Skip to Content
UDS Simulator 2.0 Released

Docs baseline actions

Copy this page URLEdit page
Docs0x27 Security Access

Service Interaction Protocol

Security Access

0x27
Protocol Identifier
Enables unlocking of protected ECU features via a challenge-response (Seed & Key) mechanism.

Overview

ISO 14229-1

“The client uses this service to unlock and access secured functions and data on the server by passing a security challenge.”

Many critical UDS services (like Write Data (0x2E), Routine Control (0x31), and Download (0x34)) are restricted until a specific security level is unlocked.

Security Levels

Security levels are defined by Sub-Functions. Odd numbers are used to Request Seeds, while the following even number is used to Send Keys.

Visualizing the tiered security structure and the services they unlock.

Level
Seed SF
Key SF
Typical Purpose
Level 10x010x02Standard Access (Config, Clearing History)
Level 30x030x04Programming / Flashing (Requires Prog. Session)
Level 50x050x06Supplier / Engineering Access
OEM Specific0x61...0x62...Custom OEM-defined security tiers

Seed & Key Logic

The two-stage challenge-response process for unlocking security.

Step 1: Request Seed
tx_packet

Request

27 01

> Request Seed for Level 1

rx_packet

Response

67 01 4A 2B 9C 1D

> Seed = 0x4A2B9C1D

Step 2: Send Key
tx_packet

Request

27 02 [Calculated Key]

> Tester sends key derived from seed

rx_packet

Response

67 02

> Security Access Granted

Timers & Lockouts

warning _entry
Anti-Brute Force Protection
  • Attempt Counter: Typically allows 3 consecutive failed attempts.
  • Delay Timer: After 3 failures, the ECU enters a Time Penalty state (e.g., 10 seconds).
  • NRC 0x36: Returned when attempts are exceeded.
  • NRC 0x37: Returned if you try again before the timer expires.

Negative Response Codes

Logic_Exceptions

Critical_Error_Paths

NRC_0x12

Sub-Function Not Supported

Requested a security level that does not exist.
SEQ_DIAGRAM_DUMPOFFSET_0x7F

Sub-Function Not Supported Flow

2 steps
Tester
ECU
NRC_0x22

Conditions Not Correct

Sent a key without requesting a seed first.
SEQ_DIAGRAM_DUMPOFFSET_0x7F

Conditions Not Correct Flow

2 steps
Tester
ECU
NRC_0x35

Invalid Key

The key provided did not match the expected value.
SEQ_DIAGRAM_DUMPOFFSET_0x7F

Invalid Key Flow

2 steps
Tester
ECU
NRC_0x36

Exceeded Number of Attempts

Too many failed attempts. Security access is locked out.
SEQ_DIAGRAM_DUMPOFFSET_0x7F

Exceeded Number of Attempts Flow

2 steps
Tester
ECU
0x23 Read Memory By Address0x28 Communication Control