plc4x-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christofer Dutz <>
Subject Re: New utility to help inspecting unknown PLCs?
Date Tue, 16 Apr 2019 12:48:43 GMT
Hi Lukasz,

well we did plan on providing listing of resources of a connected PLC. So the API would support
connecting to a PLC and asking it what it has to provide.
Unfortunately only a hand full of protocols support such an approach. For example I think
the Beckhoff ADS supports this and if we implemented the S7-TIA protocol so would this, but
for the S7-STEP7 which we have, there is no information over the structure of the PLC program
available from the protocol level.

So this tooling I was thinking about would would start experimenting in a brute-force manner
and start loading all memory blocks to find out which ones are there and then to probe each
blocks size and then to completely dump that content as huge byte arrays and to offer doing
diffs between two dumps to find out which bytes changed.

We could perhaps use the S7-STEP7 protocol to download the source for a given block and to
decode that … but this would be quite an effort as I bet Siemens changed this format with
every of the currently 15 TIA/Step7 Versions ;-)


Von: <>
Antworten an: <>
Datum: Dienstag, 16. April 2019 um 13:49
An: <>
Betreff: Re: New utility to help inspecting unknown PLCs?

Eclipse Smarthome called this a "discovery mechanism” and it worked quite fine. A while
ago as part of my own experiments I implemented discovery of bacnet properties/objects using
bacnet4j and its quite a fan. You plug network cable, send broadcast, get devices and query
them for description.
I guess that not all PLCs have such rich “integration” possibilities, but it would be
great to at least be able to get data knowing device identifier or address.

I love the idea as its speeds up adoption of solutions. I found for example that Beckhoff
allows to read symbol table from PLC using their C APIs but found no examples in PLC4X to
do same.


On 15 Apr 2019, at 20:19, Christofer Dutz <<>>

Just a few minutes ago in my sports course I had an idea regarding the ping ... We actually
don't have to ask for an existing address, do we? We just ask for something and if we get
an ok thats just as good as a "I have no idea what you're talking about" ... Don't you agree?


Outlook für Android<> herunterladen

From: Julian Feinauer <<>>
Sent: Monday, April 15, 2019 7:57:39 PM
Subject: AW: New utility to help inspecting unknown PLCs?

Hi Chris,

I like the idea and in fact Mathias and I already discussed a similar idea.
We have the idea to find a given value (e. G. From the hmi) and identify possible positions
in the data blocks.
I even had the idea to guess the most probable encoding for the blocks based on several measurements.

Let's dig deeper into this!


Von meinem Mobiltelefon gesendet

-------- Ursprüngliche Nachricht --------
Betreff: New utility to help inspecting unknown PLCs?
Von: Christofer Dutz

Hi all,

In a phone call with a potential customer we noticed that one of the strengths of plc4x is
the ability to connect to brown field machinery.

However this usually the the problem of not having the project files or the tools to program
them at hand.

Now the idea is, that it would be great to have a tool that uses plc4x to retrieve data from
a plc with only the connection string. It could start guessing blocks and try detecting it's
size by putting until it gets an error.

As soon as that's done, it could read entire blocks and compare them with previous versions
and output diffs in order to help interpreting the operation.

What do you think?


Outlook für Android<> herunterladen

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message