三菱FX3U PLC解密软件开发叙述

来源:本站
导读:目前正在解读《三菱FX3U PLC解密软件开发叙述》的相关信息,《三菱FX3U PLC解密软件开发叙述》是由用户自行发布的知识型内容!下面请观看由(电工学习网 - www.9pbb.com)用户发布《三菱FX3U PLC解密软件开发叙述》的详细说明。
对于三菱plc大家都很熟悉了,而FX2N的密码破解应该大家都会了,在返回的数据中都能找到密码,密码是在软件里比较的,而FX3U就不同了,FX3U有两段密码,看下图:

三菱FX3U PLC解密软件开发叙述<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

1段密就和FX2N的一样,加的是明码,第2段就不一样了,密码加上后都变了,算法也完全变了,但在网上有高手能做到直读密码,我们被FX3U这种PLC的强大功能所吸引,对三菱PLC大家都用习惯了,觉的用起来顺手,在整个工控行业中用的比例很大,所以对破解这款PLC产生的浓厚的性趣,FX3U有的可以2个口编程,一个是我们通常用的圆口,还有个可以扩展个232接口,我先试圆口,通过串口软件监控的数椐,以下是我调试监控的数据。

#TimeFunctionData(Hex)

1[00000000]IRP_MJ_CREATEPortOpened-Gppw.exe

2[00000000]IOCTL_SERIAL_SET_BAUD_RATEBaudRate:115200

3[00000000]IOCTL_SERIAL_SET_LINE_CONTROLStopBits:1,Parity:Even,DataBits:7

4[00000001]IRP_MJ_WRITELength:0001,Data:05

5[00000002]IRP_MJ_READLength:0001,Data:06

6[00000002]IRP_MJ_WRITELength:0011,Data:0230304530323032033643

7[00000003]IRP_MJ_READLength:0001,Data:02

8[00000003]IRP_MJ_READLength:0001,Data:42

9[00000003]IRP_MJ_READLength:0001,Data:31

10[00000003]IRP_MJ_READLength:0001,Data:35

11[00000003]IRP_MJ_READLength:0001,Data:45

12[00000003]IRP_MJ_READLength:0001,Data:03

13[00000003]IRP_MJ_READLength:0001,Data:46

14[00000003]IRP_MJ_READLength:0001,Data:30

15[00000004]IRP_MJ_WRITELength:0011,Data:0230304543413032033845

16[00000004]IRP_MJ_READLength:0001,Data:02

17[00000004]IRP_MJ_READLength:0001,Data:37

18[00000004]IRP_MJ_READLength:0001,Data:31

19[00000004]IRP_MJ_READLength:0001,Data:33

20[00000004]IRP_MJ_READLength:0001,Data:46

21[00000004]IRP_MJ_READLength:0001,Data:03

22[00000004]IRP_MJ_READLength:0001,Data:45

23[00000004]IRP_MJ_READLength:0001,Data:34

24[00000005]IRP_MJ_WRITELength:0011,Data:0230304530323032033643

25[00000006]IRP_MJ_READLength:0001,Data:02

26[00000006]IRP_MJ_READLength:0001,Data:42

27[00000006]IRP_MJ_READLength:0001,Data:31

28[00000006]IRP_MJ_READLength:0001,Data:35

29[00000006]IRP_MJ_READLength:0001,Data:45

30[00000006]IRP_MJ_READLength:0001,Data:03

31[00000006]IRP_MJ_READLength:0001,Data:46

32[00000006]IRP_MJ_READLength:0001,Data:30

33[00000006]IRP_MJ_WRITELength:0011,Data:0230304543413032033845

34[00000007]IRP_MJ_READLength:0001,Data:02

35[00000007]IRP_MJ_READLength:0001,Data:37

36[00000007]IRP_MJ_READLength:0001,Data:31

37[00000007]IRP_MJ_READLength:0001,Data:33

38[00000007]IRP_MJ_READLength:0001,Data:46

39[00000007]IRP_MJ_READLength:0001,Data:03

40[00000007]IRP_MJ_READLength:0001,Data:45

41[00000007]IRP_MJ_READLength:0001,Data:34

42[00000015]IRP_MJ_CLOSEPortClosed

6、上述从串口监控到的数据是十六进制的数据,还真不好看,先转换成ASC码,就好看多了。

#TimeFunctionData(String)

