Siemens FB OEM Lock

Hey does anybody know how to crack the FB OEM lock for a Siemens S7?

Normally an FB contains a self-contained subroutine that will probably be tested to bits. If you're fault finding has led you to the FB, it might be worth going back and checking to make sure that the FB definitely is at fault.

OEM's lock the blocks (in general) to either protect the copyright of their code or to stop people changing the program.

What's the problem with the FB? Why do you need to get in there?



JT

Well i guess it's not that i am finding any trouble, here's the deal. Me and my Siemens guy, visited a new customer of mine who needs a bunch of changes within his program. The customer hands me the file and low and behold there are no comments or documentation.

Anyways he agreed to allow us to back-engineer the program a bit for the purpose of these changes. The only thing is my guy says that there are locked routines and hopefully what we need is not in there. So that led me to the question of can these be unlocked some how.

It's amazing i have been reading other threads in hear and this is a perfect example of the dark side of OEM locks. The OEM has no copy of this software and has washed their hands of it. The guy that originally wrote the code cannot be found. So the customer is pooched unless we can back-engineering things a bit. In the process we want to hopefully document things to ease future troubleshooting.

If the FB is "KNOW_HOW_PROTECTED" you should be able to go into the SCL for the block and comment out the line "KNOW_HOW_PROTECTED" by using // before the text.

I used to work for a German OEM who would protect the blocks even from its own subsiduaries so I learned this to get into the blocks.

Any block can be protected, not just blocks made with SCL.

At www.runmode.com you can get a utility that can open protected blocks.
You can also do it manually, but the utility is easier.

Send me the project and I will remove the "Know how protection" for you.

How about the AB's OEM LOCK?

Can you fix it?

What is the betting what the customer handed you is an upload from the processor
I'd like to see anyone remove know how protect by commenting out anything without the source
It is one of lifes wonders that whenever locked up software is messed with , the original programmer cannot be found , there must be thousands of us lurking around in some sort of password protected underworld .
Had you considered that the customer may not have paid his bill in the first place , hence no software and blocks locked up ? Seems very strange that you don't have comments either - a customer has to have been some sort of crook before they end up with no comments . You may find that you could be messing with fire making changes unless this software is very , very simple -
No comments could make your life quite difficult .

Before anyone offers to remove know how protect , they should be very sure that they don't infringe anyones IPR or copyrights .

We all talk about this , but if someone offered to unlock XP so that it didn't need authorization , then the post would be deleted .

I can get past AB's OEM lock on some processors , but it isn't exactly cricket to tell anyone how .

Craig - I must confess I thought that East Kilbride had been shut , and that most of the guys had gone to BW automation , but I may be wrong . I also contract for them as well .

Here's a link to RMA's post about unlocking locked FCs FBs etc - here

Now you've got the tool and the method. Technically the worst that can happen is that the FB in question is a compiled executable from an SCL or SFC source. You'll be able to read it but I wouldn't give you much chance of making sense of it. If it's just protected STL, LAD or FBD you may be able to fathom it out, but then you have the ethical dilemma that 10baseT posted. Do you unprotect it, have a look, and then re-protect it? Do you document it? Do you re-write it? Do you leave your changes to someone else's code unlocked?

I'm inclined to agree with 10baseT - there must be an awful lot of people who protect their code and then just suddenly vanish. Alien abduction or something?

Regards

Ken

If you don't have the comments , you don't stand a chance , as I reckon this is from an upload rather than a copy of code where the comments etc have been deleted - it would take much too long to change all block declarations to something that didn't make any sense , that it would be easier to just lock the processor . All of the STAT's and TEMP's will have meaningless names -
if what you have to do is very simple , then you might be able to try , but if it is anything more complicated , be very careful .
I think if I was your programmer , I would walk away unless there was serious dough at stake or the code was very simple , or both .

I protect my code , but I never vanish - much to the chagrin of those that try to copy the good bits -

PS , if you open a block , is there anything in the block header ( yes I know you get a message stating that the block is protected , but you can see the block header) ?