Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

Introduction to PLC

Introduction to PLC

By CapnDelete avatarCapnDelete | 36499 Reads |
2     0

In this article, I’ll be covering what a PLC is and some of the basic principles. Future articles will include in depth coverage of protocols used, communications, and software development.

A PLC (Programmable Logic Controller) and the big daddy DCS (Distributed Control System) are specialized computers that are designed to control and/or monitor industrial processes. It differs from embedded systems in that the PLC and DCS is flexible enough to control just about any process instead of a singular system. For example, more than likely your water pressure is controlled by a PLC. Another example is an automated systems that controls the temperature and lighting in large buildings is most likely done by a PLC. The robotic arms, motors, switches, etc. in a manufacturing plant are almost always controlled by a PLC.

Since I’m lazy and the DCS and PLC operate on the same basic principle, I’ll just refer to the PLC. Just know that the DCS is designed for much larger systems than the PLC. There’s been some derivatives of a PLC called a PAC (Programmable Automation Controller) that is essentially a bastardized child of a PLC and a PC. These haven’t really been adopted by very many companies and most of of them are really just a PLC with a marketing name. Again, they operate on the same basic principles.

Some of the big manufacturers of PLC’s are Rockwell Automation (Allen Bradley) and Schneider Electric (Modicon). The IDE software packages for them are pretty pricey, but there’s a free IDE for the Allen Bradley Micro 800 series as well as quite a few simulators available on-line. Simulators are bad ass for the journey into understanding how a PLC operates.

Network connectivity differs from general PC standards. Generally speaking, there is no encryption or real security built in. It’s more of a security by obscurity type situation. The networks are usually in a closed network. Devices communicate to each other and a host using specialized protocols designed for process and control. There are some configurations that allow communication through the WWW, but these are few and far between because of the security risk involved. The exposure to the outside world is generally done via VPN. If you have direct access to the network, you can not only completely reprogram the PLC, but you can also falsify information to the host preventing people from even know it’s happening. That is what makes this exceptionally dangerous, though a well designed system has redundant safety controls externalized from the PLC.

What you’ll generally hear as the host is a server(s) that is configured to provide an HMI (Human Machine Interface) to the various PLC’s. It is essentially the gateway for operators to monitor, control, and trend the processes. You’ll commonly hear the whole system as SCADA (Supervisory Control And Data Acquisition). Some manufacturers provide their own Host or there are 3rd party solutions such as WonderWare and Ignition. Public information is available on almost all of the protocols and how they’re designed. This information is given out freely so that companies can develop drivers for their host systems. I can provide more information on these if the desire is there.

Having a basic understanding of electronics helps dramatically when working with a PLC. The end devices usually communicate with the PLC using basic electrical signals. An end device are the devices used by the PLC to bring in data such as on/off state (boolean - called Discrete) and temperature (Floating Point - called Analog). There’s also digital communications and a variation of the Discrete. I will get into more detail of these signals in another article.

The OS used is generally a proprietary RTOS (Real Time Operating System) designed specifically for process control. Whereas there are some PLC manufacturers that use a heavily modified Linux OS, these are few and far between. When you think PLC, think basic processing designed for speed, efficiency, and predictability.

In a lot of ways it’s similar to PC development. You’re basically taking values in, processing, and pushing values out just like any other program. The difference being these values can improve or destroy a process that is happening outside of the digital world.

Titsup's avatar
Titsup 8 years ago

Nice to see some new articles at last, hope to read more on the subject soon.

CapnDelete's avatar
CapnDelete 8 years ago

I'll be posting an entire series on it. There's a lot to it. If there's any questions let me know