国产汇川H2U解密介绍
发布时间:2013-07-06 22:41|来源:万胜PLC解密网|点击:
万胜解密网最新研究出国产汇川H2U的PLC解密,刚开始听到汇川这个品牌不是很熟,在百度搜索,才知是国产PLC,具说是仿三菱FX系列,看到PLC感觉质量还行,做工精致,业内人士说三菱的编程软件和汇川的通用,接好线测试通讯正常,当上载程序时弹出口令框,显示程序加密,运用FX的解密软件,读出PLC型号是FX2N,但读不到密码,加密位变了,业内人士都说国产PLC很难解密,我们决定攻克这一难题,先到汇川的官网找了编程软件,软件装上后觉的和三菱差不多,汇川公司还专门做了个加密补丁,用来保护自己产品的知识产权,先看看PLC的加密软件,
看上图加密的功能很多,想破解看来很难哦,汇川官网说PLC是底成加密,官网上没有PLC协仪说明,只有靠自几来一个个理解了,说到这里不要光说不练,先找个串口调试软件,看下面的数据
05 .
Answer: 2013-7-6 21:44:27.84864 (+0.1094 seconds)
06 .
Request: 2013-7-6 21:44:27.84864 (+0.0000 seconds)
05 .
Answer: 2013-7-6 21:44:27.86464 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:27.86464 (+0.0000 seconds)
02 30 30 45 30 32 30 32 03 36 43 .00E0202.6C
Answer: 2013-7-6 21:44:27.91164 (+0.0469 seconds)
02 34 33 35 45 03 45 34 .435E.E4
Port closed
Port opened by process "AutoShop.exe" (PID: 2636)
Request: 2013-7-6 21:44:32.47664 (+5.0625 seconds)
05 .
Answer: 2013-7-6 21:44:33.58664 (+0.1094 seconds)
06 .
Request: 2013-7-6 21:44:33.58664 (+0.0000 seconds)
05 .
Answer: 2013-7-6 21:44:33.60164 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:33.60164 (+0.0000 seconds)
02 30 30 45 30 32 30 32 03 36 43 .00E0202.6C
Answer: 2013-7-6 21:44:33.64864 (+0.0469 seconds)
02 34 33 35 45 03 45 34 .435E.E4
Request: 2013-7-6 21:44:33.66464 (+0.0156 seconds)
05 .
Answer: 2013-7-6 21:44:33.69564 (+0.0313 seconds)
06 .
Request: 2013-7-6 21:44:33.69564 (+0.0000 seconds)
02 44 45 43 38 30 30 30 30 38 00 00 00 00 00 00 .DEC800008......
00 00 03 46 46 ...FF
Answer: 2013-7-6 21:44:33.74264 (+0.0313 seconds)
25 %
Request: 2013-7-6 21:44:35.44564 (+2.7031 seconds)
05 .
Answer: 2013-7-6 21:44:35.46164 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:35.46164 (+0.0000 seconds)
02 44 45 43 38 30 30 30 30 38 78 78 78 78 78 78 .DEC800008xxxxxx
78 78 03 42 46 xx.BF
Answer: 2013-7-6 21:44:35.50864 (+0.0313 seconds)
25 %
Request: 2013-7-6 21:44:37.55564 (+2.0469 seconds)
05 .
Answer: 2013-7-6 21:44:37.57064 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:37.57064 (+0.0000 seconds)
02 30 30 45 30 32 30 32 03 36 43 .00E0202.6C
Answer: 2013-7-6 21:44:38.61764 (+0.0469 seconds)
02 34 33 35 45 03 45 34 .435E.E4
Request: 2013-7-6 21:44:38.61764 (+0.0000 seconds)
05 .
Answer: 2013-7-6 21:44:38.63364 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:38.63364 (+0.0000 seconds)
02 44 45 43 38 30 30 30 30 38 00 00 00 00 00 00 .DEC800008......
00 00 03 46 46 ...FF
Answer: 2013-7-6 21:44:38.68064 (+0.0313 seconds)
25 %
Request: 2013-7-6 21:44:41.66464 (+2.9844 seconds)
05 .
Answer: 2013-7-6 21:44:41.68064 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:41.68064 (+0.0000 seconds)
02 44 45 43 38 30 30 30 30 38 63 63 63 63 63 63 .DEC800008cccccc
63 63 03 31 37 cc.17
Answer: 2013-7-6 21:44:41.71164 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:41.82064 (+0.1094 seconds)
05 .
Answer: 2013-7-6 21:44:41.83664 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:41.83664 (+0.0000 seconds)
02 45 30 31 38 30 30 30 34 30 03 44 35 .E01800040.D5
Answer: 2013-7-6 21:44:41.94564 (+0.1094 seconds)
02 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 .100000000000000
30 32 30 32 30 32 30 32 30 32 30 32 30 32 30 32 0202020202020202
30 32 30 32 30 32 30 32 30 32 30 32 30 32 30 32 0202020202020202
30 32 30 32 30 32 30 32 30 32 30 32 30 32 30 32 0202020202020202
30 32 30 32 30 32 30 32 30 32 30 32 30 32 30 32 0202020202020202
30 32 30 32 30 32 30 32 30 30 30 32 30 32 30 32 0202020200020202
30 46 34 30 39 46 46 30 42 46 34 30 31 45 37 30 0F409FF0BF401E70
33 36 34 30 45 43 37 30 45 44 43 30 45 46 46 30 3640EC70EDC0EFF0
45 03 42 38 E.B8
Request: 2013-7-6 21:44:41.94564 (+0.0000 seconds)
02 45 30 31 38 30 34 30 31 43 03 45 39 .E0180401C.E9
Answer: 2013-7-6 21:44:41.02364 (+0.0781 seconds)
02 39 30 30 31 46 45 30 33 30 30 30 30 30 30 30 .9001FE030000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 03 42 42 000000000.BB
Request: 2013-7-6 21:44:41.02364 (+0.0000 seconds)
05 .
