Service Interaction Protocol
Diagnostic Session Control
SYSTEM_STATE
P2_SERVER
P2*_SERVER
S3_TIMEOUT
Overview
“The DiagnosticSessionControl service is used to enable different diagnostic sessions in the server. A diagnostic session enables a specific set of diagnostic services and/or functionalities in the server.”
SID 0x10 is the foundation of the UDS protocol. It must be the first service invoked when transitioning out of the default session. Every other SID’s availability depends on the active session type.
At ECU power-on, the server automatically enters Default Session (0x01). No explicit 0x10 request is needed. The S3 timer (5000ms) is active in all non-default sessions — if no TesterPresent (0x3E) is received within this window, the ECU reverts to Default Session.
Session Types
ISO 14229-1 defines four standard session types. Each session unlocks a different set of diagnostic capabilities and has specific security requirements.
Value | Session Type | Description | Requires Security |
|---|---|---|---|
| 0x01 | Default Session | Standard diagnostics: ReadDTC, ReadDID, TesterPresent. Active at power-on. | No |
| 0x02 | Programming Session | Flash reprogramming: RequestDownload (0x34), TransferData (0x36). Requires vehicle standstill. | Yes (Level 1+) |
| 0x03 | Extended Diagnostic | Advanced diagnostics: WriteDID (0x2E), RoutineControl (0x31), IO Control. Most common non-default session. | Depends on SID |
| 0x04 | Safety System | Safety-critical diagnostics for ASIL-rated systems. Isolated from other session types. | Yes (Dedicated) |
Values 0x05-0x3F are ISO reserved. Values 0x40-0x5F are vehicle-manufacturer specific. Values 0x60-0x7E are system-supplier specific. An ECU must return NRC 0x12 (subFunctionNotSupported) for any unsupported session type.
Protocol Anatomy
The SID 0x10 request is a compact 2-byte command. The response carries session-specific P2 and P2* timing parameters that the tester must observe.
◆ PROTOCOL ANATOMY
0x10 DIAGNOSTIC SESSION CONTROL
0x10 RESPONSE
Timing Parameters
The positive response to SID 0x10 carries two critical timing parameters that the tester must observe for the remainder of the session. These govern the maximum time the ECU may take to respond.
Parameter | Encoding | Resolution | Default Value | Purpose |
|---|---|---|---|---|
| P2 | Big-endian 2 bytes | 1 ms | 0x0032 (50ms) | Max response time before tester timeout. Extended session uses 100ms (0x0064). |
| P2* | Big-endian 2 bytes | 10 ms | 0x01F4 (5000ms) | Extended timeout after NRC 0x78 (ResponsePending). Used during long operations like flash erase. |
| S3 | Not in response | N/A | 5000ms | Non-default session keepalive. Tester must send 0x3E within this window. |
P2 encoding pitfall*: The P2* value is encoded at 10ms resolution, not 1ms. A raw value of 0x01F4 (decimal 500) represents 500 × 10ms = 5000ms, not 500ms. This is a common implementation error.
Default/Programming P2 Timing
50 02 00 32 01 F4> P2=0x0032 (50ms) | P2*=0x01F4 (500 x 10ms = 5000ms)
Extended Session P2 Timing
50 03 00 64 01 F4> P2=0x0064 (100ms) | P2*=0x01F4 (500 x 10ms = 5000ms)
Session Transition Logic
Session transitions follow a strict hierarchy. Not all transitions are permitted — the ECU enforces a transition matrix based on the current and requested session types.
ECU State Synchronization
When the ECU receives a session control request, it must verify conditions (speed, voltage, dependencies) before granting the transition. On success, the S3 timer starts and all security states are reset.
