arnaudsoullie
commented
4 years ago Hi,
Thanks for the tip! There has been a lot of work on the UMAS protocol, I'll try to modify the MSF module to add this feature. I can also test it on TM221 and TM241.
Open ValerieHu1995 opened 4 years ago
arnaudsoullie
commented
4 years ago Hi,
Thanks for the tip! There has been a lot of work on the UMAS protocol, I'll try to modify the MSF module to add this feature. I can also test it on TM221 and TM241.
hello, i found your work on youtube, in your video you mentioned that the restart plc dose not work, i think it has something to do with the session id, maybe you already noticed the byte after \x5a represent the session id and it dose not have to be just \x00 or \x01, it can actually go up to \xdf maybe even higher i haven't tested yet.
after sending \x5a\x00\x10\xff\xff\x00\x00, the plc will reply with a packet with session id, it goes like \x5a\x00\xfe\x01a ok byte and a session id byte. This dose not require any packet sent before this. Then with the given session id I was able to stop and restart the plc with \x5a\x01\x41\xff\x00 and \x5a\x01\x40\xff\x00.
I only tested on Modicon M340, hope this is helpful.