# Industrial Network 2 writeup
# Our problem in short:

Master req. = 09 0F 00 00 00 05 01 1F 2F 38
- Change slave id to 04
- Set first output to high (1) and remaining to low (0)
- The answer is not in the regular flag format (Uppercase hex with space delimeter between bytes)

# Let's begin!

So first of all I used https://www.modbustools.com/modbus.html
as a reference for protocol format

Format tells us important info about frame:

09 - **Slave id**

0F - **Write multiple coils function**

00 00 - **Offset of first slave**

00 05 - **How many coils we wanna write**

01 - **Size of our data**

1F - **0 0 0 1 1 1 1 1 in binary which means all coils we wanted to write are set to high**

2F 38 - **CRC checksum**

Problem tells us to change slave id to 04 so:

**09** -> **04**

And first output to high (1) and remaining to low (0) so:

**1F [0 0 0 1 1 1 1 1]** -> **01 [0 0 0 0 0 0 0 1]**

And recalculated crc like this:

**2F 38** -> **6E A9**

So finally we have this request:

04 - **Slave id**

0F - **Write multiple coils function**

00 00 - **Offset of first slave**

00 05 - **How many coils we wanna write**

01 - **Size of our data**

01 - **0 0 0 0 0 0 0 1 setting first output to high and rest to low**

6E A9 - **crc**

Submit `04 0F 00 00 00 05 01 01 6E A9` and get your points now!