[?]: how can read PLC FlashRoms?

Utilites for Simatic Automation
Post Reply
adidas
Posts: 8
Joined: Thu Apr 16, 2020 10:25 am

[?]: how can read PLC FlashRoms?

Post by adidas » Mon Sep 21, 2020 9:46 pm

hi guys

how can read flashrom of plc and hmi?

SHKODRAN
Posts: 197
Joined: Wed Dec 24, 2008 4:37 pm
Location: Europe
Contact:

Re: how can read FlashRoms?

Post by SHKODRAN » Wed Oct 07, 2020 10:06 am

Hello!
Can you post some more info concerning your request?
What kind of mmc, sd card, cf card, cfast you want to read?
Post also some pictures.

Regards.

adidas
Posts: 8
Joined: Thu Apr 16, 2020 10:25 am

Re: how can read PLC FlashRoms?

Post by adidas » Sat Oct 31, 2020 6:47 pm

thanks for your reply
but all of your types are card ..
I mean about IC ROM that solid on board (Я имею в виду IC ROM, который твердо припаян на борту)

CoMod
Site Admin
Posts: 3969
Joined: Thu Feb 16, 2006 3:25 pm
Location: Russia
Contact:

Re: how can read PLC FlashRoms?

Post by CoMod » Sun Nov 01, 2020 6:26 am

adidas wrote:
Sat Oct 31, 2020 6:47 pm
I mean about IC ROM that solid on board (Я имею в виду IC ROM, который твердо припаян на борту)
BGA ? :haha: (wow) (h) https://hackcorrelation.blogspot.com/20 ... art-2.html
Image
S7-1200
Image

1999-04-15 ... 2003-04-01 S7-315 (pgood)
Image

see more PLC/фотки ПЛК
http://s7detali.narod.ru/S7_315/S7_315AF03.html

Guille
Posts: 32
Joined: Fri Oct 03, 2008 2:17 am
Location: America

Re: [?]: how can read PLC FlashRoms?

Post by Guille » Sun Nov 01, 2020 4:16 pm

you can try using jtag connector. Most pcb boards have one to test the board and to debug applications.

Search about jtag and reading flash rom using jtag

https://embeddedbits.org/2020-02-20-ext ... sing-jtag/


After reading the flash rom you can use binwalk tool:

https://github.com/ReFirmLabs/binwalk

happy reversing...

adidas
Posts: 8
Joined: Thu Apr 16, 2020 10:25 am

Re: [?]: how can read PLC FlashRoms?

Post by adidas » Sat Nov 07, 2020 8:41 am

thanks for your reply
but the links dont work
pleas rreupload again thanks

CoMod
Site Admin
Posts: 3969
Joined: Thu Feb 16, 2006 3:25 pm
Location: Russia
Contact:

Re: [?]: how can read PLC FlashRoms?

Post by CoMod » Sat Nov 07, 2020 8:57 am

adidas wrote:
Sat Nov 07, 2020 8:41 am
but the links dont work
pleas rreupload again thanks
1. links work... but blocked for your IP address
Image
2. Western Digital closed this JTAG door for hard drives (article is very old)
3. is not for Siemens PLC
but there is no learning just some pictures
show pictures of your PLC - crack S7-200/300/400/1200/1500 ?

Guille
Posts: 32
Joined: Fri Oct 03, 2008 2:17 am
Location: America

Re: [?]: how can read PLC FlashRoms?

Post by Guille » Sat Nov 07, 2020 10:42 pm

Hi,
the link of Extracting firmware from devices using JTAG article was just an example on the use of jtag, it was not related to plcs.

There are some interesting works related to the subject with the title:

Edited...

"Firmware Modification Analysis in Programmable Logic"

file name: a599675.pdf

PROGRAMMABLE LOGIC CONTROLLER MODIFICATION ATTACKS FOR USE IN DETECTION ANALYSIS

file name: 760306.pdf

sorry i did a mistake with the paper name...
...

make a search to find the pdf paper

regards

CoMod
Site Admin
Posts: 3969
Joined: Thu Feb 16, 2006 3:25 pm
Location: Russia
Contact:

Re: [?]: how can read PLC FlashRoms?

Post by CoMod » Sun Nov 08, 2020 8:33 am

I think it's not a good idea to go into the firmware... Stuxnet is live
https://archive.org/details/DTIC_ADA603391

Guille
Posts: 32
Joined: Fri Oct 03, 2008 2:17 am
Location: America

Re: [?]: how can read PLC FlashRoms?

Post by Guille » Sun Nov 08, 2020 1:47 pm

I agree with you
But it is interesting for malware analysis

Post Reply