New utility to help inspecting unknown PLCs?

[Christofer Dutz <ch...@c-ware.de>]

Hi all,

In a phone call with a potential customer we noticed that one of the strengths of plc4x is the ability to connect to brown field machinery.

However this usually the the problem of not having the project files or the tools to program them at hand.

Now the idea is, that it would be great to have a tool that uses plc4x to retrieve data from a plc with only the connection string. It could start guessing blocks and try detecting it's size by putting until it gets an error.

As soon as that's done, it could read entire blocks and compare them with previous versions and output diffs in order to help interpreting the operation.

What do you think?

Chris

Outlook für Android<https://aka.ms/ghei36> herunterladen

Re: New utility to help inspecting unknown PLCs?

[Christofer Dutz <ch...@c-ware.de>]

Hi Lukasz,

well we did plan on providing listing of resources of a connected PLC. So the API would support connecting to a PLC and asking it what it has to provide.
Unfortunately only a hand full of protocols support such an approach. For example I think the Beckhoff ADS supports this and if we implemented the S7-TIA protocol so would this, but for the S7-STEP7 which we have, there is no information over the structure of the PLC program available from the protocol level.

So this tooling I was thinking about would would start experimenting in a brute-force manner and start loading all memory blocks to find out which ones are there and then to probe each blocks size and then to completely dump that content as huge byte arrays and to offer doing diffs between two dumps to find out which bytes changed.

We could perhaps use the S7-STEP7 protocol to download the source for a given block and to decode that … but this would be quite an effort as I bet Siemens changed this format with every of the currently 15 TIA/Step7 Versions ;-)

Chris





Von: <lu...@code-house.org>
Antworten an: <de...@plc4x.apache.org>
Datum: Dienstag, 16. April 2019 um 13:49
An: <de...@plc4x.apache.org>
Betreff: Re: New utility to help inspecting unknown PLCs?

Eclipse Smarthome called this a "discovery mechanism” and it worked quite fine. A while ago as part of my own experiments I implemented discovery of bacnet properties/objects using bacnet4j and its quite a fan. You plug network cable, send broadcast, get devices and query them for description.
I guess that not all PLCs have such rich “integration” possibilities, but it would be great to at least be able to get data knowing device identifier or address.

I love the idea as its speeds up adoption of solutions. I found for example that Beckhoff allows to read symbol table from PLC using their C APIs but found no examples in PLC4X to do same.

Cheers,
Łukasz
—
Code-House
http://code-house.org



On 15 Apr 2019, at 20:19, Christofer Dutz <ch...@c-ware.de>> wrote:

Just a few minutes ago in my sports course I had an idea regarding the ping ... We actually don't have to ask for an existing address, do we? We just ask for something and if we get an ok thats just as good as a "I have no idea what you're talking about" ... Don't you agree?

Chris

Outlook für Android<https://aka.ms/ghei36> herunterladen

________________________________
From: Julian Feinauer <j....@pragmaticminds.de>>
Sent: Monday, April 15, 2019 7:57:39 PM
To: dev@plc4x.apache.org<ma...@plc4x.apache.org>
Subject: AW: New utility to help inspecting unknown PLCs?

Hi Chris,

I like the idea and in fact Mathias and I already discussed a similar idea.
We have the idea to find a given value (e. G. From the hmi) and identify possible positions in the data blocks.
I even had the idea to guess the most probable encoding for the blocks based on several measurements.

Let's dig deeper into this!

Julian

Von meinem Mobiltelefon gesendet


-------- Ursprüngliche Nachricht --------
Betreff: New utility to help inspecting unknown PLCs?
Von: Christofer Dutz
An: dev@plc4x.apache.org<ma...@plc4x.apache.org>
Cc:

Hi all,

In a phone call with a potential customer we noticed that one of the strengths of plc4x is the ability to connect to brown field machinery.

However this usually the the problem of not having the project files or the tools to program them at hand.

Now the idea is, that it would be great to have a tool that uses plc4x to retrieve data from a plc with only the connection string. It could start guessing blocks and try detecting it's size by putting until it gets an error.

As soon as that's done, it could read entire blocks and compare them with previous versions and output diffs in order to help interpreting the operation.

What do you think?

Chris

Outlook für Android<https://aka.ms/ghei36> herunterladen

Re: New utility to help inspecting unknown PLCs?

[lu...@code-house.org]

Eclipse Smarthome called this a "discovery mechanism” and it worked quite fine. A while ago as part of my own experiments I implemented discovery of bacnet properties/objects using bacnet4j and its quite a fan. You plug network cable, send broadcast, get devices and query them for description.
I guess that not all PLCs have such rich “integration” possibilities, but it would be great to at least be able to get data knowing device identifier or address.

I love the idea as its speeds up adoption of solutions. I found for example that Beckhoff allows to read symbol table from PLC using their C APIs but found no examples in PLC4X to do same.

