plc direct password

[jimbo3123]

No way...

24 hours x 60min x 60sec x 365 days = 31,536,000 Seconds in a year. There's only 10 million possabilities??. Max two years at a reasonable trial rate. (which is still rather unreasonable...)

If you can set up a PC and program to try 10 possibilities per second, it would take 115.74 days to try every possibility.

Since it is highly likely that the password used less than the full 8 digits (4-5 is most likely), I would bet that the password could be found within a few hours (using brute force).

I would try all of the obvious passwords first (12345, 11111, their project number, etc.)

 

[Stephen Luft]

Chances are you are going to have to reprogram all of it. I would find it highly unlikely that Therm-O-Seal would have provided you with the program if they didn't give you a password. I wouldn't expect any assistance from the manufacturer.

As Mike had mentioned, it seems like we haven't received the whole story.

Was the equipment purchased new or used?

Is it still under warranty?

What does their warranty state?

What were the actual problems?

Were they wanting to have the machine do something out of its stated operating parameters?

Tell the bozos at Therm-O-Junk that it will be cheaper to give you the password than talking to your lawyer.

Norml - before you make such a comment, I would suggest you make certain you have all the facts first.

The original post makes no mention as to specifics.

As an OEM, they are not required to give you their intellectual property.

If the machine was purchased second hand, they are not required to offer you the same support as when the machine was purchased new.

The only way that the password can be removed is to send the PLC back to automationdirect.com. We will clear the password and memory and return it to you in factory default condition.

Please note that the memory will be completely erased by this procedure. Please call Technical support at (800) 633-0405 or (770) 844-4200 to arrange to have the password removed.

Icky...you would actually circumvent your customer? Your customer who purchases many units from you, for the sake of accommodating one of their customers, for which you have no direct association?

Call the company and ask for the password, tell them that you aren't interested in stealing their proprietary technolgy and making your own sealers, just simply want to make some changes to the way that YOUR machine operates. It will hurt your pride but it may be benefical to ask them to make the changes for you. Swallow it, the company you work for wants a working machine and if that is the best way to deliver it to them then so be it.

Scott, Do you actually think a company would respond favorably to such a request?

 

[elevmike]

Icky...you would actually circumvent your customer? Your customer who purchases many units from you, for the sake of accommodating one of their customers, for which you have no direct association?

Stephen,

Regardless of the circumstances. AD's offer to clear the password and program code would not be circumventing or hurting the OEM in any way. This action only allows re-use of the PLC, but at the same time protects intellectual property rights of the machine maker as the end result is the current owner would get back a totally blank PLC that must be totally re-programmed.

 

[OkiePC]

Icky...you would actually circumvent your customer? Your customer who purchases many units from you, for the sake of accommodating one of their customers, for which you have no direct association?

I don't feel that if Icky cleared the PLC memory that it would circumvent the protection installed by the OEM.

I also agree that it would be best to write a new program from scratch.

I would buy a new CPU and send the original one back to the OEM just to prove that no tampering took place.

JMHO
Paul

 

[10BaseT.]

Write the software again - there can't be too much to it - as a couple of others have noted , there may be more to this than meets the eye -

Why not post the exact reply the OEM has given you regarding this matter - if you bought a new machine in good faith - I can't imagine that they would want bad press , however , if yuo bought a heap of junk out of the scrappy , you can't expect them to do too much for you , and it is not fair to slag them off for this .
If the PLC is turned back into a brick , you haven't removed any protection , there is nothing to protect -

I got refused access to a factory earlier this year because I had previously refused to give a FOC visit to remove RSView licenses from a Versa HMI that the customer had cooked - nothwithstanding the fact that they had loast the license diskette , and the machine was in another country , and I had already set them up a spare HMI with touch panel for that very situation - they considered that I was a bad egg - (tossers)

 

[allscott]

Scott, Do you actually think a company would respond favorably to such a request?

Why not? This is a bag sealing machine, not the space shuttle. If the original poster actually made improvements to the machine I'm sure the OEM would be interested in knowing what was done to improve their product. Cut a deal of some sort.

 

[OZEE]

I guess I've been on both sides of this discussion... both as a customer and as a System Integrator.

As a customer, I've received machines from vendors that they could not make work and eventually either surrendured on or management accepted the machine anyway (after a "non-working penalty"). I then took these machines and fixed them to be useful to the original specs.

