Skip to content
Carlos Alatorre edited this page Aug 7, 2025 · 7 revisions

Welcome to the flipper-rs485modbus wiki!

This plugin includes features to work with Modbus RTU networks. Now you can interact with industrial networks using the pocket-size device Flipper Zero, basic tasks like sniffing and injection are available, making easier to perform activities like analysis, error detection, and configuration of new peripherals to the network.

Requirements

  • Electronic Cats Flipper Addon "Modbus"
  • Unleashed Firmware Installed on Flipper (Tested on unlshd-071e) image

Installation steps

  1. Go to the release section of this GitHub repository and download the latest .fap file.

  2. Connect your Flipper to either qFlipper, Flipper Lab, or the Flipper mobile app (if Experimental Options are enabled).

  3. Using the File Manager system navigate to the Apps Folder.

  4. Upload the .fap file to the path you prefer. It is recommended to create a new folder or use an existing folder as the “Misc” folder.

Done! The app should now appear in your Flipper's installation path.

Installation workflow examples

Below, you can find videos on the workflow to install any of the apps developed by Electronic Cats, including the one from this repository. Each video shows the workflow for all the possible alternatives to install the app, use the more convenient for you!

Note

AS INDICATED IN THE ABOVE INSTRUCTIONS, IT IS NOT MANDATORY TO STORE THE APPS IN AN SPECIFIC FOLDER, YOU CAN STORE THE APPS IN WHICHEVER FOLDER YOU WANT OR CREATE AND NAME A NEW ONE AS LONG AS IT IS IN THE APPS FOLDER.

qFlipper

qFlipper.mp4

Flipper Lab

Flipper.Lab.mp4

Flipper Mobile App

Flipper_Mobile_App_Install.mp4

Menus description

Main Menu

Main1 Main2

Select what you wanna do by clicking one of the options on the screen

  • Settings (Change general configurations)
  • Sniffer (Watch data traveling trought the Bus)
  • Sender (Send a packet request to any peripheral on the network)
  • Read LOG (Open and read a previous sniffing sesion stored in the SD)
  • About (See general information of the plugin)

Settings Menu

UartSettings AdditionalSettings
  • Baudrate (bits transmitted per second)
  • Data size (Character size in bits)
  • Stop bits (Number of bits indicating the end of the character)
  • Parity (Flag indicating if the set bits number is odd or even, none also is a valid value)
  • TimeOut (Maximum amount of time to wait a response packet)
  • OutputFormat ("Hex" format displays hexadecimal values and "Default" in a conventional way)
  • SaveLOG? (Stores all sniffed data in a LOG file, if it's enabled)

A succesfull comunication between flipper and Modbus will depend on these parameters, you must know how are they configured in the target Modbus network, wrong configurations will result in a data loss.

Sender Menu

SenderMenu
  • Manual Sender (Build a packet manually and send it)
  • Buffer Sender (A list with the most recent master sniffed requests, open any of them, modify it and send it)

Read LOG

OpeningLOG

Browse in your files, look for a LOG file and read it.

About

Shows general information about this cool plugin

How to build a packet manually and send it

1. Click on Sender

OpeningLOG

2. Open the Manual Sender

OpeningLOG

3. Build the packet

  • Peripheral ID: Change the peripheral target by clicking the right or left button, also you can click the center button and enter the value in the Hexadecimal format, maximum value is 32 or 0x20.

OpeningLOG OpeningLOG

  • Function: Hexadecimal input is disbaled in this field. Supported values are:

    • Read Coils (0x01)
    • Read Discrete Inputs (0x02)
    • Read Holding Registers (0x03)
    • Read Input Registers (0x04)
    • Write Single Coil (0x05)
    • Write Single Register(0x06)
    • Write Multiple Coils (0x0F)
    • Write Multiple Registers (0x10)
  • Start address: Choose the start address of coils or registers that you want to read or write. Hexadecimal input available in this field.

OpeningLOG
  • Additional fields: The following fields of the packet are variable depending on the selected function, fields like byte count, quantity, value, byte and register may appear. Byte count is the unique field that can not be modified, the other fields can be modified using the buttons or the hexadecimal input.

OpeningLOG OpeningLOG OpeningLOG OpeningLOG

See the oficial Modbus documentation to learn more about the fields of a request packet in https://modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf, special attention on Function codes descriptions

4. Send the packet

Once the packet is complete, send it by clicking the "Send packet" button, this action change automatically the scene to the output console where you can see the peripheral response.

OpeningLOG OpeningLOG

In the right picture you can see the response, this response includes function, peripheral ID, byte count and the 4 values requested by the hub. See https://modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf to learn more about response structures.