When the S7-1200 has an IP adress assigned on the local network it can be accessed trought that address. I don’t think people who are able to program the PLC will have difficulties with that.

When the PLC needs to be accessible over a router making it possible to browse to the web interface from everywhere on the internet there are some settings in the router and the PLC that need to be correct.

On the router a NAT row needs to be added to forward port 80 and 443 to the PLC address. Port 80 is for the http pages port 443 is needed to access secure pages over https.

In the PLC it is absolutely required to set the router IP address. When this isn’t set the webserver the  S7-1200 PLC will be accessible over the local network but not over the router.

Don’t forget to change the password of the PLC. Allowing access to the PLc over internet can be usefull but also very dangerous when not secure.

Also it’s not recommended to enable the webserver on a S7-1200 PLC if it’s not necessary. A DOS (Denial Of Service) attack can make the PLC crash!

The S7-1200 series are compact PLC’s from Siemens that can be directly connected to an Ethernet network. Being compact and affordable it perfectly suits for home automation projects.

A big drawback of the original firmware (V1) is the lack of an integrated webserver, certainly the fact that it’s impossible to download a program in run and that all data blocks return to the initial values after a download.

These problems are solved when upgrading the S7-1200 PLC firmware to V2.1.2. To do this update a 24MB Siemens memory card is required. Compared to the PLC this is an expensive little piece that will only be used for updating the firmware of the S7-1200 PLC. Unfortunately there is no way around this. You absolutely need this memory card to update the firmware!

Before updating the firmware be sure you update your installation of TIA portal to the latest version and Service Pack. You can find some updates on the Siemens support website:

http://support.automation.siemens.com/WW/view/en/28919804/

Download the latest Firmware for you PLC (for me it is the 1212C) from the Siemens website:

http://support.automation.siemens.com/WW/view/en/38710101/

After downloading the firmware execute the file to extract the firmware to the empty memory card. A folder “FWUPDATE.S7S” and a file “S7_JOB.S7S” are extracted to the root folder of the memory card.

Now we’re prepared for the actual firmware upgrade of the S7-1200 PLC. The following steps are required to perform this update:

1. Insert the memory card in the PLC. The status goes to stop. And the  maintenance LED blinks.
2. Power cycle the PLC. After this the firmware is copied to the internal memory. The RUN/STOP alternates between green and orange.
3. When the copying process is done the LEDS will look like this: RUN/STOP LED is orange, maintenance LED blinks.
4. Remove the Memory Card from the  PLC and again do a power cycle to load the new firmware.
5. With the upgrade to version 2.0.3 my PLC didn’t go to run by itself, use TIA portal to get the PLC back in RUN mode when necessary. After the upgrade the firmware version 2.1.2 the PLC went to RUN.
6. Enjoy the new features!

This would be the ideal world, of course some problems occurred during the upgrade:

The installation of TIA Portal V11 SP1 failed. This problem could not be solved by reinstalling TIA Portal V11 but only by reinstalling Windows! With a fresh image of Windows the installation of TIA Portal V11, SP1 and Update 2 succeeded.

After updating TIA Portal and the firmware I had some major issues with the PLC. The internal memory got corrupted giving an error “Internal load memory is corrupt (delete in TIA Portal or with program card)” and I got an error saying “Internal system error (error code: 0×800011210000008d) - Please contact SIMATIC customer support.“. A complete factory reset solved these problems (but downgraded the firmware back to V1.0). So upgrading again… Some research told me this problem could be related to the use of PID controllers (I’m using them for the heat control of my home). This problem should not occur when ‘all blocks’ are downloaded after a software change. An other source speaks about having the PID block only in run when the PLC itself is in RUN mode. In all the other cases the PID controlled should be in reset mode.

Before installing Firmware version 2.1.2 I upgraded to version 2.0.3. When I tried to create user webpages this error occurred:

Conslusion: The firmware update of the S7-1200 PLC introduces a lot of new features but also some issues. If you’re happy with your old firmware don’t upgrade. If it ain’t broke, don’t fix it!

Whoever worked with PCS7 knows that compiling a project can take a while. This is because PCS7 compilation is done in the database on the hard disk and not in the computer memory. This means a faster hard disk will decrease the compilation time of the PCS7 project.

A first possibility is the use a solid state disk in the engineering station. Read and write access to these disks is much faster than regular hard disks.

A second and even faster possibility is a RAM disk. A RAM disk is a virtual disk in the RAM memory of the engineering station. A part of the memory is reserved and formatted as a hard drive. When a PCS7 project is stored in the RAM memory it will be compiled in the RAM memory.

From now on you’ll only be able to drink 3 cups of coffee during compilation of your PCS7 project instead of 10!

Once upon a time it didn’t seem necessary to protect automation systems (PLCS’s) against hackers and people with bad intentions. They were connected to isolated networks and there was no link to the outer world. Nowdays engineers want to see how their machines are doing on the other side of the planet meaning that in some way there is a link between the automation system and the internet.

Whenever a computer that is connected to the plant bus and to the internet is infected with a trojan a hacker can gain access to the  plant bus from whereever he wants. Since the security on the plant bus is poor or unexistant the hacker will be able to connect to the PLC’s on the network.

During ‘Black Hat 2011′ Dillon Beresford reveald that he found ways to bypass the S7’s security measures and read and write data into the PLC memory, even when the system has password protection enabled. And on the S7-300 Beresford even found a command shell left in the firmware by Siemens engineers, that he can connect to and use to run commands on the system.

