Tumble RF is a software framework for fuzzing arbitrary RF protocols that abstracts out the radio API, test case generation, and harness. It allows for easy changing of RF interfaces, flexible test case generation, and comprehensive fuzzing of both layer two and the file layer.
- Tumble RF is a software framework for fuzzing arbitrary RF protocols
- It abstracts out the radio API, test case generation, and harness
- Allows for easy changing of RF interfaces
- Flexible test case generation
- Comprehensive fuzzing of both layer two and the file layer
The presenters discussed how they wanted to create a framework that allowed for easy changing of RF interfaces and comprehensive fuzzing of both layer two and the file layer. They also discussed how they were able to automate the discovery process of different chipsets and how they were able to strategically leverage this to get radios to do interesting things. They also mentioned how they were excited to work on applying this methodology to other protocols.
In this session, we introduce an open source hardware and software framework for fuzzing arbitrary RF protocols, all the way down to the PHY. While fuzzing has long been relied on by security researchers to identify software bugs, applying fuzzing methodologies to RF and hardware systems has historically been challenging due to siloed tools and the limited capabilities of commodity RF chipsets.
We created the TumbleRF fuzzing orchestration framework to address these shortfalls by defining core fuzzing logic while abstracting a hardware interface API that can be mapped for compatibility with any RF driver. Thus, supporting a new radio involves merely extending an API, rather than writing a protocol-specific fuzzer from scratch.
Additionally, we introduce Orthrus, a low-cost 2.4 GHz offensive radio tool that provides PHY-layer mutability to offer Software Defined Radio-like features in a flexible and low-latency embedded form factor. By combining the two, researchers will be able to fuzz and test RF protocols with greater depth and precision than ever before.
Attendees can expect to leave this talk with an understanding of how RF and hardware physical layers actually work, and how to identify security issues that lie latent in these designs.