硬加密报⽂格式及分析V1.1
⼀、报⽂格式
新的安全防护⽅案在现有的101报⽂和104报⽂的基础上,增加信息安全协议层报⽂,信息安全协议层报⽂格式如下:
报⽂类型定义:⾼8位(D15~D8)全部为0,备⽤;低8位定义如下:
虎门销烟教学设计应⽤数据区:
大闹怀仁堂
业务报⽂介绍主要体现应⽤类型+应⽤类型+信息安全区部分。
⼆、认证流程
报⽂格式分别对应2.2中1)、2)、3)、4)。
a).主站对终端发送认证请求0x50
EB 00 0D EB 00 01 50 00 08 05 9F 3F B9 C0 BB 0C 7C F8 D7
【注】:终端需要保存主站随机数。
EB 00 4E EB 00 00 51 00 49 2C D4 85 4B 7F 9D 69 6D 67 DB 15 2D C7 0E D3 44 C4 14 90 E4 A0 A3 74 05 2B 7A DD D9 2D 44 EF F5 86 49 40 4A A2 B9 6D 20 63 F1 34 0E 8E 4E 07 81 02 85 7E F5 CE CA FC 51 DD 63 74 D3 91 0B 89 AC 5B 9C 52 A0 13 F3 9E 6F 01 F3 D7
c).主站对终端认证请求的响应0x52
EB 00 46 EB 00 01 52 00 41 5B AB 5A 80 56 CD AF F5 7C FD 75 7F 70 55 0C 5E D5 82 AA A5 88 30 87 1C 7B 74 34 68 CA F5 67
50 08 B0 EF 11 2E 37 05 E9 62 1C EC 5E 3C AF 55 9A 47 C8 33
B7 B1 D8 BA FB AD 48 72 35 42 95 70 F4 01 95 D7
d).终端向主站返回认证结果0x53
EB 00 07 EB 00 00 53 00 02 90 00 E5 D7
【注】成功:0x90 00;失败:0x90 90
e).主站获取终端芯⽚序列号0x54
EB 00 05 EB 00 01 54 00 00 55 D7
f).终端返回芯⽚序列号0x55
EB 00 0D EB 00 00 55 00 08 01 10 2C 00 00 00 00 F5 8F D7
g).主站获取终端密钥版本0x60
EB 00 05 EB 00 01 60 00 00 61 D7
h).终端返回终端密钥版本0x61
EB 00 0E EB 00 00 61 00 09 12 B1 41 25 C0 30 9B 3E 98 F4 D7 【注】0x12表⽰版本号.0表⽰测试状态;⼤于0表⽰正式状态。
三、业务报⽂(104)
3.1、初始化
a).主站→启动传输
EB 00 0C EB 00 01 00 06 68 04 07 00 00 00 00 00 7A D7
哭泣的森林b).终端→启动传输确认
EB 00 0C EB 00 00 00 06 68 04 0B 00 00 00 00 00 7D D7
c).终端→初始化结束
00 10 68 0E 00 00 00 00 46 01 04 00 01 00 00 00 00 00 00 00 【注】00:应⽤类型,主站发的报⽂,不加密;
10:104报⽂长度;
00 00:信息安全扩展区报⽂长度
3.2、总召唤
a).主站→总召激活
00 10 68 0E 00 00 02 00 64 01 06 00 01 00 00 00 00 14 00 00
b).终端->总召激活确认
00 10 68 0E 02 00 02 00 64 01 07 00 01 00 00 00 00 14 00 00
c).终端->上送全遥测
00 50 68 4E 04 00 02 00 0D 8D 14 00 01 00 01 40 00 66 E6 F6 42 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00
sdh传输
d).终端->上送全遥信
00 23 68 21 06 00 02 00 01 94 14 00 01 00 01 00 00 01 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 01 00 00 00
e).终端->总召激活终⽌
00 10 68 0E 08 00 02 00 64 01 0A 00 01 00 00 00 00 14 00 00
3.3、对时
a).主站->时钟同步激活
00 16 68 14 02 00 0A 00 67 01 06 00 01 00 00 00 00 04 86 10
0C 13 06 11 00 00
b).终端->时钟同步激活确认
00 16 68 14 0A 00 04 00 67 01 07 00 01 00 00 00 00 04 86 10 0C 13 06 11 00 00
3.4、电能量召唤
a).主站->电能量数据召唤激活
00 10 68 0E 04 00 0C 00 65 01 06 00 01 00 00 00 00 05 00 00
b).终端->电能量数据召唤激活确认
00 10 68 0E 0C 00 06 00 65 01 07 00 01 00 00 00 00 05 00 00
c).终端->电能量数据传输
