[Dcm] Vehicle Diagnostic Communication Part 77 [Simulation 16]

Click here for back issues.
https://www.simulationroom999.com/blog/diagnostic-communication-en-back-issue/

Vehicle Diagnostic Communication back issue

Introduction This is a back-issue of a series that discusses various aspects of vehicle diagnostic communications.The fo...

www.simulationroom999.com

2023.02.24

Introduction.

Explanation of the AUTOSAR-Dcm simulation.
In this article, the simulation results of SecurityAccess will be explained.

SecurityAccess simulation results (message)

If you want to review SecurityAccess, refer to the following article.

[DoCAN] Vehicle Diagnostic Communication Part 51 [UDS 12]

The SecurityAccess service has two major message patterns. requestSeed. Odd sub-functions. sendKey. Even sub-functions.

www.simulationroom999.com

2023.01.04

[DoCAN] Vehicle Diagnostic Communication Part 52 [UDS 13]

The SecurityAccess service is purposely troublesome procedure, which is the security strength. Must transition to non-defaultSession in advance. Must wait 10 seconds after IGon. If you make a mistake unlocking, you have to IGoff once.

www.simulationroom999.com

2023.01.05

[DoCAN] Vehicle Diagnostic Communication Part 53 [UDS 14]

Explain the basic flow of the SecurityAccess service. Explain the actual messages in the basic flow of the SecurityAccess service. Security is applied to resources. Service. DID.

www.simulationroom999.com

2023.01.06

Simulation results with comments are shown in the following.

Send msg : 2713 // Seed request in defaultSession (SecurityAccess service unsupported session)
Recv msg : 7f277f // NRC$7F(serviceNotSupportedInActiveSession)
Send msg : 1003 // Transition to extendDiagnosticSession
Recv msg : 5003003001f4 // P2 time=48[ms],P2*time=5000
Send msg : 2713deadbeef // wrong message length for Seed request
Recv msg : 7f2713 // NRC$13(incorrectMessageLengthOrInvalidFormat)
Send msg : 2714deadbeef // Send Key even though Seed request was not successful
Recv msg : 7f2724 // NRC$24(requestSequenceError)
Send msg : 2711 // Seed request with non-existent SecurityLevel
Recv msg : 7f2712 // NRC$12(subFunctionNotSupported)
Send msg : 2714deadbeee // send key without another successful Seed request
Recv msg : 7f2724 // NRC$24(requestSequenceError)
Send msg : 2713 // Seed request
Recv msg : 6713deadbeef // Seed=0xdeadbeef
Send msg : 2714deadbeef // Send Key(Key=deadbeef)
Recv msg : 6714 // Send msg : 2713 // send again (Key=deadbeef) 
Send msg : 2713 // Request Seed again
Recv msg : 671300000000 // Seed=0x00000000 (security unlocked)
Send msg : 2714deadbeef // send key with security unlocked
Recv msg : 7f2724 // NRC$24(requestSequenceError)
Send msg : 1003 // transition back to extendDiagnosticSession (security is now locked)
Recv msg : 5003003001f4 // P2 time=48[ms],P2*time=5000
Send msg : 2713 // Seed request
Recv msg : 6713deadbeef // Seed=0xdeadbeef
Send msg : 2714deadbeef // Send Key (Key=deadbeef)
Recv msg : 6714 // Send msg : 2713 // Seed=0xdeadbeef 
Send msg : 2713 // Seed request
Recv msg : 671300000000 // Seed=0x00000000 (security unlocked)
sleep : 2.048000 [ms] // 2.048[ms] Wait
Send msg : 2713 // Seed request
Recv msg : 671300000000 // Seed=0x00000000(security unlocked)
sleep : 4.900000 [ms] // 4.900[ms] Wait
Send msg : 2713 // Seed request
Recv msg : 671300000000 // Seed=0x00000000 (security unlocked)
sleep : 5.100000 [ms] // 5.100[ms] Wait (S3 timeout, return to defaultSession)
Send msg : 2713 // Seed request
Recv msg : 7f277f // NRC$7F(serviceNotSupportedInActiveSession) 
Send msg : 1003 // Transition to extendDiagnosticSession
Recv msg : 5003003001f4 // P2 time=48[ms],P2*time=5000
Send msg : 2713 // Seed request
Recv msg : 6713deadbeef // Seed=0xdeadbeef
Send msg : 2714deadbeef // Send Key (Key=deadbeef)
Recv msg : 6714 // send key (Key=deadbeef)
Exiting

SecurityAccess simulation results (CAN lines)

And CAN line log. (with comments)

Begin Triggerblock
 0.000000 Start of measurement
 
 // Seed request in defaultSession (SecurityAccess service unsupported session)
 0.000000 1 18DA10F1x Rx d 8 02 27 13 CC CC CC CC
 0.001868 1 18DAF110x Rx d 8 03 7F 27 7F 55 55 55 55
 
 // Transition to extendDiagnosticSession
 0.005955 1 18DA10F1x Rx d 8 02 10 03 CC CC CC CC CC
 0.007832 1 18DAF110x Rx d 8 06 50 03 00 30 01 F4 55
 
