#HASHTAG for Allen-Bradley Studio 5000 V30+

True Allen-Bradley add-on instruction instance protection is finally here! PLC Exchange is proud to release #HASHTAG, a first of its kind PLC based add-on instruction instance protection mechanism to prevent unauthorized copying, duplication and use of company specif add-on instructions/intellectual property. You can now safely develop and secure your own add-on instructions without the need of Allen-Bradly FactoryTalk, CodeMeter or other large software suites allowing you a PLC centric solution for IP protection.

Figure 1: HASHTAG Add-on instruction

PLC Exchange has developed a propitiatory add-on instruction algorithm that specifically keys customers add-on instructions to a physical PLC processor while simultaneously allowing them to limit the number specific instance calls to a predetermined number. In laymen terms, you pick the processor and the number of block calls you want and you have now limited the unauthorized copy and replication of your add-on instructions!

You now control your code with #HASHTAG by PLC Exchange. Keep it secure even from us! With our propriety method of security, you simply provide us the processor serial number of the PLC you want to lock your instances too and the total number of instances you want to run and we will send you back a preconfigured version of #HASHTAG to incorporate into your PLC program. No need to send us your program or IP!

Figure 1: Proprietary algorithm keying your add-on instructions

This is really the IP protection we as an industry have been looking for. HASHTAG licensing starts at only $500.00 a processor with unlimited number of add-on instruction calls. You can now secure every processor that leaves your hands with tailored security unbreakable by any current methods of hacking or decrypting*


  • Easy Integration into customers add-on Instruction; fully customizable behavior
  • Ties customers add-on instruction to a physical processor
  • Limits number or allowed running add-on instruction instances
  • Preconfigured HASHTAG and HASHTAG_INSTANCE add-on instruction provided keyed to your exact specifications
  • Installation supplemented by import routines and programs, no need for lengthy configurations
  • Low cost for IP protection
  • No bulky software or program suite required; keyed entirely by program on the PLC

Integration is simple! With our hands-off approach, you are able to make full customizable control of how you want to handle cases of fraud, weather it is to completely disable all process outputs or simply play an subtle alarm or demo banner on a HMI screen. Control is entirely up to you; we simply provide you the information that copy or instance tampering is detected and you act specific to your situation.

Figure 3: Typical Usage

In this example we have a processor keyed to allow one single instance of “CUSTOMERS_SECURE_AOI”. If any programmer tries to make an unauthorized copy of the add-on instruction as typically done with standard code, the programmer will find that they are unable to reproduce or enable the unauthorized block in any combination of load attempts against the processor. In the case of hot loading an add-on instruction (adding a copy of the add-on instruction while keeping the processor in run mode), the newly created block will (by customers own definition) disable all machine output on tamper detection.

Notice the machine stop state even though the operator is pushing the start button. This is because the customer designed add-on instruction (in conjunction with the HASHTAG_INSTANCE) in unable to synchronize with the main HASHTAG program disabling the SYNC_OK status in the HASHTAG_INSTANCE add-on instruction. The customer has programmed their block to disable machine start and enable machine stop outputs during a tamper or non-sync action. The code looks as follows:

Figure 5: Comparisons of authorized add-on instruction load (left) and unauthorized load (right)

Taking this one step further, in the event the processor is switched to program, powered off, or a full download, the initialized blocks now will detect the unauthorized instance and prevent all code blocks from loading entirely. This is a good way to discourage any unauthorized tampering by allowing no operation of code when tampering is detected on program load.

Figure 6: On Program load all instances of add-on instruction detect tampering and shut down according to customer program

HASHTAG also has outstanding tamper detection features that prevent any combination of attempts to hijack or emulate HASHTAG or HASHTAG_INSTANCE add-on instructions, including “man-in-the-middle” type attack attempts. Please contact us for more details or information on how to obtain your copy to start protecting you add-on instructions and IP today!

Frequently Asked Questions:

Why do you currently only support Allen-Bradley Studio version 30 and up?

Because the previous versions of Allen-Bradley RSLogix/Studio 5000 have a known encryption vulnerability that allows unauthorized users to decrypt encrypted add-on instructions with a web-available decryption tool. We have not heard of any attempts to patch or fix this vulnerability so we will not be releasing out software to be decrypted, decoded, and ultimately hacked and reproduced. After all, we ARE trying to protect IP

What special environments are needed for HASHTAG to operate?

In our current released version, you must contain both the HASHTAG and any combination of HASHTAG_INSTANCE’s in a continuously scanned routine. We do not currently support cyclic or periodic tasks. We are looking into this as a feature in the next coming releases.

When I purchase HASHTAG, do I also need to purchase a special SD card with a physical key?

No, we simply require you to either own an existing factory supported SD card or purchase one to use with the HASHTAG software. HASHTAG will not function without a SD card present in the controller in question.

What is the process for purchasing HASHTAG? What do you need from me?

All we need from you is the digital serial number of the processor you want to restrict access too as well as the total number of called instances you will be needing to register or protect. Because of our propriety algorithm all instances need to be present at all types (scanned) so this not something that is flexible as far as number of instance calls. Instance calls do NOT have to be of the same type, only need to be in the same program/call structure.

How much free space is needed on my processor to import and run HASHTAG?

Currently we are requesting approximately 200,000 bytes of free space to give enough room for program overhead and operation. One of our goals is to continuously optimize and reduce the total size of the HASHTAG package due to the small capacity of many of the product line processors.