西门子plc控制程序的保护SIEMENSPLCcontrolprogramprotection.docx

1、西门子plc控制程序的保护SIEMENSPLCcontrolprogramprotection西门子plc控制程序的保护（SIEMENS PLC control program protection）西门子plc控制程序的保护(SIEMENS PLC control program protection) Discussion on protection of SIEMENS PLC control program Four Recommend Abstract: from the purely technical level, this paper focuses on the protec

2、tion of SIMATIC S7 PLC control program Keywords: Simatic, S7, PLC program, crack and reverse, intellectual property protection Author: Zane (SIEMENS official forum S7-300/400 moderator) Preface: With the strengthening of Chinese overall economic strength, manufacturing and processing industry is gra

3、dually to the Chinese transfer, this brings a lot of opportunities to Chinese domestic industrial equipment market, the domestic industry manufacturers to develop and produce large quantities of cheap equipment, achieved good economic and social effect. However, there is also a small part of the man

4、ufacturer, because of its ability and objective factors, unable to develop suitable products, but the interests of the drive to make them look at the company, plagiarism and imitation company successfully developed products, what is more the copy or clone. Because of the modern industrial equipment

5、widely used in PLC as the main control system, PLC as the core component of the equipment, the software includes the production process, control logic, data processing equipment, important parameters and information communication, thus becoming one of the key equipment of imitation to get the target

6、. Looking at the current domestic Chinese used in the market mainstream brand PLC, although a variety of software and hardware encryption means are adopted in the design, but the crack crack using more and more advanced means, from the exhaustive method, the original listening port, software trackin

7、g, and now can through direct copy extraction to analyze the contents of memory chips crack, even discussed openly in the Internet and the spread of crack method and tools, so all products without exception has been cracked. This is very bad for the Chinese many small and medium-sized OEM manufactur

8、ers, the results of our years of development may be cast to waste overnight when he learned that S7-200/300 hardware encryption has been cracked, a OEM maker said helplessly. Because of the development of imitation cost is very low or almost zero, so developers have not had time to recover the cost

9、of development in low price competition, the enthusiasm of developers has a great impact on the development of new products, is very harmful to the long-term development of the equipment industry in China. Is it so helpless that the imitators are allowed to do what they want? The answer is no, has b

10、een paying close attention to and study the problem of PLC control program, the author made some experience and experience in practice, like in this paper and colleagues to share and discuss, we work together to protect the fruits of their hard labor. The author has been engaged in the application o

11、f SIEMENS SIAMTIC, S7, PLC for many years, so this article is only from the purely technical level, focusing on the protection of SIMATIC S7 PLC control program. In the early days of system design, we should consider the protection of PLC control program from the point of view of system: The concept

12、 of 1. T.I.A (fully integrated automation) helps protect our KNOW HOW T.I.A implements the configuration and programming, data management and communications, automation and drive products (including PLC controller, HMI, human-computer interface, network, drives and other products) highly integrated.

13、 Practice has proved that the control system using T.I.A integrated concept design is difficult to be copied. The same software platform, the same hardware components, the same bus communication, you can design a completely different control system, this is a platform for developers to play freely.

14、For example, a CPU315-2DP and 2 MM440 converter for PROFIBUS-DP communications, in addition to a conventional PLC and inverter data exchange, if the user uses the DRIVES ES software, to realize fast data directly between the 2 MM440 can also through the DRIVES ES exchange, also can realize the excha

15、nge between PLC and MM440 more than 10 in total 16 PZD process data, realize the function of PLC batch download frequency converter parameter. And all of this realization, from the surface, the hardware has not undergone any changes, it is difficult for the imitators to judge from the hardware how t

16、he system controls the speed of the two drives. Not familiar with SIEMENS imitation products are not easily replace the hardware or software modifications, and even if imitation is an expert of SIEMENS products, to clear itself of the details of the problem is not an easy thing. To some extent, T.I.

