responding to http://www.electrondepot.com/embedded/siemens-sab-80c537-reverse-engineering-43397-.htm , gldiana wrote:> jandothomuthat wrote: > > > I think I see a chip with a glass window beside the 80C537. Now my > question is how hard is it to get the code out? > Would a $45 universal prommer do the job? > > > Any Eprom Programmer will do. > > Infineon even has a disassembler somwhere in their download section for > the > 8 bit controllers. > User Manuals for the 537 are available as well. > > see www.8052.com for more info/goodies > > > grtnx > /jan > > schrieb im Newsbeitrag > news:1137638896.863121.87770@z14g2000cwz.googlegroups.com... > > Is there someone or company that can handle reverse engineering of > a > > LOCKED 80C537 in a reasonable amount of time? > > > > >Dear all, I have a wind-turbine that is equipped with a Siemens 80c537 CPU based PLC, named Sentic convoy 537. Seems that today nobody is able to interact with this PLC. I have recognized the eprom (AMD 27c512). I need to modify a functional parameter (the rotor rpm set): can anyone suggest how to do that? I have an eprom programmer and I can read the eprom content. But I need further help to do my job.... Please, can anyone help me? Thank you!!
Re: Siemens SAB 80C537 Reverse Engineering
Started by ●June 8, 2016
Reply by ●June 8, 20162016-06-08
On 6/8/2016 11:37 AM, gldiana wrote:> Dear all, I have a wind-turbine that is equipped with a Siemens 80c537 CPU > based PLC, named Sentic convoy 537. Seems that today nobody is able to > interact with this PLC.The wind turbine is named "Sentic Convoy 537"? Or, does the PLC that controls it bear that name? If the former, what is the name/model of the actual Siemens PLC incorporated into the device? Why can't you find documentation regarding that PLC's "interface" (since you claim noone can "interact" with it)> I have recognized the eprom (AMD 27c512). I need to modify a functional > parameter (the rotor rpm set): can anyone suggest how to do that?Yeah; look at the interface description for the device and see if there's a "rotor rpm setpoint" parameter listed. If not, are you sure bad things won't happen if you alter this parameter?> I have an eprom programmer and I can read the eprom content. But I need > further help to do my job.... > > Please, can anyone help me?Contact the vendor. Contact Siemens (for PLC documentation). Dump the EPROM and reverse engineer its contents.
Reply by ●June 8, 20162016-06-08
gldiana wrote:> responding to > http://www.electrondepot.com/embedded/siemens-sab-80c537-reverse-engineering-43397-.htm > > , gldiana wrote: >> jandothomuthat wrote: >> >> > I think I see a chip with a glass window beside the 80C537. Now my >> question is how hard is it to get the code out? >> Would a $45 universal prommer do the job? >> >> >> Any Eprom Programmer will do. >> >> Infineon even has a disassembler somwhere in their download section for >> the 8 bit controllers. >> User Manuals for the 537 are available as well. >> >> see www.8052.com for more info/goodies >> >> >> grtnx >> /jan >> >> schrieb im Newsbeitrag >> news:1137638896.863121.87770@z14g2000cwz.googlegroups.com... >> > Is there someone or company that can handle reverse engineering of >> a >> > LOCKED 80C537 in a reasonable amount of time? >> > >> >> > Dear all, I have a wind-turbine that is equipped with a Siemens 80c537 CPU > based PLC, named Sentic convoy 537. Seems that today nobody is able to > interact with this PLC.I am Jack's complete lack of surprise.> I have recognized the eprom (AMD 27c512). I need to modify a functional > parameter (the rotor rpm set): can anyone suggest how to do that? > > I have an eprom programmer and I can read the eprom content. But I need > further help to do my job.... > > Please, can anyone help me? > > Thank you!! > >http://www.eetools.com/?gclid=Cj0KEQjwhN-6BRCJsePgxru9iIwBEiQAI8rq8wPBsAre3mxn7-6ZGHoLYsHHtmWKApYRuKiAWeh9_UcaAjxt8P8HAQ and a UV EPROM eraser. -- Les Cargill
