[?]: How to unlock password s7 200 connecting PC/PPI cable?

Utilites for Simatic Automation
Ravi
Posts: 25
Joined: Tue Sep 19, 2006 5:57 am
Location: India

[?]: S7-200 password decrypting tech.

Post by Ravi » Mon Sep 25, 2006 11:33 am

Now a days i came to know about the decryting software for s7-200 which shows you the password for all s7-200 CPU using some PC/PPI cable programing.
One of them is chinese http://www.dgzdh.com .
Doesent our website has this software freely available.
That can be a great tool to break the password. :roll:

bluekoin
Posts: 1
Joined: Fri Aug 18, 2006 2:44 pm

[?]: How can i make a file like CPU224.bin of s7-200?

Post by bluekoin » Mon Oct 09, 2006 1:01 am

How can i make a file like CPU224.bin of siemens s7-200 plc?
i have downloaded Unlocks7_200and300.exe made by smsasg.
but i dont know how to make the .bin file.
can anybody tell me?? :?: :?:

CoMod
Site Admin
Posts: 3963
Joined: Thu Feb 16, 2006 3:25 pm
Location: Russia
Contact:

Post by CoMod » Mon Oct 09, 2006 4:30 am

Unlock S7-200 - smsasg - 2005-06-08 16:14:28
viewtopic.php?t=2005
[dead] s7200eepromjc9.jpg

For this purpose it is necessary to have binary image EEPROM AT24C64.
http://www.atmel.com/dyn/products/produ ... rt_id=2484
32/64K, 2-Wire Bus Serial EEPROM with full memory Write Protect, supports up to 8 devices on single 2-Wire bus.


One of variants of reading of an image *.bin:
1. Establish program PoniProg http://www.lancos.com
2. On the basis of a LPT-socket create a the scheme (easyI2Cbus.gif)
3. It is possible to solder a cable to a chip (CIMG1675. jpg)
PLC power off - you can use +5V from USB
4. To consider an image
All it is checked up and efficient...

[dead] easyi2cbusvl0.gif
Russian wrote:Для этого необходимо иметь бинарный образ EEPROM AT24C64.
Проверено на CPU-222 (образ прилагается).

Один из вариантов считывания образа *.bin:
1. Установите программу PoniProg http://www.lancos.com
2. На базе LPT-разъема создайте след. схему (easyI2Cbus.gif)
3. Можно подпаять кабель к микросхеме, не выпаивая (CIMG1675.jpg)
Перерезать ничего не требуется.
Подпаиваемся к точкам на плате, указанным на картинке.
Питание берем внешнее(удобнее всего взять +5В с USB).
С самого PLC питание естетсвенно должно быть снято.
Лучше, конечно, для дистанционного считывания было бы задействовать разъем расширения памяти,
но из-за того, что +5В с него идет на процессор, EEPROM для внешнего программатора не доступен. Будут идеи - пишите.
Никаких граблей не замечено.
4. Считать образ

Все проверено и работоспособно...
[dead] S7_Unlock_2006_09_11.zip
Last edited by CoMod on Thu Jul 02, 2009 3:37 pm, edited 1 time in total.

Info
Faq & Info
Faq & Info
Posts: 425
Joined: Wed Oct 05, 2005 9:00 am

Post by Info » Sat Nov 18, 2006 4:13 am

http://www.plc4good.org.ua/view_post.php?id=107
Предисловие.
Написать эту статью меня подтолкнула ситуация с купленным на нашем опытном производстве станком для гидроабразивной резки листовых материалов ”ALBA” производства наших китайских коллег- машиностроителей из фирмы Sunrise. Станок прекрасно работал пару-тройку лет, и вдруг на дисплее системы ЧПУ появилось сообщение ”Emergency Stop” и станок всяческие действия производить отказался.
При этом на пульте управления в режиме двоичного счетчика красиво мигали две красные светодиодные лампы. Поскольку нормальной техдокументации не было, позвонили в сервисный центр продавца. Там ответили — присылайте заявку, платите денежку, опосля чего приедем, поглядим. Предложение, наверное, и было-бы принято, если-бы предприятие не сидело на картотеке, денег, естественно, не было.
Тогда начальство попросило меня посмотреть, хотя в служебные обязанности зама главного конструктора по АСУТП проектного института и не входит обслуживание станочного парка опытного производства.

