Reverse Engineering in a Natural Gas Measuring Station

Portfolio

Reverse Engineering in a Natural Gas Measuring Station

Natural gas measuring stations are objectives within a pipeline transmission system, designed to measure natural gas flows in different directions of consumption. They are equipped with several measuring lines equipped with gas meters operating on the ultrasonic principle or with a deprimogene element.

Measuring gas flows in these stations is usually fiscal. Under these conditions, if ultrasonic flow meters are used on the measuring lines, it is necessary for the station additionally to contain at least one turbine flow meter, by means of which, by appropriate valve maneuvers, periodic verification of the correct operation of the ultrasonic flow meters can be performed. Hasel Invent carries out design, mounting and maintenance works for such gas flow measurement systems. Under a contract executed during 2015, the company's specialists faced a series of special technical problems related to a fiscal measuring installation with three ultrasonic lines and a verification line with turbine meter, the installation being fully automated and with the possibility of monitoring the operation at the control room inside the station.

This installation contains automation cabinets with PLCs, which take over from flow calculators and process gas chromatograph, the parameters of gas flows and control in automatic sequence, changing the measurement lines corresponding to the gas flows transited through the station in such a way as to maintain the measurement uncertainty within the prescribed limits. Periodic verification of the correct operation of the ultrasonic measuring lines using the turbine meter is also done automatically, through programmed sequences at the PLC level.

The problems encountered in these measurement systems were as follows:

  • The flow calculators no longer communicated with the PLCs, which was why the automatic adjustment of gas flows or pressures on the consumption lines could no longer be done.
  • Part of the section valves entering the automatic ultrasonic meter check sequences could no longer be controlled by the PLC.
  • In the technological installation of the station, changes were made by introducing additional electrically operated valves, which had to be integrated into the automation installation.
  • The beneficiary requested the remote transmission of data at a dispatcher located about 20 km from the station, through a fiber optic line and ensuring the possibility of command and monitoring the operation of the entire station in this dispatcher, without the presence of operating personnel in the station.
  • The programs installed on the PLCs were not accessible because the access passwords were not known and the developer of this system did not respond to the request for solving the problems.

Under these circumstances, there were two possibilities of bringing the station to the functionality requested by the beneficiary, namely:

  • Complete replacement of automation panels with PLCs with new control systems, designed according to the new requirements.
  • Complete deletion of software applications both on PLCs and on the process computer and after full identification of all components of the measuring and automation installation, complete rewriting of these applications.

The beneficiary chose the second solution, so S.C. Hasel Invent S.R.L. proceeded to form a team of specialists and start the reverse engineering works for the gas measuring station in question. The deadline for completion of the work was one month, time during which the installation had to be re-commissioned at the initially designed parameters and with extended functionality as required by paragraphs 1-4, listed above, one of the important requirements being total control from the remote dispatching.

Under these conditions, all the elements of the installation were initially identified and individually verified, from the inputs and outputs of the PLC modules, from the automation cabinet to the electric and pneumatic valves in the field. After the necessary findings were made and an initial relevance was achieved, the communication testing between the PLCs present in the automation room and the field elements was started. Four serial lines of communication were identified, two of them using the Profibus DP communication protocol, and the other two, the Modbus RTU protocol. The communication telegrams of the valves were then checked, using a test PLC, thus maintaining the possibility of restoring the station to its original operating parameters. This way, during the entire testing period, it was not necessary to stop the station or to divert the natural gas on another route, because after each testing phase, it was possible to return to the original configuration by installing the PLCs with the original program, and then they would be formatted and loaded with the new programs only after completing all the tests of the new software applications.

After checking the communication between the PLCs and the field elements, the functionality of the monitoring and control application installed on the two servers and on the two customers in the station was checked. It was decided that in order to be able to perform a faster maintenance in the station in the future, it is necessary to implement in the application a section that allows the testing and verification of analog and digital inputs and outputs in the system, as well as of the communication telegrams with the valves, both through the Modbus RTU protocol and through the Profibus DP protocol. Thus, the implementation of a new section of the program, dedicated to maintenance, was achieved.

Finally, the software applications created by Hasel were tested and installed on the same equipment, thus achieving the performance of taking control of equipment that normally should have been given up due to the lack of passwords to access the modification of the original software applications. Reverse engineering has proven to be very useful for solving problems and gaining total control over an installation. Its use has thus allowed both the improvement of the system and the avoidance in the future of the occurrence of difficulties related to the maintenance of such systems.