Home

Awesome

MITRE Caldera™ for OT plugin: IEC 61850 - Payloads

This repository provides the compiled payload binaries as well as the payload source code for the MITRE Caldera™ for OT IEC 61850 plugin.

Quick Start

To use the IEC 61850 plugin:

  1. Download the appropriate compiled payload from the Releases section of this repository.
  2. Save the downloaded payload file(s) in the caldera/plugins/iec61850/payloads directory of your Caldera installation.

About

Where possible, the Caldera for OT plugins leverage open-source libraries and payloads, unifying their exposure through the Caldera Adversary Emulation framework.

Build From Source

Source Code Structure

Build System Configuration

ItemWindows binaryLinux binarymacOS binary
OS ver.Windows 10 v21H2Ubuntu 22.04.3 LTSVentura
compilerGNU 13.1.0 (MinGW UCRT64)GNU 11.4.0AppleClang 15.0.0.15000100
CMake ver.3.27.43.22.13.28.0
binary nameiec61850_actions.exeiec61850_actionsiec61850_actions_darwin

Step-by-Step Instructions

  1. Clone repository:
git clone https://github.com/mitre/iec61850-payloads.git
  1. Build the source using CMake:
# from the iec61850-payloads directory
mkdir build && cd build
cmake ..
cmake --build .

This will build the payload and its dependent libraries, placing the final binary in the build/bin directory.

Offline Builds

The normal build instructions above will fetch the required dependencies during the configuration process. If this is not possible or not desired, the dependencies can be manually copied to the third_party/ directory using these steps:

  1. Retrieve the libiec61850 version 1.5.1 source code:
  1. (Optional) Add optional libiec61850 dependencies (more information in the library documentation). No optional dependencies are required to build the plugin payloads
  2. Retrieve the argtable3 version 3.2.2 source code:
  1. Build the source using CMake:
# from the iec61850-payloads directory
mkdir build && cd build
cd build
cmake -DBUILD_LOCAL=ON ..
cmake --build .

Windows Build Environment

The recommended Windows build environment is MSYS2 UCRT64, which uses the gcc toolchain. Test builds using the Microsoft Visual C++ (MSVC) compiler have not been successful due to issues in the CMake setup of libiec61850.

Adding Custom Functionality

The application code in app/app.c contains the set_custom_connection() function to customize the connection settings used throughout the plugin. If your application requires a unique setup (such as a password to connect to the server), this is likely the right place to make the necessary changes.

There are several ways this source could be modified to add more complex functionality. The recommended method would be to create a new C file in the app/ directory. From the new file, use the API created by the src/client.h header to write your new code. Add your new code as a target in the CMake file app/CMakeLists.txt and build, following the steps above.

Testing

libiec61850 includes a number of test servers that have been the primary testing targets during development. During the build process, the test server binaries will be saved to the build/bin/examples/ directory. Most of the actions in the payload can be executed against the server_example_basic_io server. The test/ directory contains a Python integration test script that will automate the testing of the compiled binary against these test servers.

Usage

The iec61850_actions executable supports the following general usage:

iec61850_actions [--help] <command> [<args>]...

Use iec61850_actions --help to get started