Sign in to follow this  
Followers 0
dewaz

Password

20 posts in this topic

I have some PLC CQM1H and CPM1A that protected by password. You know 4 digit password activated by AR ... (i forgot it). Few years a go i knew a man which can break this code. Unfortunatelly he's unreachable right now, dunno where he is. Please help us here, if anyone know how to break this code? or .. minimal, how to make breaking process become easier because we need to do modification at this machine and the engineer already sign out. :( anybody know?

Share this post


Link to post
Share on other sites
Dewaz, Without wishing to sound too bombastic, if you did a seach on this topic, you will find that no-one here on this forum (or pretty much any other forum) will give any help or advice on cracking password protection. Passwords are used to protect intellectual property rights, and as such, cracking is tantermount to piracy! Regards anonymous

Share this post


Link to post
Share on other sites
Try looking here for some help. http://forums.mrplc.com/index.php?act=Downl...s&CODE=02&id=48 This is made for Allen bradley but may work for you as well. With Allen bradley I use a hex editor to open up the ladder. After that I scan through the code and after the communication proto call (DF1-PIC1). The password is there in plain number format and usually in more than one spot. Hope this helps. You may need the software that is in the guide. It is in the download section of this site. chas183

Share this post


Link to post
Share on other sites
Hey, for CQM1H i think is very difficult, for other c series may be.... there are only 65536 combination from 0000 to ffff, u can try out key in from 0000, may be few days later will reach ffff. good luck for u

Share this post


Link to post
Share on other sites
PAssword-protection is often used to - as the word says - to protect the content of the program and the intellectual properties, like anonymous said. I also know from customers that have a very bad paying policy, and there is a limited time, until the program will stop working to amke him pay the money OMRON deserves. The password used for unlocking this function is and should only be available by the responsible OMRON-application engineer to protect the right of OMRON (or the one who has done the programming). ANYTHING ELSE IS ILLEGAL!

Share this post


Link to post
Share on other sites
Bollocks. The passwords are there just make things hell, when you are trying to repair the machine. Don't give us the IP"rights" bullshit. Anyone who wanted the program could have it by many other ways, but when someone tries to maintain a machine, that's been operating for years without interuptions, then where the hell are you gonna come up with the password? I say crack them all. Who cares about some 5 years old PLC program, unless you want to repair the machine. Stop whining about cracking the password protections. I'll just laugh at you, when you have to reprogram some nicely complex program just because you can't get the password and noone helps you crack it.

Share this post


Link to post
Share on other sites
That's hardly appropriate.

Share this post


Link to post
Share on other sites
Have fun cracking a CS1 or CJ1. Limited number of tries and then YOU ARE LOCKED OUT FOREVER!!! Throw the processor away and start again. Good luck!!!!

Share this post


Link to post
Share on other sites
No one was laughing... anonymous

Share this post


Link to post
Share on other sites
anonymous u are absolutely right, i hate the person who are stealth the program and after doing some amend will become his program, this will wasted our effort and time..

Share this post


Link to post
Share on other sites
Just my two cents on this topic. Another consideration for the equipment builder is liability (at least in the US). If someone goes in and changes the program and an employee gets hurt, who do you think the lawyers will go after? I know that you could prove that the code had been modified, but only after the time and expense of a court case, having your name dragged through the mud, etc. Yes it is difficult for the customer, but there are ways around the passwords for most controllers. You will just need to work with the manufacturer of plc system.

Share this post


Link to post
Share on other sites
I think one should keep products and "oneshot"-lines apart. In products for selling more than one password is ok, but in "non-copyable" lines it's a good thing to leave the code open. But the main thing is: Who owns the code? Sometimes you develop something and its already ment to be owned by the customer. (same thing with electrical drawings). I always work with "open cards on the table" and I think that has given me a better relation to the costumers and they have asked for my help even more... But as usual there more then one side...... Regards Peter

Share this post


Link to post
Share on other sites
Hi, Thought I'd put my penny's worth in. I'm a maintenance man trying to keep machines running 24/7. If I came across a PLC that was password protected I would have the guy who protected it sacked. If it were protected by the manufacturer, I'd recommend not to purchase machines from that company again. Our job is difficult enough without fannying on with passwords.

