How can modbus be partially corrupted? - modbus

I have a modbus slave from which I am receiving what appears to be partially corrupted responses. I have confirmed that the communications are good under some circumstances. In others, I get a checksum error.
If send the command 01 04 00 05 00 01 21 CB, where 04 is read input register and 05 is the address, three times I get back F8 9E 01 04 02 00 97, B8 9A 01 04 02 00 92, and 38 9D 01 04 02 00 93. Since the 01 04 02 00 is consistent each time, it seems like the signal isn't totally trashed, but the first two bytes are apparently causing the checksum to fail.
What problems cause this behavior?
I'm using the python minimalmodbus library on a Raspberry Pi.
Editorial note: I posted this to SO because it has all of the modbus questions on the SE network but if someone can think of a better place for it I'm open to moving it

Are you communicating over a serial line? I have seen noisy or improperly terminated modbus serial lines cause phantom values to appear either before or after a valid query and response.
While the specifics change depending on the details of your setup (number of wires, baudrate, topology of serial link, etc...), the general rule is to place a 120ohm resister between the wires at each end of the serial link.

Related

trying to read and write to a specific register of ethernet switch using uboot

I am a new to linux/u-boot and just generally reading and writing to specific registers.
I have a KSZ9897 Ethernet switch, and my goal is to use u-boot i2c commands to set bits [15:13] to 001 to put the switch in the proper test mode.
The following screenshot is of the register that I am trying to read/write to:
KSZ9897 datasheet
The slave address of this part is 1011_111 = 0x5F
The address of the 16 bit register I am trying to read/write from is [0xN112-0xN113]
The PHY register is 0x09 (I am not sure how this fits in to the picture, but that may be the reason I am having issues)
using u-boot, I am sending the following command:
#i2c md 0x5F 0xN112.2 0x10
It reads back the following:
0000: 00 98 97 00 00 00 00 00 00 00 00 00 00 00 00 4c ...............L
My suspicion is that this is just reading the first 16 addr values starting at 0x0000. I know this because the 98 and 97 values match up with the default values that should be at address 0x0001 and 0x0002.
Can anyone tell me what I am doing wrong here and how I can access register 0x09? I think i am using the proper u-boot syntax, but clearly something is not right here. any help would be much appreciated.
The i2c command is wrong, because the third parameter must be a hexadecimal number and N is not hexa, the switch datasheet tells that:
Address field “N” specifies the portnumber. Valid values for “N” are 1 to 7 for some registers, 6 to 7 for MAC port specific registers, and 0 to 5 for PHYspecific registers.
You should be writing something like this: i2c md 0x5f 0x1112 1 , the last parameter is the number of bytes you read.

What is the usage of MBR hex dump and what kind of think can be do using it?

I take copy bytes dump using my Ubuntu os(MBR sector) following command.
dc3dd if=/dev/sda of=x cnt=1 ssz=512 hash=sha256 mlog=hashes
And I convert it to hexdump using following command.
hexdump x > hex_x
I receive out put like this .
I have some experts hep to analysis this hex_dump. I need to know what are the benefit of getting MBR hex dump and what kind of thing can be do using it ? (Eg: can I tell my system os like information analyzing this ? )
Need to know ,are there any commands or tools to more deep analyzing and convert this hexdump to human readable way ?
Q. what are the benefit of getting MBR hex dump and what kind of thing can be done using it?
A. Microsoft says:
The MBR contains a small amount of executable code called the master boot code, the disk signature, and the partition table for the disk.
The master boot code and disk signatures aren't very useful for someone (investigator). However the partition table gives a lot of information, and it can be used to extract information, in scenarios, where OS is corrupted or not booting and MBR can be used to investigate disk drive and operating system.
Sample Partition Table Record: (taken from an MBR, using HEX editor)
80 20 21 00 07 7E 25 19 00 08 00 00 00 38 06 00
Each hexadecimal value has some specific meaning, for instance:
80 => Partition type, Active
20 21 00 => Partition’s starting sector, Cylinder-Head-Sector (CHS)
07 => File System, NTFS
7E 25 19 => Partition’s ending sector, CHS
00 08 00 00 => Starting sector
00 38 06 00 => Size of the partition, 199 MiB
You can read them in detail in Table 1.2 Partition Table Fields, at official site.
Q. are there any commands or tools to more deep analyzing and convert this hexdump to human readable way?
A. You can use any HEX editor, like Hex Editor Neo or Active Disk Editor. These editors will help you in understanding MBR, but there is no magic tool available to to convert hexdump into human readable format (based on my knowledge).
PS: The question is pretty old, I wasn't available earlier so please accept late answer... :)