Cheers,
Łukasz
—
Code-House
http://code-house.org <http://code-house.org/>

> On 15 Apr 2019, at 20:19, Christofer Dutz <ch...@c-ware.de> wrote:
> 
> Just a few minutes ago in my sports course I had an idea regarding the ping ... We actually don't have to ask for an existing address, do we? We just ask for something and if we get an ok thats just as good as a "I have no idea what you're talking about" ... Don't you agree?
> 
> Chris
> 
> Outlook für Android<https://aka.ms/ghei36> herunterladen
> 
> ________________________________
> From: Julian Feinauer <j....@pragmaticminds.de>
> Sent: Monday, April 15, 2019 7:57:39 PM
> To: dev@plc4x.apache.org
> Subject: AW: New utility to help inspecting unknown PLCs?
> 
> Hi Chris,
> 
> I like the idea and in fact Mathias and I already discussed a similar idea.
> We have the idea to find a given value (e. G. From the hmi) and identify possible positions in the data blocks.
> I even had the idea to guess the most probable encoding for the blocks based on several measurements.
> 
> Let's dig deeper into this!
> 
> Julian
> 
> Von meinem Mobiltelefon gesendet
> 
> 
> -------- Ursprüngliche Nachricht --------
> Betreff: New utility to help inspecting unknown PLCs?
> Von: Christofer Dutz
> An: dev@plc4x.apache.org
> Cc:
> 
> Hi all,
> 
> In a phone call with a potential customer we noticed that one of the strengths of plc4x is the ability to connect to brown field machinery.
> 
> However this usually the the problem of not having the project files or the tools to program them at hand.
> 
> Now the idea is, that it would be great to have a tool that uses plc4x to retrieve data from a plc with only the connection string. It could start guessing blocks and try detecting it's size by putting until it gets an error.
> 
> As soon as that's done, it could read entire blocks and compare them with previous versions and output diffs in order to help interpreting the operation.
> 
> What do you think?
> 
> Chris
> 
> Outlook für Android<https://aka.ms/ghei36> herunterladen
> 

Re: New utility to help inspecting unknown PLCs?

[Christofer Dutz <ch...@c-ware.de>]

Just a few minutes ago in my sports course I had an idea regarding the ping ... We actually don't have to ask for an existing address, do we? We just ask for something and if we get an ok thats just as good as a "I have no idea what you're talking about" ... Don't you agree?

Chris

Outlook für Android<https://aka.ms/ghei36> herunterladen

________________________________
From: Julian Feinauer <j....@pragmaticminds.de>
Sent: Monday, April 15, 2019 7:57:39 PM
To: dev@plc4x.apache.org
Subject: AW: New utility to help inspecting unknown PLCs?

Hi Chris,

I like the idea and in fact Mathias and I already discussed a similar idea.
We have the idea to find a given value (e. G. From the hmi) and identify possible positions in the data blocks.
I even had the idea to guess the most probable encoding for the blocks based on several measurements.

Let's dig deeper into this!

Julian

Von meinem Mobiltelefon gesendet


-------- Ursprüngliche Nachricht --------
Betreff: New utility to help inspecting unknown PLCs?
Von: Christofer Dutz
An: dev@plc4x.apache.org
Cc:

Hi all,

In a phone call with a potential customer we noticed that one of the strengths of plc4x is the ability to connect to brown field machinery.

However this usually the the problem of not having the project files or the tools to program them at hand.

Now the idea is, that it would be great to have a tool that uses plc4x to retrieve data from a plc with only the connection string. It could start guessing blocks and try detecting it's size by putting until it gets an error.

As soon as that's done, it could read entire blocks and compare them with previous versions and output diffs in order to help interpreting the operation.

What do you think?

Chris

Outlook für Android<https://aka.ms/ghei36> herunterladen

AW: New utility to help inspecting unknown PLCs?

[Julian Feinauer <j....@pragmaticminds.de>]

Hi Chris,

I like the idea and in fact Mathias and I already discussed a similar idea.
We have the idea to find a given value (e. G. From the hmi) and identify possible positions in the data blocks.
I even had the idea to guess the most probable encoding for the blocks based on several measurements.

Let's dig deeper into this!

Julian

Von meinem Mobiltelefon gesendet


-------- Ursprüngliche Nachricht --------
Betreff: New utility to help inspecting unknown PLCs?
Von: Christofer Dutz
An: dev@plc4x.apache.org
Cc:

Hi all,

In a phone call with a potential customer we noticed that one of the strengths of plc4x is the ability to connect to brown field machinery.

However this usually the the problem of not having the project files or the tools to program them at hand.

Now the idea is, that it would be great to have a tool that uses plc4x to retrieve data from a plc with only the connection string. It could start guessing blocks and try detecting it's size by putting until it gets an error.

As soon as that's done, it could read entire blocks and compare them with previous versions and output diffs in order to help interpreting the operation.

What do you think?

Chris

Outlook für Android<https://aka.ms/ghei36> herunterladen