西门子plc控制程序的保护SIEMENSPLCcontrolprogramprotection.docx
《西门子plc控制程序的保护SIEMENSPLCcontrolprogramprotection.docx》由会员分享,可在线阅读,更多相关《西门子plc控制程序的保护SIEMENSPLCcontrolprogramprotection.docx(5页珍藏版)》请在冰豆网上搜索。
![西门子plc控制程序的保护SIEMENSPLCcontrolprogramprotection.docx](https://file1.bdocx.com/fileroot1/2023-1/3/9ada942b-049b-4ed7-be73-bb42ea4d6f59/9ada942b-049b-4ed7-be73-bb42ea4d6f591.gif)
西门子plc控制程序的保护SIEMENSPLCcontrolprogramprotection
西门子plc控制程序的保护(SIEMENSPLCcontrolprogramprotection)
西门子plc控制程序的保护(SIEMENSPLCcontrolprogram
protection)
DiscussiononprotectionofSIEMENSPLCcontrolprogram
Four
Recommend
Abstract:
fromthepurelytechnicallevel,thispaperfocusesontheprotectionofSIMATICS7PLCcontrolprogram
Keywords:
Simatic,S7,PLCprogram,crackandreverse,intellectualpropertyprotection
Author:
Zane(SIEMENSofficialforumS7-300/400moderator)
Preface:
WiththestrengtheningofChineseoveralleconomicstrength,manufacturingandprocessingindustryisgraduallytotheChinesetransfer,thisbringsalotofopportunitiestoChinesedomesticindustrialequipmentmarket,thedomesticindustrymanufacturerstodevelopandproducelargequantitiesofcheapequipment,achievedgoodeconomicandsocialeffect.However,thereisalsoasmallpartofthemanufacturer,becauseofitsabilityandobjectivefactors,unabletodevelopsuitableproducts,buttheinterestsofthedrivetomakethemlookatthecompany,plagiarismandimitationcompanysuccessfullydevelopedproducts,whatismorethecopyorclone.BecauseofthemodernindustrialequipmentwidelyusedinPLCasthemain
controlsystem,PLCasthecorecomponentoftheequipment,thesoftwareincludestheproductionprocess,controllogic,dataprocessingequipment,importantparametersandinformationcommunication,thusbecomingoneofthekeyequipmentofimitationtogetthetarget.LookingatthecurrentdomesticChineseusedinthemarketmainstreambrandPLC,althoughavarietyofsoftwareandhardwareencryptionmeansareadoptedinthedesign,butthecrackcrackusingmoreandmoreadvancedmeans,fromtheexhaustivemethod,theoriginallisteningport,softwaretracking,andnowcanthroughdirectcopyextractiontoanalyzethecontentsofmemorychipscrack,evendiscussedopenlyintheInternetandthespreadofcrackmethodandtools,soallproductswithoutexceptionhasbeencracked.ThisisverybadfortheChinesemanysmallandmedium-sizedOEMmanufacturers,"theresultsofouryearsofdevelopmentmaybecasttowasteovernightwhenhelearnedthatS7-200/300hardwareencryptionhasbeencracked,aOEMmakersaidhelplessly.Becauseofthedevelopmentofimitationcostisveryloworalmostzero,sodevelopershavenothadtimetorecoverthecostofdevelopmentinlowpricecompetition,theenthusiasmofdevelopershasagreatimpactonthedevelopmentofnewproducts,isveryharmfultothelong-termdevelopmentoftheequipmentindustryinChina.
Isitsohelplessthattheimitatorsareallowedtodowhattheywant?
Theanswerisno,hasbeenpayingcloseattentiontoandstudytheproblemofPLCcontrolprogram,theauthormadesomeexperienceandexperienceinpractice,likeinthispaperandcolleaguestoshareanddiscuss,weworktogethertoprotectthefruitsoftheirhardlabor.TheauthorhasbeenengagedintheapplicationofSIEMENSSIAMTIC,S7,PLCformanyyears,so
thisarticleisonlyfromthepurelytechnicallevel,focusingontheprotectionofSIMATICS7PLCcontrolprogram.
Intheearlydaysofsystemdesign,weshouldconsidertheprotectionofPLCcontrolprogramfromthepointofviewofsystem:
Theconceptof1.T.I.A(fullyintegratedautomation)helpsprotectourKNOWHOW
T.I.Aimplementstheconfigurationandprogramming,datamanagementandcommunications,automationanddriveproducts(includingPLCcontroller,HMI,human-computerinterface,network,drivesandotherproducts)highlyintegrated.PracticehasprovedthatthecontrolsystemusingT.I.Aintegratedconceptdesignisdifficulttobecopied.Thesamesoftwareplatform,thesamehardwarecomponents,thesamebuscommunication,youcandesignacompletelydifferentcontrolsystem,thisisaplatformfordeveloperstoplayfreely.Forexample,aCPU315-2DPand2MM440converterforPROFIBUS-DPcommunications,inadditiontoaconventionalPLCandinverterdataexchange,iftheuserusestheDRIVESESsoftware,torealizefastdatadirectlybetweenthe2MM440canalsothroughtheDRIVESESexchange,alsocanrealizetheexchangebetweenPLCandMM440morethan10intotal16PZDprocessdata,realizethefunctionofPLCbatchdownloadfrequencyconverterparameter.Andallofthisrealization,fromthesurface,thehardwarehasnotundergoneanychanges,itisdifficultfortheimitatorstojudgefromthehardwarehowthesystemcontrolsthespeedofthetwodrives.NotfamiliarwithSIEMENSimitationproductsarenoteasilyreplacethehardwareorsoftware
modifications,andevenifimitationisanexpertofSIEMENSproducts,toclearitselfofthedetailsoftheproblemisnotaneasything.Tosomeextent,T.I.Acangreatlyimprovethetechnicalleveloftheimitationrequirementsthreshold,andtechnicalpersonneltoreachalevelofintegrationofexpertsystemofSIEMENSisnotwillingtodothesetwo,therearefewthingsincontempt.
