Home
This plugin includes features to work with Modbus RTU networks. Now you can interact with industrial networks using the pocket-size device Flipper Zero, basic tasks like sniffing and injection are available, making easier to perform activities like analysis, error detection, and configuration of new peripherals to the network.
- Electronic Cats Flipper Addon "Modbus"
- Unleashed Firmware Installed on Flipper (Tested on unlshd-071e)
Select what you wanna do by clicking one of the options on the screen
- Settings (Change general configurations)
- Sniffer (Watch data traveling trought the Bus)
- Sender (Send a packet request to any peripheral on the network)
- Read LOG (Open and read a previous sniffing sesion stored in the SD)
- About (See general information of the plugin)
- Baudrate (bits transmitted per second)
- Data size (Character size in bits)
- Stop bits (Number of bits indicating the end of the character)
- Parity (Flag indicating if the set bits number is odd or even, none also is a valid value)
- TimeOut (Maximum amount of time to wait a response packet)
- OutputFormat ("Hex" format displays hexadecimal values and "Default" in a conventional way)
- SaveLOG? (Stores all sniffed data in a LOG file, if it's enabled)
A succesfull comunication between flipper and Modbus will depend on these parameters, you must know how are they configured in the target Modbus network, wrong configurations will result in a data loss.
- Manual Sender (Build a packet manually and send it)
- Buffer Sender (A list with the most recent master sniffed requests, open any of them, modify it and send it)
Browse in your files, look for a LOG file and read it.
Shows general information about this cool plugin
- Peripheral ID: Change the peripheral target by clicking the right or left button, also you can click the center button and enter the value in the Hexadecimal format, maximum value is 32 or 0x20.
-
Function: Hexadecimal input is disbaled in this field. Supported values are:
- Read Coils (0x01)
- Read Discrete Inputs (0x02)
- Read Holding Registers (0x03)
- Read Input Registers (0x04)
- Write Single Coil (0x05)
- Write Single Register(0x06)
- Write Multiple Coils (0x0F)
- Write Multiple Registers (0x10)
-
Start address: Choose the start address of coils or registers that you want to read or write. Hexadecimal input available in this field.
- Additional fields: The following fields of the packet are variable depending on the selected function, fields like byte count, quantity, value, byte and register may appear. Byte count is the unique field that can not be modified, the other fields can be modified using the buttons or the hexadecimal input.
See the oficial Modbus documentation to learn more about the fields of a request packet in https://modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf, special attention on Function codes descriptions
Once the packet is complete, send it by clicking the "Send packet" button, this action change automatically the scene to the output console where you can see the peripheral response.
In the right picture you can see the response, this response includes function, peripheral ID, byte count and the 4 values requested by the hub. See https://modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf to learn more about response structures.