The mysterious innards of .RSS files...

Elcan · Aug 29, 2018

Elcan said:
It could be also interesting to edit RSLogix 500 code without having the software.

I express myself incorrectly. I was thinking about editing the RSS file the same way we can edit the L5K file for RSLogix 5000. You can search and replace, and you can also generate repetitive code faster.

spaderkung · Aug 29, 2018

Downloading is in the same ballpark of difficulty. Sniff traffic and decode in the same way. Might even be the case that the download protocol is already documented by Rockwell.

Aabeck · Aug 29, 2018

7Zip will only open archives it considers proper.

What you need is a Hex Editor that open any file, shows the hex value of each word, and allows you to change the hex value.

Somewhere in this machine language code is one word that means XIC followed by a compiled address to check:
EDIT: I use HxD you can get at https://mh-nexus.de/en/hxd/

Aabeck · Aug 29, 2018

What I have always wanted to do, just never did yet, was create a simple program in RSLogix and save it. Open it in HxD and change one word. Then see if RSL opens it without saying it is corrupt, and seeing which instruction or address changed in the program.

If changing every EA to EB changes all OTE's to OTL's, then I have 2 instructions figured out and need to start on the addresses.

dmroeder · Aug 29, 2018

Archie made a program to upload/download SLC programs years ago, maybe it will shed some light on the subject:

https://sourceforge.net/projects/abdf1/

I've never looked at the source, I'll have to do it when I get some time.

Aabeck · Aug 29, 2018

One thing I do know from opening a known file - the processor name, any password on the file, the RSLinx driver (with IP address if Ethernet) and the name of the computer the file was created on are clearly visible with a hex editor.

From a sample project I just created to test:

Processor Name: QWERTY
Password: 123456
Driver" AB_ETH-1
IP: 192.168.127.250
Computer: DESKTOP-UNPN850

JaxGTO · Aug 30, 2018

FYI it open PLC5 *.RSP files too, but not ACD

mk42 · Aug 30, 2018

Aabeck said:
Password: 123456

Really, Rockwell? Cleartext Passwords?

Aabeck · Aug 30, 2018

mk42,

Microsoft too!

Years ago I used to use Microsoft Money for all my financial records.

I opened it's data file in a hex editor and the password was not encrypted, and near the very end of the file, so it was easy to find.

1161774 · Jun 27, 2019

Plain text passwords! Always fun to find

Well as a follow up to my previous post, I thought I'd post what I've gotten so far. Basically, decoding RSS files is just a right proper pain in the arse and I don't work with them enough to justify spending more time on this side project. But I don't want what I've done to be in vain, so I'll pass on my torch to anyone willing to carry it.

I've attached my proof of concept powershell script to reconstruct and decompress the RSS tree. Assuming you can get it running it'll give you a .bin file with the raw decompressed file data in it, and where I've done it a decoded xml file.

I was able to pretty much completely decode the data files (refer image), and made a crack at the actual program code... But as I said before - right proper pain.

Anyway, hopefully someone else can get some use from this.

Cheers lads.

The mysterious innards of .RSS files...

Elcan

Lifetime Supporting Member

spaderkung

Member

Aabeck

Member

Aabeck

Member

dmroeder

Lifetime Supporting Member

Aabeck

Member

JaxGTO

Member

mk42

Lifetime Supporting Member

Aabeck

Member

1161774

Member

Attachments

Similar Topics