Difference between revisions of "SFD"
(Created page with "= Schutz der Fahrzeugdiagnose (SFD) = Schutz der Fahrzeugdiagnose (SFD) aka. Protection of Vehicle Diagnostics (PVD) replaces the existing Login & Security Access functionali...") |
|||
| Line 5: | Line 5: | ||
Advanced functions like Coding, Adaptation, Basic Settings and/or Output Test may be limited and require a SFD unlock. SFD appeared first in MY 2020 and was at first limited to newly introduced Models and/or Control Modules. You will see Vehicles with individual Control Modules using classic Login/Security Access protections and other Control Modules in the same Vehicle using the newer SFD protection. | Advanced functions like Coding, Adaptation, Basic Settings and/or Output Test may be limited and require a SFD unlock. SFD appeared first in MY 2020 and was at first limited to newly introduced Models and/or Control Modules. You will see Vehicles with individual Control Modules using classic Login/Security Access protections and other Control Modules in the same Vehicle using the newer SFD protection. | ||
| − | An Auto-Scan with VCDS will show you if a specific control module requires SFD unlocks via an addition/suffix of "SFD" to the VCID line. | + | An Auto-Scan with VCDS will show you if a specific control module requires SFD unlocks to perform certain functions via an addition/suffix of "SFD" to the VCID line. |
Address 09: Cent. Elect. (J519) Labels: 1EA-937-BCM-V1.clb | Address 09: Cent. Elect. (J519) Labels: 1EA-937-BCM-V1.clb | ||
| Line 24: | Line 24: | ||
This limitation does not apply to most service related functions like Service Reset, Particle Filter Regeneration, Brake Pad Replacements or other typical workshop jobs, as these can still be performed after a regular SFD unlock. SFD2 does however limit/prevent most retrofits and similar efforts to enable functions not available from factory. | This limitation does not apply to most service related functions like Service Reset, Particle Filter Regeneration, Brake Pad Replacements or other typical workshop jobs, as these can still be performed after a regular SFD unlock. SFD2 does however limit/prevent most retrofits and similar efforts to enable functions not available from factory. | ||
| − | An Auto-Scan with VCDS will show you if a specific control module requires | + | An Auto-Scan with VCDS will show you if a specific control module requires SFD2 signed messages to perform certain functions via an addition/suffix of "SFD2" to the VCID line. |
Address 19: CAN Gateway (J533) Labels: 1EE-937-012.clb | Address 19: CAN Gateway (J533) Labels: 1EE-937-012.clb | ||
| Line 39: | Line 39: | ||
Even before SFD and SFD2 unauthorized access and/or modifications were prevented by a diagnostic firewall, which required you to open the hood prior to having full access to control module functions. We recommend to open the hood on all MY 2015 and newer before you perform any diagnostic work to ensure the diagnostic firewall is deactivated. | Even before SFD and SFD2 unauthorized access and/or modifications were prevented by a diagnostic firewall, which required you to open the hood prior to having full access to control module functions. We recommend to open the hood on all MY 2015 and newer before you perform any diagnostic work to ensure the diagnostic firewall is deactivated. | ||
| − | Newer models still have this diagnostic firewall but in addition may have diagnostic filter blocking diagnostic access to control modules entirely. VCDS uses a workaround to access these control modules but may be in | + | Newer models still have this diagnostic firewall but in addition may have diagnostic filter blocking diagnostic access to control modules entirely. VCDS uses a workaround to access these control modules but may be in Restricted (read-only) mode, preventing most advanced functions like Coding, Adaptation, Basic Settings and/or Output Test etc. |
| − | An Auto-Scan with VCDS will show you if | + | An Auto-Scan with VCDS will show you if Restricted mode is active via an addition/suffix of "-R" to the VCID line for each control module. |
Address 06: Seat Mem. Pass (J521) Labels:* None | Address 06: Seat Mem. Pass (J521) Labels:* None | ||
| Line 52: | Line 52: | ||
ROD: EV_SCMPasseSideCONTIAU736_VW38.rod | ROD: EV_SCMPasseSideCONTIAU736_VW38.rod | ||
VCID: 3E2D6196D0F4264AA97-806A-R | VCID: 3E2D6196D0F4264AA97-806A-R | ||
| + | |||
| + | An Auto-Scan with VCDS can show you in the VCID line combinations or "-R" and SFD and SFD at the same time: | ||
| + | |||
| + | Address C003: SW Cluster Housekeeping (SWC3) Labels: V04-007-XXX-SWC3.clb | ||
| + | Part No: V04 007 000 TB | ||
| + | Component: ICAS1 SWCL_HK 0411 | ||
| + | ASAM Dataset: EV_SWCLHouse1ICAS1UNECE 001007 | ||
| + | ROD: EV_SWCLHouse1ICAS1UNECE.rod | ||
| + | VCID: 77A3B4B2BF4ED702AA1-8022-R SFD+SFD2 | ||
Revision as of 16:39, 5 August 2025
Schutz der Fahrzeugdiagnose (SFD)
Schutz der Fahrzeugdiagnose (SFD) aka. Protection of Vehicle Diagnostics (PVD) replaces the existing Login & Security Access functionality, which means it doesn't interfere with basic functions like reading Control Module Identification or Event and Diagnostic Trouble Codes (DTC's) or Measuring Values.
