Badcaps.net Forum
Go Back   Badcaps Forums > Troubleshooting Hardware & Devices and Electronics Theory > General Electronics Technical Discussion
Register FAQ Calendar Search Today's Posts Mark Forums Read

 
Thread Tools Display Modes
Old 10-02-2019, 01:10 AM   #61
Curious.George
Badcaps Veteran
 
Join Date: Nov 2011
Posts: 1,589
Default Re: Getting into PLCs

Quote:
Originally Posted by Dannyx View Post
No, I'm not into programming, but I'm willing to learn, so I'd be curious what the contents of such a flash chip would look like and what programmer would be able to read it.
For higher performance PLC's, you will find compiler code (native to the CPU that's executing it). For cheaper models, you'll likely find some sort of intermediate code that is interpreted/JITed by the processor.

You won't find stuff that you can read "in English"...
Curious.George is offline   Reply With Quote
Old 10-02-2019, 04:05 AM   #62
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 21,538
Default Re: Getting into PLCs

part number of the flash will help,
or just spend $800 on something universal with 48 active pins!!!

the flash will have a bootloader with the code for reading passwords and comparing them, together with the loader routines.
then it will have a system area for storing passwords and other "settings",
then a big area for the uploaded user-code.
stj is offline   Reply With Quote
Old 10-02-2019, 10:47 AM   #63
Dannyx
CertifiedAxhole
 
Dannyx's Avatar
 
Join Date: Aug 2016
City & State: Constanta
My Country: Romania
Line Voltage: 230VAC 50Hz
I'm a: Hardcore Geek
Posts: 2,638
Unhappy Re: Getting into PLCs

Quote:
Originally Posted by stj View Post
part number of the flash will help
I was hoping it's pretty visible in the picture (I took one of every major chip on there), but in case it isn't it's SST39SF020A which I think is THIS.
Quote:
Originally Posted by stj View Post
or just spend $800 on something universal with 48 active pins!!!
Nope - not happening It would be redundant for this purpose anyway, plus the issue at hand is not so much learning to program a new PLC entirely from scratch as it is recovering the routine the original machine performed, which is only partly known so far due to a complete lack of documentation on these machines (even "known" is a bit generous here - inferred would be more appropriate)

Also, just the issue I've been having from the very start and why it's not happening:
Quote:
Originally Posted by Curious.George View Post
You won't find stuff that you can read "in English"...
__________________
Wattevah...
Dannyx is offline   Reply With Quote
Old 10-02-2019, 12:41 PM   #64
Curious.George
Badcaps Veteran
 
Join Date: Nov 2011
Posts: 1,589
Default Re: Getting into PLCs

Quote:
Originally Posted by Dannyx View Post
Also, just the issue I've been having from the very start and why it's not happening:
["Code" not visible in human-readable form]

Depending on the PLC, the programming tools may hold the "source" off-line (relying on you to maintain it's availability), or, will include tools to "decompile" the image from the controller and (effectively) recreate the original sources.
Curious.George is offline   Reply With Quote
Old 10-02-2019, 12:41 PM   #65
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 21,538
Default Re: Getting into PLCs

i think that part is compatable with a 256k 32pin eprom,
you could read it with an arduino running eprom/novram software.
stj is offline   Reply With Quote
Old 10-02-2019, 01:44 PM   #66
Dannyx
CertifiedAxhole
 
Dannyx's Avatar
 
Join Date: Aug 2016
City & State: Constanta
My Country: Romania
Line Voltage: 230VAC 50Hz
I'm a: Hardcore Geek
Posts: 2,638
Default Re: Getting into PLCs

XCP Pro (the software used with this PLC) does have a function to read back from the PLC, but it won't let you do it without the password...

On this topic, I of course shall want to protect my version of the program on the new PLC with a password as well, but there was something I came across in the manual which put me off: the manual talks about something called "secret download" which sounds like it would do just that - password-protect the PLC to prevent writing/reading, which these guys already did with theirs - but the slightly broken english made it sound like it would lock down the PLC entirely and would prevent ANY subsequent attempts at reading/writing to it, even if you purposely do it and know the password....damn chinese tech
Dannyx is offline   Reply With Quote
Old 10-03-2019, 05:09 AM   #67
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 21,538
Default Re: Getting into PLCs

do you want to read the flash?

i can explain in detail how to do it with just an arduino, and a chinese €1 adapter pcb.
stj is offline   Reply With Quote
Old 10-03-2019, 10:32 AM   #68
Dannyx
CertifiedAxhole
 
Dannyx's Avatar
 
Join Date: Aug 2016
City & State: Constanta
My Country: Romania
Line Voltage: 230VAC 50Hz
I'm a: Hardcore Geek
Posts: 2,638
Default Re: Getting into PLCs

Quote:
Originally Posted by stj View Post
do you want to read the flash?

i can explain in detail how to do it with just an arduino, and a chinese €1 adapter pcb.
Go ahead, just for reference. I'm not sure it would help with cracking the password, but still useful to know in the long run, why not

Obviously I have to pull off the chip first...preferably without destroying pins and traces, which is not going to be easy with all that lacquer they poured on the PCB. Then I'd need the adapter and then something to read it with...I didn't know the Arduino can do that.
Dannyx is offline   Reply With Quote
Old 10-03-2019, 12:58 PM   #69
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 21,538
Default Re: Getting into PLCs

https://www.jammarcade.net/programmi...-arduino-mega/

you can mod that to read any parallel memory device.
stj is offline   Reply With Quote
Old 10-03-2019, 12:59 PM   #70
Curious.George
Badcaps Veteran
 
Join Date: Nov 2011
Posts: 1,589
Default Re: Getting into PLCs

Quote:
Originally Posted by Dannyx View Post
On this topic, I of course shall want to protect my version of the program on the new PLC with a password as well, but there was something I came across in the manual which put me off: the manual talks about something called "secret download" which sounds like it would do just that - password-protect the PLC to prevent writing/reading, which these guys already did with theirs - but the slightly broken english made it sound like it would lock down the PLC entirely and would prevent ANY subsequent attempts at reading/writing to it, even if you purposely do it and know the password....damn chinese tech
Systems implemented with PLCs are notoriously easy to "steal" -- buy the sensors and actuators that the original manufacturer used, buy an exact copy of the PLC that was used, transfer the "software" from the PLC to the new one and you've cut the original manufacturer out of the loop (sale)!

