# Simatic



## McClary’s Electrical (Feb 21, 2009)

I've never uploaded from one plc to another,,,,,but i don't fool with seimens. My experience is with AB,,,rs linx, rs logix. Use your laptop for uploads. What software are you running?


----------



## InControl (Mar 20, 2007)

sarodin said:


> Dear all,
> I have PLCs Siemens S7 300, so i have some question about siemens plc ;
> 1. how to upload from plc to PC
> 2. how break the protect if the block was protected
> thx


You don't even know how to upload the program, but want to hack into their protected blocks? 

First, I will not share the information on how to view/edit protected blocks. Second, why do you ask?


----------



## MDShunk (Jan 7, 2007)

Is this one of those Step 7 PLC's? I have an old program on 3-1/2" floppy called "Step 7 Unlocker" to unprotect the know-how protected sections. I have no idea if it's still around on the 'net or not. It never fails that you're working 3rd shift, trying to troubleshoot something with only half the information you really need.


----------



## InControl (Mar 20, 2007)

MDShunk said:


> Is this one of those Step 7 PLC's?



Yes, a Siemens 300 series uses Simatic manager, Step 7. 




MDShunk said:


> It never fails that you're working 3rd shift, trying to troubleshoot something with only half the information you really need.


First of all, 'know how protect' is Siemens property. Hacking into their software violates the TOS. 

Second, if the guy doesn't even know how to upload the program, I highly doubt that he needs to know the inner workings of a shift register. 'Know how protect' blocks are just canned code that Siemens has provided where the programmer just plugs in values. Any programmer can duplicate what Siemens has provided, but for some reason, they don't want people seeing their code. Theirs no big secret or conspiracy, I'm just not willing to violate Siemens' TOS. There's plenty of info out on the net and its simple to do.


----------



## MDShunk (Jan 7, 2007)

Omron does the protection a little nicer. You can still read it, but you can't screw with it. I think some of the IDEC stuff was the same way.


----------



## MDShunk (Jan 7, 2007)

InControl said:


> First of all, 'know how protect' is Siemens property. Hacking into their software violates the TOS.


Boo-hoo.

But I do agree. The guy in the original post doesn't have a clue.


----------



## InControl (Mar 20, 2007)

Believe me, I'm no fan of Siemens and do not support them in any way. I'm sure that Nathan doesn't want hacks and other TOS software violations posted here.


----------



## MDShunk (Jan 7, 2007)

InControl said:


> Believe me, I'm no fan of Siemens and do not support them in any way. I'm sure that Nathan doesn't want hacks and other TOS software violations posted here.


I have no idea what Nathan wants or doesn't want, but as you rightly point out, it's probably pretty easy to dig up on the 'net already. To that end, it's not like we'd be telling any secrets that haven't been revealed already. Every single PLC on the market has a hack for password protected programs or sections of programs. 

The real "crime", if there is one, is the purchasing agents who aren't smart enough to tell their vendors that they want the purchase price of the equipment to include unprotected PLC programs (or as least provide the password).


----------



## InControl (Mar 20, 2007)

MDShunk said:


> I have no idea what Nathan wants or doesn't want, but as you rightly point out, it's probably pretty easy to dig up on the 'net already. To that end, it's not like we'd be telling any secrets that haven't been revealed already. Every single PLC on the market has a hack for password protected programs or sections of programs.
> 
> The real "crime", if there is one, is the purchasing agents who aren't smart enough to tell their vendors that they want the purchase price of the equipment to include unprotected PLC programs (or as least provide the password).


Now I see what you're talking about Marc. I think we're on two different subjects here...

Your saying that a company buys a piece of equipment from an OEM and the PLC code is locked. I totally agree with what you're saying. The purchaser should have access to the program.

What I and the OP are talking about are locked blocks within Step 7. I guess that you have to be familiar with Step 7 to understand, sorry if I cant make it clear....

The PLC program is viewable. The way Step 7 is set up is there is one main block (OB1) that calls all other blocks (or sub routines). Say that I needed a shift register, I could either program my own, or just use Siemens' shift register. If I used Siemens', than I would just enter a few values and be done with it. That 'protected block' has its own code and can not be viewed. For the life of me, I can not think of any other reason to view that code other than stealing. I did it just because I could...... and it wasn't pretty, unless your a bit head. 


Anyway, I hope to get on the same page here.


----------



## MDShunk (Jan 7, 2007)

InControl said:


> Anyway, I hope to get on the same page here.


It's been a good 10 years since I've had a Siemens PLC in front of me, but I'm nearly certain that any block that the programmer puts KNOW_HOW_PROTECT in the header before it's compiled will be protected after compiling. That could be me, you, or Siemens.


----------



## InControl (Mar 20, 2007)

MDShunk said:


> It's been a good 10 years since I've had a Siemens PLC in front of me, but I'm nearly certain that any block that the programmer puts KNOW_HOW_PROTECT in the header before it's compiled will be protected after compiling. That could be me, you, or Siemens.


Absolutely, In all my years dealing with OEM's, there has only been one that protected the whole PLC code. Once I found that out, it quickly went up the chain of command and we got the password the next business day. Other than that, there have been no other problems. Think about it, why would a programmer protect a block? are they that arrogant that they think there re-inventing the wheel? 

I deal with many OEM's from many countries, and have never run across one that have protected a block. I'm not saying that it hasn't been done, I just havt run across one yet, or have seen a need to.


----------



## InControl (Mar 20, 2007)

To put the whole idea of locking a block into contrast.....It would be like being able to lock a 4 gang box so the next electrician couldn't see what you did. Its not rocket science, and most can figure it out even if you did lock it........so why bother?


----------



## TOOL_5150 (Aug 27, 2007)

InControl said:


> To put the whole idea of locking a block into contrast.....It would be like being able to lock a 4 gang box so the next electrician couldn't see what you did. Its not rocket science, and most can figure it out even if you did lock it........so why bother?


That would be great if we could lock junction boxes, then only the holder of the key can work on the equipment.

:jester:

~Matt


----------



## smeric28 (Nov 16, 2009)

*It's easy*

to communicate with the plc use a serial port and the software. it costs money, unfortunatly a decent chunk it's called step-5. removing the protection is easy too unplug the battery and turn off the power. you'll lose your existing program though. PS i didn't read all the other posts so if this is a dupe i'm sorry but the thread was headed for left field fast.


----------



## EmptyPropaneTank (Sep 6, 2012)

smeric28...you are off a bit. To connect to an S7-300 or 400 PLC you need a Siemens device called a PC Adapter and a serial cable. The software is called Step-7 (for the S7 series). The question wasn't how to break in to a password protected program, I don't think. Instead it was referring to Siemens proprietary code blocks, which others have described above. No need to break in...just use the nice little blocks as intended. IMHO however, you'd be further ahead to throw out the S7 and get an A-B MicroLogix or CompactLogix.


----------