Advanced functions like Coding, Adaptation, Basic Settings and/or Output Test may be limited and require a SFD unlock. SFD appeared first in MY 2020 and was at first limited to newly introduced Models and/or Control Modules. You will see Vehicles with individual Control Modules using classic Login/Security Access protections and other Control Modules in the same Vehicle using the newer SFD protection.
An Auto-Scan with VCDS will show you if a specific control module requires SFD unlocks to perform certain functions via an addition/suffix of "SFD" to the VCID line.
Address 09: Cent. Elect. (J519) Labels: 1EA-937-BCM-V1.clb Part No SW: 1EE 937 089 D HW: 1EE 937 089 Component: SAM_H H08 0530 Serial number: 01102328300374 Dataset Number: V03935400RK 0001 ASAM Dataset: EV_SAMVW31x 005001 ROD: EV_SAMVW31x_005_VWE3.rod VCID: 43DB1062BB164BA2C69-8016 SFD
Schutz der Fahrzeugdiagnose 2 (SFD2)
SFD2 does NOT replace the aforementioned SFD. Instead it is meant as an extension for the original SFD functionality in order to secure Control Modules against unauthorized manipulation (by law). This is primarily aimed at driver assistance systems, autonomous driving, software updates and cyber security in general (i.e. UNECE R 155 and/or UNECE R 156).
The vehicle manufacturer has to ensure that all modifications must be factory authorized, resulting in functions like Coding and Adaptation, as well as Updates etc. only being possible when digitally and cryptographically signed.
This limitation does not apply to most service related functions like Service Reset, Particle Filter Regeneration, Brake Pad Replacements or other typical workshop jobs, as these can still be performed after a regular SFD unlock. SFD2 does however limit/prevent most retrofits and similar efforts to enable functions not available from factory.
An Auto-Scan with VCDS will show you if a specific control module requires SFD2 signed messages to perform certain functions via an addition/suffix of "SFD2" to the VCID line.
Address 19: CAN Gateway (J533) Labels: 1EE-937-012.clb Part No SW: 1EE 937 012 D HW: 1EE 937 012 Component: ICAS1 Host-SG 021 0411 Serial number: SMERBG220923006 Dataset Number: V03935420NB 0001 GVL: 2D00080006C8D0FC8062904248181050C400400000010000000200000000C057 ASAM Dataset: EV_GatewICAS1MEBUNECE 001013 ROD: EV_GatewICAS1MEBUNECE_VWE3.rod VCID: 353F7EBAE5C2E51278D-8060 SFD+SFD2
Diagnostic Firewall & Diagnostic Filter
Even before SFD and SFD2 unauthorized access and/or modifications were prevented by a diagnostic firewall, which required you to open the hood prior to having full access to control module functions. We recommend to open the hood on all MY 2015 and newer before you perform any diagnostic work to ensure the diagnostic firewall is deactivated.
Newer models still have this diagnostic firewall but in addition may have diagnostic filter blocking diagnostic access to control modules entirely. VCDS uses a workaround to access these control modules but may be in Restricted (read-only) mode, preventing most advanced functions like Coding, Adaptation, Basic Settings and/or Output Test etc.
An Auto-Scan with VCDS will show you if Restricted mode is active via an addition/suffix of "-R" to the VCID line for each control module.
Address 06: Seat Mem. Pass (J521) Labels:* None Part No SW: 1N3 959 760 H HW: 1N3 959 760 H Component: MEM-BFS 011 0571 Serial number: 23A3101KA04891 Coding: 0118BA4000012A008803010101010000000000000000000000000000211000 Shop #: WSC 00000 000 00000 ASAM Dataset: EV_SCMPasseSideCONTIAU736 006013 ROD: EV_SCMPasseSideCONTIAU736_VW38.rod VCID: 3E2D6196D0F4264AA97-806A-R
An Auto-Scan with VCDS can show you in the VCID line combinations or "-R" and SFD and SFD at the same time:
Address C003: SW Cluster Housekeeping (SWC3) Labels: V04-007-XXX-SWC3.clb Part No: V04 007 000 TB Component: ICAS1 SWCL_HK 0411 ASAM Dataset: EV_SWCLHouse1ICAS1UNECE 001007 ROD: EV_SWCLHouse1ICAS1UNECE.rod VCID: 77A3B4B2BF4ED702AA1-8022-R SFD+SFD2
Unlocking Schutz der Fahrzeugdiagnose (SFD)
While we are working on automating the unlock process, VCDS already does support the unlock and re-lock procedure using offline unlock tokens.
The following steps are recommended if you are working on SFD protected vehicles...
1. Determine which control modules you need to work on, for example:
- Brake Electronics for Parking Brake related work - Information Electronics for Service Reset
2. Retrieve Challenge/Token for "Diagnostic Interface for Databus / Gateway" (#19) and all additional control modules you need to work on.
3. Unlock the "Diagnostic Interface for Databus / Gateway" (#19).
4. Unlock the Diagnostic Filter in the "Diagnostic Interface for Databus / Gateway" (#19) (usually Adaptation channel IDE16611-Diagnosis filter: temporary deactivation adapted from active to not active).
5. Unlock (all) additional control modules you plan to work on.
Frequently Asked Questions
1) Can SFD be disabled?
No.
2) Can Ross-Tech provide offline SFD tokens?
No, but they can be obtained for example from one of our distributors:
https://shop.pci-diagnosetechnik.de/SFD-Unlock-Base-Rate-incl-1-Control-Unit
3) Will VCDS have SFD unlocking built-in at some point?
We hope to have that in the future and are working with VW to make this happen.