From 1f97360b5f64efc2079e6e8af9346c8f82eb1434 Mon Sep 17 00:00:00 2001
From: Aditya Patil <72488360+PythonHacker24@users.noreply.github.com>
Date: Fri, 19 Apr 2024 16:14:58 +0530
Subject: [PATCH 1/4] Create modbus.md for introduction to the modbus protocol

---
 .../modbus.md                                 | 33 +++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 todo/industrial-control-systems-hacking/modbus.md

diff --git a/todo/industrial-control-systems-hacking/modbus.md b/todo/industrial-control-systems-hacking/modbus.md
new file mode 100644
index 000000000..7ca3e062d
--- /dev/null
+++ b/todo/industrial-control-systems-hacking/modbus.md
@@ -0,0 +1,33 @@
+# The Modbus Protocol 
+
+## Introduction to Modbus Protocol 
+
+The Modbus protocol is a widely used protocol in Industrial Automation and Control Systems. Modbus allows communication between various devices such as programmable logic controllers (PLCs), sensors, actuators, and other industrial devices. Understanding the Modbus Protocol is essential since this is the single most used communication protocol in the ICS and has a lot of potential attack surface for sniffing and even injecting commands into PLCs.
+
+Here, concepts are stated point-wise providing context of the protcol and it's nature of operation. The biggest challenge in ICS system security is the cost of implementation and upgradation. These protocols and standards where designed in the early 80s and 90s which are still widely used. Since an industry has a lot of devices and connections, upgrading devices is very difficult, which provides hackers with an edge of dealing with outdated protocols. Attacks on Modbus is like practically unevitable since it is going to be used without upgradation is it's operation is critical to the industry. 
+
+## The Client-Server Architecture
+
+Modbus Protocol is typically used as in Client Server Architecture where a master device (client) initiates communication with one or more slave devices (servers). This is also referred to as Master-Slave architecture, which is widely used in electronics and IoT with SPI, I2C, etc. 
+
+## Serial and Etherent Versions
+
+Modbus Protocol is designed for both, Serial Communication as well as Ethernet Communications. The Serial Communication is widely used in legacy systems while modern devices support Ethernet which offers high data rates and is more suitable for modern industrial networks. 
+
+## Data Representation 
+
+Data is transmitted in Modbus protocol as ASCII or Binary, although the binary format is used due to it's compactibility with older devices. 
+
+## Function Codes 
+
+ ModBus Protocol works with transmission of specific function codes that are used to operate the PLCs and various control devices. This portion is important to undertstand since replay attacks can be done by retransmitting function codes. Legacy devices do not support any encryption towards data transmission and usually have long wires which connect them, which results to tampering of these wires and capturing/injected data. 
+
+ ## Addressing of Modbus 
+
+Each device in the network has some unique address which is essential for communication between devices. Protocols like Modbus RTU, Modbus TCP, etc. are used to implement addressing and serves like a transport layer to the data transmission. The data that is transferred is in the Modbus protocol format that contains the message.
+
+Furthermore, Modbus also implements error checks to ensure the integrity of the transmitted data. But most of al, Modbus is a Open Standard and anyone can implement it in their devices. This made this protocol to go on global standard and it's widespread in the industrial automation industry. 
+
+Due to it's large scale use and lack of upgradations, attacking Modbus provides a significant advantage with it's attack surface. ICS is highly dependent on communication between devices and any attacks made on them can be dangerous for the operation of the industrial systems. Attacks like replay, data injection, data sniffing and leaking, Denial of Service, data forgery, etc. can be carried out if the medium of transmission is identified by the attacker. 
+
+

From 5be244af0c52a482fcaa92d696448739cd8fd736 Mon Sep 17 00:00:00 2001
From: Aditya Patil <72488360+PythonHacker24@users.noreply.github.com>
Date: Mon, 22 Apr 2024 00:19:20 +0530
Subject: [PATCH 2/4] Create side_channel_analysis.md, will update more later

---
 todo/hardware-hacking/side_channel_analysis.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 todo/hardware-hacking/side_channel_analysis.md

diff --git a/todo/hardware-hacking/side_channel_analysis.md b/todo/hardware-hacking/side_channel_analysis.md
new file mode 100644
index 000000000..2ad4b6e8f
--- /dev/null
+++ b/todo/hardware-hacking/side_channel_analysis.md
@@ -0,0 +1,7 @@
+# Side Channel Analysis Attacks 
+
+Side Channel Analysis Attacks refers to determining the information from a device or entity by some other channel or source that has an indirect influence on it and information can be extracted from it. This can be explained better with an example: 
+
+Analysing the vibrations in glass sheets which is near the sound source, but the sound source is not accessible. The vibrations in glass are influenced by the sound source and if monitored and analysed, the sound can be decoded and interpreted.
+
+These attacks are very popular in case of leaking data such as private keys or finding operations in the processors. An electronic circuit is has a lot of channels from which, information is constantly leaked. Monitoring and analysing can be useful for diclosing a lot of information about the circuit and internals of it. 

From b5152255e4026bcf52059df318aee4e456fda080 Mon Sep 17 00:00:00 2001
From: Aditya Patil <72488360+PythonHacker24@users.noreply.github.com>
Date: Mon, 22 Apr 2024 00:22:45 +0530
Subject: [PATCH 3/4] Create fault_injection_attacks.md, will update later

---
 todo/hardware-hacking/fault_injection_attacks.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 todo/hardware-hacking/fault_injection_attacks.md

diff --git a/todo/hardware-hacking/fault_injection_attacks.md b/todo/hardware-hacking/fault_injection_attacks.md
new file mode 100644
index 000000000..ad6fa7a35
--- /dev/null
+++ b/todo/hardware-hacking/fault_injection_attacks.md
@@ -0,0 +1,5 @@
+# Fault Injection Attacks 
+
+Fault injections attacks includes introducing external distrubance in electronic circuits to influence it's behaviour, resulting to disclose information or even bypass certian restrictions in the circuit. This attacks opens a lot of possibilities for attacking electronic circuits. This attack is also referred as glitching of electronic circuits.
+
+There are a lot of methods and mediums for injecting fault into an electronic circuit. 

From 92c814fa17147dd954c953c9ba4718aef0ebbbc6 Mon Sep 17 00:00:00 2001
From: Aditya Patil <72488360+PythonHacker24@users.noreply.github.com>
Date: Sat, 27 Apr 2024 22:04:43 +0530
Subject: [PATCH 4/4] Update SUMMARY.md

---
 SUMMARY.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/SUMMARY.md b/SUMMARY.md
index 5d2fc846d..c3f5f52db 100644
--- a/SUMMARY.md
+++ b/SUMMARY.md
@@ -789,6 +789,8 @@
   * [Radio](todo/hardware-hacking/radio.md)
   * [JTAG](todo/hardware-hacking/jtag.md)
   * [SPI](todo/hardware-hacking/spi.md)
+* [Industrial Control Systems Hacking](todo/industrial-control-systems-hacking/README.md)
+  * [Modbus Protocol](todo/industrial-control-systems-hacking/modbus.md)
 * [Radio Hacking](todo/radio-hacking/README.md)
   * [Pentesting RFID](todo/radio-hacking/pentesting-rfid.md)
   * [Infrared](todo/radio-hacking/infrared.md)