Re: Getting into PLCs

I suspect the one of the password that in configured in the XC3 is to allow the OP series display to be able to access it. Then there will also be a different password for uploading and downloading the "program" to and from the XC3 plc to the pc.
There is also a password on the OP display which is likely to allow parameter changes that the normal machine operator can't change. This likely only applies to the OP plc not the XC3 plc.

Re: Getting into PLCs

The more interesting question for me here was why my CH341 failed to communicate with the damn thing and it only worked through the COM port....I think it's down to TTL vs RS232.

Re: Getting into PLCs

PLC's usually have oddball serial cables. It's to keep the cable a $200 "special" part. I'm not sure what the "program" pin needs.
9600,E,8,1 your parity might be wrong. It's even parity.

Re: Getting into PLCs

that's not oddball, it was used by Apple and SGI on a lot of machines to save space (and probably money)

Re: Getting into PLCs

THIS chap here shows a similar, larger PLC. Unfortunately I don't speak russian to understand whether that mini-DIN cable is something he wired himself as per the schematic in the manual you showed, or it's an "official" cable. If someone can help with that, it would be wonderful. His cable looks homemade to me, so the only difference between me and him is the USB-serial adapter. I tried it with the CH341 of my programmer, while he used one which actual terminates in a COM port and has a "lump" on the cable which presumably houses some more intelligent hardware than my single chip.

Re: Getting into PLCs

you need to open the unit and see if the port has a level shifter before you damage it or your usb adapter.
5v/3v3 and +/-12v systems dont mix!

Re: Getting into PLCs

Well since the PLC connected just fine via the onboard COM port, I would assume it does have a level shifter to go from the PC's 12v signals (or 10v whatever) to 3.3v or 5v - I doubt its MCU runs natively on 12v levels. The CH341 runs at 5v (I THINK - there's a 3.3v regulator on it, but I'm not sure it's involved in the TTL part), so perhaps it wasn't enough and the chap in the video has an USB-serial adapter which has a charge pump in it.

However this got me thinking whether or not I damaged my CH341...I'd need to find something "serial" to connect to and ensure it still functions. An Arduino Pro Mini is the first thing that comes to mind - if it can upload a code to it, the adapter's functional.

Re: Getting into PLCs

link tx and rx with a jumper, then run a serial terminal like putty or minicom
it should echo what you type back to the screen

Re: Getting into PLCs

Ok, LOL never thought something that simple would work I'm guessing the same trick would work to test ANY serial port ("adapted" or "native") then.

Re: Getting into PLCs

The port has to be configured as RD/TD-only -- if it expects handshaking signals, then it will likely just sit there fat, happy and stupid (doing absolutely NOTHING!)

Re: Getting into PLCs

I can now confirm that this works, at least in my case: I placed a jumper cap over the TX/RX pins of the programmer, ran Putty, set it to the right COM as indicated in device manager and typed something in the window that popped out. I wasn't sure this was actually doing anything, since what I was seeing could just be me typing and not the device actually echoing, so I removed the jumper and I could no longer type anything at all. Put the jumper back in and sure enough, I could type once again, so there is that - still good. Great tip ! Thanks again

Re: Getting into PLCs

We've just received two new sets of displays and PLCs today, so I tried messing around with the displays to get the hang of it, but I could not get anything to upload to it. A standard crossover serial cable just wasn't enough - the software just stood there upon hitting "download" and eventually timed out. The closest I got it to uploading was by making my own cable which has pin 7 connected straight across like in the manual of the display (page 16), although the manual is slightly contradictory there, since pin 7 is labeled as CTS, whereas in any serial port pin 7 is listed as RTS, so the manual is incorrect AFAIK ! Regardless, by connecting pin 7 to pin 7 on both ends (not crossed over to pin 8 like the console cable does - hence why I needed to make my own !), I made it one step further: the display makes a beep sound and also shows a progress bar when I hit "download". Still: the bar never leaves 0% and the program times out again...I wasted an entire day on this thing: trying both the CTS an RTS pins, switching them around, tying them together, but to no avail, that's as far as I ever made it. It probably is the only correct combination though, because the progress bar and beep happen only with pin 7 connected straight across, so I'll just leave it like that and shift my attention elsewhere. It's like the device is expecting data, but it isn't being sent over...which got me thinking to swap the TX and RX pins around, though I triple checked they're wired correctly (i.e. "crossed over", like the manual says). I also tried different software versions, since apparently that's also important, but all seem to do the same thing. I'm on Win10 here as well. Will try it on 7 too just for the hell of it....so yeah, that was disappointing

Re: Getting into PLCs

TX and RX in serial works just like USB:
First you try it the right way: it does not work.
Then you flip it around: it does not work.
Then you flip it back: it works.

Intel has a very handy diagram of this:

Re: Getting into PLCs

As I was scanning my eyes across your reply, I was actually thinking it would be helpful. I was like "wow, a diagram - thanks", but then....

Re: Getting into PLCs

For some reason it just decided to work today and I managed to upload some stuff to the display
I finished the last day off by uninstalling the software, so today I had to download it again to try again, so it's most likely that I guessed the right version, since I hooked up the cable in exactly the same way, so that can't be it....so far so good

Re: Getting into PLCs

Ok guys, here's where I stand: today I managed to connect and interact with both the display and the PLC itself. I mostly played with the PLC because I might have to create my own program based on how I think these water basins should work (or at the very most by observing a functional one), because I there's no way I'll be able to unlock a programmed PLC to obtain the code.

Here's some shots of what's on the inside: as you can see, there's a flash memory on there but that's about it. And no, that 8 pin IC is a DAC - nothing of interest there, I looked it up. The "bulk", including lock codes and other stuff, is most likely stored on this one flash, making recovering anything impossible, both due to hardware constraints and possibly electronic ones as well, so there is that...unless of course someone pro enough goes "oh, that's a XYZ chip - you can crack those easily by doing this" sort-of deal

As far as creating my own program goes, today I put together something which loosely mimics what the "good" PLC should do: it steps through 4 of its outputs (representing air valves which open and close) one at a time at a set interval, so I created that with a short 3 second interval just for a proof of concept test and I got it working after an entire day of work. I even included a "power failure guard" which allows the PLC to continue where it left off in case it loses power and reboots. I'm still getting the hang of it. For instance, I still haven't tried relaying info from the PLC to show up on the display, like the status of its outputs, the countdown time, etc. The poor translation of the manual doesn't do me any favours here either, because I'm having a hard time understanding what some of those functions do....

Re: Getting into PLCs

the flash is 28pin tsop package,
i could just lift it and throw it into my adapter and read it out with my programmer.

if i was not me but somebody lesser, i could still lift it and put it onto an adapter pcb for a $ from ebay and then read it with a breadboard and arduino.

Re: Getting into PLCs

Even if you did manage to read it, I doubt you'd be able to crack JUST the password while leaving the programming alone. I do not care about the device itself, since I have two new ones anyway. In the best of scenarios I'd do this operation twice: first to extract an unlocked "image" from the new working PLC and then spit it onto the "locked" one, which would give me a second unlocked PLC to play with, but would wipe any programming too.....that is IF the PLC even boots with the contents of the other one, since they may have different firmware versions and other stuff....

Re: Getting into PLCs

you think they arent seperate?
your obviously not into this type of stuff

Re: Getting into PLCs

No, I'm not into programming, but I'm willing to learn, so I'd be curious what the contents of such a flash chip would look like and what programmer would be able to read it.