Процесс.
Фаза первая — подготовительная.

Осмотр показал, что всей лабудой (кроме ЧПУ) управляет маленький S7-200 с одним дополнительным модулем ввода/вывода. Хотя мы в своем оборудовании 200-ю серию не применяли (все больше 300-ю), но адаптер PPI был в наличии (остался от комплектации какой-то панели оператора). Все просто — надо скачать софт из контроллера и посмотреть, что выставляет ошибку на ЧПУшную систему, благо выход контроллера горел только один, и при его отрывании от контроллера, ошибка с экрана ЧПУ пропадала, что впрочем, не разрешало работать станку.

Далее, казалось все очень тривиальным. Установил на ноутбук Step-7 Micro/Win, подключил контроллер, настроил интерфейс, Upload, а потом.... Окошко ввода пароля. Попытки ALBA, SUNRISE, SUNSHINE и CHINA ничего не дали :).
Звонок в техподдержку продавца несколько обескуражил - «У нас нет пароля, китайцы не дают. Если что-то с контроллером, мы им в поднебесную отправляем!» - …??? Верилось с трудом, и вопрос кряка этого всего хозяйства становился делом профессиональной чести.



Посмотрел сниффером порта что передается/принимается в процессе авторизации. Пароль контроллер передает в зашифрованном виде, поэтому информация малополезная, так как алгоритм шифрования неизвестен и может быть неограниченное количество вариантов.





Фаза вторая — сбор информации.



Пошел в офис курить Интернет. Контроллер из шкафа станка демонтировал и прихватил с собой. Нашлось много чего интересного, в основном на http://plcforum.uz.ua. Сайт очень полезный, всем настоятельно рекомендую!

Программа распароливания проекта S7 -
Ссылка №1:
viewtopic.php?f=1&t=9426&hilit=unpassword
Хорошая вещь, реально работает (проверил позднее), но у нас нет проекта!

Дальнейшие поиски привели к методике считывания дампа из микросхемы 24С64 - памяти с последовательным доступом. Имея дамп тоже можно извлечь пароль.

Ссылка №2:
viewtopic.php?f=1&t=4648&hilit=%D0%BE%D ... %B7+S7+200
Огромное спасибо CoMod-у за подробную информацию.

Есть там еще одна ссылка, которая призвана прочитать пароль прямо с контроллера по штатному интерфейсу PPI.

Ссылка №3: Link_is_Dead :(/S7-200.exe.html
Программа реально обращается к контроллеру, даже читает тип ЦПУ и версию прошивки, но, увы, пароль не показывает — поле пустое. Подозреваю, что это когда-то работало, но на ранних версиях прошивок ЦПУ.
Программа реально устарела и уже неактуальна для новых процессоров.

Фаза третья — аппаратное обеспечение (hardware).
Следующий шаг — конструирование программатора. Недолго думая, сварил навесным монтажом то, что рекомендовал CoMod в ссылке №2 на базе порта LPT. Два КТ315, четыре резистора. Приварил проводки к микросхеме ПЗУ, установил PonyProg http://www.lancos.com/prog.html и … не работает!


Танцы с бубном и прощупывание сигналов при помощи мультиметра результатов не дали. Как оказалось позднее, плохо прощупывал мультиметром ( потом уже с другой схемой обнаружил замыкание, не совсем короткое, но все же, сигнальных проводов между собой в кабеле).
Пошел курить Интернет дальше в поисках решения.
В результате остановился на схеме программатора EXTRAPIC http://www.5v.ru/extrapic.htm в упрощенном варианте — выкинул все, что не нужно для чтения 24С64, а это немало.
Image
Осталось две микросхемы MAX232 и 555ЛА3 (я поставил 155ТЛ3), четыре конденсатора, резистор и диод. Когда ездил за MAX232 в магазин (остальной хлам присутствовал) решил купить и 24С64 для экспериментов с программатором. Питание 5 Вольт взял с USB. Приварил проводки к микросхеме ПЗУ (уже новой в корпусе DIP), запустил PonyProg и … не работает!
Б...дь!
[dead] S7_200/S7200_6.jpg