Share this post


Link to post
Share on other sites
Have a look from the other side of the fence. Open thine eyes! When I do a job with generators, I put pass word protection on the program due to the defects liability period. Don't want anyone stuffing around with my program and blowing up a $1 million engine then changing the program back and I get the blame for it. NOT ON!!!! My insurance comany would love me for that. Insurance is expensive enough now. After 12 months and a day has passed, the client is quite welcome to the password as defects liability has passed. I do not have any proprietary type code generally, but I can understand integrators protecting code from theft that they have spent many hours developing. And believe me, theft of code occurs regularly despite copywrite protection which is as useless as tits on a bull. With the advent and further development of function blocks, it is now becoming possible to password protect only a function block. This means that proprietary code inside that function block can be protected and the rest of the program left clear for "factory fiddlers". However, I will continue to password protect any software I write until the end of the defects liability period. The customer is then free to have the password and blow up all the $1 million engines he wants to. I might add that if the code is written and commissioned properly, there should be no need to alter it. Whenever I get called out to a service call on any of the systems I implement, everyone expects me to plug in the laptop. I DO NOT!!! The first thing I do is pull out the drawings and check inputs and outputs by way of the LED indicators on the I/O cards. About 90% of the time I do not even have to open the laptop. The LEDs are usually the telling blow for trouble shooting, not the code itself. I might add that I do a site where access was required all the time. I made them sign a legally binding contract to cover myself. Edited by BobB

Share this post


Link to post
Share on other sites
Hi Bob, I hear what you are saying, however, in my line of business, unless you were willing to give me a guarantee that you could cover breakdowns within 30mins 24/7 my company wont be buying your goods Sir. If we stop production of our customer because we can't supply, the cost to us is around £1,500 per minute. Input/Output indicators are great, I agree most faults can be diagnosed visually at the PLC window. However, in my experience I could give you a 1000 examples why adjusting the program, say you were not getting one of those inputs/outputs for various reasons, would be the simplest and quickest way to get the machine back on line. Timers, may need adjusting more often than anything else. Whats more, when you design a machine for your customers its usually unique, designed to your customers requirements. So what faults occur in the machines infancy may be unique and difficult to foresee. Companies like mine can't sit around waiting for you guys to fix a fault like this, we have to be in there sorting it. And after a short while, the maintenance man will know the machine better than its creator, thats a fact. Edited by fosy

Share this post


Link to post
Share on other sites
If you have to *work* on a machine (repair) "that's been operating for years without interuptions,", why would you think that the PLC program is the problem. Do you believe in magical gnomes that sneak into your factory at midnight and re-program the PLC's or do you just believe that PLC's simply re-program themselves? Once properly commissioned by qualified people, the PLC program should never have to be touched again. Some OEM's use passwords to ensure just that. It prevents some maintenance genius, like yourself, from turning ALWAYS_OFF, ON, and then trying to get free support/changes/parts etc. If it's for changes or compliance then the source should be purchased from the OEM for that purpose. If it was commisioned work, say through a CSIA integrator, then you own the source - if you have paid for it that is. The only other reasons to beg for a password cracking tool are: 1. Maintenance incompetence 2. Theft

Share this post


Link to post
Share on other sites
Hi Nixon, You are obviously about ten years old so I'll be nice to you lol. You must be just starting off in this world of "machine control" and its difficult sometimes, so we must give you some consideration. But try to use words like " I think", " It could be " "It might be" until you know what you are talking about son! God bless your little white socks. Hugs and kisses, uncle fosy.

Share this post


Link to post
Share on other sites
You know, the thing is this: the password has nothing to do with IP protection, since you are protected by law anyway. Secondly, if you let people to get to the PLC anyway, it's pretty much the same if they **** up the PLC or the rest of the stuff that's there. Use a lock in your cabinets. That way, when there's a problem, atleast the lock can be smashed, if required, but people who have no business messing with the stuff can't access it. I would never let the situation be such, that some PLC company guy would have to come crack the pass for me and let the whole operation sit.

Share this post


Link to post
Share on other sites
"hugs and Kises"? I'll bet that you ... (Edited by Sleepy Wombat) You are one scary dude and an obvious...(EDITED Sleepy Wombat) *BLOCKED* f##

Share this post


Link to post
Share on other sites
Its "kisses" actually, I don't do "kises" lol. But you have me interested, what's "kises" is it something you do on your side of the world, please fill me in on the details, I'm curious lol.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0