Unified Diagnostic Services
Unified Diagnostic Services (UDS) is a diagnostic communication protocol used in electronic control units (ECUs) within automotive electronics, which is specified in the ISO 14229-1.[1] It is derived from ISO 14230-3 (KWP2000) and the now obsolete ISO 15765-3 (Diagnostic Communication over Controller Area Network (DoCAN)[2]). 'Unified' in this context means that it is an international and not a company-specific standard. By now this communication protocol is used in all new ECUs made by Tier 1 suppliers of Original Equipment Manufacturer (OEM), and is incorporated into other standards, such as AUTOSAR. The ECUs in modern vehicles control nearly all functions, including electronic fuel injection (EFI), engine control, the transmission, anti-lock braking system, door locks, braking, window operation, and more.
Diagnostic tools are able to contact all ECUs installed in a vehicle, which has UDS services enabled. In contrast to the CAN bus protocol, which only uses the first and second layers of the OSI model, UDS utilizes the fifth and seventh layers of the OSI model. The Service ID (SID) and the parameters associated with the services are contained in the payload of a message frame.
Modern vehicles have a diagnostic interface for off-board diagnostics, which makes it possible to connect a computer (client) or diagnostics tool, which is referred to as tester, to the communication system of the vehicle. Thus, UDS requests can be sent to the controllers which must provide a response (this may be positive or negative). This makes it possible to interrogate the fault memory of the individual control units, to update them with new firmware, have low-level interaction with their hardware (e.g. to turn a specific output on or off), or to make use of special functions (referred to as routines) to attempt to understand the environment and operating conditions of an ECU to be able to diagnose faulty or otherwise undesirable behavior.
Services
SID (Service Identifier)
| Function group | Request SID | Response SID | Service | Description |
|---|---|---|---|---|
| Diagnostic and Communications Management | 0x10 | 0x50 | Diagnostic Session Control | UDS uses different operating sessions, which can be changed using the "Diagnostic Session Control". Depending on which session is active, different services are available. On start, the control unit is by default in the "Default Session". Other sessions are defined, but are not required to be implemented depending on the type of device:
3 sub functions 1) 0x10 01-Default session 2) 0x10 02-Programming session 3) 0x10 03-Extended Diagnostic session
In addition, there are reserved session identifiers that can be defined for vehicle manufacturers and vehicle suppliers specific use. |
| 0x11 | 0x51 | ECU Reset | The service "ECU reset" is used to restart the control unit (ECU). Depending on the control unit hardware and implementation, different forms of reset can be used:
Again, there are reserved values that can be defined for vehicle manufacturers and vehicle suppliers specific use. | |
| 0x27 | 0x67 | Security Access | Security check is available to enable the most security-critical services. For this purpose a "Seed" is generated and sent to the client by the control unit. From this "Seed" the client has to compute a "Key" and send it back to the control unit to unlock the security-critical services. | |
| 0x28 | 0x68 | Communication Control | With this service, both the sending and receiving of messages can be turned off in the control unit. | |
| 0x29 | 0x69 | Authentication | An update (2020) of the standard added this service to provide a standardized approach to more modern methods of authentication than are permitted by the Security Access (0x27) service, including bidirectional authentication with PKI-based Certificate Exchange. | |
| 0x3E | 0x7E | Tester Present | If no communication is exchanged with the client for a long time, the control unit automatically exits the current session and returns to the "Default Session" back, and might go to sleep mode. Therefore, there is an extra service which purpose is to signal to the device that the client is still present. | |
| 0x83 | 0xC3 | Access Timing Parameters | In the communication between the controllers and the client, certain times must be observed. If these are exceeded, without a message being sent, it must be assumed that the connection was interrupted. These times can be called up and changed. | |
| 0x84 | 0xC4 | Secured Data Transmission | ||
| 0x85 | 0xC5 | Control DTC Settings | Enable or disable the detection of any or all errors. This is important when diagnostic work is performed in the car, which can cause an anomalous behavior of individual devices. | |
| 0x86 | 0xC6 | Response On Event | ||
| 0x87 | 0xC7 | Link Control | The Service Link Control is used to set the baud rate of the diagnostic access. It is usually implemented only at the central gateway. | |
| Data Transmission | 0x22 | 0x62 | Read Data By Identifier | With this service, it is possible to retrieve one or more values of a control unit. This can be information of all kinds and of different lengths such as Partnumber or the software version. Dynamic values such as the current state of the sensor can be queried. Each value is associated to a Data Identifier (DID) between 0 and 65535; for example, the VIN DID is 61840d (0xF190). Normal CAN signals are meant for information that some ECU uses in its functionality. DID data is sent on request only, and is for information that no ECU uses, but a service tool or a software tester can benefit from. |
| 0x23 | 0x63 | Read Memory By Address | Read data from the physical memory at the provided address. This function can be used by a testing tool, in order to read the internal behaviour of the software. | |
| 0x24 | 0x64 | Read Scaling Data By Identifier | ||
| 0x2A | 0x6A | Read Data By Identifier Periodic | With this service, values are sent periodically by a control unit. The values to be sent must be defined to only using the "Dynamically Define Data Identifier". | |
| 0x2C | 0x6C | Dynamically Define Data Identifier | This service offers the possibility of a fix for a device specified Data Identifier (DID) pool to configure another Data Identifier. This is usually a combination of parts of different DIDs or simply a concatenation of complete DIDs.
