三菱FX3U PLC密码破解解密软件开发入门

来源:电工天下时间:2017-06-30 15:53:12 作者:老电工手机版>>

三菱FX3U PLC密码破解解密软件开发入门

对于三菱plc FX2N的密码破解,在返回的数据中都能找到密码,密码是在软件里比较的,而FX3U就不同了,FX3U有两段密码,看下图:

   

 

1段密就和FX2N的一样,加的是明码,第2段就不一样了,密码加上后都变了,算法也完全变了,但在网上有高手能做到直读密码,我们被FX3U这种PLC的强大功能所吸引,对三菱PLC大家都用习惯了,觉的用起来顺手,在整个工控行业中用的比例很大,因此,对破解这款PLC产生的浓厚的性趣。三菱FX3U PLC密码破解解密软件开发入门

 

FX3U有的可以2个口编程,一个是通常用的圆口,还有个可以扩展个232接口,我先试圆口,通过串口软件监控的数椐。

 

以下是我调试监控的数据。

#       Time        Function                        Data ( Hex ) 

1       [00000000]  IRP_MJ_CREATE                   Port Opened - Gppw.exe

2       [00000000]  IOCTL_SERIAL_SET_BAUD_RATE      Baud Rate: 115200

3       [00000000]  IOCTL_SERIAL_SET_LINE_CONTROL   StopBits: 1, Parity: Even, DataBits: 7

4       [00000001]  IRP_MJ_WRITE                    Length: 0001, Data: 05 

5       [00000002]  IRP_MJ_READ                     Length: 0001, Data: 06 

6       [00000002]  IRP_MJ_WRITE                    Length: 0011, Data: 02 30 30 45 30 32 30 32 03 36 43 

7       [00000003]  IRP_MJ_READ                     Length: 0001, Data: 02 

8       [00000003]  IRP_MJ_READ                     Length: 0001, Data: 42 

9       [00000003]  IRP_MJ_READ                     Length: 0001, Data: 31 

10      [00000003]  IRP_MJ_READ                     Length: 0001, Data: 35 

11      [00000003]  IRP_MJ_READ                     Length: 0001, Data: 45 

12      [00000003]  IRP_MJ_READ                     Length: 0001, Data: 03 

13      [00000003]  IRP_MJ_READ                     Length: 0001, Data: 46 

14      [00000003]  IRP_MJ_READ                     Length: 0001, Data: 30 

15      [00000004]  IRP_MJ_WRITE                    Length: 0011, Data: 02 30 30 45 43 41 30 32 03 38 45 

16      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 02 

17      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 37 

18      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 31 

19      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 33 

20      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 46 

21      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 03 

22      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 45 

23      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 34 

24      [00000005]  IRP_MJ_WRITE                    Length: 0011, Data: 02 30 30 45 30 32 30 32 03 36 43 

25      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 02 

26      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 42 

27      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 31 

28      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 35 

29      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 45 

30      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 03 

31      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 46 

32      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 30 

33      [00000006]  IRP_MJ_WRITE                    Length: 0011, Data: 02 30 30 45 43 41 30 32 03 38 45 

34      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 02 

35      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 37

36      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 31 

37      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 33 

38      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 46 

39      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 03 

40      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 45 

41      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 34 

42      [00000015]  IRP_MJ_CLOSE                    Port Closed

6、上述 从串口监控到的数据是十六进制的数据,还真不好看,先转换成ASC码,就好看多了。

#       Time        Function                        Data ( String ) 

1       [00000000]  IRP_MJ_CREATE                   Port Opened - Gppw.exe

2       [00000000]  IOCTL_SERIAL_SET_BAUD_RATE      Baud Rate: 115200

3       [00000000]  IOCTL_SERIAL_SET_LINE_CONTROL   StopBits: 1, Parity: Even, DataBits: 7

4       [00000001]  IRP_MJ_WRITE                    Length: 0001, Data: 

5       [00000002]  IRP_MJ_READ                     Length: 0001, Data: 

6       [00000002]  IRP_MJ_WRITE                    Length: 0011, Data: 00E02026C

7       [00000003]  IRP_MJ_READ                     Length: 0001, Data: 

8       [00000003]  IRP_MJ_READ                     Length: 0001, Data: B

9       [00000003]  IRP_MJ_READ                     Length: 0001, Data: 1

10      [00000003]  IRP_MJ_READ                     Length: 0001, Data: 5

11      [00000003]  IRP_MJ_READ                     Length: 0001, Data: E

12      [00000003]  IRP_MJ_READ                     Length: 0001, Data: 

13      [00000003]  IRP_MJ_READ                     Length: 0001, Data: F

14      [00000003]  IRP_MJ_READ                     Length: 0001, Data: 0

15      [00000004]  IRP_MJ_WRITE                    Length: 0011, Data: 00ECA028E