Фаза четвертая — танцы с бубном

Скачал http://www.winpic800.com/
Программа очень полезна для настройки и тестирования программатора — можно выбирать сигналы портов, которые подключены к микросхеме ПЗУ и переключать их программно в статике, проверяя, таким образом прохождение и нормализацию сигналов. Попутно пристально разглядел маркировку купленной 24С64 и ничего похожего на корпусе не нашел. ??? Не то подсунули в магазине (может быть случайно, может аналог)…? Поехал в другой магазин, и купил там 24С08 (на ней именно то и написано), подключил...
Нет ответа от чипа ПЗУ! Стал прощупывать сигналы мультиметром и … обнаружил замыкание, не совсем короткое, но все же, сигнальных проводов между собой в кабеле, соединяющем программатор с микросхемой ПЗУ. Кабель этот был накануне отстрижен от дохлой мышки (вот почему мышка-то не работала!)! Отрезал половину — коротыш пропал. Подключил и … о чудо — ЗАРАБОТАЛО! Подключил проводки к микросхеме 24С64 контроллера S7-200, запустил WinPic800 – чтение и … прочиталось 256 байт нулей...!!!???
Б...дь!

Фаза пятая — Победа!

Скачал программу http://www.ic-prog.com/
Запустил и …, о чудо, прочитал таки дамп. Выглядит начало довольно прикольно!
[dead] S7_200/S7200_7.jpg
Дальше дело техники, как написано в ссылке №1. Используем Unlocks7_200and300.exe для извлечения пароля из дампа. Выкачиваем проект Step-7 Micro/Win и пристально его изучаем. Победа!

Фаза шестая — изучение кода из поднебесной.
Программа управления, собственно ничего хитрого собой не представляет. Обычное «релейное» управление всякой всячиной, типа гидравлики, насосами, клапанами и прочей дрянью, но... Присутствует код таймера на 360 рабочих смен по 8 часов. Таймер считает только тогда, когда включен какой-то выход, типа включения гидронасоса усилителя давления, то есть когда станок работает. Когда таймер досчитывает до конца, устанавливается флаг с адресом M13.0 :), типа, все ребята, платите денежки! Что это, как не вымогательство! Сбросить флаг невозможно никаким образом, кроме подключения отладчика, для чего нужен пароль!
Насколько это некрасиво и кто запрограммировал это, либо китайцы, либо наши посредники из Москвы мне, естественно, неведомо... Но хочется сказать: Ну и козлы же вы, ребята!

PS: Что интересно, на корпусе ПЛК маркером написано 360D. Сначала я принял это за пароль, потом конечно, стал понятен реальный смысл этой надписи :).

Кстати, первый вариант программатора, скорей всего, был рабочий. Виной всему был этот гнилой огрызок кабеля от мышки!

zzzzzz
Posts: 29
Joined: Thu Feb 02, 2006 7:35 am

hahaha

Post by zzzzzz » Mon Nov 20, 2006 7:04 am


vaiduakhu
Posts: 77
Joined: Thu Jun 14, 2007 5:21 pm
Location: Asia

Post by vaiduakhu » Fri Aug 03, 2007 2:08 pm

I understand how to create *.bin file from S7-200 but I don't know how to do with the hex strings in the *.bin file, how to translate it?

amit
Posts: 53
Joined: Thu Apr 23, 2009 2:12 pm
Location: India

Post by amit » Thu Jul 02, 2009 3:05 pm

As per schematic connections done and used with pony prog with following steps

1. Coneected interface to CPU eprom in power off condition. So used USB 5V supply.
2. Start pony prog and calibrated the bus.
3. From interface setup selected parallal port LPT1.
4. I'm using XP prof SP2 so as per instruction selected AVR ISP I/O

and tried to read EPROM but failed to read it with message check interface .

5. Then tried with EASY 2 I/O and other options also but failed.

I hv following questions

1. I m trying trying read CPU EPROM without removing it. there pin no 2 is connected to VCC and schematic it is shoted with GND. Whic is correct?
2. While reading jumper should be on or Off ?

Pl give me suggestions. Thanks In Advance.

Amit

roberttttoooo
Posts: 6
Joined: Wed May 19, 2010 12:44 pm

[?]: How to unlock password s7 200 connecting PC/PPI cable?

Post by roberttttoooo » Mon Jun 07, 2010 10:39 am

Hello people!

