S7-400 password breaking method/tool/utility/software

Usama_maqsod

Member
Join Date
May 2016
Location
Lahore
Posts
29
Hi Everyone,

I need some method/tool/utility/software for breaking the password in Siemens S7-400 CPU.
password protection level is 3(write/read) protection so I am also not able to upload it.
I have came across a lot of blogs,conversations,documents but i have failed to find something useful.I know that there are some breaking tools are there in market and I am trying to access.

But I also want the suggestions fro the experts here.
Thanking you
Any comment that can lead to success will be appreciated.

NOTE: original creator is not available anymore so I cannot contact with them.:site:
 
Do you need the program on the PLC or do you just need to reset the PLC so you can write a new program to it?

If you don't need the program you can reset it using the MRES button I think or updating the firmware, check the manual for details. I've only done it on 300 series, but instructions are probably the same.

Case A: You want to download a new user program to the CPU.
1. Set the switch to the STOP position.
Result: The STOP LED is lit.
2. Toggle the switch to MRES, and hold it in that position. In this position the mode selector acts as pushbutton.
Result: The STOP LED is off for one second, then on for one second, then again off for one second, and then it remains lit.
3. Then release the switch, return it to MRES within the next 3 seconds, and then release it again.
Result: The STOP LED flashes for at least 3 seconds at 2 Hz (memory is reset) and then remains lit.
Case B: The STOP LED is flashing slowly at 0.5 Hz. This indicates that the CPU is requesting a memory reset (memory reset requested by system, e.g. after a memory card has been removed or inserted).
Toggle the switch to MRES, and then release it again.
Result: The STOP LED flashes for at least 3 seconds at 2 Hz, the memory reset is executed, and the LED then remains lit.​
 
Diameter157 thanks for your valuable comment but unfortunately i also want the program(logic) the program in PLC.

so the mentioned method will not work for me.

Any ways i am working on it i hope something positive will come out
Again thank you.
(y)
 
Hmmmmm

I wish this discussion was allowed 'cos many of us are in direct need of the info.

Why would you want to disseminate information that can be used to steal/corrupt/damage/take over/destroy/control a program that someone put a password on for a purpose?

There is always an assertion made an exception should be allowed because <fill in the reason>.

I am not saying you or the OP are being nefarious. How is anyone here to really know a need to violate a password is honorable?

My2c.
 
I'm not
Alot of what I do is proprietary, It belongs to the customer.

I have an admin password ( just in case ) and my customer has a password ( maint level)
which means they can change values ( timers counters ect ) but cannot change structure.

Besides, Its a liability if they change my code and an operator or maintenance person were to be injured on a machine is was part of building. So my passwords are a security feature not only for the customers investment but also for the protection of personnel.

Rules are rules. I wish to not have this discussed.
 
Even if you could guess the password, as it is Level 3 protected wouldn't you have to have a copy of the program already on your computer?
 
The correct time to deal with PLC password issues is when you are negotiating the purchase of the machine. If you are purchasing from the OEM, you and the OEM need to reach agreement on whether or not there are passwords and if there are, whether or not you are given access to the program. If you are purchasing the machine from a previous owner, you should get the seller to give you any passwords. If the seller didn't get the password from the OEM, let him keep his machine. If the seller shows a 'deer in the headlights' face when asked about passwords, add a clause to the purchase contract that ties the final payment to your successful access to the PLC program.
Simply put, if you object to passwords don't buy equipment that uses them.
 
I'm not
Alot of what I do is proprietary, It belongs to the customer.

I have an admin password ( just in case ) and my customer has a password ( maint level)
which means they can change values ( timers counters ect ) but cannot change structure.

Besides, Its a liability if they change my code and an operator or maintenance person were to be injured on a machine is was part of building. So my passwords are a security feature not only for the customers investment but also for the protection of personnel.

Rules are rules. I wish to not have this discussed.

Wouldn't be easier that when you deliver the project, have a license agreement and you are not liable for code changes made by them?

To answer OP's question:

By the way I know how painful must be not to be able to make an upload. And I know that many times maintenance personnel are not even involved in choosing PLC programmer vendors. I suggest you take this up with your management, and make sure next time that when you receive a project you will be able to perform your job, monitor online, make calibrations, etc. What's the point of having a PLC if it is just there all locked up?

Unless it is some insane crazy proprietary algorithm, I see no reason to lock out a customer of a project they have paid for.

But if the machine in question is simple to program. I would just start from scratch if possible.
 

Similar Topics

I have a Micrologix 1400 that had a password installed. I did get the RS-232 tap and set it up so I can read the comms via hyperterminal, but...
Replies
6
Views
9,052
Hi, I'm at a client now who would like to monitor the PLC code, and he would like a "view only" password because he know he cant get the editing...
Replies
4
Views
2,969
Hello All, I have a DEIF AGC-3 controller connected with a Pro-face AGP3400 via ethernet switch and I have lost the communication in bwetween. I...
Replies
4
Views
4,874
Hi I would like to configure a new password to prevent someone changing the ip address. There is no password at default. Every time i just press...
Replies
4
Views
2,879
When I am trying to set ip address to my brand new Micrologix 1400 PLC in LCD screen it is asking for master password. can anyone help me in...
Replies
7
Views
13,285
Back
Top Bottom