PRICE REDUCED!!!

Dolphin experimenters kit for Flipper Zero

NOW INCLUDES Flipper Zero - SubGHz Dorsal Q433RT daughterboard

What's included in the kit:

• Version 1.4 of the Dolphin Flipper Zero experimenters board (not available separately at this time) Some photos show v1.3. The only difference between 1.3 and 1.4 is the location of the silkscreen of the power indicator LEDs, no soldering required
• SubGHz Dorsal Q433RT daughterboard for testing 433Mhz both transmit and receive
• Dorsal DR28 dual row header adapter for modules such as CC1101 that have a dual row header, up to 2x8, soldering required
• One “ESP32 WROOM” module for Marauder, if requested it will be programmed for no charge but may take a day or two longer to ship
• One “ESP8266 WEMOS D1 Mini” module for deauther, soldering is required for the pin headers, if requested it will be programmed for no charge but may take a day or two longer to ship
• One “NRF24L01+” for mousejacker and wireless Bad USB
• One "AHT10" I2C temperature/humidity module, has pullup resistors, soldering required for the pin headers.
• One "HTU21D" I2C temperature/humidity module, has pullup resistors that are disabled, can be enabled by the solder jumper pads, soldering required for the pin headers.
• One “HC-SR04 Ultrasonic Range Finder” Module
• Two rewritable NTAG 215 round NFC tags, TAGMO compatible (Flipper Zero can't yet write to NFC)
• One RFID 125Khz key fob, rewritable
• Ten 10cm female to female Dupont jumper wires
• Ten 10cm male to female Dupont jumper wires
• Ten 10cm male to male Dupont jumper wires
• Four 2-pin jumper shunts. These are for i2c voltage select, i2c pull-ups enable/disable, UART voltage select, and LED power indicators enable/disable. Don’t forget to install these on your board or you’ll be scratching your head asking, “why isn’t this working?”.

==============================================================================

Dedicated experimenting areas on the Dolphin board

The Wi-Fi Modules area

• The headers in this area will accommodate the WEMOS D1 Mini (deauth), ESP8266 Devkit (deauth), and ESP32 WROOM (Marauder). These devices are powered by +3.3V and only the required pins are connected to the module headers, all the other pins are not connected.

NRF24L01 area

• There's a dedicated header for the NRF24L01+ with PCB antenna or the NRF24L01+PA+LNA with external antenna, the external antenna may need some support (3D print?). There are through-hole footprints for .1uf and 10uf capacitors across the power pins if it's found that they are needed. I never needed those caps for my testing. The capacitors are not included.

I2C area

• There's a dedicated area for experimenting with I2C devices. This area has 12 unique combinations of 4-pin device pinouts, six rows horizontally; 6 left-to-right and the same 6 right-to-left for 12 combinations. In addition, it has a "STEMMA" JST PH 4-pin connector and a "QWIIC" JST SH 4-pin connector for I2C devices that utilize those style connectors (STEMMA and QWICC cables not included). Devices that use those connectors can be daisy-chained.
• There are two jumpers in the I2C area, one allows I2C voltage selection of +5V or +3.3V and the other enables or disables the 10K i2c pull-up resistors. If the pull-up resistors are enabled, they will be pulled up to the jumper selected I2C voltage. See the photos that show five I2C devices plugged in at one time using various methods.

Breadboard area.

• The breadboard area resembles a standard breadboard but it is tailored a bit to the Flipper Zero; instead of five rows on each side it has three (space limitations), instead of power rails on each side it has all 15 pins from the Flipper Zero on each side.

• There are three, 4-pin headers toward the bottom of the breadboard area with 5v-GND-3.3v-GND.

• In this breadboard area, a person will be able to test many different devices, for example an I2C device with a pinout that's not available in the I2C area.

• Instead of having a device hanging off of wires coming out of the Flipper Zero, the device can be plugged into the breadboard area and it will all be contained on the Dolphin board.

• For many cases instead of running jumper wires from the Flipper Zero to an external breadboard, it can all be done on the Dolphin breadboard area and be portable at the same time.

• Some items that the breadboard area will not accommodate are the ESPxx Devkit type modules because they're so wide. BUT, one row pins on these modules can be plugged into the breadboard and the floating row of pins can be jumped to any required signals with the standard DuPont type jumpers (included). In this way the module is secured on the Dolphin board and not dangling from wires hanging out of the Flipper Zero. See photos for an example. The photos show a WROOM module plugged into the breadboard area. The WROOM will actually plug directly into the Dolphin board with no jumper wires. But if you had another variation of a wide module, that is how you could use it on the Dolphin board.

