三菱FX3U PLC密码破解解密软件开发入门
来源:电工天下时间:2017-06-30 15:53:12 作者:老电工手机版>>
【三菱FX3U PLC密码破解解密软件开发入门】
对于三菱plc FX2N的密码破解,在返回的数据中都能找到密码,密码是在软件里比较的,而FX3U就不同了,FX3U有两段密码,看下图:
第1段密就和FX2N的一样,加的是明码,第2段就不一样了,密码加上后都变了,算法也完全变了,但在网上有高手能做到直读密码,我们被FX3U这种PLC的强大功能所吸引,对三菱PLC大家都用习惯了,觉的用起来顺手,在整个工控行业中用的比例很大,因此,对破解这款PLC产生的浓厚的性趣。【三菱FX3U PLC密码破解解密软件开发入门】
FX3U有的可以2个口编程,一个是通常用的圆口,还有个可以扩展个232接口,我先试圆口,通过串口软件监控的数椐。
以下是我调试监控的数据。
# Time Function Data ( Hex )
1 [00000000] IRP_MJ_CREATE Port Opened - Gppw.exe
2 [00000000] IOCTL_SERIAL_SET_BAUD_RATE Baud Rate: 115200
3 [00000000] IOCTL_SERIAL_SET_LINE_CONTROL StopBits: 1, Parity: Even, DataBits: 7
4 [00000001] IRP_MJ_WRITE Length: 0001, Data: 05
5 [00000002] IRP_MJ_READ Length: 0001, Data: 06
6 [00000002] IRP_MJ_WRITE Length: 0011, Data: 02 30 30 45 30 32 30 32 03 36 43
7 [00000003] IRP_MJ_READ Length: 0001, Data: 02
8 [00000003] IRP_MJ_READ Length: 0001, Data: 42
9 [00000003] IRP_MJ_READ Length: 0001, Data: 31
10 [00000003] IRP_MJ_READ Length: 0001, Data: 35
11 [00000003] IRP_MJ_READ Length: 0001, Data: 45
12 [00000003] IRP_MJ_READ Length: 0001, Data: 03
13 [00000003] IRP_MJ_READ Length: 0001, Data: 46
14 [00000003] IRP_MJ_READ Length: 0001, Data: 30
15 [00000004] IRP_MJ_WRITE Length: 0011, Data: 02 30 30 45 43 41 30 32 03 38 45
16 [00000004] IRP_MJ_READ Length: 0001, Data: 02
17 [00000004] IRP_MJ_READ Length: 0001, Data: 37
18 [00000004] IRP_MJ_READ Length: 0001, Data: 31
19 [00000004] IRP_MJ_READ Length: 0001, Data: 33
20 [00000004] IRP_MJ_READ Length: 0001, Data: 46
21 [00000004] IRP_MJ_READ Length: 0001, Data: 03
22 [00000004] IRP_MJ_READ Length: 0001, Data: 45
23 [00000004] IRP_MJ_READ Length: 0001, Data: 34
24 [00000005] IRP_MJ_WRITE Length: 0011, Data: 02 30 30 45 30 32 30 32 03 36 43
25 [00000006] IRP_MJ_READ Length: 0001, Data: 02
26 [00000006] IRP_MJ_READ Length: 0001, Data: 42
27 [00000006] IRP_MJ_READ Length: 0001, Data: 31
28 [00000006] IRP_MJ_READ Length: 0001, Data: 35
29 [00000006] IRP_MJ_READ Length: 0001, Data: 45
30 [00000006] IRP_MJ_READ Length: 0001, Data: 03
31 [00000006] IRP_MJ_READ Length: 0001, Data: 46
32 [00000006] IRP_MJ_READ Length: 0001, Data: 30
33 [00000006] IRP_MJ_WRITE Length: 0011, Data: 02 30 30 45 43 41 30 32 03 38 45
34 [00000007] IRP_MJ_READ Length: 0001, Data: 02
35 [00000007] IRP_MJ_READ Length: 0001, Data: 37
36 [00000007] IRP_MJ_READ Length: 0001, Data: 31
37 [00000007] IRP_MJ_READ Length: 0001, Data: 33
38 [00000007] IRP_MJ_READ Length: 0001, Data: 46
39 [00000007] IRP_MJ_READ Length: 0001, Data: 03
40 [00000007] IRP_MJ_READ Length: 0001, Data: 45
41 [00000007] IRP_MJ_READ Length: 0001, Data: 34
42 [00000015] IRP_MJ_CLOSE Port Closed
6、上述 从串口监控到的数据是十六进制的数据,还真不好看,先转换成ASC码,就好看多了。
# Time Function Data ( String )
1 [00000000] IRP_MJ_CREATE Port Opened - Gppw.exe
2 [00000000] IOCTL_SERIAL_SET_BAUD_RATE Baud Rate: 115200
3 [00000000] IOCTL_SERIAL_SET_LINE_CONTROL StopBits: 1, Parity: Even, DataBits: 7
4 [00000001] IRP_MJ_WRITE Length: 0001, Data:
5 [00000002] IRP_MJ_READ Length: 0001, Data:
6 [00000002] IRP_MJ_WRITE Length: 0011, Data: 00E02026C
7 [00000003] IRP_MJ_READ Length: 0001, Data:
