Siemens PLC program encryption method
Publish:Shenzhen City Jia Hong Wei Technology Co., Ltd. Time:2021-10-05
Siemens PLC program encryption method
As we all know, many brand PLC programs can be decrypted by software, so once decrypted, the program will be very transparent in the eyes of others, and it is unrealistic to sell the equipment to others and lock the whole PLC program, so Party A will be unable to maintain it; And confidentiality and rights protection are enduring topics in the Chinese market. In fact, German engineers have never encrypted their procedures as a whole, but use other methods to not only not affect the diagnosis of problems, but also maintain their central secrets. Today, I‘d like to introduce these methods for your reference.
1、 Use Siemens Ping An PLC or know function of botu
Siemens Ping An PLC, as a product of Siemens focusing on Ping An function, has no doubt about its performance, and the program block of Ping An PLC cannot be cracked after encryption; Good maintenance center. As the latest product of Siemens, the copyright maintenance of botu PLC is also one of its main functions. The know function is double encryption of software and hardware. The non encrypted blocks can be monitored normally. If there is no password, it can not be downloaded to other PLCs; Therefore, the use of botu‘s know function can not only hand over the program to Party A for convenient maintenance, but also maintain my central program from being stolen.
2、 Use high-level language to write local important process procedures
In addition to the most basic lad ladder programming, FBD function block programming and STL statement table programming, Siemens has many other methods, such as CFC and SFC of PCS7; In addition, there are SCL, s7-graph and so on. As for these words, it is difficult for ordinary industrial control personnel to understand them all, so the imitation difficulty is greatly improved. Therefore, the key process procedures can be written by these words and maintain their own center.
1. Adoption of programming mode
a) Modular program structure, symbolic name and parameterization are used to write subroutine blocks
b) Try to use the data transmission mode of background data block and multiple backgrounds
c) Indirect addressing programming mode is adopted
d) The control program of complex system, especially some programs with order control or formula control, can consider the way of data programming, that is, the control logic or order of the system can be changed through the change of data.
Users should try to adopt the above high-level programming methods, so that the maintenance encryption program of the system is embedded in the compiled program, so that it is not easy to be found and copied.
2. Active maintenance method
a) Application system clock
b) ID number and serial number of the application card or CPU
c) The anti write function of the application EEPROM and some memory persistence functions that need to be set D) the timer function provided by the application system
e) Set the password in the data block of the user program
f) Set a logical trap on the software
g) Be able to reverse the mistakes I made in programming
3. Passive maintenance method
a) Do not delete programs that are considered useless if the memory capacity application allows
b) Leave the developer‘s logo in the data block so that you can obtain evidence in case of infringement in the future
4. Precautions for applying anti theft Technology
a) It should be natural to embed the maintenance program in the user program, not to add a program abruptly. The code should be as concise as possible, and the variable symbol name should be different from the variable of the embedded program segment
b) It is often not enough to maintain an encryption method, and multiple methods should be used at the same time. Once these maintenance procedures are activated, the results of the system should be as different as possible, forming the so-called "mine effect", so as to increase the difficulty, time and cost of program theft, and make plagiarists unable to do anything in a short time,
c) Maintain the original code of the program. If the entrusted program is required, appropriate technical disposal shall be made for the entrusted program without affecting the user‘s maintenance of the equipment, such as deleting the local symbol name and using the uploaded program or data block
d) Make strict tests to prevent unnecessary trouble caused by misoperation caused by imperfect maintenance procedures, and reduce the cost of after-sales service.
3、 Using communication function
In practical application, we often encounter some problems of data exchange between systems (between multiple PLCs, between PLCs and third-party instruments). Whether between Siemens products or between Siemens products and third-party products, it is proposed to use the communication plan to replace the signal interconnection plan between analog quantities or switching quantities. As for the former, the imitator can only see a hardware communication line. As for how several data are exchanged through communication, the imitator must spend energy discussing the detailed user program to make it clear; With regard to the latter, developers save time and effort, and imitators know everything from the back of their hands to the bottom of their eyes.
As for the program design of some frequency converters or servo motors, there are usually many ways, including direct line control and communication control. The use of communication will increase the difficulty of copying the program. For example, there are many kinds of PLC control on servo drivers, and the simpler ones can be pulse direct control or analog quantity control, This method is easy to copy. If it is replaced by communication control, the program will be much more complex. In addition, if the imitator is not familiar with the message, it is difficult to copy.
Sometimes the sub control system is composed of multiple sub control systems, thus forming a network with multiple CPUs and human-computer interface. The common product of Siemens S7-200 is PPI network, and the common product of s7-300400 is MPI Network, which is usually the data exchange between human-computer interface and CPU. We can also add some S7 basic communication functions without configuration in the user program of CPU (S7-200 can use netrnetw instruction, s7-300400 can use x_putx_get instruction), stop a small amount of data exchange between CPUs regularly or irregularly, and complete the interlocking of subsystem control logic through these data. For such a system, it is not very easy for imitators to analyze the program of a subsystem.
4、 Human machine interface with panel type
Try to use the panel type man-machine interface in the automation system to replace the single button indicator. If many man-machine interfaces do not have the source program, as long as they backup and restore the function, they can complete the maintenance function and lose the program of HMI. As for a PLC system, even if it has the source program, it is difficult to copy without the local mark of HMI.
Moreover, developers can add obvious manufacturer identification and contact information on the screen of the panel, so imitators can‘t copy it as it is.
If the imitator wants to copy the program, he must rewrite the program of the operation panel and even the program of PLC, and the developer can apply some special function areas of the panel and PLC data interface (such as the area pointer of Siemens panel, or VB script) To control the execution of PLC program. Such PLC program can only rely on guessing and online monitoring to obtain the change logic of PLC internal variables without HMI source program, which is time-consuming and laborious, which greatly increases the difficulty of imitation and plagiarism.
5、 Adopt non-standard man-machine interface
German engineers are willing to use this method. In China, most engineers are willing to use WinCC, InTouch or Kingview, etc., but in fact, in addition to these software, there is an increasingly tall writing method, that is, using VB to write programs. As for the interface between software and PLC, you can choose libnodave or other libraries. People who write in this way The machine interface has many benefits. First of all, there is no copyright problem. Because VB software is free, and for the promotion of windows system, it only needs to simply add a few files. Unlike WinCC, if windows is promoted, a large number of files need to be modified.
Ordinary people can‘t correct it, let alone copy it; they don‘t dare to correct it without good computer programming skills, and they can‘t change it only if they have computer skills and no PLC or process foundation.