[?]: Mitsubishi Q-Series USB password crack

другие контроллеры
Post Reply
Suresoft
Posts: 9
Joined: Sun May 23, 2010 12:44 pm

[?]: Mitsubishi Q-Series USB password crack

Post by Suresoft » Tue Mar 08, 2011 6:47 am

The Q-Series PLc password is a little more difficult to find than the previous serial interfaced units as now you have to trace the usb data packets.
The password is read back to the PC and you can find it.
What happens is the numbers are encapsulated by a 9 before it.
Where to find these nines is easy.
look for a whole lot of fffffff's after and then look just before and you will find the answer.
90 91 93 95 04 07 00 06 ff ff ff ff ff ff ff ff.
here you can see the answer is 0135 for password.
Use any USB data sniffer and search through the up data streams.
It took us a while to figure this out so hopefully your life is made that much easier.
Lada cuzzies.Keep it clean or take pictures.

setmedical
Posts: 54
Joined: Thu Jun 25, 2009 11:29 pm
Location: Turkey

Re: [?]: Mitsubishi Q-Series USB password crack

Post by setmedical » Fri Apr 01, 2011 9:07 pm

There is something I do not understand me. Old Mitsubishi PLCs ACPU series with the COM-LITE32 cracking passwords given as hexadecimal numbers
But this QCPU series PLC's A-a, Z-z ,0 to 9 can be assigned as small or large alphabet. But with the USB sniffing programs such as the example you have posted verify allows only passwords are hexadecimal. The characters other than alphabets and numbers in passwords, this program can not be broken given QCPU...

You've broken with this method is QCPU password?

setmedical
Posts: 54
Joined: Thu Jun 25, 2009 11:29 pm
Location: Turkey

Re: [?]: Mitsubishi Q-Series USB password crack

Post by setmedical » Tue Apr 12, 2011 9:25 am

If you would like to help in this regard!!! Thank you.... (oo)

leaf9345
Posts: 3
Joined: Sun Jun 19, 2011 5:05 pm

Re: [?]: Mitsubishi Q-Series USB password crack

Post by leaf9345 » Sun Jun 19, 2011 6:10 pm

Thanks
any body have interest?

henk
Posts: 34
Joined: Sat Dec 10, 2005 8:21 pm
Location: Europe

Re: [?]: Mitsubishi Q-Series USB password crack

Post by henk » Sun Jun 19, 2011 8:49 pm

Yes, of course.

VINESH KUMAR
Posts: 24
Joined: Wed Aug 05, 2009 5:26 am
Location: Pakistan

Re: [?]: Mitsubishi Q-Series USB password crack

Post by VINESH KUMAR » Wed Oct 10, 2012 5:48 am

We are using q series CPU.I want to upload project but it is password protected.Can anybody help me

henk
Posts: 34
Joined: Sat Dec 10, 2005 8:21 pm
Location: Europe

Re: [?]: Mitsubishi Q-Series USB password crack

Post by henk » Wed Oct 10, 2012 7:41 pm

I did not understand. Is your PLC protect, or is the software protect?
GX IEC Developer or GX Developer?
Library or Function Blocks?

For GX IEC Developer (Library and Function Blocks)I can help you, but not with PLC.

Henk

henk
Posts: 34
Joined: Sat Dec 10, 2005 8:21 pm
Location: Europe

Re: [?]: Mitsubishi Q-Series USB password crack

Post by henk » Thu Oct 11, 2012 9:57 pm

Of course,

I will translate my document into english and post it here next week.

Henk

setmedical
Posts: 54
Joined: Thu Jun 25, 2009 11:29 pm
Location: Turkey

Re: [?]: Mitsubishi Q-Series USB password crack

Post by setmedical » Sun Oct 14, 2012 1:36 pm

Not usb cracking. Use serial port. Port analizer good.

Oldman
Posts: 797
Joined: Tue Aug 21, 2007 7:05 am

Re: [?]: Mitsubishi Q-Series USB password crack

Post by Oldman » Sun Oct 14, 2012 2:22 pm

not all models have RS232

antonio_dr
Posts: 6
Joined: Tue Nov 13, 2012 3:12 pm

Re: [?]: Mitsubishi Q-Series USB password crack

Post by antonio_dr » Tue Nov 13, 2012 3:24 pm

What about password breaking for Q-series Mitsubishi PLC?
I have password protected projects for Q-series Mitsubishi PLC. I need to change something in that projects, but I cann't. All Function Block are blocked and unvisible for me, but POU - read only.
Maybe somebody know how to break the password or bypass it?
For POU security level - 3
For FB - 7

Oldman
Posts: 797
Joined: Tue Aug 21, 2007 7:05 am

Re: [?]: Mitsubishi Q-Series USB password crack

Post by Oldman » Tue Nov 13, 2012 4:02 pm

http://forums.mrplc.com/index.php?showforum=15 тут ещё спроси.а на профильном форуме вам не помогли ? http://www.melsec.ru/forum/index.php?showtopic=4744

antonio_dr
Posts: 6
Joined: Tue Nov 13, 2012 3:12 pm

Re: [?]: Mitsubishi Q-Series USB password crack

Post by antonio_dr » Tue Nov 20, 2012 2:57 pm

К сожалению на профильном форуме ничего узнать не удалось. Пока пытаюсь ковырять сам. Пробовал сравнивать одинаковые проекты (один с паролем, другой без) при помощи TextPad'a. Пока разобраться куда именно пишется пароль не удалось. Но проекты, после введения в один из них пароля, стали отличаться.

Oldman
Posts: 797
Joined: Tue Aug 21, 2007 7:05 am

Re: [?]: Mitsubishi Q-Series USB password crack

Post by Oldman » Tue Nov 20, 2012 3:36 pm

если стоит многоуровневый пароль (разные уровни на FB и сам проект) то открыть проект не получится.впрочем если появятся результаты озвучивайте,поучимся у вас.

Serex
Posts: 1
Joined: Fri Feb 26, 2016 6:18 pm

Re: [?]: Mitsubishi Q-Series USB password crack

Post by Serex » Wed Apr 25, 2018 1:56 pm

Спасибо автору за пост.
Повторил описанную процедуру и разблокировал 1 блок на контроллере.
Последовательность действий такая
1. Открываем окно чтения блоков программы из CPU, выбираем нужный, запароленный блок.
2. Запускаем сниффер
3. Нажимаем "Execute" (выполнить чтение) и видим окно с запросом пароля.
4. Ищем в логе снифера много ff ff ff ff ff ff ff ff. 4 байта перед ними нам не интересны, следующие 4 байта - это пароль. Например: наш пароль 1234, то ищем 91 92 93 94 04 07 00 00 ff ff ff ff ff ff ff ff ff.
5. Вводим пароль, читаем блок, удаляем пароль.


Скриншот сниффера по ссылке
_https://yadi.sk/i/HR_GMf7L3UmP3F

andreyit
Posts: 2
Joined: Wed Dec 26, 2018 5:39 pm

Re: [?]: Mitsubishi Q-Series USB password crack

Post by andreyit » Thu Jan 10, 2019 11:08 am

Кто-то еще смог расшифровать qcpu? А то подключаясь через com к q00cpu, максимум что нашлось это очень похожее, но не то, конечно.
__https://i107.fastpic.ru/big/2019/0110/25/acc020107f6dab7e60184339da75b825.png

Post Reply