Ripping a password from a s7-300
- Thread starter Dryhops
- Start date
JRW
Member
Is there any notification of the exceeded log in attempts? Not sure of the version of the HMI project.
Interestingly, in the process of guessing the username and passwords, the 'ADMIN' username is now populated in the username field when the log in prompt appears. It does not seem to save any other attempted usernames, so the behavior suggests that it might be correct.
I will try some of the suggested passwords. We discovered that the manual mode requires no password, so fortunately we can run it that way for the time being. I'd rather get the auto mode working though, it has alarming and such.
Can I just reboot the panel to reset the log in attempts? Or do I need to download the project again?
Interestingly, in the process of guessing the username and passwords, the 'ADMIN' username is now populated in the username field when the log in prompt appears. It does not seem to save any other attempted usernames, so the behavior suggests that it might be correct.
I will try some of the suggested passwords. We discovered that the manual mode requires no password, so fortunately we can run it that way for the time being. I'd rather get the auto mode working though, it has alarming and such.
Can I just reboot the panel to reset the log in attempts? Or do I need to download the project again?
JRW
Member
you have to download
but Im not convinced that is your problem
So when you press the auto button again, it asks for the password again?
but Im not convinced that is your problem
So when you press the auto button again, it asks for the password again?
travispedley
Member
The only fix I know of is a re-download.
I'm trying to attach some pictures of the screen, but theyre not uploading properly.
Going between manual and auto mode does not require a password. Only the user input boxes require it.
For instance, in the configuration section, you can set:
O2 by 4mA
O2 by 12mA
O2 by 20mA
O2 high Alarm
O2 limit
If I click on the input field, the password prompt appears. When I enter a password and hit enter, the prompt closes and the value in the field becomes highlighted. There is no indication that the password is correct or wrong. If I click the newly highlighted field once more, the password prompt appears again.
I would think that if I get the password correct, the keyboard would appear for me to input a value.
The auto mode is not protected, but the issue is that the new O2 sensor is not scaled so the values are out of range and eventually the alarm goes off, stopping the system. So until I get it properly scaled, manual mode is the only option.
Going between manual and auto mode does not require a password. Only the user input boxes require it.
For instance, in the configuration section, you can set:
O2 by 4mA
O2 by 12mA
O2 by 20mA
O2 high Alarm
O2 limit
If I click on the input field, the password prompt appears. When I enter a password and hit enter, the prompt closes and the value in the field becomes highlighted. There is no indication that the password is correct or wrong. If I click the newly highlighted field once more, the password prompt appears again.
I would think that if I get the password correct, the keyboard would appear for me to input a value.
The auto mode is not protected, but the issue is that the new O2 sensor is not scaled so the values are out of range and eventually the alarm goes off, stopping the system. So until I get it properly scaled, manual mode is the only option.
travispedley
Member
these inputs simply feed values in the plc. if you can get online with the PLC, you can manually changes these numbers (if you can find them) the fun part will be figuring out where they are in the code.
JRW
Member
Dryhops
It wont give you an indication it took it
You will know if the button does what its supposed to or the input works
It wont give you an indication it took it
You will know if the button does what its supposed to or the input works
Is it accurate to say that all of the data the program is referencing would be contained in DB blocks? I rifled through all ~20 of them, I only found one string[10] data type 'PROD11'. Right now, I'm not sure if I'm locked out, or if I should keep searching among the data blocks.
Is it plausible that the credentials are instead represented as an array of bytes, or other data type?
Is it plausible that the credentials are instead represented as an array of bytes, or other data type?
JRW
Member
get your pics to post
Passwords are stored in the hmi- not in the program
But again- we need to see what you have
Passwords are stored in the hmi- not in the program
But again- we need to see what you have
travispedley
Member
I was talking about changing the scaling values in the PLC DB directly, instead of the user/password. It was my understanding that that was the issue keeping you from cycling.
The TP177 programmer forgot to add an indication on the screen who is loged in. Without that you can only try to enter values and see of they get accepted or if the login dialog pops up again.
Since you are in contact with the original supplier, you can ask them:
That they give you the original TP177 program (it does not hurt to ask).
If they wont, then ask them to offer the program on a flash card (*) (if the TP177 is the kind with a flash card slot).
If they wont/cant, ask them to send a Prosave image (*) file.
If they wont/cant, ask them to quote a replacement panel (*), preferably migrated to a newer comfort panel.
If they wont/cant, then you are looking at reverse-engineering the TP177 program. Not impossible if the program is not too complex.
*: And with the "password retries" feature turned off !
Similar Topics
My R55 Ingersollrand is tripping on motor overload and im falling to see the trip history it is writing Acquarring texts
VFD is not tripping at higher current , resulting in motor failure .
VFD Model :
Make - KEB
Type - H6- 10H6BBBB-21B0
Hello all! I am fairly new to the world of PLC's and this forum, so I apologize for my lack of knowledge. I have a Powerflex 753 that keeps...
Hi all,
I am having a problem with my servo motor and I'm absolutely stuck as to why it wont run.
Without any gearbox or any load attached to...
Hi All, I have a click plc the I need to bit strip and 16Bit int. This is to get the alarms from these bits in the int. Do anyone know how to bit...
