Elevator plc encryption technology and decryption method - Database & Sql Blog Articles

SMD aluminum electrolytic capacitor

Plc encryption technology is actually a kind of idea for developers. As long as you understand the author's encryption ideas, you can decrypt it quickly. In fact, in the natural world, whether it is PLC, or the elevator motherboard, as long as there is encryption, there will be a cheat to crack it. Oh, these two are always a combination of spear and shield. Well, don’t talk nonsense, get to the point.
First introduce two kinds of PLC decryption methods: 1, direct reading method. 2, brute force law.
Direct reading method takes Mitsubishi FX2 as an example: First open the serial port monitoring software (there is a lot of Baidu on the Internet, here I use the serial port parallel port monitoring software in the forum PLC version) to monitor the serial port in and out data. Then let FXWIN (plc programming software) and PLC connect again, select the model and then click the program to read. At this time, in the serial port monitoring software, you can see a few strings of characters between the computer and the PLC. The last line is sent to the computer by the PLC. It's the password, but it's the ASII code to compare the table, and translate it into characters to get the password. Oh, this is a loophole in Mitsubishi plc. Its programming software first reads the password into the computer memory and compares it with the password entered by the user. The password pair can read the program. I experimented a bit, using the serial port software to send the penultimate line of characters to the PLC, the PLC also returned the password. Speaking of this, everyone knows how to do this decryption software? The entire decryption software only needs to send a string of characters to the PLC, and then translate the password-returned characters returned by the PLC into a password. Some PLCs do not have such a loophole. Like OMRON and FUJI NB2, they all pass the password entered by the user to the PLC. The PLC determines whether the password is correct or not to determine whether the program can be read.
To deal with them, use the second method, brute force: Also run the serial port monitoring software, open the programming software online, click the program to read, and then enter the password 1234, if you read the program, then you do not need to solve. If the password is wrong, look at the data in the monitoring software. Look for the string 1234. After the character containing 1234, there will be a message indicating that the password is incorrect returned by the PLC. Record the error message. Then open VB, do a small project: let the computer send the line containing the 1234 string to the serial port, of course, to have a loop statement, is to change 1234 from 0000 to FFFF, let the computer keep trying. Use the IF statement to compare the returned information with the one that was just recorded. If the information is different, stop trying. The password you tried is the password of the PLC.
Seeing if you already feel PLC encryption technology is no different. The feeling of the sea wide sky. Congratulations, you have already grasped the truth of encryption and decryption. There are many specific implementation methods. But understanding the truth is the most important and the most difficult. As the saying goes: There is no skill in the avenue, and it is tangible in the middle. Oh, let's talk about it first. Some details can't be introduced too clearly for a while. Everyone will try more and more, and they will have more brains and more insights. If you have any questions, please leave a message in the forum!
Remember, we master the encryption and decryption technology only for better learning, and not for other illegal purposes. Wake up here to avoid mistakes.