Reverse Engineering

PLC Apprentice

Member
P
Join Date
Jul 2017
Location
Corby
Posts
11
Hi all,

I am a young apprentice who knows a very little amount of PLC and don't know how a system works properly yet. my task I have been given is to reverse engineer a RSLogix 5000 program it has no FDS so basically have to take the program and write how it works. but as I have very little knowledge on Logix im struggling and how to write it. any tips would be greatly appreciated. :geek:
 
That would be the job for a seasoned programmer.
The PLC programming languages are standard, but the way to organize a PLC program can be very different from one programmer to another.

Unless, maybe the program is very simple and the whole thing is a test of how fast you can learn to understand a PLC program.
 
If I was in your position I would start here:

http://www.plcs.net/contents.shtml

That should teach you what you need to know about reading ladder. From there I would just work through the program using the help file to understand the blocks that you don't know. Then google and this forum is your friend from there. Just put your best foot forward and ask colleges who have an idea when stuck.

That would be my approach but I am also new to this world. Enjoy learning. It sounds like a great introductory task.
 
it is a genuine job that requires an FDS but my boss is testing me on how I know PLC code but I've never done a PLC code completed one myself so I am struggling to understand how he expects me to understand a program that has been made already without any help. another thing I forgot to mention is that the program now has been through a translation from Logix 500 to Logix 5000 and in the translation some words get messed up and struggling to understand it I've checked it with the 500 program and that comments are messed up as well so I am kind of stuck. (n)
 
PLC Apprentice said:
it is a genuine job that requires an FDS but my boss is testing me on how I know PLC code but I've never done a PLC code completed one myself so I am struggling to understand how he expects me to understand a program that has been made already without any help. another thing I forgot to mention is that the program now has been through a translation from Logix 500 to Logix 5000 and in the translation some words get messed up and struggling to understand it I've checked it with the 500 program and that comments are messed up as well so I am kind of stuck. (n)
Click to expand...

Sounds like a better starting point would be talking to your boss....
 
im going to need to soon, im just more disappointed I couldn't do more but I have no clue so I guess its where to begin. thanks guys definitely coming back here if I have further problems in the future :site:
 
but I have no clue so I guess its where to begin.
Click to expand...

no guarantees - but the following might at least help get you STARTED ...

find an interesting OUTPUT device (for example a PUMP) that the system controls ... let's say that the address/tagname of the PUMP is Local:2:O.Data.4 ... if you don't know what each of the characters in that string means, then ask the forum for help ...

next use the RSLogix5000 software's Cross-Reference tool and track down all of the places in the code where that tagname exists ... to begin with, pay particular attention to entries where the "Destructive" column has a "Y" (for "Yes") ... those are the locations in the code where the tagname gets CONTROLLED (not actually "destroyed" in the usual sense of the word) ...

get a big sheet of paper and write small - use a pencil - not a pen ... make something like a roadmap which shows where the controlling signal COMES FROM - and - where it GOES TO ...

in the SIMPLEST cases you'll be tracing the logic/signals BACKWARDS (from right to left) through the ladder logic code ... for example: the OTE instruction for the PUMP - gets a signal through the FLOAT SWITCH - gets a signal through the CONTROL SWITCH ...

it might help to think about this stage of the game as something like untangling a large ball of string ... basically - find one end of the string (the OUTPUT device) and start picking the tangles out one-by-one ... this might not be easy - and it might not be quick - but it CAN be done ... that's because the logic is present/included IN the code ...

if you can follow the controlling signals for at least three or four steps back through the logic, then post a picture of what you've drawn out as an attachment to this thread ... we'll help you continue on from there ...

big question: are you allowed to post your program code (the .ACD file) here on the public forum? ... (make sure that your boss doesn't mind first) ... if you can do that, then that will help us give you more detailed help ... (note that you'll have to zip the file first - forum rule) ...

good luck with your project ...
 
