Video on you tube covering most of the modules:
Original post: https://forum.vcdspro.de/index.php?/wiki/misc/allgemeine-informationen/content/sfd-schutz-der-fahrzeugdiagnose-r32/&_rid=70745
What is SFD
From 2020, the VAG Group has introduced a new procedure for protecting vehicle diagnostics (SFD), starting with the VW Golf 8, which is based on the MQBevo platform.
Certain control units in new vehicles are then protected by SFD and can only be coded or adapted after entering a special token.
This token is currently only available through an official GeKo (secrecy and component protection) account, which must be requested from VW.
SFD is to be introduced gradually in 2 stages, which are explained below:
SFD - level 1
This level includes access protection for changes to control units, such as coding, adapting and parameterizing.
Reading activities such as reading out the error memory or displaying measured value blocks (actual values) are still possible without a token.
In addition, changes to control units are logged at the individual level in order to ensure traceability.
SFD - level 2
This level builds on level 1 and also has manipulation protection for the diagnostic content.
This means that changes to control units are made via a secure connection between the control unit and the vehicle manufacturer.
This is also known as end-to-end protection.
In addition, strong user authentication is required for better logging (2-factor authentication, or 2FA for short).
This can be implemented, for example, by using one of the following systems:
PKI cards
SecurID cards
Apps or applications that can generate one-time passwords (e.g. Google Authenticator, Microsoft Authenticator)
In the transition phase, weak authentication should be possible at the beginning via the dealer portal using a user name and password.
In parallel, the transition to strong authentication is being developed.
The entire SFD process requires an online connection of the diagnostic tester!
Does SFD also work offline?
There is a so-called fallback solution should problems arise with the online method. This is explained in note form below:
Direct token retrieval with the diagnostic tester fails
The activation request from the control unit to generate the token is saved locally
You log in to the dealer portal and enter the locally saved activation request
An activation token is generated that can now be entered manually in the tester
The control unit checks the token using a special function on the tester and grants access after it has been successfully checked
Why is VW introducing SFD?
According to analyzes by VW, there is an increased need for data protection in control units.
The previous procedure (activation using a 5-digit login code) no longer corresponds to the state of the art.
For this reason, the protection of vehicle diagnostics is to be gradually introduced into new vehicle models, starting with the VW Golf 8.
Which control units are currently protected by SFD?
We will update the following list again and again to the best of our knowledge.
Note: The following list shows the control units in which we have already found SFD. That doesn't mean that all of these control units in every new vehicle are protected by SFD. To the best of our knowledge, this varies from vehicle to vehicle or control unit to control unit. For example, it may be that in one Octavia IV only the 01 is protected by SFD, whereas in the next Octavia IV the 01, 09 & 19 are protected by SFD.
MQBevo platform (Golf 8, Octavia IV, Leon IV, A3 8Y, etc.)
01 - Motor electronics Due to EU templates, the protection was lifted again for higher software versions
09 - Central electrics
17 - dash panel insert
19 - Diagnostic interface
5F - information electronics