So, you want to be able to "lock up" the "source code" (ladder logic, etc.) that is embodied in that PLC so that the counterfeiter can't clone it.

At the very least, you want to ensure the counterfeiter can't blindly clone the code (without bothering to understand it: "This SEEMS to work good enough, as is!") to cut the manufacturer out of the subsequent "purchase(s)".

As many industries using PLCs in their process control applications have staff that are competent with PLCs -- though not, perhaps, capable of designing a complete system from scratch (amazing how many folks can MODIFY an existing system yet are clueless as to its basic design) -- you also would like to obfuscate the sources so the counterfeiter can't "see" how you've solved the problem. And, by extension, can't see how to make the changes they would like -- without enlisting your help ($$).

Whenever your customer (or competitor!) can freely purchase the components that you have purchased and used in your design, you are at risk for them cutting you out of the loop. You want to raise the bar so they need to invest as much effort trying to steal your work as they would have to invest to create their own ORIGINAL work.
Curious.George is offline   Reply With Quote
Old 10-03-2019, 01:05 PM   #71
Dannyx
CertifiedAxhole
 
Dannyx's Avatar
 
Join Date: Aug 2016
City & State: Constanta
My Country: Romania
Line Voltage: 230VAC 50Hz
I'm a: Hardcore Geek
Posts: 2,638
Default Re: Getting into PLCs

Quote:
Originally Posted by stj View Post
https://www.jammarcade.net/programmi...-arduino-mega/

you can mod that to read any parallel memory device.
Doesn't seem to be so much for reading chips as it is for writing to them. Not sure about one thing though: is this the same thing as the NAND in TVs ? Those always fail on Samsungs and I thought this might kill two birds with one stone and I'd be able to reprogram those as well (provided I find the correct software)
Dannyx is offline   Reply With Quote
Old 10-03-2019, 02:27 PM   #72
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 21,538
Default Re: Getting into PLCs

here's a better one - just increase the number of address pins.
https://github.com/frisnit/Arduino-Eprom-Writer

and no, you cant really clone high density flash with it because you cant re-map around bad sectors on the new chip
you can read any parallel memory with it though - as long as it's 5v tolerant.

Last edited by stj; 10-03-2019 at 02:30 PM..
stj is offline   Reply With Quote
Old 11-13-2019, 05:05 AM   #73
Dannyx
CertifiedAxhole
 
Dannyx's Avatar
 
Join Date: Aug 2016
City & State: Constanta
My Country: Romania
Line Voltage: 230VAC 50Hz
I'm a: Hardcore Geek
Posts: 2,638
Talking Re: Getting into PLCs

Well, just for those who are curious about the display for these things as well, here's some shots of what's inside one of these OP320 displays. This is one of the newer ones we received and I successfully created a program for. I distinctly remember there were some slight differences between this one and the "original" TouchWin ones which came installed on those water filter stations.

There's three of those: one of them works but has vertical streaks across the middle of the display due to moisture, the second was completely dead but I managed to revive it (corroded trace somewhere) and the last one turns on but doesn't do anything else: just the blue backlight comes on but never boots. My idea was to take the microcontroller from that one and solder it onto this one, or even better, swap the whole board if it fits, which I believe it doesn't because of one of those slight differences I mentioned. This is of course assuming the micro is not the cause of the failure to begin with ! ! I think that one uses a flex cable to connect the two boards, whereas this one uses header pins.
Attached Images
File Type: jpg 20191113_124834.jpg (588.0 KB, 4 views)
File Type: jpg 20191113_124806.jpg (598.7 KB, 3 views)
File Type: jpg 20191113_124844.jpg (662.1 KB, 4 views)
Dannyx is offline   Reply With Quote
Old 11-13-2019, 07:43 AM   #74
stj
Great Sage 齊天大聖
 
stj's Avatar
 
Join Date: Dec 2009
City & State: Europe
My Country: some shithole run by Israeli agents
I'm a: Professional Tech
Posts: 21,538
Default Re: Getting into PLCs

looks like an off-the-shelf graphic lcd, and an obsolete 4k microcontroller.
not much to it.
stj is offline   Reply With Quote
Old 11-13-2019, 07:47 AM   #75
Dannyx
CertifiedAxhole
 
Dannyx's Avatar
 
Join Date: Aug 2016
City & State: Constanta
My Country: Romania
Line Voltage: 230VAC 50Hz
I'm a: Hardcore Geek
Posts: 2,638
Default Re: Getting into PLCs

I guess I should probably dig into the dead one some more, since I feel I didn't give it the required amount of attention before giving up....granted, the time constraint was rather short, so I just left it in there so there wouldn't be a hole in the panel of the station
Dannyx is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



Badcaps.net Technical Forums 2003 - 2019
Powered by vBulletin ®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
All times are GMT -6. The time now is 02:43 PM.
Did you find this forum helpful?