Assessing and Exploiting
Proprietary Serial Protocols

Module Outline

• Examples when to use

• Overview of methodology

• Functional analysis

  • Using ICS vendor maintenance software and hardware

  • Exercise: Functional analysis of PLC's vendor tools

• Communication capture

  • Capturing USB with hardware, software, and virtualization layers

  • Understanding USB and serial interfaces on Windows

  • Exercise: Capture of our vendor tool interactions with our PLC

• Capture analysis

  • Exercise: Analysis of our vendor's proprietary protocol

  • Exercise: Reverse engineering our vendor's proprietary protocol

  • Exercise: Using Wireshark's column, comment, and coloring rules for RE

• Testing harness creation

  • Exercise: Creating serial connections with Python

  • Exercise: Using ctserial to impersonate our vendor tools

• Endpoint fuzzing

  • Exercise: Using ctserial for manual fuzzing on our PLC

• Exploitation

Software

• Velocio vBuilder (installed on Windows 10)

• Velocio vFactory (installed on Windows 10)

• ControlThings Platform Virtual Machine

Hardware

• Velocio ACE 1600 PLC
  (We'll be reverse engineering its proprietary programming and HMI protocol)