Pong On Industrial Controllers

Programmable Logic Controllers (PLCs) are a staple of control automation. Sometime in the 60s or 70s, they replaced a box full of relays to implement the kind of “if-this-then-that” logic that turns thermostats on or directs machinery. Sometime in the 90s or 2000s, some more computing power was added, giving us the Programmable Automation Controller (PAC). And if reading Hackaday has taught us anything, it’s that if you give people a little bit of computing power, they’ll implement Pong (or Snake or Doom!).

We were sent a link where [AbsolutelyAutomation] does just that: implements a remotely-playable Pong on a bit of industrial control. Even if you don’t have a PAC sitting around, the details are interesting.

The first step is to get graphics out of the thing. The PAC in question is already able to speak Ethernet, so it’s “just” a matter of sending the right packets. Perhaps the simplest way to go is to implement the remote framebuffer (RFB) protocol from VNC, and then use a VNC client on the PC to send the graphics. (As they point out [CNLohr] has done this quite nicely on the ESP8266 (YouTube) as well.) So an RFB library was written. [AbsolutelyAutomation] points out that this could be used to make boring things like user-friendly configuration and monitoring screens. (Yawn!)

Graphics done, it’s easy to add a Pong layer over the top, using the flowchart-based programming interface that makes homage to the PLC/PAC’s usual function as an industrial controller. (Oddly enough, it seems to compile to a Forth dialect to run on the PAC.) And then you’re playing. There’s code and a (PDF) writeup available if you want more info. If you don’t have a PAC to run it on, the manufacturers have a simulator for you.

We’ve never worked with a PLC/PAC, but we know the hacker spirit when we see it. And making something that’s usually located in the boiler room play video games is aces in our book. This sparks a memory of an industrial control hacking room at DEF CON a few years back. Maybe this is the inspiration needed to spend some time in that venue this year.

We know we’ve got controls engineers out there. What’s the strangest thing you’ve programmed into a PLC?

14 thoughts on “Pong On Industrial Controllers

  1. Must’ve happened in the 2000s, I took a course in 2001ish for PLC using “new” “Relay Lateral Logic” (RLL) which as implied just does simple if/then/else and goto with a handful of digital and analogue gpio. The most fancy thing I could do was audio record and playback

    1. Depends on the manufacturer… almost every brand has a proprietary language (and compiler) to program the things, a lot of them are logic based (which makes sense, since that’s what they’re expected to do), but some are more like traditional languages, where you have to define variables and so forth…

      1. Not so… many PLCs these days adhere to standards (specifically IEC 61131-3) and implement standard languages such as Structured Text , Flowcharts or Ladder Logic.

        There are variations in the implementations but they are interoperable if you are careful.

        1. They are interoperable, but only if you code it again on the other system (files are not interoperable, unless you happen to find two manufacturers using PLC open file structure) and they are using the same revision of IEC 61131-3 or atleast the code does not use any newer features of IEC 61131-3 than what the other PLC does not know. And there are always exceptions like Siemens, who will spit on IEC 61131-3.

          Also many do have features beyond IEC, like C, C++ etc programming.

    2. RLL = Relay Ladder Logic. It was first introduced by Modicon, which in turn was created by Mr. Dick Morley sometime around 1968. Mr. Morley is a giant and hero of the industrial controls world. Truly a visionary individual.

      Whoever told you that RLL was “new” was lying to you.

  2. Similar entertaining “Industrial Automation Hacks” have been an in joke for many years. Here’s an example of both Space Invaders and Pong implimentation for Rockwell Automation/ Allen Bradly gear back in 2007:
    Small “easter eggs” in HMI and PLC code for production machines is not uncommon. I found one that throws up a Starwars themed splash screen for a few seconds on a packaging machine the first time it is started on 4th May every year (May the Fourth be with you).
    If your job is maintaining or programming industrial control equipment you have to make it fun for yourself. I’ve never seen anything damaging or malicious.

    1. Yep, the nice thing about the Pong example above though is it doesn’t require any proprietary software to view the end result, and has applications elsewhere. Need a HMI for a PLC? No problem, just drop that code in and use a cheap VNC compatible thin client. Assuming there is code space of course.

      This suggests a web server, serving a little JavaScript and HTML is more than doable for a functional interface.

  3. I replaced an old batch process system that had a giant grid of indicator lights on the control panel which we were replacing with a modern HMI. I used the old SLC 5/05 as a remote I/O controller of the panel and programmed a compact version of space invaders with the new AB ControlLogix to run on the indicator lights. My team and the operators got a kick out of it. Sadly we had to remove it before final system qualification.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.