Skip to main content

Unlock protected blocks in Siemens SIMATIC Step 7

Recently I'd been called by Hindalco's Fabrication Plant division to unlock the protected blocks in Siemens SIMATIC Step 7. They were in need to unlock those blocks since an year because of 1 million Rupees of loss per month. They want to re-program those blocks but it was locked by the man who'd done the setup. From the people working in that department, I came to know that they were trying to call that man (someone from Italy) right here but he's not coming. Actually, what he'd done was that he'd locked some of the blocks and deleted the source file. And Siemens didn't provide any feature to unlock. Department people also told me that even the people working in Siemens don't know how to do it. Being a software engineer I know that any thing can be reverse engineered. So I took up the challenge.

How did I unlocked the blocks?

The first thing I'd done was searched about this software at Google and read about what is this software all about. After that I'd explored the software. A person (might be S7 programmer) told me about 'Generate source' and shown me a sample by doing it. Further on he'd shown me how do they lock a block via KNOW_HOW_PROTECT. It was amazing, they just write this line (KNOW_HOW_PROTECT) inside a program after begin statement and compile the code. The compiled code is known as blocks. The blocks are now protected which means the code inside the block can't be seen by other. Then delete the source and your blocks are now protected.

Now my objective was to unlock those blocks. So I'd followed the steps given below to unlock those blocks,

Step 1: Download *.dbf file editor. The free DOS based dbf editor is the one I'd used. You can download it from, http://www.ks-soft.net/download/other/dbf_edit.zip

Step 2: Extract dbf_edit.exe from the zipped file. Put it somewhere to easily access it. I'd put it inside a folder named dbfedit in C: drive. So path to run the editor is C:\DBFEDIT>dbfedit.exe

Step 3: To unlock the blocks, copy a file named SUBBLK.DBF from ..\PROJECT\ombstx\offline\00000001\ folder where PROJECT is the directory containing your S7 Project. Paste this file inside C:\DBFEDIT\ folder.

Step 4: Open Command Prompt (DOS window) via clicking on

Start  Run  type 'cmd'  press enter
or
Start  All Programs  Accessories  Command Prompt

Step 5: Follow these commands,

C:\>cd dbfedit
C:\DBFEDIT>dbfedit.exe subblk.dbf


A DOS based application will open. Search for the PASSWORD column. And change all 3 into 0 to unlock the blocks. Press Esc/F10 key to save and exit.

C:\DBFEDIT>exit

Step 6: Copy the SUBBLK.DBF file inside C:\DBFEDIT\ folder and paste it at it's original location. Always remember to make the backup of original SUBBLK.DBF.

Step 7: Now open the project in SIMATEC Step 7 software. All the blocks are unlocked.

So my objective is completed successfully.

It took me around 3 hours to complete this for the first time. But after that I can do it within 5 minutes.

Have fun!

Comments

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. nice,This is an unlocking website which i found last week. Please view the website to get more info unlock site

    ReplyDelete
  3. wow great , and this is also give unlock assistance This website provides a complete knowledge base on mobile phone unlocking instructions and guides. It has unlocking instructions for more than 5000 mobile phone models.
    visit my site

    ReplyDelete
  4. THANKS BUDDY!!!!
    YOU ARE AWESOME
    MAIL ME WHEN YOU ARE FREE
    naveen_30mar@yahoo.co.in

    ReplyDelete
  5. thanks abhi, u r outstanding man......

    ReplyDelete
  6. This worked exactly as described and solved our problem.
    Thanks

    ReplyDelete
  7. Hi,
    Just tried it out and it didn't work. Tried on Simatic 5.5.
    Is it just file subblk.dbf at folder 000001 that needs to be edited or file subblk.dbf at the other folder too?

    ReplyDelete
  8. Hi! For those using Linux you might want to try this out: https://gist.github.com/3899286

    It is a free perl script that automates the unlocking process

    I guess it should work on windows as well, but installation would be different (I havent tried this)

    ReplyDelete
  9. Thanks for the hint, but it didn't work at all. Please try with SFC46, for example, the passwaord comes already in 0.

    ReplyDelete
  10. WHO EVER YOU ARE YOU MADE MY DAY :) THANKS ALOT YARA THANKS :).. MAY GOD BLESS YOU! :)..

    ReplyDelete
  11. have you got anything to unlock TIA portal Function blocks??

    Thanks

    ReplyDelete
  12. amazing, worked flawlessly, thank you very much!!

    ReplyDelete
  13. you told to change all 3 into 0 but they can't be changed.do help us

    ReplyDelete
  14. Saad Kamil,

    on your keyboard, press the enter key and then remove 3 with del key and change the value to 0 and hit enter again ..

    ReplyDelete
  15. Thank you very much Kumar , it works, but not with SFC and SFB

    you have an idea to unlock this blocks.

    Best regards

    ReplyDelete
  16. Thank you very much Kumar , it works, but not with SFC and SFB

    you have an idea to unlock this blocks.

