Page 1 of 7

[?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Fri Jul 29, 2011 10:36 am
by ppp
========= Others tools ==================
Unlock password for S7 200 and S7 300 MMC http://plcforum.uz.ua/viewtopic.php?t=2005
UnPassword for S7 300 and S7 400 http://plcforum.uz.ua/viewtopic.php?f=1&t=17844
Unlock password for S7 300 and S7 400 by dictionary (tested with PC adapters, CP5512, CP5611)
http://plcforum.uz.ua/viewtopic.php?t=7029
Unlocking protected C-/VB-functions in WinCC http://plcforum.uz.ua/viewtopic.php?f=37&t=4748

===========================

unPassword CPU under star in STEP7-projects
pss7_v1.84a
(mirr) https://disk.yandex.ru/d/5HdukNtzC94nQw
password for unZIP - 1

Only for old password - not for Block Privacy
Только для старого метода паролирования - не для Block Privacy
Earlier in STEP7 CPU passwords hidden under asterisks could see easily enough.
After all, the programmers who wrote the STEP7 used a standard method from the Microsoft Visual Studio:
Раньше в STEP7 пароли процессоров под звездочками можно было посмотреть достаточно легко.
Ведь программисты, написавшие STEP7 использовали стандартный прием от Microsoft Visual Studio:
It was enough to remove the asterisk in the property textBox.PasswordChar and password are displayed.
It could have been done a bunch of programs (asterwin, iws from Isqsoft ...)
Достаточно было убрать звездочку в свойстве textBox.PasswordChar и пароль отображался.
Это можно было сделать кучей программ (asterwin, iws от Isqsoft и др.)

However, starting with version 5.5 of this hole covered. Under the stars have no password.
But now you can see passwords in the STEP7 project using pss7
Однако начиная с версии 5.5 эту дыру прикрыли. Под звездочками уже нет никакого пароля.
Однако теперь можно посмотреть пароли в проекте STEP7 с помощью программы pss7
Requirements:
MS Framework 2.0 or higher.
tested on WinXP and Windows7.
virustotal.com check showed that the virus does not.

Using simple. Select the project folder and if it is the processors have the passwords, they will appear in the right part of the program.
Projects supported by any version of STEP7.
Требования:
MS Framework 2.0 и выше.
проверено на WinXP и Windows7.
проверка на virustotal.com показала, что вирусов нет.

Пользоваться просто. Выбираем папку проекта и если в нем процессоры имеют пароли, то они отобразятся в правой части программы.
Поддерживаются проекты созданные в ЛЮБОЙ версии STEP7.
http://depositfiles.com/files/b32bowb2t
http://rghost.ru/38392812
http://webfile.ru/5980771
http://upfile.su/622
http://us.ua/897539/
http://hit-file.ru/j68vizr0ud0j.html


=================================================
Update


add pass MicroWin
add pass TIA Portal Step7 (S300/S400)
save pass in file (button "floppy")

http://depositfiles.com/files/68f5mv5pp
http://bayfiles.com/file/mMdR/SkJTxC/pss7.exe
http://webfile.ru/6145374
http://upfile.su/3198
http://www.ziddu.com/download/20494857/pss7.exe.html

p.s.
TIA Portal как оказалось хранит ВСЕ пароли, которые вы когда либо вводили.
И их легко можно посмотреть.

Re: [help] Remove Password Project S7-200 ?

Posted: Sat Jul 30, 2011 4:29 am
by Linkinx64
Password: vietdongluc

Re: [?+]: Remove Password Project S7-200 ?

Posted: Mon Aug 01, 2011 1:50 pm
by Linkinx64
asimvirk wrote:Please tell the procedure or tool information
YeuPLC wrote:Please,send for me Tool Remove or you can guide me how to remove password.
I don't have any special tool for it. I use Ollydbg and I can explain how to find a project password only if you know how to work with debugger.

Warning: the procedure disclosure may follow to complete impossibility to find a password in the future versions of Microwin because seimens developers does not sleep and know how to google, register on forum, etc.
Would you like to continue? (read)

Re: [?+]: Remove Password Project S7-200 ?

Posted: Tue Aug 02, 2011 6:00 am
by Linkinx64
Ok, the procedure as follow:
I used Microwin from here:
http://www.filefactory.com/file/c2c2779 ... 0.5.08.iso
No service packs were installed.

