Decompiler help please

Do you have a question? Post it now! No Registration Necessary

Translate This Thread From English to

Threaded View
   I'm pretty bsure this is a real long shot. I have looked online but
have not yet found something that will help. So I ask here.
   The EPROM reader/programmer arrived yesterday and it works fine.
The UV EPROM eraser should be here in a day or two. Amazon apologized
for the delay. So I can copy the EPROMs just fine but I would really
like the ladder programs so that I can make some changes to the
machine.  
   I understand that the decompiled ladder will noit have mnemonics
but maybe I can decipher it anyway.
   The control in question is a FANUC 3T.
Thanks,
Eric

Re: Decompiler help please
On 22/11/19 12:35 pm, snipped-for-privacy@whidbey.com wrote:
Quoted text here. Click to load it

How in heck do yu expect help with a decompiler when you haven't told  
anyone what type of CPU it is?

Re: Decompiler help please
On 11/21/19 6:09 PM, Clifford Heath wrote:
Quoted text here. Click to load it

Quoted text here. Click to load it

Quoted text here. Click to load it

Quoted text here. Click to load it

Quoted text here. Click to load it
It's even harder...ladder logic isn't a "cpu machine language" as such,  
it's an interpreter running in some native cpu machine language...so  
there would be a whole other layer of translation involved in order to  
produce anything a human might be able to comprehend. Unless your  
computer is made from relays...but why bother.

Re: Decompiler help please
On 11/21/19 8:09 PM, Clifford Heath wrote:
Quoted text here. Click to load it

Quoted text here. Click to load it

Quoted text here. Click to load it

Quoted text here. Click to load it

Quoted text here. Click to load it

Please try to pay attention.
"The control in question is a FANUC 3T."



--  
"I am a river to my people."
Jeff-1.0
We've slightly trimmed the long signature. Click to see the full one.
Re: Decompiler help please
On 22/11/19 1:33 pm, Fox's Mercantile wrote:
Quoted text here. Click to load it

Quoted text here. Click to load it

Quoted text here. Click to load it

Quoted text here. Click to load it

Quoted text here. Click to load it

That's the packaged controller.
It contains a CPU.
The CPU interprets some ladder codes.

It's highly unlikely that the information required to decode the EPROM  
has ever been published. This sort of thing is usually trade secret.

If the CPU is known, and the interpreter ROM is read, there's some  
possibility of using a decompiler.

Re: Decompiler help please
On Thursday, November 21, 2019 at 8:23:03 PM UTC-8, Clifford Heath wrote:
Quoted text here. Click to load it


have mnemonics
Quoted text here. Click to load it


Quoted text here. Click to load it
  
Quoted text here. Click to load it


A manual found online says the 3T master board uses an 8086, so it'll decom
pile
as an 8088 would (different bus, but same opcodes).


Re: Decompiler help please
wrote:

Quoted text here. Click to load it

Quoted text here. Click to load it

Quoted text here. Click to load it
Thanks You. Now maybe I can find something to work. This stuff is way
out of my experience but with some guidance I'm hoping to be able to
decipher the ladder.
Eric

Re: Decompiler help please
On 11/22/2019 9:07 AM, snipped-for-privacy@whidbey.com wrote:
Quoted text here. Click to load it

Quoted text here. Click to load it

Quoted text here. Click to load it
Just be aware that sometimes trash is included in EPROMS to stop what  
you are trying to do!

Paul

Re: Decompiler help please
On Sunday, November 24, 2019 at 5:33:08 PM UTC-8, Paul Drahn wrote:

Quoted text here. Click to load it

oit have mnemonics
Quoted text here. Click to load it



Three things to look out for:  
the ordering of the data bits can be scrambled; probably you can trace thos
e to the CPU pins
the ordering of the address bits can be scrambled, and some may be
 hard to trace to the CPU pins
the data and/or the address might go through inverting transceivers, which  
changes  
 the bit-is-a-one /bit-is-a-zero identity.

