Frequency Independent SDR-based Signal Understanding and Reverse Engineering
FISSURE is an open-source RF and reverse engineering framework designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework was built to promote the rapid integration of software modules, radios, protocols, signal data, scripts, flow graphs, reference material, and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions.
The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques, and craft custom payloads or messages. FISSURE contains a growing library of protocol and signal information to assist in identification, packet crafting, and fuzzing. Online archive capabilities exist to download signal files and build playlists to simulate traffic and test systems.
The friendly Python codebase and user interface allows beginners to quickly learn about popular tools and techniques involving RF and reverse engineering. Educators in cybersecurity and engineering can take advantage of the built-in material or utilize the framework to demonstrate their own real-world applications. Developers and researchers can use FISSURE for their daily tasks or to expose their cutting-edge solutions to a wider audience. As awareness and usage of FISSURE grows in the community, so will the extent of its capabilities and the breadth of the technology it encompasses.
Recall Installer Setups Export and import checked software items in the FISSURE installer using the Export and Import buttons. Quickly install only the programs you need.
Local IQEngine Support in the IQ Data tab and menu for loading in SigMF files with one click for files in the "/IQ Recordings" folder. Stop the IQEngine docker container using the Tools>Data>IQEngine menu.
Deployable remote sensor nodes for general-purpose computers (SBCs, mini PCs, laptops, desktops) that support any type of peripheral that can be controlled by a computer. These remote sensor nodes run a small subset of code that can be controlled over a network through the FISSURE Dashboard GUI to perform traditional FISSURE operations and also execute new types of scripted actions that can be run autonomously on startup or semi-autonomously through user interaction (autorun playlists).
The deployment of multiple sensor nodes on the same network unlocks many geospatial applications for future development of FISSURE. Such applications include direction finding, tracking, intrusion detection, mobile deployment, and perimeter defense. A small form factor and autonomous capabilities grant unique opportunities for stealth deployment and packaging onto existing platforms. These updates can also provide a low-cost mechanism for remote workers to conduct combined RF-cybersecurity testing and access specialized RF environments like international localities of interest, laboratories, and test sites.
Trigger capabilities for autorun playlists, single-stage attacks, multi-stage attacks, and archive replay. Includes over 20 examples of acoustic, environmental, filesystem, networking, RF, time, and visual triggers for kicking off electromagnetic effects. Refer to the Trigger List section in the user manual for the current list and the Creating Triggers section on how to add your own.
Signal Classifier tab for training decision tree and DNN models based solely on extracted statistical features from IQ data. This tab is used to assign truth information to features sets (produced from Feature Extractor) gathered from isolated signals files (produced from Signal Conditioner) to develop machine learning models using TensorFlow and scikit-learn. Unknown signals can be run through all available models to compare results and establish confidence. The Signal Conditioner, Feature Extractor, and Signal Classifier tabs act as a testbed for developing new algorithms and eventually the results (isolated IQ signals, statistical features, classification confidence) will be cataloged into the FISSURE library as signals of interest for further analysis or to trigger automated actions.
On-off keying signal generator in the IQ Data tab for quick viewing and testing of signals/devices. Custom signals can be saved as IQ files for replay to perform actions on targets or simulate RF devices.
Sat. August 10, 2024: DEF CON 32 - RF Village - 1400-1500 PST. Prerecorded Video, Live Recording
Thu. September 5, 2024: Binghamton University STEM Job and Internship Fair - 1100-1530 EST
Tue. September 17, 2024: GNU Radio Conference 2024 - 1605-1635 EST Description/Slides, Live Recording
December 2024 (Final dates coming soon!): 2024 FISSURE Challenge. Link (Coming Soon)
The following is a list of "supported" hardware with varying levels of integration:
Supported
There are now two branches within FISSURE: the Python3 branch and the Python2_maint-3.7 branch. The Python3 branch contains the latest code and has support for PyQt5 and GNU Radio versions 3.8 and 3.10. The Python2_maint-3.7 branch has been deprecated and will only be updated if specific third-party tools require GNU Radio version 3.7 or an older operating system. Only the latest minor versions of operating systems will be supported for installs and we will do our best to keep up.
Operating System | FISSURE Branch | Default GNU Radio Version |
---|---|---|
BackBox Linux 8 (amd64) | Python3 | maint-3.10 |
DragonOS FocalX (x86_64) | Python3 | maint-3.10 |
Kali 23.1 (x64) | Python3 | maint-3.10 |
KDE neon 5.25 (x64) (6.0 not tested) | Python3 | maint-3.8 |
Parrot Security 6.1 (amd64) | Python3 | maint-3.10 |
Raspberry Pi OS (bookworm) | Python3 | maint-3.10 |
Ubuntu 18.04 (x64) | Python2_maint-3.7 | maint-3.7 |
Ubuntu 20.04 (x64) | Python3 | maint-3.8 |
Ubuntu 22.04 (x64) | Python3 | maint-3.10 |
Ubuntu 22.04 (ARM/Orange Pi) | Python3 | maint-3.10 |
Ubuntu 24.04 (x86) | Python3 | maint-3.10 |
In-Progress (beta)
These operating systems are still in beta status. They are under development and several features are known to be missing. Items in the installer might conflict with existing programs or fail to install until the status is removed.