    Best regards

    ReplyDelete
  17. ola Kumar nao consegui desbloquear tenho fazer a troca do digito 3 para zero ou vice-versa?

    ReplyDelete
  18. i follow the instruction above , but nothing happen DOS do not recognize the program at all, another thing in my proyect i dont have the folder 0000001 to copy a have other with the number 0000004 what that is mean???

    ReplyDelete
  19. This comment has been removed by the author.

    ReplyDelete
  20. it means that it is probably protected in other way, not via KNOW_HOW_PROTECT, do I have right?

    ReplyDelete
  21. perhapse by
    https://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&objId=45632073&objAction=csOpen&nodeid0=10805384&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW
    but I'm not really sure

    ReplyDelete
  22. Thank's about this very useful information..

    but when I try to my project, that dbf_edit application didn't show anything. What do you think Abhishek Kumar??
    and in another project I can't find subfolder 00000001..there are only 00000002 and 00000008. What it's mean??it's the same??

    Thank you for your answer..

    ReplyDelete
  23. this is sooooooo good thank you

    ReplyDelete
  24. Thanks a lot Kumar, that works great.

    Just responding to some comments. In your Step 7 project your blocks will reside under a folder called S7_Program(x), with a number x. Your project could have several of these folders with different numbers. The blocks in that folder are stored on your hard drive under folder 0000000x, with the same number x. You need to use the subblk.dbf file from the correct folder, which can be different from 00000001. Hope this helps.

    ReplyDelete
  25. Hi all

    Has anyone here successfully done this in TIA PORTAL V11/V12 especially for the example programs on the siemens automation website ?

    ReplyDelete
  26. Hi, someone can help to unprotect blocks of TIA PORTAL V12?? thx!!

    ReplyDelete
  27. Hello,
    This method doesn't work all the time.
    To be sure it works, create a new project with the only blocks you need to unlock.

    ReplyDelete
  28. Is there a 64 bit version?

    Thanks.

    ReplyDelete
  29. Checked working, great , thank you....

    ReplyDelete
  30. Hi
    I just did eveything you suggested and nowin S7 Manager, all the blocks in my project are actually free.
    But when ompen them, they are empty... Blank pages...
    Any idea? Tks

    ReplyDelete
  31. It does not work with SFC. Does anyone know know to unprotect SFC?

    ReplyDelete
  32. Amazing! Works great.
    Thanks a lot!
    Just for information: You can use any other .dbf editor. I used GTK DBF Editor (you can google it) and it works also.

    ReplyDelete
    Replies
    1. Well a decade ago, I found only DBFEDIT as free tool. But now there are other options available.

      Delete
  33. Hi
    i work with TIA portal v12 so the path that you had put in STEP 3 can not be found so i can not find that file (it doesn't exist at all, the folder is not the same because the software TIA portal is differente than SIMATIC STEP 7)
    thanks

    ReplyDelete
    Replies
    1. Probably the upgraded version of this application might be having different directory structure. So might need to dive in to find out the new path. Please share it here, if you find that.

      Delete
  34. Best practical oriented automation training course with hands on training for every participant with dedicated many PLC systems and PC.Well prepared course material and PLC software and study material will be provided during the course. Call @9953489987.

    ReplyDelete
  35. Hi my device is unlocked by your post. Thanks for sharing your post.
    Plc Password Unlock Software

    ReplyDelete
  36. great sharing...thanks in advance

    ReplyDelete
  37. This comment has been removed by a blog administrator.

    ReplyDelete
  38. Respect and I have a super offer: Full House Reno house renovation training

    ReplyDelete

Post a Comment

Popular posts from this blog

JS: The complete code example of Crypto.js (DES)

For one of the project I was trying to use crypto.js but I found that the Quick-start Guide have some deficiency in terms of library usage. So I am writing it here as a useful note for memory recap. <script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/tripledes.js"></script> <script> var encrypted = CryptoJS.DES.encrypt("The secret message", "secret_key"); var e_msg = encrypted.toString(); console.log(e_msg); var decrypted = CryptoJS.DES.decrypt(e_msg, "secret_key"); var d_msg = decrypted.toString(CryptoJS.enc.Utf8); console.log(d_msg); </script>

How to convert JIRA story into sub-task or defect?

Many times we entangled in the situation where we have made a  story  in JIRA but later on realised that it should have to be  defect  or in other case,  sub-task  of another  story . Story → Sub-task So the workaround for converting the story into defect is given below: Open your  story Click on  more  option Click on the  Convert to sub-task  option in the dropdown You would be asked to choose  Parent  story, so chose relevant story After submit, your  story  gets converted into  sub-task Story → Defect Now if you want the story to be converted into defect, then you should first convert it into sub-task. Thereafter, you can convert that sub-task into defect as given below: Open the  sub-task Click on  more  option Click on the  Convert to issue  option in the dropdown You would be asked to fill up relevant fields required for raising a  defect , fill them up as required After submit, your  sub-task  gets converted into  defect .