| // |
| // Licensed to the Apache Software Foundation (ASF) under one or more |
| // contributor license agreements. See the NOTICE file distributed with |
| // this work for additional information regarding copyright ownership. |
| // The ASF licenses this file to You under the Apache License, Version 2.0 |
| // (the "License"); you may not use this file except in compliance with |
| // the License. You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| // |
| :imagesdir: ../../img/ |
| |
| == S7 Comm Plus (0x72) |
| |
| The `S7 Comm Plus` protocol is a new version of the original `S7 Comm` protocol. |
| While a `S7 Comm` packet is identified, by the magic byte `0x32`, the `S7 Comm Plus` packet uses the magic byte `0x72`. |
| The End of a packet is indicated by a frame end sequence of 6 bytes: 00 00 72 01 00 00 |
| |
| The general structure of the protocols content however is completely different and far less documented. |
| |
| The biggest source for getting started in implementing this protocol was the https://os-s.de/thesis/MA_Maik_Brueggemann.pdf[Master Thesis of Maik Brüggemann]. |
| However this only covered the basic structure of a `S7 Comm Plus` packet and it seems that this information is not quite correct as many assumptions hav turned out to not be correct. |
| |
| Beyond that, it seems that implementing this protocol would require knowledge of some shared keys which are contained in the bytecode of the PLCs as well as the official drivers. |
| As we can't reverse-engineer these keys, the only way we could get them, would be by disassembling the existing code, which would not be allowed. |
| |
| Therefore we have currently stopped working on this protocol type. |
| Eventually things may change in the future, but for now we see no way we could finish this on a legally correct path. |
| |
| == Links |
| |
| https://www.blackhat.com/docs/eu-17/materials/eu-17-Lei-The-Spear-To-Break%20-The-Security-Wall-Of-S7CommPlus-wp.pdf |