An Affordable And Programmable PLC

We’re all used to general purpose microcontroller boards such as the Arduino or its many imitators, but perhaps we don’t see as much of their industrial cousins. A programmable logic controller (PLC) is a computer designed to automate industrial machinery, and comes with protected interfaces and usually a specific PLC programming environment. Thus [Galopago]’s work with an inexpensive Chinese PLC clone is especially interesting, providing a route forward to using it within the Arduino IDE ecosystem.

Opening it up, the processor is identified as an STM32F103, and the connection needed to place it in bootloader mode is identified. Then it can be programmed from the Arduino IDE, even though its bootloader can’t be changed. Then to complete the process it’s necessary to identify the various different inputs and outputs by old-fashioned hardware reverse engineering.

This PLC may not be quite as robust as some products costing much more money, but it still represents a cost-effective way to access a microcontroller board with much of the interface circuitry already installed that would normally be required for controlling machinery. We expect that we’ll be seeing it appear on these pages over the coming months, and perhaps there might even be another comparison in the air.

72 thoughts on “An Affordable And Programmable PLC

  1. For last 12 years I’ve worked with Siemens PLCs, starting from S7-300. Calling this Chinese toy a PLC is like serving freshly baked pepperoni pizza on a toilet seat stolen from pubic lavatory. It might work, somewhat, but… why?

    1. I cut my teeth on a Siemens S3 back in 1977 sugar milling most of you were a twinkle in your grant father’s eye? Horses for courses you would not use the subject item to run a car tunnel or rail system but it has some great applications on a small scale.

    2. Don’t let your employer know that you aren’t bright enough to comprehend that this PLC isn’t made to run an oxygen plant. It’s made to run a hydroponics setup in someone’s basement.
      And I can’t imagine someone thinking that half-baked analogy was hilarious. That person must loooove Big Bang Theory. Just like that show, your analogy needed a laugh track.

    3. Hmm – For about 30 years I’ve programmed PLC 5’s, SLC’s, Simatic S7, Mitsubishi MELSEC, Little Omrons, Control Logix, and DCS systems from Honeywell. I use a couple of those little Chinese knockoffs- one as my automated gate controller and one for my AC System. Horses for courses as they say…

    1. I say get used to it! There’s always redundancy when an initialism becomes widely used, and then people want to refer to one of the things the initials stand for 😁:
      – DB Board
      – CRT Tube
      – Programmable PLC

      It gets worse because there’s more than one initial, so you may want to refer to:
      – The Cathode inside the CRT. Of course that’s just a RT Cathode otherwise we have redundancy
      – The Ray that comes from the Cathode inside the CRT. Would that be a CT Ray?
      – The Programmability of the LC
      – The amount of Logic in the PC
      – And of course, the Redundancy of the Cyclic Check in a CRC (that particular type of Redundancy would have to be called CC Redundancy to avoid redundancy in the name)

      1. But… I don’t like any of those redundancies. Gotta have some pushback or nothing will mean anything.
        A couple of non-acronym redundancies:
        High rate of speed.
        Long period of time.

        1. Of my favorite comedians, George Carlin is in the top 1.
          I’ve been playing with reductive changes to language, to offset the mostly expansive nature of changes that I’ve heard.
          “How’s the new job?”
          “It’s great. I’m pretty gruntled.”

          1. was a good web sight back in the day.

            Carlin was lame for the last 20 years though. He just got on stage an did an unfunny rant, completely lacking self awareness.
            His fans loved it, so he never did anything new. Kind of like the dead and AC/DC.

    2. Even worse: can it still be considered a PLC when you program it using the Arduino framework? Using that logic an Arduino Nano is also a PLC…

      That said, Galopago’s original post is called “Repurposing a PLC clone for use with Arduino” which covers it much better.

      1. If you take it by raw definition then the majority of modern systems are Programmable Logic Controllers (PLCs). Normal PCs and laptops and servers and SBCs and microcontrollers are all PLCs. They all carry out logic operations, they are all controllers and they are all programmable.

        You need to get into what it actually means. PLC (in the way it is used now) actually just means processor with a wide range of operating conditions or hardened/resistant IO. You could extend that definition to also mean programmable in the common PLC languages.

        A similar issue is with ASIC (Application Specific Integrated Circuit), isn’t every integrated circuit an ASIC? It is all created with a specific application in mind, even if that application is to be a general purpose and flexible processor, that is still a specific application. So really any integrated circuit is an ASIC if you consider what it actually means.

