Need help generating full 56-byte Encrypted Challenge in S7CommPlus session setup

[lircy]

Below is a concise GitHub issue drafted in English to seek help with generating the encrypted challenge:

---

Title: Need help generating full 56-byte Encrypted Challenge in S7CommPlus session setup

Context

I'm implementing the S7CommPlus protocol (based on your German project) to connect to Siemens S7-1200/1500 PLCs without TLS. The session setup requires generating a 56-byte encrypted challenge in SetSessionSetupData.

Current Progress

• First 16 bytes of encryptedChallenge are correctly computed by XORing the PLC's challenge (bytes 2-17) with a fixed parameter 5f cb e9 73 01 70 f3 37 c9 fb 55 1a 34 32 14 ea.
• Problem: The remaining 40 bytes (positions 16-55) remain unresolved. Currently, 24 bytes are hardcoded (3e c8 d4 a9 ... cb 57) and the final 16 bytes (82 6a ... 28 87) appear to be a checksum.

Code Snippet

// Relevant portion of SetSessionSetupData  
byte[] encryptedChallenge = new byte[56];  
byte[] para = new byte[] { 0x5f, 0xcb, 0xe9, 0x73, ... , 0xea };  
byte[] plainText = new List<byte>(challenge).GetRange(2, 16).ToArray();  

// Correctly computes first 16 bytes:  
for (int i = 0; i < plainText.Length; i++)  
{  
    bytes[i] = (byte)(plainText[i] ^ para[i]);  
}  
Buffer.BlockCopy(bytes, 0, encryptedChallenge, 0, 16);  

// Remaining 40 bytes UNKNOWN (currently hardcoded):  
Buffer.BlockCopy(new byte[] { 0x3e, 0xc8, ... , 0x57 }, 0, encryptedChallenge, 16, 24);  
Buffer.BlockCopy(new byte[] { 0x82, 0x6a, ... , 0x87 }, 0, encryptedChallenge, 40, 16);  

Request

Could you clarify:

1. What algorithm or keys derive the 24 middle bytes (positions 16-39)?
2. How is the final 16-byte checksum (positions 40-55) computed?
3. Is there a cryptographic primitive (e.g., AES-CBC, custom cipher) involved?

Any insights, pseudocode, or references would be invaluable. Thank you!

---

Key Points

• Clearly states what works (first 16 bytes).
• Explicitly identifies the unknown parts (40 bytes).
• Asks specific technical questions about the algorithm.
• Maintains a respectful tone while acknowledging the original work ("based on your German project").

[jogibear9988]

@lircy
I could not help you with your question (didn't dig into the protocol yet), but maybe the project harpo (https://github.com/bonk-dev/HarpoS7) could help you. As they already support connection to older CPU's.

[lircy]

Thank you

…

________________________________ 发件人: Jochen Kühner ***@***.***> 发送时间: 2025年6月10日 5:28 收件人: thomas-v2/S7CommPlusDriver ***@***.***> 抄送: lircy ***@***.***>; Mention ***@***.***> 主题: Re: [thomas-v2/S7CommPlusDriver] Need help generating full 56-byte Encrypted Challenge in S7CommPlus session setup (Issue #61) [https://avatars.githubusercontent.com/u/364896?s=20&v=4]jogibear9988 left a comment (thomas-v2/S7CommPlusDriver#61)<#61 (comment)> @lircy<https://github.com/lircy> I could not help you with your question (didn't dig into the protocol yet), but maybe the project harpo (https://github.com/bonk-dev/HarpoS7) could help you. As they already support connection to older CPU's. ― Reply to this email directly, view it on GitHub<#61 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKXJSGIPWOMGWTSWASARDBD3CZUHTAVCNFSM6AAAAAB66P5K4WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDSNJXG4ZDINZUGA>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[jogibear9988]

@lircy did you get any further ?

[lircy]

There has been no progress so far.

