Verifying Project File Build Signature

Adrian_Lee · ‎2021-10-25

In the Control Expert function block library there is a PRJ_VERs function block that lets you read the 'Build Signature' of a project.

This signature appears to be part of the same signature number that shows up in 'PLC Screen' -> Information tab under 'Application -> Identification' when you are connected to a PLC running a project.

My questions are:

How can one obtain the build signature of a project file (.STU) in Control Expert without first transferring it into a PLC?
Is it possible to read the build signature of a project file without using Control Expert at all? There are some similar looking numbers in STATION.CTX file but not sure if that's a reliable approach to take.

I'd like to script a way of recording and verifying PLC project file build signatures to ensure they aren't tampered with. There have been numerous vulnerabilities related to crafting malicious project files and opening them in Control Expert or downloading to PLC. Would be good if there was a reliable and scalable method of recording signatures and verifying integrity of project files.

Adrian_Lee · ‎2022-01-11

For #1, the project file (.STU) can be unzipped, and you can find the STATION.CTX which contains the build signature

Got some information back from support regarding #2

The version application signature is composed of 4 values -> CID-MID-AID-LID and you can find bellow the description of each one of the values:

CID - Creation ID: Random number generated when an application is created. The number remains a constant.

MID - Modification ID: Random number generated on each application modification and rebuild, either partial or global. When an application is created, MID = CID.

AID - AutoModification ID: A new random value generated for AID by the PLC after one of the following minor modifications to the application:

a Control Expert request to modify %KW
a P_Unit request that performs a save_param request or replaces init value

When an application is created or built in local mode, AID = 0.

LID - Layout ID: Random number generated after a modification of the variable layout. LID does not change as a result of a runtime change either adding or deleting a data block. LID changes only on when the global rebuild of the application.
LID addresses the needs of Hot Standby. It permits the transfer of a memory block from the primary PLC to the standby so that application variables (excepted for deleted or new ones) exist at the same location
LID = CID = MID when the application is created.

https://www.se.com/ww/en/faqs/FA371483/

See Answer In Context

Adrian_Lee · ‎2022-01-11