Sign in to follow this  
Followers 0
Colin Carpenter

Foolproof Software Protection

29 posts in this topic

Using IEC Developer and Mitsubishi FX2N PLCs' does anyone know of or can think of a truly foolproof way of protecting the code from prying eyes? I know that it can be password protected, but topics on the forum show that there are ways and means of overcoming this if you are determined. I have just written some software that I am *REALLY* keen to ensure that no-one else can get to use ........ what do you think?

Share this post


Link to post
Share on other sites
I thing the only way is buy a locker, put the plc inside the locker and lock it. Only you and the authorize personal can download and upload the program. if not sure have some people can overcome this problem. I also facing this problem long time ago, only thing is i haven't done the above mension yet.

Share this post


Link to post
Share on other sites
lockpicking is not the hardest thing, it takes less than an hour to learn it. in fact it is demonstrated on certain events such as defcon... you could try modifying plc (rearrange port pins for example). You can have your own special cable that works, guys that don't will be scratching their heads... You can edit C:\MELSEC\Gppw\Setup.bmp to look different so you can tell them they need special version

Share this post


Link to post
Share on other sites
Do you want to lock yourself out forever too. To make it foolproof - you are going to have to include keeping yourself out too. This would mean some physical operation inside the PLC. This could be all manner of things.

Share this post


Link to post
Share on other sites
I am bored but read this and thought I'd give you my thoughts. I never realized how protective you guys are about your material. I've had debates about password protection and such on this forum and never really understood the reasoning behind it, other than to protect a machine that you had built from being destroyed by some delinquent pond life with a little bit of knowledge. But please forgive me, I'm lost. Please enlighten me, cause all my working life and involvement in machines, the only machines that I have ever respected, are the ones that are easy to understand. The manufacturer has designed a machine in such a way that even the simplest of us can understand the workings of it and they encourage the understanding of it. Have you lost the plot, have you become obsessed with you own brilliance? Dont go there would be my advice, been there got the tee-shirt. It doesn't matter how clever you think your idea is or in your case, software is, if it aint easy for us delinquents to understand, you aint going to be a millionaire. Keep it simple, achieve the impossible in the most simplest possible way and be as open as possible. Only then will you own a big boat me dears. I've come off a nightshift from hell and had a drink too, so forgive me if I have upset you.

Share this post


Link to post
Share on other sites
OK, let's assume that you've spent a lot of your own time, your own money and your own brain cells, and at the end of it, you've produced a system that does what a lot of people thought couldn't be done, through a combination of smart software and clever mechanical / electrical design. The mechanical / electrical design is easy to copy, and so is the software by anyone with a bit of Mitsubishi knowledge. Patents probably aren't applicable, or, even if they are, would probably take too much time, money and legal expenses. So you want to market it, sell a few and make back a bit of the investment that you've made in the project? How do you protect the software? Or do you give it away to all and sundry? My name is not Bill Gates. I have a mortgage, wife and kids. They like to eat and keep warm. It concentrates the mind.

Share this post


Link to post
Share on other sites
Well... I always say; better a good copy than a bad invention...

Share this post


Link to post
Share on other sites
Hi guys, I remember programming a Koyo PLC a few years ago. This PLC had the facility to lock itself out (fully secure) by writing to a special adress in the PLC. The down side of this is that a new program can never be downloaded, nor the existing uploaded (Even if you did password protect it). It also cuts out all programming interfaces to the PLC (ie. you can still use a SCADA to read values, etc. but NO modifications). I have not personally had the desire to protect the PLC past its current protection method. The forums discussion on breaking the Mits PLC password is a bit involved for someone 'not up to scratch'. It does take some time, but is achievable. I fully understand the fact that it is your design... The only way to 'protect' your design is if you publish it and let the whole world know about it. Surely then if someone else comes along doing the same thing everyone will know!!! Have you considered marketing your product considerably to the market you are targeting?

