protocols/s7/s7comm-plus.html - plc4x-website - Git at Google

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
                             <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
     <title>PLC4X &#x2013; </title>
     <script src="../../js/jquery.slim.min.js" type="text/javascript"></script>
     <!--script src="../../js/popper.min.js" type="javascript"></script-->
     <script src="../../js/bootstrap.bundle.min.js" type="text/javascript"></script>
     <!-- The tooling for adding images and links to Apache events -->
     <script src="https://www.apachecon.com/event-images/snippet.js" type="text/javascript"></script>
     <!-- FontAwesome -->
     <link rel="stylesheet" href="../../css/all.min.css" type="text/css"/>
     <!-- Bootstrap -->
     <link rel="stylesheet" href="../../css/bootstrap.min.css" type="text/css"/>
     <!-- Some Maven Site defaults -->
     <link rel="stylesheet" href="../../css/maven-base.css" type="text/css"/>
     <link rel="stylesheet" href="../../css/maven-theme.css" type="text/css"/>
     <!-- The PLC4X version of a bootstrap theme -->
     <link rel="stylesheet" href="../../css/themes/plc4x.css" type="text/css" id="pagestyle"/>
     <!-- A custom style for printing content -->
     <link rel="stylesheet" href="../../css/print.css" type="text/css" media="print"/>

             <meta http-equiv="Content-Language" content="en"/>

 </head>
 <body class="composite">
 <nav class="navbar navbar-light navbar-expand-md bg-faded justify-content-center border-bottom">
     <!--a href="/" class="navbar-brand d-flex w-50 mr-auto">Navbar 3</a-->
     <a href="https://plc4x.apache.org/" id="bannerLeft"><img src="../../images/apache_plc4x_logo_small.png"  alt="Apache PLC4X"/></a>
     <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#collapsingNavbar3">
         <span class="navbar-toggler-icon"></span>
     </button>
     <div class="navbar-collapse collapse w-100" id="collapsingNavbar3">
         <ul class="navbar-nav w-100 justify-content-center">
                         <li class="nav-item">
                             <a class="nav-link" href="../../index.html">Home</a>
             </li>
                                                                                 <li class="nav-item">
                                     <a class="nav-link" href="../../users/index.html">Users</a>
                 </li>
                                             <li class="nav-item">
                                     <a class="nav-link" href="../../developers/index.html">Developers</a>
                 </li>
                                             <li class="nav-item">
                                     <a class="nav-link" href="../../apache/index.html">Apache</a>
                 </li>
                     </ul>
         <ul class="nav navbar-nav ml-auto justify-content-end">
             <li class="nav-item row valign-middle">
                 <a class="acevent" data-format="wide" data-mode="light" data-event="random" style="width:240px;height:60px;"></a>
             </li>
         </ul>
     </div>
 </nav>
 <div class="container-fluid">
     <div class="row h-100">


                                                                                     <main role="main" class="ml-sm-auto px-4 w-100 h-100">
             <div class="sect1">
 <h2 id="s7_comm_plus_0x72">S7 Comm Plus (0x72)</h2>
 <div class="sectionbody">
 <div class="paragraph">
 <p>The <code>S7 Comm Plus</code> protocol is a new version of the original <code>S7 Comm</code> protocol.
 While a <code>S7 Comm</code> packet is identified, by the magic byte <code>0x32</code>, the <code>S7 Comm Plus</code> packet uses the magic byte <code>0x72</code>.
 The End of a packet is indicated by a frame end sequence of 6 bytes: 00 00 72 01 00 00</p>
 </div>
 <div class="paragraph">
 <p>The general structure of the protocols content however is completely different and far less documented.</p>
 </div>
 <div class="paragraph">
 <p>The biggest source for getting started in implementing this protocol was the <a href="https://os-s.de/thesis/MA_Maik_Brueggemann.pdf">Master Thesis of Maik Brüggemann</a>.
 However this only covered the basic structure of a <code>S7 Comm Plus</code> packet and it seems that this information is not quite correct as many assumptions hav turned out to not be correct.</p>
 </div>
 <div class="paragraph">
 <p>Beyond that, it seems that implementing this protocol would require knowledge of some shared keys which are contained in the bytecode of the PLCs as well as the official drivers.
 As we can&#8217;t reverse-engineer these keys, the only way we could get them, would be by disassembling the existing code, which would not be allowed.</p>
 </div>
 <div class="paragraph">
 <p>Therefore we have currently stopped working on this protocol type.
 Probably things may change in the future, but for now we see no way we could finish this on a legally correct path.</p>
 </div>
 </div>
 </div>
 <div class="sect1">
 <h2 id="links">Links</h2>
 <div class="sectionbody">
 <div class="paragraph">
 <p><a href="https://www.blackhat.com/docs/eu-17/materials/eu-17-Lei-The-Spear-To-Break%20-The-Security-Wall-Of-S7CommPlus-wp.pdf" class="bare">https://www.blackhat.com/docs/eu-17/materials/eu-17-Lei-The-Spear-To-Break%20-The-Security-Wall-Of-S7CommPlus-wp.pdf</a></p>
 </div>
 </div>
 </div>
         </main>
         <footer class="pt-4 my-md-5 pt-md-5 w-100 border-top">
             <div class="row justify-content-md-center" style="font-size: 13px">
                 <div class="col col-6 text-center">
                                     Copyright &#169;      2017&#x2013;2022 <a href="https://www.apache.org/">The Apache Software Foundation</a>.
 All rights reserved.<br/>
                     Apache PLC4X, PLC4X, Apache, the Apache feather logo, and the Apache PLC4X project logo are either registered trademarks or trademarks of The Apache Software Foundation in the United States and other countries. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
                                         <br/><div style="text-align:center;">Home screen image taken from <a
                         href="https://flic.kr/p/chEftd">Flickr</a>, "Tesla Robot Dance" by Steve Jurvetson, licensed
                     under <a href="https://creativecommons.org/licenses/by/2.0/">CC BY 2.0 Generic</a>, image cropped
                     and blur effect added.</div>
                                 </div>
             </div>
         </footer>
     </div>
 </div>

