Pages

Tuesday, October 28, 2008

Unlock protected blocks in Siemens SIMATIC Step 7

Recently I'd been called by Hindalco's Fabrication Plant division to unlock the protected blocks in Siemens SIMATIC Step 7. They were in need to unlock those blocks since an year because of 1 million Rupees of loss per month. They want to re-program those blocks but it was locked by the man who'd done the setup. From the people working in that department, I came to know that they were trying to call that man (someone from Italy) right here but he's not coming. Actually, what he'd done was that he'd locked some of the blocks and deleted the source file. And Siemens didn't provide any feature to unlock. Department people also told me that even the people working in Siemens don't know how to do it. Being a software engineer I know that any thing can be reverse engineered. So I took up the challenge.

How did I unlocked the blocks?

The first thing I'd done was searched about this software at Google and read about what is this software all about. After that I'd explored the software. A person (might be S7 programmer) told me about 'Generate source' and shown me a sample by doing it. Further on he'd shown me how do they lock a block via KNOW_HOW_PROTECT. It was amazing, they just write this line (KNOW_HOW_PROTECT) inside a program after begin statement and compile the code. The compiled code is known as blocks. The blocks are now protected which means the code inside the block can't be seen by other. Then delete the source and your blocks are now protected.

Now my objective was to unlock those blocks. So I'd followed the steps given below to unlock those blocks,

Step 1: Download *.dbf file editor. The free DOS based dbf editor is the one I'd used. You can download it from, http://www.ks-soft.net/download/other/dbf_edit.zip

Step 2: Extract dbf_edit.exe from the zipped file. Put it somewhere to easily access it. I'd put it inside a folder named dbfedit in C: drive. So path to run the editor is C:\DBFEDIT>dbfedit.exe

Step 3: To unlock the blocks, copy a file named SUBBLK.DBF from ..\PROJECT\ombstx\offline\00000001\ folder where PROJECT is the directory containing your S7 Project. Paste this file inside C:\DBFEDIT\ folder.

Step 4: Open Command Prompt (DOS window) via clicking on

Start  Run  type 'cmd'  press enter
or
Start  All Programs  Accessories  Command Prompt

Step 5: Follow these commands,

C:\>cd dbfedit
C:\DBFEDIT>dbfedit.exe subblk.dbf


A DOS based application will open. Search for the PASSWORD column. And change all 3 into 0 to unlock the blocks. Press Esc/F10 key to save and exit.

C:\DBFEDIT>exit

Step 6: Copy the SUBBLK.DBF file inside C:\DBFEDIT\ folder and paste it at it's original location. Always remember to make the backup of original SUBBLK.DBF.

Step 7: Now open the project in SIMATEC Step 7 software. All the blocks are unlocked.

So my objective is completed successfully.

It took me around 3 hours to complete this for the first time. But after that I can do it within 5 minutes.

Have fun!

49 comments:

  1. nice,This is an unlocking website which i found last week. Please view the website to get more info unlock site

    ReplyDelete
  2. wow great , and this is also give unlock assistance This website provides a complete knowledge base on mobile phone unlocking instructions and guides. It has unlocking instructions for more than 5000 mobile phone models.
    visit my site

    ReplyDelete
  3. THANKS BUDDY!!!!
    YOU ARE AWESOME
    MAIL ME WHEN YOU ARE FREE
    naveen_30mar@yahoo.co.in

    ReplyDelete
  4. thanks abhi, u r outstanding man......

    ReplyDelete
  5. thank you very much

    ReplyDelete
  6. This worked exactly as described and solved our problem.
    Thanks

    ReplyDelete
  7. Thanks
    Great guy

    ReplyDelete
  8. Hi,
    Just tried it out and it didn't work. Tried on Simatic 5.5.
    Is it just file subblk.dbf at folder 000001 that needs to be edited or file subblk.dbf at the other folder too?

    ReplyDelete
  9. Hi! For those using Linux you might want to try this out: https://gist.github.com/3899286

    It is a free perl script that automates the unlocking process

    I guess it should work on windows as well, but installation would be different (I havent tried this)

    ReplyDelete
  10. Thanks for the hint, but it didn't work at all. Please try with SFC46, for example, the passwaord comes already in 0.

