By Chris Poore,
Senior Reverse Engineer
Eight minute read
Embarking on an open-source project can feel like exploring uncharted territories. Just like any programming endeavor, whether you’re designing a video game or creating on GitHub, the journey of bringing your ideas to life is a time-consuming but rewarding experience. The simpler the idea, the quicker it will be to develop. The narrower the focus, the easier it will be to maintain. But what happens when your winning idea for a project is very ambitious? How do you get it off the ground and make it relevant in the public eye before it is too late? In this blog post, let’s delve into the world of open-source through the lens of AIS’s project “FISSURE,” exploring its inception, current status and the pathways for success.
The FISSURE Journey
FISSURE is an open-source project developed by AIS and was released to GitHub in August of 2022. At its core, it’s a radio frequency (RF) framework for reverse engineering signals and keeps commonly used software tools together in one place. It contains reference and lesson material relating to RF topics along with a growing library of RF protocol and signal data. It’s a one-stop shop for installing software, experimenting with tools, learning about new topics, speeding up analysis and providing a testbed for future development of advanced topics.
Following its debut at the DEF CON Demo Labs and the GNU Radio Conference, FISSURE garnered attention from various platforms such as Hackaday, HackTricks, KitPloit, RTL-SDR.COM and DragonOS. The project unfolded its roadmap, designed a distinctive logo and engaged in outreach efforts through industry days, career fairs and events hosted by the Griffiss Institute and AFCEA. We have posted videos and information across social media sites like YouTube, Twitter/X, Facebook, LinkedIn and Discord. We applied to Google Summer of Code and continuously advertise a list of potential project ideas and to-do items. We have held capture-the-flag (CTF) events, both internal to AIS and for the public, to familiarize new users with the software (see 2023 FISSURE Challenge at fissure.ainfosec.com). Personally, I have tried to make inroads into the world of ham radio by getting a license, going to field day and chatting with the local radio club.
Despite the initial acclaim, primarily from the Hackaday bump common among many open-source projects, FISSURE faced the challenge of sustaining growth. While sufficient levels of GitHub stars and visibility in search results were achieved, the project lacked regular contributors. If you find yourself in a similar position with your project, don’t let that get you down. This scenario is not uncommon for developers juggling open-source commitments alongside their day jobs. In the case of FISSURE, there are other indicators of measurable progress besides contributions, and all the recent work performed since its release presents a solid foundation to take things to the next level.
Navigating the Path to Success
The measurement of success for an open-source framework like FISSURE is the size of its community and the quality of the product. These elements are interdependent, with growth in one area often influencing the other. The key lies in addressing both aspects concurrently. The most pressing action items for FISSURE are to flush out the base capabilities as quickly as possible and to acquire regular contributions to help speed up development. This requires a multi-faceted approach which targets the external side open to the public and the internal side that we, AIS, are responsible for upholding as the caretakers of the project.
Framework Enhancement: FISSURE must flesh out its base capabilities and increase the number of modular areas that can draw in contributions. FISSURE covers many technical areas and as a result, certain submodules are still a work in progress. We at AIS are continuously doing our best to integrate new ideas as well as push several code changes. It’s important to know that even if there are no recent commits to the FISSURE GitHub repository, work is still being done behind the scenes at AIS across many topics at once.
Practical Examples: FISSURE needs practical scripts and actions that users can readily employ. A bare framework is useless to the majority of users who do not have the time to fill it out from scratch on their own. Imagine a framework like Metasploit, but without any practical examples. Adding these examples is a priority for 2024 and we expect to have dedicated time for filling out our list of algorithms and expanding the ways in which FISSURE can be utilized.
Direct Engagement: Finding individuals with immediate needs and tailoring FISSURE to meet those needs can be a direct and effective approach. This involves engaging with communities, forums, educators and researchers actively involved in specific RF protocols or applications. The development of FISSURE can benefit from engagement with educators and students involved with computer science, electrical engineering and cybersecurity. The following types of classes are examples where FISSURE could supplement education: Open-Source Software Engineering, Signals and Systems, Digital Signal Processing, Software-Defined Radio and Wireless Security. As a general action to help your project, take advantage of professional connections and discuss what your project can do to help them. Try to make new contacts and find where like-minded people congregate.
Social Media Presence: Consistent content creation and engagement on social media platforms, showcasing the capabilities of FISSURE, is crucial for visibility and community building. People love to see things being hacked and software/hardware tools in action. To help with your content creation, consider holding regular events throughout the year such as CTFs and participating in technical outreach programs. There’s always a chance that something unique and fun that you do will go viral. Checking up on the relevant technical communities across social media is also a nice way to keep up with the latest news in technology and it can help build long-distance connections. I think checking in on social media (responsibly) is something more people in technology fields should be pursuing.
Organizational Involvement: Participate actively in regular events such as: conferences, socials, tutorial sessions, classroom exercises, company sanctioned CTF events and other organization’s CTF events to better understand today’s popular challenges and tools. Provide marketing material, keep up with business development, and propose IRaD ideas that address items in your project roadmap.
Cross-Team Awareness: Stay in touch with your colleagues to understand their technical areas of expertise and the tools they use regularly to see if there is any overlap. Encourage awareness of your project across teams and departments within the organization. Involve your project in as many daily tasks as possible to keep it relevant and to avoid duplication of effort. Subscribe to chat channels to keep up on project status. Go out of your way to create a GitHub/social media account, star a project, follow an account, share a post or leave a comment. Keep in mind success for any project within your organization typically means more success for you.
Networking and Recruitment: Actively seek skilled labor in your area of expertise, surround yourself with like-minded people, involve interns with your project to build up a new generation of talent and know who, when and where to show off marketing material for your project.
What Lies Ahead for FISSURE
FISSURE’s evolution involves transitioning to a sensor node deployment scheme capable of connecting multiple computers with their own radios and peripherals that can be controlled remotely or run autonomously. This will facilitate many geospatial scenarios such as direction finding, tracking, perimeter defense, remote access for employees who need to do RF testing and providing a global gateway for advanced laboratory environments. The automated scripts combined with lightweight, compact computing options will unlock several more possibilities for subjects like wardriving, warshipping, UAS payloads and logging/tracking at key locations of interest.
Finishing the envisioned base capabilities for FISSURE will produce an end-to-end demonstrable capability that rounds out the framework instead of including separated features that do not interconnect. These interconnections will open the door for automation and artificial intelligence in RF reverse engineering. Specific actions in mind for 2024 are completing the integration of the Signal Classifier component, updating the Protocol Discovery component to act on known and unknown signals and integrating the sensor node capabilities mentioned above.
The new algorithms in focus for this year will be centered around practical IoT capabilities stemming from research, demonstrations and testing systems of interest. This will include scripts and flow graphs for sniffing, spoofing, man-in-the middle, fuzzing, jamming, denial of service, probing, installation of malware, misuse of resources, packet crafting and replay.
As FISSURE’s journey unfolds, we welcome contributions and collaborations. For those seeking to embark on similar endeavors, understanding the challenges and strategies outlined here can serve as a valuable guide. Reach out to me (@FissureRF on Twitter/X) to explore opportunities for contribution or to share contacts. The road to open-source success is paved with challenges, but with dedication and a strategic approach, you can find your way.