1. Attach to microwin.exe with Ollydbg and set breakpoint at address 0x0052334E (Raw offset: 0x0012334E) in module microwin.exe (add esp,14)
2. When you trying to open protected project type any password and click OK. The program will be caught at the specified breakpoint (press SHIFT+F9 if Olly got exception before breakpoint).
3. Open Memory window (Alt+M in Olly). Memory search pattern (ASCII): R04.00
4. Look at 20-30 follow bytes after found pattern and you'll see it ..
Image

For another version of microwin the address (breakpoint) can be different. In this case you can search for all executive200.PRJ_Open* function calls and find needed peace of code.
I hope all clear for you..
Unpassword video s7-200_project_unpass_procedure_with_ollydbg: http://www.youtube.com/watch?v=zzMVl4iK-IU


Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Thu Aug 04, 2011 1:50 pm
by smsasg
The program S7_Unlock was written for passwords up to 8 characters ... In the near future it will be updated.
http://www.2shared.com/file/9Miamk7I/Un ... Image.html

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Fri Aug 05, 2011 4:28 am
by Linkinx64
brave_eagle wrote:Is it possible to upload to another host, wupload can not be visited
[dead]
(offtop) How did you downloaded DigiVis500 crack last time if wupload can not be visited?
smsasg wrote: [dead]
not full unpassword
Что-то прога не договаривает... Password: vietdongluc
[dead]

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Wed Aug 10, 2011 7:50 am
by smsasg
The program S7_Unlock was written for passwords up to 8 characters ... In the near future it will be updated.
Updated Version 5.01 of the "Unlock_and_converter_MMC_Image_S7":
http://www.2shared.com/file/YQ1sgNFX/Un ... Image.html

http://www.2shared.com/file/kwoDiyWb/RT ... _Pass.html

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Sun Nov 20, 2011 4:50 am
by Linkinx64
gombit wrote: http://narod.ru/disk/31733372001/RTU.mwp.html Please help me remove password in POU NET_EXE, or tell me how this programm is work.
In SBR0 (NET_EXE) POU properties > Protection tab type 4G7S in password field and click Authorize button.

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Mon Jan 02, 2012 5:25 am
by Linkinx64
Password: nnnn (for all POUs)

unPassword procedure for Microwin project/pou/etc.

Posted: Fri Jan 13, 2012 4:37 pm
by Linkinx64
elettrodo wrote:hello guys,who can tell me how to open a protected subroutine microwin? Thank you.
sehgal0070 wrote:dears ,

i have a project of s7 200 with some password protected POUs in it.
Pl give a solution to see inside the password protected
POUs/ if anyone could tell me the password so that i can open & see it.

regards to all
etc, etc..
Without uploaded project files...
...this is one of the ways to go:

Image

(thnx)

Which version do you use Ollydbg ?
Ollydbg v1.1 + special conversion and decryption software (developed by myself).
Jaza wrote:I was hoping you could explain to how to use ollydbg to find the password for a POU?

I would appreciate that thank you. with you detailed explanation and video I was able to crack the password of a whole project but unable to use the same instructions to get a password for a POU.
I will record an unpassword POU video in a free time...
However, if you need to unlock POUs urgently - upload your project now.
==========================================
Uvex wrote:project is password protected we should look in ollydbg for the executive200.PRJ_Open* function (set breakpoint and so on), it work, i checked it.But if only one POU is password protected and rest of the project is without any password this method doesn't work, what function do I have to look for? How to find password to POU not for the project?
If you want to look into POU you can use this method to bypass POU password and see code: viewtopic.php?f=1&t=5932&p=10582.
Here some people do this way. No need debugger even.
Do you still need my "know-how"?