…

________________________________ 发件人: Jochen Kühner ***@***.***> 发送时间: 2025年6月16日 6:20 收件人: thomas-v2/S7CommPlusDriver ***@***.***> 抄送: lircy ***@***.***>; Mention ***@***.***> 主题: Re: [thomas-v2/S7CommPlusDriver] Need help generating full 56-byte Encrypted Challenge in S7CommPlus session setup (Issue #61) [https://avatars.githubusercontent.com/u/364896?s=20&v=4]jogibear9988 left a comment (thomas-v2/S7CommPlusDriver#61)<#61 (comment)> @lircy<https://github.com/lircy> did you get any further ? ― Reply to this email directly, view it on GitHub<#61 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKXJSGPXWHTFRFWSE5FIKTT3DZO37AVCNFSM6AAAAAB66P5K4WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDSNZVGI2DGNJUG4>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[lircy]

This week has seen significant progress: After testing with TIA Portal V17 + S7-PLCSIM Advanced V5.0, the results confirm successful PLC authentication. We can now retrieve PLC symbolic variable trees and perform PLC operations using the V3 protocol.

…

________________________________ 发件人: Jochen Kühner ***@***.***> 发送时间: 2025年6月16日 6:20 收件人: thomas-v2/S7CommPlusDriver ***@***.***> 抄送: lircy ***@***.***>; Mention ***@***.***> 主题: Re: [thomas-v2/S7CommPlusDriver] Need help generating full 56-byte Encrypted Challenge in S7CommPlus session setup (Issue #61) [https://avatars.githubusercontent.com/u/364896?s=20&v=4]jogibear9988 left a comment (thomas-v2/S7CommPlusDriver#61)<#61 (comment)> @lircy<https://github.com/lircy> did you get any further ? ― Reply to this email directly, view it on GitHub<#61 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKXJSGPXWHTFRFWSE5FIKTT3DZO37AVCNFSM6AAAAAB66P5K4WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDSNZVGI2DGNJUG4>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[lircy]

Here's the precise technical translation: However, one issue remains unclear: How does the open-source project you recommended obtain the public keys for various Siemens PLC models, and is the acquisition method legal? This directly impacts future feasibility of adding support for new PLC models.

…

________________________________ 发件人: Jochen Kühner ***@***.***> 发送时间: 2025年6月16日 6:20 收件人: thomas-v2/S7CommPlusDriver ***@***.***> 抄送: lircy ***@***.***>; Mention ***@***.***> 主题: Re: [thomas-v2/S7CommPlusDriver] Need help generating full 56-byte Encrypted Challenge in S7CommPlus session setup (Issue #61) [https://avatars.githubusercontent.com/u/364896?s=20&v=4]jogibear9988 left a comment (thomas-v2/S7CommPlusDriver#61)<#61 (comment)> @lircy<https://github.com/lircy> did you get any further ? ― Reply to this email directly, view it on GitHub<#61 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKXJSGPXWHTFRFWSE5FIKTT3DZO37AVCNFSM6AAAAAB66P5K4WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDSNZVGI2DGNJUG4>. You are receiving this because you were mentioned.Message ID: ***@***.***>

[jogibear9988]

The question is, is it illegal to obtain it via reverse engineering. I think in germany it is allowed to get them for achieving interoperability.

[lircy]

Based on the S7CommPlus V3 protocol specification, the maximum length of a packet transmitted over TCP is 1024 bytes. When a packet exceeds this limit, it must be split into two fragments for transmission. However, I'm encountering an issue where:

For packets < 1024 bytes, the calculated IntegrityPart passes PLC verification

For fragmented packets (>1024 bytes):

Each fragment's IntegrityPart is calculated separately

PLC rejects the verification of these fragments

Question: What causes this verification failure?

private int SendS7plusPDUdata(byte[] sendPduData, int bytesToSend, byte protoVersion, byte[] sessionKey)
{
    m_LastError = 0;
    
    int curSize;
    int sourcePos = 0;
    int sendLen;
    int NegotiatedIsoPduSize = 1024; // TODO: Respect negotiated TPDU size

    // 4 Byte TPKT Header | 3 Byte ISO-Header | 4 Byte S7CommPlus Header | 4 Byte S7CommPlus Trailer (last PDU only)
    int MaxSize = NegotiatedIsoPduSize - 4 - 3 - 4 - (protoVersion == 0x03 ? 33 : 0);
    byte[] packet = new byte[MaxSize + 4 + (protoVersion == 0x03 ? 33 : 0)];

    while (bytesToSend > 0)
    {
        // Fragment sizing
        if (bytesToSend > MaxSize)
        {
            curSize = MaxSize;
            bytesToSend -= MaxSize;
        }
        else
        {
            curSize = bytesToSend;
            bytesToSend -= curSize;
        }