00 C0 68 BE 0E 00 06 00 CF 0C 25 00 01 00 01 64 00 00 00 00 00 00 00 00 00 00 81 01 46 02 64 00 00 00 00 00 00 00 00 00 00 81 01 46 03 64 00 00 00 00 00 00 00 00 00 00 81 01 46 04 64 00 00 00 00 00 00 00 00 00 00 81 01 46 05 64 00 00 00 00 00 00 00 00 00 00 81 01 46 06 64 00 00 00 00 00 00 00 00 00 00 81 01 46 07 64 00 00 00 00 00 00 00 00 00 00 81 01 46 08 64 00 00 00 00 00 00 00 00 00 00 81 01 46 09 64 00 00 00 00 00 00 00 00 00 00 81 01 46 0A 64 00 00 00 00 00 00 00 00
00 00 81 01 46 0B 64 00 00 00 00 00 00 00 00 00 00 81 01 46 0C 64 00 00 00 00 00 00 00 00 00 00 81 01 46 00 00
d).终端→电能量数据传输激活终⽌
00 10 68 0E 14 00 06 00 65 01 0A 01 01 00 00 00 00 05 00 00
3.5、遥测和遥信
水乡茶居
a).终端→上送变化遥测
00 14 68 12 16 00 06 00 0D 01 03 00 01 00 01 40 00 00 E4 40 46 30 00 00
b).终端→上送变化遥信(SOE)
00 17 68 15 18 00 06 00 1E 01 03 00 01 00 01 00 00 00 67 59 13 0C 33 06 11 00 00
00 17 68 15 1A 00 06 00 1E 01 03 00 01 00 01 00 00 01 E1 60 13 0C 33 06 11 00 00
3.6、故障事件
a).终端→故障事件突发上送
00 51 68 4C 16 00 06 00 2A 01 03 00 01 00 02 01 01 00 01 18 0A 2C 0D 33 06 11 0C 00 00 18 0A 2C 0D 33 06 11 07 0D
01 40 00 00 00 00 02 40 A6 9B 44 3C 03 40 6F 12 83 3B 04 40 00 00 00 00 05 40 00 00 00 00 06 40 00 00 00 00 07 40 00 00 00 00 00 00
3.7、遥控
a).主站→遥控预置激活
05 10 68 0E 06 00 1C 00 2D 01 06 00 01 00 03 60 00 81 00 47 11 06 13 0C 14 10 9E 08 44 4A 0E 36 C1 BE 9B D0 FC F5 28 2D AE 09 B2 E5 57 9C 63 00 0A A9 56 B8 2F 2C 52 90 7B B9 BF 57 73 A8 90 10 D0 7A 65 3F 78 CD 58 0D DB 29 D5
04 4C A8 8E 75 57 55 21 78 8A F1 6E BA F7 1A 01
b).终端→遥控预置激活确认
02 10 68 0E 1C 00 08 00 2D 01 07 00 01 00 03 60 00 81 00 08 70 17 DA 56 68 92 7A 80
c).主站→遥控执⾏激活
07 10 68 0E 08 00 1E 00 2D 01 06 00 01 00 03 60 00 01 00 4F 11 06 13 0C 14 13 70 17 DA 56 68 92 7A 80 49 31 C0 1C 2B
DD 09 6D A7 E0 E3 D1 42 4F 31 B5 F4 81 B8 59 13 DB F1 E9 F8 7F BA CC FC EC 92 4C 8E D7 FF 8D 21 AF 93 4E 1A AE 4C D3 D1 AB 81 D1 35 07 7A 21 92 AA 72 7F 10 63 1F 2F F2 96 71 62 01
d).终端→遥控执⾏激活确认
00 10 68 0E 1E 00 0A 00 2D 01 07 00 01 00 03 60 00 01 00 00
e).终端→遥控执⾏激活终⽌
00 10 68 0E 20 00 0A 00 2D 01 0A 00 01 00 03 60 00 01 00 00
3.8、参数
a).主站→读取定值区激活
00 11 68 0F 0E 00 26 00 C9 01 06 00 01 00 00 00 00 00 16 00
00
b).终端→读取定值区激活确认
00 1A 68 18 26 00 10 00 C9 01 07 00 01 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00
c).主站→切换定值区激活
01 13 68 11 10 00 28 00 C8 01 06 00 01 00 00 00 00 01 00 09 16 00 41 90 DC D9 00 70 C8 5C 4C CA B2 F0 07 06 85 90 9D E9 2E 52 20 F4 E7 FA B3 9A CD C4 BC AC 65 2C A8 F9 1B C7 BA 06 81 AD 04 C5 B0 1D 1F 8B 49 A3 3B D6 61 15
99 0A 96 A9 3A 99 9F B7 17 8D BE A5 C1 01