======================
Cracked datamanagers for Step 7-Micro/WIN 4.0 SP9 (or "unprotect POU using any password"): http://www.4shared.com/rar/KGyhbMHf/dat ... 0_STE.html

Re: [?]: unPassword locked Microwin 4.0 subroutine

Posted: Sat Jan 14, 2012 12:36 am
by peterg70

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Wed Feb 22, 2012 6:09 am
by Linkinx64
Hello
Evgeniy24rus wrote:Hello, help please with password S7-200 Micro-Win
http://www.2shared.com/file/Hsu-lYMI/PD_8000_1_VA.html
J6W8 for ETH1_CTRL and ETH1_XFR, POUs under the "Wizard" group
3597 for all remaining POUs

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Tue Jun 12, 2012 3:32 pm
by Linkinx64
shara_ks wrote:plz help me how to remove the step7 microwin pou password plz help me unpassword plz help me sir
kn14 (for all POUs)

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Tue Jul 03, 2012 4:20 am
by Linkinx64
vjcaes wrote:can anybody unlock the POU's in the project I link?

https://www.dropbox.com/s/jn8036zh0equn ... 110612.mwp
Password = 5954 (* for all POUs *)

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Mon Jul 16, 2012 4:50 am
by Linkinx64
oldsnake wrote:hello
please help unlock password
http://file2.uploadfile.biz/i/IDENMEIMIIEZXD
thank
Password: 7602 (for all POUs)

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Wed Jul 18, 2012 6:33 am
by Linkinx64
Ilde wrote:Could you tell me the password of this file, pls??

It's really important for me, thank you!!
https://rapidshare.com/files/3530978013 ... 5recup.mwp
Password: 1356 (for all POUs)
lessat wrote: would like to know de password of the POU 6 (Com_descarte), of the S7-200.
Is it possible?

The program is in the link above:

http://www.4shared.com/zip/kGbFQR9I/PackLine03.html?
Com_descarte (SBR6) POU password: 4G7S

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Thu Jul 19, 2012 5:58 pm
by tufail_74
Thanks all for sharing various views.

I wanna get some support too. I have s7-200 plc running with a project. it is password protected. i do not have any backup for this.

How can i upload project from the PLC? I do not wanna erase the plc as no backup with me.

regards

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Fri Jul 20, 2012 5:36 am
by Linkinx64
tufail_74 wrote:I have s7-200 plc running with a project. it is password protected. i do not have any backup for this.
Your issue does not pertain to a project/POU protection.
I think the following topics may be helpful for you:
viewtopic.php?f=31&t=7029
viewtopic.php?f=31&t=2005

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Fri Aug 24, 2012 5:33 am
by Linkinx64
siemeas wrote:Could you tell me the password of this file, pls??
https://rapidshare.com/files/4258171024/ZJ-KTF0901.mwp
POU password: 1314

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Sat Aug 25, 2012 1:15 pm
by Linkinx64
Uvex wrote: unfortunately all the download links are not active. Where could I download this dll files?
I don't have those files too. Add your request to the relevant topic.
Also, I don't uphold .dlls patching if there's a lot of other methods to find or bypass POU password exist.
elektronikmuh wrote:Could you tell me the password of this file, pls??
Mail:muh.elektronik@gmail.com
https://rapidshare.com/files/2292287533/5th%201630-.mwp
code
Show
main: z9Jo
com_init: 1112
com_send: 1112
com_incept: 1112
absolute_value: 1112
inverter_run: z9Jo
JianSuJuLiJiSuan: 1112
HSC_Initialization: z9Jo
IPC_display: z9Jo
work_start_set: z9Jo
IPC_try_PRG: z9Jo
parameter_conversion: z9Jo
IO_and_parameter_mapped: z9Jo
load_table: z9Jo
unload_table: z9Jo
furnace: z9Jo
fur_account: z9Jo
quench_1: z9Jo
reset: z9Jo
blower: z9Jo
glass_length: z9Jo
fur_TT: z9Jo
fur_GSJL: z9Jo
fur_kWF: z9Jo
fur_GSCL: z9Jo
fur_WF: z9Jo
DBCDI: 1112
que1_JS: z9Jo
que1_WF: z9Jo
que1_CS: z9Jo
que1_auto: z9Jo
que1_manual: z9Jo
que_TT: z9Jo
com_incept_int: 1112
com_send_int: 1112

Re: [?+]: unPassword Step7-Micro/Win S7-200 Project

Posted: Tue Aug 28, 2012 3:05 am
by Linkinx64
Password = 24st (* for all POUs *)

Re: [?+]: unPassword locked Microwin 4.0 subroutine

Posted: Sun Sep 23, 2012 9:12 am
by rahul_singh
dears ,

i have a project of s7 200 with some password protected POUs in it.
Plz give a solution to see inside the password protected
POUs/ if anyone could tell me the password so that i can open & see it.