As a customer, I will not (intentionally) accept a machine from a vendor for which I do not have access to the program! Period! End of discussion! If you're wanting to do business with me, it'll be my way or you won't do business with me - and if you screw me at the end of the project and withhold the documented program, you won't be doing business with me again. That is documented in our contractor agreements.

As a customer, I'm the one who's responsible to keep that machine running day-to-day. When it lays down in the middle of Saturday night, I can't afford to wait until Monday morning in your time zone to get somebody on the phone who probably won't be able to help me anyway. Downtime in my plants are too valuable!

As a systems integrator, I always provided the documented program to my customers. (Most of the required it, anyway!) It generates good will with customers. When there is a problem, the can try to solve it themselves (if they have employees enabled to do such) -- it kept my phone from ringing in the middle of the night! And when they did need my help, I was still able to provide it.

And who truly owns the "intellectual property." As a customer, I paid you for the machine. Ford does not retain partial ownership of my car when I pick it up from the dealer. Nor does WalMart, or Chevron, or anybody else. I paid you, it's my software!

 

[mellis]

This isn't a "one size fits all" situation.

If the equipment in question is a completely standard machine with embedded software that doesn't require modification by the end user, then you typically won't get documentation, access, or support. And if you do modify it, you void the warranty.

However, if the equipment is a one-off custom, you are much more likely to get full documentation, ownership of the software, and access to modify.

The problems arise when the end user and the OEM don't have the same view of what type of machine it is. And since there is a whole range between the two extremes, it's fairly easy to find yourself at odds with the other party. That's what contracts are for, to nail down what you get for your money.

I'm also very much in favor of full documentation and access to the program on industrial equipment. However, we all buy stuff that does not provide this and we don't give it a second thought. That Ford is a good example. Ford does not supply any documentation or access to the the engine control program to the end user. If you do modify it anyway, your warranty is void. You don't "own" that software, Ford does retain the rights to it.

 

[icky812]

Stephen, please re-read what I said. I believe that you misconstrued the answer.

We do offer to clear the program COMPLETELY from a customers PLC. This includes the ladder, user, and system memory areas. The PLC memory areas are completely and utterly erased. Basically what the customer would recieve back is the same thing as if they had purchased a new unit from stock. Obviously it is used, but it is in the same default state in regards to the memory areas as a new unit.

 

[Stephen Luft]

I did not mean to imply that the OEMs intellectual property and what Icky was offering were related. In rereading my post, I do see how the two items could be construed as an extension of a similar thought.

Icky, I did read what you wrote and understood it - that you would completely reset the PLC to its original state.

The circumvention I was referring to, dealt with getting involved in a situation whereby AD had originally sold a controller to an OEM customer. Because there was an issue between your OEM (Therm-O-Seal) and their customer (tlclark46), for whatever reason, why would you get involved and provide the customer of your OEM with a service whereby they could create a new program in an existing OEMs PLC?

Your customer (Therm-O-Seal) password protected the PLC for a reason.

I don't know anything about your present relationship with Therm-O-Seal, but if they are a current OEM customer, I would anticipate one would side with a customer who provides continuous business, vs. a one time purchase.

As I had stated before, there is a good amount of information we don't know about this situation.

 

[allscott]

I did not mean to imply that the OEMs intellectual property and what Icky was offering were related. In rereading my post, I do see how the two items could be construed as an extension of a similar thought.

Icky, I did read what you wrote and understood it - that you would completely reset the PLC to its original state.

The circumvention I was referring to, dealt with getting involved in a situation whereby AD had originally sold a controller to an OEM customer. Because there was an issue between your OEM (Therm-O-Seal) and their customer (tlclark46), for whatever reason, why would you get involved and provide the customer of your OEM with a service whereby they could create a new program in an existing OEMs PLC?

Your customer (Therm-O-Seal) password protected the PLC for a reason.

I don't know anything about your present relationship with Therm-O-Seal, but if they are a current OEM customer, I would anticipate one would side with a customer who provides continuous business, vs. a one time purchase.

As I had stated before, there is a good amount of information we don't know about this situation.

So you are saying that if I had a machine with an Entertron PLC in it and I wanted it wiped clean so I could write a new program for it your company wouldn't do that for me?

That's crazy

 

[AndyT]

I did not mean to imply that the OEMs intellectual property and what Icky was offering were related. In rereading my post, I do see how the two items could be construed as an extension of a similar thought.

