S-Clustr-DSL 1.3.7

A simple DSL for S-Clustr

S-Clustr (Shadow Cluster) Simple

Game Air Battle

This is a game plugin that maps the game visuals to real-world lighting, allowing for malicious control to complete the game.

Start the game server:

$ python3 game.py

Start the floor simulation client (if you are connecting to real devices, it must be a 5-column by 6-row building), input and connect to the shadow cluster server.

$ python3 scctest.py

Start the shadow cluster client and connect to the game server:

python3 S-Clustr_Client.py
set rhost 192.168.0.109
set key 038c97dac0397d783c078df6b6b07efb
game 192.168.0.104 10011

After successfully connecting to the game server, the device will synchronize your game visuals in real time...
Perhaps playing this game on a displayed building would be even more fun...

Pseudo-compiler

1. Write the pseudocode into the input box and compile it; a clustr package will be generated in the ./sccopt directory.

2. Start the S-Clustr client and use the load command to execute the automation package. Example: load <key> <Path>

Type	Controlled Device	Wired	Wireless	4G	Security Encryption	Protocol
Embedded	Arduino	√	×	√	×	TCP/IP
Embedded	Ai-Thinker AIR780E	×	×	√	×	TCP/IP
Embedded	ESP8266	×	√	×	×	TCP/IP
Embedded	AT89C51	×	×	√	×	TCP/IP
Embedded	STM32[103fc6t6]	×	×	√	×	TCP/IP
PLC	SIEMENS S7-1200	√	×	×	√	TCP/IP
PLC	SIEMENS S7-200	√	×	×	√	TCP/IP

Controlled PC Platform	Protocol	Security Encryption
Windows	TCP/IP	Optional
Linux	TCP/IP	Optional
Mac OS	TCP/IP	Optional

Server Files	Description
S-Clustr_Server	Server
S-Clustr_Client	Attacker Client
DebugDevice	Simulates embedded device connecting to server
Generate	One-click generation of embedded device programs
Testpc	Windows host connecting to server
blacklist.conf	Blacklist, marks IP groups that are prohibited from connecting
Server.conf	Configuration parameters for the server
Version.conf	Version information
Linux_Installer.sh	Linux environment dependency installer
Windows_Installer.bat	Windows environment dependency installer
Parameter_Description-EN.xls	[English] Description of parameters in Server.conf
Parameter_Description-ZH.xls	[Chinese] Description of parameters in Server.conf

S-Clustr Embedded Device Side

Arduino

Wired LAN Control

Prepare Materials

1. Arduino UNO

2. ENC28J60

3. 1-channel Relay Module 5V

4. Dupont Wires

Wiring Diagram

4G Wireless Public Network Control

Prepare Materials

1. Arduino UNO

2. SIM900A or SIM800A

3. 1-channel Relay Module 5V

4. Dupont Wires (Female to Female)

5. Mobile SIM Card

Mobile SIM is required because SIM800A and SIM900A support only 2G networks from Mobile, not Telecom or Unicom... However, the Airm2m AIR780e module should work with Unicom, so SIM series may not be needed as it is internally integrated.

Wiring Diagram

Simulates controlling relay behavior upon receiving signal from Arduino.

Don’t know how to code?... Use Generate.py to generate Arduino code.

ESP8266 (WIFI LAN Control)

Prepare Materials

1. ESP8266

2. 1-channel Relay Module 5V

3. Dupont Wires

Wiring Diagram

AIR780E (4G Wireless Public Network Control) [Recommended]

Notes

1. This development board has been tested and indeed is faster and more stable than the SIM series.
2. Install Luatools: For programming. [https://doc.openluat.com/wiki/37?wiki_page_id=4489]

Prepare Materials

1. Air780e Development Board

There is a SIM card slot on the back.

2. 1-channel Relay Module 5V

3. Dupont Wires

Wiring Diagram

Programming

Import the generated file into Luatools.

Select the core, provided in our Output\AIR780E\LuatOS-SoC_V1103_EC618.soc.

Complete the programming according to the prompts. Note the three buttons on the board: Start, Reset, BOOT.

AT89C51

Prepare Materials

1. 51 Microcontroller Minimal System Development Board with CH340 Downloader

2. 1-channel Relay Module 5V

3. Dupont Wires (Female to Female)

4. SIM900A or SIM800A

5. Mobile SIM Card

Wiring Diagram

Generate一键生成烧录代码

Generate One-Click Programming Code

Run the command:

python3 Generate.py

Fill in the parameters. Note that 127.0.0.1 is incorrect; you should enter the public IP address of the server, which is the IP of the machine running S-Clustr_Server.py.

The output programming code will be located in the directory .\Device\Output\Model.