    ReplyDelete
  11. WHO EVER YOU ARE YOU MADE MY DAY :) THANKS ALOT YARA THANKS :).. MAY GOD BLESS YOU! :)..

    ReplyDelete
  12. have you got anything to unlock TIA portal Function blocks??

    Thanks

    ReplyDelete
  13. amazing, worked flawlessly, thank you very much!!

    ReplyDelete
  14. you told to change all 3 into 0 but they can't be changed.do help us

    ReplyDelete
  15. Saad Kamil,

    on your keyboard, press the enter key and then remove 3 with del key and change the value to 0 and hit enter again ..

    ReplyDelete
  16. Thank you very much Kumar , it works, but not with SFC and SFB

    you have an idea to unlock this blocks.

    Best regards

    ReplyDelete
  17. Thank you very much Kumar , it works, but not with SFC and SFB

    you have an idea to unlock this blocks.

    Best regards

    ReplyDelete
  18. ola Kumar nao consegui desbloquear tenho fazer a troca do digito 3 para zero ou vice-versa?

    ReplyDelete
  19. i follow the instruction above , but nothing happen DOS do not recognize the program at all, another thing in my proyect i dont have the folder 0000001 to copy a have other with the number 0000004 what that is mean???

    ReplyDelete
  20. This comment has been removed by the author.

    ReplyDelete
  21. it means that it is probably protected in other way, not via KNOW_HOW_PROTECT, do I have right?

    ReplyDelete
  22. perhapse by
    https://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&objId=45632073&objAction=csOpen&nodeid0=10805384&lang=en&siteid=cseus&aktprim=0&extranet=standard&viewreg=WW
    but I'm not really sure

    ReplyDelete
  23. Thank's about this very useful information..

    but when I try to my project, that dbf_edit application didn't show anything. What do you think Abhishek Kumar??
    and in another project I can't find subfolder 00000001..there are only 00000002 and 00000008. What it's mean??it's the same??

    Thank you for your answer..

    ReplyDelete
  24. this is sooooooo good thank you

    ReplyDelete
  25. Thanks a lot Kumar, that works great.

    Just responding to some comments. In your Step 7 project your blocks will reside under a folder called S7_Program(x), with a number x. Your project could have several of these folders with different numbers. The blocks in that folder are stored on your hard drive under folder 0000000x, with the same number x. You need to use the subblk.dbf file from the correct folder, which can be different from 00000001. Hope this helps.

    ReplyDelete
  26. Hi all

    Has anyone here successfully done this in TIA PORTAL V11/V12 especially for the example programs on the siemens automation website ?

    ReplyDelete
  27. Hi, someone can help to unprotect blocks of TIA PORTAL V12?? thx!!

    ReplyDelete
  28. Hello,
    This method doesn't work all the time.
    To be sure it works, create a new project with the only blocks you need to unlock.

    ReplyDelete
  29. Is there a 64 bit version?

    Thanks.

    ReplyDelete
  30. Checked working, great , thank you....

    ReplyDelete
  31. Hi
    I just did eveything you suggested and nowin S7 Manager, all the blocks in my project are actually free.
    But when ompen them, they are empty... Blank pages...
    Any idea? Tks

    ReplyDelete
  32. It does not work with SFC. Does anyone know know to unprotect SFC?

    ReplyDelete
  33. Amazing! Works great.
    Thanks a lot!
    Just for information: You can use any other .dbf editor. I used GTK DBF Editor (you can google it) and it works also.

    ReplyDelete
    Replies
    1. Well a decade ago, I found only DBFEDIT as free tool. But now there are other options available.

      Delete
  34. Hi
    i work with TIA portal v12 so the path that you had put in STEP 3 can not be found so i can not find that file (it doesn't exist at all, the folder is not the same because the software TIA portal is differente than SIMATIC STEP 7)
    thanks

    ReplyDelete
    Replies
    1. Probably the upgraded version of this application might be having different directory structure. So might need to dive in to find out the new path. Please share it here, if you find that.

      Delete
  35. Best practical oriented automation training course with hands on training for every participant with dedicated many PLC systems and PC.Well prepared course material and PLC software and study material will be provided during the course. Call @9953489987.

    ReplyDelete
  36. Hi my device is unlocked by your post. Thanks for sharing your post.
    Plc Password Unlock Software

    ReplyDelete
  37. great sharing...thanks in advance

    ReplyDelete