Vehicle Diagnostic Protection SFD

   #21  

Uwe

Benevolent Dictator
Staff member
Joined
Jan 29, 2014
Messages
30,004
Reaction score
21,424
Location
USA
VCDS Serial number
HC100001
Well, ostensibly it's to protect your vehicle from being "hacked". This is of course something of a risk when cars are always connected to the internet via cellular connections. E.g:
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

However, it could be implemented in a manner that doesn't lock out someone who has physical access to the diagnostic port. The fact that it hasn't been implemented in such a way does make me suspect an ulterior motive...

-Uwe-
 
   #22  

DV52

Verified VCDS User
Verified
Joined
May 16, 2014
Messages
3,620
Reaction score
4,026
Location
Melbourne, Australia
VCDS Serial number
C?ID=194404
Well, ostensibly it's to protect your vehicle from being "hacked". This is of course something of a risk when cars are always connected to the internet via cellular connections. E.g:
https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/

However, it could be implemented in a manner that doesn't lock out someone who has physical access to the diagnostic port. The fact that it hasn't been implemented in such a way does make me suspect an ulterior motive...

-Uwe-
Uwe: I keep saying to others (about myself) that I wouldn't be paranoid if it wasn't that everyone in the world was against me! ;) But thanks for articulating the question of VAG's (possible) objective for SFD so succinctly

Don
 
   #23  

Antera

Verified VCDS User
Verified
Joined
May 14, 2019
Messages
11
Reaction score
21
Location
Netherlands
VCDS Serial number
C?ID=129250
I did see that ( www.stemei.de) have solved the problem to connect en code on the Golf 8. Is there any progress with VCDS yet?
 
   #24  

Uwe

Benevolent Dictator
Staff member
Joined
Jan 29, 2014
Messages
30,004
Reaction score
21,424
Location
USA
VCDS Serial number
HC100001
I did see that ( www.stemei.de) have solved the problem to connect en code on the Golf 8. Is there any progress with VCDS yet?
Maybe I'm blind, but I see no mention of SFD or Golf 8 on that page.

-Uwe-
 
   #26  

DV52

Verified VCDS User
Verified
Joined
May 16, 2014
Messages
3,620
Reaction score
4,026
Location
Melbourne, Australia
VCDS Serial number
C?ID=194404
hmm...........yes, the other cable does "accommodate" SFD to a point - but it's hardly true that "vcp have solved the problem" in any real sense for non-ODIS devices because you still need to pay homage (and, pay money) to the mothership to get the tokens!!

If this business model is to become the accepted "solution" to SFD - then it will fundamentally shatter the value proposition for the purchase of 3rd party diagnostic devices for the enthusiast market. I'm not sure how valuable this market is for Ross-Tech - but I suspect that the professional workshops tend to keep their VCDS devices for many years. So not much repeat business from professional users - I think!

Don

"other cable" said:
System 8.7.4 is ready for download Created: 07 April 2020

System 8.7.4 is ready for download

News:

Added support for VW Golf VIII (MQB2020)
Added support for Skoda Octavia IV (MQB2020)
Added support for VW Jetta China
Added support for VW Fox China
Added SFD unlocking by pre-calculated token

VW introduced a SFD (Schutz Fahrzeug Diagnose) in MQB2020 platform. To get access to adaptations / coding and even output checks, ECU has to be unlocked by special Token. Tokens can be currently obtained only by using offcial GeKo/partner company account.
So, if you want to work with SFD -> go ahead and apply for access. There's currently NO OTHER WAY.
Stay tuned for our news in that case.

Demo, how to use SFD unlocking -> https://youtu.be/Gy72Z3xBSLY
 
Last edited:
   #27  

jifejur

New Member
Joined
Sep 11, 2020
Messages
8
Reaction score
9
Location
Netherlands
VCDS Serial number
H10-000192
On the sfd cars there are 3 modules that need to be 'unlocked' before you can code them, the gateway (19) , the central electronics (09) and the 5F. This can be done in 2 ways: odis (automatic) and via the VAG portal (you still need to have GEKO account). The last methode is used bij 'other cable'. You can get a 'challenge' message from the module and fill this in at the VAG portal. IT gives the response and you send this to the car. The modules will be unlocked for 90 min. (A faultcode Will be stored while it is unlocked) All other modules can be coded normally (security access is also the same).
 
   #28  

DV52

Verified VCDS User
Verified
Joined
May 16, 2014
Messages
3,620
Reaction score
4,026
Location
Melbourne, Australia
VCDS Serial number
C?ID=194404
@jifejur : Many thanks for clarifying this!

So I think that what you are saying is that for us "enthusiast" users (and for the 3 x pivotal modules that you identify), there really isn't a viable alternative for accessing SFD encoded vehicles with third party diagnostic devices without GEKO.

I've never seriously investigated getting a GEKO account, but I suspect that VAG impose a number of pre-qualifications in their application process. And, I suspect that it ain't low cost and at the very least,I would assume that a business registration of some sort is needed.

@RT: Probably a very dumb question - but can tokens be "wheeled" to end users through a GEKO account that is registered with the cable manufacturer (i.e still using the one IP with VAG servers, but with a separate back-end distribution mechanism to legitimate cable users)?

hmm......... bummer!!!

