The systems SCADA/ICS they use many different communication protocols than standard IT systems. The most widely used and de facto standard is the protocol modbus. First developed by Modicon (now Schneider Electric) in 1979 as a serial protocol, it has been modified and updated to run over TCP and is often referred to as Modbus TCP. Below you can see a diagram of the two package structures.
In this guide, we will simulate a configuration of modbus master and slave in an effort to demonstrate how this ubiquitous SCADA protocol works in an industrial environment. This simulation helps us better understand how this protocol works and how it can be hacked, manipulated and protected.
Step #1 Download and Install
You can download the .jar files of Modbus Master and Modbus PAL (slave) by clicking on the links. These are Java files and can be used on any Java-enabled system. Here we will run them on the Windows system, but they can just as easily be used on Linux, OSX, and any other Java-enabled system.
After running these two files, you should have a screen similar to the one below.
Step #2 Choose to run Modbus TCP
To get started, we need to configure these simulators to run in TCP mode. As you know, modbus was originally designed to run over a serial connection, and this emulator is capable of using TCP or a serial connection.
Make sure both are working on port 502. Then go to Master and in the folding one menu Options (Options) select Modbus TCP.
This should open a window like the one below where we can set the port and IP address. For now, let's leave the defaults 127.0.0.1 and port 502. Click on OK.
Step #3 Add Slaves
Next, we need to add a slave to the slave simulator. Click the Add button and the New Slave window will appear. Add 8 slaves and click the Add button as shown below.
Step #4 Add values to the coils
Click on the “eye” and a new window will appear. Here we can add values to registrars and coils.
Click the tab coils and select 8 coils.
Now, go ahead and add the values you see below to eight (8) coils. For simplicity, we add a “1” for each odd one coil and a zero “0” for each even coil.
Now, click the button Implementation to the Modbus slave.
Next, let's add 8 coils to Master and let's define it Unit ID into a 8.
Finally, click on the icon Connect (Login) at the left end of the top menu and then the icon Read / Write (Read/Write) next to it. You should see data moving from the slave to the master.
Step #5 Change its data coil
Now, let's change the data to coils and let's read them in the Master. Let's put units in each coil and then press Read / Write.
Step #6 Add values to registers
In this step, we will add values to the registers μνήμηs. Click on the tab Holding registers at the top of the window slave data.
In this case, we will only add four (4) registers.
Next, enter the values for the four (4) registers to keep. In this case, I added the following values,
In the Master, select 4 for the number of registers and select “Read Holding Registers” as Function Code.
Finally, click on the icon Read / Write. The data in the holding registers should be transferred to the Master and displayed in the Master registers as shown above.
Step #7 Register multiple registers
Now that we have shown how a Modbus Master can read both the coils as well as registers, let's try to send the data in the other direction. Here we will use Master to send data to coils. In this way, the system administrator or its developer PLC it can change the values in the registers and thus change its operation PLC.
Let's go to Master and select the “Write Multiple Registers” and then select 4 registers.
Then put new data in the registry fields in Master. Finally, tap Read / Write and the new values should appear in the data fields of the Slave register.
Conclusion
We hope this modbus simulator has shown you the basics of communicating with each other master and slave modbus. Although we only used a few functions, the simulator is capable of almost all of its functions modbus. It might be worth playing around with some of these features.
