None of the forum members will help crack passwords. Nothing personal, there's just no way we can know who is the intellectual owner of the property you're trying to access. You'll need to get a hold of whoever set the password.
If you can't locate the person that set the password, the other option is to contact that manufacturer of the PLC to see if they can help you access the program.
I've never dealt with Simatic/Siemens so I don't know what their policy is when it comes to password protection. Rockwell has a strict policy not to assist circumventing password protection, however.
I've never dealt with Simatic/Siemens so I don't know what their policy is when it comes to password protection. Rockwell has a strict policy not to assist circumventing password protection, however.
The rumor I've heard is that it somewhat depends on which country you ask Siemens in. If you ask in the US or Germany, the answer is pretty much no. In the China, that no can turn into a Yes in the right situation, at least where circumvention is possible.
I don't know about password protected CPUs, but I have heard of knowhow protection in Simatic Manager being a pretty lightweight protection.
They've since developed "Block Encryption" for the 300s in Simatic Manager, and supposedly the block password protection for the newer CPUs in Portal is encryption as well. Supposedly there's no backdoor available for either.
If the PLC itself is password protected, I'm afraid you can't do much.
If the blocks are password protected, I think MS Access 2008 is the only piece of software you require to break it.
However, if you are uploading a PLC program from a S7-300, you will have a really hard reverse engineering job ahead of you to understand where exactly to make the modification.
Next time, make sure a PLC program is included and IP rights transferred over to the company that bought the system so that none of the blocks are password protected/encrypted.