I need unlock the password of a CPU224; It should be through of a method directly, with the PC/PPI cable connecting to port of the CPU.
I try with the search password of S7 (brute method) but if the password contained 5 or more characters, this application must be running
during just about years.

Somebody know any better application to connect directy between PC port and CPU port?

Thanks in advance.

sebneo
Posts: 22
Joined: Sun Mar 15, 2009 8:10 pm
Location: Europe
Contact:

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by sebneo » Tue Jun 08, 2010 5:07 pm

Hello,
try this program Revelation 2.0.1.100. In my CPU226 i had a password and my method works only when:
1. You have to program backup
2. Next open the program in Microwin on lap with password
3.Open Revelation.
4. Then drag mouse on password
And then Revelation is read password for you.

Sorry but my English is still not good.

roberttttoooo
Posts: 6
Joined: Wed May 19, 2010 12:44 pm

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by roberttttoooo » Tue Jun 29, 2010 5:43 am

thanks sebneo;

but my problem is that i haven't got any backup program because i can't even to download the program from CPU224.
This CPU is protected with password. I would need some application that it will be connected through the PC/MPI and
it will get to break the password within to use any brute method.

Thanks again.

dekor
Posts: 114
Joined: Wed Jan 03, 2007 9:10 pm
Location: Europe

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by dekor » Thu Jul 01, 2010 1:15 pm

Try to use the program in the next link.
For me it was useful.
Link_is_Dead :(/S7_200.Link_is_Dead :(

dekor

roberttttoooo
Posts: 6
Joined: Wed May 19, 2010 12:44 pm

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by roberttttoooo » Tue Jul 06, 2010 8:09 am

Thanks dekor;

But i try to clik in this link and it shows the next message:

"This file is neither allocated to a Premium Account, or a Collector's Account, and can therefore only be downloaded 10 times.

This limit is reached"

so, i could not try it.

Best regards.

roberttttoooo
Posts: 6
Joined: Wed May 19, 2010 12:44 pm

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by roberttttoooo » Tue Jul 06, 2010 8:15 am

Could you let in another way, please?

sebneo
Posts: 22
Joined: Sun Mar 15, 2009 8:10 pm
Location: Europe
Contact:

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by sebneo » Tue Jul 06, 2010 8:16 am

Try this link :
www.elektro-aut.eu/S7_200.rar
that's same program but on my site

roberttttoooo
Posts: 6
Joined: Wed May 19, 2010 12:44 pm

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by roberttttoooo » Tue Jul 06, 2010 8:40 am

This application i tried it. it was in another post of the plcforum.
for the CPU 224 that it is set the communication speed to 187,5 kbits/s it doesn't work.
In addition to this, i have to say that the communication betwen plc and my laptop i have to do it through
PC adapter MPI but the interface necessary to adjust is "PC Adapter(PPi) --> 187,5kbits/s"

If you know other way, please tell me what is.

Thanks in advance.

sebneo
Posts: 22
Joined: Sun Mar 15, 2009 8:10 pm
Location: Europe
Contact:

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by sebneo » Tue Jul 06, 2010 8:58 am

With my CPU224 and CPU226 work correctly.
The communication speed set to 9,6 kbits/s.
S7-200 work with PPI.

diegozuluaga81
Posts: 10
Joined: Sun Sep 12, 2010 5:13 pm

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by diegozuluaga81 » Wed Oct 06, 2010 7:34 pm

Hello Sebneo!!

I have the same problem with the S7 200 cpu 224xp. I downloaded your program but I can't run it. Should I install visual basic 6.0 in my computer? The message that appears when I try is "Component 'mscomm32.ocx' or one of its dependencies not correctly registered: a file is missing or invalid". What is the COMM port that I must to use? Thanks Sebneo for your help.