• For simple breadboard projects the DuPont type jumper wires are included, but for a nice-and-tidy setup the standard 22 gauge breadboard jumpers can be used (not provided but recommended). One roll of 22 gauge solid core wire will make a bunch of breadboard jumpers.

• As with any breadboard there are many possibilities.

• The breadboard area is also ripe for custom add-on modules, one of which will be released very soon

Other features include:

• A 4-pin UART breakout header with selectable voltage
• A dedicated header for the included HC-SR04 Ultrasonic Distance Sensor
• An 8-pin breakout header for SPI bus related pins
• LED indicators for +5V and +3.3V with an enable/disable jumper; if the LEDs are bothersome, you can pull the jumper off.
• Some soldering is required for the temp sensor module pin headers. If you don't know how to solder and you're getting into this kind of thing then it would be beneficial and fun to learn. There's nothing hard about basic soldering. If I were starting out I'd try one of the highly recommended USB powered soldering irons; TS80, TS100, or similar, but there are dozens of other good choices. I have a semi-fixed temperature Weller that I've been using for years.

==============================================================================

Tips on using the Dolphin board

Following are usage tips for testing particular to the Dolphin board and included modules.

• Only tests that are particular to this board and included modules are discussed. In general, if anyone is having problems with a particular application, support requests should be directed at the developer of the application or perform an Internet search for the problem. The Flipper Zero apps and third party firmwares have a lot of idiosyncrasies.

• When plugging anything into the Dolphin board double check to be sure the pins are in the correct location. It's easy to be off by a pin or two or get something backwards if not paying attention. I haven't fried a Wi-Fi board yet but had one plugged in backwards with no damage. I did fry an i2c device, more on that later.

Wi-Fi Modules

The Dolphin board is clearly marked where the Wi-Fi modules are to be installed, be sure to have the antenna end of the modules to the right of the Dolphin board where the antenna symbol is. Be sure to line up the far right pins to the far right pin hole.

Wi-Fi Deauth

• To use the WEMOS D1 Mini (included) or the ESP8266 Devkit (not included) for deauth testing you need to use the Deauther “V2” app and RogueMaster firmware (or other firmware compatible with the Deauther V2). https://github.com/Timmotools/flipperzero_esp8266_deautherv2

• The V2 version only requires four pins to be connected where the other deauther app requires several more. If you try to run other than the V2 app and get, "insert the board", then you know you didn't choose the V2 app. If you installed the V2 app and can't find it or it won’t run, then flash the Flipper Zero with the RogueMaster firmware as I know this works and I think the Deauther V2 app is included in the RogueMaster firmware. I'm constantly switching between firmwares because not all apps work with all firmwares (it can be a pain). Some apps won't even appear where other will be there but won't run. I haven’t looked into why this is. I currently use RogueMaster, Unleashed, and Xtreme firmwares. RogueMaster is my preferred go-to at this time

Wi-Fi Marauder

• ESP-WROOM-32 Module This module is wider than the WEMOS D1 and the ESP12 Devkit modules. Use the Marauder app for this module. All the firmwares I have used all have the Marauder app.

My experience with Wi-Fi modules.

• I deauthed my local Wi-Fi thinking all it would do is interrupt the connections and once the attack was over the devices would simply reconnect like the YouTube videos show. Well, my TV reconnected to my guest network instead of my main network and a couple of days later it took me a while to figure out why I couldn't access my local Plex server. I was asking myself, "Why is the TV connected to guest...?” Oh yeah, I deauthed it. Other devices were kicked offline and I had to manually get them back online, my HP Printer was one of them.

• I had to do the Rick-Roll attack, doesn't everyone?

• I haven't messed around with the sophisticated features of the Marauder yet.

NRF24L01+

• It's obvious where this module gets inserted and the orientation. You can use the NRF24L01+PA+LNA as it has the same pinout. I don't have one so I haven't tested it but I'm thinking for extended use with this module the external antenna may need some support.

My experience with the mouse scanner and mousejacker.

• I happen to have three older Logitech wireless mice that haven't been patched against the mousejack attacks. If you have any older Logitech wireless mice and you haven't run the Logitech software, then DON'T. The Logitech software will patch the dongle and you won't be able to mousejack it. I don't know if it does it on its own or if you have to tell it to patch it. All Microsoft branded mice that are vulnerable will be patched as soon as they're plugged into a Windows machine.

