S7-300 PLC password crack (Hardware)

[bhagwan]

Hi... Friends...
I have s7-300 Plc that is password protected so I able to download n upload the programme,so please help me how to crack ?

 

[LoganB]

None of the forum members will help crack passwords. Nothing personal, there's just no way we can know who is the intellectual owner of the property you're trying to access. You'll need to get a hold of whoever set the password.

 

[bhagwan]

Actually I'm at and client requirement to some of the logic but they no any backup of Plc ..so we need to upload and then I will modified

 

[LoganB]

If you can't locate the person that set the password, the other option is to contact that manufacturer of the PLC to see if they can help you access the program.

 

[LoganB]

I've never dealt with Simatic/Siemens so I don't know what their policy is when it comes to password protection. Rockwell has a strict policy not to assist circumventing password protection, however.

 

[bhagwan]

Thax for the conversation

 

[mk42]

I've never dealt with Simatic/Siemens so I don't know what their policy is when it comes to password protection. Rockwell has a strict policy not to assist circumventing password protection, however.

The rumor I've heard is that it somewhat depends on which country you ask Siemens in. If you ask in the US or Germany, the answer is pretty much no. In the China, that no can turn into a Yes in the right situation, at least where circumvention is possible.

I don't know about password protected CPUs, but I have heard of knowhow protection in Simatic Manager being a pretty lightweight protection.

They've since developed "Block Encryption" for the 300s in Simatic Manager, and supposedly the block password protection for the newer CPUs in Portal is encryption as well. Supposedly there's no backdoor available for either.

 

[cardosocea]

Hi... Friends...
I have s7-300 Plc that is password protected so I able to download n upload the programme,so please help me how to crack ?

If the PLC itself is password protected, I'm afraid you can't do much.
If the blocks are password protected, I think MS Access 2008 is the only piece of software you require to break it.

However, if you are uploading a PLC program from a S7-300, you will have a really hard reverse engineering job ahead of you to understand where exactly to make the modification.

Next time, make sure a PLC program is included and IP rights transferred over to the company that bought the system so that none of the blocks are password protected/encrypted.

 

[L D[AR2P#0.0]]

A search of this site using "password" as the search key shows that R/W protection of the CPU can be changed.

 

[L D[AR2P#0.0]]

What is the precise code modification that is required - a change to a timer value or a change to the logic or what?