17、A can greatly improve the technical level of the imitation requirements threshold, and technical personnel to reach a level of integration of expert system of SIEMENS is not willing to do these two, there are few things in contempt. In addition, for some of the larger system of OEM developers, routi

18、ng communication function, iMAP software package are T.I.A system function or tool is very good, we should make the best use of T.I.A technology brings us, advanced technology, increase the technical difficulty of imitation or copying. 2. use the communication function In actual work, We often encou

19、nter some problems need to exchange data between systems (such as PLC-PLC, PLC and PLC between the driver and the instrument), whether it is between SIEMENS or SIEMENS products between products and third party products, recommend the use of communication scheme to replace the signal interconnection

20、between analog or switch scheme. For the former, the imitator can only see a hardware communication line, as the number of data is how to exchange through communication, imitation must study the specific user program can spend time figuring out; while for the latter, the developer is convenient, imi

21、tation is also clear, panoramic view. PLC and driver communication, in addition to the control word / status word, setting value data communication / feedback value and process variables, the best parameters of driver can also download from PLC by software, which can reduce the maintenance requireme

22、nts of the system and technology of end users, and can prevent the imitation by parameter analysis system especially in the drive to work driving the working principle and design ideas. DRIVE ES BASIC/SIAMTIC engineering software of SIEMENS company, provides a powerful tool for the majority of users

23、 of SIEMENS products to achieve such functions; and the use of SIMATIC PLC is to use third party drive users, also can develop their own specific parameters to read and write procedures, as a support for PROFIBU-DP drive can be achieved. Sometimes our control system consists of multiple sub control

24、system, thereby forming a multi CPU and man-machine interface network, SIEMENS S7-200 products is a common PPI network, S7-300/400 MPI network is a common product, usually between man-machine interface and CPU data exchange, and we can also add some configuration without S7 basic communication CPU f

25、unction in the user program (S7-200 available NETR/NETW commands, S7-300/400 can use the X_PUT/X_GET command), regular or irregular in a small amount of data exchange between CPU, through these data to realize interlocking logic control subsystem. For such a system, it is not easy for an imitator to

26、 analyze the program of a subsystem. 3. use panel type man-machine interface Try to use the panel type in the automation system of man-machine interface to replace the single button lights, although button lights function is not confidential, but so far, realize the program upload and realize decomp

27、ile products can not see the panel type man-machine interface, developers can add significant signs and manufacturers contact information in the panel on the screen, the imitation is not so stupid as to the original copy. This program forced imitators have to rewrite the operation panel program even

28、 to PLC, and the developer can use some special function panel and PLC data interface (such as regional pointer, SIEMENS panel or VB script) to control PLC program execution. Such PLC program, in the absence of HMI source code, can only rely on speculation and online monitoring to obtain PLC interna

29、l variables change logic, time-consuming and laborious, greatly increasing the difficulty of copying copying. 4. use high-level language to write some important process This is mainly to control equipment using S7-300/400 or WINAC products, in addition to the use of STEP 7 LAD, STL, FBD standard pro

30、gramming language control program, we can also use the SCL, S7-GRAPH and other senior language to develop some important processes, WINAC can also use ODK software package developed proprietary block the. Generic copycats are not easy to access to these tools, and even if they are not available, let

31、 alone read them. In the process of project implementation, we should consider the protection of PLC control program from the point of view of software development techniques: 1. programming mode A) a modular program structure is used to write subroutine blocks by means of symbolic names and paramet

32、erization B) S7-300/400 uses background data blocks and data transfer across multiple backgrounds as much as possible C) uses indirect addressing programming methods D) control program of complex systems especially in order to control or control program with a formula, you can consider using the dat

33、a programming method, through the data change control logic or sequence control system. Users should try to use the above high-level programming methods, so that the program compiled in the embedded system protection encryption program, it is not easy to find and crack 2. active protection method A) use the system clock