1[00000000]IRP_MJ_CREATEPortOpened-Gppw.exe

2[00000000]IOCTL_SERIAL_SET_BAUD_RATEBaudRate:115200

3[00000000]IOCTL_SERIAL_SET_LINE_CONTROLStopBits:1,Parity:Even,DataBits:7

4[00000001]IRP_MJ_WRITELength:0001,Data:

5[00000002]IRP_MJ_READLength:0001,Data:

6[00000002]IRP_MJ_WRITELength:0011,Data:00E02026C

7[00000003]IRP_MJ_READLength:0001,Data:

8[00000003]IRP_MJ_READLength:0001,Data:B

9[00000003]IRP_MJ_READLength:0001,Data:1

10[00000003]IRP_MJ_READLength:0001,Data:5

11[00000003]IRP_MJ_READLength:0001,Data:E

12[00000003]IRP_MJ_READLength:0001,Data:

13[00000003]IRP_MJ_READLength:0001,Data:F

14[00000003]IRP_MJ_READLength:0001,Data:0

15[00000004]IRP_MJ_WRITELength:0011,Data:00ECA028E

16[00000004]IRP_MJ_READLength:0001,Data:

17[00000004]IRP_MJ_READLength:0001,Data:7

18[00000004]IRP_MJ_READLength:0001,Data:1

19[00000004]IRP_MJ_READLength:0001,Data:3

20[00000004]IRP_MJ_READLength:0001,Data:F

21[00000004]IRP_MJ_READLength:0001,Data:

22[00000004]IRP_MJ_READLength:0001,Data:E

23[00000004]IRP_MJ_READLength:0001,Data:4

24[00000005]IRP_MJ_WRITELength:0011,Data:00E02026C

25[00000006]IRP_MJ_READLength:0001,Data:

26[00000006]IRP_MJ_READLength:0001,Data:B

27[00000006]IRP_MJ_READLength:0001,Data:1

28[00000006]IRP_MJ_READLength:0001,Data:5

29[00000006]IRP_MJ_READLength:0001,Data:E

30[00000006]IRP_MJ_READLength:0001,Data:

31[00000006]IRP_MJ_READLength:0001,Data:F

32[00000006]IRP_MJ_READLength:0001,Data:0

33[00000006]IRP_MJ_WRITELength:0011,Data:00ECA028E

34[00000007]IRP_MJ_READLength:0001,Data:

35[00000007]IRP_MJ_READLength:0001,Data:7

36[00000007]IRP_MJ_READLength:0001,Data:1

37[00000007]IRP_MJ_READLength:0001,Data:3

38[00000007]IRP_MJ_READLength:0001,Data:F

39[00000007]IRP_MJ_READLength:0001,Data:

40[00000007]IRP_MJ_READLength:0001,Data:E

41[00000007]IRP_MJ_READLength:0001,Data:4

42[00000015]IRP_MJ_CLOSEPortClosed

电脑发:00E0202’查询D8001的值

PLC回:B15E‘回复为5EB1,回复的数据高位在后、低位在前,所以要对调个位,

5EB1转为10进数据值为:2424124表示PLC型号FX2N3U241表示版本号,

电脑发:00ECA02码’查询D8101的值

PLC回:713F‘回复为3F71转为10进数据值为:1624116表示PLC型号为FX3U241表示版本号

以上这一大段数据也就是编程软件查询一下PLC的型号,以便接下来按相应的通迅协议进行通迅。这些数据是花了大量时间测试出来的,

这次就讲到这里,望朋友多多指点。

提醒:《三菱FX3U PLC解密软件开发叙述》最后刷新时间 2023-07-10 04:11:53,本站为公益型个人网站,仅供个人学习和记录信息,不进行任何商业性质的盈利。如果内容、图片资源失效或内容涉及侵权,请反馈至,我们会及时处理。本站只保证内容的可读性,无法保证真实性,《三菱FX3U PLC解密软件开发叙述》该内容的真实性请自行鉴别。

上一篇文化水平较低的电工能学好PLC吗?

下一篇三菱PLC与计算机连接后的数据流程图

相关内容