Is it going to be possible to do software changes in the new Mk8/Tiguan and ongoing models? If OBD/Ross Tech buy a license will that allow coding changes as we know it or will there still be restrictions? I have seen a fair bit of discussion lately but no one seems to know and I thought that the guys really into this might have some info by now. For those not in the know VW have adopted a lock out system that requires a license to access the ECU and they want money for the right to own a license. There was one post on this a few months ago here but nothing since as far as I can find. At this point in the game there might be little information but I thought I would ask the question.

Post 2020 models - will OBD11 devices work? | OBDeleven (https://forum.obdeleven.com/thread/8199/post-2020-models-obd11-devices)

http://www.vag-com-espanol.com/EN_SFD-Manual_for_UMB.pdf

Short answer: no.
You can do a diagnostics scan but you can't change coding/adaptations without an authorization token from VW.

Thanks Kamold.

I suspected this might be the case as well. Does put me off buying a Mk8 as I have certainly enjoyed having the car tweaked closer to perfection with OBD11.
Even if you could down the track, I wonder if it will get flagged almost immediately as the Mk8s are now continuously connected to VW and therefore could void the warranty. Almost like a virgual TD1 flag I guess.
Only time will tell but I was hoping the international market's head start would have made some progress with this already.

The big question is what VWA are going to do about connecting to these cars as they have no network in Oz whereas in Europe it already exists. For instance the Mk2 Tiguan has an emergeny call button and a full time monitoring sytem from what I can gather. I am sure you are right, any attempt to play with the car and it will report home.

Not until someone cracks the security. Then it’ll be same as “normal” I should think. There’s already security codes on a number of modules so really no difference.

Reality is Mk8 is just a facelift Mk7 (built on the same MQB platform) so underneath it’s the same.


Sent from my iPhone using Tapatalk

^^^^ Tigger: I like your optimism about someone cracking the security , but I suspect that it's a tad exaggerated (at the very least)!.

SFD (Schutz FahrzeugDiagnose= Vehicle Diagnostic Protection) is not like the historic 5 x digit security codes that locked control modules of old.

Whilst I don't pretend to know much about the new so-called "Vehicle Diagnostic Protection" system (the name begs the question - who is it protecting?), it seems to be heavily laced with handshaking tokens passing between the user and the IT back-end of the SFD mother ship. In this sense, SFD seems to look a lot more like elements of FAZIT (of Component Protection fame), but with much tighter authentication (IMO, of course).

I never underestimate the ingenuity of the many smart folk that call themselves "Hackers" - but I very much doubt that VAG has left any SFD back-doors open for these folk to find. But I'm more than happy to be proven wrong

Anyhow, just to illustrate the task facing hackers, here's an official description of the basic steps to get access to a module that is locked by SFD:

1. It is a prerequisite that the user is registered in the SFD IT back end and in the Dealer Portal (in future, the Group Retail Portal)
2. The user would like to carry out SFD-protected services on one or more SFD protected control units as part of a vehicle diagnosis.
3. The control unit reports that it is SFD-protected and asks for an activation token.
4. The vehicle diagnostic tester sends an activation request with the ID mark of the control unit and the desired scope to the SFD IT back end.
5. The SFD IT back end checks and authorizes the request and sends a signed activation token to the tester. The SFD IT back end logs the access (user ID, CU ID mark, time etc.).
6. The vehicle diagnostic tester sends the activation token to the control unit. The control unit checks the activation token and grants access to the relevant diagnostic object.

Don

A Mk8 driver just needs to piss off the Chinese or Russians..

Man made, man can break into it. Till today, it's always valid. ;)

^^^hmm..... more optimism!! I hope you guys are correct - but SFD is a paradigm shift in security. Mk8 may look like "just a facelift Mk7 (built on the same MQB platform)" - but the DNA of MQB37W platform cars appears to be quite different. Of course, no one outside VW can vouch for what is different because only registered dealers have access to the modules!!

Don

There’s whole businesses that generate income from supplying tools to talk to these modules.

I imagine they will find a workaround. Meanwhile manufacturers are trying to tie up the servicing of vehicles through their dealer network.


Sent from my iPhone using Tapatalk

The token is a session key generated using digital certificate issued by VW, instead of the unlock code we use. This digital certificate is similar to what we use when browsing the internet (secure sites) or authenticating VPNs etc.

