S7 Comm Plus (0x72)
The S7 Comm Plus protocol is a new version of the original S7 Comm protocol.
While a S7 Comm packet is identified, by the magic byte 0x32, the S7 Comm Plus packet uses the magic byte 0x72.
The End of a packet is indicated by a frame end sequence of 6 bytes: 00 00 72 01 00 00
The general structure of the protocols content however is completely different and far less documented.
The biggest source for getting started in implementing this protocol was the Master Thesis of Maik Brüggemann.
However this only covered the basic structure of a S7 Comm Plus packet and it seems that this information is not quite correct as many assumptions hav turned out to not be correct.
Beyond that, it seems that implementing this protocol would require knowledge of some shared keys which are contained in the bytecode of the PLCs as well as the official drivers. As we can’t reverse-engineer these keys, the only way we could get them, would be by disassembling the existing code, which would not be allowed.
Therefore we have currently stopped working on this protocol type. Probably things may change in the future, but for now we see no way we could finish this on a legally correct path.