CLX/CPX Processor Lock

Join Date
May 2019
Location
World
Posts
1
Looking for some input...

I felt like I needed to make a pseudo account (my other account pretty much is my name) to discuss this topic. We are now receiving a product from an OEM that has decided to "lock" a program to a unique processor serial number.

Here is the overview, the program file pretty much has EVERY routine source locked (encryption 9 :cry: V30). Unfortunately, no real good way of following the logic, other than cross referencing tags and seeing what routines they reside in. It would appear that they GSV the processor serial number, then compare it to a hard coded value, and if happy will then call the routines to run the logic.

I'm am all for encrypting proprietary algorithms and logic (AOI's and what not), but locking a program to a specific serial number for a processor to force you to be fully dependent on the OEM, not a fan (very very sneaky). We will be opening discussions with them about this tactic, and they need to explain to us why they feel this is necessary, since there is legal mumbo jumbo that might have them stepping in a grey area.

Has anyone seen / used this tactic before? I totally understand that processor replacement due to failure is extremely RARE, but this just doesn't seem like a good tactic.
 
Using a GSV and a source-protected routine to prevent operation is one way to do it, but ControlLogix has had Serial Number Keying as a built-in feature for decades. I suppose a GSV-based protection scheme allows you to let the machine start and do diagnostic or limited functions but not actually run automatically, versus the Serial Number Keying that would prevent the program from loading at all.

I have one customer who does source protection and serial number keying as a standard practice, because their machines are leased and paid for by runtime hours, not purchased. All their customers know about the functionality, and their worldwide service department is top-notch, so legit customers suffer very little downtime.

Some purchase agreements include a requirement that the customer buy their spare parts and service directly from the OEM; it's a way to generate an ongoing revenue stream for the OEM and reduce the capital costs for the customer. Security mechanisms that help enforce those agreements make sense.

Consider the occasional guys who come on PLCTalk asking for help with PLC-5C ControlNet processors and FLEX I/O with Phase 1.25 firmware. All of them are Solar Turbines customers who are trying to violate their service agreements, or have been doing so for years and finally had a critical failure. Some of them may also violating various international embargoes and sanctions. I don't play that game.

I agree that an OEM lock that isn't disclosed to the customer is sneaky and dishonest. But I've been on the other side of that dispute enough to know that there are always two sides to the story, and that executives aren't always completely forthcoming with their engineers.
 
There is probably nothing in their code that is worth locking to start with. I've seen programs locked, and after unlocking noticed poor code. Maybe they were ashamed so they locked it.

Good luck to you.
 
Perhaps they sell to companies that would happily buy one machine and copy it 1000 times over. The PLC code is probably one of the only thing on a machine that can be locked and therefore not copied, so unfortunately that's what gets locked. Shaft dimensions - copy. Wiring - copy. Perhaps you could ask them to unlock it. You might get someone that knows 100% you're not buying on behalf of a competitor and will happily let you have the code.
 
I have seen punch presses and safety plc's locked down due to liability.

as you said, get with legal and see what is written in the contract.
contact them and see what can be done.

we have very specific systems that are locked down by the oem as you said for their company liability. it was agreed to when the contract was written.

james
 

Similar Topics

Greetings, I am trying to write a DINT value from a ControlLogix processor to a CompactLogix processor. The CLX has an ENBT connected to the...
Replies
14
Views
5,955
Controller: 1756-L84E v.35 Prosoft MVI56E-MNETC for ModbusTCP/IP I'm having an issue with some of my write commands. The write command that...
Replies
0
Views
171
I have several Avery scale units and they are configured as Generic Ethernet modules, and I am actually reading the data fine for the weight...
Replies
2
Views
364
What's the best way to move a tag value from the panelview+7 to the clx plc. We display amps from a power meter on the panelview screen, read in...
Replies
1
Views
382
I'm running into an issue migrating a PLC-5 using the newer Logix Designer Export when opening a saved .ACD from RSLogix-5. It has multiple RIO...
Replies
2
Views
600
Back
Top Bottom