        Unfortunately there is a lot of vagueness in language and I am not completely sure but I don’t think it can ever be completely removed. Language will almost always have at least some degree of uncertainty that can’t be removed.

  2. Oh my. I almost got a heart attack by reading “PLC”. 💔
    My first cognitive association was with Power Line Communications.
    That horrible RF polluter (it’s a network technology that uses unshielded AC lines and a nightmare for fans of wireless technology).

  3. a programmable PLC, wow!

    just like an ATM Machine

    so I can input my PIN Number

    and my ABS System

    and GMT time.

    This has been reported the RAS Redundant Acronym Society, and the AAAA American Association of Acronym Abuse

  4. A few years I also bought one of these. Keywords to find quickly are FX1N, FX2N and FX3N and they come in many different variants. Inputs and outputs vary from about 5 to 20 (both inputs and outputs have about the same number). Outputs can either be relays or transistors. Mine has an RS485 chip but it’s an old fashioned SN75176 without additional protection and this (probably also cloned) chip is quite fragile, (maybe a clone is even less fragile then the original)

    The bare PCB’s are the cheapest (Nice for a simple experiment or if you have your own enclosure) Some have a back plate for mounting on a DIN rails, while others have full enclosures.

    Other significant differences are the connectors used. Some have (small or beefed up) screw terminals directly on the PCB, others have the green pluggable connectors.

    I also quite like the power supplies on these things. A filter with a common mode choke, relative big caps followed by an SMPS (LM2596 or clone). The version I have appears to have a somewhat more solid power supply section than the version presented here, so that is also something to consider when you choose one.

    Reverse engineering the I/O is also a breeze. All inputs are similar, and so are the outputs. So you can either follow all tracks, or you write a little test program to read inputs and write outputs and then only measure on the connectors which is where.
    The version I have has 15 EL817 opto’s on it’s inputs, and 10 Sharp PC817 opto’s and TIP122 transistors on it’s outputs. Processor is (or claims to be) an STM32F103VBT6.

    For reprogramming, it even has holes for a (not populated) 2.54mm pitch single row header. As an alternative, you can solder enameled wires between the IC and some other connector, and then glue the connector to the PCB.

  5. What throws people off with PLCs is the way they’re -supposed- to run. It’s to do with the “logic” part of the deal, because it’s supposed to emulate a sort of parallel IO synchronous logic circuit.

    What that means is, the PLC typically runs in a fixed cycle of, say 10 milliseconds, where the inputs and outputs are updated and the logic program is evaluated once every cycle. This is similar to how relay logic operating on AC power was able to change state every 1/100th of a second in sync with the 50Hz AC waveform zero crossing, since relay contacts won’t arc when there’s zero volts across.

    If your program does not complete within the cycle time, tough luck. The point is that the PLC can and should never lock up iterating some loop or branching statement: it always completes the cycle and always produces outputs from inputs. It’s deterministic and hard real-time logic – so if you need to compute some heavy algorithm, you have to save state and continue the next cycle, which many PLCs don’t even support.

    An Arduino or an Arduino compatible micro-controller is not a PLC, but you can implement a PLC-style program on it.

    1. When I went to a training session for TwinCAT, I asked the instructor “What happens if my program has a loop that takes longer to run than the cycle time?”, and the instructor went blank for a moment and then said, “You assign more CPU for your program”. So I persisted, “But what if it still takes longer than the cycle time to run?” – “You assign more CPU to your program.”.

      I was like, “What magic do you use to make the computer run faster and faster?”. What he was saying is, “The code must complete in time, or else.”

        1. Yep. That was the point that the instructor didn’t manage to get across, because he didn’t understand the question.

          The point is that when you think of a PLC as a generic micro-controller, you tend to believe that your program gets the CPU to itself and you can just trap it in a loop and do stuff with it. That’s exactly not what you’re supposed to do.

      1. The PLCs I have used actually do “try” to complete the loop “in time”. Simply skipping the next cycle and throwing an error. Not crashing, it still runs. But it isn’t happy about it.

        One way to think about a PLC is that it practically is a software defined FPGA. You only have X gates to work with. The PLC meanwhile only have X amount of CPU time to work with per program cycle.

        An application will typically consist of a bunch of sub programs that each handle their own task. If a program crashes or locks itself up, no major worries. The other programs still runs. Each of these programs requires some amount of CPU time to complete.