Share this post


Link to post
Share on other sites
Thanks for the reasoned reply. Yes, it would be marketed directly at the target industry, and I think the risk is fairly minimal given the password protection available. I believe that if I've produced a system that requires maintenance guys to have to access the source code, then I've not done the job properly. I tend to agree that the password protection is probably adequate in most cases, I just wondered if there was a more secure means. Maybe an encrypted EEPROM or harware interlock or something along those lines. What is the general feeling regarding ownership of PLC programmes? For example, if you are paid to produce code for a "one off" machine, does the company that paid you have the right to build more machines and just use the source code over and over again with no further payment to you? It certainly doesn't happen that way in the most of the commercial desktop PC world (maybe Linux is an exception).... what is the generally accepted view in the Automation world?

Share this post


Link to post
Share on other sites
When I write PLC programs for work and the customer paid for the programming time, they own the code. When I do it for my employer and don't make the customer pay for development time, the code is mine. It comes down to who paid for it.

Share this post


Link to post
Share on other sites
Passwords are fine - to protect against unauthorised tampering with a program that may be dangerous for the machine or personnel. But programmers, have a heart, you're probably not going to be the one who, in ten years time, is trying to upgrade a machine or install a new processor. In any case, there's more than one way to skin a cat! Do you not think that anyone else is clever enough to write a program to do exactly the same thing? Maybe even better than you? If a customer has paid you to design, build and program a machine then surely he has a right to be able to access the program. Then it's up to him who he gives rights to. He needs that privilige, if not just for health and safety reasons but also to maintain his machine long after your company has gone to the wall.

Share this post


Link to post
Share on other sites
Hi Colin, I understand your frustrations and I bet your software is great and maybe no one has thought of a better way to achieve what you have achieved yet. You may have achieved something no other has achieved at this moment in time. But you cant go down the " Patent " route to protect it unless it is totally unique. Like if it were written in a totally new language and that language was born from you. Just like electronics, you cant patent a circuit, simply because there will be a number of other ways to achieve the same result, i.e, the copier simply has to change a resistor and it will make it different to the patent owner's idea. Patents are very expensive and they need policing forever and so not economical. Now I know maintenance men are disliked by the likes of you and I understand that for the reasons we have discuss before in this forum. But maintenance men have an influence on what machines are purchased by a company, well, prudent wise companies anyway. A maintenance man will only recommend buying machines that are easy to fix. Do you get my drift? And we maintenance men are very loyal to manufacturers that make our job easier, do you get my drift again? If you want to make millions, be very friendly to us maintenance men, we will reward you sir. Be open, make things simple for us, remove restrictions and obstacles and dont ever intimidate us with your cleverness. We will blank you. Care for your maintenance man and we'll care back. The secret to success in machine, software development, is make it user friendly mate and we'll stick by you. PS. We might even fall in love with you, if you have a nice arse, big pair of tits and are female lol. Edited by fosy

Share this post


Link to post
Share on other sites
I think fosy just hit it right on the head!!!!

Share this post


Link to post
Share on other sites
I have this same problem... I've developed a touchscreen / plc program for architectural uses. I sell it to many clients. I'm not worried about the maintenance staff getting into the program much (these guys have almost all never even heard of a plc), but I'm worried about my compeitition using my program. I don't wanna have to compete against my own work, and the development costs are on me. I'm not so wildly concerned that the competition have a product like mine, just that they develop it them selves. I've almost never seen a lamer password protection than the one on Meau plcs. Sheesh, try once and it shoots the password back to you. Maybe a little hard for the average maintenance guy, but for a company looking to get a free product, definitely worth it even if cracking the password took all day. About the customer owning the code... If I develop a program for industrial use, I allow them to use the program on one machine. If they have three, I want to be paid three times. The reasoning behind this is every time they load my program on another machine, I've got increased liability exposure. If my customer loads the program on 1,000 machines, chances are someone will get hurt in some way with one of those machines and lawyers sue everyone that ever had anything to do with that machine. I tend to charge $5k to $10k for an industrial control application. If the customer loads the program on 1,000 machines, I should run the risk for $5?

