def simple_read_tag(client, pathsize, classid, instanceid): # Symbol Instanc Addressing data = "\x01\x00" cippkt = CIP(service=0x4c, path=CIP_Path.make(class_id=classid, instance_id=instanceid, word_size=pathsize)) / data # Construct an enip packet from raw enippkt = ENIP_TCP(session=client.session_id) # interface handle, timeout, count, items enippkt /= ENIP_SendUnitData( interface_handle=0x0, items=[ # type_id, length, connection id ENIP_SendUnitData_Item() / ENIP_ConnectionAddress(connection_id=client.enip_connid), # type_id, length, sequence ENIP_SendUnitData_Item() / ENIP_ConnectionPacket(sequence=client.sequence) / cippkt ]) client.sequence += 1 if client.sock is not None: client.sock.send(str(enippkt)) enippkt.show() # Show the response only if it does not contain data resppkt = client.recv_enippkt() if resppkt is not None: print("Status: " + str(resppkt[CIP].status))
def recv_enippkt(self): """Receive an ENIP packet from the TCP socket""" if self.sock is None: return pktbytes = self.sock.recv(2000) pkt = ENIP_TCP(pktbytes) return pkt
def fuzz_timeout(client): for i in range(0xff): # i = 0x1 print("Fuzzing timeout: " + str(hex(i))) # Construct an enip packet from raw enippkt = ENIP_TCP(session=client.session_id) # Symbol Instanc Addressing cippkt = CIP(service=0x4c, path=CIP_Path.make(class_id=0x6b, instance_id=0x227)) # interface handle, timeout, count, items enippkt /= ENIP_SendUnitData( timeout=i, items=[ # type_id, length, connection id ENIP_SendUnitData_Item() / ENIP_ConnectionAddress(connection_id=client.enip_connid), # type_id, length, sequence ENIP_SendUnitData_Item() / ENIP_ConnectionPacket(sequence=client.sequence) / cippkt ]) client.sequence += 1 if client.sock is not None: client.sock.send(str(enippkt)) # Show the response only if it does not contain data resppkt = client.recv_enippkt() if resppkt is not None: print("Status: " + str(resppkt[ENIP_TCP].status)) print("TImeout: " + str(hex(resppkt[ENIP_SendUnitData].timeout)))
def send_rr_cip(self, cippkt): """Send a CIP packet over the TCP connection as an ENIP Req/Rep Data""" enippkt = ENIP_TCP(session=self.session_id) enippkt /= ENIP_SendRRData(items=[ ENIP_SendUnitData_Item(type_id=0), ENIP_SendUnitData_Item() / cippkt ]) if self.sock is not None: self.sock.send(str(enippkt))
def recv_enippkt(self): """Receive an ENIP packet from the TCP socket""" if self.sock is None: return pktbytes = self.sock.recv(2000) #pktbytes = self.sock.recv(4096) print(binascii.hexlify(pktbytes)) pkt = ENIP_TCP(pktbytes) return pkt
def send_unit_cip(self, cippkt): """Send a CIP packet over the TCP connection as an ENIP Unit Data""" enippkt = ENIP_TCP(session=self.session_id) enippkt /= ENIP_SendUnitData(items=[ ENIP_SendUnitData_Item() / ENIP_ConnectionAddress(connection_id=self.enip_connid), ENIP_SendUnitData_Item() / ENIP_ConnectionPacket(sequence=self.sequence) / cippkt ]) self.sequence += 1 if self.sock is not None: self.sock.send(str(enippkt))
def __init__(self, plc_addr, plc_port=44818): if not NO_NETWORK: try: #self.sock = socket.create_connection((plc_addr, plc_port)) #THis line is what needs to be changed #self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # #SUDO works, try to send imitaiton packet now #Try to send packet sequence with sendp (how to store response?) # # self.sock = socket.socket( socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW) ##### Causing warning self.sock.setsockopt(socket.SOL_IP, socket.IP_HDRINCL, 1) self.sock.connect((plc_addr, plc_port)) if self.sock is None: print('Here3') except socket.error as exc: logger.warn("socket error: %s", exc) logger.warn("Continuing without sending anything") self.sock = None else: self.sock = None self.session_id = 0 self.enip_connid = 0 self.sequence = 1 # Open an Ethernet/IP session #sessionpkt = ENIP_TCP() / ENIP_RegisterSession() sessionpkt = IP() / TCP() / ENIP_TCP() / ENIP_RegisterSession() if self.sock is not None: self.sock.send(str(sessionpkt)) reply_pkt = IP() / TCP() / ENIP_TCP() / ENIP_RegisterSession() reply_pkt = self.recv_enippkt() print(reply_pkt.show()) #print(reply_pkt.summary()) #print(reply_pkt['TCP'].show()) self.session_id = reply_pkt.session
def __init__(self, plc_addr, plc_port=44818): if not NO_NETWORK: try: self.sock = socket.create_connection((plc_addr, plc_port)) except socket.error as exc: logger.warn("socket error: %s", exc) logger.warn("Continuing without sending anything") self.sock = None else: self.sock = None self.session_id = 0 self.enip_connid = 0 self.sequence = 1 # Open an Ethernet/IP session sessionpkt = ENIP_TCP() / ENIP_RegisterSession() if self.sock is not None: self.sock.send(str(sessionpkt)) reply_pkt = self.recv_enippkt() self.session_id = reply_pkt.session