Tag: KNX

Breaking
by Niklaus Schiess

KNXmap: A KNXnet/IP Scanning and Auditing Tool

Users of the KNX, a standard for home automation bus systems, may already have come across KNXnet/IP (also known as EIBnet/IP): It is an extension for KNX that defines Ethernet as a communication medium for KNX which allows communication with KNX buses over IP driven networks. Additionally, it enables one to couple multiple bus installations over IP gateways, or so called KNXnet/IP gateways.

In the course of some KNX related research we’ve had access to various KNXnet/IP gateways from different vendors, most of them coupled in a lab setup for testing purposes. The typical tools used for such tasks are ETS, the professional software developed by the creators of KNX (proprietary, test licenses available) and eibd, an open source implementation of the KNX standard developed by the TU Vienna.

Continue reading “KNXmap: A KNXnet/IP Scanning and Auditing Tool”

Continue reading
Breaking
by Niklaus Schiess

KNX Support for Nmap

Hi folks,

our home automation research, especially with KNX, is still in progress. As part of this research we’ve implemented various tools to easy the process of identifying and enumerating KNX devices, in both IP driven networks and on the bus.

Lately we’ve written two Nmap NSE scripts to discover KNXnet/IP gateways. These allow everyone to discover such gateways in local and remote networks and print some useful information about them. One of them follows the specification to discover gateways by sending multicast packets, where all devices on the network must respond to. Due to the specification of KNXnet/IP this process is rather non-invasive because only a single UDP packet is needed to discover multiple gateways. The other script allows to identify gateways via unicast connections by a slightly different message type, which allows discovery over e.g. the Internet.

The scripts are now publicly available and will (hopefully) be included in Nmap soon.

Currently we are working on a tool which allows to enumerate KNX devices on the bus either from an IP driven network over a KNXnet/IP gateway or directly on the bus. Additionally information about the discovered devices included in the bus system will be extracted, e.g. what kind of device it is a sensor or an actuator.

It is planned to be released soon, so stay tuned 😉

Continue reading