Best regards

sebneo
Posts: 22
Joined: Sun Mar 15, 2009 8:10 pm
Location: Europe
Contact:

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by sebneo » Thu Oct 07, 2010 7:47 am

Hello
if You have win Xp than copy "mscomm32.ocx" to
c:\windows\system and c:\windows\system32

If You still have a problem try this:
Register your files: Start>Run> and write: regsvr32 c:\windows\system\mscomm32.ocx

Link to files:
http://www.afreeocx.com/ocx/info/mscomm32_ocx.html

findsolution
Posts: 2
Joined: Fri Oct 15, 2010 12:08 pm

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by findsolution » Fri Oct 15, 2010 12:32 pm

is it really work? I'm a maintainer for a company, we have some machines use s7 200 Cpu 226. They were locked so I could'nt upload the program for backup later. I find some solutions on web but they were complex and not safe.
- Anyone tell me is this good methol by only PPI cable and a soft ? please
I try dowload on 2 links about but all of them die. Can you give me another good link? Thanks for your help, I hope so . (tyou)

sebneo
Posts: 22
Joined: Sun Mar 15, 2009 8:10 pm
Location: Europe
Contact:

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by sebneo » Fri Oct 15, 2010 7:16 pm


findsolution
Posts: 2
Joined: Fri Oct 15, 2010 12:08 pm

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by findsolution » Sat Oct 16, 2010 1:50 pm

:D thanks I have downloaded it. I will try. (tyou) (tyou)

singleperson
Posts: 118
Joined: Fri May 07, 2010 9:46 am

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by singleperson » Wed Oct 20, 2010 3:13 am

Dear my friend,

Please tell me how to crack password to upload S7-200
I downloaded your link. But I can't open it.

Please help me

Thanks

sebneo
Posts: 22
Joined: Sun Mar 15, 2009 8:10 pm
Location: Europe
Contact:

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by sebneo » Wed Oct 20, 2010 7:54 am

Question:
do you have a backup plc program? because if you have it is a simple and otherwise then pw write
but if you don't have then must download program S7_200 (rar arch. ), unpack and run
Image

in left-down corner you see s7_200 program, check "search" and press "go", in password ruler receive pass from plc
this screen is from my test on my s7-200

singleperson
Posts: 118
Joined: Fri May 07, 2010 9:46 am

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by singleperson » Thu Oct 21, 2010 4:25 am

Dear my friend,

Please help me. Becasue I can't open File Crack Password
http://www.mediafire.com/download.php?3y1y9ixi616xii8

Please help me

Thank so much

sebneo
Posts: 22
Joined: Sun Mar 15, 2009 8:10 pm
Location: Europe
Contact:

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by sebneo » Thu Oct 21, 2010 7:46 am

You have two options:
1.Download "File Menu Tools" Freeware - install it.
Link: http://www.lopesoft.com/en/fmtools/download.html
Copy the DLL to your windows/system Folder
Right click and select --> File Menu tools --> Register DLL

or

2. Manually:
simply take the dll and paste it in your system 32 folder then go start, run and then typing C:\WINDOWS\system32\regsvr32.exe Msstdfmt.dll

Link to dll: http://www.elektro-aut.netiz.pl/file.rar

Anony999
Posts: 2
Joined: Thu Oct 21, 2010 4:01 pm

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by Anony999 » Thu Oct 21, 2010 4:21 pm

Hi

I have download the mscomm32_ocx file and installed it as above

I have downloaded S7 200.rar and it runs with the little window for the password and GOT button

Can someone tell me (as i havent tried it yet)

Can i get the password within an S7224 plc even though i have not got the original code in microwin ie my microwin project will be blank ? But i need to access the 224 and its password locked

Cheers

T

Anony999
Posts: 2
Joined: Thu Oct 21, 2010 4:01 pm

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by Anony999 » Thu Oct 21, 2010 4:53 pm

sebneo wrote:Question:
do you have a backup plc program? because if you have it is a simple and otherwise then pw write
but if you don't have then must download program S7_200 (rar arch. ), unpack and run

in left-down corner you see s7_200 program, check "search" and press "go", in password ruler receive pass from plc
this screen is from my test on my s7-200
I have a test plc on my desk, its password protected (i know the password)

i have Microwin running and the s7200.rar (smal password crack box) running

i have tried 9.6K and 19.2K and it does not crack the password ?

Anyone help ?

T

singleperson
Posts: 118
Joined: Fri May 07, 2010 9:46 am

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by singleperson » Fri Oct 22, 2010 2:09 am

Dear my friend,

Thank for your help.

Now I opened it. But I can't find password

I use Micro Win 4.0 SP8 (Last Version). I opened FIle crack Password
But it don't find password.

