Fissure – AIS Home | Assured Information Security

A Recap of My DEF CON 2024 Presentation on FISSURE Updates

A1Sadmin — Thu, 15 Aug 2024 17:23:41 +0000

By Chris Poore,
Senior Reverse Engineer
Two minute read

It was an honor to present the latest updates to FISSURE at the DEF CON Radio Frequency Village in Las Vegas this past Saturday, August 10.

FISSURE UPDATES

One of the key updates I showcased was the introduction of deployable remote sensor nodes. These nodes are run on general-purpose computers (single-board computers, mini-PCs, laptops, desktops, etc.) and control many types of radio peripherals. They can also receive input from just about any type of sensory device that can be controlled by a computer.

To seize the opportunity presented by this new deployment scheme, we added a variety of example triggers (acoustic, environmental, filesystem, networking, RF, time and visual) that can be used to kick off many types of electromagnetic effects/actions supported by FISSURE. Additionally, we added a new type of playlist that can run scripts simultaneously across multiple radio peripherals to increase productivity on a sensor node. This new playlist type can be controlled over a network through the FISSURE Dashboard GUI or operate independently upon startup of the sensor node to execute any number of automated tasks.

Another topic that was covered were changes to the Target Signal Identification tab – the beginning component of FISSURE that will detect, isolate and classify signals using machine learning. The new signal conditioner, feature extractor and signal classifier elements provide a testbed for maturing algorithms across a range of topics and comparing machine learning models for classifying RF protocols and emitters.

These updates to FISSURE significantly enhance its versatility and compatibility across various environments, empowering users to tackle a broader range of geospatial scenarios. The improvements not only provide access to additional platforms but also enable greater situational awareness by triggering responses based on environmental conditions. With the integration of remote access capabilities and room for increased automation, FISSURE becomes an even more powerful tool, allowing users to efficiently manage operations and respond to dynamic situations with agility and precision.

Download the Infosheet

We’ve also made it easier to conduct remote and cost-effective testing. Now, cybersecurity professionals can access specialized RF environments globally, whether they’re working from home or a remote location, without the need for physical presence at a specific site.

If you missed my presentation at DEF CON, don’t worry! A pre-recorded version will be available soon through the RF Village and linked to in the GitHub page.

Next up, I’ll be taking my blackjack winnings and attending the Binghamton University STEM Job and Internship Fair and then GRCon in mid-September. I’m looking forward to connecting with more of you there and discussing how FISSURE can continue to meet the evolving challenges in RF and reverse engineering. See you soon!

Be sure to star FISSURE on Github:
https://github.com/ainfosec/FISSURE

FISSURE: Navigating the Open-Source Realm

A1Sadmin — Fri, 09 Feb 2024 16:43:00 +0000

By Chris Poore,
Senior Reverse Engineer
Eight minute read

Embarking on an open-source project can feel like exploring uncharted territories. Just like any programming endeavor, whether you’re designing a video game or creating on GitHub, the journey of bringing your ideas to life is a time-consuming but rewarding experience. The simpler the idea, the quicker it will be to develop. The narrower the focus, the easier it will be to maintain. But what happens when your winning idea for a project is very ambitious? How do you get it off the ground and make it relevant in the public eye before it is too late? In this blog post, let’s delve into the world of open-source through the lens of AIS’s project “FISSURE,” exploring its inception, current status and the pathways for success.

The FISSURE Journey

FISSURE is an open-source project developed by AIS and was released to GitHub in August of 2022. At its core, it’s a radio frequency (RF) framework for reverse engineering signals and keeps commonly used software tools together in one place. It contains reference and lesson material relating to RF topics along with a growing library of RF protocol and signal data. It’s a one-stop shop for installing software, experimenting with tools, learning about new topics, speeding up analysis and providing a testbed for future development of advanced topics.

Following its debut at the DEF CON Demo Labs and the GNU Radio Conference, FISSURE garnered attention from various platforms such as Hackaday, HackTricks, KitPloit, RTL-SDR.COM and DragonOS. The project unfolded its roadmap, designed a distinctive logo and engaged in outreach efforts through industry days, career fairs and events hosted by the Griffiss Institute and AFCEA. We have posted videos and information across social media sites like YouTube, Twitter/X, Facebook, LinkedIn and Discord. We applied to Google Summer of Code and continuously advertise a list of potential project ideas and to-do items. We have held capture-the-flag (CTF) events, both internal to AIS and for the public, to familiarize new users with the software (see 2023 FISSURE Challenge at fissure.ainfosec.com). Personally, I have tried to make inroads into the world of ham radio by getting a license, going to field day and chatting with the local radio club.

