CapibaraZero firmware enables low-cost Flipper Zero alternatives based on ESP32-S3 hardware

CapibaraZero open-source firmware aims to offer a low-cost alternative to Flipper Zero for ESP32-S3-based hardware platforms and soon other gizmos with ESP32 wireless microcontrollers, notably the LilyGO T-Embed CC1101, similar to the original T-Embed with ESP32-S3 WiSoC, but also featuring a Texas Instruments CC1101 Sub-GHz microcontroller and an NXP PN532 NFC/RFID module.

The Flipper Zero is a popular portable multi-tool for pentesters and hardware hackers based on STMicro STM32WB55 Bluetooth 5 LE & 802.15.4 wireless microcontroller and a TI CC1101 Sub-Ghz MCU that got involved in controversies such as a ban proposal in Canada last year due to its (dubious) potential use for car theft. Since then we’ve seen several alternatives such as Monstatek M1 (that’s yet to be delivered to backers…) and HackBat open-source hardware with Raspberry Pi RP2040,  ESP8266 WiFi module, and the CC1101 RF transceiver. The CapibaraZero firmware offers another way to create your own cheap Flipper Zero alternative using off-the-shelf hardware based on ESP32 microcontrollers.

CapibaraZero ESP32-S3 Flipper Zero alternative

Since the LilyGO T-Embed CC1101 (pictured above) is the easiest platform to get started with CapibaraZero, let’s check out its specifications:

  • Wireless module – ESP32-S3-WROOM-1U
    • SoC – Espressif Systems ESP32-S3 dual-core Xtensa LX7 processor
    • Memory – 8MB PSRAM
    • Storage – 16MB flash
    • Wireless – WiFi 4 and Bluetooth 5.0 connectivity with external antenna
  • Storage – MicroSD card slot
  • Display – 1.9-inch IPS color TFT LCD with 320 x 170 resolution (ST7789 SPI driver)
  • Wireless
    • WiFi and Bluetooth from ESP32-S3
    • Texas Instruments CC1011 low-power Sub-GHz RF transceiver
      • Frequency bands
        • 300 – 348 MHz
        • 387 – 464 MHz
        • 779 – 928 MHz
    • NXP PN532 NFC/RFID I2C transceiver module
  • Audio – Built-in microphone and “speaker slot”
  • Rotary encoder
  • USB – 1x USB Type-C port for charging
  • Expansion – 2x Qwiic I2C connectors
  • Misc
    • Reset and Boot buttons
    • IR receiver and transmitter
    • 8x WS2812 RGB LEDs
  • Battery
    • 1300mAh LiPo battery
    • Battery voltage detection in pin IO04
  • Dimensions – 97.5 x 39 x 31 mm
  • Enclosure – ABS+PC material (translucent version)
T-Embed CC1101 pinout diagram
T-Embed CC1101 pinout diagram

LilyGO shares PDF schematics and some code samples for PlatformIO or the Arduino IDE on GitHub. Those include the factory test and low-level samples that would be useful to people wanting to write their own firmware, but most users may want to use the CapibaraZero firmware to replicate most of the Flipper Zero capabilities.

The project is still in Beta, but the following features have already been implemented:  Wi-Fi, BLE, BadUSB, NFC, some network attacks, Sub-GHZ, and infrared. Besides the T-Embed C1101 firmware image, CapibaraZero has also been released for the Arduino Nano ESP32 and the official ESP32-S3-DevKitC-1 board with either 8MB or 16MB flash, although you’d need to add external modules for an ST7789 display, Sub-GHz, NFC, and IR Tx/Rx to get the full functionality.

LiliyGO T-Embed CC1101 can be purchased on AliExpress for about $67 shipped or on Amazon for $60, or quite cheaper than the $169 asked for the Flipper Zero with admittedly better support and a larger community of users.

Via Liliputing

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

ROCK 5 ITX RK3588 mini-ITX motherboard
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
8 Comments
oldest
newest
Rogan Dawes
Rogan Dawes
7 hours ago

Just tried it on my T-Embed C1101. Seems to be a bit flaky, crashes in the middle of certain operations. But it’s early days still, so let’s see how it progresses!

Rogan Dawes
Rogan Dawes
7 hours ago

As an aside, the schematic for the T-EMbed CC1101 does indeed show a LoRa peripheral, as is also highlighted in the top left corner of your pinout diagram. However, there doesn’t seem to be much documentation about the specific LoRa chip in use, and I wonder where its antenna is. The T-Embed CC1101 is also not referenced among the “LoRa series” devices on its github repo, making me wonder a little about the utility of the LoRa transceiver in this device.

Rogan Dawes
Rogan Dawes
2 hours ago

According to https://github.com/Xinyuan-LilyGO/T-Embed-CC1101/blob/master/hardware/T-Embed-PN532%20V1.0%2024-07-29.pdf and the block labeled LORA, the chip/module in question is HPD24A2, which appears to be an HPDtek 24A (revision 2?).

There is practically nothing online about this chip that I can find, though, and even LilyGo don’t seem to be making much use of it (if it is even on the board – I have not yet opened mine to have a close look!)

I did find an article by Debashis Das referring to the HPD13A, which is apparently based on the SX1276, so it would be great to discover what the 24A2 is built around. (https://circuitdigest.com/microcontroller-projects/arduino-lora-communication-with-the-things-network)

Rogan Dawes
Rogan Dawes
2 hours ago
willmore
willmore
1 hour ago

“Ring RGB light (7x LEDs)”
Image shows 8.

Benjamin Hojnik
1 hour ago

Any cheaper alternatives to lilygo? That’s still 80€+ delivered to europe.

Boardcon Rockchip RK3588S SBC with 8K, WiFI 6, 4G LTE, NVME SSD, HDMI 2.1...