Inaddition,forsomeofthelargersystemofOEMdevelopers,routingcommunicationfunction,iMAPsoftwarepackageareT.I.Asystemfunctionortoolisverygood,weshouldmakethebestuseofT.I.Atechnologybringsus,advancedtechnology,increasethetechnicaldifficultyofimitationorcopying.
2.usethecommunicationfunction
Inactualwork,
Weoftenencountersomeproblemsneedtoexchangedatabetweensystems(suchasPLC-PLC,PLCandPLCbetweenthedriverandtheinstrument),whetheritisbetweenSIEMENSorSIEMENSproductsbetweenproductsandthirdpartyproducts,recommendtheuseofcommunicationschemetoreplacethesignalinterconnectionbetweenanalogorswitchscheme.Fortheformer,theimitatorcanonlyseeahardwarecommunicationline,asthenumberofdataishowtoexchangethroughcommunication,imitationmuststudythespecificuserprogramcanspendtimefiguringout;whileforthelatter,thedeveloperisconvenient,imitationisalsoclear,panoramicview.
PLCanddrivercommunication,inadditiontothecontrolword
/statusword,settingvaluedatacommunication/feedbackvalueandprocessvariables,thebestparametersofdrivercanalsodownloadfromPLCbysoftware,whichcanreducethemaintenancerequirementsofthesystemandtechnologyofendusers,andcanpreventtheimitationbyparameteranalysissystemespeciallyinthedrivetoworkdrivingtheworkingprincipleanddesignideas.DRIVEESBASIC/SIAMTICengineeringsoftwareofSIEMENScompany,providesapowerfultoolforthemajorityofusersofSIEMENSproductstoachievesuchfunctions;andtheuseofSIMATICPLCistousethirdpartydriveusers,alsocandeveloptheirownspecificparameterstoreadandwriteprocedures,asasupportforPROFIBU-DPdrivecanbeachieved.
Sometimesourcontrolsystemconsistsofmultiplesubcontrolsystem,therebyformingamultiCPUandman-machineinterfacenetwork,SIEMENSS7-200productsisacommonPPInetwork,S7-300/400MPInetworkisacommonproduct,usuallybetweenman-machineinterfaceandCPUdataexchange,andwecanalsoaddsomeconfigurationwithoutS7basiccommunicationCPUfunctionintheuserprogram(S7-200availableNETR/NETWcommands,S7-300/400canusetheX_PUT/X_GETcommand),regularorirregularinasmallamountofdataexchangebetweenCPU,throughthesedatatorealizeinterlockinglogiccontrolsubsystem.Forsuchasystem,itisnoteasyforanimitatortoanalyzetheprogramofasubsystem.
3.usepaneltypeman-machineinterface
Trytousethepaneltypeintheautomationsystemofman-machineinterfacetoreplacethesinglebuttonlights,althoughbuttonlightsfunctionisnotconfidential,butsofar,
realizetheprogramuploadandrealizedecompileproductscannotseethepaneltypeman-machineinterface,developerscanaddsignificantsignsandmanufacturerscontactinformationinthepanelonthescreen,theimitationisnotsostupidastotheoriginalcopy.ThisprogramforcedimitatorshavetorewritetheoperationpanelprogrameventoPLC,andthedevelopercanusesomespecialfunctionpanelandPLCdatainterface(suchasregionalpointer,SIEMENSpanelorVBscript)tocontrolPLCprogramexecution.SuchPLCprogram,intheabsenceofHMIsourcecode,canonlyrelyonspeculationandonlinemonitoringtoobtainPLCinternalvariableschangelogic,time-consumingandlaborious,greatlyincreasingthedifficultyofcopyingcopying.
4.usehigh-levellanguagetowritesomeimportantprocess
ThisismainlytocontrolequipmentusingS7-300/400orWINACproducts,inadditiontotheuseofSTEP7LAD,STL,FBDstandardprogramminglanguagecontrolprogram,wecanalsousetheSCL,S7-GRAPHandotherseniorlanguagetodevelopsomeimportantprocesses,WINACcanalsouseODKsoftwarepackagedevelopedproprietaryblockthe.Genericcopycatsarenoteasytoaccesstothesetools,andeveniftheyarenotavailable,letalonereadthem.
Intheprocessofprojectimplementation,weshouldconsidertheprotectionofPLCcontrolprogramfromthepointofviewofsoftwaredevelopmenttechniques:
1.programmingmode
A)amodularprogramstructureisusedtowritesubroutineblocksbymeansofsymbolicnamesandparameterization
B)S7-300/400usesbackgrounddatablocksanddatatransferacrossmultiplebackgroundsasmuchaspossible
C)usesindirectaddressingprogrammingmethods
D)controlprogramofcomplexsystemsespeciallyinordertocontrolorcontrolprogramwithaformula,youcanconsiderusingthedataprogrammingmethod,throughthedatachangecontrollogicorsequencecontrolsystem.
Usersshouldtrytousetheabovehigh-levelprogrammingmethods,sothattheprogramcompiledintheembeddedsystemprotectionencryptionprogram,itisnoteasytofindandcrack
2.activeprotectionmethod
A)usethesystemclock