 <!-- Bootstrap core JavaScript
 ================================================== -->
 <!-- Placed at the end of the document so the pages load faster -->
 <script src="../../js/jquery.slim.min.js"></script>
 <script src="../../js/popper.min.js"></script>
 <script src="../../js/bootstrap.min.js"></script>
 <script type="text/javascript">
     $('.carousel .carousel-item').each(function(){
         var next = $(this).next();
         if (!next.length) {
             next = $(this).siblings(':first');
         }
         next.children(':first-child').clone().appendTo($(this));

         for (let i = 0; i < 3; i++) {
             next=next.next();
             if (!next.length) {
                 next = $(this).siblings(':first');
             }
             next.children(':first-child').clone().appendTo($(this));
         }
     });
 </script>
 </body>
 </html>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">



	<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
	<title>PLC4X – </title>
	<script src="../../js/jquery.slim.min.js" type="text/javascript"></script>
	<!--script src="../../js/popper.min.js" type="javascript"></script-->
	<script src="../../js/bootstrap.bundle.min.js" type="text/javascript"></script>
	<!-- The tooling for adding images and links to Apache events -->
	<script src="https://www.apachecon.com/event-images/snippet.js" type="text/javascript"></script>
	<!-- FontAwesome -->
	<link rel="stylesheet" href="../../css/all.min.css" type="text/css"/>
	<!-- Bootstrap -->
	<link rel="stylesheet" href="../../css/bootstrap.min.css" type="text/css"/>
	<!-- Some Maven Site defaults -->
	<link rel="stylesheet" href="../../css/maven-base.css" type="text/css"/>
	<link rel="stylesheet" href="../../css/maven-theme.css" type="text/css"/>
	<!-- The PLC4X version of a bootstrap theme -->
	<link rel="stylesheet" href="../../css/themes/plc4x.css" type="text/css" id="pagestyle"/>
	<!-- A custom style for printing content -->
	<link rel="stylesheet" href="../../css/print.css" type="text/css" media="print"/>

	<meta http-equiv="Content-Language" content="en"/>

	</head>
	<body class="composite">
	<nav class="navbar navbar-light navbar-expand-md bg-faded justify-content-center border-bottom">
	<!--a href="/" class="navbar-brand d-flex w-50 mr-auto">Navbar 3</a-->
	<a href="https://plc4x.apache.org/" id="bannerLeft"><img src="../../images/apache_plc4x_logo_small.png" alt="Apache PLC4X"/></a>
	<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#collapsingNavbar3">
	<span class="navbar-toggler-icon"></span>
	</button>
	<div class="navbar-collapse collapse w-100" id="collapsingNavbar3">
	<ul class="navbar-nav w-100 justify-content-center">
	<li class="nav-item">
	<a class="nav-link" href="../../index.html">Home</a>
	</li>
	<li class="nav-item">
	<a class="nav-link" href="../../users/index.html">Users</a>
	</li>
	<li class="nav-item">
	<a class="nav-link" href="../../developers/index.html">Developers</a>
	</li>
	<li class="nav-item">
	<a class="nav-link" href="../../apache/index.html">Apache</a>
	</li>
	</ul>
	<ul class="nav navbar-nav ml-auto justify-content-end">
	<li class="nav-item row valign-middle">
	<a class="acevent" data-format="wide" data-mode="light" data-event="random" style="width:240px;height:60px;"></a>
	</li>
	</ul>
	</div>
	</nav>
	<div class="container-fluid">
	<div class="row h-100">




























































