Open-source contributions play a critical role in advancing technology, and this year, our team caught – and fixed – bugs in a variety of projects.
As people who grew up relying on open-source systems and tools to become cyber engineers, these efforts reflect our commitment to strengthening the broader software ecosystem and helping our open-source community thrive. We always aim to open-source any tools we can – and hope to encourage the next generation of engineers in the process.
To acknowledge open-source contributions, Zetier provides spot awards – that is, rapid recognition for team members who go above and beyond. These awards ensure that impactful work, often done behind the scenes, receives the visibility and appreciation it deserves. (In addition to recognizing open-source contributions, our team nominates one another when they create a boost in morale, efficiency, and more – including impromptu Halloween decor for the office.)
Here’s a look at the open-source work our team achieved this year, from everyday bug fixes to providing a full-fledged tool to the community.
Contributions to Existing Projects
While these may be relatively small bug fixes, open source is built on collective efforts, with everyone chipping in to make things better.
Exposing keycode function
Andy Myers, one of our Principal Cyber Engineers, provided a fix to the rust-xcb project. This also supported our work on our DaaS (desktop-as-a-service), WarpStations.
Improving cross-platform error handling
Another of our Principal Cyber Engineers, David F., submitted this improvement to fork-map, a Rust library.
Ensuring compilation succeeds
In support of WarpStations, our Zetier-made virtual desktop software, Joe Kale (Senior Vulnerability Researcher) contributed to jpegxl-rs.
jpegxl-rs is a Rust library for encoding and decoding the JPEG-XL image format.
Adding support in modern_snmp
A summer intern, Ethan Ferguson, contributed to the modern_snmp library. This fix added support for AES192 and AES256, while not breaking compatibility with AES128, SHA1, or MD5.
Increase Ceph hardware capability
To squash a bug during work on our DaaS product (WarpStations), one of our Founders, Dillon Amburgey, contributed to the Ceph project.
Though reported at the end of 2023, the fix is live as of November of this year.
Tweaking jpegxl-rs
Another credit to Joe Kale with this submission. He identified an incorrect default buffer size.
Solving an issue in Rust’s memmap2 crate
Yet another credit to Joe Kale with this submission! Despite the modest size of the bug fix, the impact is broad. memmap2 is widely used (81+ million downloads), and is even a dependency of rustc itself.
Improving Frida’s musl compatibility for Linux
Harry G., one of our Senior Cyber Engineers, contributed to Frida, an open-source toolkit. He improved the injector’s musl compatibility for Linux, remedying the fact that the loader string could look different from platform to platform.
Helping helpers on Frida
Another addition to the Frida core library by Harry! This update added support for overriding the config when building helpers.
Fix pending: GDB crash
A contribution by a Principal Cyber Engineer, Brandon Belew, will fix a crash in GDB when generating core-dump files when attached to certain remote targets.
Fix pending: Multi-monitor support for Xvfb
This proposed MR by Andy Myers adds a new feature to the Xvfb component of xserver. The new feature adds support for multiple CRTCs which represent multiple displays or monitors. Previously, Xvfb only supported 1 display.
Open-Source Tools by Zetier
Whenever possible, we turn our tools open-source. These are the ones we debuted in 2024.
flaShMASH: Simplifying Flash Memory Dump Analysis & Reconstruction
flaShMASH is an open-source Python tool designed for analyzing and reconstructing data from multiple flash memory dumps. It supports up to four dumps, automating tasks like bit flipping, byte reversing, and creating permutations to handle complex flash memory configurations, such as intertwined addresses in parallel flash chips.
The tool outputs processed dumps for further analysis, enabling users to identify strings, validate data, and load binaries into tools like Ghidra for reverse engineering. By simplifying the handling of fragmented flash data, flaShMASH aids in uncovering firmware insights from challenging memory structures.
We’re happy to share that this article made the front page of HackerNews!
Lariat: Scaled Execution & Testing Across Diverse Android Devices
Lariat is an open-source Python tool designed to streamline Android device testing by integrating seamlessly with Device Farmer’s REST API. It automates the process of querying, managing, and interacting with Android devices in a test farm, offering features like device filtering, command execution, file pushing, and ELF execution.
With JSON-formatted output and CI/CD compatibility, Lariat simplifies testing workflows, making it easier to handle Android’s fragmented ecosystem. By enabling scalable and efficient device testing, Lariat empowers developers to focus on edge cases and advanced debugging, improving the overall quality and compatibility of Android tools.
Bungeegum: Versatile Testing for Android Applications
Bungeegum is an open-source Python tool that automates in-memory execution testing for Android cyber tools within real-world SELinux contexts. It leverages Frida to execute code directly in an application’s memory space, mimicking realistic use cases without relying on exploit chains.
With support for ELF and shellcode execution, it addresses limitations of traditional testing methods by ensuring binaries and payloads function under restrictive conditions. This streamlined approach helps developers create robust and secure Android tools capable of tackling real-world challenges.
ViChat: Vim Plugin for Using ChatGPT
ViChat is a convenient way to access OpenAI’s ChatGPT-4 model while working in Vim. Skip the switch between your browser and text editor, and chat with AI where you already are.
Celebrating open-source contributions
Thank you to everyone who contributed in 2024 – both on our team and in the wider open-source community. If you’re a cyber engineer who’s passionate about open-source contributions, explore our open positions.
