Super encryption means that you don't use software to encrypt Mitsubishi plc, but write values ​​to illegal registers. You can't read the program.
This is my countless experiment in the Mitsubishi FX1S PLC. Encryption can be successful. This has detailed process explanation and simple protocol analysis. Knowing this encryption process, reverse decryption is not impossible. Everyone expresses their opinions and opinions. Do not laugh at the master, I hope that the master is wrong, Mitsubishi FX1N 2N agreement is different, as long as I understand you to give you such a detailed decryption process, it is ok, this requires everyone to learn and discuss. 3U 3G also needs everyone to analyze and drums, don't use that kind of clothing to reach out, rice to open mouth, this kind of person you read this post, it is also a white look, to repeatedly study and ponder. Don't throw bricks and rotten eggs, you need to give flowers support.
The encryption process is as follows, said so much nonsense, on the subject:
Open the serial port for the first time
[00000000] IOCTL_SERIAL_SET_BAUD_RATE Baud Rate: 9600 (Set baud rate here)
[00000000] IOCTL_SERIAL_SET_LINE_CONTROL StopBits: 1, Parity: Even, DataBits: 7 (communication format)
[00000001] IRP_MJ_WRITE Length: 0001, Data: 02 ( "STX" communication starter 02H)
[00000001] IRP_MJ_WRITE Length: 0005, Data: 37 32 35 30 46 (here CMD's set instruction 37H, 32 35 30 46 and the address to be set '250F' operation bit component)
[00000001] IRP_MJ_WRITE Length: 0001, Data: 03 (here is the end, and the meaning code '03H' ends here)
[00000001] IRP_MJ_WRITE Length: 0002, Data: 31 37 (checksum, the sum of 03H from 37H to here, if there is an overflow, take the last two)
[00000008] IRP_MJ_WRITE Length: 0001, Data: 02 ( "STX" communication starter 02H)
[00000008] IRP_MJ_WRITE Length: 0005, Data: 37 32 35 30 46 (here CMD setting instruction 37H, 32 35 30 46 and the address to be set '250F'
[00000008] IRP_MJ_WRITE Length: 0001, Data: 03 (here is the end, and the meaning code '03H' that ends here)
[00000008] IRP_MJ_WRITE Length: 0002, Data: 31 37 (checksum, the sum of 03H from 37H to here, if there is an overflow, take the last two)
[00000015] IRP_MJ_WRITE Length: 0001, Data: 02 ( "STX" communication starter 02H)
[00000015] IRP_MJ_WRITE Length: 0011, Data: 31 38 30 30 30 30 32 30 30 30 30 (CMD function code 31H here is the write data, 38 30 30 30 is the first address of the write data '8000'30 32 is the number of operands written. Here is 2 digits. That is a double word. 30 30 30 30 is the data of this double word is "0".
[00000015] IRP_MJ_WRITE Length: 0001, Data: 03 (here is the end, and the meaning code '03H' ends here)
[00000016] IRP_MJ_WRITE Length: 0002, Data: 31 45 (checksum, the sum of 03H from 37H to here, if there is an overflow, take the last two digits)
[00000022] IRP_MJ_WRITE Length: 0001, Data: 02 ( "STX" communication starter 02H)
[00000022] IRP_MJ_WRITE Length: 0011, Data: 31 38 30 30 30 30 32 30 30 30 30 (CMD function code 31H here is the write data, 38 30 30 30 is the first address of the write data '8000'30 32 is the number of operands written. Here is 2 digits. That is a double word. 30 30 30 30 is the data of this double word is "0".
[00000023] IRP_MJ_WRITE Length: 0001, Data: 03 (here is the end, and the meaning code '03H' ends here)
[00000023] IRP_MJ_WRITE Length: 0002, Data: 31 45 (checksum, the sum of 03H from 37H to here, if there is an overflow, take the last two digits)
[00000030] IRP_MJ_CLOSE Port Closed Turn off the serial port and open the serial port for the second time.
[00000000] IOCTL_SERIAL_SET_BAUD_RATE Baud Rate: 9600
[00000000] IOCTL_SERIAL_SET_LINE_CONTROL StopBits: 1, Parity: Even, DataBits: 7
[00000000] IRP_MJ_WRITE Length: 0001, Data: 02 ( "STX" communication starter 02H)
[00000000] IRP_MJ_WRITE Length: 0005, Data: 38 32 35 30 46 (here CMD reset instruction 38H, 32 35 30 46 and the address to be reset '250F' operation bit component, here just set the 205F Address reset)
[00000001] IRP_MJ_WRITE Length: 0001, Data: 03 (here is the end, and the meaning code '03H' ends here)
[00000001] IRP_MJ_WRITE Length: 0002, Data: 31 38 (checksum, the sum of 03H from 37H to here, if there is an overflow, take the last two)
[00000007] IRP_MJ_WRITE Length: 0001, Data: 02 ( "STX" communication starter 02H)
[00000007] IRP_MJ_WRITE Length: 0005, Data: 38 32 35 30 46 (here CMD reset instruction 38H, 32 35 30 46 and the address to be reset '250F' operation bit component, here put the 250F just set Address reset)
[00000008] IRP_MJ_WRITE Length: 0001, Data: 03 (here is the end, and the meaning code '03H' that ends here)
[00000008] IRP_MJ_WRITE Length: 0002, Data: 31 38 (checksum, the sum of 03H from 37H to here, if there is an overflow, take the last two)
[00000010] IRP_MJ_CLOSE Port Closed
24V Dc Adapter,Adaptor Ac Dc 24V,24V Ac Dc Power Adapter,Adaptor Output 24V
ShenZhen Yinghuiyuan Electronics Co.,Ltd , https://www.yhypoweradapter.com