Download the Infosheet

Despite the initial acclaim, primarily from the Hackaday bump common among many open-source projects, FISSURE faced the challenge of sustaining growth. While sufficient levels of GitHub stars and visibility in search results were achieved, the project lacked regular contributors. If you find yourself in a similar position with your project, don’t let that get you down. This scenario is not uncommon for developers juggling open-source commitments alongside their day jobs. In the case of FISSURE, there are other indicators of measurable progress besides contributions, and all the recent work performed since its release presents a solid foundation to take things to the next level.

Navigating the Path to Success

The measurement of success for an open-source framework like FISSURE is the size of its community and the quality of the product. These elements are interdependent, with growth in one area often influencing the other. The key lies in addressing both aspects concurrently. The most pressing action items for FISSURE are to flush out the base capabilities as quickly as possible and to acquire regular contributions to help speed up development. This requires a multi-faceted approach which targets the external side open to the public and the internal side that we, AIS, are responsible for upholding as the caretakers of the project.

External Strategies

1.

Framework Enhancement: FISSURE must flesh out its base capabilities and increase the number of modular areas that can draw in contributions. FISSURE covers many technical areas and as a result, certain submodules are still a work in progress. We at AIS are continuously doing our best to integrate new ideas as well as push several code changes. It’s important to know that even if there are no recent commits to the FISSURE GitHub repository, work is still being done behind the scenes at AIS across many topics at once.

2.

Practical Examples: FISSURE needs practical scripts and actions that users can readily employ. A bare framework is useless to the majority of users who do not have the time to fill it out from scratch on their own. Imagine a framework like Metasploit, but without any practical examples. Adding these examples is a priority for 2024 and we expect to have dedicated time for filling out our list of algorithms and expanding the ways in which FISSURE can be utilized.

3.

Direct Engagement: Finding individuals with immediate needs and tailoring FISSURE to meet those needs can be a direct and effective approach. This involves engaging with communities, forums, educators and researchers actively involved in specific RF protocols or applications. The development of FISSURE can benefit from engagement with educators and students involved with computer science, electrical engineering and cybersecurity. The following types of classes are examples where FISSURE could supplement education: Open-Source Software Engineering, Signals and Systems, Digital Signal Processing, Software-Defined Radio and Wireless Security. As a general action to help your project, take advantage of professional connections and discuss what your project can do to help them. Try to make new contacts and find where like-minded people congregate.

4.

Social Media Presence: Consistent content creation and engagement on social media platforms, showcasing the capabilities of FISSURE, is crucial for visibility and community building. People love to see things being hacked and software/hardware tools in action. To help with your content creation, consider holding regular events throughout the year such as CTFs and participating in technical outreach programs. There’s always a chance that something unique and fun that you do will go viral. Checking up on the relevant technical communities across social media is also a nice way to keep up with the latest news in technology and it can help build long-distance connections. I think checking in on social media (responsibly) is something more people in technology fields should be pursuing.

Internal Strategies

1.

Organizational Involvement: Participate actively in regular events such as: conferences, socials, tutorial sessions, classroom exercises, company sanctioned CTF events and other organization’s CTF events to better understand today’s popular challenges and tools. Provide marketing material, keep up with business development, and propose IRaD ideas that address items in your project roadmap.

2.

Cross-Team Awareness: Stay in touch with your colleagues to understand their technical areas of expertise and the tools they use regularly to see if there is any overlap. Encourage awareness of your project across teams and departments within the organization. Involve your project in as many daily tasks as possible to keep it relevant and to avoid duplication of effort. Subscribe to chat channels to keep up on project status. Go out of your way to create a GitHub/social media account, star a project, follow an account, share a post or leave a comment. Keep in mind success for any project within your organization typically means more success for you.

3.

Networking and Recruitment: Actively seek skilled labor in your area of expertise, surround yourself with like-minded people, involve interns with your project to build up a new generation of talent and know who, when and where to show off marketing material for your project.

