Blog

Source Code Protection For Your SIMATIC S7-1200 PLC in TIA Portal

Source Code Protection For Your SIMATIC S7-1200 PLC in TIA Portal

From time to time, we'll run across situations where a client believes it is necessary to lock down code on a PLC. In some cases, there may be valuable intellectual property they would like to protect. In others, its purpose may be to prevent unauthorized modifications to safety-related code, or activation of disabled options. There may also be cases where it is necessary to interlock a PLC program to a specific memory card or CPU, especially in cases where there may be multiple, similar (but slightly different) machines. These machines may run unique software and by using the wrong code (or release) could cause risk to an operator or the machine itself.

Luckily, there are tools available within TIA Portal for all of these cases, and it doesn't take more than a few minutes to set them up. As I have a 1214C PLC sitting here on my lab bench, I'm going to use the S7-1200 platform as an example; however, these options could be enabled on other PLCs (such as the 1500 series) as well.

TIA Portal contains three different options for code protection:

  • Write/Read Protection
  • Know-how Protection
  • Copy Protection

Let's take a look at each of these.

Write/Read Protection

Write/Read Protection is a CPU property: it can be assigned by viewing the properties of a device. This is done by opening a device in Device View, choosing the "Properties" tab, and looking for "Protection" under the "General" tab. There are three options for Write/Read Protection you can choose from:

"No Protection" - This option is the standard and default behavior. With this setting, any user may connect to the PLC, read/write data, or upload/download a program to/from the PLC without any need for a password. 

"Write Protection" - Selecting this option will prevent an unauthorized user from writing to the PLC. A user may connect to the PLC and upload a program or connect and go online with the PLC and monitor tag values with no need for a password. However, if a user wishes to download an update to the code on the PLC, download a new program, or edit/force tag value while online, a password will be required.

Siemens Block Protection Download with Write Protection.

With Write Protection enabled, a password is required to download to the PLC.

AB Source Protection: modify tags Online with Source Protect.
With "Write Protection" enabled, it is necessary to first enter the password before tag values may be forced or modified.

 

"Write/Read Protection" - This setting, when enabled, will offer the same security that is provided while using "Write Protection" with the additional benefit of disabling read access without the password. Read protection will prevent a user from uploading code, monitoring tags, or even seeing which blocks are present on a CPU.

Upload Source Protection code with Read Protection.
With "Write/Read Protection" enabled, it is not possible to upload a program from a PLC without the password.

Know-how Protection

Know-how protection is a block-level property that can be set for any OB, FB, FC, or DB. When enabled, a user will be unable to view or modify the actual code or tags within a block without first entering the password. You can enable Know-how Protection either by right clicking on a block in the project tree and selecting "Know-how Protection," or by looking at the block's properties and selecting "Protection."

AB Source Protection, Know-how Protection tree."Know-how Protection" can be accessed under the block's properties. Choose 'Define' to assign a password for the block.

It should be noted that this property is not recursively applied - that is, if an OB is Know-how Protected, any FBs of FCs used within that OB will not automatically have the same protection applied. Applying it to one block will not prevent someone from viewing the source code of another block used within it. But, it is possible to select multiple (or all!) blocks within the project tree and apply Know-how Protection to all of the blocks at once.

Block protection, apply 'Know-How' for several blocks.
"Know-how Protection" can be enabled for multiple blocks at once.

Once Know-how Protection has been applied to a block, you will notice that the block is immediately recompliled, and a lock ison will appear within the project tree to indicate the block is locked. When you attempt to open any locked block, you will now be prompted for a password in order to see the block's source.

It's important to mention that Know-how protection is not bullet-proof: there are ways to get around it, so it shouldn't be the first and last defense for protecting valuable information. It can, however, be useful for discouraging unauthorized changes or managing libraries of function blocks for use within a large project or even within an organization.

Copy Protection

Finally, we get to Copy Protection. Like Know-how Protection, Copy Protection is also a block property. If you've played with Know-how Protection, you've probably already seen the Copy Protection settings under the block's protection properties. Copy Protection is a useful setting that can be used to lock, or bind, a program to a specific PLC or memory card. There are three available Copy Protection settings:

"No Binding" - This is the default setting. With no binding enabled, a program may be transferred to any PLC or any memory card and run. If a program is downloaded to one CPU, it could be uploaded to a PC and then downloaded to another PLC and run. Or if copied to a memory card, the card may be inserted to any CPU and the code executed.

"Bind to Serial Number of the Memory Card" - When this option is enabled, the block will be bound to the unique serial number of the Memory Card to which it is downloaded. That Memory Card may be moved from PLC to PLC and each CPU will operate with no issues, but if the Memory Card is copied and the new card is used, the CPU will not enter Run. Even if only a single block is bound, the CPU cannot run a program.

"Bind to Serial Number of the PLC" - This setting will allow a block to be bound to a specific PLC. The block may not be transferred from one PLC to another, meaning if the CPU needs to be replaced, the same program may not be used.

 

Block protection to bind serial numbers.
Blocks may be bound to a specific serial number of a CPU or Memory Card.

One final note about binding: it should noted that if you intend to bind a block to a Memory Card or PLC, you must also enable Know-how Protection for the block. If Know-how Protection is not enabled, it is possible for anyone to open up the block settings and reset the copy protection.

Learn more about DMC's PLC programming services and contact us to get started on your next project. 

Comments

somanath
# somanath
In tia portal the block protection i forgot , its possible to open like crack any option is there . its important for me to develop to take time and close the issues .
Diego
# Diego
It's a really good and pithy explanation of how to take advantage of this functions. Thank you guys, it's really useful read your posts.

Post a comment

Name (required)

Email (required)

CAPTCHA image
Enter the code shown above:

Related Blog Posts