Last edited:
Yeah he does know this but he thinks I should know it all after not given me jobs which are PLC related he just forgets. slowly getting there and understanding how it works I am just going to put down in brief notes exactly what I think it works like and then go to him and see what he says. im understanding more that some routines and used solely to state for example water pump running, liquor running etc etc.
 
PLC Apprentice said:
Yeah he does know this but he thinks I should know it all after not given me jobs which are PLC related he just forgets. slowly getting there and understanding how it works I am just going to put down in brief notes exactly what I think it works like and then go to him and see what he says. im understanding more that some routines and used solely to state for example water pump running, liquor running etc etc.
Click to expand...

No one here mentioned this, but I think he's testing two things in you...

- What do you know in terms of PLC systems?
- What do you do when you don't know something?

The most valuable of the two is not how much you know of a PLC or PLC's in general, but how do you tackle a problem of which you don't know much of.
A lot of the guys in this forum have gone through about 3 or 4 families of PLC's, and that is simply from the same manufacturer... if tomorrow a new shiny great brand comes up they will still be able to pick up a manual and get through the problem. That is what is important... knowing what to look for and sift through all the information that is available to you to get where you want to be.
Some people take University degrees to learn this, others learn it by themselves.
 
This must be a test of your abilities as well as your perseverence.
If your boss knows what he is asking for, then he is expecting to be impressed, in other words the but the task may be really hard but still doable for a talented person.
To go from no real knowledge to be able to reverse engineer a program is a difficult task, BUT NOT IMPOSSIBLE.
There is no magic trick.
James suggestion to gather information outside the program is good.
Then put your nose to the grindstone.
 
I'm going to insert some humor here. I've been doing this type of work for 40 years and I have 4 degrees in electronics.

Yesterday, my boss gives me a list of control panel legends that needed to be engraved. Here's one that was on the list (2each-Wins-Start).

So I gave him the legend that was engraved with

2each
Wins-Start

He came back to me laughing his head off because what he wanted was 2 legends that said Wins-Start NOT (1) legends that said 2each-Wins-Start.

So we both had a great laugh!!
 
I will second Ron Beauforts idea.

From the perspective of a person who kinda started the same way.
I was set loose on a complicated machine with a basic idea of PLC's and ladder and no knowledge of the brand being used. I was responsible for keeping this bad boy running so I tasked myself with what your boss has given you. I had to start with finding something that I wanted to know how it works, writing down the wire number(s) then finding it in the code. Then start with the output and go back.. way back till you have found all the conditions. Writing them down in a "Map" as you go. You might start simple with like a light or a relay coil something you think may have only a few conditions. After you have done a few you will be surprised how quick you learn how to navigate that code. In a few months there will be few who know that machine better....Except the dude who coded it!! Good Luck

What kind of time line has he given?
Does he expect you to be ancient PLC master tomorrow?

Edit; All the advice you have been given here is good so far. Not just Ron's he just stated a similar way to how I would do it.
 

Similar Topics

drbitboy
Reverse engineering CCW PID instruction Micro800 Micro810 Micro820 Micro830 Micro850
Cf. https://github.com/drbitboy/CCW_Micro8xx_PID_reverse_engineering
Replies
1
Views
1,950
drbitboy
drbitboy
ganutenator
Reverse Engineering
1) perfectly legit. Company out of business and hardware dying and customers left hanging. 2) This is hard as heck w/o descriptions (ladder...
Replies
7
Views
3,213
Lare
L
N
PanelBuilder Reverse Engineering
I am reverse engineering an old PanelBuilder App (don’t ask!). On some programming screens, the function key tags are shown to me matching the...
Replies
3
Views
2,372
OkiePC
OkiePC
R
Reverse Engineering Complex Logic
Do you know any simple ways to trace out logic and document it in an easily digestible way? I just spent about 3weeks tracing out logic in...
Replies
12
Views
5,830
donnacha
D
JeffKiper
Learning indexing servos by reverse engineering a system
I have a customer that wants to convert about 7 to 10 1398 Servos to 2098. They have both PDM and DDM versions. They would like to standardize...
Replies
1
Views
3,002
Steve Bailey
Steve Bailey
Back
Top Bottom