Announcement

Collapse
No announcement yet.

Getting into PLCs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #61
    Re: Getting into PLCs

    Originally posted by Dannyx View Post
    No, I'm not into programming, but I'm willing to learn, so I'd be curious what the contents of such a flash chip would look like and what programmer would be able to read it.
    For higher performance PLC's, you will find compiler code (native to the CPU that's executing it). For cheaper models, you'll likely find some sort of intermediate code that is interpreted/JITed by the processor.

    You won't find stuff that you can read "in English"...

    Comment


      #62
      Re: Getting into PLCs

      part number of the flash will help,
      or just spend $800 on something universal with 48 active pins!!!

      the flash will have a bootloader with the code for reading passwords and comparing them, together with the loader routines.
      then it will have a system area for storing passwords and other "settings",
      then a big area for the uploaded user-code.

      Comment


        #63
        Re: Getting into PLCs

        Originally posted by stj View Post
        part number of the flash will help
        I was hoping it's pretty visible in the picture (I took one of every major chip on there), but in case it isn't it's SST39SF020A which I think is THIS.
        Originally posted by stj View Post
        or just spend $800 on something universal with 48 active pins!!!
        Nope - not happening It would be redundant for this purpose anyway, plus the issue at hand is not so much learning to program a new PLC entirely from scratch as it is recovering the routine the original machine performed, which is only partly known so far due to a complete lack of documentation on these machines (even "known" is a bit generous here - inferred would be more appropriate)

        Also, just the issue I've been having from the very start and why it's not happening:
        Originally posted by Curious.George View Post
        You won't find stuff that you can read "in English"...
        Wattevah...

        Comment


          #64
          Re: Getting into PLCs

          Originally posted by Dannyx View Post
          Also, just the issue I've been having from the very start and why it's not happening:
          ["Code" not visible in human-readable form]

          Depending on the PLC, the programming tools may hold the "source" off-line (relying on you to maintain it's availability), or, will include tools to "decompile" the image from the controller and (effectively) recreate the original sources.

          Comment


            #65
            Re: Getting into PLCs

            i think that part is compatable with a 256k 32pin eprom,
            you could read it with an arduino running eprom/novram software.

            Comment


              #66
              Re: Getting into PLCs

              XCP Pro (the software used with this PLC) does have a function to read back from the PLC, but it won't let you do it without the password...

              On this topic, I of course shall want to protect my version of the program on the new PLC with a password as well, but there was something I came across in the manual which put me off: the manual talks about something called "secret download" which sounds like it would do just that - password-protect the PLC to prevent writing/reading, which these guys already did with theirs - but the slightly broken english made it sound like it would lock down the PLC entirely and would prevent ANY subsequent attempts at reading/writing to it, even if you purposely do it and know the password....damn chinese tech
              Wattevah...

              Comment


                #67
                Re: Getting into PLCs

                do you want to read the flash?

                i can explain in detail how to do it with just an arduino, and a chinese €1 adapter pcb.

                Comment


                  #68
                  Re: Getting into PLCs

                  Originally posted by stj View Post
                  do you want to read the flash?

                  i can explain in detail how to do it with just an arduino, and a chinese €1 adapter pcb.
                  Go ahead, just for reference. I'm not sure it would help with cracking the password, but still useful to know in the long run, why not

                  Obviously I have to pull off the chip first...preferably without destroying pins and traces, which is not going to be easy with all that lacquer they poured on the PCB. Then I'd need the adapter and then something to read it with...I didn't know the Arduino can do that.
                  Wattevah...

                  Comment


                    #69
                    Re: Getting into PLCs

                    https://www.jammarcade.net/programmi...-arduino-mega/

                    you can mod that to read any parallel memory device.

