plcforum.uz.ua

International PLC Forum
It is currently Thu Aug 16, 2018 3:55 pm

All times are UTC + 3 hours




Post new topic Reply to topic  [ 44 posts ] 
Author Message
PostPosted: Sat Dec 18, 2010 12:04 am 

Joined: Tue Sep 12, 2006 10:12 pm
Posts: 167
hi all friends

My Weintek HMI is password protect.
How is it crack or Unlook ?

Any help would be greatly appreciated.

Your fast reply is highly appreciated

Many thanks in advance

help me please...

best regards

from (tyou) (tyou) (tyou) (tyou)

Anwer Shahzad


Top
 Profile  
 
PostPosted: Sun Dec 19, 2010 8:37 am 

Joined: Sun Apr 11, 2010 6:00 am
Posts: 894
Location: Russia
Plz, drop the link to Weintek HMI Easy view.
So we can check this out for availability to bypass or remove a password


Top
 Profile  
 
PostPosted: Sun Dec 19, 2010 10:45 am 

Joined: Tue Sep 12, 2006 10:12 pm
Posts: 167
hi Linkinx64

http://www.weintek.com

from (welc) (tyou)

Anwer Shahzad


Top
 Profile  
 
PostPosted: Sun Dec 19, 2010 11:18 am 

Joined: Tue Nov 20, 2007 10:08 pm
Posts: 832
Location: Belarus
Soft Weintek HMI Easy view:
ftp://ftp.weintek.com/
Good luck!


Top
 Profile  
 
PostPosted: Mon Dec 20, 2010 8:26 am 

Joined: Sun Apr 11, 2010 6:00 am
Posts: 894
Location: Russia
I downloaded this soft: ftp://ftp.weintek.com/MT8000/EB8000_ins ... 101208.zip
The instruction below is how to find open project password for .mtp files of this soft:

1. Open .mtp file in HEX-editor (I use 010 editor v3) and navigate to the end of file.
2. Find the follow template: 1.1.1.1.1.1 ..... 01 FE (see picture)
3. Some bytes lower you'll see the password:
Image

4. You see C4 2F 01.* So now open Windows Calculator. Choose view->scientific. Choose the HEX number system.
Type what you see in hex-editor arsy-versy in Windows Calculator: 01 2F C4.
Image
5. Change number system from HEX to DEC and you'll see the password:
Image
*Password length can be different.

EasyBuilder -> easy password :)

P.S. If you want to REMOVE password - just erase it: C4 2F 01 -> 00 00 00
P.P.S. If this soft is not what you looking for - provide the direct link. I didn't found any "Easy View" on the referenced web-site.

regards, Linkinx64


Top
 Profile  
 
PostPosted: Mon Dec 20, 2010 7:45 pm 

Joined: Tue Sep 12, 2006 10:12 pm
Posts: 167
hi Linkinx64

I am not upload (program or project) from HMI

he want password (I not have .mtp files)

Many thanks in advance

help me please...

best regards

from (tyou) (tyou) (tyou) (tyou)

Anwer Shahzad


Top
 Profile  
 
PostPosted: Mon Dec 20, 2010 10:32 pm 

Joined: Tue Nov 20, 2007 10:08 pm
Posts: 832
Location: Belarus
You must use the monitor com port. For example Comlite32, LGComSpy and others to analyze the exchange between the panel and the PC. For example, how to open up the passwords to Rockwell and Mitsubishi.
http://www.rapidshare.com/files/438413626/password_rockwell.pdf
http://www.rapidshare.com/files/438413621/password_mitsubishi.pdf
Good luck!


Top
 Profile  
 
PostPosted: Tue Dec 21, 2010 4:33 pm 

Joined: Sun Apr 11, 2010 6:00 am
Posts: 894
Location: Russia
Hi, Anwer

I think if "retrieve data" command is initiated by the software (no password checking logic inside HMI) the project can be uploaded to the .xob file with any password (if "decompilation prohibited" option wasn't chosen at the project download stage).
You need use win32-debugger to attach to the ProjectManager.exe, find in PE module "password" strings, set breakpoints before and after. Try to upload project with wrong password. If catched at breakpoint - step over and watch CPU registers (espetially before conditional jumps). Also may help tracing till message "password is wrong" appear.
Unfortunately I have no Weintek HMI panel to try it...