S-Clustr Server

Note:

1. The server must be on a public network. If your server is on a private network, you can consider port forwarding. The hacker's service defaults to port 9999, and the device service defaults to port 10000.
2. The server and hacker client communicate with full encryption throughout. Encryption services are mandatory and cannot be disabled. Additionally, you can configure in the Server.conf file whether to provide encryption services when embedded devices or controlled PCs connect.
3. For parameters in the Server.conf file that you do not understand, please refer to the detailed manual documentation.
4. Each time the server starts, it generates a random 12-character key for authentication between the hacker and the controlled device to prevent unauthorized access by other hackers. You can manually specify the key (python3 S-Clustr_Server.py -keyh Maptnh -keyv Maptnh). Here, there are two keys for both the hacker and the controlled device: the first is a plaintext key, and if you find it too sensitive, you can use the subsequent temporary TOKEN as a key, which effectively prevents plaintext key exposure.

In this parameter, setting it to 1 enables encryption services for the controlled device, requiring the device to provide an authentication key for access; otherwise, access will be denied.

5. This setup effectively prevents man-in-the-middle (MITM) sniffing of communication packets between the hacker client and the server, further preventing replay attacks and decryption of encrypted data.

Server Script Parameters

-lh: Bind to a specified local IP address, default is 0.0.0.0 -lpv: Set the local listening address for the device side, default port is 10000 -lph: Set the local listening address for the hacker side, default port is 9999 -keyh: Set the hacker side key, default is a randomly generated 12-character key -keyv: Set the device side key, default is a randomly generated 12-character key

Running the Server

python3 S-Clustr_Server.py

S-Clustr Hacker Client

Note: The client operates interactively, similar to the Metasploit penetration testing framework.

Hacker Client Script Parameters

After entering, type help or ? or options to view the required settings: set rhosts <IP>: Set the IP address of the server set rport <Port>: Set the port of the server set id <number>: Select the ID number of the device to control, 0 means select all devices set pwr <state>: Control device status: Start [1], Stop [2], Query status [3]

Connecting the Hacker Client to the Server

python3 S-Clustr_Client.py

Query the current status of all devices

S-Clustr(V1.0.0)> set rhost 127.0.0.1
[*] rhost => 127.0.0.1
S-Clustr(V1.0.0)> set id 0
[*] id => 0
S-Clustr(V1.0.0)> set pwr 3
[*] pwr => 3

PS: You must provide the Key here, which determines whether you have permission to access the server. You can choose any key from the server.

S-Clustr(V1.0.0)> set key cf5cdc4798a72283a4c0c0b1ef2ef5da
[*] key => cf5cdc4798a72283a4c0c0b1ef2ef5da

Querying the Status of All Devices

S-Clustr(V1.0.0)> set id 0
[*] id => 0
S-Clustr(V1.0.0)> set pwr 3
[*] pwr => 3
S-Clustr(V1.0.0)> run
[*] Connecting to the server...
[*] Attempting to authenticate to the server [127.0.0.1:9999]
|   Device ID   |  Device Type  | Device State | Device Network |
|:-------------:|:-------------:|:-------------:|:---------------:|
|       1        |      None      |    Stopped     |   Disconnected   |
|       2        |      None      |    Stopped     |   Disconnected   |
|       3        |      None      |    Stopped     |   Disconnected   |
|       4        |      None      |    Stopped     |   Disconnected   |
|       5        |      None      |    Stopped     |   Disconnected   |
|       6        |      None      |    Stopped     |   Disconnected   |
|       7        |      None      |    Stopped     |   Disconnected   |
|       8        |      None      |    Stopped     |   Disconnected   |
|       9        |      None      |    Stopped     |   Disconnected   |
|       10       |      None      |    Stopped     |   Disconnected   |
|:-------------:|:-------------:|:-------------:|:---------------:|

We can see that the connection to the server was successful, and authentication was successful.

If we set an incorrect Key, the server will not authorize you.

Simulating controlled devices connecting to the server and controlling all devices through the hacker client.

All devices are online.

Starting All Devices

S-Clustr(V1.0.0)> set id 0
[*] id => 0
S-Clustr(V1.0.0)> set pwr 1
[*] pwr => 1
S-Clustr(V1.0.0)> run

Stopping All Devices

S-Clustr(V1.0.0)> set id 0
[*] id => 0
S-Clustr(V1.0.0)> set pwr 2
[*] pwr => 2
S-Clustr(V1.0.0)> run

Case Study: Controlled Device Accesses www.bing.com and Opens Calculator

Scenario:

After receiving the command, the controlled device should:

1. Access the website www.bing.com.
2. Open the calculator application.

1. Input the Controlled Device Key

Ensure that the correct key is entered for the controlled device.

2. Successful Connection

The device is successfully connected, and the hacker client has recognized it.

3. Controlling the Device

The hacker client successfully queries the device and performs the desired actions.

4. Manual Documents

For more information and detailed configuration parameters, refer to the following documents:

• Parameter_Description-ZH.xls: Chinese version of the parameter description.

  

• Parameter_Description-EN.xls: English version of the parameter description.