bikin lab ot/ics sendiri pakai raspi 5 dan esp32

EN

19 Maret 2026 ยท 4 menit baca

bikin lab ot/ics sendiri pakai raspi 5 dan esp32

touch-ot logo

udah lama gak pegang microcontroller, terakhir 2021.

sekarang butuh test environment buat scanner yang detect perangkat ot/ics di network, tapi perangkat ot asli mahal.

jadi gw simulasiin pakai raspi 5 + esp32.

raspi jadi multi-protocol ot server, esp32 jadi iot device beneran dengan sensor dan aktuator.

habis 314k buat esp32 + komponen, raspi udah punya.

esp32 dan w5500 ethernet terhubung dengan jumper wire di meja kerja

belanja

dari cnc store bandung:

barangqtyharga
esp32 devkitc v4 wroom-32d + micro usb181k
w5500 ethernet lan tcp/ip module165k
relay module 5v 4ch 30a optocoupler1110k
dht22 am2302 sensor suhu & kelembaban122k
lcd 1602 i2c green backlight127k
led rgb 5mm 3-color53k
breadboard 830p112k
paket jumper dupont 15cm136k

subtotal 359k, setelah diskon + ongkir jadi 314k

raspi 5

raspberry pi 5 sebagai multi-protocol ot simulator

install os, ssh masuk, install semua service.

bikin 3 server script:

modbus tcp (port 502) - simulasi plc, holding register + coils.

siemens s7 (port 102) - simulasi siemens cpu 315-2 pn/dp pakai snap7.

bacnet/ip (port 47808) - simulasi building automation controller pakai bac0.

plus mosquitto buat mqtt broker (port 1883) dan snmpd (port 161).

semua dijadiin systemd service.

port 22    - ssh
port 102   - siemens s7
port 161   - snmp
port 502   - modbus tcp
port 1883  - mqtt
port 5353  - mdns
port 47808 - bacnet/ip

esp32

udah lama gak wiring-wiring, lumayan kaget juga liat breadboard lagi.

esp32 ke w5500 pakai spi, dht22 buat sensor, relay 4ch buat aktuator.

semua pakai jumper female-to-female, breadboard cuma buat distribusi power.

esp32 devkitc lebar banget, makan semua row a-j di breadboard. akhirnya gak ditancep, taruh di samping aja.

firmware

awalnya pakai arduino ethernet library buat w5500.

gak bisa jalan 2 server (http + modbus) barengan. crash terus.

ternyata library ethernet arduino gak thread-safe di esp32 (freertos). spi bus collision.

ganti ke eth.h (esp-idf native w5500 driver) yang pakai lwip stack. langsung jalan.

fitur:

  • modbus tcp server (port 1234)
  • http status page (port 1111)
  • dht22 sensor reading
  • relay control via modbus atau http
  • mei (fc 0x2b) + report slave id (fc 0x11)
  • exception response buat unsupported function codes

esp32 ot simulator web interface menampilkan sensor data dan relay control

flash

pakai arduino ide. upload speed 115200.

brltty di ubuntu suka hijack cp210x usb serial:

sudo systemctl stop brltty-udev
sudo systemctl disable brltty-udev
sudo systemctl mask brltty-udev

testing

modbus ke esp32

from pymodbus.client import ModbusTcpClient
client = ModbusTcpClient('192.168.0.243', port=1234)
client.connect()
result = client.read_holding_registers(address=0, count=3)
print(f'temp: {result.registers[0] / 10.0} C')
# 31.9 C - data real dari dht22

s7 ke raspi

import snap7
client = snap7.Client()
client.connect('192.168.0.74', 0, 1)
info = client.get_cpu_info()
# CPU 315-2 PN/DP

bacnet ke raspi

import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.settimeout(2)
packet = bytes([0x81, 0x0a, 0x00, 0x08, 0x01, 0x00, 0x10, 0x08])
sock.sendto(packet, ('192.168.0.74', 47808))
data, addr = sock.recvfrom(1024)
# 21 bytes - bacnet iam response

masalah yang ketemu

scanner gagal detect esp32

bikin modbus scanner yang enumerate device lewat mei, report slave id, holding registers, coils.

awalnya gagal semua.

esp32 gak respond ke function code yang gak disupport. gak kirim response sama sekali, connection drop.

scanner coba mei -> timeout -> connection reset -> semua request setelahnya broken pipe.

fix di scanner: tambahin reconnect logic. connection lost -> reconnect otomatis -> lanjut.

fix di firmware: tambahin exception response (funccode | 0x80) buat fc yang gak disupport. gak hang lagi.

setelah fix:

esp32:
  method: report_slave_id
  slave_id: ESP32-IoT-Controller-v1.0.0

raspi:
  method: mei
  manufacturer: RaspberryPi-OT-Sim
  label: RPi5-PLC
  firmware_version: 1.0.0

dual server crash

esp32 crash waktu jalan http + modbus barengan pakai arduino ethernet library.

assert failed: xQueueSemaphoreTake queue.c:1709

penyebab: spi bus gak di-mutex, freertos preempt bikin race condition.

fix: ganti ke esp-idf native eth.h driver.

wireshark

semua traffic keliatan di wireshark.

buat modbus di port 1234, perlu decode as: analyze -> decode as -> tcp port 1234 -> modbus/tcp.

modbus  - modbus tcp
s7comm  - siemens s7
bacnet  - bacnet/ip
mqtt    - mqtt

repo

github.com/zsbahtiar/touch-ot

← Kembali ke blog