 // Wrong message length for Seed request
 0.011968 1 18DA10F1x Rx d 8 06 27 13 DE AD BE EF CC
 0.013828 1 18DAF110x Rx d 8 03 7F 27 13 55 55 55 55
 
 // Key sent without successful Seed request
 0.018940 1 18DA10F1x Rx d 8 06 27 14 DE AD BE EF CC
 0.020840 1 18DAF110x Rx d 8 03 7F 27 24 55 55 55 55
 
 // Seed request with nonexistent SecurityLevel
 0.030081 1 18DA10F1x Rx d 8 02 27 11 CC CC CC CC
 0.032801 1 18DAF110x Rx d 8 03 7F 27 12 55 55 55 55
 
 // Key sent without a successful Seed request again
 0.038887 1 18DA10F1x Rx d 8 06 27 14 DE AD BE EE CC
 0.040812 1 18DAF110x Rx d 8 03 7F 27 24 55 55 55 55
 
 // Seed Request
 0.044892 1 18DA10F1x Rx d 8 02 27 13 CC CC CC CC CC
 0.046793 1 18DAF110x Rx d 8 06 67 13 DE AD BE EF 55
 
 // Send Key (Key=deadbeef)
 0.053854 1 18DA10F1x Rx d 8 06 27 14 DE AD BE EF CC
 0.055763 1 18DAF110x Rx d 8 02 67 14 55 55 55 55
 
 // Request Seed again
 0.059793 1 18DA10F1x Rx d 8 02 27 13 CC CC CC CC CC
 0.061718 1 18DAF110x Rx d 8 06 67 13 00 00 00 00 55
 
 // Send Key with security unlocked
 0.065856 1 18DA10F1x Rx d 8 06 27 14 DE AD BE EF CC
 0.067715 1 18DAF110x Rx d 8 03 7F 27 24 55 55 55 55
 
 // Transition back to extendDiagnosticSession (now security lock is applied)
 0.071778 1 18DA10F1x Rx d 8 02 10 03 CC CC CC CC
 0.073712 1 18DAF110x Rx d 8 06 50 03 00 30 01 F4 55
 
 // Seed request
 0.077775 1 18DA10F1x Rx d 8 02 27 13 CC CC CC CC CC
 0.079684 1 18DAF110x Rx d 8 06 67 13 DE AD BE EF 55
 
 // Send Key (Key=deadbeef)
 0.083747 1 18DA10F1x Rx d 8 06 27 14 DE AD BE EF CC
 0.085795 1 18DAF110x Rx d 8 02 67 14 55 55 55 55 55
 
 // Seed Request
 0.091808 1 18DA10F1x Rx d 8 02 27 13 CC CC CC CC CC
 0.093749 1 18DAF110x Rx d 8 06 67 13 00 00 00 00 55
 
 // 2.048[ms] Wait
 
 // Seed request
 2.149081 1 18DA10F1x Rx d 8 02 27 13 CC CC CC CC CC
 2.151039 1 18DAF110x Rx d 8 06 67 13 00 00 00 00 55
 
 // 4.900[ms] Wait
 
 // Seed Request
 7.057408 1 18DA10F1x Rx d 8 02 27 13 CC CC CC CC CC
 7.059390 1 18DAF110x Rx d 8 06 67 13 00 00 00 00 55
 
 // 5.100[ms] Wait (S3 timeout to return to defaultSession)
 
 // Seed request
 12.165579 1 18DA10F1x Rx d 8 02 27 13 CC CC CC CC CC
 12.167602 1 18DAF110x Rx d 8 03 7F 27 7F 55 55 55 55
 
 // Transition to extendDiagnosticSession
 12.170600 1 18DA10F1x Rx d 8 02 10 03 CC CC CC CC CC
 12.172509 1 18DAF110x Rx d 8 06 50 03 00 30 01 F4 55
 
 // Seed request
 12.175524 1 18DA10F1x Rx d 8 02 27 13 CC CC CC CC CC
 12.177572 1 18DAF110x Rx d 8 06 67 13 DE AD BE EF 55
 
 // Send Key (Key=deadbeaf)
 12.180562 1  18DA10F1x       Rx   d 8 06 27 14 DE AD BE EF CC
 12.182446 1  18DAF110x       Rx   d 8 02 67 14 55 55 55 55 55
End TriggerBlock

Observations on the results of the SecurityAccess simulation.

The volume has increased considerably compared to the previous simulation.

In addition to the actual communication telegrams, the behavior changes depending on the order judgment of Seed request/Key send, session state, and security state.
The fact that it depends on the session state is also related to the S3 timeout, so we can check the behavior like this.

The message itself is simple, and if you can imagine the session state and security state, it should be OK.
If you can visualize these two concepts, you should not be so confused.

Conclusion.

• Check the results of the SecurityAccess simulation.
  • Check the message level.
  • Check the CAN line level.
• SecurityAccess behavior depends on session state and security state.
  • SecurityAccess behavior depends on session state, security state, and S3 timeout.

Click here for back issues.

Vehicle Diagnostic Communication back issue

Introduction This is a back-issue of a series that discusses various aspects of vehicle diagnostic communications.The fo...

www.simulationroom999.com

2023.02.24