Reverse engineering in a natural gas measuring station


Natural gas measuring stations are objectives pertaining to a larger pipeline transport system, destined to the measuring of the natural gas flow on different consume directions. These are equipped with a number of measuring lines fitted with gas meters which work using the ultrasonic or the deprimogen element principles.  The measuring of gas flow in this kind of plants is usually a fiscal measure. Given these conditions, if ultrasonic flow meters are used on the measuring lines, the use of at least one turbine flow meter with the aid of which, by the means of adequate valve maneuvers, allows the periodic checkup and maintenance of the ultrasonic flow meters becomes a necessity. S.C. Hasel Invent S.R.L’s activity also includes the design, development, comissioning and maintenance of such gas flow measuring systems. In 2015, the company specialists were confronted with a number of serious issues pertaining to a fiscal measure gas station, equipped with three ultrasonic flow meter and one checkup turbine meter gas measuring lines. The plant was completely automated it offered the posibillity of remote monitoring and operation from the operating room within. The plant was equipped with automation panels containing PLC’s which acquire process data from the flow computers and the process gas cromatograph, the parameters of the gas flowing through the plant, and allow the use of automated sequences for the change of the measuring lines according to the flow of gas, insuring the possible uncertainty of measurement is within tolerated rage limits. The periodic check-up of the ultrasonic is also done with the aid of an automated sequences, programmed, like the ones mentioned before, as the PLC’s have been programmed to handle these tasks.

Some of the issues our specialists were faced with were:

  1. The flow computers were no longer exchanging data with the PLCs which made the use of the automated control of the pressure or flow of gas at the consumption lines impossible.
  2. Some of the isolation valves used in the automatic sequences insuring the checkup of the ultrasonic flow meters were no longer receiving the commands sent by the PLC.
  3. The plant had been modified by introducing a number of new valves which were yet to be integrated with the rest as were, as such, impossible to command from the control room.
  4. One of the customer’s specifications was the transmission of the acquired data to their regional headquarters, located approximately 20 km away using optic fiber.The customer also wanted to be able to monitor and command all of the elements in the gas station from their aforementioned regional headquarters, without the pressence of an operator in the plant being necessary.  

5. The software programmed into the PLCs was no longer accesible because the access password was unknown and the original developer of the system did not answer the customer’s request to solve the problems.

Given the aforementioned conditions, there remained only two possibilities of getting the gas station to work according to the customer’s requirements:

  1. Completely replacing the automation panels, PLCs included, with new panels, designed to fit the customer’s new requirements.
  2. Completely erasing the software programmed into the PLCS and the application on the process computer and, after identifying all of the components in the stations, completely rewriting these applications.

The customer chose the second solution, so S.C. Hasel Invent S.R.L formed a team of specialists and proceeded to reverse engineer the gas station. The deadline was a month away, and in this brief period of time, the plant’s issues had to be solved, and the possibility of remote control and monitoring from the customer’s regional headquarters had to be implemented, so on the day of commisioning all of the customer’s requirements (1-5) had to be met, and the plant had to have full functionality.

The first thing that had to be done was the identification and verification of every element in the station, from the PLC modules in the automation panel to the valves and actuators in the field. After the necessary constatations and the initial relevee was finished, the communication between the automation panel and the elements in the field was tested. This lead to the identification of four serial communication lines, two of which used the Modbus RTU protocol, and the other two used the Profibus DP communicatino protocol. The team then verified the communication telegrams between the PLC and the valves using a test PLC, thus insuring the station could be left working as it was in the beginning between the tests and eliminating the necessity for stopping or diverting the gas flow. The PLCs were to be formatted and re-programmed after the test were finished for the new softare applications.

After the testing of the communication between the elements in the field and the automation panel was finished, the functional tests for the operating and control application installed on the two servers and two clients there had to be conducted. It was decided that, in order to insure  a faster maintenance routine in the future, there had to be implemented a new section in the application which would allow the testing of digital and analog inputs and outputs and of the communication telegrams exchanged between the automation panel and the valves (Both for the Modbus RTU loops and the Profibus DP loops).


Finally, the software applications created by Hasel were tested and installed on the same equipment, thus managing the performance of taking control of equipment whichh would have otherwise had to be replaced, due to lack of access to its configuration and original software applications. Reverse engineering proved to be proficient for working out the issues and obtaining total control over a gas station. Its use afforded the bettering of the system and the future avoidance of difficulties pertaining to the maintenance of such systems.