How to Reset java card using APDU command

I am new to java card development.so far i have developed java card applet which can encrypt data using RSA algorithm. So basically i followed Application selection and send data.But now i want to reset java card before selecting the java card.Can anyone give me some brief idea how to do that??thanks Sajith.
There is no such thing as a RESET APDU command. Generally speaking, you can reset using a lower level API (which may not be available to you) or by disconnecting the card entirely. Or you can of course remove the power supply entirely by removing the card from the reader.
There may be reader specific commands (also called proprietary commands) that can be accessed through a CLA=FF escape. For instance the ACR122U ACR reader specifies:
The antenna can be switched off in order to save the power.
• Turn off the antenna power: FF 00 00 00 04 D4 32 01 00h
• Turn on the antenna power: FF 00 00 00 04 D4 32 01 01h
Here FF 00 00 00 is the escape header, 04 is the length byte Lc and D4 32 01 00 or D4 32 01 01 is the proprietary command.
This is just a some reader I found using an internet search.
Notes
using getATR() in the Java javax.smartcardio libraries does not reset the card - it just returns the previously received ATR if the card is already powered on;
there is no method to reset the card in the Java Card API either.

Why do I get an unexpected result when using socket.readUnsignedInt() in Adobe Air?

I have two air applications that communicate with each other using sockets.
Code on app 1
socket.writeUnsignedInt(4);
Code on app 2
socket.readUnsignedInt();
I am expecting the result of readInt() to be '4' (the int I sent) but I get '262144'
any help would be much appreciated.
The 262144 value in hex is 00 04 00 00, most likely your stream is out-of-sync, i.e. you read too few bytes from it before readUnsignedInt() call.

iPhone Mach-O binaries, string storage, __TEXT/__DATA

I am attempting to read constant (or initilization) strings from an iPhone Mach-O binary file. I understand that the 3 relevant segment.sections are _TEXT._cstring _TEXT._ustring and _DATA._cfstring. Howver, even though I know the string information is stored in these three blocks of data, which I have extracted, I can not make any sense of it, and it all looks like garbage - I do not see any recognizable character strings. Can anyone shed some light on this and give me an idea of what steps need to be take to read the string data?
I have looked at some code (GetAddrOfConstantCFString() from http://llvm.org/svn/llvm-project/cfe/trunk/lib/CodeGen/CodeGenModule.cpp), but again, couldn't quite relate it to what I see in the binaries.
In my case the sizes of the sections in question are:
__TEXT.__cstring (99 K-bytes)
__TEXT.__ustring (<200 bytes)
__DATA.__cfstring (29 K-bytes)
To give you an idea, the first 32 bytes of the __cfstring section, which I though would contain the actual strings looks like this:
Dump _DATA._cfstring
00 00 00 00 c8 07 00 00 74 02 0d 00 15 00 00 00
00 00 00 00 c8 07 00 00 8c 02 0d 00 01 00 00 00
...
Thanks a lot for your help!
Well, I've found the answer.
1) the files are generally encrypted (this can be tested with otool -l prog_file|grep -i crypt ). Not all sections are encrypted but usually the first block including _TEXT._text (prog code) and _TEXT._cstring are. The _DATA._cfstring section was not encrypted in my case.
2) as expected __cfstring consists of 16-byte structures (NSConstantString), where the 3rd word is a pointer to memory where _TEXT._cstring is loaded. The 4th word is the length.
So in real life the trick is to decrypt the file first, and then all is visible and accessible. I still didn't get around doing it properly, but dumped a piece of memory in gdb, which then replaced the relevant section in the file.