[?+]: A Step7 block can't see the content ?!

SIMATIC S7-200/300/400, Step7, PCS7, CFC, SFC, PDM, PLCSIM,
SCL, Graph, SPS-VISU S5/S7, IBHsoftec, LOGO ...
Forum rules
hanyutian
Posts: 5
Joined: Wed Mar 07, 2007 5:53 am
Location: China

[?+]: A Step7 block can't see the content ?!

Post by hanyutian »

Hello everyone. I got a step7 bolck, it can work in the PLC, and you can see " size in work memory" is bigger than empty block, but when you open the block, the content is empty!
there is not any program in it.
it is programmed by STL language.
Are there anybody konw how to see the logic in the block, or how to crack it?
Thanks in advance!


Block screen shot is below,
http://i064.radikal.ru/1401/47/4bbc9c62225b.jpg
or
http://pan.baidu.com/s/1kTK8BDP

Program link is below,

http://pan.baidu.com/s/1c0gRtgG

for non chinese user need delete chinese local language: folder GLOBAL file LANGUAGE
Top
Info
Faq & Info
Faq & Info
Posts: 428
Joined: Wed Oct 05, 2005 9:00 am

Re: [?]: A Step7 block can't see the content ?!

Post by Info »

open it with pg2000
viewtopic.php?f=9&t=5614&p=55070&hilit= ... .69#p55070
PG2000 v4.69 with crack http://plcforum.uz.ua//PG ... _crack.rar

This is bug "BLD-protection" :(
Image

Replace all "BLD *" to "NOP 0" in PG2000 or S7-Doctor
or
use WinHex
open file <Project>\ombstx\offline\00000001\SUBBLK.DBT (*Number possible 1/2/3/ ...9)
Find and replace 10h 07h (BLD 7 = 0x10 0x07) to 00 00 (NOP 0 = 0x00 0x00)
Чтобы увидеть "скрытую" часть можно сделать так:
1) чтобы убедится, что используется такая "защита", надо открыть проект в какой нибудь не сименсовской программе (например S7-Doctor)
2) Для открытия и работы в Степе с этим проектом: шестнадцатеричным редактором заменим код команды BLD 7 (0x10 0x07) на код команды NOP 0 (0x00 0x00) в файле
<Папка проекта>\ombstx\offline\00000001\SUBBLK.DBT (вместо "00000001" может быть другая папка)
и при открытии в Степе увидим (FC1 из проекта "PROTECT"):
cured code

Code: Select all

      NOP   0    // replaced "BLD 7"
      L     #a
      L     #b
      +I   
      T     #c
      BEU   
      =     L      0.0
      UC    "STP"
      BLD   8
2. delete # before Mxx (for example JC #M001)
open fc in pg2000,select all, copy to notepad, delete # before Mxx (for example JC #M001),
delete : before operands (for example :A DBX0.1),select all, copy to anover FC, replace fc calling for check
Top
hanyutian
Posts: 5
Joined: Wed Mar 07, 2007 5:53 am
Location: China

Re: [?+]: A Step7 block can't see the content ?!

Post by hanyutian »

I can open the program now.

Thanks you very very much!

I have one more question, do you know how can they do it (suppress displaying content) in step7 ?


I have tried the way you provided, but I meet some difficulties.

1. When I change the program by PG2000 (replace all BLD * to NOP 0) and save it by PG2000, I can't open the program in step7 again. Maybe two softwares (Step7 and PG2000) have different program format?

2. Then I change the program by Hexedit (replace all BLD * to NOP 0), this time step7 can open the program but I can't see the program content either.

3. How can I change "#" of jump lable "#M***" by Hexedit?

I can't delete "#" in PG2000, when I do this, an error occur and I can't save the changed program.
I want to know what the mean of delete "#" ?

After I change "BLD*" to "NOP 0" in PG2000 and save the program. When I open the modified program in step7 (V5.5.2) the warning message is below,
"The project or library was changed using tools of the Windows Explorer. The data for access protection has been modified to such an extent that it is no longer possible to open the project or library."
Top
Info
Faq & Info
Faq & Info
Posts: 428
Joined: Wed Oct 05, 2005 9:00 am

Re: [?+]: A Step7 block can't see the content ?!

