I have purchased a piece of hardware that has a RS-485/ModBus interface in it which is used by codesys. I know nothing about codesys, I only heard of it when I ssh'd into the piece of hardware. I'm very limited in my ability to investigate the environment because it is running busybox Linux and the tools are scant.

I know that a GUI the manufacturer provided is connecting on ports 22000 & 6000 and they are sending these commands on ModBus:

activation="\x09\x10\x03\xE8\x00\x03\x06\x00\x00\x00\x00\x00\x00\x73\x30";
status="\x09\x03\x07\xD0\x00\x01\x85\xCF";
open="\x09\x10\x03\xE8\x00\x03\x06\x09\x00\x00\x00\xFF\xFF\x72\x19";
close="\x09\x10\x03\xE8\x00\x03\x06\x09\x00\x00\xFF\xFF\xFF\x42\x29";

But I don't know how to read or write to the ModBus using anything other than their GUI. Any hints would be appreciated.

I was told by the manufacturer that it is port 6000 that handlesModBus. I have captured it with a MITM Proxy but I cannot make any sense of it. I'm hoping that the modbus interface is mounted as a serial device somewhere.

The file has:

[SysCom].
Linux.Devicefile=/dev/ttymxc.

And the filesystem has:

/dev/ttymxc
/dev/ttymxc0
/dev/ttymxc1
/dev/ttymxc2
/dev/ttymxc3
/dev/ttymxc4

I have tried to pipe printf $status (all those vars) to those devices, but I get either nothing, or it hangs when I then try to cat the device.