Re: Decompiler help please
On Thursday, November 21, 2019 at 9:33:26 PM UTC-5, Fox's Mercantile wrote:
Quoted text here. Click to load it

ooked online but
Quoted text here. Click to load it

t works fine.
Quoted text here. Click to load it

ave mnemonics
Quoted text here. Click to load it

Quoted text here. Click to load it
  
Quoted text here. Click to load it

In this case, the 'river to the ppl' took a wrong turn.
with all due respect, FANUC 3T tells you almost nothing wrt what the OP is  
trying to do. One needs to open the box and find out what CPU is on the mai
n board e.g. intel iX, ARM X, Atmel, etc. etc.
Knowing the CPU defines the ISA of the machine, and one can begin to figure
 out how to set up a logic analyzer to look at the machine instructions and
 execution. Configuring a small, simple ladder logic example or 5 and obser
ving the instruction and address trace will provide some insight into what  
is being R/W to  memory, EPROMS, etc. which can then be used to identify an
d decode the ladder login mnemonics used by the mfg.  
From what I know, the approach taken to codify and execute ladder logic mne
monics is unique to the mfg.  There are some general schemes/patterns used  
to execute the ladder program but again, every mfg has their own way of doi
ng things.
If you really need to do things at this level, it is a LOT of work and a fa
ir amount of guessing.
There have been a number of academic papers looking at various issues wrt L
adder Logic in general and in some cases, manufacturer specific details are
 sometimes contained in the paper.  Perhaps googling may help you.
A JTAG connection and associated diagnostic software may be helpful as well
.
Good luck
J



Re: Decompiler help please
On Wednesday, December 4, 2019 at 1:13:59 PM UTC-5, three_jeeps wrote:
Quoted text here. Click to load it
e:
Quoted text here. Click to load it

 looked online but
Quoted text here. Click to load it

 it works fine.
Quoted text here. Click to load it
d

 have mnemonics
Quoted text here. Click to load it

Quoted text here. Click to load it
  
Quoted text here. Click to load it
s trying to do. One needs to open the box and find out what CPU is on the m
ain board e.g. intel iX, ARM X, Atmel, etc. etc.
Quoted text here. Click to load it
re out how to set up a logic analyzer to look at the machine instructions a
nd execution. Configuring a small, simple ladder logic example or 5 and obs
erving the instruction and address trace will provide some insight into wha
t is being R/W to  memory, EPROMS, etc. which can then be used to identify  
and decode the ladder login mnemonics used by the mfg.  
Quoted text here. Click to load it
nemonics is unique to the mfg.  There are some general schemes/patterns use
d to execute the ladder program but again, every mfg has their own way of d
oing things.
Quoted text here. Click to load it
fair amount of guessing.
Quoted text here. Click to load it
 Ladder Logic in general and in some cases, manufacturer specific details a
re sometimes contained in the paper.  Perhaps googling may help you.
Quoted text here. Click to load it
ll.

I just saw the reference to the 8086 processor.  the good news is that ther
e is lots of knowledge about this processor, including how to use a logic a
nalyizer with it.   I believe that looking at a static ROM dump of contents
 may not provide you with the insight for what you want to do.  Looking at  
execution of the system would be more beneficial.  But again, a LOT of work
J

Re: Decompiler help please
On Fri, 22 Nov 2019 13:09:58 +1100, Clifford Heath

Quoted text here. Click to load it
Well, that's why I'm asking for help. I know hardly anything about
this stuff.
Eric

Re: Decompiler help please
:
Quoted text here. Click to load it

I'm sure you know this but I've been bitten once and it may be worth mentio
ning.

I understand you're trying to back up your EPROM holding your program.  We  
had a similar problem in a manufacturing plant, probably with an Allen Brad
ley PLC or similar.  (it's been a while)  The program went bad, we got the  
backup EPROM, and uploaded the saved program.

Except we didn't.  The wording of upload and download was ambiguous and we  
accidentally saved the bad program from the machine onto the EPROM.  We had
 one extra EPROM in the safe, got that out and ???
? did exactly the same thing.  

Everything was ladder logic and I came to hate those hardcopy printouts, bu
t with enough time and patience we could type it back in.  Ladder logic was
 theoretically understandable to the electricians but it violates every sin
gle concept in programming.  Every line can refer to any other line - no mo
dular programming, no single entry single exit, etc.    

Site Timeline