Port monitoring also useful. In addition to the software adviced by vlad2006gr try "Bus Hound" also.

regards, Linkinx64


Top
 Profile  
 
PostPosted: Thu Dec 23, 2010 1:09 am 

Joined: Tue Nov 20, 2007 10:08 pm
Posts: 832
Location: Belarus
Answer Shahzad try the default password for Weintek HMI - 111111
Good luck!


Top
 Profile  
 
PostPosted: Tue Oct 18, 2011 12:52 pm 

Joined: Thu Apr 17, 2008 2:48 pm
Posts: 65
Location: Egypt
hi any one can help us .


Top
 Profile  
 
PostPosted: Sat Feb 25, 2012 11:13 pm 

Joined: Sat Feb 25, 2012 10:56 pm
Posts: 3
Hi, Linkinx64!
I use USB monitor, but i not find password.Can you help me find password?
I use project manager (EB800). Upload project by USB, but i dont know password to upload.


Top
 Profile  
 
PostPosted: Sun Feb 26, 2012 7:24 pm 

Joined: Sun Apr 11, 2010 6:00 am
Posts: 894
Location: Russia
Hi ASU_Slava

At least I need to see the logs of Bus hound/usb monitor: one log when you attempt to download project with wrong password, another log - panel reply.


Top
 Profile  
 
PostPosted: Mon Feb 27, 2012 4:17 pm 

Joined: Sat Feb 25, 2012 10:56 pm
Posts: 3
Use soft Bus Hound. Wrong password load/reset 3333, Wrong password upload 3333.

Log Upload:
Image

Log Replay:

Image

I do not know where the password.


Top
 Profile  
 
PostPosted: Tue Feb 28, 2012 8:42 am 

Joined: Sun Apr 11, 2010 6:00 am
Posts: 894
Location: Russia
I don't see it too...

This is either hashes or encoded data or unknown set of symbols.
Try to do the follow steps:
1. Try to retrieve the project using wrong password "3333" twice. So, it will be 2 logs. This will let us know which symbols need to ignore.
2. Try to retrieve the project using wrong password that is similar to "3333" (e.g. "1111"). This may let us know the password location in IN block. Better make 2 logs too.

Which version of EasyBuilder you use? And what is "1234567890" in IN block?


Top
 Profile  
 
PostPosted: Tue Feb 28, 2012 6:24 pm 

Joined: Sat Feb 25, 2012 10:56 pm
Posts: 3
I use EasyBuilder8000 v4.50
Wrong password load/reset 4444, Wrong password upload 4444.
Log Upload_1
Image

Log Upload_2
Image

Log Replay_1
Image

Log Replay_2
Image

Wrong password load/reset 5555, Wrong password upload 5555.

Log Upload_1
Image

Log Upload_2
Image

Log Replay_1
Image

Log Replay_2
Image

Сombination of digits "1234567890", I never use. What is this sequence, I do not know


Top
 Profile  
 
PostPosted: Wed Feb 29, 2012 3:01 pm 

Joined: Sun Apr 11, 2010 6:00 am
Posts: 894
Location: Russia
Very sad pictures... Data variance in IN blocks is almost 100%.
Is that RSA encryption or something?

Need use debugger. I will check the software insides and let you know. It will take a while...


Top
 Profile  
 
PostPosted: Wed Feb 29, 2012 4:10 pm 
Site Admin

Joined: Mon Aug 15, 2011 5:27 pm
Posts: 127
Linkinx64 wrote:
...

ASU_Slava wrote:
...

А между собой по русски слабо :D


Top
 Profile  
 
PostPosted: Thu Mar 01, 2012 7:07 pm 

Joined: Sun Apr 11, 2010 6:00 am
Posts: 894
Location: Russia
Can I have an access with administrative rights to the target PC with EasyBuilder (connected to Weintek HMI) through the TeamViewer? From 6am to 3pm Moscow time


Top
 Profile  
 
PostPosted: Sat Jan 05, 2013 5:01 pm 

Joined: Mon Nov 26, 2012 9:45 pm
Posts: 1
Hello ,

I am working with an LG plc connected to an EasyView500 from weintek (HMI)
The Constructor of the machine gone away and does exist now at all

the hmi is protected with password and no way to extract binary file .
if there is some one who know what to do help will be appreciated

