Open source PLC

[thiagoralves]

Hi all,

I'm a Ph.D. student at the University of Alabama in Huntsville, and my research topic is SCADA cyber security. My goal is to find vulnerabilities in PLCs and try to fix them. However, its really hard to study something deep when you don't have the source code. Therefore, due to the lack of open source tools available in this field, I decided to create my own open source PLC. Then I realized that this could be useful for other researchers and professionals in the field, so I'm here sharing it with everyone.

The OpenPLC is a complete package with an editor and a compiler. The editor runs in Windows, Linux and MacOS and supports all the 5 IEC 61131-3 languages: ST, IL, LADDER, FBD and SFC. The compiler is responsible for getting the program written by the user and compile it to the platform in which the OpenPLC is running.

The OpenPLC currently runs on Raspberry Pi, Arduino, UniPi and also as a soft-PLC on Windows or Linux. If you guys have any of the mentioned boards laying down somewhere, it might be interesting to give the OpenPLC a try. More information can be found at the project's website: openplcproject dot com (I don't know why my url get scrambled all the time... )

Let me know if you have any comments.


Thanks,

Thiago Alves

 

[Robobob]

Your link does not work

 

[thiagoralves]

Just fixed it. I don't know why my urls get truncated all the time.

 

[adisharr]

Very interesting Thiago, this looks very well done. I'd love to try it out if I can ever find the time. I just need to find a place to use it. I can see this being used in Home Automation. Are you looking to find a way to mount the I/O cards more securely in the future or is this more of a research project / release to the community for improvements type of thing?

 

[thiagoralves]

The boards you see on the website are for the concept hardware. This is just a reference design for you to build your own controller if you want. I made the OpenPLC compatible with other popular open source platforms such as the Arduino and Raspberry Pi. If you're looking for something more industrial, you can try the UniPi board.

 

[dmroeder]

Fascinating Thiago! I have always hoped that there would be more open source in the industrial sector. I look forward to tinkering with it. Thanks for sharing!

 

[gclshortt]

Hi Thiago,
This looks interesting.
Thanks Thiago

 

[Thomas_v2]

Hi all,

I'm a Ph.D. student at the University of Alabama in Huntsville, and my research topic is SCADA cyber security. My goal is to find vulnerabilities in PLCs and try to fix them. However, its really hard to study something deep when you don't have the source code. Therefore, due to the lack of open source tools available in this field, I decided to create my own open source PLC.

Interesting project.

But the explanation why you have developed this is a little bizarre. Or would anyone who has to find out security problems in a webserver write it's own C compiler? There are issues in compilers (see Ken Thompsons early compiler hack), but that's not the security problems current PLCs have.

Will your PLC support Modbus TCP? ;-)

 

[Pete.S.]

Looks good!

Maybe you want to partner up with these guys: http://www.industrialshields.com/en/

They've come a little further on the hardware side of things.

 

[thiagoralves]

Interesting project. But the explanation why you have developed this is a little bizarre. Or would anyone who has to find out security problems in a webserver write it's own C compiler?

The problem is that the C compiler is already open source, so there is no need to rewrite it!

My biggest motivation was actually because when I started dealing with PLCs, I couldn't find any open source one. At that time I didn't know enough about it to realize that it was a really tough thing to do. I though that within a few months I would be able to build one myself. However, the more I learned about PLCs, more I knew that I was really far from building one!

But since I'm a very stubborn person, I didn't give up. When I started digging into the vulnerabilities of commercial PLCs, I got an even stronger desire to go deep into building my own controller. So now here I am publishing my first big version of it.

Will your PLC support Modbus TCP? ;-)

OpenPLC already supports Modbus TCP in all platforms (from the Arduino to the softPLC running on Windows). I'm planning to write a Modbus Master driver so that the softPLC version will be able to export it's I/Os to actual Modbus Slave devices in the field. I would really appreciate if I could get any help with it!

 

[thiagoralves]

Looks good!

Maybe you want to partner up with these guys: http://www.industrialshields.com/en/

They've come a little further on the hardware side of things.

I saw their website, it seems to be really good. I wrote to them, let's see if they have any interest in the OpenPLC project.

 

[Thomas_v2]

OpenPLC already supports Modbus TCP in all platforms (from the Arduino to the softPLC running on Windows). I'm planning to write a Modbus Master driver so that the softPLC version will be able to export it's I/Os to actual Modbus Slave devices in the field. I would really appreciate if I could get any help with it!

Interesting, that someone who is working on SCADA network security, chooses as protocol for his PLC the one (Modbus TCP), that has absolutely no security features.

 

[thiagoralves]

Interesting, that someone who is working on SCADA network security, chooses as protocol for his PLC the one (Modbus TCP), that has absolutely no security features.

Unfortunately there isn't any PLC protocol that is secure, at least none that is used commercially. All of them lack the basic premise of security: encryption. In our lab, we've successfully hacked into the most used protocols in industry, Modbus included. I picked Modbus for a number of reasons. Modbus is one of the most used protocols in industry, is open source (no royalties to use it) and is relative easy to implement. I plan to include other protocols in the future, depending on how the research goes. For now, I'm focused in creating a better version of the modbus protocol that will be backward-compatible but that will also include some security features.

 

[Thomas_v2]

Unfortunately there isn't any PLC protocol that is secure, at least none that is used commercially. All of them lack the basic premise of security: encryption.

What about OPC UA?
Supports all of security features: authorization, encryption and integrity. I think it's a very neat idea, to have a OPC UA server running on a PLC.

 

[boneless]

Look interesting! Please do share any developments!