                    Comment


                      #70
                      Re: Getting into PLCs

                      Originally posted by Dannyx View Post
                      On this topic, I of course shall want to protect my version of the program on the new PLC with a password as well, but there was something I came across in the manual which put me off: the manual talks about something called "secret download" which sounds like it would do just that - password-protect the PLC to prevent writing/reading, which these guys already did with theirs - but the slightly broken english made it sound like it would lock down the PLC entirely and would prevent ANY subsequent attempts at reading/writing to it, even if you purposely do it and know the password....damn chinese tech
                      Systems implemented with PLCs are notoriously easy to "steal" -- buy the sensors and actuators that the original manufacturer used, buy an exact copy of the PLC that was used, transfer the "software" from the PLC to the new one and you've cut the original manufacturer out of the loop (sale)!

                      So, you want to be able to "lock up" the "source code" (ladder logic, etc.) that is embodied in that PLC so that the counterfeiter can't clone it.

                      At the very least, you want to ensure the counterfeiter can't blindly clone the code (without bothering to understand it: "This SEEMS to work good enough, as is!") to cut the manufacturer out of the subsequent "purchase(s)".

                      As many industries using PLCs in their process control applications have staff that are competent with PLCs -- though not, perhaps, capable of designing a complete system from scratch (amazing how many folks can MODIFY an existing system yet are clueless as to its basic design) -- you also would like to obfuscate the sources so the counterfeiter can't "see" how you've solved the problem. And, by extension, can't see how to make the changes they would like -- without enlisting your help ($$).

                      Whenever your customer (or competitor!) can freely purchase the components that you have purchased and used in your design, you are at risk for them cutting you out of the loop. You want to raise the bar so they need to invest as much effort trying to steal your work as they would have to invest to create their own ORIGINAL work.

                      Comment


                        #71
                        Re: Getting into PLCs

                        Originally posted by stj View Post
                        https://www.jammarcade.net/programmi...-arduino-mega/

                        you can mod that to read any parallel memory device.
                        Doesn't seem to be so much for reading chips as it is for writing to them. Not sure about one thing though: is this the same thing as the NAND in TVs ? Those always fail on Samsungs and I thought this might kill two birds with one stone and I'd be able to reprogram those as well (provided I find the correct software)
                        Wattevah...

                        Comment


                          #72
                          Re: Getting into PLCs

                          here's a better one - just increase the number of address pins.
                          https://github.com/frisnit/Arduino-Eprom-Writer

                          and no, you cant really clone high density flash with it because you cant re-map around bad sectors on the new chip
                          you can read any parallel memory with it though - as long as it's 5v tolerant.
                          Last edited by stj; 10-03-2019, 01:30 PM.

                          Comment


                            #73
                            Re: Getting into PLCs

                            Well, just for those who are curious about the display for these things as well, here's some shots of what's inside one of these OP320 displays. This is one of the newer ones we received and I successfully created a program for. I distinctly remember there were some slight differences between this one and the "original" TouchWin ones which came installed on those water filter stations.

                            There's three of those: one of them works but has vertical streaks across the middle of the display due to moisture, the second was completely dead but I managed to revive it (corroded trace somewhere) and the last one turns on but doesn't do anything else: just the blue backlight comes on but never boots. My idea was to take the microcontroller from that one and solder it onto this one, or even better, swap the whole board if it fits, which I believe it doesn't because of one of those slight differences I mentioned. This is of course assuming the micro is not the cause of the failure to begin with ! ! I think that one uses a flex cable to connect the two boards, whereas this one uses header pins.
                            Attached Files
                            Wattevah...

                            Comment


                              #74
                              Re: Getting into PLCs

                              looks like an off-the-shelf graphic lcd, and an obsolete 4k microcontroller.
                              not much to it.

                              Comment


                                #75
                                Re: Getting into PLCs

                                I guess I should probably dig into the dead one some more, since I feel I didn't give it the required amount of attention before giving up....granted, the time constraint was rather short, so I just left it in there so there wouldn't be a hole in the panel of the station
                                Wattevah...

                                Comment

                                Working...
                                X