I havent other hmi to expriment how to extract password with port com analysers

thanks;


Top
 Profile  
 
PostPosted: Sun Jul 27, 2014 10:37 pm 

Joined: Sun Jul 27, 2014 10:26 pm
Posts: 1
Good day? unable to find the password to the project Weintek HMI I need to make changes to the software closed password? unable to unload but no password is required to decompile the project as it is possible to learn


Top
 Profile  
 
PostPosted: Thu Dec 04, 2014 8:30 am 

Joined: Thu Dec 04, 2014 8:21 am
Posts: 21
Location: Iran-Mashhad
hi my friends.
I have a delta hmi . but is protected with password and I can not upload program.
can you help me for solve my problem?????

thank you .
your sincerely
id : javad610
(tyou) (tyou) (tyou)


Top
 Profile  
 
PostPosted: Tue Dec 09, 2014 9:46 am 

Joined: Sun Oct 18, 2009 11:19 am
Posts: 142
what is the model type?


Top
 Profile  
 
PostPosted: Tue Dec 09, 2014 10:11 am 

Joined: Thu Dec 04, 2014 8:21 am
Posts: 21
Location: Iran-Mashhad
what is the model type?

Dear hmohamed.
thank you for your replay.
my hmi type is DOP series.
DOP-b07s411
(oftop)
(oo)


Top
 Profile  
 
PostPosted: Wed Dec 10, 2014 10:43 am 

Joined: Sun Oct 18, 2009 11:19 am
Posts: 142
i am afraid you can not upload the program unless you know the password you can try 12345678 witch is the default password for the HMI
but if the Model is A series i have away to upload the program but unfortunately not working with B series Sorry


Top
 Profile  
 
PostPosted: Wed Dec 10, 2014 11:48 am 

Joined: Thu Dec 04, 2014 8:21 am
Posts: 21
Location: Iran-Mashhad
ooooooh
its very bad.
can I use usb port monitor application for show password? like to unlock logo plc.

how ever.
thankyou for your guide.
yours sincerely
(thnx) (thnx) (thnx)


Top
 Profile  
 
PostPosted: Thu Dec 11, 2014 7:58 am 

Joined: Thu Dec 04, 2014 8:21 am
Posts: 21
Location: Iran-Mashhad
we have A series HMI in another machine .
what is your way to upload? can I know it?
thank you.


Top
 Profile  
 
PostPosted: Sun Dec 14, 2014 4:10 pm 

Joined: Sun Oct 18, 2009 11:19 am
Posts: 142
is there a usb port in your HMI?

(1)if yes insert a falsh memory in it and press system key then file manager copy to falsh memory then unplug your fash memory
(2)insert your flash memory in your PC and you will find the program and you can know the password option--->configuration

good luck


Top
 Profile  
 
PostPosted: Tue Mar 24, 2015 4:17 pm 

Joined: Tue Mar 24, 2015 4:08 pm
Posts: 1
How crack or unlock hmi weintek tk6070ih password ?
I want copy the program
I will replacement this with new hmi ( same type )
Any can you help me please ?
Thanks


Top
 Profile  
 
PostPosted: Mon Oct 05, 2015 9:43 am 

Joined: Sun Oct 18, 2009 11:19 am
Posts: 142
hi

i tested this software and working ok
enjoy it
http://www.arabloads.net/niq2n4jwkgtw/E ... w.rar.html

good luck


Top
 Profile  
 
PostPosted: Tue Oct 27, 2015 1:04 pm 

Joined: Thu Jan 04, 2007 12:10 am
Posts: 109
Location: Europe
Hi,
Please can you reload.
Now the link is no more active.
hmohamed wrote:
hi

i tested this software and working ok
enjoy it
http://www.arabloads.net/niq2n4jwkgtw/E ... w.rar.html

good luck

dekor.


