Coupled with the power of JEB 2.3, our S7 PLC decompiler provides the following unmatched features:
Siemens PLC programs can be written in low-level STL (Statement List), mid-level SCL (Structured Control Language), or in higher-level LAD (Ladder Logic) diagrams. Regardless of the input source type, the PLC program is compiled to MC7 machine code - an even lower-level representation of STL -, and packed into an opaque binary blob that contains the block data elements, metadata description, and machine code. That block is then uploaded on to the an S7 PLC.
Our decompiler can parse such blocks:
That last step is crucial when it comes to analyzing unknown and/or large PLC code, for example for black-box auditing or research purpose. Instead of navigating thousands of obscure, undocumented lines of MC7 or STL code, the reverse engineer can now navigate and massage C code.
A crucial requirement to make the analysis of unknown code as easy as possible is to provide a flexible output.
JEB allows the user to:
Using Java or Python, users can write their own scripts and plugins to automate some tasks of reverse engineering process. For example, the analyst may want to look for specific code patterns; they may want to rename methods or find relationship between areas of code automatically.
Our API also allows power users to perform advanced static analysis on the code, for example to track register and data usage, which can be used to determine unwanted code conditions or potential bugs.
The S7 Decompiler is developed by Nicolas Falliere and his team.
Back in 2010-2011, Falliere spent countless hours reversing the Stuxnet malware. He fully analyzed the malicious code that infected Step-7 400 PLCs to thwart iranian centrifuges, and was the first to publish a detailed description of the attack sequence.