SFD

From Ross-Tech Wiki

Schutz der Fahrzeugdiagnose (SFD)

Schutz der Fahrzeugdiagnose (SFD) aka. Protection of Vehicle Diagnostics (PVD) replaces the existing Login & Security Access functionality, which means it doesn't interfere with basic functions like reading Control Module Identification or Event and Diagnostic Trouble Codes (DTC's) or Measuring Values.

Advanced functions like Coding, Adaptation, Basic Settings and/or Output Test may be limited and require a SFD unlock. SFD appeared first in MY 2020 and was at first limited to newly introduced Models and/or Control Modules. You will see Vehicles with individual Control Modules using classic Login/Security Access protections and other Control Modules in the same Vehicle using the newer SFD protection.

An Auto-Scan with VCDS will show you if a specific control module requires SFD unlocks to perform certain functions via an addition/suffix of "SFD" to the VCID line. 

  Address 09: Cent. Elect. (J519)       Labels: 1EA-937-BCM-V1.clb
  Part No SW: 1EE 937 089 D    HW: 1EE 937 089
  Component: SAM_H         H08 0530
  Serial number: 01102328300374 Dataset Number: V03935400RK 0001
  ASAM Dataset: EV_SAMVW31x 005001
  ROD: EV_SAMVW31x_005_VWE3.rod
  VCID: 43DB1062BB164BA2C69-8016 SFD


Schutz der Fahrzeugdiagnose 2 (SFD2)

SFD2 does NOT replace the aforementioned SFD. Instead it is meant as an extension for the original SFD functionality in order to secure Control Modules against unauthorized manipulation (by law). This is primarily aimed at driver assistance systems, autonomous driving, software updates and cyber security in general (i.e. UNECE R 155 and/or UNECE R 156).

The vehicle manufacturer has to ensure that all modifications must be factory authorized, resulting in functions like Coding and Adaptation, as well as Updates etc. only being possible when digitally and cryptographically signed.

This limitation does not apply to most service related functions like Service Reset, Particle Filter Regeneration, Brake Pad Replacements or other typical workshop jobs, as these can still be performed after a regular SFD unlock. SFD2 does however limit/prevent most retrofits and similar efforts to enable functions not available from factory.

An Auto-Scan with VCDS will show you if a specific control module requires SFD2 signed messages to perform certain functions via an addition/suffix of "SFD2" to the VCID line: 

  Address 19: CAN Gateway (J533)       Labels: 1EE-937-012.clb
  Part No SW: 1EE 937 012 D    HW: 1EE 937 012
  Component: ICAS1 Host-SG 021 0411
  Serial number: SMERBG220923006 Dataset Number: V03935420NB 0001
  GVL: 2D00080006C8D0FC8062904248181050C400400000010000000200000000C057
  ASAM Dataset: EV_GatewICAS1MEBUNECE 001013
  ROD: EV_GatewICAS1MEBUNECE_VWE3.rod
  VCID: 353F7EBAE5C2E51278D-8060 SFD+SFD2

Diagnostic Firewall & Diagnostic Filter

Even before SFD and SFD2 unauthorized access and/or modifications were prevented by a diagnostic firewall, which required you to open the hood prior to having full access to control module functions. We recommend to open the hood on all MY 2015 and newer before you perform any diagnostic work to ensure the diagnostic firewall is deactivated.

Newer models still have this diagnostic firewall but in addition may have diagnostic filter blocking diagnostic access to control modules entirely. VCDS uses a workaround to access these control modules but may be in Restricted (read-only) mode, preventing most advanced functions like Coding, Adaptation, Basic Settings and/or Output Test etc.

An Auto-Scan with VCDS will show you if Restricted mode is active via an addition/suffix of "-R" to the VCID line for each control module: 

  Address 06: Seat Mem. Pass (J521)       Labels:* None
  Part No SW: 1N3 959 760 H    HW: 1N3 959 760 H
  Component: MEM-BFS       011 0571
  Serial number: 23A3101KA04891
  Coding: 0118BA4000012A008803010101010000000000000000000000000000211000
  Shop #: WSC 00000 000 00000
  ASAM Dataset: EV_SCMPasseSideCONTIAU736 006013
  ROD: EV_SCMPasseSideCONTIAU736_VW38.rod
  VCID: 3E2D6196D0F4264AA97-806A-R

An Auto-Scan with VCDS can show you in the VCID line combinations of "-R" and SFD and SFD at the same time: 

  Address C003: SW Cluster Housekeeping (SWC3)       Labels: V04-007-XXX-SWC3.clb
  Part No: V04 007 000 TB
  Component: ICAS1 SWCL_HK 0411 
  ASAM Dataset: EV_SWCLHouse1ICAS1UNECE 001007
  ROD: EV_SWCLHouse1ICAS1UNECE.rod
  VCID: 77A3B4B2BF4ED702AA1-8022-R SFD+SFD2


Unlocking Schutz der Fahrzeugdiagnose (SFD)

While we are working on automating the unlock process, VCDS already does support the unlock and re-lock procedure using offline unlock tokens.

The following steps are recommended if you are working on SFD protected vehicles...

  1. Determine which control modules you need to work on, for example:
    • - Brake Electronics for Parking Brake related work
    • - Information Electronics for Service Reset
  3. Determine if the diagnostic firewall was deactivated when opening the hood. This can be done by connecting to "Diagnostic Interface for Databus / Gateway" (#19) and viewing Diagnostic filter Advanced Measuring Values. Results that look like this confirm you do NOT need to unlock address 19 prior to making changes in other control modules:
    • IDE13754-MAS16867 Diagnostic filter: status-Reason for deactivation hood open
    • IDE13754-MAS16875 Diagnostic filter: status-Filter status Filter is not active
    In this case you can skip steps 3 and 4. The Diagnostic Firewall is already disabled.
    If the status is Filter active you will need to retrieve a Challenge/Token for "Diagnostic Interface for Databus / Gateway" (#19) and all additional SFD protected control modules you need to work on. Those results would look like this:
    • IDE13754-IDE04447 Diagnosis filter: status-Function status Function active: SFD protected
    • IDE13754-MAS16875 Diagnosis filter: status-Filter status Filter active
    In this case you must use steps 3 and 4. The Diagnostic Firewall active.
  5. SFD unlock the "Diagnostic Interface for Databus / Gateway" (#19).
  7. Disable the Diagnostic Filter in the "Diagnostic Interface for Databus / Gateway" (#19) (usually Adaptation channel IDE16611-Diagnosis filter: temporary deactivation adapted from active to not active).
  9. SFD unlock (all) additional SFD protected control modules you plan to work on.


Frequently Asked Questions

  1. Can SFD be disabled?
    No.
  3. Can Ross-Tech provide offline SFD tokens?
    No, but they can be obtained for example from one of our distributors
  5. Will VCDS have SFD unlocking built-in at some point?
    We hope to have that in the future and are working with VW to make this happen.
Retrieved from "https://wiki.ross-tech.com/wiki/index.php?title=SFD&oldid=9753"