Hacking Is Not What You Think: Your First Real Security Wins

The Hacker's Path: A 5-Part Series

Part 1: Introduction → Part 2: Flipper Mastery → Part 3: Kali Fundamentals → Part 4: Exploitation → Part 5: The Full Audit

You bought a Flipper Zero. Maybe it was the TikTok videos. Maybe it was the promise of "hacking" your way through the digital world. Maybe you just thought the dolphin was cute.

And now it's sitting in a drawer.

I get it. You unboxed it, played with the sub-GHz analyzer for ten minutes, maybe copied your TV remote, and then... nothing. Because no one actually told you what to do with it. No one connected the dots between "fun gadget" and "actually understanding security."

This series fixes that. By the end of these five articles, you'll understand how security actually works, you'll have performed a complete audit of your own digital life, and that Flipper will be one of the most-used tools in your kit.

But first, we need to unlearn everything Hollywood taught you about hacking.

The Hollywood Lie

You've seen it a thousand times. The hoodie-clad genius types furiously while green text cascades down the screen. "I'm in," they announce, having bypassed the Pentagon's security in roughly forty-five seconds. Dramatic music swells.

This is complete horseshit.

Real hacking looks like this: Someone spends six hours reading documentation about how a particular protocol works. They notice that the authentication mechanism has a flaw—maybe it doesn't properly validate input, or maybe it trusts data it shouldn't. They write a small script to test their theory. It doesn't work. They debug for another two hours. Finally, they find the right approach. No music swells. They probably need coffee.

Hacking is understanding systems better than their designers intended. That's it. It's not magic. It's not innate talent. It's curiosity plus methodology plus the willingness to read boring documentation.

The Three Hats

The security world divides practitioners into categories based on intent:

• Black Hat: Malicious actors. They break into systems for personal gain, revenge, or chaos. They're criminals, and they're who the news talks about.
• White Hat: Ethical hackers. They break into systems with permission to find vulnerabilities before the black hats do. Companies pay them for this. It's a legitimate career.
• Gray Hat: The murky middle. They might find vulnerabilities without permission but disclose them responsibly rather than exploit them. Legally questionable, ethically debatable.

What we're doing in this series is unambiguously white hat. You're testing your own stuff. Your network. Your devices. Your security. This is not only legal—it's smart.

Why Learn This?

You can't defend what you don't understand. Every security professional needs to understand offensive techniques—not to attack others, but to know what they're defending against. You're about to see your own digital life from an attacker's perspective. That knowledge is power.

The Legal Reality

Let's get this out of the way immediately, because I'm not interested in helping anyone go to prison.

⚠️ The Golden Rule

Only test systems you own or have explicit written permission to test.

This isn't just ethical advice—it's legal reality. The Computer Fraud and Abuse Act (CFAA) in the US makes unauthorized access to computer systems a federal crime. "I was just learning" is not a defense. "I didn't mean any harm" is not a defense. "I told them about the vulnerability" is not a defense.

The good news? Testing your own stuff is completely legal. Your home network, your devices, your accounts—all fair game. And honestly, that's where you should start anyway. You'll find plenty of vulnerabilities in your own life before you ever need to look elsewhere.

When you're ready to go beyond your own systems, there are legitimate paths:

• Bug Bounty Programs: Companies like Google, Microsoft, Apple, and thousands of others pay researchers to find vulnerabilities. HackerOne and Bugcrowd are platforms that connect researchers with programs. This is legal, sanctioned, and often lucrative.
• Penetration Testing: Become a professional. Companies hire security consultants to break into their systems. You get written authorization, a defined scope, and a paycheck.
• Capture The Flag (CTF): Practice environments designed to be hacked. TryHackMe, HackTheBox, and others provide legal playgrounds.

Everything in this series works on your own equipment. No gray areas. No risk.

Your Toolkit: The Essentials

We're going to focus on two primary tools throughout this series. Together, they cover approximately 80% of what you need to understand practical security.

The Flipper Zero

The Flipper Zero is a $200 multi-tool for radio frequencies and hardware hacking. It looks like a toy (there's an animated dolphin). It is not a toy.

What it actually does:

• Sub-GHz: Transmit and receive radio signals in the sub-gigahertz range. This covers garage doors, car fobs, wireless sensors, weather stations, and countless IoT devices.
• RFID (125kHz): Read and emulate low-frequency proximity cards—the kind used for building access, gym memberships, and older hotel keys.
• NFC (13.56MHz): Interact with high-frequency cards like transit passes, newer access badges, and contactless payment cards.
• Infrared: Universal remote control. Learn and transmit IR signals for TVs, AC units, projectors, and anything else with an IR receiver.
• BadUSB: Emulate a keyboard. Plug it into a computer, and it types whatever payload you've programmed—instantly.
• GPIO: Hardware expansion. Connect external modules for WiFi, additional radio frequencies, and custom projects.

