Communication time… Once the brute force script is written.
The suggested program has a limitation wherein it will only do a certain number of messages in the demo version.
If suggest a python script to do the brute forcing instead. Aircrack may have some tools for that but I’d suggest rolling your own is faster.
If you’ve got a usb dongle I could probably be convinced to write you a quick and dirty brute forcing script once you figure out the precise flavour of modbus it speaks and the connection parameters.
Pippo responded that many people ask this, but they did not set the password, so they cannot help.
which might amount to “no, we won’t help you around an OEM’s password” or may really mean that they designed this thing to brick on forgotten password.
as the VFD we found on site is not a good match, I need to consider my options again.
Try telling Jenny you want to order a few more of these units as you love the way they operated before your clumsy technician scraped the password tag off the face of it… maybe she’ll be more helpful if there’s future business dependent on solving it
Long shot
It really is worth it paying for the better brands… Schneider has sat on the phone with me for hours at a time helping program all sorts of automation
Untested but seems like it should do the trick. You’d need to adjust the COM1, baudrate, and VFD_address to suit your system.
Requires a USB dongle, a current python installation, and the pymodbus library installed via pip install pymodbus command once python is installed and working.
from pymodbus.client.sync import ModbusSerialClient as ModbusClient
from pymodbus.constants import Endian
from pymodbus.payload import BinaryPayloadDecoder
client = ModbusClient(method='rtu', port='COM1', baudrate=9600, timeout=1)
client.connect()
vfd_address = 1
reg_address = 7936 #0x1F00 == 7936 # The address of the register you want to write to
#iterates through all values from 0 to 65535 - range() doesn't use the final value
for i in range(0,65536):
value = i # The value you want to write to the register
result = client.write_register(reg_address, value, vfd_address)
if not result.isError():
print("Write successful")
decoder = BinaryPayloadDecoder.fromRegisters(result.registers, byteorder=Endian.Big)
decoded = decoder.decode_32bit_uint()
print(decoded)
if decoded == 34952: #0x8888 == 34952
print("Password is:", decoded)
break
else:
print("Error:", result)
No problem. These dongles get a pretty heavy workout in our facility… most things that are even semi-smart speak modbus/RS485, so it’s generally the fastest way to make them dance from a distance.
Add in some wifi to RS485 adapters and you can run a LOT of things from your laptop.