16      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 

17      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 7

18      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 1

19      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 3

20      [00000004]  IRP_MJ_READ                     Length: 0001, Data: F

21      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 

22      [00000004]  IRP_MJ_READ                     Length: 0001, Data: E

23      [00000004]  IRP_MJ_READ                     Length: 0001, Data: 4

24      [00000005]  IRP_MJ_WRITE                    Length: 0011, Data: 00E02026C

25      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 

26      [00000006]  IRP_MJ_READ                     Length: 0001, Data: B

27      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 1

28      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 5

29      [00000006]  IRP_MJ_READ                     Length: 0001, Data: E

30      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 

31      [00000006]  IRP_MJ_READ                     Length: 0001, Data: F

32      [00000006]  IRP_MJ_READ                     Length: 0001, Data: 0

33      [00000006]  IRP_MJ_WRITE                    Length: 0011, Data: 00ECA028E

34      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 

35      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 7

36      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 1

37      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 3

38      [00000007]  IRP_MJ_READ                     Length: 0001, Data: F

39      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 

40      [00000007]  IRP_MJ_READ                     Length: 0001, Data: E

41      [00000007]  IRP_MJ_READ                     Length: 0001, Data: 4

42      [00000015]  IRP_MJ_CLOSE                    Port Closed

电脑发:00E0202      ’查询D8001的值

PLC回:B15E           ‘回复为5EB1,回复的数据高位在后、低位在前,所以要对调个位,

5EB1转为10进数据值为:2424124表示PLC型号FX2N3U241表示版本号,

电脑发:00ECA02码   ’查询D8101的值

PLC回:713F            ‘回复为3F71转为10进数据值为:1624116表示PLC型号为FX3U241表示版本号

 

以上这一大段数据也就是编程软件查询一下PLC的型号,以便接下来按相应的通迅协议进行通迅。

相关文章
  • 三菱plcFX3U外部电源怎么接线,视接口类型不同选用接线方法

    三菱plcFX3U外部电源怎么接线,视接口类型不同选用接线方法

    三菱fx48m型plc是交流电源供电(单相交流电),plc有直流24v输出端口,可以给传感器或扩展模块供电(不是由外部接入24v直流电)。plc输入端自身有内部电源,如果只是按钮或行程开关类型,则不需要另外接电源,直接接按钮或开关的两端即可。

    时间:2022-06-30 10:48:41

  • 三菱触摸屏密码的设置方式

    三菱触摸屏密码的设置方式

    三菱触摸屏密码的设置方式,三菱触摸屏编程软件中有密码设置功能,在软件中选择“公共设置选项”中的“系统环境”,出现系统环境设置对话框,选择密码即可对触摸屏设置密码功能进行应用。

    时间:2022-03-06 13:14:12

  • 三菱plc设置密码防止他人读写的方法

    三菱plc设置密码防止他人读写的方法

    三菱plc中怎么设置密码,以防止他人读写程序,以下是设置密码的操作方法,供大家参考。设置步骤:菜单→在线→口令→选择你要加密程序→设置→选择禁止读写→输入密码→确定。

    时间:2022-02-19 12:44:13

  • 三菱plc fx3uc中都支持哪些编程语言

    三菱plc fx3uc中都支持哪些编程语言

    三菱plc fx3uc中都支持哪些编程语言,三菱PLCFX3U·FX3UC可编程控制器编程的支持以下3种编程语言,即指令表编程、梯形图编程与SFC(STL)编程,下面具体来看下。

    时间:2022-01-26 09:16:19

  • 三菱fx3u plc输出接线的正确方法

    三菱fx3u plc输出接线的正确方法

    三菱fx3u plc输出接线方法图解,其输出分为继电器输出和晶体管输出和晶闸管输出,晶体管输出分为源型输出与漏型输出两种类型,其接线方式与接线图,供大家学习参考。

    时间:2020-05-22 09:10:44

  • 三菱fx3u plc输出接线方法图解

    三菱fx3u plc输出接线方法图解

    关于三菱fx3u系列plc输出接线方法,对plc进行接线,必须掌握plc的具体型号,了解其接线方式是怎么样的,知道所接电源是多少,掌握信号接入plc的正确方法,才能对plc进行正确地接线。

    时间:2020-05-22 09:07:15

  • 三菱plc fx3u怎么接外部电源?fx3u系列plc外部电源接线图

    三菱plc fx3u怎么接外部电源?

    有关三菱plc fx3u接外部电源的接线方法,三菱fx48m型plc接交流电源的接线方式是怎么样的,什么情况下需要接外部电源,针对plc输入端与输出端是否接外部电源的问题讨论。

    时间:2017-07-23 13:48:24

  • 三菱fx3u plc输入接线图及接线注意事项

    三菱fx3u plc输入接线图及接线注意事项

    三菱fx3u plc输入接线怎么接,学习plc的使用,一定要掌握其接线方式,弄明白plc所接电源是多少,掌握把信号接入到plc中的方法,怎么用plc的输出信号来控制负载,模拟量信号的输入和输出怎么接等。

    时间:2017-07-23 13:42:21

推荐文章

Copyright © 2015 - 2022 dgjs123.com All Rights Reserved

电工天下 版权所有