Share this post


Link to post
Share on other sites
Hi guys, Quite simply put, the software is part of the machine and multiple installations require multiple 'licenses' for the software. Unless the customer has carried some costs with you (production loss, etc.) whilst developing your application, you should get paid for every installation of the software. If the customer did carry costs, an arrangement can be made that the customer would pay a discounted fee for, lets say 20 identical installation. The software itself is not always the main cost, but your time spent on site commissioning each new installation does cost you money. I think it is fair to charge for this time spent. I agree that if there is a will, there is always a way. People will do anything to get something if they really want it. Some of the things you can do is maybe write your code in spaghetti style. You know, jump a lot around the program; execute some trivial tasks, etc. This also introduces possible bugs again. So be careful. The other side of this is of course the complexity of the software itself increases, which is not desired. Especially if you are going to have someone have a look at it (maintenance). Maybe a SLA (service level agreement) with the sites where the 'unit' is installed is the only other option. This way you can sell your software to the customer without the code. It still operates and functions as per normal, but maintenance, or your competetion, does'nt have access to the source. Again, the customer has to be taken into consideration and a 'discounted' price has to be agreed to when being called out to a breakdown. At the end of the day your customers will determine what becomes of you. Keep them happy!!!

Share this post


Link to post
Share on other sites
Thanks for the reasoned comments, lads. In 20 years of programming, I've never ever considered password protection, and I've always encouraged the maintenance men to be as familiar with the software as possible (within reason). The main reason is that I'm not over keen on getting panic phone calls in the middle of the night asking me to travel hundreds of miles to a site that has a PLC problem. Trust me, I'm with you all the way on that one. Having said that, all of those jobs were "one offs" ..... specifically designed for that piece of plant and very specific to that site. No problem with me leaving the fully commented code at all. This latest project we have developed is a "skid mounted", "plug and play" system that "does what is says on the tin". The FX2N uses FP maths to continuously solve simultaneous equations and executes triple PID loops to control to very fine tolerances. Sure, someone else could programme it better, maybe a good copy would be better than the original, maybe the maintenance guys could make a much better job........ etc., etc. but at this point in time, no one has. The PLC and HMI software is all part of the overall package. The overall package is a combination of "off the shelf" bits. Anyone could buy the "off the shelf" bits and knock up one of these machines, but, without the software, it wouldn't do what it was supposed to. That was what prompted my original question. If we sold one of these units to a multi national company with many sites, what's to stop them buying the bits, sucking out the HMI and PLC code for free and making one for each of their sites? Who owns the code in this case? Me or them?

Share this post


Link to post
Share on other sites
Hi Colin, I get your drift, I guess the way you explain it, it is a concern. I work for an international company with many sites around the world. We have teams set up looking at ways to cut costs. We are asked to look for ways to improve process and reduce waste. We look at machines bought in and study them to see if we can find ways to improve them, reduce energy usage and such. We look at the spares required for machines, especially the cost of spares. All manufacturers recommend you use their spares, they claim using cheaper alternatives may harm the machine or reduce its efficiency. We make judgements on that every day. Some manufacturers over engineer, some under engineer. If we ask a manufacturer to build us a machine, we tell them how long it must last, 5, 10 years whatever. We don't want it to be built to last 20 years, we don't manufacturer our product to last 20 years. We change models, lines all the time. When we have finished a line or product, we want the machine that help make that product to be life ex, worn out, spent. We are not in the business of selling second hand machines, we dump our machines in skips when we have finished with them. Now all the the stuff I've explained about us having to look to cut costs and reduce waste and improve machines and look for cheaper spares and all that, is what we are suppose to do. And the only reason I've mentioned it, is because my boss might see this post God help me. Because its all bullshit, in reality, we aint got time to do all those wonderful things, we are too bloody busy trying to keep the lines running and producing our product to the customers requirements. We aint got time to make machines, we aint got time to look for alternative spares. We aint got time to copy peoples ideas or steal software. And the truth is, even if we did have the time to save our company some money by copying your machine and building a cheaper one, we would get no thanks for it. They wouldn't give a toss. We look for an easy shift, we look for peace and harmony at work. We don't want any medals for ripping off a guy just trying to make a living out of his brilliant idea and hard work. My advice to you would be make your machine fit for purpose and just that, don't try to make it last forever. Offer to supply spares, even if the kit is off the shelf, companies will come to you for convenience, as long as your mark up is reasonable and you can deliver next day. When you come to costing your machine be reasonable, don't milk it cos its unique, think fair price, if its very expensive, they will take time to seach for an alternative. And once again, make it user friendly, be nice to the maintenance man lol.