Post by Info »

save as *.awl
go to simatic manager,your project,folder source right click ,insert new,external source,brouse your *.awl
double click on inserted object,compile
FC 31
Show

Code: Select all

FUNCTION FC 31 : VOID
TITLE =
VERSION : 0.1


VAR_TEMP
  DragFailure : DINT ;	
  OutputController : DINT ;	
  SumFeedForward : DINT ;	
  OutputControllerInclFF : DINT ;	
  TermA : DINT ;	
  TermB : DINT ;	
  OutputControllInclFF_HP : DINT ;	
  Butterworth1 : DINT ;	
  SurfaceCylActPos : DINT ;	
END_VAR
BEGIN
NETWORK
TITLE =

      AN    DBX   76.2; 
      JC    M001; 
      L     DBW   48; 
      SSI   4; 
      ITD   ; 
      L     DBD   72; 
      +D    ; 
      L     DBW   68; 
      >D    ; 
      JC    M002; 
      TAK   ; 
      L     DBW   70; 
      <D    ; 
      JC    M002; 
      TAK   ; 
M002: T     DBD   72; 
      T     DBW   32; 
M001: L     0; 
      AN    DBX   76.4; 
      JC    M003; 
      L     DBW   58; 
      L     DBW   32; 
      -I    ; 
      ITD   ; 
      SSD   4; 
      L     DBD  108; 
      ITD   ; 
      +D    ; 
      L     32000; 
      >D    ; 
      JC    M003; 
      NEGD  ; 
      <D    ; 
      JC    M003; 
      TAK   ; 
M003: T     DBD  108; 
      SSD   4; 
      T     DBW   36; 
      L     DBW   32; 
      L     31800; 
      >I    ; 
      S     DBX   44.3; 
      JC    M004; 
      TAK   ; 
      L     -4150; 
      <I    ; 
      S     DBX   44.3; 
      JC    M004; 
      TAK   ; 
M004: T     DBW   32; 
      L     DBW  126; 
      ITD   ; 
      L     DBW    0; 
      ITD   ; 
      *D    ; 
      SSD   12; 
      L     DBW    2; 
      ITD   ; 
      +D    ; 
      T     DBW   58; 
      L     DBW   58; 
      ITD   ; 
      L     DBW   32; 
      ITD   ; 
      -D    ; 
      T     #DragFailure; 
      L     DBW    4; 
      ITD   ; 
      *D    ; 
      SSD   8; 
      L     DBW   16; 
      ITD   ; 
      +D    ; 
      T     #OutputController; 
      L     #OutputController; 
      L     DBW   36; 
      ITD   ; 
      +D    ; 
      T     #OutputController; 
      L     DBW   14; 
      ITD   ; 
      L     DBW   60; 
      ITD   ; 
      +D    ; 
      T     #SumFeedForward; 
      L     DBW  124; 
      ITD   ; 
      L     DBW  126; 
      ITD   ; 
      -D    ; 
      L     #SumFeedForward; 
      ITD   ; 
      *D    ; 
      SSD   8; 
      L     #OutputController; 
      +D    ; 
      T     #OutputControllerInclFF; 
      L     DBW   52; 
      ITD   ; 
      L     DBW   18; 
      ITD   ; 
      *D    ; 
      T     #TermA; 
      L     DBW   52; 
      ITD   ; 
      L     DBW   20; 
      ITD   ; 
      *D    ; 
      T     #TermB; 
      L     #OutputControllerInclFF; 
      SLD   12; 
      L     #TermA; 
      -D    ; 
      L     #TermB; 
      -D    ; 
      SSD   12; 
      T     #OutputControllInclFF_HP; 
      L     #OutputControllerInclFF; 
      T     DBW   52; 
      L     #OutputControllInclFF_HP; 
      T     DBW   52; 
      L     L#0; 
      L     #OutputControllInclFF_HP; 
      <=D   ; 
      JC    M005; 
      L     DBW   42; 
      ITD   ; 
      *D    ; 
      SSD   12; 
M005: AN    M      0.3; 
      JC    M006; 
      L     L#0; 
M006: L     L#27648; 
      >D    ; 
      S     DBX   44.4; 
      JC    M007; 
      TAK   ; 
      L     L#-27648; 
      <D    ; 
      S     DBX   44.4; 
      JC    M007; 
      TAK   ; 