Top
 Profile  
 
PostPosted: Wed Oct 28, 2015 7:21 am 

Joined: Sun Oct 18, 2009 11:19 am
Posts: 142
here is the new link

http://www.arabloads.net/eiw5w2tzubns/E ... w.rar.html

Good Luck


Top
 Profile  
 
PostPosted: Fri Nov 27, 2015 1:47 pm 

Joined: Thu Apr 17, 2008 2:48 pm
Posts: 65
Location: Egypt
update link please


Top
 Profile  
 
PostPosted: Sat Nov 28, 2015 8:48 am 

Joined: Sun Oct 18, 2009 11:19 am
Posts: 142
ahmed yousri wrote:
update link please


http://www.arabloads.net/bhwl60cg7w0z/E ... w.rar.html

good luck


Top
 Profile  
 
PostPosted: Fri Jan 08, 2016 5:35 am 

Joined: Fri Jan 08, 2016 5:31 am
Posts: 1
hi Linkinx64

Could you upload the image how you get password with Hex Editor?
the image is died.
Thanks you


Top
 Profile  
 
PostPosted: Mon Jan 25, 2016 4:14 pm 

Joined: Thu Nov 29, 2012 8:46 pm
Posts: 24
phucng25 wrote:
hi Linkinx64

Could you upload the image how you get password with Hex Editor?
the image is died.
Thanks you


Please upload backup file from your HMI weintek, I will try decompile it (delete password protected) and return it for you!!! (Please upload to 4share.com to easy download it).

Regards!!!! :anon:


Top
 Profile  
 
PostPosted: Mon Jun 13, 2016 5:15 am 

Joined: Mon Jan 28, 2013 6:39 pm
Posts: 2
Location: INDIA
hi all

i have wintek hmi xob file passward protect

how to unpoetect xob file


Top
 Profile  
 
PostPosted: Tue Jun 21, 2016 9:09 pm 

Joined: Tue Mar 10, 2015 5:27 am
Posts: 9
pmpatel34 wrote:
hi all

i have wintek hmi xob file passward protect

how to unpoetect xob file

Please go here: http://unlockplc.com/crack-plc-hmi/
Or send the XOB file to me: unlockplc123@gmail.com


Top
 Profile  
 
PostPosted: Sat Jul 16, 2016 8:15 am 

Joined: Wed Nov 26, 2008 11:01 am
Posts: 47
Location: Iran
hi Linkinx64

Could you reupload the image how you get password with Hex Editor?
the image is died.
Thanks you


Top
 Profile  
 
PostPosted: Fri Feb 09, 2018 3:27 pm 

Joined: Sat Feb 10, 2007 11:57 am
Posts: 31
Please help to recover password of Weintek MT506L display. Usb hound data string is attached with. vlad2006gr
Link is https://files.fm/u/gyuk87ng


Last edited by peterfrick on Sat Feb 10, 2018 9:46 am, edited 1 time in total.

Top
 Profile  
 
PostPosted: Sat Feb 10, 2018 9:35 am 

Joined: Sat Feb 10, 2007 11:57 am
Posts: 31
Please help


Top
 Profile  
 
PostPosted: Sun Feb 11, 2018 10:29 pm 

Joined: Sat Jul 23, 2011 5:02 pm
Posts: 136
Please hmohamed
Update the link or upload the crack software for wientek again

Thanks


Top
 Profile  
 
PostPosted: Tue Feb 20, 2018 1:04 pm 

Joined: Sun Oct 18, 2009 11:19 am
Posts: 142
mohdabshr wrote:
Please hmohamed
Update the link or upload the crack software for wientek again

Thanks

You Can Find all Decryption Software through this Link
http://www.ymmfa.com
it is Chinese web site but you can use Google translate

GOOD LUCK


Top
 Profile  
 
PostPosted: Fri Feb 23, 2018 10:09 pm 

Joined: Thu Jan 04, 2007 12:10 am
Posts: 109
Location: Europe
hmohamed,
please, can you be more specific?
I am interested too for that topic.
Thank you in advance.


Top
 Profile  
 
PostPosted: Mon Feb 26, 2018 11:35 pm 

Joined: Sun Oct 18, 2009 11:19 am
Posts: 142
dekor wrote:
hmohamed,
please, can you be more specific?
I am interested too for that topic.
Thank you in advance.


this web site www.ymmfa.com have tools to break passwords for PLCs and HMIs

i have tried many times

good luck


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 44 posts ] 

All times are UTC + 3 hours


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
Powered by International PLCforum® Forum Software © PLCforum
Mobile version