-
Notifications
You must be signed in to change notification settings - Fork 9
4. Flipper Add‐On: RS485 Modbus
This plugin includes features to work with Modbus RTU networks. Now you can interact with industrial networks using the pocket-size device Flipper Zero, basic tasks like sniffing and injection are available, making easier to perform activities like analysis, error detection, and configuration of new peripherals to the network.
Modbus Flipper Add-On
With the help of the multipoint RS485 communication protocol, numerous devices can talk with one another on the same bus and exchange data. Long-distance data transfer is possible with the RS485 communication protocol since it employs differential signal transmission, which has the qualities of high speed, long range, and strong reliability.
Modbus is an industrial protocol to make communication possible between automation devices.
A master-slave relationship is used to construct the request-response protocol known as Modbus. Communication in a master-slave relationship always takes place in pairs; one device must make the request and then watch for a response; each interaction must be started by the initiating device, or master. A sensor, programmable logic controller (PLC), or programmable automation controller (PAC) is typically the slave to a human machine interface (HMI) or Supervisory Control and Data Acquisition (SCADA) system. The various protocol levels determine the content of these requests and answers as well as the network layers these communications are transmitted across.
- Electronic Cats Flipper Add-on "Modbus"
- Unleashed Firmware Installed on Flipper (Tested on unlshd-071e)
Flipper Firmware installation
Flipper main menu options
Select what you wanna do by clicking one of the options on the screen:
- Settings (Change general configurations)
- Sniffer (Watch data traveling trought the Bus)
- Sender (Send a packet request to any peripheral on the network)
- Read LOG (Open and read a previous sniffing sesion stored in the SD)
- About (See general information of the plugin)
- Baudrate (bits transmitted per second)
- Data size (Character size in bits)
- Stop bits (Number of bits indicating the end of the character)
- Parity (Flag indicating if the set bits number is odd or even, none also is a valid value)
- TimeOut (Maximum amount of time to wait a response packet)
- Output Format ("Hex" format displays hexadecimal values and "Default" in a conventional way)
- SaveLOG? (Stores all sniffed data in a LOG file, if it's enabled)
A succesfull comunication between flipper and Modbus will depend on these parameters, you must know how are they configured in the target Modbus network, wrong configurations will result in a data loss.
- Manual Sender (Build a packet manually and send it)
- Buffer Sender (A list with the most recent master sniffed requests, open any of them, modify it and send it)
Browse in your files, look for a LOG file and read it.
- Peripheral ID: Change the peripheral target by clicking the right or left button, also you can click the center button and enter the value in the Hexadecimal format, maximum value is 32 or 0x20.
-
Function: Hexadecimal input is disbaled in this field. Supported values are:
- Read Coils (0x01)
- Read Discrete Inputs (0x02)
- Read Holding Registers (0x03)
- Read Input Registers (0x04)
- Write Single Coil (0x05)
- Write Single Register(0x06)
- Write Multiple Coils (0x0F)
- Write Multiple Registers (0x10)
-
Start address: Choose the start address of coils or registers that you want to read or write. Hexadecimal input available in this field.
- Additional fields: The following fields of the packet are variable depending on the selected function, fields like byte count, quantity, value, byte and register may appear. Byte count is the unique field that can not be modified, the other fields can be modified using the buttons or the hexadecimal input.
See the oficial Modbus documentation to learn more about the fields of a request packet in https://modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf, special attention on Function codes descriptions
Once the packet is complete, send it by clicking the "Send packet" button, this action change automatically the scene to the output console where you can see the peripheral response.
In the right picture you can see the response, this response includes function, peripheral ID, byte count and the 4 values requested by the hub. See https://modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf to learn more about response structures.
Thank you for reading our Wiki!
- How do Magnetic Stripes work?
- MagSpoof Flipper Add-On
- Understanding MagSpoof Flipper Add-On
- First steps with the Flipper Add-On MagSpoof
- Example
- Marauder - Marauder Spoof's technologies
- Flipper Add‐On: Marauder
- Flipper Add‐On: Marauder Spoof
- Understanding Flipper Add-On: Marauder and Flipper Add-On: Marauder Spoof
- First steps with Marauder
- Examples
- How does Flipper Add-On SubGHz' technologies work?
- Flipper Add‐On: SubGHz
- Understanding Flipper Add‐On: SubGHz
- First steps with Flipper Add‐On: SubGHz
- What is RS485?
- What is the Modbus Protocol & How Does It Work?
- Requirements
- Menus description
- How to build a packet manually and send it
- How does Flipper CAN Bus work?
- Flipper Add‐On: CAN Bus
- Understanding Flipper Add‐On: CAN Bus
- First steps with Flipper Add‐On: CAN Bus