        So just like in an FPGA, we dedicate logic to a task. In the PLC, we dedicate time to a task. (and RAM…)

        In the end, outputs and inputs are only updated on a given cycle. So we don’t have to worry all that much about one program issuing a change that effects the next program running along side it. At least not as far as outputs and inputs are concerned. State variables in RAM is however still the typical trap for beginners.

        Nothing stops one from making a suitable interpreter on a regular micro and call it a PLC (a lot of actual PLCs are just this). Might not support “industry standard” IEC-61131-3 languages, but honestly half of those languages are garbage… (Likely a hot take according to some veterans. I have seen far too much ladder diagrams to remain sane, antiquated BS if one asks me…)

        As long as the interpreter in itself is fairly “safe” from locking itself up, then things are fine.

      2. TwinCAT PLC will run all cycles code. Next cycle is just delayed. Of course real cycle time is not fixed anymore. In some cases it is bad thing and your calculations may give incorrect answers if you used fixed cycle time in your calculations.

    2. So that’s not _quite_ true. I’ve been in the industrial controls space for a long time. With Allen-Bradley (and most PLCs) the scan rate is a function of how much logic you’re executing. Have a simple routine with only a few rungs/lines – scan rate is fast (~5 msec). Start to add in more logic and the scan rate gets slower. Watching your scan rate and confirming that it meets requirements is part of the development process.

      What makes a PLC unique is that it evaluates every line or rung on every scan. There’s no such thing as a blocking call or a while loop that could halt execution. This leads to a (generally) stable scan rate since the code executed is always the same, even if it evaluates different.

      PLCs are not hard realtime. Anything that requires very precise timing (ex. coordinated motion profiles) is handled at a lower level than your PLC code.

      Also worth noting that while PLCs used to be very custom hardware almost every single one of them is now just an ARM chip running VxWorks. Sometimes they have a custom FPGA/ASIC for communications protocols or other concerns.

        1. And it’s running on a more or less standard PC with Windows as a guest OS on some of the CPU cores, while the rest are assigned to the real-time kernel.

          Hence why the guy said “Give it more CPU”, meaning you need to assign more CPU resources for the logic program so it would complete in time – presuming of course that the program does complete.

          1. Not any PC.

            Most cheap motherboards run some of the device/secret NSA code in systems management mode (we’re not supposed to even know about that, I think they renamed it). Which you can’t interrupt or see in process viewer etc.

            It’s the thing that makes generic PCs not real time by definition. If you want a PC that doesn’t do this look at RTOS hardware compatibility lists.
            Yes any PC will run a x86-64 RTOS, but most won’t be ‘real time’ to a purist.

          2. Turning a PC into a PLC has been tried and failed more times than can be counted. Steeplechase was one of those. A watchdog is what makes PLC deterministic, if logic don’t complete you get a major fault and it all stops. You break the logic up into various types of tasks, those that require more speed and update and those that don’t. You give them priority ratings. PLC will schedule and check for cycle time issues. PLCs can be edited online, allowing code changes on the fly without shutdown and compile and transfer. AB CLogix can scan small to medium programs in usec. All tasks combined are generally in low ms scans. Depends on size and complexity. PLCs can also handle safety IO, redundancy systems, etc. PCs are for some things but not this stuff.

          3. Soft PLC developer hasbto measure how realtime his system is, but consensus is it can be good enough. TwinCAT is one example, it has RT (realtime) driver that is basically second kernel running alongside Windows. LinuxCNC on rt kernel is another and you can use it too for EtherCAT devices
            Regarding all that spyware like Intel Management Engine, this is not really problem: it is usually running on separate chip so in normal operation it does not impede with scheduler work on main CPU, and it is good enough for dev or test work.
            For 24/7/365 work controller integrator usually will procury proper knfystrial PC like Beckhoff CX, not sure what chipset is on those and If it omits IME by purpose

      1. The point was that the instructor failed to explain a crucial detail about PLC-style programming: that you can’t trap the program in a loop like you would with micro-controllers or other “PC-like” systems. You don’t e.g. busy-wait for inputs to change because that’s just not how the system works.

  6. Does anybody know any PLC with 230VAC _inputs_? Seems like that there is no such out-of-the-box option at all. Really, I don’t even need outputs, just a dozen of 230VAC inputs to monitor the real state of power network in a house.

    I once made similar thing using HV capacitor, resistor, diode and PC718 input circuits for myself long ago, but I’m too lazy to do it again. Would like to just order something ready-to-use that could be used the same way – monitor presense or absense of 230VAC voltages on multiple inputs and provide that data for server.