Share this post


Link to post
Share on other sites
I'm always nice to the maintenance men, in fact I'm so nice to them that they occasionally let me buy them beers at Christmas!! Seriously though, I take your point about ease of fault finding. I always reckon that if someone else has to take a laptop to one of my PLCs, then I haven't done the job properly. If there truly is a bug in the code, then tell me and I'll fix it. Guaranteed. I always use the Beijers range of HMIs as default, and spend ages programming screens to tell the maintenance man what's wrong. The Mitsubishi PLCs are "bomb-proof", and in 20 years or so, I have NEVER known one fail or get its programme corrupted. I've known a few relay contacts burning out due to over use or over current, but that's about it. Mind you, they don't like water ..... just keep them dry. I use 0-20 mA analogue inputs to sense 4-20 mA sensors, so I can tell when they fail. I set up screens so that outputs can be switched on for testing, I write routines to check that motors are available, haven't tripped and don't have failed contactors. I give valves time to move between sensors, then alarm if they don't. I have huge alarm lists telling the operator if anything is untoward. Honestly, maintenance wise, I've been there and bought the T shirt. I've cursed programmers who write with no structure and even fewer comments in the documentation, panel builders who don't ground the 0VDC of the power supply, and companies who build machines in NPN mode not the more easily understood PNP mode (though that's a personal opinion, not necessarily a scientific one). On the other hand, if I bought a nice M series BMW, I don't somehow think they'd supply me with the source code for the engine management system if I asked nicely.......?

Share this post


Link to post
Share on other sites
Colin, assuming you areusing GXIEC Developer, place the software in a libary, the libary can only be vewied when it is open, and this can be password protected. PS are you the same colin that worked for Wessex in trowbridge some 7 - 8 years ago

Share this post


Link to post
Share on other sites
I certainly am. It's a small World isn't it? Don't recall anyone looking like a redfootballfish though!

Share this post


Link to post
Share on other sites
Wessex as in aircraft copters? I was aviation, unfortunately no one asks questions on aircraft technology. I dont remember plcs on aircraft. I'm a harrier jump jet expert 12 years. If anybody wants to know anything about how a harrier works ask. It would be nice to be able to answer a question for a change lol. Edited by fosy

Share this post


Link to post
Share on other sites
Mind you, don't ask me about anything electrical about the Harrier, cos I dont know. The only reason I got into electrics, and all this boring stuff like wiggly amps and binary number crap. Was because the electricians, geeks, kept blaming my engine for everything. They would do their tests and say its an engine fault and I would have to change the bloody engine of a harrier. You can imagine the work involved just to find the ................. had got it wrong and the snag was still apparent. I hated leckies lmao. So I decided to learn geek shoot only to be able to argue with incompetent twits lol.

Share this post


Link to post
Share on other sites
Once I learned which way electricity flowed, I realized these geeks were not quite as clever as I had first thought, its quite easy when you get your head round it lol. And PLC stuff is a joke, it seems complicated but it is only complicated because the geeks that develop it are sad and protective and insecure. They make something so simple appear so difficult it is a disgrace. I've seen some awesome fantastic state of the art technology in my life so far and believe me, PLCing don't go near it. I'm going to become an expert at PLCs, I've decided. I'm going to be asking loads of questions. Help me master this boring shoot so I can move on to more interesting cleverer stuff. Thats all I ask. I tried to program a pathetic NT20S the other week, upload/download. I've never in my life in engineering found something so little and pathetic so disgracefully disgustingly complicated in all my discovering life. I spent 2 valuable hours frustrated to the point, the unit I was working on nearly got a full blown drop kick out of the factory, because some nugget who had wrote the DOS software, had not informed the user that its data directory file name, was limited to 8 characters. If I could meet him I'd punch him in the nose. Having said all that, I'm sorry, I want to be friends and get on. Help me sus this PLC stuff out and I'll Luv ya Fosy

Share this post


Link to post
Share on other sites
Of course I was just waffling on so I could get to my 50th post and become an "expert" lol. But as its my 50th post I'll ask a question that I don't think anyone is qualified to answer lol. If 0=0.....how could there have been a big bang and suddenly everything exists. lol

Share this post


Link to post
Share on other sites
Have you no sense of humour in this place lol. I thought at least one of you would have bit. lol. Allow yourselves a little fun once in a while, sheesh.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0