Small, portable, and customizable hardware used for a wide variety of hacking tasks has become increasingly popular in the past few years. Since the release of the FlipperZero in 2022, many projects have been created to enable the same features available on the FlipperZero using less expensive hacking devices that support a wide range of functionality.
One of Paul’s FlipperZero devices, including the Wifi Devboard and a custom 3D printed case.
These small, largely ESP32-based devices, with open-source firmware, let you carry powerful offensive tools in your pocket. Some of the functionality includes:
- WiFi and Bluetooth attacks – Carry out an evil portal attack in your pocket.
- RFID/NFC attacks – Clone access cards of various types.
- RF attacks, including SubGHz communications – Interact with devices that communicate at SubGHz frequencies, e.g., vehicle access gates.
- IR (Infrared) attacks – Control devices that use IR communication, such as TVs and air conditioners.
- BadUSB attacks – You just never know when you may need to break out a USB HID attack and inject a payload.
- Hardware interfaces (E.g., SPI, UART)
This year, even more new hardware hacking devices have become available, with more features, including support for additional wireless protocols/radios, I/O ports, better batteries, and more. Whether you already have some of these devices or are looking to acquire them, the newer versions of my favorite devices make exciting additions to your hacking arsenal (and, of course, great gifts for your friends and family, or yourself!). Below is a list of my favorite devices, all of which have recently released new and improved versions:
Lilygo T-Embed CC1101 Plus
Many are touting this device as the best alternative to the FlipperZero (myself included). Priced at around $60 (compared to the $199 FlipperZero), the T-Embed CC1101 Plus is a T-Embed CC1101 with an nRF24L01 module added. It features WiFi/Bluetooth/BLE, microSD card slot, IR, RFID, SubGHz (CC1101), and the nRF24L01 for raw 2.4 GHz communications. Compared to the FlipperZero, the significant differences are:
- The FlipperZero supports both HF (13.56 MHz) and LF (125 kHz) RFID, while the T-Embed supports only HF RFID.
- The FlipperZero has a complete set of GPIO, while the T-Embed has a set of Qwiic connections.
- The T-Embed does have a slightly larger display (1,9” IPS TFT with color support)
- The FlipperZero has a larger capacity battery (2000 mAh vs. the T-Embed’s 1300 mAh)
The Bruce firmware supports the T-Embed CC1101 plus, enabling access to an extensive library of monitoring and attack tools.
M5Stack Cardputer ADV
The Cardputer ADV is essentially a pocket-sized ESP32 “laptop” with a built-in keyboard, display, and battery, making it a great host for penetration-testing and general-purpose tinkering. With WiFi/Bluetooth/BLE, IR, a Grove connector, a 14-pin GPIO, and SD card support, it can pivot between roles to launch WiFi attacks, act as an IR blaster, or even serve as a quick-and-dirty serial terminal. The best firmware, and there are many, are Bruce (for penetration testing) and TV-Be-Mine (for IR hijinks against TVs and similar devices). The Firmware Installer and App Marketplace, called M5Launcher, lets you flash, manage, and swap firmwares without firing up esptool.
Bus Pirate 6
Bus Pirate 6 is the latest evolution of the “Swiss ARRRmy knife” of hardware hacking, building on the RP2040-based Bus Pirate 5 work while upgrading to the new RP2350 microcontroller and adding serious quality-of-life features. The RP2350 gives the Bus Pirate 6 more RAM, more I/O pins, and faster cores, resulting in better protocol support and reduced reliance on external shift registers.
Key improvements and features include:
- RP2350B microcontroller with dual ARM M33 cores, 512 KB RAM, and 128 Mbit flash, providing plenty of space for scripts, captures, and firmware images.
- A 320×240 IPS LCD that shows pin labels, live voltage, and current consumption, so you can sanity-check your wiring and power draw at a glance.
- Eight IO units with level-shifted 1.2-5 V support and buffering, making it safer to attach to unknown boards and less likely to back-power targets.
- Eighteen RGB LEDs and a single scriptable button, used for UI feedback and automation (for example, indicating protocol state).
From a practical standpoint, Bus Pirate 6 is ideal when you are doing:
- UART, I2C, SPI, 1-Wire, or other low-level debugging, with an interactive console and a built-in, follow-along logic analyzer to see what the bus is really doing.
- SPI flash extraction and firmware dumping for routers, PCs, and embedded devices, using the same techniques outlined for Bus Pirate 5 but with more headroom and more convenient hardware.