M007: AN    M      0.3; 
      JC    M008; 
      L     0; 
M008: T     DBW   48; 
      A     DBX  132.1; 
      JC    M009; 
      A     DBX   45.1; 
      JC    M010; 
      JU    M011; 
M009: A     DBX   44.2; 
      A     DBX   45.1; 
      R     DBX   45.1; 
      R     DBX   44.2; 
      JC    M011; 
      A     DBX   44.2; 
      AN    DBX   45.1; 
      JC    M012; 
      JU    M011; 
M012: S     DBX   45.1; 
      L     0; 
      T     DBW   30; 
      L     27648; 
      T     DBW   28; 
M010: L     DBW   30; 
      L     DBW   32; 
      >=I   ; 
      JC    M013; 
      T     DBW   30; 
      JU    M011; 
M013: L     DBW   28; 
      TAK   ; 
      <=I   ; 
      JC    M011; 
      T     DBW   28; 
M011: NOP   0; 
      L     #DragFailure; 
      L     DBW   22; 
      ITD   ; 
      *D    ; 
      SSD   14; 
      T     #Butterworth1; 
      L     DBW   46; 
      ITD   ; 
      L     DBW   24; 
      ITD   ; 
      *D    ; 
      SSD   14; 
      L     #Butterworth1; 
      +D    ; 
      T     DBW   46; 
      JP    M014; 
      NEGD  ; 
M014: L     DBW   26; 
      ITD   ; 
      >D    ; 
      S     DBX   44.5; 
      L     DBW   58; 
      ITD   ; 
      L     DBW   32; 
      ITD   ; 
      -D    ; 
      L     DBD   54; 
      +D    ; 
      T     DBD   54; 
      L     DBW   32; 
      L     DBW    2; 
      -I    ; 
      ITD   ; 
      JP    M015; 
      NEGD  ; 
M015: T     #SurfaceCylActPos; 
      L     DBW   58; 
      L     DBW    2; 
      -I    ; 
      ITD   ; 
      L     DBW   40; 
      ITD   ; 
      *D    ; 
      JP    M016; 
      NEGD  ; 
M016: SSD   12; 
      L     #SurfaceCylActPos; 
      -D    ; 
      SSD   8; 
      L     DBD   64; 
      +D    ; 
      T     DBD   64; 
      A     DBX  132.1; 
      JCN   M017; 
      L     DBB   34; 
      +     -1; 
      T     DBB   34; 
M017: L     DBB   34; 
      L     0; 
      >I    ; 
      JC    M018; 
      L     DBD   64; 
      L     DBW   10; 
      ITD   ; 
      *D    ; 
      L     DBD   60; 
      +D    ; 
      L     DBW   12; 
      ITD   ; 
      SLD   16; 
      >D    ; 
      JC    M019; 
      TAK   ; 
      L     DBW   14; 
      ITD   ; 
      SLD   16; 
      NEGD  ; 
      <D    ; 
      JC    M019; 
      TAK   ; 
M019: T     DBD   60; 
      L     DBD   54; 
      L     DBW    6; 
      ITD   ; 
      *D    ; 
      L     DBD   36; 
      +D    ; 
      L     DBW    8; 
      ITD   ; 
      SLD   16; 
      >D    ; 
      JC    M020; 
      NEGD  ; 
      <D    ; 
      JC    M020; 
      TAK   ; 
M020: T     DBD   36; 
      L     DBB   35; 
      T     DBB   34; 
      L     L#0; 
      T     DBD   54; 
      T     DBD   64; 
M018: A     DBX   76.1; 
      JC    M021; 
      L     0; 
      T     DBD   60; 
      T     DBD   36; 
M021: NOP   0; 
      BE    ; 
      BE    ; //                                   Initialise new measurementationiue                                                                                                                                                                             

END_FUNCTION
you need delete // before UC FC 30
FC 32
Show

Code: Select all

FUNCTION FC 32 : VOID
TITLE =
VERSION : 0.1


VAR_TEMP
  RatedDragFailCyl2 : DINT ;	
  MovementOfCylinder : INT ;	
  RatedPressureDown : DINT ;	
  ConfRatioSurfDownDivUp : INT ;	
END_VAR
BEGIN
NETWORK
TITLE =

