Service Interaction Protocol
Read Memory
ACCESS_TYPE
PARAMETERS
SECURITY
Overview
“The ReadMemoryByAddress service is used by the client to request memory data from the server at a specified address with a specified length.”
Use Cases
- Reading calibration data
- Extracting fault memory buffers
- Verifying firmware code integrity
- Development and debugging
Dependencies
- Extended Session (0x03) usually required
- Security Access (0x27) for protected regions
- ALFID must match ECU memory architecture
Default Behavior
Service 0x23 is typically available in Extended (0x03) or Programming (0x02) sessions. It requires the client to provide the memory address and the number of bytes to read. Direct memory access is often protected by Security Access (0x27). The ECU defaults to “no access” for read-protected regions (e.g., security keys, bootloader sections).
ALFID Encoding
The Address and Length Format Identifier (ALFID) is a critical byte that specifies how many bytes the ECU should expect for the address and size parameters.
The ALFID byte is split into two nibbles for Length (Bits 7-4) and Address (Bits 3-0).
ALFID | Address Length | Size Length | Architecture |
|---|---|---|---|
| 0x11 | 1 Byte | 1 Byte | Small 8-bit MCUs |
| 0x22 | 2 Bytes | 2 Bytes | 16-bit addressing |
| 0x44 | 4 Bytes | 4 Bytes | Typical 32-bit systems |
| 0x24 | 4 Bytes | 2 Bytes | 32-bit addr, 64KB max read |
Protocol Anatomy (32-bit Address)
◆ PROTOCOL ANATOMY
0x23 READ MEMORY
0x23 RESPONSE
Request Examples
Workflow: Absolute Memory Read
4 steps32-bit Standard Read
Request
23 44 00 10 20 30 00 00 00 10> Read 16 bytes (0x10) from 0x00102030
Response
63 AA BB CC DD EE FF 11 22 33 44 55 66 77 88 99 00> Memory Data returned
Short Address Format
Request
23 22 10 00 00 04> ALFID 0x22: 2-byte addr, 2-byte size
Response
63 12 34 56 78> 4 bytes returned
Negative Response Codes
Error_Catalog