Answer: 2013-7-6 21:44:41.03964 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:41.03964 (+0.0000 seconds)
02 45 31 30 31 34 30 30 32 41 31 32 38 31 30 31 .E1014002A128101
30 30 38 43 30 45 44 43 30 45 44 45 30 45 45 34 008C0EDC0EDE0EE4
30 45 45 36 30 45 45 38 30 45 45 45 30 45 46 30 0EE60EE80EEE0EF0
30 45 46 32 30 45 46 38 30 45 46 41 30 45 46 43 0EF20EF80EFA0EFC
30 45 30 32 30 46 36 30 30 46 36 32 30 46 36 34 0E020F600F620F64
30 46 36 36 30 46 36 38 30 46 41 32 30 45 03 30 0F660F680FA20E.0
43 C
Answer: 2013-7-6 21:44:41.14864 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:41.14864 (+0.0000 seconds)
05 .
Answer: 2013-7-6 21:44:41.16464 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:41.16464 (+0.0000 seconds)
02 45 30 30 31 37 39 30 32 35 03 45 30 .E00179025.E0
Answer: 2013-7-6 21:44:41.25864 (+0.0938 seconds)
02 46 34 30 31 46 46 46 46 46 46 46 46 46 46 46 .F401FFFFFFFFFFF
46 46 46 46 46 46 46 46 46 46 46 46 46 38 45 30 FFFFFFFFFFFFF8E0
43 30 30 30 30 46 46 46 46 46 46 46 46 46 46 46 C0000FFFFFFFFFFF
46 30 30 30 30 46 46 46 46 30 37 30 30 46 46 46 F0000FFFF0700FFF
46 30 33 30 30 30 35 30 30 30 30 03 30 35 F0300050000.05
Request: 2013-7-6 21:44:41.25864 (+0.0000 seconds)
05 .
Answer: 2013-7-6 21:44:41.27364 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:41.27364 (+0.0000 seconds)
02 45 31 30 31 34 30 30 31 43 30 43 38 31 30 30 .E1014001C0C8100
30 30 30 38 33 30 30 41 33 30 31 30 33 30 31 32 0008300A30103012
33 30 31 34 33 30 31 41 33 30 31 43 33 30 31 45 3014301A301C301E
33 30 32 34 33 30 32 36 33 30 32 38 33 30 32 45 302430263028302E
33 30 03 32 46 30.2F
Answer: 2013-7-6 21:44:41.36764 (+0.0313 seconds)
06 .
Request: 2013-7-6 21:44:41.36764 (+0.0000 seconds)
05 .
Answer: 2013-7-6 21:44:41.38364 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:41.38364 (+0.0000 seconds)
02 45 30 30 31 37 39 30 31 39 03 45 33 .E00179019.E3
Answer: 2013-7-6 21:44:41.46164 (+0.0781 seconds)
02 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 .000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 0000000000000000
30 30 30 03 36 33 000.63
Request: 2013-7-6 21:44:41.46164 (+0.0000 seconds)
05 .
Answer: 2013-7-6 21:44:41.49264 (+0.0313 seconds)
06 .
Request: 2013-7-6 21:44:41.49264 (+0.0000 seconds)
02 45 34 31 38 30 35 43 30 46 30 30 03 36 33 .E41805C0F00.63
Answer: 2013-7-6 21:44:41.55564 (+0.0625 seconds)
02 31 42 31 42 34 03 31 44 .1B1B4.1D
Request: 2013-7-6 21:44:41.55564 (+0.0000 seconds)
05 .
Answer: 2013-7-6 21:44:41.57064 (+0.0156 seconds)
06 .
Request: 2013-7-6 21:44:41.57064 (+0.0000 seconds)
02 45 30 31 38 30 35 43 34 30 03 45 44 .E01805C40.ED
Answer: 2013-7-6 21:44:42.68064 (+0.1094 seconds)
02 30 30 32 46 30 33 30 30 32 31 38 46 30 30 32 .002F0300218F002
46 30 32 30 30 31 41 38 46 44 30 30 31 39 34 38 F02001A8FD001948
36 30 31 38 36 39 30 38 36 30 31 38 36 32 38 30 6018690860186280
30 30 42 38 30 30 30 38 30 39 32 38 36 30 31 38 00B8000809286018
36 44 30 30 31 39 32 38 36 30 31 38 36 30 42 38 6D001928601860B8
30 30 30 38 30 32 38 31 30 30 30 38 30 30 30 38 0008028100080008
30 39 32 38 36 30 31 38 36 30 30 32 46 32 38 30 092860186002F280
30 39 38 38 36 30 33 38 36 31 32 38 36 30 30 38 0988603861286008
36 03 35 35 7F 6.55
通过上面的数据,我先输入8个X,PLC返回25,表示密码不对,当我输入8位C,PLC返回06,表示通过,上载程序时也和三菱的一样,先PLC参数区 程序 内存区一个个上载完,由于时间关系今天就说到这里,欢迎网友多交流,打破国产PLC不能解密的神话。
- 上一篇:静电产生原因 材料绝缘性好更容易产生静电
- 下一篇:没有了