    Quick searches through regular sources gives nothing. In the best case you have optoisolated 24VDC inputs without enough space to add HV capacitors and convert it somehow to 230VAC inputs.

      1. That Logo have to be used with DM8 230V module that cost twice than Logo itself. It is insanity.
        Also Logo is overhead for such simple task. It is like hammering nails with microscope.

        I just need a cheap chineese singleboard PLC with 230VAC inputs instead of 12/24VDC ones with some common processor that could be reflashed to my own software.

    1. You can do this and trend it on most controllers.
      Scale your transducer if you only want high/low events, or scale it to peak or RMS for a waveform.
      But if you’re only looking for presence/absence, especially on a dozen points, RIB relays and DIs will do you just fine. Flexcore also makes some VTs with your choice of input and output voltages
      They mention Scada, which is being phased out of the plants and substations around me, but was very popular. Might be able to pick one of those up cheap.

      1. IDK, but it is easier and cheaper just to add a diodes parallel to PC817 LEDs and attach capacitors outside, than to add this converters. Will be the same ugly ratnest with same result. But being kind of perfectionist I want to make everything look nice and with minimum parts possible.

        Just thought that there should be kind of 230VAC input version of that cheap PLCs and somebody will prompt a keyword to find them on ali.

    2. Most PLCs that have AC inputs will handle 120-240 fine. For instance, Automation direct lists it for their BRX and Productivity series PLCs, and Allen Bradley will happily sell you similar (as will Seimens). Or to do it cheaper, use 230VAC coil ice-cube relays, and a low voltage input card. Unless you want analog inputs for some reason. In which case, that’s not a PLC thing, that’s a power quality monitor.

      1. Suddenly found thing I need – something named YF8058 – . $50 for 8 independent 250VAC inputs with MODBUS RS485 output.

        Keyword – “data acquisition module”, but you have to scroll a lot to find that kind among low voltage things.

        Using 230VAC relays is a nice solution, especially if you already have regular PLC with non-isolated 24V inputs intended for switches/buttons.

  7. We use several dozen of the official version of these at work, provided in OEM equipment (FX3 model). The frst time I got ahold of one that had died, I was blown away to find the STM inside. My boss didnt understand why I started shouting “BLUE PILL! BLUE PILL!”

  8. I would really love to see an open-source PLC that was cheap and supported ladder logic. I really don’t care for an arduino IDE.

    If I want an embedded io computer I’ll juat roll my own. Arduinos are lame.

    1. Arduino is coming out with a native IEC-61131-3 compliant IDE very shortly. Function blocks, baby! We have multimillion point buildings where I work. I can still spot one bad pressure sensor throwing off a lab exhaust sequence in a minute or so, using function blocks. I had twenty years as an electrician before really digging into process control, I like ladder logic. But blocks offer a happy medium between text based programming and ladder. Easy to proofread, troubleshoot, and modify like ladder, but able to scale up without losing legibility. No need to trace my finger through all the twists of an enthalpy control ladder, just plop the block down, check the setpoints match design, rinse repeat.

  9. As an Automation guy of 30+ years this thing is hot garbage – and for the record, Automation Direct has a controller that is Industrially hardened with expandable IO and prototyping boards that is Arduino compatible

  10. As a plc programmer for the past 30 years I’ve realized a PLC’s success is not about the cost. They have succeeded because the major suppliers guarantee that you can buy the identical hardware for 5 to 12 years in the future and that your very expensive program will run on their next version of their hardware. When you have a multi million dollar investment in an assembly line that is going to last for 10 years the last thing you care about is saving a few dollars on hardware. Hardware is cheap. Dinking around (ie programming, downtime, etc) is expensive. So the hardware that wins is the one made by the people that have the best support, even if it is expensive, slow and painful to program.
    Also not to be forgotten….a good plc is also very well hardened. Many can be found humming away in dirty, hot, greasy cabinets after years and years of neglect.

  11. Has anyone investigated these for unusual RF returns and code blobs, yet?
    (No. Don’t. You’d be amazed at what even power lines can readily return at gigahertz frequencies.)

  12. Should it be possible to swap the STM32F103 with a STM32F411 or another STM32 which can run Micropython? According to my short investigation there is a pincompatible F4 chip. Once swapped is it possible to upload micropython and use it via the UART which the “PLC” provides via the DB9 Connector?
    Galopago says the PLC uses UART1.
    With this info: you at least have to rebuild the firmware. And now it starts to get complicated for me…

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.