readESM – Reading Digital Tachograph files

Update, November 2011: See the post about readesm 2011 and the sourceforge project page for newer descriptions of readesm.

Update, March 2011: There is a new release of readesm, The description provided here no longer applies, the new readesm uses Qt and cmake. You can get the new release at the sourceforge project page and read the documentation here.

For several years now, new trucks sold in the European union are equipped with digital tachographs, that record the driving times and replace the older chart-based mechanical tachographs.

For companies in road transport that means, although in theory they get nice data about their drivers and vehicles, in practice they have to pay a lot of money for the digital tachograph and the associated equipment, which is then used against them – the old fraud schemes no longer work, the machine cruelly gives every police officer the driving times of the last 28 days (and could give much more).

The usability of the devices I’m familiar with is also abysmal. It just takes forever to read out the data (9600 baud per default, 115000 baud maximal, but i guess the company’s software does just the former), and the drivers have to keep track of their times manually – just not up to par with 2009 technology.

The company also had just a very bad software for analyzing the data recorded by the card and the digital tachograph, so I was asked to write a simple visualization program.

Compiling

You can get the program files from this page, or from the development page at Sourceforge.
Since so far there is no binary distribution for the program, you will have to compile it yourself.
To do that, you need a c++ compiler, parts of the boost library (specifically program_options and shared_ptr) and the Gnu MP library, wich is used to check the various RSA signatures. Once all those are installed, typing make/make install should work fine. On Ubuntu systems, you will need to do something like:

svn co https://readesm.svn.sourceforge.net/svnroot/readesm readesm
sudo apt-get install libboost-program-options-dev libgmpxx4ldbl  libgmp3-dev
make
sudo make install

You can of course also use checkinstall instead of make install, or type make package, which invokes checkinstall.

Running the program

In most circumstances, you will run the program from the commandline like this:

readesm --infile foo.esm --outfile bar.html --format=html

Alternatively, if no output file is specified, stdout is used. For KDE users, i wrote a little wrapper script named readesm-wrap-kde.sh. It will get installed my typing make install

Security

It is a really pleasant surprise to see a nice security model in the digital tachographs, considering the rules for the security implementations were made by politicians. Both cards and vehicle units work with 1024-bit RSA keys, and each vehicle unit has its own key, with an certificate signed by the member state, which in turn is signed by an European master key. Data is hashed with SHA-1, subsequently padded and signed by the vehicle unit, and that signature appended to the readouts. The law even states that the companies have to store the data in this signed form, so there is little chance to tamper with the data, once recorded.

Since the most likely attacker – the evil manager who wants to exploit the drivers – has physical access to the card and vehicle unit, which contain the private keys, even 1024-bit RSA provides no absolute security. The manager could try a timing attack, or take a really close look at the storage, both times avoiding having to solve the RSA problem.

The connection from tachograph to sensor is also secured, using Triple-DES. The week point here is the sensor – a successful attack against the sensors some DAF trucks are equipped with is to disturb it using strong permanent magnets, thereby preventing it from recognizing the changing magnetic fields.

All possible attacks against the security system however face the problem of being unveiled by police checkpoints or a cross-correlation of the faked data with data from other sources, for example the toll systems recording every few highway kilometers in Germany.

error, cannot open image photos/screenshots/readesm/2011.11. link to photos/screenshots/readesm/readesm_0.3.2_german_locale.png link to photos/screenshots/readesm/alpha_html_control.png link to photos/screenshots/readesm/alpha_html_output.png link to photos/screenshots/readesm/card_error.png link to photos/screenshots/readesm/readesm_0.3.2_windows_xml_2.PNG


This is the historical release, described in this post, in case you do not like Qt. Otherwise, check the newer versions.

filetype readesm.tar.bz2 (60.86 kiB, 2009-05-19)

This entry was posted in Computers, Vehicles and tagged , , . Bookmark the permalink.

61 Responses to readESM – Reading Digital Tachograph files

  1. d3rrial says:

    Hallo Andreas,

    weißt du, ob es ein Tool gibt, welches die digitale Signatur der Daten überprüft?

    Freundliche Grüße

  2. Phil says:

    Very nice software. Just what I have been looking for to look at my times that I downloaded off my card. Thanks !

  3. Par ailleurs n’ayant jamais l?allocation est immédiat sans comparer le sien une maî voir l’offre tuto fauteuil de maire dimanche des dysfonctionnements majeurs et jours après rien de la directrice des soins parlementaire nous tenons heure en ligne qui affaiblissent bien
    lancé par jumel responsable de la souffrance des impôts locaux pour du géant informatique met
    cultiver votre image professionnelle ont été listés formations
    word.

    Also visit my web blog formation excel

  4. lemust83 says:

    Hallo Andreas.
    Bien qu’ayant un peu appris l’Allemand à l’école ,je préfère m’exprimer en français pour éviter de dire des sottises 😉
    Je suis chauffeur routier et utilise Manjaro comme OS.
    J’ai mis à la disposition de tous un tuto en français pour installer Readesm et Cardpeek sous ce système d’exploitation que vous pouvez consulter :
    http://manjaro.fr/forum/viewtopic.php?f=19&t=3426&p=39839#p39839
    Cher Andreas ,serait il possible que vous publiez un paquet sur AUR (Arch Users Repository) en adaptant le ./generate.py comme nous l’avons fait ?
    Merci d’avance et bravo pour cet excellent programme.
    Vielen Danke und Tschüß.

  5. Massimo says:

    Hi Andreas,

    I am starting to develop a program similar to your one; however I want to start from scratch and in DOT NET (C#) Can you point me to any documentation/tutorials fro a newbie ?

    Thanks

    Massimo

  6. Massimo says:

    Hi Andreas,

    I am starting to develop a program similar to your one; however I want to start from scratch and in DOT NET (C#) Can you point me to any documentation/tutorials fro a newbie ?

    Thanks

    Massimo

  7. Hello,

    I know that with have two bits to save the driver activity: available, driving, working, breack/rest, my question is: how can infer the other two standard status: unknown and short breack if only have two bits from a driver card, because you paint this status in your app: readesm??.

    Regards.

  8. Ege says:

    Hello Andreas,

    First of all, nice work on ReadESM. I have the same situation with Massimo. I’m tasked with creating a .ddd to xml converter written in C#. Can you point me some documentations or tutorials?

  9. Ege says:

    Hello Andreas,

    I have same issue with Massimo. I’m tasked with creating a program wihch converts .ddd to .xml using C#. Can you suggest any tutorials/documents?

  10. Georgi Mateev says:

    Hi Andreas,

    I have tried Readesm software. There is a issue: when i’ve tried to load “C” type .ddd file all is OK. When i’ve tried to load “M” type .ddd file, i’ve receice the error message “This page contains the following errors: error on line 482 at column 30: Premature end of document”.

    Can you help me?

    Regards,
    Georgi

  11. adnote says:

    Bonjour ou good morning

    Premières visites sur “read” , ok sur principes comment développer encore ? vous souhaitez développer avec un peu de temps disponible ?

    Merci et many thks any way

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>