 Hello everyone, thanks for coming. So this is a talk about the Simons S7 Complus protocol. And the worker is mainly done by my colleague Chen Lei. But he is unfortunately to get a visa in time. So I represent for him here. First let's see some related work. Dylan had a talk about exploring the Simons S7 PLC at Black Hat 2011. And the protocol he discussed is the S7 Com. Rafa has a talk about warm living solely in the PLC last year. And the protocol he discussed is the early version of S7 Complus. Now this talk is mainly focused on the current version of the S7 Complus which is encrypted. So what is PLC? PLC is responsible for process control in industry control system. A PLC contains CPU, some IO modules, some communication modules, and some process modules, et cetera. Now this is a picture of the Simons PLC. Simons named his PLC S7 theory. The S7 200, S300, and S400 using the S7 Com protocol. S7 1200, S3 using the early version of the S7 Complus protocol. And the S7 1200, S3 using the early version of the S7 Complus protocol. And the S7 1200, S400 and S500 using the current version of S7 Complus protocol which is encrypted. That's the protocol we are discussed today. To communicate with the PLC, Simons provided TIA portal software which can be used to configure and program the Simons PLC. So there is a problem that it will communicate with the PLC through network. So there can be the replay attack. One can capture and replay the package communicator through the PLC and the PC to control the PLC. So let's see the S7 Complus protocol. So the S7 Complus protocol for detail. First, the TIA portal will send a connection request packet. This packet had to be discussed before. So I want to discuss the detail here. Then the PLC will return a connection response packet. There are two parts needed to be noticed. The first part is the I mark it with the red and the pink. And I will explain later. Then the PC will send a connection request the second time to complete the connection. There are two incorporating part which is important for the protocol. I also marked them with pink and blue rectangle. And also I will explain them later. After that the connection is built. So the function packet can be sent from the PC to the PLC. This is an example of a packet to stop the PLC. The important part is also marked with green rectangle here. So I will say that there are some part needed to be noticed because this part will be used to validate the packet. It must be the right value to go through the validation and exclude the function. First there are two ID, the session ID and the object ID. The session ID was returned from the PLC. And it seems to be a random date. And the object ID should be sent from the PC. It should be... Sorry. The object ID is sent from the PLC. It's the random value. And the session ID should be sent from the PC to the PLC to validate the session. It should be the object ID plus 128. Then comes the object ID. And the encryption part. Here's the first packet come from the PC to the PLC. It has two part that needed to be encryption. And the bottom one was the encryption part of the function packet. There's only one part which is encrypted. And I will explain how they are created. First there is the first encryption part of the connection packet. The input is the random value that comes from the PLC through the connection responsible packet. And the encryption is just a simple XOR. Now you can see this is the value come from the packet of the connection responsible packet. And this is the encryption function. It's just a simple XOR. And the result is the first encryption. Which is used in the secondary encryption. Now this is the secondary encryption part. It is a private algorithm to do this. And this is a private algorithm. So you can see this is the first encryption part of which is calculated from the XOR. And this is the secondary encryption function. It's a complicated private algorithm. But it can be real engineering from the TIA software. So this function was used to encryption. And we got the second encryption part. Now is the function packet encryption part. It uses a fixed field area with the session ID. It was the input. And also private algorithm is used to calculate the encryption result. So you can see this is the constant area with the session ID. And this is the encryption function. Which is private algorithm. And this is the result. Which can be seen in the function packet. So with all this we can get a whole map with the communication. The first three packet was the TCP connection. And then the PCS sends the connection request packet. And the PLC returns the connection responsible packet. And then the second connection request packet. After that the connection of SS7 COM plus protocol is established. So the PC can send the function packet. And do the control work. Now we can see the demo. Now you can see there is a 7S7 PLC. The PC and the PLC is connected through the hub. Now here is a program we make to control the PLC. First we click the connection button and to establish the connection. So the wire shocker you can see the connection is established. And the information of the PLC is returned. Now the light is green. It means that the PLC is running now. We click the stop button to stop the PLC. The light turns to yellow. It means that the PLC has stopped. And then we click the run button to run the PLC again. You can see the light returned to green now. It means that the PLC is running again. Okay. Let's return to the slide. Finally we all give some protection suggested. First from the coding level. We think the 7S7 COM plus protocol uses some private algorithm to make the encryption secret is not a good idea. It uses some... It should use some private algorithm to really encryption algorithm to do this work. And then next in the design level. And in the design level they should choose some encryption algorithm like RSA or something like to do the encryption. Finally in the protocol level the whole packet should be incorrupted and not just some key part of the packet. That's all. Thank you.