • DecodeIR Documentation (John’s IR Tools)

So seeing how simple the format of the file is, it would appear that it must be very easy to make a remote when you do not have access to the actual physical remote and that is actually really useful and a problem I once had forcing my to buy a remote on E-Bay! But I will leave that exercise to a future test!

Links, References and things that helped with this

• Flipper Zero specific:
  • Flipper Docs: GPIO & modules
  • Flipper Docs: qFlipper Manual
• General:
  • Ezgif animated GIF maker
• NFC related:
  • NTAG213/215/216 Data Sheet
  • MIFARE
• RFID related:
  • EM4100 Data Sheet

Thanks for reading and feel free to give feedback or comments via email (andrew@jupiterstation.net).