http://www.4shared.com/file/w5FHecce/DROLIA_25_RAP.html

regards to all

Re: [?+]: unPassword locked Microwin 4.0 subroutine

Posted: Mon Sep 24, 2012 5:30 am
by Linkinx64
Could you explain why...
Linkinx64 wrote:Cracked datamanagers for Step 7-Micro/WIN 4.0 SP9 (or "unprotect POU using any password"): http://www.4shared.com/rar/KGyhbMHf/dat ... 0_STE.html
...not a solution?

cracked datamanagers (POU and DB)

Posted: Mon Oct 15, 2012 1:09 pm
by Linkinx64
Added possibility to unprotect data blocks too (using any password):
http://www.4shared.com/rar/S7Jl2n65/dat ... 0_STE.html
S7-MicroWIN version: 4.0.9.25
technitin wrote:I have a PLC project that was password protected and i unlocked it using olly but still some subroutines are still protected. Please help me out how to unpassword them.
If new cracked datamanagers won't help - upload projekt.

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Wed Oct 24, 2012 7:39 am
by vlad2006gr
seee wrote:i need pou password of this project.please help me.

http://www.uploadmb.com/dw.php?id=1350918421

https://www.rapidshare.com/files/371281 ... o_pass.rar

Good luck!

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Wed Oct 24, 2012 12:26 pm
by Linkinx64
seee wrote:thanks a lot for your help.

but please tell me the password.

best regards.
MAIN,SBR_0,SBR_1: 007
INT_0: 9100
are you happy now?

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Fri Oct 26, 2012 8:12 pm
by pipll
Hello.
Help please.
I need POU password on project
https://www.dropbox.com/s/se8f4i35mwy4f79/press110.mwp
Thanks a lot!

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Sun Oct 28, 2012 6:38 pm
by Linkinx64
pipll wrote: i'm tired bruteforce :(
My methods are: unprotect with Ollydbg. Or use patched datamanagers. What kind of bruteforce you are talking about?
/password : 1314

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Sun Oct 28, 2012 7:28 pm
by pipll
Firstly im trying using Ollydbg, but cant find Entry point of function on button "Autorize".
Secondly im write script with AutoIt and run brute all generated passwords.
With password "1314" Program(v4.0.3) sayed "Password is incorrect"
I cant use datamanager200.dll because my ver of step7 is lower (v4.0.3) than patched datamanager(v.4.0.5)
and when i replace datamanager raised Exception like "Cant find Entry point of function..."

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Mon Oct 29, 2012 11:16 am
by Linkinx64
Sorry, my fault. I took a wrong project when move from one PC to another.
Your passwords:
EPC_COMM: EQoO
EPC_REVI: TGxK
EPC_TRAI: VTcK

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Mon Oct 29, 2012 5:15 pm
by pipll
Linkinx64 wrote:Sorry, my fault. I took a wrong project when move from one PC to another.
ThankYou very much!
All passwords are 100% working.

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Fri Nov 02, 2012 7:07 pm
by ppp
i need pou password for this project.please help me

https://rapidshare.com/files/2316356624/AKKA.mwp
POU=9W5K
PASS level2=0960

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Wed Nov 07, 2012 11:33 am
by Linkinx64
Amit_86 wrote: [dead] AMIT.mwp
Password for all POUs: ptpp

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Fri Nov 09, 2012 10:57 am
by Linkinx64
Program blocks:
AVAN_CAT, C_FORMATURA: 9114

Program blocks ("Wizard" group):
PID0_INIT, PID1_INIT, PID2_INIT, PID_EXE: 9W5K
MOD4_CTRL: W9F3

Data blocks ("Wizard" group):
PID0_DATA, PID1_DATA, PID2_DATA: 9W5K
MOD4_DATA: W9F3

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Fri Nov 09, 2012 5:21 pm
by Linkinx64
bullphi wrote:Thanks Linkinx - you're a star!!
Not at all. There's nothing "bright" in the unpassword procedure and everyone who wants can do it.