It is possible for Ross-Tech or other vendors to work with VW and have the certificates generated for their software, though, the cost may increase multifold.

VCDS can have its private/public keypair while VW has theirs.

The token is a session key generated using digital certificate issued by VW, instead of the unlock code we use. This digital certificate is similar to what we use when browsing the internet (secure sites) or authenticating VPNs etc.

It is possible for Ross-Tech or other vendors to work with VW and have the certificates generated for their software, though, the cost may increase multifold.

VCDS can have its private/public keypair while VW has theirs.

@nibose: I'm admittedly racking up an old post - but our understanding of SFD has increased in the intervening period!!

In theory, I suspect that your "private/public keypair" suggestion is doable - but in this instance and because the new SFD protocols are ALL about VW (or more correctly, VAG) having complete control of ANY changes to the modules in the car, I very much doubt that third party vendors like VCDS will be allowed to have their own "private/public keypair".

As I understand the solutions from VCP and VCDS (currently in Beta release), an official VW/VAG TOKEN is needed to seed any modification session when using the device on a SFD protected vehicle. To get a TOKEN (which is then inputted into the diagnostic cable), the user needs a GEKO account from VW/VAG - which ain't cheap and they have other restrictions like a Business registration number.

I've been made aware of a German company that currently sells "Apps" (much like OBD11 Apps) for SFD cars - at a discounted cost of €30 each. But, I suspect that the seller is wheeling TOKENS from their GEKO account to App buyers. If I'm correct, this is a breach of the GEKO account license and I don't expect the activity to last long before VW/VAG legal takes action!

At the heart of this matter (about how third party diagnostic device manufacturers will be allowed to interface with the new protocol) is the over-riding business objective of VW/VAG.

Or, said brutally - having developed SFD restrictions and having invested in the necessary infrastructure to make it work- VW/VAG will allow third party vendors to interface only in a way that's in the best interest of the German shareholders!! Most definitely and without any offense intended, it's nonsense (and it's naive in the extreme) to believe that VW/VAG will allow third party cable manufacturers to negate SFD restrictions, or to bypass the strict- validation process by using their own "private/public keypairs" - IMO, of course!

An agreement by VW/VAG allowing third party vendors to sell a solution that waters-down SFD restrictions can't possibly happen because it's the tail-wagging-the-dog!! Again, it simply doesn't make commercial sense from the parent company's perspective!!

So, bottom line:

For professional users who can justify GEKO costs, there will be an SFD alternative - but this alternative ONLY applies to purchasing the official ODIS tool!
For mk 8 owners who are enthusiasts (like most everyone on this forum -I suspect), there will be no viable equivalent facility to the devices that have been enjoyed on previous vehicles- alas. For these folk (without GEKO access), the best that can be expected from diagnostic cables is a dumb fault code reader-alas!


Don

Cars are becoming more autonomous.
Manufacturers will become more liable for any 'mistake' made by an assistance system that results in injury or death.
They are protecting themselves by locking down any potential interference with the configuration of their systems.
Else.
Lawsuits.
Pretty simple really.
Sucks for enthusiasts and all those businesses out there built on modifying cars outside of the manufacturers intent.
The dream of one day every car being a Carolla draws closer....

Sent from my SM-G960F using Tapatalk

Just to update this thread, SFD Is now open for people to use, you can still carry on with VCDS, VCP etc but at this stage you need OBD11 to enable the unlock of SFD.

From what I have seen once a control unit is unlocked it then stays open (unless you close it) for 90 Minutes.

Nice. Drive mode save between drives or drivers is my only wish at the moment.

Volkswagen Golf Owners Manual - Function and operation - Driving Mode Selection (https://www.vwgolf.org/function_and_operation-317.html) This says that last selected mode info is stored on last key used.

Sorry for not being related to MK8, but i've just enquired about some authentic MK7 rear tail LED lights I had installed in the past, where the scrolling indicators have never reliably worked - they may work on the odd occasion, but mostly when out & about, they only flick on & off like standard indicators. I feel whenever the brake lights or reverse lights are triggered, it disables the scrolling feature of the indicators.

My question is, would it be possible to fix this via a re-coding of the lights, or is there a hardware change needed?

The place where I had them installed will get back to me after I send them an email regarding my issue, but I thought i'd ask here in the mean time. Thanks.