      OPN   DB    14; 
      BLD   1; 
      =     L     12.0; 
////////////////////////////////////////////
//    alex
// uncomment       // UC    FC    30

//      UC    FC    30

////////////////////////////////////////////
      BLD   2; 
      NOP   0; 
      AN    DBX   76.0; 
      JC    M001; 
      A     DBX   76.2; 
      JC    M002; 
      A     DBX   77.1; 
      JC    M003; 
      L     0; 
      A     DBX   76.3; 
      JC    M004; 
      L     PIW  128; 
      T     DBW   32; 
      JU    M002; 
M004: OPN   DB    94; 
      AN    DBX   33.7; 
      OPN   DB    14; 
      JC    M002; 
      L     PID  508; 
      T     DBW   32; 
      JU    M002; 
M003: L     DBW  134; 
      T     DBW   32; 
M002: NOP   0; 
      CALL FC    31 ;
      NOP   0; 
      JU    M005; 
M001: L     0; 
      T     DBW   48; 
M005: L     DBD  124; 
      A     DBX  132.1; 
      T     DB15.DBD  124; 
      =     DBX  132.1; 
      AN    DBX   76.0; 
      JC    M006; 
      A     DBX   76.2; 
      JC    M007; 
      L     0; 
      A     DBX   76.3; 
      JC    M008; 
      L     PIW  130; 
      T     DBW   32; 
      JU    M007; 
M008: OPN   DB    94; 
      AN    DBX  649.7; 
      OPN   DB    15; 
      JC    M007; 
      L     PID  528; 
      T     DBW   32; 
M007: NOP   0; 
      CALL FC    31 ;
      NOP   0; 
      L     DBW   46; 
      ITD   ; 
      L     DBW   78; 
      ITD   ; 
      *D    ; 
      SSD   10; 
      T     #RatedDragFailCyl2; 
      L     DB14.DBW   46; 
      ITD   ; 
      L     DBW   78; 
      ITD   ; 
      *D    ; 
      SSD   10; 
      L     #RatedDragFailCyl2; 
      -D    ; 
      JP    M009; 
      NEGD  ; 
M009: L     DBW  100; 
      ITD   ; 
      >D    ; 
      A     DBX   76.0; 
      S     DBX   44.6; 
M006: NOP   0; 
      AN    DB14.DBX   76.6; 
      R     DBX   44.7; 
      JC    M010; 
      L     DBW   48; 
      ITD   ; 
      A     DBX   76.2; 
      JC    M011; 
      L     PIW  132; 
      AN    DBX   76.7; 
      JC    M012; 
      INVI  ; 
M012: ITD   ; 
      AN    DBX   77.0; 
      JC    M011; 
      SLD   1; 
      +     -27648; 
M011: T     DBW   98; 
      T     DB79.DBW   28; 
      L     DB14.DBW   48; 
      ITD   ; 
      -D    ; 
      JP    M013; 
      NEGD  ; 
M013: L     DBW   92; 
      ITD   ; 
      >=D   ; 
      JCN   M010; 
      L     DBW   96; 
      +     1; 
      L     DBW   94; 
      >=I   ; 
      TAK   ; 
      S     DBX   44.7; 
      JU    M014; 
M010: L     0; 
M014: T     DBW   96; 
      AN    DB15.DBX   76.6; 
      R     DBX   44.7; 
      JC    M015; 
      L     DBW   48; 
      ITD   ; 
      A     DBX   76.2; 
      JC    M016; 
      L     PIW  136; 
      AN    DBX   76.7; 
      JC    M017; 
      INVI  ; 
M017: ITD   ; 
      AN    DBX   77.0; 
      JC    M016; 
      SLD   1; 
      +     -27648; 
M016: T     DBW   98; 
      T     DB79.DBW   52; 
      L     DB15.DBW   48; 
      ITD   ; 
      -D    ; 
      JP    M018; 
      NEGD  ; 
M018: L     DBW   92; 
      ITD   ; 
      >=D   ; 
      JCN   M015; 
      L     DBW   96; 
      +     1; 
      L     DBW   94; 
      >=I   ; 
      TAK   ; 
      S     DBX   44.7; 
      JU    M019; 
M015: L     0; 
M019: T     DBW   96; 
      A     DB14.DBX   76.2; 
      ON    DBX   76.5; 
      JC    M020; 
      AN    DBX  132.1; 
      JC    M021; 
      L     DBD   80; 
      T     DBD   84; 
      L     0; 
      T     DBD   80; 
      S     DBX   45.0; 
M021: L     DB14.DBW   50; 
      L     DBW   32; 
      T     DBW   50; 
      TAK   ; 
      -I    ; 
      T     #MovementOfCylinder; 
      L     DBW   90; 
      T     #ConfRatioSurfDownDivUp; 
      ITD   ; 
      L     PIW  258; 
      T     DB79.DBW   34; 
      ITD   ; 
      *D    ; 
      SSD   8; 
      T     #RatedPressureDown; 
      L     PIW  256; 
