search

DexcTrack / dexctrack

A program to dynamically and interactively graph information from Dexcom G4, G5, and G6 CGM receivers.
GNU General Public License v3.0
25 stars 12 forks source link

Dexcom G7 #14

Open jochen-01 opened 1 year ago

jochen-01 commented 1 year ago

Any chance to get this updated/upgraded to read the Dexcom G7 receiver?

DexcTrack commented 1 year ago

I've been working on it for a few weeks, but it's going to be either very difficult or impossible.

I traced the USB traffic when the Dexcom Uploader reads data from the G7 Receiver. The behavior was similar to the G6 Receiver until the Database Read operation. The G7 is using elliptic curve encryption.

http://crl.dp.saas.primekey.com/crl/DEX00PG1.crl

$ openssl crl -inform DER -text -noout -in DEX00PG1.crl
Certificate Revocation List (CRL):
        Version 2 (0x1)
        Signature Algorithm: ecdsa-with-SHA256
        Issuer: CN = DEX00PG1
        Last Update: Sep 29 17:11:30 2022 GMT 
        Next Update: Sep 24 17:11:30 2023 GMT 
        CRL extensions:
            X509v3 Authority Key Identifier: 
                keyid:9E:0F:1E:36:F3:F2:76:A7:01:FE:8E:88:3A:6E:26:A6:35:BD:6A:FC

            X509v3 CRL Number: 
                4
No Revoked Certificates.
    Signature Algorithm: ecdsa-with-SHA256
         30:45:02:21:00:de:39:8b:5d:cf:9a:59:8b:e4:c6:f4:b9:ff:
         6b:30:60:86:5d:e3:0e:fe:c6:32:e9:dc:5d:30:8d:bb:77:75:
         2b:02:20:0f:ce:ea:71:5c:5b:be:9f:f9:dc:f4:ea:41:9b:07:
         d8:e6:64:31:8b:b5:d1:dd:b2:13:f3:b0:74:86:17:c5:a0

It appears that Dexcom is using services from a company called PrimeKey for their Public Key Infrastructure (PKI). It's not clear whether the purpose of their encryption is just to protect medical data in transport over the internet, or if it's to prevent anyone other than the Dexcom company from reading the data.

If it's the former, then maybe I could generate my own Public/Private key pair and find a syntax where I could send it to the Receiver. It would use my Public key to encrypt the data, and I could use the corresponding Private key to decrypt it. There is Open Source code called EJBCA which PrimeKey uses for PKI, and another Open Source project called Bouncy Castle for encryption and decryption. But all of this Open Source code is in Java which would probably be challenging to access or re-implement in Python.

If the real purpose is to prevent anyone other than Dexcom to decrypt the data, then the Receiver will accept only the Dexcom signature, and there will be no way for anyone without their Public/Private key pair to directly read data from the G7 Receiver.

It's going to be really complicated or impossible to get Dexctrack working with a G7 Receiver.

jochen-01 commented 1 year ago

Thank you. That's really bad. I hope the 1st case is true and you manage to solve it. I'm sure we agree that DEXCOM steals my data in the 2nd case.

pcarmo commented 10 months ago

Hello,

Has there been any update on this issue?