UDS Session State Transitions
From | To | Allowed | Notes |
|---|---|---|---|
| Default (0x01) | Programming (0x02) | Yes | Common for flash reprogramming workflows |
| Default (0x01) | Extended (0x03) | Yes | Most common transition for diagnostics |
| Default (0x01) | Safety (0x04) | Yes | Direct entry to safety-critical diagnostics |
| Extended (0x03) | Programming (0x02) | Yes | Extended to Programming transition allowed |
| Extended (0x03) | Extended (0x03) | Yes | Re-entry resets security and timers |
| Extended (0x03) | Safety (0x04) | No | NRC 0x22 — must go through Default first |
| Programming (0x02) | Extended (0x03) | Yes | Programming to Extended allowed |
| Programming (0x02) | Programming (0x02) | No | NRC 0x22 — re-entry not permitted |
| Safety (0x04) | Safety (0x04) | Yes | Re-entry resets security and timers |
| Safety (0x04) | Any other | No | NRC 0x22 — must return to Default first |
| Any non-default | Default (0x01) | Yes | Always permitted from any session |
On any successful session transition (including re-entry), the ECU resets: security access state, active routines, periodic tasks, transfer operations, and communication control state. The S3 timer restarts.
Suppress Positive Response
Bit 7 of the sub-function byte controls response suppression. When set (e.g., 0x83 for Extended session), the ECU performs the session transition but does not send a positive response — reducing bus load in high-throughput scenarios.
RESPONSE_SUPPRESSION_LOGIC
Active Bit 7 (0x80) detection. When present in the sub-function byte, the ECU enters Silent Mode for positive responses, optimizing packet throughput.
Request
10 01Response
50 01Suppression_Active
10 81! Critical: NRC 0x7F bypasses suppression logic and will always broadcast.
Negative responses are never suppressed. Even with bit 7 set, the ECU will respond with NRC if the transition fails. This ensures the tester always knows about errors.
Sequence Scenarios
Understanding the request-response flow is critical for robust diagnostic implementation.
Successful Session Elevation
3 stepsProgramming Session with Security Access
6 stepsS3 Timeout — Session Revert
4 stepsCommon Request/Response Pairs
Enter Extended Session
10 03> Request Extended Diagnostic Session (0x03)
Positive Response
50 03 00 64 01 F4> Session granted. P2=100ms, P2*=5000ms.
Return to Default
10 01> Request Default Session (0x01). Always succeeds.
Positive Response
50 01 00 32 01 F4> Session granted. P2=50ms, P2*=5000ms.
Enter Programming
10 02> Request Programming Session (0x02)
Positive Response
50 02 00 32 01 F4> Session granted. P2=50ms, P2*=5000ms.
Suppressed Extended
10 83> Extended (0x03) + Suppress bit (0x80) = 0x83
[ NO_RESPONSE — SUPPRESSED ]
Negative Response Codes
When a session transition fails, the ECU returns a negative response (0x7F 0x10 [NRC]). The following NRCs are applicable to SID 0x10:
Error_Catalog
Negative Response Codes
Session Change Side Effects
A successful session transition (including re-entry to the same session) triggers a comprehensive state reset. Understanding these side effects is critical for maintaining correct ECU state.
State | Reset Action | ISO Reference |
|---|---|---|
| Security Access | securityUnlocked = false, securityLevel = 0, currentSeed cleared | §9.4.5 |
| Communication Control | All channels reset to rxEnabled + txEnabled (normalMessages, networkManagement) | §9.5 |
| Active Routines | All running routines set to idle, progress cleared | §9.6.3 |
| Periodic Tasks | All scheduled periodic identifier reads cancelled | §9.8 |
| Transfer Operations | downloadInProgress and uploadInProgress set to false, block counter reset | §9.11 |
| DTC Settings | dtcRecordingEnabled restored to true | §9.13 |
| S3 Timer | Restarted from the moment of successful transition | §9.2.6 |
The simulator implements all of these resets in both the SID 0x10 handler (on explicit session change) and the S3 timeout handler (on automatic session revert). This ensures consistent behavior regardless of how the session changes.