        // Build header: [0x72][ProtoVer][LengthHi][LengthLo]
        packet[0] = 0x72;
        packet[1] = protoVersion;
        packet[2] = (byte)((curSize + (protoVersion == 0x03 ? 33 : 0)) >> 8);
        packet[3] = (byte)((curSize + (protoVersion == 0x03 ? 33 : 0)) & 0x00FF);

        // Extract current fragment data
        byte[] curData = new byte[curSize];
        Array.Copy(sendPduData, sourcePos, curData, 0, curSize);

        // V3 IntegrityPart handling
        if (protoVersion == 0x03)
        {
            byte[] data = new byte[curData.Length];
            byte[] digestBuffer = new byte[32];
            Buffer.BlockCopy(curData, 0, data, 0, curData.Length);
            
            // ▶▶ SUSPECT CALCULATION ◀◀
            CalculateDigest(digestBuffer.AsSpan(), data, sessionKey);
            
            IntegrityPart integrityPart = new IntegrityPart();
            integrityPart.DigetLength = (byte)digestBuffer.Length;
            integrityPart.PacketDigest = digestBuffer;
            
            MemoryStream stream1 = new MemoryStream();
            integrityPart.Serialize(stream1);
            Array.Copy(stream1.ToArray(), 0, packet, 4, 33); // Inject IntegrityPart
        }

        // Append payload
        Array.Copy(sendPduData, sourcePos, packet, 4 + (protoVersion == 0x03 ? 33 : 0), curSize);
        sourcePos += curSize;
        sendLen = 4 + curSize + (protoVersion == 0x03 ? 33 : 0);

        // Add trailer ONLY to final fragment (0x72 + ProtoVer + 0x0000)
        if (bytesToSend == 0)
        {
            Array.Resize(ref packet, sendLen + 4);
            packet[sendLen] = 0x72;
            packet[++sendLen] = protoVersion;
            packet[++sendLen] = 0;
            packet[++sendLen] = 0;
        }
        
        m_client.Send(packet);
    }
    return m_LastError;
}

[lircy]

lircy/S7CommPlusV3Driver: This communication driver is developed on the .NET Framework 4.7.2. It enables communication with Siemens S7-1200 and S7-1500 PLCs without enabling TLS scenarios. The driver supports: Online browsing of the global symbolic variable tree. Batch reading of variable values via symbolic variable names. Writing values via symbolic variables.<https://github.com/lircy/S7CommPlusV3Driver> [https://opengraph.githubassets.com/1fd3281787c2581ec6d3966e21c7d5951d9afdecdf606c0b166a443ab988cbbc/lircy/S7CommPlusV3Driver]<https://github.com/lircy/S7CommPlusV3Driver> GitHub - lircy/S7CommPlusV3Driver: This communication driver is developed on the .NET Framework 4.7.2. It enables communication with Siemens S7-1200 and S7-1500 PLCs without enabling TLS scenarios. The driver supports: Online browsing of the global symboli<https://github.com/lircy/S7CommPlusV3Driver> This communication driver is developed on the .NET Framework 4.7.2. It enables communication with Siemens S7-1200 and S7-1500 PLCs without enabling TLS scenarios. The driver supports: Online brows... github.com

…

________________________________ 发件人: Jochen Kühner ***@***.***> 发送时间: 2025年7月4日 6:04 收件人: thomas-v2/S7CommPlusDriver ***@***.***> 抄送: lircy ***@***.***>; Mention ***@***.***> 主题: Re: [thomas-v2/S7CommPlusDriver] Need help generating full 56-byte Encrypted Challenge in S7CommPlus session setup (Issue #61) [https://avatars.githubusercontent.com/u/364896?s=20&v=4]jogibear9988 left a comment (thomas-v2/S7CommPlusDriver#61)<#61 (comment)> The question is, is it illegal to obtain it via reverse engineering. I think in germany it is allowed to get them for achieving interoperability. ― Reply to this email directly, view it on GitHub<#61 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKXJSGI4TFSIYCXX2AZWPS33GYKONAVCNFSM6AAAAAB66P5K4WVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTAMZUGY2DGMBVHE>. You are receiving this because you were mentioned.Message ID: ***@***.***>