[?]: fatek plc password unlock

ibrahim1757 · Post by **ibrahim1757** » Tue Apr 13, 2010 5:54 am

hello

FATEK me the needed unlock plc

brave_eagle · Post by **brave_eagle** » Thu Apr 15, 2010 12:23 am

use the serial port monitor software check read the data flow ,you can find the software

vnnghia_bk · Post by **vnnghia_bk** » Thu Jul 25, 2013 7:03 am

hi brave_eagle
I try to compare the encoded data between 2 project with password and no password ( I set the password) but can not find where is the password.I used 010 editor to see the hex code.Please hint me how to see the password.
Thanks.

vlad2006gr · Post by **vlad2006gr** » Sun Jul 28, 2013 1:12 pm

Hi vnnghia_bk
You compared the program or log WinProladder exchange with PLC Fatek?
We need logs captured the program LGComSpy + + or COM Port Toolkitwhen the correct and incorrect password in the password-protected for WinProladder controller Fatek. Passwords must be different, for example-1234, 12345678, 4321, AWER12. I'll try to brute-force password cracker.
Rus:

Нужны логи снятые программой LGComSpy++ или COM Port Toolkit
при вводе правильного и неправильного пароля в программе WinProladder для запароленного контроллера Fatek. Пароли должны быть разные, например- 1234, 12345678, 4321, AWER12. Попробую сделать brute-force переборщик паролей.

Good luck!

vnnghia_bk · Post by **vnnghia_bk** » Thu Aug 01, 2013 6:43 am

Hi vlad2006gr,
Thanks for your reply but I dont have plc to try.I also have the same I idea is to use the free port monitor to see the data log to find the password I set by myself but I was wondering how you can clear the password without the data flow.It seem that you know what register contains the password and you put all is 0.Is it correct?

vlad2006gr · Post by **vlad2006gr** » Fri Aug 02, 2013 1:56 pm

Here is the log exchange with password-protected controller:
Request: 02 30 31 30 30 43 33 03
Here transcript exchange.
02 -Start of Text
30 31 -Slave station No.
30 30 -Command No.
43 33 -Checksum
03 -End code

answer: 02 30 31 30 30 30 30 30 36 31 30 30 30 37 30 30 30 30 35 30 30 30 30 30 30 30 34 36 35 30 38 31 30 33 30 30 30 30 34 33 31 34 31 34 36 34 46 30 30 30 32 35 37 34 43 41 38 30 30 30 31 42 34 44 38 36 45 03

02 -Start of Text
30 31 -Slave station No.
30 30 -Command No.
30 30 30 36 31 30 30 30 37 30 30 30 30 35 30 30 30 30 30 30 30 34 36 35 30 38 31 30 33 30 30 30 30 34 33 31 34 31 34 36 34 46 30 30 30 32 35 37 34 43 41 38 30 30 30 31 42 34 44 38 -data
36 45 -Checksum
03 -End code

HERE enters the password 12345678
Request: 02 30 31 32 35 34 42 32 37 3A 31 32 33 34 35 36 37 38 37 87 03
02 -Start of Text
30 31 -Slave station No
32 35 -Command No.
34 42 32 37 3A 31 32 33 34 35 36 37 38 -data 4С27:12345678
37 87 -Checksum
03 -End code

answer: 02 30 31 32 35 36 30 33 30 03
02 -Start of Text
30 31 -Slave station No
32 35 -Command No
36 30 -Data (6=ERROR , PLC id not equal to the id of the program.)
33 30 -Checksum
03 -End code

That is, the password compares PLC.

vlad2006gr · Post by **vlad2006gr** » Tue Aug 13, 2013 6:28 am

There is an open source project for Fatek controllers.Thank you Mahdi Mansouri.
http://www.codeproject.com/Articles/227 ... col-Serial
Protocol-based Fatek PLC Writing programs diagnosis and read-write input-output.
The compiled program:
https://www.rapidshare.com/files/1878780978/Fatek.rar
Who can try it and have any comments?
And who can get the communication log when connecting to the controller without the password?

vnnghia_bk · Post by **vnnghia_bk** » Thu Aug 15, 2013 3:28 am

Hi vlad2006gr,

How can I realize the password from these data flow?I try to see to find but

Thanks

vlad2006gr · Post by **vlad2006gr** » Thu Aug 15, 2013 1:49 pm

There is not any password between the controller and the program WinProladder.The latter one sends a password to the former one. Afterthat the controller either confirms it or sends back an error message. I may try to write a program to get a password. However, I need exchange logs between the controller (with the known password) and the program WinProllader in the following sequence: at first two attemps of a false password and then the right password.

vnnghia_bk · Post by **vnnghia_bk** » Mon Aug 19, 2013 11:02 am

Dear vlad2006gr,

I am not so fully understand your idea.Could you please explain more detail.
If we try with the in-correct password, we will receive the fault code return.If we try with another incorrect password, it also send back the fault code.From there, how can we realize the password?

kirolos nabil · Post by **kirolos nabil** » Thu Nov 13, 2014 10:30 am

hi i have aproblem in logging fatek plc as i dont know the password but i used the free serial port and by using the console view i get along code but i still dont know how could i extract the correct password from it and this is the code:

0102041C0070094012A0145A0010000041C007000160000000453040830000431404F00082346DC00013BE578

makubex14 · Post by **makubex14** » Fri Jul 23, 2021 2:08 am

Hi Vlad,

I had a password protected PLC and i want to download the program from it. But it asks for a password before i can successfully connect. You mentioned brute force. How do i do it to crack the password?
Hoping for your reply.

Thanks,
Jayson

pszcz · Post by **pszcz** » Wed Dec 06, 2023 7:30 am

Hi

I have PLC fatek FBs-40MCR and there is a password and I can't upload PLC code.

I installed LGCoMspy ++ and I captured what is sent between PC nad PLC when I try to upload code.
Data look like:

https://photos.google.com/photo/AF1QipM ... G6eFPYiasw

Can I find pass for this PLC some how?

PLCforum.uz.ua

[?]: fatek plc password unlock

[?]: fatek plc password unlock

Re: [?]: fatek plc password unlock

Re: [?]: fatek plc password unlock

Re: [?]: fatek plc password unlock

Re: [?]: fatek plc password unlock

Re: [?]: fatek plc password unlock

Re: [?]: fatek plc password unlock

Re: [?]: fatek plc password unlock

Re: [?]: fatek plc password unlock

Re: [?]: fatek plc password unlock

Re: [?]: fatek plc password unlock

Re: [?]: fatek plc password unlock

Re: [?]: fatek plc password unlock