Open Source PLC protocols?

Ozpeter

Member
O
Join Date
Aug 2014
Location
Virginia
Posts
124
Are there any open source PLC communications protocols that would allow writing to the inputs of an Rx3i PLC? The reason I want this is for hardware simulation and testing of a PLC program.

And no, Modbus/TCP doesn't work as you cannot write to inputs, only read from them.
 
Use Modbus and write to %Q or %R memory in the Rx3i. Then in ladder logic you can copy the %Q or %R data to %I. The normal input scan happens just prior to logic execution, so place the rung that copies the data at the beginning of your program.
Another option is to use a 90-30 instead of Rx3i. That PLC supports the SNPX protocol which is publicly documented. SNPX permits writing to %I. The Rx3i does not support SNPX. SNPX is serial, not ethernet.
 
Last edited:
Steve Bailey said:
Use Modbus and write to %Q or %R memory in the Rx3i. Then in ladder logic you can copy the %Q or %R data to %I. The normal input scan happens just prior to logic execution, so place the rung that copies the data at the beginning of your program.
Click to expand...
Trying not to sound flippant, but been there done, that and trying to avoid it again :D

I am trying to avoid modifying the target PLC program. Especially as the inputs I want to simulate are scattered across the input table and are not collected nicely in one spot, which makes maintenance of such a scheme very labor intensive.
 
Mark- said:
Does the RX3i support SRTP? The Ethernet version of SNP-X.
Click to expand...
I believe that the RX3i does support SRTP and while it is technically proprietary I have just found a security researcher's paper from last year called "Leveraging the SRTP protocol for over-the-network memory acquisition of a GE Fanuc Series 90-30" which has a section on documenting SRTP. So this may be where I am headed.

Unfortunately they don't provide any source code because hackers could get online to a PLC and do something (which I think is a bit strange as I can do the same with Modbus/TCP - except write to the inputs!!!)
 
Ozpeter said:
Trying not to sound flippant, but been there done, that and trying to avoid it again :D

I am trying to avoid modifying the target PLC program. Especially as the inputs I want to simulate are scattered across the input table and are not collected nicely in one spot, which makes maintenance of such a scheme very labor intensive.
Click to expand...
I must be missing something here, all the PLC I ever with doesn't allow Input to be "faked" through communication, for what I think is very obvious reasons.
 
I don't think you will be able to avoid modifying the PLC. If you are able to roll your own communications driver that can write to the inputs, you will either have to suspend scanning the I/O modules or make sure you write to inputs that aren't assigned to modules. Otherwise the values the CPU gets from the modules will overwrite what you send from your simulation.
The suggestion I made in post #4 works around that fact by having your simulation write to an intermediate memory location and then passing the intermediate value to the actual input point after the normal I/O update and before the logic scan.
 
Steve Bailey said:
I don't think you will be able to avoid modifying the PLC. If you are able to roll your own communications driver that can write to the inputs, you will either have to suspend scanning the I/O modules or make sure you write to inputs that aren't assigned to modules. Otherwise the values the CPU gets from the modules will overwrite what you send from your simulation.
Click to expand...
I'm testing on a PLC that consists of only the CPU and PSU with zero other physical I/O modules or data links (EG EGD) connected to the system. So writing to I/O with something like SRTP will work.
 

Similar Topics

R
Free and open-source PLC driven warehouse/manufacturing simulation made with Unity
GitHub Link: https://github.com/Automation-Standard/Open-Industry-Project This is a little side project I've been working on that I felt would be...
Replies
14
Views
3,402
ryevdokimov
R
A
Open Source SCADA Software for Mitsubishi PLC FX3U Series
Does anyone here have suggestions of open source SCADA software that can be used for Mitsubishi PLC FX3U Series. I want to monitor its data...
Replies
2
Views
2,792
goghie
G
ryangriggs
Open-source PLC Data Access server
I was just reading Archie's post about the open source AdvancedHMI system they have developed. This is a great system, but in order to grow in...
2
Replies
18
Views
6,828
ryangriggs
ryangriggs
T
Open source PLC
Hi all, I'm a Ph.D. student at the University of Alabama in Huntsville, and my research topic is SCADA cyber security. My goal is to find...
2 3
Replies
32
Views
18,656
AustralIan
A
S
Open source PLC drivers
Does anyone here write, modify, or even use open source PLC "drivers" (any software to communicate between PCs and PLCS, ie, APIs, programs, OPC...
2
Replies
21
Views
15,060
SCADA_Dude
S
Back
Top Bottom