Fork: 0
0xRoM / SCADA
Transfer to URL with SHA Find file
Newer
Older
SCADA / modbus / misc / dump_odd.py
root on 8 May 2022 1 KB playing with modbus day #1
Raw Blame History 
import sys
from pymodbus.client.sync import ModbusTcpClient
#from https://ctftime.org/writeup/31455

client = ModbusTcpClient(sys.argv[1])

for unit in range(32):
    for address, register in enumerate(client.read_holding_registers(0, 99, unit=unit).registers):
        if register != 0:
            print(f"hr {unit} {address} {register}")

for unit in range(32):
    for address, register in enumerate(client.read_input_registers(0, 99, unit=unit).registers):
        if register != 1:
            print(f"ir {unit} {address} {register}")

for unit in range(32):
    for address_base in range(0, 2999, 256):
        for address_index, coil in enumerate(client.read_coils(address_base, min(256, 2999 - address_base), unit=unit).bits[:min(256, 2999 - address_base)]):
            if coil != False:
                print(f"c {unit} {address_base + address_index} {coil}")

for unit in range(32):
    for address_base in range(0, 2999, 256):
        for address_index, coil in enumerate(client.read_discrete_inputs(address_base, min(256, 2999 - address_base), unit=unit).bits[:min(256, 2999 - address_base)]):
            if coil != True:
                print(f"di {unit} {address_base + address_index} {coil}")