Operating System | FISSURE Branch | Default GNU Radio Version |
---|---|---|
None |
Note: Certain software tools do not work for every OS. Refer to Known Conflicts and Third-Party Software
Installation
For adding SSH keys to GitHub:
ssh-keygen -t ed25519
cat ~/.ssh/id_ed25519.pub
Paste text into "Settings" > "SSH and GPG keys" > "New SSH Key"
git clone [email protected]:ainfosec/FISSURE.git
git clone https://github.com/ainfosec/FISSURE.git
cd FISSURE
git checkout Python3 # or Python2_maint-3.7
git submodule update --init
./install
Notes:
It is recommended to install FISSURE on a clean operating system to avoid conflicts with existing software. Further efforts towards virtualization and dependency management will be continued. Notes on the installer:
~/Installed_by_FISSURE
directory.
The FISSURE installer is helpful for staging computers or installing select software programs of interest. The code can be quickly modified to allow for custom software installs. The size estimates for the programs are before and after readings from a full install. The sizes for each program are not exact as some dependencies are installed in previously checked items. The sizes may also change over time as programs get updated.
Remote Sensor Node Installation
Install FISSURE per usual on a general purpose computer. Install FISSURE on the remote computer in the same directory location as the local computer (until further notice) to avoid filepath errors with certain actions. To configure the sensor node for remote operation, edit the "default.yaml" file in the ./fissure/Sensor_Node/Sensor_Node_Config/
directory. Edit the following fields to change from local to remote operation:
Change the "autorun" field from from false
to true
to run the default autorun playlist file on startup and forgo remote operations. New autorun playlists can be generated and saved from the Dashboard Autorun tab.
The remote sensor node acts as a server and must have a set of valid certificates (generated during install) that match with the client (local computer). The server needs the "server.key_secret" and "client.key" files while the client needs the "client.key_secret" and "server.key" files. If the certificates folder was generated on the server computer, the client files must be manually transferred to the other computer.
Local Dashboard Usage
Open a terminal and enter:
fissure
The intended method for launching the FISSURE Dashboard is through the terminal without sudo. The terminal provides important status and feedback for some operations. Refer to the FISSURE documentation for more details.
A local sensor node can be launched through the top buttons in the FISSURE Dashboard and helps maintain all pre-existing FISSURE functionality on a standalone workstation. Only one local and four remote sensor nodes (or five remote) are supported at this time.
If any of the programs freeze or hang on close, the following commands can be used to detect a problem or forcibly shut down:
sudo ps -aux | grep python3
sudo pkill python3
sudo kill -9
Remote Sensor Node Usage
After configuring the sensor node config file (see above), the code can be run using this command from the root directory:
python3 ./fissure/Sensor_Node/SensorNode.py
The sensor node code will stay active until ctrl+c is applied. Connecting to the remote sensor node is performed through the top buttons of the FISSURE Dashboard. Right-clicking the top buttons will select an active sensor node to perform operations. Future operations that utilize more than one node at a time will be handled on a case-by-case basis within the individual tabs.
FISSURE comes with several helpful guides to become familiar with different technologies and techniques. Many include steps for using various tools that are integrated into FISSURE. We aim to improve the quality and add new content over time.
The annual "FISSURE Challenge" capture-the-flag contest to showcase new additions to FISSURE is held in December each year. Past challenges are archived and can be solved all year round! Gain hands-on experience and view solutions at: FISSURE Challenge.
Suggestions for improving FISSURE are strongly encouraged. Leave a comment in the Discussions page or in the Discord Server if you have any thoughts regarding the following:
Contributions to improve FISSURE are crucial to expediting its development. Any contributions you make are greatly appreciated. If you wish to contribute through code development, please fork the repo and create a pull request:
git checkout -b feature/AmazingFeature
)git commit -m 'Add some AmazingFeature'
)git push origin feature/AmazingFeature
)Creating Issues to bring attention to bugs is also welcomed.
Need more specific ideas? There are a lot of topics we have yet to investigate. Check out our running list of potential to-do items. Any help is appreciated. Pick an easy one and write that you contributed to FISSURE in your resume/CV.
Are you a student or looking to learn more about RF and programming or an organization looking to expose students to the world of open source? Reach out today and refer to the 2023 Project Idea List.
Contact Assured Information Security, Inc. (AIS) Business Development to propose and formalize any FISSURE collaboration opportunities–whether that is through dedicating time towards integrating your software, having the talented people at AIS develop solutions for your technical challenges, or integrating FISSURE into other platforms/applications.
GPL-3.0
For license details, see LICENSE file.
Join the Discord Server: https://discord.gg/JZDs5sgxcG
Follow on Twitter/X: @FissureRF, @AinfoSec
Connect on LinkedIn: FISSURE - The RF Framework
Chris Poore - Assured Information Security, Inc. - [email protected]
Business Development - Assured Information Security, Inc. - [email protected]
Special thanks to Dr. Samuel Mantravadi and Joseph Reith for their contributions to this project.
Like working with signals, reverse engineering, or other realms in cybersecurity? Browse our current openings or join our talent community for future consideration.
If you have an interest in hacking, check out our Can You Hack It?® challenge and test your skills! Submit your score to show us what you’ve got. AIS has a national footprint with offices and remote employees across the U.S. We offer competitive pay and outstanding benefits. Join a team that is not only committed to the future of cyberspace, but to our employee’s success as well.