The Flipper doesn't hack things automatically. It's a learning tool that lets you understand how wireless protocols work by actually interacting with them. That understanding is what makes you dangerous (in the good way).

Kali Linux

If the Flipper is a Swiss Army knife, Kali Linux is an entire workshop.

Kali is a Debian-based Linux distribution designed specifically for penetration testing and security research. It comes pre-installed with over 600 security tools—everything from network scanners to password crackers to exploitation frameworks.

We'll dive deep into Kali in Part 3. For now, just know that it exists and that it's where we'll graduate once we've mastered the Flipper basics.

Why These Two

Hardware and software. Physical and digital. The Flipper teaches you about the wireless world—radio frequencies, access cards, infrared. Kali teaches you about networks—scanning, exploitation, analysis.

Together, they give you a complete picture. Real-world attacks often combine both: physical access leading to network compromise, or network reconnaissance enabling physical entry. Understanding both domains is what separates curious hobbyists from actual security practitioners.

Flipper Zero: From Box to Badass

Let's actually set this thing up properly. If you're running stock firmware, you're leaving capability on the table.

Stock vs. Custom Firmware

The Flipper ships with official firmware from Flipper Devices. It's stable, it's safe, and it's... limited. Regional restrictions on radio frequencies. Missing protocols. Fewer features.

Custom firmware unlocks the hardware's full potential. The two main options:

Momentum Firmware (my recommendation):

• Unlocked regional Sub-GHz frequencies
• Extended protocol support
• Additional applications
• Better UI customization
• Active development community
• Excellent documentation

Unleashed Firmware (solid alternative):

• Similar feature set to Momentum
• Different development philosophy
• Some prefer its interface
• Also actively maintained

I run Momentum. The choice between them mostly comes down to personal preference—both will dramatically expand what your Flipper can do.

Project 0: Install Momentum Firmware

Time: 10 minutes

What you need: Flipper Zero, computer, USB cable

Steps:

1. Download qFlipper from flipperzero.one (official desktop app)
2. Connect your Flipper via USB
3. In qFlipper, go to the firmware section
4. Select "Install from file"
5. Download latest Momentum release from momentum-fw.dev
6. Install the .tgz file through qFlipper
7. Wait for the update to complete (don't unplug!)
8. Your Flipper reboots with expanded capabilities

Quick Orientation

With Momentum installed, let's tour your new capabilities:

• Sub-GHz: Radio frequency capture, analysis, and transmission
• 125 kHz RFID: Low-frequency card reading and emulation
• NFC: High-frequency card interaction
• Infrared: IR remote learning and control
• Bad USB: Keyboard emulation payloads
• iButton: Dallas/Maxim 1-Wire key emulation
• GPIO: Hardware expansion and modules
• Applications: Games, tools, and community apps

Settings worth changing immediately: increase screen brightness, set auto-lock to a reasonable time, and explore the Momentum-specific options for animations and UI tweaks.

Your First Wins: Four Projects That Change Everything

Theory is nice. Let's do something. These four projects will take about an hour total and will fundamentally change how you see the world around you.

Project 1: Clone Every IR Remote in Your House

Time: 15 minutes

What you'll learn: IR signals have zero security. Anyone with $20 can control your devices.

Steps:

1. Navigate to Infrared → Learn New Remote
2. Name it something useful (e.g., "Living Room TV")
3. Point your TV remote at the Flipper's IR receiver (top of device)
4. Press a button on the remote
5. Name that button on the Flipper
6. Repeat for all buttons you use (power, volume, input, etc.)
7. Save the remote
8. Repeat for every IR device: TV, soundbar, AC unit, fans, LED strips

Test it: Go to Infrared → Saved Remotes → select your remote → use it

What you just learned: IR remotes broadcast commands in plain text with no authentication. There's no encryption, no pairing, no security whatsoever. Anyone who can point an IR transmitter at your TV can control it. This is true for most consumer electronics from the last 40 years.

Project 2: Scan Your NFC Cards

Time: 10 minutes

What you'll learn: Your cards broadcast more data than you think.

Steps:

1. Navigate to NFC → Read
2. Hold a card against the back of your Flipper (where the NFC antenna is)
3. Wait for the read to complete
4. Examine the results

Try these cards:

• Credit/debit cards (see what's exposed—usually card type and partial number)
• Transit cards (often show balance, recent transactions)
• Work badges (identify the card type and encryption)
• Hotel key cards (usually show room assignment)
• Gym membership cards

What you just learned: NFC cards transmit data wirelessly to any reader within a few centimeters. Some cards are encrypted (you'll see this noted). Some are not. The Flipper shows you exactly what any NFC reader can see. For cards without encryption, that's everything. Think about that next time you're in a crowded subway.

Project 3: Explore the Sub-GHz Spectrum

Time: 15 minutes

What you'll learn: Your environment is broadcasting constantly, and most of it has no security.