It’s a Unix-like shell where commands can be ran. Username: basisk; password: basisk. This shell is a “back door” to the system that can be used to gain access to automation controllers.

So, what can be hacked using this security issue? Every system that has a connection to the outer world! (network, usb stick,…)

Are we in danger? Let’s hope not. If the engineers of nuclear plants, water purification installation and other critical installations used their common sense while designing the plants. The controller of a critical plant should always be isolated from the outer world. Monitoring the plant can be done with separate sensors and controllers whenever necessary.

Automating a factory is fun (it’s my job) but when the factory is made of Lego bricks it’s even better. The Lego factories are mostly controlled by one or more Lego Mindstorms brain. Lego Technics has a huge amount of possibilities for the mechanical design.

Swarm bots or swarm robotics is the name for a multirobot system consisting of large number of mostly simple robots. The idea emerged on the field of artificial swarm intelligence, as well as the biological studies of insects and other fields in nature, where swarm behavior occurs.

It can be used to create a larger robot in places that are difficult to reach. The swarm bots can move individually and assemble a larger and more powerful robot depending on the task and location.

Swarm bots can become very useful for discovery and rescue operations.

Swarm bots videos

Swarm bots assembly

Swarm bots pulling a child

Brand specific systems

A lot of switch/power outlet/.. manufactures have their own home automation system. Most of them are easy to configure and are good candidates for a DIY home automation system. There is Nikobus from Niko, QBus, BTichino,… The back draw of this manufacturer specific home automation systems is the dependency. When a component fails you need to stick to the manufacturer, buying the same component. If a manufacturer stops producing a certain system…you’re screwed.

Standard bus systems

EIB/KNX is a standard bus system supported by many manufacturers. A lot of brands make components for the KNX home automation system. This is a gigantic pro because you can be sure that in the future spare parts will still be available. It can be easily installed as a DIY home automation system but you need software (or someone with the software) to configure the components on the bus. This is a favorite for DIY home automation!

X10 is a home automation system widely used in the US and a bit less known is Europe. It can be used as a wireless bus automation system. X10 is a very easy to install system, perfect for DIY home automation.

Central systems

In a centralized system every button and every light has a wire to a central cabinet. The controller has some (or a lot) inputs and outputs to switch lights, blinds,…  A central system has the advantage that it can easily be replaced by another central system. It can be hard wired with ‘teleruptors’ or a logic controller can be used. Depending on the system it can be configured by anyone or only by a ’system expert’.

The industrial way

Industrial systems must be reliable, more reliable as home automation systems (unfortunately). So, why not use them for home automation? A PLC (Programmable Logical Controller) can be used as a centralized home automation system but can also be configured with remote input and output islands. Most industrial controllers are guaranteed to have 10 years or more manufacturer support. Which is nice. Maybe a little bit harder to configure as a DIY home automation system but certainly worth the effort.

Automating your home is one thing, having a good interface to control it is another. Home automation can do a lot of useful tasks for you and make your life easier but in the end you must be the one who’s in control.

As automation system in my apartment I use a Siemens S7-1200 PLC (Programmable Logical Controller). It is a low priced but powerful PLC, which doesn’t take to much space. The controller is connected to every light point, the door opener and the central heating system. This means it takes care of lighting, heating and access control.

Since Windows Media Center is an easy way to store and play music, movies and pictures integrating a small touch panel in the wall seemed fun. Even more fun would be the integration of a HMI (Human Machine Interface) to control the S7-1200 PLC using the touch screen. Using different applications would be possible but it brings the hassle of having to switch every time from Media Center to the HMI application and back.

The solution is to make a Windows Media Center plugin that is able to communicate with the S7-1200 PLC over the local network. To transfer bits and bytes from the plugin to the PLC the dataflow shown in the diagram below is used.

The PLC is connected to the local network which is ideal for communication between the PLC and the server. To read and write date from and to the PLC the open source library libnodave is used. A C# application gets and sets data in the PLC according to the points configured in a MySQL database. Creating and editing points is done through a web interface.

Whenever data needs to be send to the PLC a row is added in a MySQL table that functions as a stack. The actual values are read cyclically and updated in the points table.

On the webserver a php script is running to create MCML (Media Center Markup Language) data. These MCML pages can be registered as a plugin in Windows Media Center. At this time the plugin is very basic. It is a tree containing rooms and lights. The php script shows one level of the tree at a time. Clicking an area will open the level of that specific area. Clicking a light will toggle the status of the light.

Using a Windows Media Center plugin to control your home is very intuitive, and incredibly cool. And maybe one time it will be open source…

While programming a micro controller for the home automation over IP project there’s a lot of trial and error involved. To make it possible to reboot the micro controller remotely by software I was experimenting with an infinite loop without resetting the watchdog timer.

Continue reading →

For the home automation over IP project I needed a fast and easy method for creating printed circuit boards (PCB). After some research the “toner transfer method” seemed a solution to give a try.

Not being sure about the quality of the final result I designed the PCB with wide paths. This way a lack of precision shouldn’t be a big problem.

PCB Design

What you we need:

• a PCB design (obvious)
• a blank board (without photosensitive layer)
• magazine paper
• a laser printer
• an iron, preferably without steaming capabilities
• personal protection against chemicals (gloves, safety glasses and eventually a lab coat)
• glass or plastic bowl (never use a metallic bowl as etchant container!)
• etchant: HCl, H₂0₂ and H₂0
• thinner (acetone)

Continue reading →