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Mon Dec 17, 2012 4:25 am
by kamikazewin
Thanks for the post.
I just want to know which Step 7 versions your application applies:
1) Step 7 Ver 5.5
2) TIA V11 Sp2
3) MicroWin V4.9

Regards

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Fri Jan 11, 2013 12:00 pm
by Linkinx64
AUTOSERVER_ESP: 1234
AUTOSERVER_ENV: 1234
AUTOSERVER_RCP: 1234
CTRL_GIRO: 1034
ESC_EANG: 1034
NET_CTRL: 1034

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Mon Jan 21, 2013 8:29 pm
by lancher1
Link_is_Dead :(/PLC.7z

Different name, but always same task and the same psw ?

Thanks

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Fri Feb 01, 2013 5:21 pm
by kythuatso
Dear all

i have a project of s7 200 with some password protected POUs in it.

http://www.4shared.com/file/-SUrVhEk/Binh224_PLC.html

Please help me

Thank a lot every body.

password on pou in s7-200

Posted: Fri Feb 15, 2013 8:40 pm
by amir_zafari_roo
hi
i have a microwin project but i dont know its password on pou(subroutine12)
please help me
my project file is in this page: http://www.4shared.com/file/sZfcXZtk/s2 ... _2006.html
please please help me

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Mon Mar 04, 2013 12:54 pm
by deeparvind
Hi phavantuan6,
I'm not as to access the file , it's saying access denied, can you please reupload it or email me the file at deep_arvind@yahoo.com

I need to Unpassword the file urgently.
Please help!!!

Thanks in advance.

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Sun Mar 10, 2013 9:16 am
by Linkinx64
deeparvind wrote:Can someone please help me in getting the password of the file
http://www.4shared.com/file/ouTbfZ4-/Fuji_1.html
ЦчіМРт (OB1): A123
PID0_INIT (SBR10): 9W5K
PWM0_RUN (SBR11): B2H4
PID_EXE (INT0): 9W5K

Re: password on pou in s7-200

Posted: Sun Mar 10, 2013 4:43 pm
by Linkinx64
J6W8

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Mon Apr 15, 2013 8:45 pm
by myrobokits
hii dear

re posting the link

Link_is_Dead :(/ ... harpur.mwp

http://www.4shared.com/file/Im9v9-J6/i7 ... arpur.html


If still you can't download it please send me your mail id ,i will mail to you.

thanks a lot, my mail is myrobokits@gmail.com

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Tue Apr 16, 2013 6:56 am
by vlad2006gr
To myrobokits
can not download
To download this file option "load" is not enabled.. The "load" may include only the user to download this file.
Load the alternative sites (4shared, letitbit, mediafire) or enable this option.
Good luck!

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Wed Apr 17, 2013 6:29 am
by vlad2006gr
SBR_14 1460
SBR_12 1211
MOD5_CTRL W9F3
MOD5_DATA W9F3
Good luck!

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Thu Apr 18, 2013 7:14 pm
by myrobokits
(tyou) Thanksssss You are awesome...

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Wed Apr 24, 2013 12:41 pm
by vlad2006gr
To israeldca
hello can you help me with this file is all locked UOP and I dont have the password...
http://www.4shared.com/file/-SfvH9zK/bloquera.html
For (PRINCIPAL)OB1, SBR_0 and TP_177_Micro Pass: 5600

For USS3, USS_INIT, USS1, USS2, USS_CTRL, USS4, USS6, USS_RPM_W, USS5,
USS_WPM_W, USS_WPM_R, USS_RPM_R, USS_RPM_D, USS_WPM_D, USS7,
USS8, USS9
Pass: 2BW9

For Escala_Analogica Pass: vmcf

For TD_CTRL_408 and TD_ALM_408 Pass: J6R6

For RCP0_READ and RCP0_WRITE Pass: G0K1
Good luck!

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Fri Apr 26, 2013 7:57 pm
by israeldca
(clap) (clap) (clap) (clap) (pgood) (suc) (tyou) (tyou) (thnx) (tyou)

I have problems with this program and unblock it but when I do the correction in the program works fine the problem is when I turn turn off and lose all changes and no longer know what to do : ( plissss help meee plsss


http://www.4shared.com/file/ffaMFp7a/bl ... 62013.html ------modified
http://www.4shared.com/file/-SfvH9zK/bloquera.html --------original

Re: [?+]: unPassword Step7/Micro/Win S7-200/S7-300 Project

Posted: Sat Apr 27, 2013 4:21 pm
by vlad2006gr
To guissous
Password OB1 zc35
Password library is 0123
Good luck!