Steps:

1. Navigate to Sub-GHz → Frequency Analyzer
2. Watch the display—it shows RF activity in real-time
3. Walk around your house and neighborhood
4. Note which frequencies light up

What you'll see:

• ~315 MHz / ~390 MHz / ~433 MHz: Garage doors, car fobs, wireless sensors
• ~433 MHz: Weather stations, doorbells, some IoT devices
• ~868 MHz (EU) / ~915 MHz (US): Smart home devices, LoRa

Extra credit: Go to Sub-GHz → Read and try to capture signals. Press your own garage door remote (while looking at it, not the door). See the signal captured. Examine its protocol.

What you just learned: The sub-gigahertz spectrum is incredibly active. Garage doors, car fobs, weather stations, security sensors, smart home devices—they're all broadcasting. Many use static codes that can be captured and replayed. Modern car fobs use rolling codes (we'll discuss why this matters in Part 2), but older systems? Wide open.

Project 4: Your First BadUSB Payload

Time: 20 minutes

What you'll learn: Computers implicitly trust keyboards. This is a fundamental security flaw.

Payload 1 - Hello World:

1REM This is a comment - Flipper ignores these lines
2REM Simple Hello World payload
3DELAY 1000
4GUI r
5DELAY 500
6STRING notepad
7ENTER
8DELAY 1000
9STRING Hello from Flipper Zero!
10ENTER
11STRING Your computer just trusted me completely.
12ENTER
13STRING Think about what else I could have typed...

Steps:

1. Create a file called hello.txt with the payload above
2. Connect Flipper to computer via USB
3. Copy the file to SD Card/badusb/
4. On Flipper: Bad USB → hello.txt → Run
5. Plug Flipper into your computer's USB port
6. Watch it type automatically

Payload 2 - Rick Roll (for fun):

1DELAY 1000
2GUI r
3DELAY 500
4STRING https://www.youtube.com/watch?v=dQw4w9WgXcQ
5ENTER

What you just learned: When you plug in a USB device that identifies as a keyboard, your computer trusts it completely. There's no "do you trust this keyboard?" prompt. It just works. The Flipper typed those characters faster than any human could, and the computer accepted every keystroke. Now imagine a payload that opens PowerShell, downloads a script from the internet, and executes it. That's how USB-based attacks work in the real world. Physical access to a USB port is game over.

What You Just Learned

In the last hour, you discovered:

• IR has no security. Any device with an IR transmitter can control any device with an IR receiver. Line of sight, no authentication, no encryption. Your TV remote is broadcasting commands that anyone can capture and replay.
• NFC cards leak data. Every time you tap your card on a reader, any nearby NFC device can see that exchange. Encrypted cards protect the important bits, but many cards—including some you carry daily—expose more than you'd expect.
• The radio spectrum is loud. Hundreds of devices around you are constantly transmitting. Garage doors, car fobs, doorbells, weather stations, smart home devices—all broadcasting. Many with minimal or no security.
• USB trust is broken. Computers trust keyboards implicitly. Plug in a device that claims to be a keyboard, and you can type anything—including commands that compromise the system.

These aren't exotic vulnerabilities. They're fundamental to how these technologies work. The Flipper didn't "hack" anything—it showed you how these systems actually operate, which is itself the insight.

Security through obscurity fails the moment someone actually looks. You're now someone who actually looks.

What's Next

This was the foundation. You understand what hacking actually is, you've set up your Flipper properly, and you've completed four projects that demonstrate real security concepts.

In Part 2, we go deeper into every Flipper capability. You'll learn:

• How to analyze and potentially clone your own access cards (125kHz and 13.56MHz deep dive)
• Why garage door signals work the way they do, and what rolling codes actually mean
• How to write sophisticated BadUSB payloads that demonstrate real attack chains
• GPIO expansion—extending your Flipper's capabilities with hardware modules
• Everything you need to know before graduating to Kali Linux

Before then, here's what you should do:

• Explore the Momentum firmware settings and customize your Flipper
• Read your own access cards and document what you find
• Capture more Sub-GHz signals and examine the protocols
• Write a custom BadUSB payload that does something useful to you
• Join the Flipper community (Discord, Reddit, GitHub)

Your Flipper isn't gathering dust anymore. You've started down the path. Next time, we master every protocol—and you'll understand why your work badge might be less secure than you think.

The Hacker's Path

A 5-part series taking you from curious to capable.

Part 1: Introduction ✓ Part 2: Flipper Mastery Part 3: Kali Fundamentals Part 4: Exploitation Part 5: Full Audit

Part 1 Checklist

☐ Firmware: Momentum (or Unleashed) installed and configured

☐ IR Remotes: All home remotes captured into Flipper

☐ NFC Cards: Personal cards scanned, data exposure understood

☐ Sub-GHz: Spectrum explored, signals captured

☐ BadUSB: Hello World payload executed successfully

☐ Understanding: Security fundamentals internalized