Read device info (#5)

djformby · web-flow · commit c5f93c24312d · 2025-12-02T11:06:40.000-05:00
* add read device info command * update Linux payload with read device info * force pymodbus to be included * update Windows payload * Revert "update Linux payload with read device info" This reverts commit 759aae9. * Revert "update Windows payload" This reverts commit e15ad76.
diff --git a/data/abilities/discovery/9360ba0d-46a3-47a1-bbe6-e6c875790500.yml b/data/abilities/discovery/9360ba0d-46a3-47a1-bbe6-e6c875790500.yml
@@ -0,0 +1,30 @@
+---
+
+- id: 9360ba0d-46a3-47a1-bbe6-e6c875790500
+  name: Modbus - Read Device Information
+  description: |
+    Modbus Function  (0x2B, subcode 0x0E): Read Device Information
+
+    This function code is used to read the device information
+  tactic: discovery
+  technique_id: T0888
+  technique_name: Remote System Information Discovery
+  executors:
+  - platform: linux
+    name: sh
+    command: >
+      ./modbus_cli #{modbus.server.ip} --port #{modbus.server.port} read_device_info --level #{modbus.read_device_info.level}
+    payloads:
+    - modbus_cli
+  - platform: windows
+    name: psh
+    command: >
+      .\modbus_cli.exe #{modbus.server.ip} --port #{modbus.server.port} read_device_info --level #{modbus.read_device_info.level}
+    payloads:
+    - modbus_cli.exe
+  - platform: darwin
+    name: sh
+    command: >
+      ./modbus_cli_darwin #{modbus.server.ip} --port #{modbus.server.port} read_device_info --level #{modbus.read_device_info.level}
+    payloads:
+    - modbus_cli_darwin
diff --git a/src/modbus/actions/spec.py b/src/modbus/actions/spec.py
@@ -14,6 +14,19 @@
 # 17 (0x11) Report Slave ID
 
 
+@ModbusClient.action
+def read_device_info(self, level=3, device_id=1):
+    """
+    Protocol Function
+    43 (0x2B) -- Encapsulated Interface Transport
+    MEI type: 14 (0x0E) - Read Device Information
+    """
+    self.log.info(
+        f"Read Device Info -- [Device ID: {device_id}]"
+    )
+    result = self.client.read_device_information(read_code=level, object_id=0)
+    return result
+
 @ModbusClient.action
 def read_coils(self, address, count, device_id=1):
     """
@@ -128,4 +141,4 @@ def mask_write_register(self, address, and_mask, or_mask, device_id=1):
         f"Mask Write Register (22) -- [Address: {address}, AND_mask: {and_mask}, OR_mask: {or_mask}, Device ID: {device_id}]"
     )
     req = self.client.mask_write_register(address, and_mask, or_mask, slave=device_id)
-    return req
+    return req
diff --git a/src/modbus_cli.py b/src/modbus_cli.py
@@ -103,6 +103,15 @@ def add_fuzz_args(parser):
         help="Seconds to wait between write operations [>= 0.0]",
     )
 
+def add_info_args(parser):
+    parser.add_argument(
+        "--level",
+        dest="level",
+        type=to_16bit_uint,
+        required=False,
+        default=3,
+        help="Level of info to request: 1=Basic, 2=Regular, 3=Extended",
+    )
 
 def add_write_c_subparser(subparsers):
     parser = subparsers.add_parser(
@@ -270,6 +279,14 @@ def add_fuzz_r_subparser(subparsers):
     )
 
 
+def add_read_device_info_subparser(subparsers):
+    parser = subparsers.add_parser(
+        "read_device_info",
+        help="Read device information"
+    )
+    add_info_args(parser)
+    add_device_id_arg(parser)
+
 def create_arg_parser():
     parser = argparse.ArgumentParser(
         description="Modbus Client Action Library " + modbus.version.get_version()
@@ -300,6 +317,7 @@ def create_arg_parser():
     add_write_r_subparser(subparsers)
     add_write_multi_r_subparser(subparsers)
     add_mask_write_r_subparser(subparsers)
+    add_read_device_info_subparser(subparsers)
 
     return parser
 
@@ -424,10 +442,24 @@ def do_action(client, args):
             log.error(err)
         else:
             print(f"{result[0]} successful write operations, {result[1]} errors")
+    elif args.action.lower() == "read_device_info":
+        print("[*] Read Device Information")
+        try:
+            result = client.read_device_info(
+                args.level,
+                args.device_id
+            )
+        except ValueError as err:
+            print(f"Device Info Read failed: {err}")
+            log.error(err)
+        else:
+            print_info_result(result)
 
     else:
         print("Action not defined.")
 
+def print_info_result(result):
+    print(result.information)
 
 def print_read_result(result, start, count, datatype):
     binary_types = ["coil", "discrete input"]
@@ -470,4 +502,4 @@ def run():
 
 
 if __name__ == "__main__":
-    run()
+    run()
diff --git a/src/modbus_cli.spec b/src/modbus_cli.spec
@@ -1,12 +1,19 @@
 # -*- mode: python ; coding: utf-8 -*-
+from PyInstaller.utils.hooks import collect_all
+
+datas = []
+binaries = []
+hiddenimports = ['pymodbus']
+tmp_ret = collect_all('pymodbus')
+datas += tmp_ret[0]; binaries += tmp_ret[1]; hiddenimports += tmp_ret[2]
 
 
 a = Analysis(
     ['modbus_cli.py'],
     pathex=[],
-    binaries=[],
-    datas=[],
-    hiddenimports=[],
+    binaries=binaries,
+    datas=datas,
+    hiddenimports=hiddenimports,
     hookspath=[],
     hooksconfig={},
     runtime_hooks=[],
@@ -35,4 +42,4 @@ exe = EXE(
     target_arch=None,
     codesign_identity=None,
     entitlements_file=None,
-)
+)