If you already rely on Bus Pirate 5, Bus Pirate 6 will feel familiar: same philosophy, similar console-driven workflow, but with better silicon, better instrumentation, and a more polished hacking experience.
HackRF Pro
HackRF Pro is the next-generation open-source SDR from Great Scott Gadgets, designed as a drop-in upgrade for HackRF One that dramatically improves RF performance and flexibility. It covers an operating frequency range from roughly 100 kHz to 6 GHz (tunable from 0 Hz to about 7.1 GHz), encompassing all of the classic HackRF One territory but extending farther down for low-frequency experiments.
Under the hood, HackRF Pro swaps the older CPLD (Complex Programmable Logic Device) for a power-efficient FPGA. It adds more RAM and flash, enabling new modes and custom firmware without sacrificing compatibility with existing HackRF software.
For everyday use, the quality-of-life improvements are just as substantial: USB Type‑C, a built‑in TCXO (Temperature-Compensated Crystal Oscillator) for better frequency stability, improved power management, shielding around the RF section, and a flatter frequency response that significantly reduces noise and removes the classic DC spike. HackRF Pro remains compatible with popular SDR tooling such as GNU Radio, and supports triggers and clock I/O via SMA connectors for synchronized, multi-device setups.
ESP32 Firmware
While hardware is cool, it doesn’t do anything for you (other than look cool) without firmware. While you can develop your own firmware and applications using Arduino or MicroPython, others in the community have already developed robust firmware. Here are some of my favorite options:
Launcher
Launcher is an excellent firmware distribution for a wide range of ESP-32 devices. It allows you to dynamically load different firmware distributions. It can load firmware from an SD card or download and install firmware OTA. It has a web-based interface for managing settings and files on the SD card (which is handy if you want to update or add new firmware; you don’t have to remove the SD card, as you can just pop a new one via the web interface). If you want to grab a bunch of pre-built firmware, the developer maintains this site: https://bmorcelli.github.io/Launcher/m5lurner.html, where you can download many different firmware distributions. Rename the files, then copy them to your SD card. Once you boot the Launcher, you can choose which firmware to load.
- Purpose: Loads a different firmware distribution at runtime from an SD card or Over-The-Air
- Firmware: https://github.com/bmorcelli/M5Stick-Launcher
- Web Flasher: https://bmorcelli.github.io/M5Stick-Launcher/
Note: I am still testing these scripts, but I created a set of Python tools to download firmware and supporting files for loading onto SD cards for various devices. These scripts allow you to create a configuration file to define where and how to download the files, then automate the collection process. You can find the code here: https://github.com/pasadoorian/SD_Sync. Feedback and pull requests are welcome!
Bruce
Bruce is the closest thing to the FlipperZero, allowing you to launch a wide variety of attacks supporting a wide variety of hardware.
- Purpose: Allows the user to launch various RF attacks, including WiFi, Bluetooth, BLE, SubGHz, or Infrared
- Firmware: https://github.com/pr3y/Bruce
- Web Flasher: https://bmorcelli.github.io/Launcher/
ESP32-Bus-Pirate
Using an actual Bus Pirate (or similar, special-purpose device such as the Tigard) for protocol debugging is your best bet; the ESP32 alternative works in a pinch! Using the ESP32-Bus-Pirate firmware, you can turn your device into a protocol Swiss Army knife. While tedious to use, it lets you carry one device that can do it all, rather than several devices.
- Purpose: Open-source firmware that turns your device into a multi-protocol hacker’s tool, inspired by the legendary Bus Pirate.
- Firmware: https://github.com/geo-tp/ESP32-Bus-Pirate
- Web Flasher: https://geo-tp.github.io/ESP32-Bus-Pirate/webflasher/
Holiday Hacking Wrap‑up
Each of these tools fills a different niche in a modern hardware-hacking kit: ESP32 gadgets like the T‑Embed and Cardputer ADV handle RF, IR, and NFC attacks; Bus Pirate 6 is handy for low-level bus exploration; and HackRF Pro brings serious RF coverage and signal quality. With flexible firmware ecosystems such as Launcher, Bruce, Marauder, and more, you can repurpose the same hardware in minutes, which is ideal when bouncing between red-teaming, lab research, and late-night tinkering over the holidays. Whether you are gifting gear or upgrading your own tools, this new generation of portable hardware puts a lot of power into a very small stocking, er, package.