d).终端→切换定值区激活确认
00 11 68 0F 28 00 12 00 C8 01 07 00 01 00 00 00 00 01 00 00 00
e).主站→读参数
00 FD 68 FB 18 00 30 00 CA 4F 06 00 01 00 00 00 20 82 00 21 82 00 22 82 00 23 82 00 24 82 00 25 82 00 26 82 00 27 82 00 28 82 00 29 82 00 2A 82 00 2B 82 00 2C 82 00 2D 82 00 2E 82 00 2F 82 00 30 82 00 31 82 00 32 82 00 33 82 00 34 82 00 35 82 00 36 82 00 37 82 00 38 82 00 39 82 00 3A 82 00 3B 82 00 3C 82 00 3D 82 00 3E 82 00 3F 82 00 40 82 00 41 82 00 42 82 00 43 82 00 44 82 00 45 82 00 46 82 00 47 82 00 48 82 00 49 82 00 4A 82 00 4B 82 00 4C 82 00 4D 82 00 4E 82 00 4F 82 00 50 82 00 51 82 00 52 82 00 53 82 00 54 82 00 55 82 00 56 82 00 57 82 00 58 82 00 59 82 00 5A 82 00 5B 82 00 5C 82 00 5D 82 00 5E 82 00 5F 82 00 60 82 00 61 82 00 62 82 00 63 82 00 64 82 00 65 82 00 66 82 00 67 82 00 68 82
00 69 82 00 6A 82 00 6B 82 00 6C 82 00 6D 82 00 6E 82 00 00 16 00 00
f).终端→读参数激活确认
00 F0 68 EE 30 00 1A 00 CA 1B 07 00 01 00 00 00 00 20 82 00
01 01 01 21 82 00 23 04 02 00 00 00 22 82 00 23 04 78 00 00 00 23 82 00 01 01 01 24 82 00 23 04 00 00 00 00 25 82 00 23 04 00 00 00 00 26 82 00 23 04 00 00 00 00 27 82 00 23 04 00 00 00 00 28 82 00 23 04 00 00 00 00 29 82 00 23 04 00 00 00 00 2A 82 00 01 01 01 2B 82 00 01 01 01 2C 82 00 01 01 00 2D 82 00 23 04 D0 07 00 00 2E 82 00 01 01 00 2F 82 00 26 04 00 00 00 00 30 82 00 26 04 00 00 00 00 31 82 00 26 04 00 00 00 00 32 82 00 26 04 00 00 00 00 33 82 00 26 04 00 00 00 00 34 82 00 26 04 00 00 00 00 35 82 00 26 04 00 00 00 00 36 82 00 26 04 00 00 00 00 37 82 00 26 04 00 00 00 00 38 82 00 26 04
00 00 00 00 39 82 00 26 04 00 00 00 00 3A 82 00 26 04 00 00 00 00 00 00
g).主站→参数预置激活
01 18 68 16 22 00 3E 00 CB 01 06 00 01 00 00 00 80 43 82 00 26 04 00 00 A0 40 00 41 A3 40 07 26 16 B6 8A A1 4D E9 AF 8C FD 04 55 B0 6C CA 8D EF D8 16 9F 40 4A B1 42 E4 93 A6 22 8C B0
0B A6 01 70 F6 B6 6B FA 0A 9F E7 90 BB 0C 5C F9 F0 3C 52 F2 9A 3E D4 73 B6 58 D6 3B E4 F2 A8 01
h).终端→参数预置激活确认
02 18 68 16 3E 00 24 00 CB 01 07 00 01 00 00 00 80 43 82 00 26 04 00 00 A0 40 00 08 5B 4C 48 A3 09 95 8A 4A
i).主站→参数固化激活
03 0F 68 0D 24 00 40 00 CB 01 06 00 01 00 00 00 00 00 49 5B 4C 48 A3 09 95 8A 4A C1 5D A0 44 98 62 3D 1C 56 55 94 74 5E 98 3C 06 1B 1A A3 70 F6 A0 BB 96 FA 38 0C 40 BC 75 C4 CA 69 2E B7 90 55 72 37 15 8B 2D CC F9 B2 B9 4F B7 CF 1E 18 57 AA 6F C6 B8 92 84 83 86 FB 96 80 15 01
j).终端→参数固化激活确认
00 0F 68 0D 40 00 26 00 CB 00 07 00 01 00 00 00 00 00 00
3.9、召唤历史数据
a).主站→⽬录召唤请求
