Exemplo n.º 1
0
 def recv_enippkt(self):
     """Receive an ENIP packet from the TCP socket"""
     if self.sock is None:
         return
     pktbytes = self.sock.recv(2000)
     pkt = ENIP_TCP(pktbytes)
     return pkt
Exemplo n.º 2
0
def fuzz_timeout(client):
    for i in range(0xff):
        # i = 0x1
        print("Fuzzing timeout: " + str(hex(i)))
        # Construct an enip packet from raw
        enippkt = ENIP_TCP(session=client.session_id)
        # Symbol Instanc Addressing
        cippkt = CIP(service=0x4c,
                     path=CIP_Path.make(class_id=0x6b, instance_id=0x227))
        # interface handle, timeout, count, items
        enippkt /= ENIP_SendUnitData(
            timeout=i,
            items=[
                # type_id, length, connection id
                ENIP_SendUnitData_Item() /
                ENIP_ConnectionAddress(connection_id=client.enip_connid),
                # type_id, length, sequence
                ENIP_SendUnitData_Item() /
                ENIP_ConnectionPacket(sequence=client.sequence) / cippkt
            ])
        client.sequence += 1
        if client.sock is not None:
            client.sock.send(str(enippkt))
        # Show the response only if it does not contain data
        resppkt = client.recv_enippkt()
        if resppkt is not None:
            print("Status: " + str(resppkt[ENIP_TCP].status))
            print("TImeout: " + str(hex(resppkt[ENIP_SendUnitData].timeout)))
Exemplo n.º 3
0
def simple_read_tag(client, pathsize, classid, instanceid):
    # Symbol Instanc Addressing
    data = "\x01\x00"
    cippkt = CIP(service=0x4c,
                 path=CIP_Path.make(class_id=classid,
                                    instance_id=instanceid,
                                    word_size=pathsize)) / data

    # Construct an enip packet from raw
    enippkt = ENIP_TCP(session=client.session_id)
    # interface handle, timeout, count, items
    enippkt /= ENIP_SendUnitData(
        interface_handle=0x0,
        items=[
            # type_id, length, connection id
            ENIP_SendUnitData_Item() /
            ENIP_ConnectionAddress(connection_id=client.enip_connid),
            # type_id, length, sequence
            ENIP_SendUnitData_Item() /
            ENIP_ConnectionPacket(sequence=client.sequence) / cippkt
        ])
    client.sequence += 1
    if client.sock is not None:
        client.sock.send(str(enippkt))

    enippkt.show()

    # Show the response only if it does not contain data
    resppkt = client.recv_enippkt()
    if resppkt is not None:
        print("Status: " + str(resppkt[CIP].status))
Exemplo n.º 4
0
 def send_rr_cip(self, cippkt):
     """Send a CIP packet over the TCP connection as an ENIP Req/Rep Data"""
     enippkt = ENIP_TCP(session=self.session_id)
     enippkt /= ENIP_SendRRData(items=[
         ENIP_SendUnitData_Item(type_id=0),
         ENIP_SendUnitData_Item() / cippkt
     ])
     if self.sock is not None:
         self.sock.send(str(enippkt))
Exemplo n.º 5
0
 def recv_enippkt(self):
     """Receive an ENIP packet from the TCP socket"""
     if self.sock is None:
         return
     pktbytes = self.sock.recv(2000)
     #pktbytes = self.sock.recv(4096)
     print(binascii.hexlify(pktbytes))
     pkt = ENIP_TCP(pktbytes)
     return pkt
Exemplo n.º 6
0
 def send_unit_cip(self, cippkt):
     """Send a CIP packet over the TCP connection as an ENIP Unit Data"""
     enippkt = ENIP_TCP(session=self.session_id)
     enippkt /= ENIP_SendUnitData(items=[
         ENIP_SendUnitData_Item() /
         ENIP_ConnectionAddress(connection_id=self.enip_connid),
         ENIP_SendUnitData_Item() /
         ENIP_ConnectionPacket(sequence=self.sequence) / cippkt
     ])
     self.sequence += 1
     if self.sock is not None:
         self.sock.send(str(enippkt))
Exemplo n.º 7
0
    def __init__(self, plc_addr, plc_port=44818):
        if not NO_NETWORK:
            try:
                #self.sock = socket.create_connection((plc_addr, plc_port)) #THis line is what needs to be changed
                #self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
                #
                #SUDO works, try to send imitaiton packet now
                #Try to send packet sequence with sendp (how to store response?)
                #
                #
                self.sock = socket.socket(
                    socket.AF_INET, socket.SOCK_RAW,
                    socket.IPPROTO_RAW)  ##### Causing warning
                self.sock.setsockopt(socket.SOL_IP, socket.IP_HDRINCL, 1)
                self.sock.connect((plc_addr, plc_port))
                if self.sock is None:
                    print('Here3')
            except socket.error as exc:
                logger.warn("socket error: %s", exc)
                logger.warn("Continuing without sending anything")
                self.sock = None
        else:
            self.sock = None
        self.session_id = 0
        self.enip_connid = 0
        self.sequence = 1

        # Open an Ethernet/IP session
        #sessionpkt = ENIP_TCP() / ENIP_RegisterSession()
        sessionpkt = IP() / TCP() / ENIP_TCP() / ENIP_RegisterSession()
        if self.sock is not None:
            self.sock.send(str(sessionpkt))
            reply_pkt = IP() / TCP() / ENIP_TCP() / ENIP_RegisterSession()
            reply_pkt = self.recv_enippkt()
            print(reply_pkt.show())
            #print(reply_pkt.summary())
            #print(reply_pkt['TCP'].show())
            self.session_id = reply_pkt.session
Exemplo n.º 8
0
    def __init__(self, plc_addr, plc_port=44818):
        if not NO_NETWORK:
            try:
                self.sock = socket.create_connection((plc_addr, plc_port))
            except socket.error as exc:
                logger.warn("socket error: %s", exc)
                logger.warn("Continuing without sending anything")
                self.sock = None
        else:
            self.sock = None
        self.session_id = 0
        self.enip_connid = 0
        self.sequence = 1

        # Open an Ethernet/IP session
        sessionpkt = ENIP_TCP() / ENIP_RegisterSession()
        if self.sock is not None:
            self.sock.send(str(sessionpkt))
            reply_pkt = self.recv_enippkt()
            self.session_id = reply_pkt.session