	<main role="main" class="ml-sm-auto px-4 w-100 h-100">
	<div class="sect1">
	<h2 id="s7_comm_plus_0x72">S7 Comm Plus (0x72)</h2>
	<div class="sectionbody">
	<div class="paragraph">
	<p>The <code>S7 Comm Plus</code> protocol is a new version of the original <code>S7 Comm</code> protocol.
	While a <code>S7 Comm</code> packet is identified, by the magic byte <code>0x32</code>, the <code>S7 Comm Plus</code> packet uses the magic byte <code>0x72</code>.
	The End of a packet is indicated by a frame end sequence of 6 bytes: 00 00 72 01 00 00</p>
	</div>
	<div class="paragraph">
	<p>The general structure of the protocols content however is completely different and far less documented.</p>
	</div>
	<div class="paragraph">
	<p>The biggest source for getting started in implementing this protocol was the <a href="https://os-s.de/thesis/MA_Maik_Brueggemann.pdf">Master Thesis of Maik Brüggemann</a>.
	However this only covered the basic structure of a <code>S7 Comm Plus</code> packet and it seems that this information is not quite correct as many assumptions hav turned out to not be correct.</p>
	</div>
	<div class="paragraph">
	<p>Beyond that, it seems that implementing this protocol would require knowledge of some shared keys which are contained in the bytecode of the PLCs as well as the official drivers.
	As we can’t reverse-engineer these keys, the only way we could get them, would be by disassembling the existing code, which would not be allowed.</p>
	</div>
	<div class="paragraph">
	<p>Therefore we have currently stopped working on this protocol type.
	Probably things may change in the future, but for now we see no way we could finish this on a legally correct path.</p>
	</div>
	</div>
	</div>
	<div class="sect1">
	<h2 id="links">Links</h2>
	<div class="sectionbody">
	<div class="paragraph">
	<p><a href="https://www.blackhat.com/docs/eu-17/materials/eu-17-Lei-The-Spear-To-Break%20-The-Security-Wall-Of-S7CommPlus-wp.pdf" class="bare">https://www.blackhat.com/docs/eu-17/materials/eu-17-Lei-The-Spear-To-Break%20-The-Security-Wall-Of-S7CommPlus-wp.pdf</a></p>
	</div>
	</div>
	</div>
	</main>
	<footer class="pt-4 my-md-5 pt-md-5 w-100 border-top">
	<div class="row justify-content-md-center" style="font-size: 13px">
	<div class="col col-6 text-center">
	Copyright © 2017–2022 <a href="https://www.apache.org/">The Apache Software Foundation</a>.
	All rights reserved.<br/>
	Apache PLC4X, PLC4X, Apache, the Apache feather logo, and the Apache PLC4X project logo are either registered trademarks or trademarks of The Apache Software Foundation in the United States and other countries. All other marks mentioned may be trademarks or registered trademarks of their respective owners.
	<br/><div style="text-align:center;">Home screen image taken from <a
	href="https://flic.kr/p/chEftd">Flickr</a>, "Tesla Robot Dance" by Steve Jurvetson, licensed
	under <a href="https://creativecommons.org/licenses/by/2.0/">CC BY 2.0 Generic</a>, image cropped
	and blur effect added.</div>
	</div>
	</div>
	</footer>
	</div>
	</div>

	<!-- Bootstrap core JavaScript
	================================================== -->
	<!-- Placed at the end of the document so the pages load faster -->
	<script src="../../js/jquery.slim.min.js"></script>
	<script src="../../js/popper.min.js"></script>
	<script src="../../js/bootstrap.min.js"></script>
	<script type="text/javascript">
	$('.carousel .carousel-item').each(function(){
	var next = $(this).next();
	if (!next.length) {
	next = $(this).siblings(':first');
	}
	next.children(':first-child').clone().appendTo($(this));

	for (let i = 0; i < 3; i++) {
	next=next.next();
	if (!next.length) {
	next = $(this).siblings(':first');
	}
	next.children(':first-child').clone().appendTo($(this));
	}
	});
	</script>
	</body>
	</html>