Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Ab Plc Password Crack

Ab Plc Password Crack

|Views: 1,043|Likes:
Published by janbin1

More info:

Published by: janbin1 on Oct 17, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





A Technique to discover the password or “keyword” stored in Allen-Bradley SLC series PLC’s
 Written By Ian SullivanApplication Software required:RSLogix 500RSLinxComlite 32 (Available free fromhttp://www.rtcomm.com/) NOTE:This technique is intended as a work around when you have been left with a password protected PLC and the original installer has gone bust!IntroductionThe keywords within an Allen-Bradley processor consists of a string of up to ten characters in the range 0-9 for the main password and the same againfor the master password. If a keyword has been set within the processor, it is required in order to read the program from the PLC to be able to monitor /modify the program. If you haven’t got the key, you can’t get in.Rockwells UK technical support have been asked if it is possible to identify or get round the keyword, their answer is no, you must clear the PLCmemory and start again. Not very good if you do not have the original code to begin with! I recently found a way of finding the keyword in Mitsubishi processors, therefore the next logical step was to try the SLC processor. I thought it would be more difficult, I was wrong!(Note that ComLite32 does not work with NT/2000 – I used W98)Setting The KeywordSLC Processor I had a distinct advantage over some users, whereby I did not have a protected PLC to crack, I had an unprotected one which I could set any keyword init so I knew what I was looking for. On the SLC processor, using Logix 500, I set the main password to "0123456789" and the master password to
Page 1 of 9Allen-Bradley SLC Keywords06/02/2003http://freespace.virgin.net/ian.sullivan/rockwell.htm
"5555566666", downloaded it to the processor, then closed the file. I started ComLite32 to monitor com1 in single line mode. I then did a “who active -go online" into a blank project. When “No Matching File Found" dialog is shown, switch to ComLite and start logging. Switch back to Logix and hit the"Create New File" button. A dialog then appears asking for the passowrd, at this point type in any keyword (e.g. 123456), the dialog will appear again(because the keywords don’t match), you can try this three times. At this point, switch back to ComLite and see what you’ve got. It will appear something like this:Page 2 of 9Allen-Bradley SLC Keywords06/02/2003http://freespace.virgin.net/ian.sullivan/rockwell.htm
 The red data is what your PC is sending, Blue data is sent from the PLC.It looks like the PC sends a command to the PLC asking for the keyword, the PLC then sends it back and Logix compares the two, if they match, itallows you to continue. The red <todo> looks like a request for data, the plc then sends back data (blue) which inlcudes the tow passwords. The strangePage 3 of 9Allen-Bradley SLC Keywords06/02/2003http://freespace.virgin.net/ian.sullivan/rockwell.htm

Activity (9)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
Nguyễn Văn Quyền liked this
Haris Zaidi liked this
Gumiho Nguyễn liked this
Haris Zaidi liked this
Nguyen Phuong Hai liked this
NAITIK liked this
umeshkoranga liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->