>>Hello everyone thanks for coming. So this is a talk about the 7 S7Comm Plus protocol and the work is uh is mainly done by my colleague uh Cheng Lei but he’s unfortunately to get with uh in time so I stand for him here. Uh first uh let’s see some related work. Dillon had a talk about uh his exploit siemens S7 PLC at uh Blackhat uh 2011 and the the protocol he discussed is the S7Comm. Ralf has a talk about a a worm living solely in the PLC last year and then the protocol he discussed is the early which you know S7Comm Plus not this talk is mainly focused on the current protocol  s7 Plus which is encrypted. So what is a PLC? PLC is responsible for process control in industrial control system. A PLC contains a CPU some IO modules, some communication modules, and uh some process modules etc. Now this is a picture of the Siemens PLC. Uh Siemens named his PLC  s7 08 the 7 200 or 300 and 400 uh using the S7Comm protocol. Um s71000 200 version 3 using the early version of the s7Comm Plus protocol and the s7 100 uh 1000 200 v4 and uh 1500 using the current version of s7comm plus protocol which is encrypted. That is the protocol we are discussing today. To communicate with the PLC siemens provided a TIA Portal software which can be used to configure and program the Siemens PLC. So there's a prog program to add uh either a communicator with the PLC with the uh sur- network. So there can be a replay attack. One can capture and uh replay the packets communicate through the PLC and the PC to control the PLC. So let’s see the s7Comm Plus protocol for detail. First the um the TIA portal will send a connection request to a packet. This packet oops, this packet here had to be discussed uh before so I won’t discuss the detail here. Then the PLC will return a connection response packet here. There are 2 part needed to be noticed. Uh I mark it with the red and the pink. Uh and I will explain later. Then the PCU will send the connection request to the second time to complete the connection. There is a 2 encrypting parts which are important for the protocol. I also mark them with a pink and uh blue rectangle uh and uh also I will explain later. After that the connection is uh built uh so the function packet can be sent from the PC to the PLC uh it’s easy as somehow of uh uh packet to stop the PLC. Uh the important uh is also marked with uh uh green rectangle here. [coughing] So uh I will set aside uh [inaudible word] some part needed to be noticed because say uh this part will be used to  validate the packet the master beat uh right value to to go through the validation and the excluded function. First let’s there are 2 ID’s, the session ID and the object ID. The  session ID was returned from the PLC and it’s assumed to be a random date and the object uh ID should be the send from the PC. It should be so so sorry sorry. The object ID is sent from the the PLC uh it’s the random value and the session ID should be sent from the PC to the PLC to validate the session. IT should be the object ID plus plus 100 uh 28. Then comes the encryption part. [sighs] and here’s the the first uh packet uh come from the PC to the PLC. There has 2 part that needed to be encryption and uh the part 1 was uh the encryption part of the function packet there’s only part which is encrypted uh and I’ll explain how they are created. First there is the the first uh encryption part of the connection packet. The input is the encrypt the is the or random random value of that come from the PLC through the connection respon responsible packet. [sighs] and and the the encryption is just uh uh simple XOR. NOw you can see this is the value come from the packet of the connection response packet. And this is the encryption function is just a simple XOR and the result is the first uh encryption which is used in the second encryption. NOw the this is the second encryption part. It use uh input parameter to algorithm to to do this uh encryption. So you can see this is the first uh encryption part which is calculated uh from the XOR and this is the second uh encryption function is uh an complicated uh private algorithm but it can be reverse engineered from from the TR TI  [inaudible word] So this uh this function was used to encrypt and we gathered a second encryption part. Now is the function packet encryption part. You use a fixed field array with the session ID is the input and also a complex algorithm is used to calculate uh the corruption result. So you can see this here is the constant array with the session ID and uh this is the en encryption function which is um private algorithm and this is the result which it  can be can be seen the in the function packet. So with all this we can gather uh home apple with the communication. Uh first uh the first [inaudible word] packet was the TCP connection and it send the PCU you sends the connection request packet and the PLC returns the connection responsible packet and then the second uh connection request uh packet after that the the connection of for S7Comm Plus Protocol is is established so the PCU can send the function packet and uh do the control work. Uh now we can see them both. Now you can see there is a siemens S7 PLC, a hub and PC. The PC and the PLC is connecting through the hub. Now here’s a program we make to control the PLC. First we click the uh connection button and then to establish the connection so the wireshark you can see the connection is established and the information of the PLC is uh returned. Now the now the light is green means that uh the the PLC is running now. We click the stop button to stop the PLC. The light turns to yellow means that the PLC has stopped. [sigh] and then we click the run button to run the PLC again and see the light uh return to green now. Means that uh the PLC is running again. Okay [sigh] let's return to the slide. Uh finally we argue some protection suggest uh first from the coding lab or mmm uh we we think uh the Siemens S7 Comm Plus Protocol uses some private algorithms to make the encryption secret is not a good idea. It uses some uh it shouldn't use some iuh really encryption algorithm to do this work and uh next in the design level uh the [coughing] uh uh uh in the in the in the design level it says should chose some encryption algorithms like RSA or or something like to do the encryption. Finally in the protocol level the whole packet should be encrypted and not just some key part of of of the packet uh uh that’s all, thank you.


[applause]