For several years now, new trucks sold in the European union are equipped with digital tachographs, that record the driving times and replace the older chart-based mechanical tachographs.
For companies in road transport that means, although in theory they get nice data about their drivers and vehicles, in practice they have to pay a lot of money for the digital tachograph and the associated equipment, which is then used against them – the old fraud schemes no longer work, the machine cruelly gives every police officer the driving times of the last 28 days (and could give much more).
The usability of the devices I’m familiar with is also abysmal. It just takes forever to read out the data (9600 baud per default, 115000 baud maximal, but i guess the company’s software does just the former), and the drivers have to keep track of their times manually – just not up to par with 2009 technology.
The company also had just a very bad software for analyzing the data recorded by the card and the digital tachograph, so I was asked to write a simple visualization program.
Compiling
You can get the program files from this page, or from the development page at Sourceforge.
Since so far there is no binary distribution for the program, you will have to compile it yourself.
To do that, you need a c++ compiler, parts of the boost library (specifically program_options and shared_ptr) and the Gnu MP library, wich is used to check the various RSA signatures. Once all those are installed, typing make/make install should work fine. On Ubuntu systems, you will need to do something like:
svn co https://readesm.svn.sourceforge.net/svnroot/readesm readesm sudo apt-get install libboost-program-options-dev libgmpxx4ldbl libgmp3-dev make sudo make install
You can of course also use checkinstall instead of make install, or type make package, which invokes checkinstall.
Running the program
In most circumstances, you will run the program from the commandline like this:
readesm --infile foo.esm --outfile bar.html --format=html
Alternatively, if no output file is specified, stdout is used. For KDE users, i wrote a little wrapper script named readesm-wrap-kde.sh. It will get installed my typing make install
Security
It is a really pleasant surprise to see a nice security model in the digital tachographs, considering the rules for the security implementations were made by politicians. Both cards and vehicle units work with 1024-bit RSA keys, and each vehicle unit has its own key, with an certificate signed by the member state, which in turn is signed by an European master key. Data is hashed with SHA-1, subsequently padded and signed by the vehicle unit, and that signature appended to the readouts. The law even states that the companies have to store the data in this signed form, so there is little chance to tamper with the data, once recorded.
Since the most likely attacker – the evil manager who wants to exploit the drivers – has physical access to the card and vehicle unit, which contain the private keys, even 1024-bit RSA provides no absolute security. The manager could try a timing attack, or take a really close look at the storage, both times avoiding having to solve the RSA problem.
The connection from tachograph to sensor is also secured, using Triple-DES. The week point here is the sensor – a successful attack against the sensors some DAF trucks are equipped with is to disturb it using strong permanent magnets, thereby preventing it from recognizing the changing magnetic fields.
All possible attacks against the security system however face the problem of being unveiled by police checkpoints or a cross-correlation of the faked data with data from other sources, for example the toll systems recording every few highway kilometers in Germany.
So, although I could sell manipulation programs for quite some money, all I can offer is a program that can detect such attacks 
readesm.tar.bz2 (60.86 kiB, 2009-05-19)Tags: c++, tachograph
Hello,
I read your article and found it very interesting.. I’m trying to create a .NET reader for my company (with have a small truck fleet).
I took a look at your source code but it’s a bit hard for me to understand (I’m not used in programming in c++, i use c#)..
I’m OK with downloading the data from the card, but I don’t know the structure of the file (cant find it in any official website). Do you have any document you started from with the techincal specification of the file?
I just need the order and the length of the fields, just to start.. that could help me so much.
Thank you in advance, if you could help me I’ll really appreciate.
Animha
I used http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:207:0001:0252:EN:PDF as a starting point, there might be a newer version on there servers, though. I also found a corrigendum somewhere online, but I don’t remember where. The most important corrigendum was:
On page 57, in point 2.5 CardActivityDailyRecord:
after:
activitypreviousrecordlength
insert new line:
activityrecordlength
without that information it’s a bit difficult
Keep in mind the data format differs quite a lot between the vehicle units and the cards, the cards have real tag-length-value, while you’ll have to know the structure of all datasets to be able to parse the vu data.
Thank you, I’ll have a look at it (wow it looks quite huge!!).
Animha
It is quite huge, but you do not need to concern yourself with most of it, like electrical connections and that stuff. I guess you are mostly interested in activity data, for that you’ll need to read only a couple of pages(10 or so). Good luck and have fun coding
Just found out it is available in several languages, for example
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:207:0001:0252:ES:PDF
for the Spanish version, …DE… for the German one.
Hi, thanks for the software, my friend needed to view some .esm files on a windows PC and I managed to use the command line to convert and pull the data into Excel, thanks a lot!
The only problem is my friend isn’t IT literate and explaining how to do this is a daunting prospect! Have you come across a freeware Windows .esm file viewer/convertor?
thanks again
Accy
Hello, sorry for responding so late. Last I checked, there was no such software. There are some web-based solutions, some quite cheap – but giving away signed data of ones driving times is imho a bad idea. I tried compiling readesm for windows – without crypto support that is possible, even crosscompiling from a linux computer works. However, explaining a command-line-program to the average windows user is a daunting task, and i haven’t had much success with creating packages. If i find the time, i’ll write a qt frontend for readesm, that should also make it easier in linux – but right now I am busy with other things.
Hi, I have read given PDF and I hope I will shortly have Windows application able to read and analyze driver cards…
For now, I finished basic EF analysis and am working on detailed driver activities during recorded days.
I hope I will also make some freeware release and will post here…
Hi,
I try to create de file of drive. I see the document by i have problems with PERFORMS HASH OF FILE instruction. Because all time answear the error code 6D00.
The instruction that i use is 80h 2Ah 90h 00h,
I only need create the files but when i need make a hash code with de instruction PERFORMS HAS OF FILE ( Apendix 2, 3.16.12) answear 6D00
Thank for avance
Hello,
I work in small truck company. Your article is very very interersting. I’m interesting in develop an appliacion to download file from tachograph. Do you know where can I found the protocol to download informacion from tachograph.
Thanks and best regards,
jj: Information about the download protocol as well as about electrical and mechanical connections is in the european law linked in my other comments here.
Isaac: I’m sorry, haven’t tried downloading yet. It would be nice to have it working though, downloading with the software we have for downloading takes ages and is unstable.
Matija: Looking forward to see it
Current version (with corrigendum) is od CE regulation is
http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CONSLEG:2002R1360:20020825:EN:PDF
You can check for new version starting from here: http://eur-lex.europa.eu/
choose language (EN)
choose “SIMPLE SEARCH”
choose “Search by document number: Natural Number”
choose “Regulation” and insert year (2002) and number (1360)
You get a list of original regulation and of corrigendum
Thanks a lot, I have been wondering about that.