Icky, I did read what you wrote and understood it - that you would completely reset the PLC to its original state.

The circumvention I was referring to, dealt with getting involved in a situation whereby AD had originally sold a controller to an OEM customer. Because there was an issue between your OEM (Therm-O-Seal) and their customer (tlclark46), for whatever reason, why would you get involved and provide the customer of your OEM with a service whereby they could create a new program in an existing OEMs PLC?

Your customer (Therm-O-Seal) password protected the PLC for a reason.

I don't know anything about your present relationship with Therm-O-Seal, but if they are a current OEM customer, I would anticipate one would side with a customer who provides continuous business, vs. a one time purchase.

As I had stated before, there is a good amount of information we don't know about this situation.

First this password policy was put in place when PLC Direct, and now AutomationDirect, opened it's doors in 1994 and has not changed. I helped to set this policy. Icky gave the correct information as to what ADC will do for any customer. We will NOT unlock your PLC so you can have access to a OEM's (or anyone else's) program when they have choosen to lock it. We WILL totally reset the CPU as if you had just purchased it from us. Want it firmware upgraded at the same time? We can do that also at no cost. That is the fair thing to do.

We do NOT allow the size of a customer to determine or bypass our policys. We try our best to do right by customers and end users of our products. Technical Services supports all of them the same and to the best of our abilty.

The technicans and engineers that answer questions in these forums and on the phones typically do not know customer purchase history but they do know support history.

Andy

 

[Stephen Luft]

If someone wanted to use one of our controllers for something else, it isn't that complicated.

If the EPROM is burned with a customer program, it is as simple as replacing EPROMs. Various operating systems are provided with our software. So long as you can program an EPROM with a new operating system, you can replace it and use it for something else.

We don't offer password protection because we provide only one way program access. (download to the controller only) When the EPROM is burned with a customer program, you are unable to download a new program to the controller's bbram. In essence a similar result to a password protected controller - unable to modify the program, upload it or download to the controller.

An EPROM with O/S only will allow you to download to bbram as often as you want.

We do not offer a decompiler for converting a compiled code into a ladder program, therefore the programmed EPROM is of little value.

We, in no way offer access to a customer's ladder program.

We also do not get involved with current OEM's customers. Any contact made by one of their customers is immediately referred back to the OEM.

 

[elevmike]

Stephen,

1)What's the difference if one replaces the Eprom, or clears the password protected memory?? The end result is the same. Besides, Therm-O-seal, I and every other OEM who purchases plcs from AD knows (or should know) their policy regarding this issue. If somebody wants to take and reprogram one of our panels; Well, good luck & God Speed..

2)Personally, I would think that it's not up to the manufacture to attempt to control what the plc will be used for. This seems akin to buying a used car and having the OEM tell you you cannot use it to drive to work, because the origionl buyer used it to haul the kids to school..

As a matter of fact, you have made it somewhat less complicated to re-use the/your PLC since all one needs to do is download your software (for free), and purchase a new Eprom. With AD however, it has to be sent back to them, and you have to BUY the programming software...

 

[bernie_carlton]

I think that when a person buys a machine with a PLC they have fully purchased the physical components of the machine including the PLC. They have NOT pucrchased the design of the machine which includes the program within the PLC.

As long as they don't try to replicate the machine using it as a guide and only wish to reuse the PLC (after having wiped the memory) then all is ok. Of course then they can no longer then rely on the original manufacturer to help them with anything. So AD being willing to wipe a PLC's memory doesn't seem to interfere with anything.

But the original poster appeared to want to access the original code. Given that an OEM lock was in place, this sounds out of bounds.

We use an OEM lock on our CPUs from AD but only for specific machines which have a timed payment. When each payment is received an new monthly unlock code is provided. This has only proved a problem in a couple of instances where the customer incorrectly entered the monthly unlock code or the accounting department did not communicate the supplied unlock code to the people operating the machine.

Once the machine is paid off a permanent unlock code is provided. If they wish it, at that point, the OEM lock on the CPU will also be provided (no one has asked for it yet). At that point the customer, if they were PLC savvy enough, could see the list unlock codes that they had been required to enter during the payoff period, but it wouldn't help with any other machine we supply.

We encourage our customers to use full PC program tools to support their own machine and the OEM lock necessarly limits that during this period of payment. We support customer requested changes and are willing to freely consult with them concerning program changes they wish to make to more closely fit their operation.