The requested data may be configured or grouped in the following manner:
| |
| 0x2E | 0x6E | Write Data By Identifier | With the same Data Identifier (DID), values can also be changed. In addition to the identifier, the new value is sent along. | |
| 0x3D | 0x7D | Write Memory By Address | The “Write Memory By Address” service allows the external diagnostic tool to write information into the ECU at one or more contiguous memory locations. | |
| Stored Data Transmission | 0x14 | 0x54 | Clear Diagnostic Information | Delete all stored DTC |
| 0x19 | 0x59 | Read DTC Information | DTC stands for "Diagnostic Trouble Codes". Each DTC handled by the control unit fault is stored with its own code in the error memory and can be read at any time. In addition to the error, additional information will be stored, which can also be read. | |
| Input / Output Control | 0x2F | 0x6F | Input Output Control By Identifier | This service allows an external system intervention on internal / external signals via the diagnostic interface.
By specifying a so-called option bytes additional conditions for a request can be specified, the following values are specified: ReturnControlToECU: The device must get back controls of the mentioned signals. ResetToDefault: The tester prompts to reset signals to the system wide default value. Freeze Current State: The device shall freeze the current signal value. ShortTermAdjustment: The device shall use the provided value for the signal |
| Remote Activation of Routine | 0x31 | 0x71 | Routine Control | Control routine services of all kinds can be performed. There are three different message types:
The start and stop message parameters can be specified. This makes it possible to implement every possible project-specific service. |
| Upload / Download | 0x34 | 0x74 | Request Download | Downloading new software or other data into the control unit is introduced using the "Request Download". Here, the location and size of the data is specified. In turn, the tester specifies how large the data packets can be. |
| 0x35 | 0x75 | Request Upload | The service "request upload" is almost identical to the service "Request Download". With this service, the software from the control unit is transferred to the tester. The location and size must be specified. Again, the size of the data blocks are specified by the tester. | |
| 0x36 | 0x76 | Transfer Data | For the actual transmission of data, the service "Transfer Data" is used. This service is used for both uploading and downloading data. The transfer direction is notified in advance by the service "Request Download" or "Upload Request". This service should try to send packets at maximum length, as specified in previous services. If the data set is larger than the maximum, the "Transfer Data" service must be used several times in succession until all data has arrived. | |
| 0x37 | 0x77 | Request Transfer Exit | A data transmission can be 'completed' when using the "Transfer Exit" service. This service is used for comparison between the control unit and the tester. When it is running, a control unit can answer negatively on this request to stop a data transfer request. This will be used when the amount of data (set in "Request Download" or "Upload Request") has not been transferred. | |
| 0x38 | 0x78 | Request File Transfer | This service is used to initiate a file download from the client to the server or upload from the server to the client. Additionally information about the file system are available by this service. | |
| 0x7F | Negative Response | This response is given when a service request could not be performed, for example having a not supported Data Identifier. A Negative Response Code will be included. |
See also
- On-board diagnostics, general article about diagnostic services in vehicles
- OBD-II PIDs, about the US standard
References
External links
- Unified Diagnostic Services - ISO 14229 (poster by softing.com)
 |  |
