Только для старого метода паролирования - не для Block Privacy
Earlier in STEP7 CPU passwords hidden under asterisks could see easily enough.
After all, the programmers who wrote the STEP7 used a standard method from the Microsoft Visual Studio:
Раньше в STEP7 пароли процессоров под звездочками можно было посмотреть достаточно легко.
Ведь программисты, написавшие STEP7 использовали стандартный прием от Microsoft Visual Studio:
It was enough to remove the asterisk in the property textBox.PasswordChar and password are displayed.
It could have been done a bunch of programs (asterwin, iws from Isqsoft ...)
Достаточно было убрать звездочку в свойстве textBox.PasswordChar и пароль отображался.
Это можно было сделать кучей программ (asterwin, iws от Isqsoft и др.)
However, starting with version 5.5 of this hole covered. Under the stars have no password.
But now you can see passwords in the STEP7 project using pss7
Однако начиная с версии 5.5 эту дыру прикрыли. Под звездочками уже нет никакого пароля.
Однако теперь можно посмотреть пароли в проекте STEP7 с помощью программы pss7
Requirements:
MS Framework 2.0 or higher.
tested on WinXP and Windows7.
virustotal.com check showed that the virus does not.
Using simple. Select the project folder and if it is the processors have the passwords, they will appear in the right part of the program.
Projects supported by any version of STEP7.
Требования:
MS Framework 2.0 и выше.
проверено на WinXP и Windows7.
проверка на virustotal.com показала, что вирусов нет.
Пользоваться просто. Выбираем папку проекта и если в нем процессоры имеют пароли, то они отобразятся в правой части программы.
Поддерживаются проекты созданные в ЛЮБОЙ версии STEP7.
asimvirk wrote:Please tell the procedure or tool information
YeuPLC wrote:Please,send for me Tool Remove or you can guide me how to remove password.
I don't have any special tool for it. I use Ollydbg and I can explain how to find a project password only if you know how to work with debugger.
Warning: the procedure disclosure may follow to complete impossibility to find a password in the future versions of Microwin because seimens developers does not sleep and know how to google, register on forum, etc.
Would you like to continue?
1. Attach to microwin.exe with Ollydbg and set breakpoint at address 0x0052334E (Raw offset: 0x0012334E) in module microwin.exe (add esp,14)
2. When you trying to open protected project type any password and click OK. The program will be caught at the specified breakpoint (press SHIFT+F9 if Olly got exception before breakpoint).
3. Open Memory window (Alt+M in Olly). Memory search pattern (ASCII): R04.00
4. Look at 20-30 follow bytes after found pattern and you'll see it ..
For another version of microwin the address (breakpoint) can be different. In this case you can search for all executive200.PRJ_Open* function calls and find needed peace of code.
I hope all clear for you..
Unpassword video s7-200_project_unpass_procedure_with_ollydbg: http://www.youtube.com/watch?v=zzMVl4iK-IU
unPassword procedure for Microwin project/pou/etc.
Posted: Fri Jan 13, 2012 4:37 pm
by Linkinx64
elettrodo wrote:hello guys,who can tell me how to open a protected subroutine microwin? Thank you.
sehgal0070 wrote:dears ,
i have a project of s7 200 with some password protected POUs in it.
Pl give a solution to see inside the password protected
POUs/ if anyone could tell me the password so that i can open & see it.
regards to all
etc, etc..
Without uploaded project files...
...this is one of the ways to go:
Which version do you use Ollydbg ?
Ollydbg v1.1 + special conversion and decryption software (developed by myself).
Jaza wrote:I was hoping you could explain to how to use ollydbg to find the password for a POU?
I would appreciate that thank you. with you detailed explanation and video I was able to crack the password of a whole project but unable to use the same instructions to get a password for a POU.
I will record an unpassword POU video in a free time...
However, if you need to unlock POUs urgently - upload your project now.
==========================================
Uvex wrote:project is password protected we should look in ollydbg for the executive200.PRJ_Open* function (set breakpoint and so on), it work, i checked it.But if only one POU is password protected and rest of the project is without any password this method doesn't work, what function do I have to look for? How to find password to POU not for the project?
If you want to look into POU you can use this method to bypass POU password and see code: viewtopic.php?f=1&t=5932&p=10582.
Here some people do this way. No need debugger even.
Do you still need my "know-how"?
Uvex wrote: unfortunately all the download links are not active. Where could I download this dll files?
I don't have those files too. Add your request to the relevant topic.
Also, I don't uphold .dlls patching if there's a lot of other methods to find or bypass POU password exist.
i have a project of s7 200 with some password protected POUs in it.
Plz give a solution to see inside the password protected
POUs/ if anyone could tell me the password so that i can open & see it.
technitin wrote:I have a PLC project that was password protected and i unlocked it using olly but still some subroutines are still protected. Please help me out how to unpassword them.
If new cracked datamanagers won't help - upload projekt.
Firstly im trying using Ollydbg, but cant find Entry point of function on button "Autorize".
Secondly im write script with AutoIt and run brute all generated passwords.
With password "1314" Program(v4.0.3) sayed "Password is incorrect"
I cant use datamanager200.dll because my ver of step7 is lower (v4.0.3) than patched datamanager(v.4.0.5)
and when i replace datamanager raised Exception like "Cant find Entry point of function..."
I have problems with this program and unblock it but when I do the correction in the program works fine the problem is when I turn turn off and lose all changes and no longer know what to do : ( plissss help meee plsss