What Lies Ahead for FISSURE

FISSURE’s evolution involves transitioning to a sensor node deployment scheme capable of connecting multiple computers with their own radios and peripherals that can be controlled remotely or run autonomously. This will facilitate many geospatial scenarios such as direction finding, tracking, perimeter defense, remote access for employees who need to do RF testing and providing a global gateway for advanced laboratory environments. The automated scripts combined with lightweight, compact computing options will unlock several more possibilities for subjects like wardriving, warshipping, UAS payloads and logging/tracking at key locations of interest.

Finishing the envisioned base capabilities for FISSURE will produce an end-to-end demonstrable capability that rounds out the framework instead of including separated features that do not interconnect. These interconnections will open the door for automation and artificial intelligence in RF reverse engineering. Specific actions in mind for 2024 are completing the integration of the Signal Classifier component, updating the Protocol Discovery component to act on known and unknown signals and integrating the sensor node capabilities mentioned above.

The new algorithms in focus for this year will be centered around practical IoT capabilities stemming from research, demonstrations and testing systems of interest. This will include scripts and flow graphs for sniffing, spoofing, man-in-the middle, fuzzing, jamming, denial of service, probing, installation of malware, misuse of resources, packet crafting and replay.

As FISSURE’s journey unfolds, we welcome contributions and collaborations. For those seeking to embark on similar endeavors, understanding the challenges and strategies outlined here can serve as a valuable guide. Reach out to me (@FissureRF on Twitter/X) to explore opportunities for contribution or to share contacts. The road to open-source success is paved with challenges, but with dedication and a strategic approach, you can find your way.

FISSURE gets its power from the contributions of programmers in the open-source, cybersecurity and engineering communities.

If you would like to help contribute towards its success, consider starring the project on GitHub, joining the Discord server and following on Twitter/X.

Cybersecurity Awareness Month – See Yourself in Cyber

A1Sadmin — Mon, 10 Oct 2022 18:16:50 +0000

John – Information Technology Department at AIS | 3 minute read

October is Cybersecurity Awareness Month, a time to emphasize the importance of individuals protecting themselves online as threats to technology and confidential data become more commonplace. The Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) lead a collaborative effort between government and industry to raise cybersecurity awareness nationally and internationally in the month of October. This year’s theme – “See Yourself in Cyber” focuses on the “people” part of cybersecurity, providing information and resources to help educate CISA partners and the public and ensure all individuals and organizations make smart decisions whether on the job, at home or at school.

In everything we do at AIS, we aim to create a secure future for our customers, employees and communities. See below for some tips and best practices for staying safe online:

Use unique passwords for each online account. If your password to one website is ever compromised, an attacker would not be able to gain access to any of your other accounts.
Set strong passwords for your online accounts. Aim for at least ten characters that contain a mix of upper and lower-case letters, symbols and numbers.
Always think before you click! Attackers use phishing links to take your account usernames and passwords. If you were not expecting an email or text message that contains a link, approach it with extreme caution. Take for example the devastation that was just caused by Hurricane Ian. Attackers sent phishing emails with links that appeared to take you to a donation website to help support the victims. In reality, clicking on the link could allow them to steal your information without you knowing.
Make sure your internet connection is secure. When surfing the web out in places such as coffee shops or airports, avoid using public Wi-Fi networks. These networks lack encryption and can allow attackers to steal any login credentials or credit card information that are sent over the network from your mobile device.
Keep your personal life personal. Attackers will hunt social media accounts to gather information on a person and build a profile. Avoid posting birthdays, pet names, addresses, maiden names, etc.; anything that may be incorporated into a password or security question.
Take advantage of websites that allow two-factor authentication to be configured. It is offered for your personal security and reduces the chance of your account becoming compromised. If an attacker got your password, it would be useless to them without that second factor at their fingertips to access your account.
Web browsers and apps may offer to remember and store your login information. Always decline this option. It may take a few extra seconds to login and access your account each time, but it is not worth the risk of having your account information compromised.

For more information on Cybersecurity Awareness Month, visit the CISA website.

FISSURE: The RF Framework for Everyone

A1Sadmin — Thu, 06 Oct 2022 17:01:01 +0000

Chris Poore, FISSURE Lead

FISSURE, an open-source radio frequency (RF) and reverse engineering framework designed for all skill levels, was officially off the ground in August this year. I’ve been working on RF projects my entire career, constantly jumping around to different technologies with each project. I created FISSURE to consolidate all things RF: software modules, radios, protocols, signal data, scripts, flowgraphs, reference material and third-party tools.