Don
 
Last edited:
   #29  

Uwe

Benevolent Dictator
Staff member
Joined
Jan 29, 2014
Messages
30,004
Reaction score
21,424
Location
USA
VCDS Serial number
HC100001
@RT: Probably a very dumb question - but can tokens be "wheeled" to end users through a GEKO account that is registered with the cable manufacturer (i.e still using the one IP with VAG servers, but with a separate back-end distribution mechanism to legitimate cable users)?
Is that theoretically possible? Probably. But I suspect VWAG would not be amused once they detected someone doing that. I've heard there was a UK-based supplier of very expensive scan tools doing that some years ago and VW came down on them pretty hard. I won't name names, so please don't ask.

Moreover, in the US, in order to get a Geko account if one is not a dealer, one must first become a Vehicle Security Professional through the NASTF and I'm certain they would also consider doing that to be "Abuse".

-Uwe-
 
   #30  

DV52

Verified VCDS User
Verified
Joined
May 16, 2014
Messages
3,620
Reaction score
4,026
Location
Melbourne, Australia
VCDS Serial number
C?ID=194404
@Uwe : hmm......... my suggestion wasn't intended to be nefarious. As I said, "probably very dumb question" and as it now appears - a very naive question!!:facepalm:

Anyhow, I guess that us non-proffessional users should be thankful for small mercies because @jifejur response confirms that SFD has allowed normal access to the remaining modules (for the current time, at least).

The other interesting question given @jifejur information is what's happened to CP? Since SFD applies to the previous CP master module and hex09 & hex5F, it would seem to be unnecessary to continue to include these in the constellation (maybe?). How do SFD cars manage CP - if at all?
Don
 
Last edited:
   #31  

jifejur

New Member
Joined
Sep 11, 2020
Messages
8
Reaction score
9
Location
Netherlands
VCDS Serial number
H10-000192
@jifejur : Many thanks for clarifying this!

So I think that what you are saying is that for us "enthusiast" users (and for the 3 x pivotal modules that you identify), there really isn't a viable alternative for accessing SFD encoded vehicles with third party diagnostic devices without GEKO.

I've never seriously investigated getting a GEKO account, but I suspect that VAG impose a number of pre-qualifications in their application process. And, I suspect that it ain't low cost and at the very least,I would assume that a business registration of some sort is needed.

@RT: Probably a very dumb question - but can tokens be "wheeled" to end users through a GEKO account that is registered with the cable manufacturer (i.e still using the one IP with VAG servers, but with a separate back-end distribution mechanism to legitimate cable users)?

hmm......... bummer!!!

Don
GEKO is indeed nog cheap and not easy to get. As of with alle security gateways on new cars, there will be a solution for it someday (FCA gateways came in 2018, there is now a solution for it in aftermArket tools like Bosch etc). To be honest the VAG sfd is not that bad, as if let you code almost all modules and 'other diagnostic. On the FCA gateway you can only Read, what means even faultcodes cannot be cleared...

'wheeling' the code to end users is not permitted legaly by VAG. The GEKO token owner needs to be with the car to manually check the vin number of the car. But i think there will be a solution some day when the pressure of big aftermarket diagnostic tool manufacturers is big enough. Or somebody will reverse engineer the sfd alghoritme.
 
   #32  

jifejur

New Member
Joined
Sep 11, 2020
Messages
8
Reaction score
9
Location
Netherlands
VCDS Serial number
H10-000192
Also on the sfd gateways (0x19,) the autoscan does not work work with vcds. The Can-bus messages are totally different than on a non sfd gateway. Hope Ross-tech implements this fast ;-) because ODIS is a pain to code manually with.
@Uwe i see you are from Ross-tech of you need Can-bus logs for gateway scans of sfd cars, please contact me, we see a couple every week :-)
 
   #34  

jifejur

New Member
Joined
Sep 11, 2020
Messages
8
Reaction score
9
Location
Netherlands
VCDS Serial number
H10-000192
Really, in what release? Because i cannot het the gateway list on these cars via autoscan
 
   #39  

DV52

Verified VCDS User
Verified
Joined
May 16, 2014
Messages
3,620
Reaction score
4,026
Location
Melbourne, Australia
VCDS Serial number
C?ID=194404
Ive just become aware (in another forum) of a so-called "right-to-repair" proposition that is (I believe) ostensibly aimed at Tesla's Over-The-Air systems update being locked down in America - but since I know nothing about the Tesla proposal, I may have gotten this wrong, maybe?

If I'm understanding my discussion with a Massachusetts local correctly (again, I could be in error,) there may be implications for SFD .

Interested in comments from others
https://ballotpedia.org/Massachusetts_Question_1,_"Right_to_Repair_Law"_Vehicle_Data_Access_Requirement_Initiative_(2020)

Don
 
   #40  

jifejur

New Member
Joined
Sep 11, 2020
Messages
8
Reaction score
9
Location
Netherlands
VCDS Serial number
H10-000192
On paper, i think yes, but look at FCA (fiat Chrysler/Jeep/dodge). They are using security gateways on fiat 500/doblo and new jeeps/Dodge without any issues. And with that gateway you cannot do anything (only Read dtc, cannot clear etc). There are (finally) aftermarket solutions, but they are not many and they don't work all that good and getting an original tool is not easy (buying it is, but then FCA needs to couple it to An subscription and that rook 3 months....). If VAG is putting these SFD in there cars, they will be there to stay i guess and other brands are also using it (Renault on newest .odels, Mercedes as well).
 
Top