      T     DBW   32; 
      ITD   ; 
      L     #RatedPressureDown; 
      -D    ; 
      T     DBW   36; 
      T     DB14.DBW   88; 
      ITD   ; 
      L     #MovementOfCylinder; 
      ITD   ; 
      *D    ; 
      SSD   3; 
      L     DBD   80; 
      +D    ; 
      T     DBD   80; 
      AN    DB15.DBX   76.0; 
      JC    M020; 
      AN    DBX  132.1; 
      JC    M022; 
      L     DBD   80; 
      T     DBD   84; 
      L     0; 
      T     DBD   80; 
      S     DBX   45.0; 
M022: L     DBW   50; 
      L     DBW   32; 
      T     DBW   50; 
      TAK   ; 
      -I    ; 
      T     #MovementOfCylinder; 
      L     PIW  262; 
      T     DB79.DBW   58; 
      ITD   ; 
      L     #ConfRatioSurfDownDivUp; 
      ITD   ; 
      *D    ; 
      SSD   8; 
      T     #RatedPressureDown; 
      L     PIW  260; 
      T     DBW   56; 
      ITD   ; 
      L     #RatedPressureDown; 
      -D    ; 
      T     DBW   60; 
      T     DB15.DBW   88; 
      ITD   ; 
      L     #MovementOfCylinder; 
      ITD   ; 
      *D    ; 
      SSD   3; 
      L     DBD   80; 
      +D    ; 
      T     DBD   80; 
M020: NOP   0; 
      AN    DB14.DBX   77.3; 
      JC    M023; //            01                                                                                                                                                                                                                        
      L     DBW  102; //            01                                                                                                                                                                                                                        
      L     DBW   32; //            01                                                                                                                                                                                                                        
      >I    ; 
      A(    ; 
      L     DBW  104; 
      >I    ; 
      )     ; 
      JC    M023; 
      L     DBW  106; 
      +     1; 
      T     DBW  106; 
M023: AN    DB15.DBX   77.3; 
      JC    M024; //           01                                                                                                                                                                                                                        
      L     DBW  102; //           01                                                                                                                                                                                                                        
      L     DBW   32; //           01                                                                                                                                                                                                                        
      >I    ; 
      A(    ; 
      L     DBW  104; 
      >I    ; 
      )     ; 
      JC    M024; 
      L     DBW  106; 
      +     1; 
      T     DBW  106; 
M024: NOP   0; 
      L     DB14.DBW   58; 
      T     DB79.DBW   26; 
      L     DB14.DBW   32; 
      T     DB79.DBW   24; 
      L     DB14.DBW   48; 
      T     DB79.DBW   30; 
      L     DB15.DBW   58; 
      T     DB79.DBW   50; //             Prepare IBA Datae- & work- calcuk                                                                                                                                                                              


      L     DB15.DBW   32; 
      T     DB79.DBW   48; 
      L     DB15.DBW   48; 
      T     DB79.DBW   54; 
      BE    ; 
END_FUNCTION
Top
hanyutian
Posts: 5
Joined: Wed Mar 07, 2007 5:53 am
Location: China

Re: [?+]: A Step7 block can't see the content ?!

Post by hanyutian »

I see. Thank you again!
Top

Return to “SIMATIC system”