Sep 26 – 30, 2022
Capital Hilton
US/Eastern timezone
All GRCon talks are now available to watch at https://www.youtube.com/GNURadioProject

FISSURE: The RF Framework for Everyone

Sep 27, 2022, 2:15 PM
30m
Presidential Ballroom (Capital Hilton)

Presidential Ballroom

Capital Hilton

Paper (with talk) GNU Radio in Education Main Track

Speaker

Mr Christopher Poore (AIS)

Description

FISSURE is an open-source RF and reverse engineering framework built around GNU Radio. It is designed for all skill levels with hooks for signal detection and classification, protocol discovery, attack execution, IQ manipulation, vulnerability analysis, automation, and AI/ML. The framework supports the rapid integration of out-of-tree modules, flow graphs, radios, protocols, signal data, scripts, reference material, and third-party tools. FISSURE is a workflow enabler that keeps software in one location and allows teams to effortlessly get up to speed while sharing the same proven baseline configuration for specific Linux distributions.

The framework and tools included with FISSURE are designed to detect the presence of RF energy, understand the characteristics of a signal, collect and analyze samples, develop transmit and/or injection techniques, and craft custom payloads or messages. GNU Radio flow graphs are included as standalone solutions or manipulated before or during runtime for the purposes of signal detection, demodulation, protocol discovery, live inspection, IQ recording and playback, single-stage attacks, multi-stage attacks, fuzzing, and replaying online signal archive playlists.

The friendly Python codebase and user interface allows beginners to quickly learn about popular tools and techniques involving RF and reverse engineering. Educators in cybersecurity and engineering can take advantage of the built-in material or utilize the framework to demonstrate their own real-world applications. Developers and researchers can use FISSURE for their daily tasks or to expose their cutting-edge solutions to a wider audience. As awareness and usage of FISSURE grows in the community, so will the extent of its capabilities and the breadth of the technology it encompasses.

The major components for FISSURE are written in Python/PyQt and communicate over an IP network to a central hub using ZeroMQ. Each component has a direct connection to the hub but can also have an unlimited number of one-to-many connections to broadcast status messages to other components. Any number of custom components can be added to the framework as long as the inputs/outputs are clearly defined in YAML and adhere to a simple message schema that allows for input sanitization and error handling. The highlights for the components are as follows:

  • The Central Hub receives commands from the User Dashboard to distribute to other components, manages automation and editing of the main library – which contains RF protocol information, script and flow graph mappings, and observation data.
  • The Target Signal Identification (TSI) component runs four subcomponents: a detector, a signal conditioner, a feature extractor, and a classifier. The purpose of the TSI component is to detect signals of interest, isolate and condition signals for detailed analysis, extract signal characteristics for protocol and/or emitter classification, and apply user-specified AI/ML classification techniques.
  • The Protocol Discovery component is responsible for identifying and reversing RF protocols to help extract meaningful data from unknown signals. It is designed to: accept signal of interest information, iterate flow graphs to perform recursive demodulation techniques, deduce protocol methods, assign confidence levels, analyze a bitstream, calculate CRC polynomials, and create custom Wireshark dissectors.
  • The Flow Graph/Script Executor component runs flow graphs or Python scripts to perform single-stage attacks, multi-stage attacks, fuzzing attacks, IQ recording and playback, live signal inspection/analysis, and transmit playlists of signal data constructed with files downloaded from an online archive.
  • The User Dashboard is the means for the operator to configure FISSURE and communicate with and view information from the other components. It offers several other features that do not require their own dedicated component including:
  • A packet crafter for protocols found the FISSURE library. It includes Scapy integration for transmitting different types of 802.11 packets while in monitor mode.
  • Library utilities for browsing; searching; uploading images; adding/removing modulation types, packet types, signals of interest, statistics, demodulation flow graphs, and attacks.
  • Menu items for launching standalone GNU Radio flow graphs.
  • Third-party and online tools as menu items organized by protocol or application.
  • Lessons and tutorials for interacting with various RF protocols.
  • Help pages for operation and development, protocol reference material, calculators, and hardware instructions.
    • Buttons for: assigning RF-enabled hardware to individual components (USRP B205mini, B210, X300 series; HackRF; bladeRF; LimeSDR; 802.11x Adapters; RTL2832U; Open Sniffer); probing the hardware for diagnostics; and automatically acquiring IP address, daughterboard, and serial number information.
Talk Length 30 Minutes
Acknowledge Acknowledge In-Person

Primary author

Presentation materials