Please help me

Thanks

escueto
Posts: 2
Joined: Thu Oct 28, 2010 4:25 pm

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by escueto » Tue Nov 02, 2010 11:06 pm

So far we s7200.rar program to get passwords. S7 200

The problem I have is that this program is made for RS232c communicate with the COMM port 1.

Yo I have is the interface for USB / RS485 PPI. so I can not use the program.

Officer if you use a RS232c to RS485 converter. or have to use another type of inteface?

Someone can shed some light on this issue?.

Greetings to everyone.

singleperson
Posts: 118
Joined: Fri May 07, 2010 9:46 am

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by singleperson » Tue Nov 09, 2010 5:03 am

Dear my friend,

Please tell me
How to crack password to upload programming PLC from CPU-224

Thanks so much

singleperson
Posts: 118
Joined: Fri May 07, 2010 9:46 am

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by singleperson » Wed Nov 17, 2010 8:41 am

Dear everybody,

Now, I need the software ver much.
Because I need upload programming from S7-200. But i don't konw password, which is set up S7-200 CPU-224.
So please tell me how to crack password and upload programming.

Thanks. PLease help me. Please

dekor
Posts: 114
Joined: Wed Jan 03, 2007 9:10 pm
Location: Europe

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by dekor » Wed Nov 17, 2010 5:26 pm

Dear friends,
I think we are running in circle.
The main problem is that : the soft which reveal password is intended to use serial port COM1.
Then, if you use USB-PPI adapter is not working.
If the port number is not COM 1 is not working.
I used USB -RS232 adapter + RS232-PPI adapter.
My USB-RS232 is manufactured by FTDI company. It works even on Step 5 environment. The only one problem is with operating panels : OP 15, OP17...
Then try tu use this way like me.

All the best,
dekor.

singleperson
Posts: 118
Joined: Fri May 07, 2010 9:46 am

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by singleperson » Thu Nov 18, 2010 10:55 am

Dear my friend,

You can show me how to crack password
Becasue I connect to S7-200 by Converter USB ---> RS485 and then I connect to S7-200 by digram 3 + , 8 -.
I connect to S7-200 successful. I wonder my cable is correct to crack.
Can you give me advice>

Thanks so much

dekor
Posts: 114
Joined: Wed Jan 03, 2007 9:10 pm
Location: Europe

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by dekor » Thu Nov 18, 2010 3:57 pm

Dear friend,
USB-RS485 is same thing like USB-PPI.
You can not use the program in that way.
dekor

singleperson
Posts: 118
Joined: Fri May 07, 2010 9:46 am

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by singleperson » Thu Nov 18, 2010 10:09 pm

Dear my friend,
I can use USB ----> RS232 and then RS232 -----> RS485 to connect to PLC S7-200. And can I crack password PLC S7-200 successful?
You can give me your advice?
Thanks so much

singleperson
Posts: 118
Joined: Fri May 07, 2010 9:46 am

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by singleperson » Sun Nov 21, 2010 12:46 am

Dear my friend,

Please help me?
Now I have USB -RS485. How to crack password and then uploading programming from PLC? Can you give me software?
If I have USB --RS232 and then RS232---RS485. How to crack password and then uploading programming from PLC? Can you give me software?


Please, please help me.
Thanks so much

Владимир
Posts: 297
Joined: Wed Sep 21, 2005 12:24 pm
Location: Russia, Saint-Petersburg

Re: How to unlock password s7 200 connecting PC/PPI cable?

Post by Владимир » Sun Nov 21, 2010 3:43 pm

i need help too...
i have pc adapter usb & s7-224 and i need to upload program a password-protected.
thanks

koorosh
Posts: 2
Joined: Wed Dec 01, 2010 10:31 pm

Re: [?]: How to unlock password s7 200 connecting PC/PPI cab

Post by koorosh » Thu Dec 02, 2010 10:00 am

hi

i forget password mini plc logo whit code 6ed1 052-1md00-0ba6
can i help yuo to break this password for upload pragram plc?
thanks

isteak007
Posts: 93
Joined: Wed Jul 14, 2010 10:23 am
Location: Bangladesh
Contact:

Re: [?]: How to unlock password s7 200 connecting PC/PPI cab

Post by isteak007 » Sun Dec 19, 2010 6:41 pm

USe a Com spy software you will find the password.
even in usb logo cable.

singleperson
Posts: 118
Joined: Fri May 07, 2010 9:46 am

Re: [?]: How to unlock password s7 200 connecting PC/PPI cab

Post by singleperson » Mon Jan 03, 2011 10:12 am

Dear my friend,

Can you tell me clearly and specifically?