8 [00000003] IRP_MJ_READ Length: 0001, Data: B
9 [00000003] IRP_MJ_READ Length: 0001, Data: 1
10 [00000003] IRP_MJ_READ Length: 0001, Data: 5
11 [00000003] IRP_MJ_READ Length: 0001, Data: E
12 [00000003] IRP_MJ_READ Length: 0001, Data:
13 [00000003] IRP_MJ_READ Length: 0001, Data: F
14 [00000003] IRP_MJ_READ Length: 0001, Data: 0
15 [00000004] IRP_MJ_WRITE Length: 0011, Data: 00ECA028E
16 [00000004] IRP_MJ_READ Length: 0001, Data:
17 [00000004] IRP_MJ_READ Length: 0001, Data: 7
18 [00000004] IRP_MJ_READ Length: 0001, Data: 1
19 [00000004] IRP_MJ_READ Length: 0001, Data: 3
20 [00000004] IRP_MJ_READ Length: 0001, Data: F
21 [00000004] IRP_MJ_READ Length: 0001, Data:
22 [00000004] IRP_MJ_READ Length: 0001, Data: E
23 [00000004] IRP_MJ_READ Length: 0001, Data: 4
24 [00000005] IRP_MJ_WRITE Length: 0011, Data: 00E02026C
25 [00000006] IRP_MJ_READ Length: 0001, Data:
26 [00000006] IRP_MJ_READ Length: 0001, Data: B
27 [00000006] IRP_MJ_READ Length: 0001, Data: 1
28 [00000006] IRP_MJ_READ Length: 0001, Data: 5
29 [00000006] IRP_MJ_READ Length: 0001, Data: E
30 [00000006] IRP_MJ_READ Length: 0001, Data:
31 [00000006] IRP_MJ_READ Length: 0001, Data: F
32 [00000006] IRP_MJ_READ Length: 0001, Data: 0
33 [00000006] IRP_MJ_WRITE Length: 0011, Data: 00ECA028E
34 [00000007] IRP_MJ_READ Length: 0001, Data:
35 [00000007] IRP_MJ_READ Length: 0001, Data: 7
36 [00000007] IRP_MJ_READ Length: 0001, Data: 1
37 [00000007] IRP_MJ_READ Length: 0001, Data: 3
38 [00000007] IRP_MJ_READ Length: 0001, Data: F
39 [00000007] IRP_MJ_READ Length: 0001, Data:
40 [00000007] IRP_MJ_READ Length: 0001, Data: E
41 [00000007] IRP_MJ_READ Length: 0001, Data: 4
42 [00000015] IRP_MJ_CLOSE Port Closed
电脑发:00E0202 ’查询D8001的值
PLC回:B15E ‘回复为5EB1,回复的数据高位在后、低位在前,所以要对调个位,
5EB1转为10进数据值为:24241,24表示PLC型号FX2N或3U,241表示版本号,
电脑发:00ECA02码 ’查询D8101的值
PLC回:713F ‘回复为3F71转为10进数据值为:16241,16表示PLC型号为FX3U,241表示版本号
以上这一大段数据也就是编程软件查询一下PLC的型号,以便接下来按相应的通迅协议进行通迅。
相关文章
三菱plcFX3U外部电源怎么接线,视接口类型不同选用接线方法
三菱fx48m型plc是交流电源供电(单相交流电),plc有直流24v输出端口,可以给传感器或扩展模块供电(不是由外部接入24v直流电)。plc输入端自身有内部电源,如果只是按钮或行程开关类型,则不需要另外接电源,直接接按钮或开关的两端即可。
时间:2022-06-30 10:48:41
三菱触摸屏密码的设置方式
三菱触摸屏密码的设置方式,三菱触摸屏编程软件中有密码设置功能,在软件中选择“公共设置选项”中的“系统环境”,出现系统环境设置对话框,选择密码即可对触摸屏设置密码功能进行应用。
时间:2022-03-06 13:14:12
三菱plc设置密码防止他人读写的方法
三菱plc中怎么设置密码,以防止他人读写程序,以下是设置密码的操作方法,供大家参考。设置步骤:菜单→在线→口令→选择你要加密程序→设置→选择禁止读写→输入密码→确定。
时间:2022-02-19 12:44:13
三菱plc fx3uc中都支持哪些编程语言
三菱plc fx3uc中都支持哪些编程语言,三菱PLCFX3U·FX3UC可编程控制器编程的支持以下3种编程语言,即指令表编程、梯形图编程与SFC(STL)编程,下面具体来看下。
时间:2022-01-26 09:16:19
三菱fx3u plc输出接线的正确方法
三菱fx3u plc输出接线方法图解,其输出分为继电器输出和晶体管输出和晶闸管输出,晶体管输出分为源型输出与漏型输出两种类型,其接线方式与接线图,供大家学习参考。
时间:2020-05-22 09:10:44
三菱fx3u plc输出接线方法图解
关于三菱fx3u系列plc输出接线方法,对plc进行接线,必须掌握plc的具体型号,了解其接线方式是怎么样的,知道所接电源是多少,掌握信号接入plc的正确方法,才能对plc进行正确地接线。
时间:2020-05-22 09:07:15
三菱plc fx3u怎么接外部电源?fx3u系列plc外部电源接线图
有关三菱plc fx3u接外部电源的接线方法,三菱fx48m型plc接交流电源的接线方式是怎么样的,什么情况下需要接外部电源,针对plc输入端与输出端是否接外部电源的问题讨论。
时间:2017-07-23 13:48:24
三菱fx3u plc输入接线图及接线注意事项
三菱fx3u plc输入接线怎么接,学习plc的使用,一定要掌握其接线方式,弄明白plc所接电源是多少,掌握把信号接入到plc中的方法,怎么用plc的输出信号来控制负载,模拟量信号的输入和输出怎么接等。
时间:2017-07-23 13:42:21
- 上一篇:三菱plc程序编写技巧指南
- 下一篇:使用电脑从三菱plc可编程控制器读取数据