N
We have an old 1990's PanelMate ePro running locked down code that controls an SLC-500. It does lots of things all in fast sequence and of course 20 years later nothing is documented, everyone that knows about the system is retired, bankrupt, and/or dead. So I am left with reverse engineering it.
I sniffed out all the TCP packets between the PC and the controller for 1 of the many sequences to see if I can decode it. Problem is TCP can be anything and I am not sure where to even start. One of the manuals online for the SLC500 showed a TCP interface that did things like "O:<slot>.<word>/<bit>". I do see one instance of 0x4F in most of the streams which is an ASCII "O" but I am not sure if that is what it means.
Just wondering if anyone has any clue how to decode streams like this:
<pre>
0000 00 30 64 03 0c 8b 00 00 bc 1e 7f 53 08 00 45 00 .0d........S..E.
0010 00 50 b2 55 00 00 40 06 ae d8 0a 00 02 bd 0a 00 .P.U..@.........
0020 02 be 08 ae 04 25 87 e5 a2 20 00 1b 00 58 50 18 .....%... ...XP.
0030 0b 68 a7 4c 00 00 02 07 00 0c 00 00 01 01 00 00 .h.L............
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 05 00 00 4f 00 d4 72 00 80 85 1d ......O..r....
</pre>
Note that that is the full TCP stream with IP headers and everything. The data itself starts on line 0030, 7th byte in (0x01, followed by 0x07) and is 42 bytes long and goes to the end of the stream. You can see near the end, 7th to last byte, there is a 0x4F which is an "O" if it is ASCII, or it could be something completely different. That's why I am here!
I sniffed out all the TCP packets between the PC and the controller for 1 of the many sequences to see if I can decode it. Problem is TCP can be anything and I am not sure where to even start. One of the manuals online for the SLC500 showed a TCP interface that did things like "O:<slot>.<word>/<bit>". I do see one instance of 0x4F in most of the streams which is an ASCII "O" but I am not sure if that is what it means.
Just wondering if anyone has any clue how to decode streams like this:
<pre>
0000 00 30 64 03 0c 8b 00 00 bc 1e 7f 53 08 00 45 00 .0d........S..E.
0010 00 50 b2 55 00 00 40 06 ae d8 0a 00 02 bd 0a 00 .P.U..@.........
0020 02 be 08 ae 04 25 87 e5 a2 20 00 1b 00 58 50 18 .....%... ...XP.
0030 0b 68 a7 4c 00 00 02 07 00 0c 00 00 01 01 00 00 .h.L............
0040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0050 00 00 00 05 00 00 4f 00 d4 72 00 80 85 1d ......O..r....
</pre>
Note that that is the full TCP stream with IP headers and everything. The data itself starts on line 0030, 7th byte in (0x01, followed by 0x07) and is 42 bytes long and goes to the end of the stream. You can see near the end, 7th to last byte, there is a 0x4F which is an "O" if it is ASCII, or it could be something completely different. That's why I am here!