Since its launch, FISSURE has been gaining a lot of traction and I recently presented at DEF CON Demo Labs and GNU Radio Conference (GRCon). It has been great to see the positive feedback from the community and I’m excited to focus on improving the existing software (bugs, cleaning the code, testing more SDRs, etc.) and expanding base capabilities that will round out the framework and allow for task automation and the introduction of machine learning techniques.

RF HACKING HACK CHAT – Wednesday, October 12

On Wednesday, October 12 at noon PST, I will be dropping in the RF Hacking Hack Chat. Join in to talk about RF reverse engineering in general and FISSURE in particular. Come with your RF hacking and reverse engineering questions and war stories!

More About FISSURE

FISSURE has hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation and AI/ML. The framework supports the rapid integration of out-of-tree modules, flow graphs, radios, protocols, signal data, scripts, reference material and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions.

The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques and craft custom payloads or messages. GNU Radio flow graphs are included as standalone solutions or manipulated before or during runtime for the purposes of signal detection, demodulation, protocol discovery, live inspection, IQ recording and playback, single-stage attacks, multi-stage attacks, fuzzing and replaying online signal archive playlists.

The friendly Python codebase and user interface allows beginners to quickly learn about popular tools and techniques involving RF and reverse engineering. Educators in cybersecurity and engineering can take advantage of the built-in material or utilize the framework to demonstrate their own real-world applications. Developers and researchers can use FISSURE for their daily tasks or to expose their cutting-edge solutions to a wider audience. As awareness and usage of FISSURE grows in the community, so will the extent of its capabilities and the breadth of the technology it encompasses.

The major components for FISSURE are written in Python/PyQt and communicate over an IP network to a central hub using ZeroMQ. Each component has a direct connection to the hub but can also have an unlimited number of one-to-many connections to broadcast status messages to other components. Any number of custom components can be added to the framework as long as the inputs/outputs are clearly defined in YAML and adhere to a simple message schema that allows for input sanitization and error handling. The highlights for the components are as follows:

The Central Hub receives commands from the User Dashboard to distribute to other components, manages automation and editing of the main library – which contains RF protocol information, script and flow graph mappings and observation data.
The Target Signal Identification (TSI) component runs four subcomponents: a detector, a signal conditioner, a feature extractor and a classifier. The purpose of the TSI component is to detect signals of interest, isolate and condition signals for detailed analysis, extract signal characteristics for protocol and/or emitter classification and apply user-specified AI/ML classification techniques.
The Protocol Discovery component is responsible for identifying and reversing RF protocols to help extract meaningful data from unknown signals. It is designed to: accept signal of interest information, iterate flow graphs to perform recursive demodulation techniques, deduce protocol methods, assign confidence levels, analyze a bitstream, calculate CRC polynomials and create custom Wireshark dissectors.
The Flow Graph/Script Executor component runs flow graphs or Python scripts to perform single-stage attacks, multi-stage attacks, fuzzing attacks, IQ recording and playback, live signal inspection/analysis and transmit playlists of signal data constructed with files downloaded from an online archive.
The User Dashboard is the means for the operator to configure FISSURE and communicate with and view information from the other components. It offers several other features that do not require their own dedicated component including:
- A packet crafter for protocols found the FISSURE library. It includes Scapy integration for transmitting different types of 802.11 packets while in monitor mode.
- Library utilities for browsing; searching; uploading images; adding/removing modulation types, packet types, signals of interest, statistics, demodulation flow graphs, and attacks.
- Menu items for launching standalone GNU Radio flow graphs.
- Third-party and online tools as menu items organized by protocol or application.
- Lessons and tutorials for interacting with various RF protocols.
- Help pages for operation and development, protocol reference material, calculators and hardware instructions.
- Buttons for: assigning RF-enabled hardware to individual components (USRP: X3xx, B2xx, B20xmini, USRP2, N2xx; HackRF; RTL2832U; 802.11 Adapters; LimeSDR; bladeRF, bladeRF 2.0 micro; Open Sniffer; PlutoSDR); probing the hardware for diagnostics; and automatically acquiring IP address, daughterboard and serial number information.

See what others are saying about FISSURE:

Hackaday

FISSURE gets its power from the contributions of programmers in the open-source, cybersecurity and engineering communities. If you would like to help contribute towards its success, consider starring the project on GitHub, joining the Discord server and following on Twitter.