I don't unsderstand how to crack password?

Thanks

vlad2006gr
Posts: 1032
Joined: Tue Nov 20, 2007 7:08 pm
Location: Belarus

Re: [?]: How to unlock password s7 200 connecting PC/PPI cab

Post by vlad2006gr » Tue Aug 02, 2011 5:00 pm


hmohamed
Posts: 147
Joined: Sun Oct 18, 2009 8:19 am

Re: [?]: How to unlock password s7 200 connecting PC/PPI cab

Post by hmohamed » Thu Sep 22, 2011 9:10 am

dear friends,

i tried to use this program to carck CPU226CN but the problem is the PPI cable i used supports up t0 38,4Kbps and my PLC uses 187.5kbps is there any way to solve this problem?
waiting for ur reply
thnx

hihihi
Posts: 1
Joined: Mon Oct 24, 2011 11:44 pm

Re: [?]: How to unlock password s7 200 connecting PC/PPI cab

Post by hihihi » Mon Oct 24, 2011 11:59 pm

i tried to use this with cpu226Cn too. but I got only information "226 rel 02.01". :? Maybe it can't work on firmware 02.01. anybody has another solution? thanks

hmohamed
Posts: 147
Joined: Sun Oct 18, 2009 8:19 am

Re: [?]: How to unlock password s7 200 connecting PC/PPI cab

Post by hmohamed » Wed Jan 25, 2012 5:53 pm

dear friend

i also tried to use this with cpu226Cn. but the only information i got are the CPU type and the firm ware. please help

ppp
Posts: 268
Joined: Thu Feb 09, 2006 6:52 am
Location: Russia

Re: [?]: How to unlock password s7 200 connecting PC/PPI cab

Post by ppp » Fri Jan 27, 2012 4:54 pm

PLC itself verifies the password and gives only a result of the test.
Find the password can only brute force.
The program "S7_200" allows you not to do.
Maybe the program worked for the old S7-200?
But with CPU 226 NOT WORK!

RUTRA_69
Posts: 17
Joined: Wed Jun 09, 2010 10:34 am

Re: [?]: How to unlock password s7 200 connecting PC/PPI cab

Post by RUTRA_69 » Fri Jan 27, 2012 8:30 pm

My Fiend, tell me how I can break a password with "brute method"! I have time (years) and a lot of patience [dead] ! hehehehe

Thank you so much!!!
(oo)

Rutra!

B_N_
Posts: 1
Joined: Sat Jun 18, 2011 11:17 pm

Re: [?]: How to unlock password s7 200 connecting PC/PPI cab

Post by B_N_ » Fri Feb 10, 2012 8:27 pm

i have installed the software and ocx
after i connected the plc by pcmcia card, com1
if i clik GO button the software find plc, adress 2, model CPU 224XP 0201, it is correct :mrgreen:
but not find any password :(

koyajnabi
Posts: 19
Joined: Sun Feb 07, 2010 11:05 am

Re: [?]: How to unlock password s7 200 connecting PC/PPI cab

Post by koyajnabi » Fri Feb 24, 2012 6:22 pm

same problem as B_N_

ShvartZ
Posts: 1
Joined: Sun Sep 02, 2012 12:22 am

Re: [?]: S7-200 password decrypting tech.

Post by ShvartZ » Sun Sep 02, 2012 12:27 am

Приветствую! Столкнулся с такой же необходимостью стянуть программу с s7-200. У кого-то остался S7_Unlock_2006_09_11.zip в загашниках? Был бы очень признателен.

Спасибо.

mustbemad10
Posts: 37
Joined: Thu Sep 02, 2010 2:48 pm

Re: [?]: How can i make a file like CPU224.bin of s7-200?

Post by mustbemad10 » Mon Sep 03, 2012 12:19 pm

will this technique help get a password off a S7-200?

Could somebody give a step-by-step guide as how this procedure works please.
Such as cables needed and software needed and what to do with the software to try and get the password from the 200

Post Reply