Service Interaction Protocol
Read Memory By Address
0x23Protocol Identifier
Allows a diagnostic tester to read raw memory content from an ECU at a specific memory address.
Overview
ISO 14229-1
“The ReadMemoryByAddress service is used by the client to request memory data from the server at a specified address with a specified length.”
Use Cases
- Reading calibration data
- Extracting fault memory buffers
- Verifying firmware code integrity
- Development and debugging
Dependencies
- Extended Session (0x03) usually required
- Security Access (0x27) for protected regions
- ALFID must match ECU memory architecture
ALFID Encoding
The Address and Length Format Identifier (ALFID) is a critical byte that specifies how many bytes the ECU should expect for the address and size parameters.
Click to Enlarge
The ALFID byte is split into two nibbles for Length (Bits 7-4) and Address (Bits 3-0).
ALFID | Address Length | Size Length | Architecture |
|---|---|---|---|
| 0x11 | 1 Byte | 1 Byte | Small 8-bit MCUs |
| 0x22 | 2 Bytes | 2 Bytes | 16-bit addressing |
| 0x44 | 4 Bytes | 4 Bytes | Typical 32-bit systems |
| 0x24 | 4 Bytes | 2 Bytes | 32-bit addr, 64KB max read |
Message Format
Request Structure
Byte | Field | Value | Description |
|---|---|---|---|
| 0 | SID | 0x23 | Read Memory By Address |
| 1 | ALFID | 0xNN | Specifies format of next fields |
| 2-N | Address | Variable | Memory address to read |
| N+1-M | Size | Variable | Number of bytes to read |
Response Structure
Byte | Field | Value | Description |
|---|---|---|---|
| 0 | Response SID | 0x63 | Positive Response |
| 1-N | Data Record | Variable | Requested memory content |
Request Examples
32-bit Standard Read
tx_packet
Request
23 44 00 10 20 30 00 00 00 10> Read 16 bytes (0x10) from 0x00102030
rx_packet
Response
63 AA BB CC DD EE FF 11 22 33 44 55 66 77 88 99 00> Memory Data returned
Short Address Format
tx_packet
Request
23 22 10 00 00 04> ALFID 0x22: 2-byte addr, 2-byte size
rx_packet
Response
63 12 34 56 78> 4 bytes returned
Negative Response Codes
Logic_Exceptions
Critical_Error_Paths
NRC_0x31
Request Out Of Range
The requested address or size is outside the ECU memory map boundaries.
SEQ_DIAGRAM_DUMPOFFSET_0x7F
Request Out Of Range Flow
2 stepsTester
ECU
NRC_0x33
Security Access Denied
The memory region is protected and requires a security unlock (0x27) first.
SEQ_DIAGRAM_DUMPOFFSET_0x7F
Security Access Denied Flow
2 stepsTester
ECU