• When you run the sniffer, the mouse and dongle need to be communicating, I just keep moving the mouse until the sniffer picks up the address. Once it has an address it stores it in a file, then you use mousejacker, which should use that stored address file to list the addresses to choose from. Then you choose which Bad USB script to send over the air. This method worked for me and I think it’s the way it’s meant to be done. When my wife was using my computer I attacked it using one of the scripts that will text-to-speech whatever text you type into the script, I did it again when company was here using that computer. Pretty funny! Be careful as there are some nasty scripts. Read the scripts before you run them! Several of the scripts I can't really tell what they are doing so I don't even think about trying to run them. Several of them access the internet to download files, I don't want to find out what those files do even though they have seemingly innocent names.

• What I found during my testing is that the addresses for the mouse and the dongle end in the same characters, when you choose an address be sure it's the address of the dongle and not the mouse. I don't know if it's true for all mice, but it bit me once and I couldn't figure out why I couldn’t mousejack a certain address that had previously worked; I had selected the wrong address because I was only referring to the last characters of the address.

• https://github.com/mothball187/flipperzero-nrf24

I2C testing

• The I2C area has 6 rows of pinouts and you can get 12 different pinout combinations by having pin 1 on the right or left. I've had three I2C devices plugged into this area at one time. There are also a couple of combinations that are vertical. Study the diagram on the Dolphin in the I2C area and you will see how that works. For instance, the top row is labeled VGDC, that means the far left pin of that row is +V, so from left to right it's +V, GND, SDA, SCL. If you have an I2C device with that order of pins you use that row, and so on. If you have a device that doesn't match any of the rows, then you can plug it into the breadboard area and use jumper wires from one of those rows or from one of the 15 pin Flipper signal headers in the breadboard area. If you have a QWIIC or STEMMA device then that is pretty straight forward and you plug the cable into the appropriate connector.

• With I2C it's required to have the SCL and SDA lines pulled high by resistors to VCC. Some devices have on board pullups and some don't. It's only required to have one pullup on each line no matter how many devices are on the lines. If you have several devices on the lines and they all have pullups, it could cause issues where they can't be pulled low enough by a device and thus not be able to communicate. On some devices you can unsolder a jumper to disable the pullups. If you have a single device or several devices attached with no pullups or the pullups are disabled, then place the "i2c 10K PULLUP" jumper across the pins.

• A word of caution about I2C voltage selection: Be sure “all” connected devices are 5 volt if you have the VCC selector on 5 volts. The supplied AHT10 can work on either 5v or 3.3, the HTU21D is 3.3V only.

• I semi-fried an AHT10 device from plugging it into the correct row but had it backwards. It still worked but got REALLY hot, it read correctly at first but it got so hot it skewed the temperature. I fixed that module by removing all the SMD components that had to do with switching between 5V or 3.3V, then soldered jumper wires to complete the connections. That particular device is now 3.3V only.

• You can have both of the included temp sensors plugged in at the same time if the headers are soldered so they extend out the bottom of the module. They will then plug into the top two rows facing away from each other.

• The following link is the app I like best for these temperature/humidity sensors as it will display them one at a time or all at once if you have more than one connected: https://github.com/quen0n/unitemp-flipperzero. Thanks to "quen0n" for that app.

HC-SR04 Ultrasonic Distance Sensor

• Just to be safe, unplug all other devices/modules when using the HC-SR04. When this device is plugged into the dedicated header with only 3.3V from the Flipper and 5V not yet turned on, a small voltage, about 2.5V, is leaked out its 5V pin and the 5V LED on the Dolphin board lights up a little bit. I verified that it is the sensor and not something wrong with the Dolphin board. Pin 13 & 14 coming out of the Flipper are pulled high to 3.3V and HC-SR04 device somehow feeds that back out through its 5V pin.

• This module is pretty easy to setup, plug the module into the dedicated header at the top of the Dolphin board with the transducers pointing away from you, +5V on the right. Go to the GPIO main menu on the Flipper Zero and turn on 5V then run the app.

==============================================================================

Other Flipper Zero experiences

• Weather Station. I was able to read my old 433Mhz temp/humidity sender I have, I think it’s Lacrosse brand.
• Emulated Amiibos on my Nintendo
• Remote controlled my TV’s
• Played games
• Messed with RFID and NFC
• A bunch of other fun stuff!

==============================================================================

A note about returning items

• If the Dolphin board has a defect then it will be replaced free of charge if it is shipped back and verified to be defective. The sensors and modules will be considered on a case by case basis and may need to be sent back for evaluation.