00 31 68 2B 2B 68 53 01 00 D2 01 05 00 01 00 00 00 02 01 05 68 00 00 0A 48 49 53 54 4F 52 59 2F 43 4F 00 00 00 00 08
81 01 E2 00 00 00 08 81 01 E2 72 16 00 00
b).终端→⽬录召唤确认
00 2D 68 27 27 68 D3 01 00 D2 01 05 00 01 00 00 00 02 02 00 05 68 00 00 00 01 06 63 6F 2E 78 6D 6C 00 C8 08 00 00 D0
84 29 0D 13 06 11 FA 16 00 00
c).主站→读⽂件激活
00 1A 68 14 14 68 73 01 00 D2 01 06 00 01 00 00 00 02 03 06 63 6F 2E 78 6D 6C AA 16 00 00
d).终端→读⽂件激活确认
00 23 68 1D 1D 68 F3 01 00 D2 01 07 00 01 00 00 00 02 04 00 06 63 6F 2E 78 6D 6C 01 00 00 00
C8 08 00 00 FD 16 00 00
e).终端→读⽂件数据传输
00 E5 68 DF DF 68 D3 01 00 D2 01 05 00 01 00 00 00 02 05 01 00 00 00 00 00 00 00 01 3C 3F 78 6D 6C 20 76 65 72 73 69 6F 6E 3D 22 31 2E 30 22 20 65 6E 63 6F 64 69 6E 67 3D 22 55 54 46 2D 38 22 3F 3E 0D 0A 3C 44 61 74 61 46 69 6C 65 3E 0D 0A 09 3C 48 65 61 64 65 72 20 66 69 6C 65 54 79 70 65 3D 22 43 4F 22 20 66 69 6C 65 56 65 72 3D 22 31 2E 30 30 22 20 64 65 76 4E 61 6D 65 3D 22 43 53 43 2D 32 37 31 46 22 20 2F 3E 0D 0A 09 3C 44 61 74 61 52 65 63 20 6E 75 6D
3D 22 33 32 22 3E 0D 0A 09 09 3C 44 49 20 69 6F 61 3D 22 32 34 35 37 37 22 20 74 6D 3D 22 31 37 30 36 31 39 5F 31 33 33 32 32 31 5F 35 37 33 22 20 63 6D 64 3D 22 63 61 6E 63 65 6C 22 20 76 61 6C 3D 22 31 22 20 2F 3E 0D 0A F1 98 16
00 00
f).主站→读⽂件数据传输确认
00 1C 68 16 16 68 53 01 00 D2 01 05 00 01 00 00 00 02 06 01 00 00 00 00 00 00 00 00 36 16 00 00
3.10、软件升级
a).主站→软件升级启动激活
01 10 68 0E 3C 00 5C 00 D3 00 06 00 01 00 00 00 00 80 00 41 64 89 CE 18 31 A5 9B 44 02 80 35 88 62 AD 43 4E 82 2C E4 87 6E B6 AB F5 C5 B5 CD C0 C2 B5 AB 70 99 B6 53 7B 90 CD A8 EC 2C E6 55 C2 AC 29 7E D8 2C D6 4E 9A 0C BE
一面五星红旗教学设计97 0E 6D C7 E6 A5 86 64 77 59 01
b).终端→软件升级启动激活确认
02 10 68 0E 5C 00 3E 00 D3 00 07 00 01 00 00 00 00 80 00 08 1C 00 B8 66 74 38 E6 11
c).主站→写⽂件激活
01 22 68 20 3E 00 5E 00 D2 01 06 00 01 00 00 00 00 02 07 08 70 61 72 61 2E 74 78 74 00 00 00 00 51 01 00 00 00 414E 00 40 B5 76 33 C8 20 A6 C9 85 9B 0E BC E9 F6 7C 95 E2 EC 94 A2 58 94 79 3C 08 24 0A 0C 4D 70 04 65 F2 03 8B E2
A2 C3 A0 A5 63 65 E9 81 47 63 FD 11 1E CD 5E FC 06 0E A3 E2 FD A8 77 52 C0 08 01
d).终端→写⽂件激活确认
00 23 68 21 5E 00 40 00 D2 01 07 00 01 00 00 00 00 02 08 00 08 70 61 72 61 2E 74 78 74 00 00 00 00 51 01 00 00 00 00
e).主站→写⽂件数据传输
00 F7 68 F5 40 00 60 00 D2 01 05 00 01 00 00 00 00 02 09 00 00 00 00 00 00 00 00 01 EF BB BF 31 09 33 32 37 36 39 09 E7 BB 88 E7 AB AF E7 B1 BB E5 9E 8B 09 E3 80 80 0D 0A 32 09 33 32 37 37 30 20 20 20 E7 BB 88 E7 AB AF E6 93 8D