Alternative PLC Compilers (for Siemens S7 PLC's)?

hcl3646

Member
H
Join Date
Jan 2018
Location
US
Posts
3
Hi everyone,

I'm pretty new to PLC's in general, and working on a project where I have to get familiar with the PLC compilation process (specifically we will be working with a Siemens S7-1200).

The main issue is that I'm having trouble finding information online about this topic. The most I've been able to find so far is that SCL gets translated to assembly-like STL which turns into machine-comprehensible MC7 instructions.

Are there any alternative or open-source compilers for S7 PLC programs (or just alternative PLC program compilers in general)? I'm hoping that something like this could help me understand the process better.

Also, if anyone can share any information related to how the compilation process works in general for PLC's (assembly, linking) I would greatly appreciate it!

Cheers,
Matt
 
The only info I have ever seen about someone investigating how S7 STL code is converted into S7-1200 IL machine code is this one, in german:
https://www.sps-forum.de/simatic/68502-der-s7-1200-unter-den-rock-geschaut.html

And I have seen that someone succeded in writing a worm that could insert code on the operating system level on S7-1200 CPUs with early firmware. I cannot seem to find that info now (maybe has been removed !?).

Apart from that you wont find a 3rd party compiler for the newer Siemens PLCs S7-1200 or S7-1500. Siemens wont publish the information that would be necessary to create such a 3rd party compiler.
 
hcl3646 said:
Hi everyone,

I'm pretty new to PLC's in general, and working on a project where I have to get familiar with the PLC compilation process (specifically we will be working with a Siemens S7-1200).

The main issue is that I'm having trouble finding information online about this topic. The most I've been able to find so far is that SCL gets translated to assembly-like STL which turns into machine-comprehensible MC7 instructions.

Are there any alternative or open-source compilers for S7 PLC programs (or just alternative PLC program compilers in general)? I'm hoping that something like this could help me understand the process better.

Also, if anyone can share any information related to how the compilation process works in general for PLC's (assembly, linking) I would greatly appreciate it!

Cheers,
Matt
Click to expand...

There generally aren't 3rd party compilers for most PLCs. The Programming software is usually developed especially for the HW, and the compiler gets wrapped up in the middle.

You might have better luck with Codesys for a Raspberry Pi. I don't think it's open source, but because it is on a PI, you might get more visibility into the end result.


JesperMP said:
And I have seen that someone succeded in writing a worm that could insert code on the operating system level on S7-1200 CPUs with early firmware. I cannot seem to find that info now (maybe has been removed !?).
Click to expand...

https://www.blackhat.com/docs/us-16...laster-A-Worm-Living-Solely-In-The-PLC-wp.pdf

The paper had some interesting insights, although something like that can be blocked via password protection.

It doesn't look like it goes into the compiler details. I think it simply recorded a Portal download, and then figured out how to store that in a DB to be sent with Tsend/Trecv.

Might be more details if there's a recording of the presentation, vs just the paper.
 
Why do you need to be familiar with the PLC compilation process for S7-1200?

I say this because Siemens doesn't, to the best of my memory, use the word compilation in their 1200 or 300 PLC documentation. The only place where I saw that word used was when dealing with PCS7, which doesn't work in the 1200's.
 
Hi, thanks for all the answers! The paper was very interesting and although I don't speak German, I'll look into that too.

To briefly answer the questions some posed, I'm working on a research project looking at possible ways to increase the security around PLC's.

Thanks again.
 

Similar Topics

R
Exploring Alternative PLC Hardware: Seeking Recommendations and Insights
Greetings All, I recently decided to start freelancing in Controls and Automation part time, most of my experience has been with Rockwell...
Replies
2
Views
140
OkiePC
OkiePC
J
Alternative Virtual PLC
Hi Guys, Does anyone know of an virtual PLC similar to RS Emulate. I need one for testing programs created for AB and general training. The RS...
Replies
5
Views
2,580
CapinWinky
CapinWinky
E
9300 RADES PLC modem cheaper alternative.
Hello all, Has anyone tried a more economical alternative to the 9300 RADES (Allen Bradley PLC modem)? Thank you!
Replies
4
Views
2,739
RobNV
R
W
Alternative PLC Logic
I have 10 different product lines. I need to know when At Least two production lines are in service. The long way would be something like. If A...
2
Replies
25
Views
9,551
Doug__P
D
E
Magnetek RFQ Issues/Alternative suppliers
Recently I have requested a quote from Magnetek for their Impulse Drives but can't raise a response from them. I've requested a quote FOUR TIMES...
Replies
3
Views
1,059
TedMortl_2022
TedMortl_2022
Back
Top Bottom