CapibaraZero open-source firmware aims to offer a low-cost alternative to Flipper Zero for ESP32-S3-based hardware platforms and soon other gizmos with ESP32 wireless microcontrollers, notably the LilyGO T-Embed CC1101, similar to the original T-Embed with ESP32-S3 WiSoC, but also featuring a Texas Instruments CC1101 Sub-GHz microcontroller and an NXP PN532 NFC/RFID module.
The Flipper Zero is a popular portable multi-tool for pentesters and hardware hackers based on STMicro STM32WB55 Bluetooth 5 LE & 802.15.4 wireless microcontroller and a TI CC1101 Sub-Ghz MCU that got involved in controversies such as a ban proposal in Canada last year due to its (dubious) potential use for car theft. Since then we’ve seen several alternatives such as Monstatek M1 (that’s yet to be delivered to backers…) and HackBat open-source hardware with Raspberry Pi RP2040, ESP8266 WiFi module, and the CC1101 RF transceiver. The CapibaraZero firmware offers another way to create your own cheap Flipper Zero alternative using off-the-shelf hardware based on ESP32 microcontrollers.
Since the LilyGO T-Embed CC1101 (pictured above) is the easiest platform to get started with CapibaraZero, let’s check out its specifications:
- Wireless module – ESP32-S3-WROOM-1U
- SoC – Espressif Systems ESP32-S3 dual-core Xtensa LX7 processor
- Memory – 8MB PSRAM
- Storage – 16MB flash
- Wireless – WiFi 4 and Bluetooth 5.0 connectivity with external antenna
- Storage – MicroSD card slot
- Display – 1.9-inch IPS color TFT LCD with 320 x 170 resolution (ST7789 SPI driver)
- Wireless
- WiFi and Bluetooth from ESP32-S3
- Texas Instruments CC1011 low-power Sub-GHz RF transceiver
- Frequency bands
- 300 – 348 MHz
- 387 – 464 MHz
- 779 – 928 MHz
- Frequency bands
- NXP PN532 NFC/RFID I2C transceiver module
- Audio – Built-in microphone and “speaker slot”
- Rotary encoder
- USB – 1x USB Type-C port for charging
- Expansion – 2x Qwiic I2C connectors
- Misc
- Reset and Boot buttons
- IR receiver and transmitter
- 8x WS2812 RGB LEDs
- Battery
- 1300mAh LiPo battery
- Battery voltage detection in pin IO04
- Dimensions – 97.5 x 39 x 31 mm
- Enclosure – ABS+PC material (translucent version)
LilyGO shares PDF schematics and some code samples for PlatformIO or the Arduino IDE on GitHub. Those include the factory test and low-level samples that would be useful to people wanting to write their own firmware, but most users may want to use the CapibaraZero firmware to replicate most of the Flipper Zero capabilities.
The project is still in Beta, but the following features have already been implemented: Wi-Fi, BLE, BadUSB, NFC, some network attacks, Sub-GHZ, and infrared. Besides the T-Embed C1101 firmware image, CapibaraZero has also been released for the Arduino Nano ESP32 and the official ESP32-S3-DevKitC-1 board with either 8MB or 16MB flash, although you’d need to add external modules for an ST7789 display, Sub-GHz, NFC, and IR Tx/Rx to get the full functionality.
LiliyGO T-Embed CC1101 can be purchased on AliExpress for about $67 shipped or on Amazon for $60, or quite cheaper than the $169 asked for the Flipper Zero with admittedly better support and a larger community of users.
Via Liliputing
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
Just tried it on my T-Embed C1101. Seems to be a bit flaky, crashes in the middle of certain operations. But it’s early days still, so let’s see how it progresses!
As an aside, the schematic for the T-EMbed CC1101 does indeed show a LoRa peripheral, as is also highlighted in the top left corner of your pinout diagram. However, there doesn’t seem to be much documentation about the specific LoRa chip in use, and I wonder where its antenna is. The T-Embed CC1101 is also not referenced among the “LoRa series” devices on its github repo, making me wonder a little about the utility of the LoRa transceiver in this device.
The CapibaraZero firmware has the following hardware requirements:
I’m a bit confused since the CC1101 should be the chip handling Sub-GHz, but if there’s a LoRa chip involved, it could be the SX1276.
According to https://github.com/Xinyuan-LilyGO/T-Embed-CC1101/blob/master/hardware/T-Embed-PN532%20V1.0%2024-07-29.pdf and the block labeled LORA, the chip/module in question is HPD24A2, which appears to be an HPDtek 24A (revision 2?).
There is practically nothing online about this chip that I can find, though, and even LilyGo don’t seem to be making much use of it (if it is even on the board – I have not yet opened mine to have a close look!)
I did find an article by Debashis Das referring to the HPD13A, which is apparently based on the SX1276, so it would be great to discover what the 24A2 is built around. (https://circuitdigest.com/microcontroller-projects/arduino-lora-communication-with-the-things-network)
Maybe it’s a typo, and they mean HPD14A?
https://forum.arduino.cc/t/interfacing-lora-sx1278-hpd14a-with-arduino/575587
“Ring RGB light (7x LEDs)”
Image shows 8.
I wrongly assumed the encoder had the same design as in the T-Embed. I was obviously wrong…
Any cheaper alternatives to lilygo? That’s still 80€+ delivered to europe.